From dd1e801d7dd2fba9f9629ab5c310f181f35e132e Mon Sep 17 00:00:00 2001 From: Matt Menke Date: Thu, 26 Oct 2023 12:08:04 -0400 Subject: [PATCH 01/58] Add clearOriginJoinedAdInterestGroup to spec.bs (#844) * Add clearOriginJoinedAdInterestGroup to spec.bs This adds the explainer changes from explainer PR #829 / issue #475 to the spec. * Update spec.bs Some cleanups - more likely to follow. * Update spec.bs * Update spec.bs * Update spec.bs Fix error? * Update spec.bs * Update spec.bs * Update spec.bs * Update spec.bs * Update spec.bs * Update spec.bs * Update spec.bs * Update spec.bs * Update spec.bs * Update spec.bs --- spec.bs | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 53 insertions(+), 3 deletions(-) diff --git a/spec.bs b/spec.bs index 997642c91..aa2cac304 100644 --- a/spec.bs +++ b/spec.bs @@ -346,7 +346,7 @@ This is detectable because it can change the set of fields that are read from th 1. Let |permission| be the result of [=checking interest group permissions=] with |interestGroup|'s [=interest group/owner=], |frameOrigin|, and "`join`". 1. If |permission| is false, then [=queue a task=] to [=reject=] |p| with a - "{{NotAllowedError}}" {{DOMException}} and do not run the remaining steps. + "{{NotAllowedError}}" {{DOMException}} and abort these steps. 1. [=Queue a task=] to [=resolve=] |p| with `undefined`. 1. If the browser is currently storing an interest group with `owner` and `name` that matches |interestGroup|, then set the [=interest group/bid counts=], @@ -565,6 +565,8 @@ integer |maxIgs|:

Leaving Interest Groups

+

leaveAdInterestGroup()

+ *This first introductory paragraph is non-normative.* {{Window/navigator}}.{{Navigator/leaveAdInterestGroup()}} removes a user from a particular interest @@ -608,7 +610,7 @@ The leaveAdInterestGroup(group) method steps are "[=join-ad-interest-group=]" [=policy-controlled feature=], then [=exception/throw=] a "{{NotAllowedError}}" {{DOMException}}. - Note: both joining and leaving interest groups use the "join-ad-interest-group" feature. + Note: Both joining and leaving interest groups use the "join-ad-interest-group" feature. 1. Let |owner| be the result of [=parsing an https origin=] with |group|["{{AuctionAdInterestGroupKey/owner}}"]. 1. If |owner| is failure, [=exception/throw=] a {{TypeError}}. @@ -616,7 +618,7 @@ The leaveAdInterestGroup(group) method steps are 1. Let |permission| be the result of [=checking interest group permissions=] with |owner|, |frameOrigin|, and "`leave`". 1. If |permission| is false, then [=queue a task=] to [=reject=] |p| with a - "{{NotAllowedError}}" {{DOMException}} and do not run the remaining steps. + "{{NotAllowedError}}" {{DOMException}} and abort these steps. 1. [=Queue a task=] to [=resolve=] |p| with `undefined`. 1. [=list/Remove=] [=interest groups=] from the [=user agent=]'s [=interest group set=] whose [=interest group/owner=] is |owner| and [=interest group/name=] is @@ -625,6 +627,54 @@ The leaveAdInterestGroup(group) method steps are +

clearOriginJoinedAdInterestGroups()

+ +*This first introductory paragraph is non-normative.* + +{{Window/navigator}}.{{Navigator/clearOriginJoinedAdInterestGroups()}} removes a user from +[=interest groups=] whose [=interest group/joining origin=] is the associated +{{Navigator}}'s [=relevant settings object=]'s [=environment/top-level origin=]. + + + +[SecureContext] +partial interface Navigator { + Promise<undefined> clearOriginJoinedAdInterestGroups( + USVString owner, optional sequence<USVString> interestGroupsToKeep = []); +}; + + +
+ +The clearOriginJoinedAdInterestGroups(|owner|, |interestGroupsToKeep|) +method steps are: + +1. Let |frameOrigin| be [=this=]'s [=relevant settings object=]'s + [=environment settings object/origin=]. +1. [=Assert=] that |frameOrigin| is not an [=opaque origin=] and its [=origin/scheme=] is "`https`". +1. Let |p| be [=a new promise=]. +1. Let |global| be [=this=]'s [=relevant global object=]. +1. If |global|'s [=associated Document=] is not [=allowed to use=] the + "[=join-ad-interest-group=]" [=policy-controlled feature=], then [=exception/throw=] a + "{{NotAllowedError}}" {{DOMException}}. + + Note: Both joining and leaving interest groups use the "join-ad-interest-group" feature. +1. Let |ownerOrigin| be the result of [=parsing an https origin=] with |owner|. +1. If |ownerOrigin| is failure, [=exception/throw=] a {{TypeError}}. +1. Run these steps [=in parallel=]: + 1. Let |permission| be the result of [=checking interest group permissions=] with + |ownerOrigin|, |frameOrigin|, and "`leave`". + 1. If |permission| is false, then [=queue a global task=] on the [=DOM manipulation task source=] + given |global|, [=reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and abort these steps. + 1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to [=resolve=] |p| + with {{undefined}}. + 1. [=list/Remove=] [=interest groups=] from the [=user agent=]'s [=interest group set=] + whose [=interest group/owner=] is |ownerOrigin|, whose [=interest group/joining origin=] is + |frameOrigin|, and whose [=interest group/name=] is not in |interestGroupsToKeep|. +1. Return |p|. + +
+

Running Ad Auctions

*This first introductory paragraph is non-normative.* From f61431817aa34981d2286f17adab053852592d91 Mon Sep 17 00:00:00 2001 From: Tianyang Xu <40476544+xtlsheep@users.noreply.github.com> Date: Fri, 27 Oct 2023 09:57:26 -0400 Subject: [PATCH 02/58] Add kAnonStatus to ReportWinBrowserSignals in spec.bs. (#858) --- spec.bs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/spec.bs b/spec.bs index aa2cac304..2f9332f9a 100644 --- a/spec.bs +++ b/spec.bs @@ -4003,7 +4003,10 @@ dictionary ReportWinBrowserSignals : ReportingBrowserSignals { DOMString buyerReportingId; unsigned short modelingSignals; unsigned long dataVersion; + KAnonStatus kAnonStatus; }; + +enum KAnonStatus { "passedAndEnforced", "passedNotEnforced", "belowThreshold", "notCalculated" };
@@ -4031,6 +4034,17 @@ dictionary ReportWinBrowserSignals : ReportingBrowserSignals {
{{ReportWinBrowserSignals/dataVersion}}
Only set if the Data-Version header was provided in the response headers from the trusted bidding signals server +
{{ReportWinBrowserSignals/kAnonStatus}} +
Indicate the k-anonymity status of the ad with the following {{KAnonStatus}} enums: + * {{KAnonStatus/passedAndEnforced}}: The ad was k-anonymous and k-anonymity was required to win the auction. + * {{KAnonStatus/passedNotEnforced}}: The ad was k-anonymous though k-anonymity was not required to win the auction. + * {{KAnonStatus/belowThreshold}}: The ad was not k-anonymous but k-anonymity was not required to win the auction. + * {{KAnonStatus/notCalculated}}: The browser did not calculate the k-anonymity status of the ad, and k-anonymity was not required to win the auction. + + From a long-term perspective, the status will always be set to `passedAndEnforced` after + k-anonymity is enforced. However, as a temporary solution, current implementations may set + `kAnonStatus` to one of the other three statuses to allow API users to assess the future + impact of enforcing that ads are k-anonymous.
From 33a89adb6b3acf22e9ae7e68703ecdc5b065b75e Mon Sep 17 00:00:00 2001 From: Neal <neal@patel.codes> Date: Fri, 27 Oct 2023 12:05:22 -0400 Subject: [PATCH 03/58] Update FLEDGE_k_anonymity_server.md to include excerpt about fighting privacy leaks in the Query server (#886) --- FLEDGE_k_anonymity_server.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/FLEDGE_k_anonymity_server.md b/FLEDGE_k_anonymity_server.md index d4cb095e7..855d0ef82 100644 --- a/FLEDGE_k_anonymity_server.md +++ b/FLEDGE_k_anonymity_server.md @@ -239,8 +239,14 @@ this, we're exploring options that include having the client request tokens at a constant rate and discard unused tokens. `Query` is a read-only API, so it doesn't have the same abuse concerns as -`Join`. We won't require Private State Tokens, or a Google Account, for a browser -to call `Query`. +`Join`. While we will not require Private State Tokens, or a Google Account, +for a browser to call `Query`, the Query Server will take certain measures +against set abuse to prevent the privacy of end users from being +compromised. If the Query Server has evidence indicating that a set is +corrupted and is more likely to leak identifying information about members, +it will report the k-anonymity status of the set to be `false` until the +risk to users' privacy has been addressed. + #### Differential privacy of public data From 3e1be8157f6cc921ae164275b6781dada0b435b9 Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Fri, 27 Oct 2023 14:39:52 -0400 Subject: [PATCH 04/58] Create 2023-10-25-FLEDGE-call-minutes.md --- meetings/2023-10-25-FLEDGE-call-minutes.md | 137 +++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 meetings/2023-10-25-FLEDGE-call-minutes.md diff --git a/meetings/2023-10-25-FLEDGE-call-minutes.md b/meetings/2023-10-25-FLEDGE-call-minutes.md new file mode 100644 index 000000000..f7de0b6a2 --- /dev/null +++ b/meetings/2023-10-25-FLEDGE-call-minutes.md @@ -0,0 +1,137 @@ +# Protected Audience (formerly FLEDGE) WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 5pm Paris time = 3pm UTC (during summer). + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Oct 25, 2023 + + +## Attendees: please sign yourself in! + + + +1. Michael Kleber (Google Privacy Sandbox) +2. Brian May (dstillery) +3. Roni Gordon (Index Exchange) +4. Youssef Bourouphael (Google Chrome) +5. David Dabbs (Epsilon) +6. Sven May (Google Privacy Sandbox) +7. Caleb Raitto (Google Chrome) +8. Paul Jensen (Google Chrome) +9. Russ Hamilton (Google Chrome) +10. Orr Bernstein (Google Privacy Sandbox) +11. Manny Isu (Google Chrome) +12. Sid Sahoo (Google Chrome) +13. Don Marti (Raptive) +14. Isaac Schechtman (Criteo/BidSwitch) +15. Joel Meyer (OpenX) +16. Risako Hamano (Yahoo Japan) +17. Laurentiu Badea (OpenX) +18. Matt Menke (Google Chrome) +19. Brian Schmidt (OpenX) +20. Isaac Foster (Microsoft Ads) +21. Stan Belov (Google Ads) +22. Shivani Sharma (Google Chrome) +23. Alonso Velasquez (Google Chrome) +24. Alex Cone (Google Privacy Sandbox) +25. Marco Lugo (NextRoll) +26. Abishai Gray (Google Chrome) +27. Jeroune Rhodes (Google Privacy Sandbox) +28. Leeron Israel (Google Chrome) + + +## Note taker: Manny Isu + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + + +* [MK] Request for feedback, buyside and sellside buy-in for ad slot size idea: https://github.com/WICG/turtledove/issues/869 +* Roni Gordon + * Additional browser event beacons - https://github.com/WICG/turtledove/issues/826 + * K/V lookup timeouts - https://github.com/WICG/turtledove/issues/814 + * Macro substitutions - https://github.com/WICG/turtledove/issues/817 + * API versioning - https://github.com/WICG/turtledove/issues/823 + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Isaac: + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussion and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 +* [Jeroune] Announcement + * The Google Privacy Sandbox team will be hosting our next set of webinars on Protected Audience. This set will focus on multi-seller auctions, where we will cover sequential auction setup, different types of auctions and participants involved, examine the overview diagram, and walkthrough a detailed sequence diagram along with code. The first **Americas friendly session** is happening on** Nov. 7th 1-2 pm ET**. A second **EMEA friendly session** is happening **Nov. 8th 7-8 am ET**. To join, please register below: + * AMER: [rsvp.withgoogle.com/events/protected-audience-multisellerauction-amer\_a27cb5](https://rsvp.withgoogle.com/events/protected-audience-multisellerauction-amer_a27cb5) + * EMEA: https://rsvp.withgoogle.com/events/protected-audience-multisellerauction-emea\_a27cb5\_339693 + + +# Notes + + +## [MK] Request for feedback, buyside and sellside buy-in for ad slot size idea: https://github.com/WICG/turtledove/issues/869 + + + +* Feature request for Ad slot size to be included in the request to the KV server; more directed at Buyer KV server - Is it possible for the KV server to know what slot size the ads is to make retrieving bidding signals more efficient? +* Generally, the browser sends a single KV request… reusable for all the different PA auctions on a page. In an attempt to square the circle, proposing a new parameter that can be added to the auction config. When kicking off the auction, what if we added a way for the top-level SSPs to say "here are all the different ad slot sizes on the page". Then the KV server request could include all of them and the KV response will take that into consideration; we can have caching and ad slot size known by the KV server. It seems viable if the buyers and sellers like this idea. +* [Brian] What percentage of pages know what the ad slot will be? + * [Isaac] Might need to run some queries to determine the answer. I think it is significant + * [MK] With the proposal, if you later come across an ad auction for a size that is not on the list, you can still run a PA auction on it, it will just trigger an additional KV request + * [Brian] So it seems like we are significantly increasing the number of moving parts in a request? It seems like something we should take into consideration + * [MK] Yes, for sure +* [Roni] **Point #1: **Let's let DSP KV server url opt into this behavior by having some macro in this url - like responsive ads in the render url. So a DSP that doesn't care about slot size doesn't pay any new cost. + * **Point #2: **GPT tag should know all the slot sizes on the page, and it should know how to do this. I think anything we do here would have to do with libraries; I think it should be defined dynamically from javascript to javascript +* [Joel] This is a lot of lift from GAM specific use case. SSPs won’t benefit because we do not get cache. How does viewability factor into this? + * [MK] The question is to determine whether this would be useful to other buyers — does slot size matter to you in SSP KV? Also, I do not think that viewability should come into this much. It seems like predictive model on viewability to take into account the domain is already possible with the KV server. + * [Brian] The call to the KV server cannot be used as an indication that something is viewable? + * [MK] I don’t know what logic SSPs use to kick off the auction but certainly possible the call might happen after the load page or at the beginning. Not sure +* [Isaac] From a DSP perspective, the size of the creative can vary… the creative ID on the trusted bidding signals.. Might help with real time requests for the creatives. On the buyside, this will be relevant to help them return real time signals. Anything that can be done by framework will be cheaper. I would see particular value for a DSP who has that type of creative. Also could be very useful for filtering, not sending back signals for creatives that cannot bid due to slot size mismatch. + + +## Additional browser event beacons - https://github.com/WICG/turtledove/issues/826 + + + +* [Roni] There are two classes of events - At the moment, because JS executed is controlled by buyside, the buyer has to indicate that these reserve event. Without buyer writing, the seller will get none of these events. How do we make it so that frames do not leak things that they aren’t supposed to leak, but having buyers and sellers automatically get the reserved events. + * [MK] I would broaden a little and say there are 3 kinds of events + * **Render:** Did this url get put in an iFrame? That is something that is automatic and everyone gets to find out and does not require any special opt in. You can observe from outside the frame. + * **Viewability:** No automatic way of SSP doing viewability beaconing today. We should invent something like intersection observer, and we should be able to make it happen automatically as configured by SSP, because this is something that can be observed from the outside page. + * **Click Event:** Front the browser POV, it happens inside the ad. Like every other cross domain iFrame, somebody outside cannot tell what happens inside. With some opt-in, the iframe will need to say it is okay for somebody outside to see + * [Roni] The render event is not automatic because there is no reserved event that gets fired automatically. + * MK: the reportWin and reportResult are indirectly indications of render event + * [from zoom chat, Matt Menke]: It's fenced frame nav start, not rendering that triggers reportWin reports. + * MM: I was just referring to the sendReportTo() and debug reports (which aren't based on navigation initiated by the fenced frame, but rather the navigation to the ad URL in the first place) + * [MK] The thing you are asking for is an event for ad click navigation… you want to know that the ads got to send the user to the landing page + * [Roni] Even if all we can get is that someone clicked on the bounding box of the rectangle - knowing that the user interacted with the ad container. + * [Shivani] Knowing that the click happened is more than what you can get today. There is a change in progress where the opt in has been made a little bit more flexible - as long as API is called, anyone who has registered to receive the beacon will receive it. It’s like an opt-in from the buyer side. + * [Joel] Echoing Roni’s request. Publishers are in the dark about what happens on their page. There is a huge need. If Chrome were to standardize a way, this will help move adtech world forward to improve publisher awareness, could end better than today. + * [MK] As an SSP, if we found a way to make it possible, would you go so far to take the position to refuse to render any ads that does not opt in to sharing this click-event information? + * [Joel] I will turn the decision over to publishers - It’s a monetization decision. + * [MK] Roni, do you think that if we did something like that, would that be satisfactory to your issue? + * [Roni] Yes, I would like to see how that evolves. + * [Shivani] For the non JS opt in, should we continue discussions on the GH issue? + * [MK] Yes, we should + * [Paul] We do have security concerns because you learn something happening inside the ads, so we have to get opt-in. And opt-in cannot happen just from the IG… the owner of the IG can provide any render url and we can't just let them find out what is happening inside the ad + * [Roni] Are we saying that there is no way for the frame to know that the buyer are seller origin is involved? + * [Paul] The big issue is that on the web, anyone can create a frame as a parent but there is no way to verify that. We are looking for a way that an ad can say this buyer is okay to share. + * [MK] Roni is right that the browser has the ability to know that the ads appeared, but the point is that even if we added an API to help with this, a naive ad does not use any API to check whether the party that caused it to be rendered was someone they expected + * From zoom chat + * Paul Jensen + * HTTP response headers are an efficient way to do this. /.well-known files are a less efficient but sometimes easier way + * Matt Menke + * HTTP response headers also allow us to let the SSP or DSP demand the header be present, or we won't load the ad. + * If folks want that ability + * [MK] No perfect solutions. We will keep discussing the issue. From 50ff31a495bb3b4445bddececeb681ea8f06f7fb Mon Sep 17 00:00:00 2001 From: Garrett Tanzer <garretttanzer@gmail.com> Date: Tue, 31 Oct 2023 11:38:02 -0400 Subject: [PATCH 05/58] API changes to make FLEDGE understand ad sizes (#417) * Update generateBid() * Most of joinAdInterestGroup changes * Expand description of joinAdInterestGroup fields * Add runAdAuction requestedSize field * Update generateBid description * Update FLEDGE.md * Update FLEDGE.md * Update k-anon check * Update FLEDGE.md * Describe size macros * Update Release_Notes.md * Fix typo * Describe how size returned from generateBid is used * Remove mention of filtering * Describe purpose of sizes in interest group declaration * Update Release_Notes.md * Update Release_Notes.md * Update Release_Notes.md * Accept `sizeGroups` suggestion Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Accept suggestion Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Accept suggestion to use group1 and group2 in ad size example Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Accept suggestion to explicitly call out the "size3" example size->sizeGroup implicit coercion Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Accept suggestion to call out AD_WIDTH and AD_HEIGHT explicitly in "see above" Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Accept suggestion to turn "url+size" into "URL and size" Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Accept suggestion to rephrase interest group size declaration description Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Mention optionality of interest group size fields * Remark that sizes are also optional in generateBid * Add more (optionally)s * Update Release_Notes.md * Add more optionality * Add more optionality * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Update FLEDGE.md Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Update FLEDGE.md Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Update Release_Notes.md Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Update requestedSize description * Update browser signals * Update FLEDGE.md * Change M115 to M116 for browser signals additions * Fix "bid" -> "auction config" * Remove renderSize from reportResult signals * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Fix rebase issue * Add extra macro format * Fix {size: ...} * Add explicit transition period * Add explicit transition period * Add explicit transition period * Update FLEDGE.md Co-authored-by: Alonso Velasquez <114112643+ajvelasquezgoog@users.noreply.github.com> * Fix link and perens. * Update FLEDGE.md Co-authored-by: Alonso Velasquez <114112643+ajvelasquezgoog@users.noreply.github.com> * add missing space --------- Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> Co-authored-by: Alonso Velasquez <114112643+ajvelasquezgoog@users.noreply.github.com> --- FLEDGE.md | 48 ++++++++++++++++++++++++++++++++++++++---------- Release_Notes.md | 10 ++++++++++ 2 files changed, 48 insertions(+), 10 deletions(-) diff --git a/FLEDGE.md b/FLEDGE.md index 10ace4016..3fdcf9dc4 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -120,8 +120,20 @@ const myGroup = { 'trustedBiddingSignalsURL': ..., 'trustedBiddingSignalsKeys': ['key1', 'key2'], 'userBiddingSignals': {...}, - 'ads': [shoesAd1, shoesAd2, shoesAd3], - 'adComponents': [runningShoes1, runningShoes2, gymShoes, gymTrainers1, gymTrainers2], + 'ads': [{renderUrl: shoesAd1, sizeGroup: 'group1', ...}, + {renderUrl: shoesAd2, sizeGroup: 'group2', ...}, + {renderUrl: shoesAd3, sizeGroup: 'size3', ...}], + 'adComponents': [{renderUrl: runningShoes1, sizeGroup: 'group2', ...}, + {renderUrl: runningShoes2, sizeGroup: 'group2', ...}, + {renderUrl: gymShoes, sizeGroup; 'group2', ...}, + {renderUrl: gymTrainers1, sizeGroup: 'size4', ...}, + {renderUrl: gymTrainers2, sizeGroup: 'size4', ...}], + 'adSizes': {'size1': {width: width1, height: height1}, + 'size2': {width: width2, height: height2}, + 'size3': {width: width3, height: height3}, + 'size4': {width: width4, height: height4}}, + 'sizeGroups:' {'group1': ['size1', 'size2', 'size3'], + 'group2': ['size3', 'size4']}, 'auctionServerRequestFlags': ['omit-ads'], }; const joinPromise = navigator.joinAdInterestGroup(myGroup); @@ -211,6 +223,12 @@ The `ads` list contains the various ads that the interest group might show. Eac The `adComponents` field contains the various ad components (or "products") that can be used to construct ["Ads Composed of Multiple Pieces"](https://github.com/WICG/turtledove/blob/main/FLEDGE.md#34-ads-composed-of-multiple-pieces)). Similar to the `ads` field, each entry is an object that includes a `renderURL` and optional `adRenderId`, and `metadata` fields. Thanks to `ads` and `adComponents` being separate fields, the buyer is able to update the `ads` field via the `updateURL` without losing `adComponents` stored in the interest group. +The `adSizes` field (optionally) contains a dictionary of named ad sizes. Each size has the format `{width: widthVal, height: heightVal}`, where the values can have either pixel units (e.g. `100` or `'100px'`) or screen dimension coordinates (e.g. `100sw` or `100sh`). For example, the size `{width: '100sw', height: 50}` describes an ad that is the width of the screen and 50 pixels tall. The size `{width: '100sw', height: '200sw'}` describes an ad that is the width of the screen and has a 1:2 aspect ratio. Sizes with screen dimension coordinates are primarily intended for screen-width ads on mobile devices, and may be restricted in certain contexts (to be determined) for privacy reasons. + +The `sizeGroups` field (optionally) contains a dictionary of named lists of ad sizes. Each ad declared above must specify a size group, saying which sizes it might be loaded at. Each named ad size is also considered a size group, so you don't need to manually define singleton size groups; for example see the `sizeGroup: 'size3'` code above. + +At some point in the future - no earlier than Q1 2025 - when the sizes are declared, the URL-size pairings will be used to prefetch k-anonymity checks to limit the configurations that can win an auction, please see [this doc](https://developer.chrome.com/docs/privacy-sandbox/protected-audience-api/feature-status/#k-anonymity). In the present implementation, only the URL is used for k-anonymity checks, not the size. When an ad with a particular size wins the auction (including in the current implementation), the size will be substituted into any macros in the URL (through `{%AD_WIDTH%}` and `{%AD_HEIGHT%}`, or `${AD_WIDTH}` and `${AD_HEIGHT}`), and once loaded into a fenced frame, the size will be used by the browser to freeze the fenced frame's inner dimensions. We therefore recommend using ad size declarations, but they are not required at this time. + The `auctionServerRequestFlags` field is optional and is only used for auctions [run on an auction server](https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md). This field contains a list of enumerated values that change what data is sent in the auction blob: * The `omit-ads` enumeration causes the request to omit the `ads` and `adComponents` fields for @@ -227,7 +245,7 @@ same-origin with `owner` and must point to URLs whose responses include the HTTP response header `Ad-Auction-Allowed: true` to ensure they are allowed to be used for loading Protected Audience resources. -The browser will provide protection against microtargeting, by only rendering an ad if the same rendering URL is being shown to a sufficiently large number of people (e.g. at least 50 people would have seen the ad, if it were allowed to show). While in the [Outcome-Based TURTLEDOVE](https://github.com/WICG/turtledove/blob/master/OUTCOME_BASED.md) proposal this threshold applied only to the rendered creative, Protected Audience has the additional requirement that the tuple of the interest group owner, bidding script URL, and rendered creative must be k-anonymous for an ad to be shown (this is necessary to ensure the current event-level reporting for interest group win reporting is sufficiently private). For interest groups that have component ads, all of the component ads must also separately meet this threshold for the ad to be shown. Since a single interest group can carry multiple possible ads that it might show, the group will have an opportunity to re-bid another one of its ads to act as a "fallback ad" any time its most-preferred choice is below threshold. This means that a small, specialized ad that is still below the k-anonymity threshold could still choose to participate in auctions, and its interest group has a way to fall back to a more generic ad until the more specialized one has a large enough audience. +The browser will provide protection against microtargeting, by only rendering an ad if the same rendering URL is being shown to a sufficiently large number of people (e.g. at least 50 people would have seen the ad, if it were allowed to show). While in the [Outcome-Based TURTLEDOVE](https://github.com/WICG/turtledove/blob/master/OUTCOME_BASED.md) proposal this threshold applied only to the rendered creative, Protected Audience has the additional requirement that the tuple of the interest group owner, bidding script URL, and rendered creative (URL, and [no earlier than Q1 2025](https://developer.chrome.com/docs/privacy-sandbox/protected-audience-api/feature-status/#k-anonymity) the size if specified by `generateBid`) must be k-anonymous for an ad to be shown (this is necessary to ensure the current event-level reporting for interest group win reporting is sufficiently private). For interest groups that have component ads, all of the component ads must also separately meet this threshold for the ad to be shown. Since a single interest group can carry multiple possible ads that it might show, the group will have an opportunity to re-bid another one of its ads to act as a "fallback ad" any time its most-preferred choice is below threshold. This means that a small, specialized ad that is still below the k-anonymity threshold could still choose to participate in auctions, and its interest group has a way to fall back to a more generic ad until the more specialized one has a large enough audience. Interest groups are subject to limits needed to bound resource utilization on the user's device. The browser limits the byte size of interest groups in order to safeguard browser storage used to hold the interest groups. Each interest group is individually limited to 1MB, and calls to `navigator.joinAdInterestGroup` will return an error when called with an interest group that exceeds this limit. To safeguard browser compute resources, the most effective strategy is for sellers to set `perBuyerCumulativeTimeouts` on the auction config. As an added measure, the browser also limits the number of interest groups to which a user may be joined. @@ -293,6 +311,7 @@ const myAuctionConfig = { 'trustedScoringSignalsURL': ..., 'interestGroupBuyers': ['https://www.example-dsp.com', 'https://buyer2.com', ...], 'auctionSignals': {...}, + 'requestedSize': {width: 100, height: 200}, 'directFromSellerSignals': 'https://www.example-ssp.com/...', 'sellerSignals': {...}, 'sellerTimeout': 100, @@ -344,6 +363,8 @@ else This will cause the browser to execute the appropriate bidding and auction logic inside a collection of dedicated worklets associated with the buyer and seller domains. The `auctionSignals`, `sellerSignals`, and `perBuyerSignals` values will be passed as arguments to the appropriate functions that run inside those worklets — the `auctionSignals` are made available to everyone, while the other signals are given only to one party. +The optional `requestedSize` field recommends a frame size for the auction, which will be available to bidders in browser signals. This size should be specified in the same format as the sizes in the `adSizes` field of `joinAdInterestGroup`. For convenience, the returned fenced frame config will automatically populate a `<fencedframe>`'s `width` and `height` attributes with the `requestedSize` when loaded, though the element's size attributes can still be modified if you want to change the element's container size. Bidders inside the auction may pick a different content size for the ad, and that resulting size will be visually scaled to fit inside the element's container size. + The optional `directFromSellerSignals` field can also be used to pass signals to the auction, similar to `sellerSignals`, `perBuyerSignals`, and `auctionSignals`. The difference is that `directFromSellerSignals` are trusted to come from the seller because the content loads from a [subresource bundle](https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md) loaded from a seller's origin, ensuring the authenticity and integrity of the signals. For more details, see [2.5 directFromSellerSignals](#25-additional-trusted-signals-directfromsellersignals). In some cases, multiple SSPs may want to participate in an auction, with the winners of separate auctions being passed up to another auction, run by another SSP. To facilitate these "component auctions", `componentAuctions` can optionally contain additional auction configurations for each seller's "component auction". The winning bid of each of these "component auctions" will be passed to the "top-level" auction. How bids are scored in this case is further described in [2.4 Scoring Bids in Component Auctions](#24-scoring-bids-in-component-auctions). The `AuctionConfig` of component auctions may not have their own `componentAuctions`. When `componentAuctions` is non-empty, `interestGroupBuyers` must be empty. That is, for any particular Protected Audience auction, either there is a single seller and no component auctions, or else all bids come from component auctions and the top-level auction can only choose among the component auctions' winners. @@ -415,6 +436,7 @@ The function gets called once for each candidate ad in the auction. The argumen { 'topWindowHostname': 'www.example-publisher.com', 'interestGroupOwner': 'https://www.example-dsp.com', 'renderURL': 'https://cdn.com/render_url_of_bid', + 'renderSize': {width: 100, height: 200}, /* if specified in the bid */ 'adComponents': ['https://cdn.com/ad_component_of_bid', 'https://cdn.com/next_ad_component_of_bid', ...], @@ -631,8 +653,9 @@ generateBid(interestGroup, auctionSignals, perBuyerSignals, return {'ad': adObject, 'adCost': optionalAdCost, 'bid': bidValue, - 'render': renderURL, - 'adComponents': [adComponent1, adComponent2, ...], + 'render': {url: renderURL, width: renderWidth, height: renderHeight}, + 'adComponents': [{url: adComponent1, width: componentWidth1, height: componentHeight1}, + {url: adComponent2, width: componentWidth2, height: componentHeight2}, ...], 'allowComponentAuction': false, 'modelingSignals': 123}; } @@ -653,6 +676,7 @@ The arguments to `generateBid()` are: { 'topWindowHostname': 'www.example-publisher.com', 'seller': 'https://www.example-ssp.com', 'topLevelSeller': 'https://www.another-ssp.com', + 'requestedSize': {width: 100, height: 200}, /* if specified in auction config */ 'joinCount': 3, 'recency': 3600000, 'bidCount': 17, @@ -671,9 +695,13 @@ The output of `generateBid()` contains the following fields: * ad: (optional) Arbitrary metadata about the ad which this interest group wants to show. The seller uses this information in its auction and decision logic. If not present, it's treated as if the value were null. * adCost: (optional) A numerical value used to pass reporting advertiser click or conversion cost from generateBid to reportWin. The precision of this number is limited to an 8-bit mantissa and 8-bit exponent, with any rounding performed stochastically. -* bid: A numerical bid that will enter the auction. The seller must be in a position to compare bids from different buyers, therefore bids must be in some seller-chosen unit (e.g. "USD per thousand"). If the bid is zero or negative, then this interest group will not participate in the seller's auction at all. With this mechanism, the buyer can implement any advertiser rules for where their ads may or may not appear. While this returned value is expected to be a JavaScript Number, internal calculations dealing with currencies should be done with integer math that more accurately represent powers of ten. -* render: A URL which will be rendered to display the creative if this bid wins the auction. -* adComponents: (optional) A list of up to 20 adComponent strings from the InterestGroup's adComponents field. Each value must match an adComponent renderURL exactly. This field must not be present if the InterestGroup has no adComponent field. It is valid for this field not to be present even when adComponents is present. (See ["Ads Composed of Multiple Pieces"](#34-ads-composed-of-multiple-pieces) below.) +* bid: A numerical bid that will enter the auction. The seller must be in a position to compare bids from different buyers, therefore bids must be in some seller-chosen unit (e.g. "USD per thousand"). If the bid is zero or negative, then this interest group will not participate in the seller's auction at all. With this mechanism, the buyer can implement any advertiser rules for where their ads may or may not appear. While this returned value is expected to be a JavaScript Number, internal calculations dealing with currencies should be done with integer math that more accurately represent powers of ten. +* render: A dictionary describing the creative that should be rendered if this bid wins the auction. This includes: + * url: The creative's URL. + * size: A dictionary containing `width` and `height` fields, describing the creative's size (see the interest group declaration above). When the ad is loaded in a fenced frame, the fenced frame's inner frame (i.e. the size visible to the ad creative) will be frozen to this size, and it will be unable to see changes to the frame size made by the embedder. + + Optionally, if you don't want to hook into interest group size declarations (e.g., if you don't want to use size macros), you can have `render` be just the URL, rather than a dictionary with `url` and `size`. +* adComponents: (optional) A list of up to 20 adComponent strings from the InterestGroup's adComponents field. Each value must match one of `interestGroup`'s `adComponent`'s `renderUrl` and sizes exactly. This field must not be present if `interestGroup` has no `adComponent` field. It is valid for this field not to be present even when `adComponents` is present. (See ["Ads Composed of Multiple Pieces"](#34-ads-composed-of-multiple-pieces) below.) * allowComponentAuction: If this buyer is taking part of a component auction, this value must be present and true, or the bid is ignored. This value is ignored (and may be absent) if the buyer is part of a top-level auction. * modelingSignals: A 0-4095 integer (12-bits) passed to `reportWin()`, with noising, as described in the [noising and bucketing scheme](#521-noised-and-bucketed-signals). Invalid values, such as negative, infinite, and NaN values, will be ignored and not passed. Only the lowest 12 bits will be passed. @@ -823,7 +851,7 @@ The arguments to this function are: * sellerSignals: Like auctionConfig.sellerSignals, but passed via the [directFromSellerSignals](#25-additional-trusted-signals-directfromsellersignals) mechanism. These are the signals whose subresource URL ends in `?sellerSignals`. * auctionSignals: Like auctionConfig.auctionSignals, but passed via the [directFromSellerSignals](#25-additional-trusted-signals-directfromsellersignals) mechanism. These are the signals whose subresource URL ends in `?auctionSignals`. -The `browserSignals` argument must be handled carefully to avoid tracking. It certainly cannot include anything like the full list of interest groups, which would be too identifiable as a tracking signal. The `renderURL` can be included since it has already passed a k-anonymity check. The browser may limit the precision of the bid and desirability values by stochastically rounding them so that they fit into a floating point number with an 8 bit mantissa and 8 bit exponent to avoid these numbers exfiltrating information from the interest group's `userBiddingSignals`. On the upside, this set of signals can be expanded to include useful additional summary data about the wider range of bids that participated in the auction, e.g. the number of bids. Additionally, the `dataVersion` will only be present if the `Data-Version` header was provided in the response headers from the Trusted Scoring server. +The `browserSignals` argument must be handled carefully to avoid tracking. It certainly cannot include anything like the full list of interest groups, which would be too identifiable as a tracking signal. The `renderURL` can be included since it has passed a k-anonymity check. Because `renderSize` will not be included in the k-anonymity check initially, it is not included in the browser signals. The browser may limit the precision of the bid and desirability values by stochastically rounding them so that they fit into a floating point number with an 8 bit mantissa and 8 bit exponent to avoid these numbers exfiltrating information from the interest group's `userBiddingSignals`. On the upside, this set of signals can be expanded to include useful additional summary data about the wider range of bids that participated in the auction, e.g. the number of bids. Additionally, the `dataVersion` will only be present if the `Data-Version` header was provided in the response headers from the Trusted Scoring server. In the short-term, the `reportResult()` function's reporting happens by calling a `sendReportTo()` API which takes a single string argument representing a URL. The `sendReportTo()` function can be called at most once during a worklet function's execution. The URL is fetched when the frame displaying the ad begins navigating to the ad. Eventually reporting will go through the Private Aggregation API once it has been developed. @@ -848,7 +876,7 @@ The arguments to this function are: * sellerSignals: The output of `reportResult()` above, giving the seller an opportunity to pass information to the buyer. In the case where the winning buyer won a component auction and then went on to win the top-level auction, this is the output of component auction's seller's `reportResult()` method. * browserSignals: Similar to the argument to `reportResult()` above, though without the seller's desirability score, but with additional `adCost`, `seller`, `madeHighestScoringOtherBid` and potentially `interestGroupName` fields: * The `adCost` field contains the value that was returned by `generateBid()`, stochastically rounded to fit into a floating point number with an 8 bit mantissa and 8 bit exponent. This field is only present if `adCost` was returned by `generateBid()`. - * The `interestGroupName` may be included if the tuple of interest group owner, name, bidding script URL and ad creative URL were jointly k-anonymous. + * The `interestGroupName` may be included if the tuple of interest group owner, name, bidding script URL, ad creative URL, and ad creative size (if specified by `generateBid`) were jointly k-anonymous. (Note: until [Q1 2025](https://developer.chrome.com/docs/privacy-sandbox/protected-audience-api/feature-status/#k-anonymity), in the implementation, the ad creative size is excluded from this check.) * The `madeHighestScoringOtherBid` field is true if the interest group owner was the only bidder that made bids with the second highest score. * The `highestScoringOtherBid` and `madeHighestScoringOtherBid` fields are based on the auction the interest group was directly part of. If that was a component auction, they're from the component auction. If that was the top-level auction, then they're from the top-level auction. Component bidders do not get these signals from top-level auctions since it is the auction seller joining the top-level auction, instead of winning component bidders joining the top-level auction directly. * The `dataVersion` field will contain the `Data-Version` from the trusted bidding signals response headers if they were provided by the trusted bidding signals server response and the version was consistent for all keys requested by this interest group, otherwise the field will be absent. diff --git a/Release_Notes.md b/Release_Notes.md index 7fcd2029e..8592296b7 100644 --- a/Release_Notes.md +++ b/Release_Notes.md @@ -6,6 +6,16 @@ * Functions that are called from Protected Audience worklets are now only accessible from inside the worklets, not from the global scope. See [#489](https://github.com/WICG/turtledove/issues/489) for more information. +## Chrome M114 + +* Support the ability to specify `requestedSize` in the auction config, which is eventually stored in the winning fenced frame config's container size. The `requestedSize` may not be accessible through browser signals in the auction until M116, and is a lower priority because it is a convenience feature only (presumably the size of the ad slot is already passed in through other signals, if it is needed). + + +## Chrome M113 + +* Support some of the size-related API changes (the ability to declare ad sizes in `joinAdInterestGroup`, include sizes with bids in `generateBid`, and have those sizes macro'd into the URL with `AD_WIDTH` and `AD_HEIGHT` macros), in a backwards compatible and opt-in way. + + ## Chrome M109 * Since version 109.0.5414.16, the [`sendReports` parameter to `navigator.deprecatedURNToURL()`](https://github.com/WICG/turtledove/blob/main/Proposed_First_FLEDGE_OT_Details.md#advertisement-rendering) is respected. From 6b348986997e1ef4794d19c63c80908f57f445ea Mon Sep 17 00:00:00 2001 From: qingxinwu <6334674+qingxinwu@users.noreply.github.com> Date: Wed, 1 Nov 2023 07:32:47 -0400 Subject: [PATCH 06/58] Add per buyer cumulative timeout (#836) * Add buyer's cumulative timeout. * Finish. * Decrement timeout one step earlier. * Use monotonic clock instead of wall clock. * all buyers cumulative timeout default to null. * Apply suggestions from code review Co-authored-by: Dominic Farolino <domfarolino@gmail.com> * Revert to use table, and update column names * Get monotonic clock from settings, and add issue. * Change a note to normative. --------- Co-authored-by: Qingxin Wu <qingxinwu@google.com> Co-authored-by: Dominic Farolino <domfarolino@gmail.com> --- spec.bs | 130 ++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 97 insertions(+), 33 deletions(-) diff --git a/spec.bs b/spec.bs index 2f9332f9a..f8e739e90 100644 --- a/spec.bs +++ b/spec.bs @@ -706,6 +706,7 @@ dictionary AuctionAdConfig { USVString sellerCurrency; Promise<record<USVString, any>> perBuyerSignals; Promise<record<USVString, unsigned long long>> perBuyerTimeouts; + Promise<record<USVString, unsigned long long>> perBuyerCumulativeTimeouts; record<USVString, unsigned short> perBuyerGroupLimits; record<USVString, unsigned short> perBuyerExperimentGroupIds; record<USVString, record<USVString, double>> perBuyerPrioritySignals; @@ -1163,23 +1164,36 @@ To <dfn>validate and convert auction ad config</dfn> given an {{AuctionAdConfig} 1. [=map/Set=] |auctionConfig|'s [=auction config/per buyer signals=][|buyer|] to |signalsString|. * To handle an error, set |auctionConfig|'s [=auction config/per buyer signals=] to failure. -1. If |config|["{{AuctionAdConfig/perBuyerTimeouts}}"] [=map/exists=]: - 1. Set |auctionConfig|'s [=auction config/per buyer timeouts=] to - |config|["{{AuctionAdConfig/perBuyerTimeouts}}"]. - 1. [=Handle an input promise in configuration=] given |auctionConfig| and |auctionConfig|'s - [=auction config/per buyer timeouts=]: - * To parse the value |result|: - 1. Set |auctionConfig|'s [=auction config/per buyer timeouts=] to a new [=ordered map=] whose - [=map/keys=] are [=origins=] and whose [=map/values=] are [=durations=] in milliseconds. - 1. [=map/For each=] |key| → |value| of |result|: - 1. If |key| is "*", then set |auctionConfig|'s [=auction config/all buyers timeout=] - to |value| in milliseconds or 500 milliseconds, whichever is smaller, and - [=iteration/continue=]. - 1. Let |buyer| be the result of [=parsing an https origin=] with |key|. If |buyer| is - failure, [=exception/throw=] a {{TypeError}}. - 1. [=map/Set=] |auctionConfig|'s [=auction config/per buyer timeouts=][|buyer|] to - |value| in milliseconds or 500 milliseconds, whichever is smaller. - * To handle an error, set |auctionConfig|'s [=auction config/per buyer timeouts=] to failure. +1. For each |idlTimeoutMember|, |perBuyerTimeoutField|, |allBuyersTimeoutField| in the following table + <table class="data"> + <thead><tr><th>IDL timeout member</th><th>Per buyer timeout field</th><th>All buyers timeout field</th></tr></thead> + <tr> + <td>"{{AuctionAdConfig/perBuyerTimeouts}}"</td> + <td>[=auction config/per buyer timeouts=]</td> + <td>[=auction config/all buyers timeout=]</td> + </tr> + <tr> + <td>"{{AuctionAdConfig/perBuyerCumulativeTimeouts}}"</td> + <td>[=auction config/per buyer cumulative timeouts=]</td> + <td>[=auction config/all buyers cumulative timeout=]</td> + </tr> + </table> + 1. If |config| [=map/contains=] |idlTimeoutMember|: + 1. Set |auctionConfig|'s |perBuyerTimeoutField| to |config|[|idlTimeoutMember|]. + 1. [=Handle an input promise in configuration=] given |auctionConfig| and |auctionConfig|'s + |perBuyerTimeoutField|: + * To parse the value |result|: + 1. Set |auctionConfig|'s |perBuyerTimeoutField| to a new [=ordered map=] whose + [=map/keys=] are [=origins=] and whose [=map/values=] are [=durations=] in milliseconds. + 1. [=map/For each=] |key| → |value| of |result|: + 1. If |perBuyerTimeoutField| is "{{AuctionAdConfig/perBuyerTimeouts}}", and + |value| &gt; 500, then set |value| to 500. + 1. If |key| is "*", then set |auctionConfig|'s |allBuyersTimeoutField| to |value| in + milliseconds, and [=iteration/continue=]. + 1. Let |buyer| be the result of [=parsing an https origin=] with |key|. If |buyer| is + failure, [=exception/throw=] a {{TypeError}}. + 1. [=map/Set=] |auctionConfig|'s |perBuyerTimeoutField|[|buyer|] to |value| in milliseconds. + * To handle an error, set |auctionConfig|'s |perBuyerTimeoutField| to failure. 1. If |config|["{{AuctionAdConfig/perBuyerGroupLimits}}"] [=map/exists=], [=map/for each=] |key| → |value| of |config|["{{AuctionAdConfig/perBuyerGroupLimits}}"]: 1. If |value| is 0, then return failure. @@ -1483,6 +1497,12 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. Decrement |pendingAdditionalBids| by 1. 1. [=map/For each=] |buyer| → |perBuyerGenerator| of |bidGenerators|, [=parallel queue/enqueue steps|enqueue the following steps=] to |queue|: + 1. Let |perBuyerCumulativeTimeout| be |auctionConfig|'s + [=auction config/all buyers cumulative timeout=]. + 1. If |auctionConfig|'s [=auction config/per buyer cumulative timeouts=] is not null and + [=auction config/per buyer cumulative timeouts=][|buyer|] [=map/exists=], then set + |perBuyerCumulativeTimeout| to |auctionConfig|'s + [=auction config/per buyer cumulative timeouts=][|buyer|]. 1. Let |buyerExperimentGroupId| be |allBuyersExperimentGroupId|. 1. Let |perBuyerExperimentGroupIds| be |auctionConfig|'s [=auction config/per buyer experiment group ids=]. @@ -1516,6 +1536,8 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. [=map/For each=] |signalsUrl| → |perSignalsUrlGenerator| of |perBuyerGenerator|: 1. Let |keys| be a new [=ordered set=]. 1. Let |igNames| be a new [=ordered set=]. + 1. Let |fetchSignalStartTime| be |settings|'s [=environment settings object/current monotonic time=]. + 1. [=map/For each=] joiningOrigin → |groups| of |perSignalsUrlGenerator|: 1. [=list/For each=] |ig| of |groups|: 1. [=set/Append=] |ig|'s [=interest group/trusted bidding signals keys=] to |keys|. @@ -1526,16 +1548,25 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig with |biddingSignalsUrl| and true. 1. If |dataVersion| is not null, then [=map/set=] |browserSignals|["{{BiddingBrowserSignals/dataVersion}}"] to |dataVersion|. + 1. Let |fetchSignalDuration| be the [=duration from=] |fetchSignalStartTime| to |settings|'s + [=environment settings object/current monotonic time=], in milliseconds. + 1. If |perBuyerCumulativeTimeout| is not null: + 1. Decrement |perBuyerCumulativeTimeout| by |fetchSignalDuration|. + 1. If |perBuyerCumulativeTimeout| is negative, then [=iteration/break=]; 1. [=map/For each=] joiningOrigin → |groups| of |perSignalsUrlGenerator|: 1. [=list/For each=] |ig| of |groups|: 1. If |ig|'s [=interest group/bidding url=] is null, [=iteration/continue=]. - 1. Let |directFromSellerSignalsForBuyer| be the result of running - [=get direct from seller signals for a buyer=] with |directFromSellerSignals|, and - |ig|'s [=interest group/owner=]. - 1. Let |generatedBid| be the result of [=generate a bid=] given - |allTrustedBiddingSignals|, |auctionSignals|, a [=map/clone=] of |browserSignals|, - |perBuyerSignals|, |directFromSellerSignalsForBuyer|, |perBuyerTimeout|, |expectedCurrency|, - |ig|, and |auctionStartTime|. + 1. If |perBuyerCumulativeTimeout| is not null and is less than |perBuyerTimeout|, then set + |perBuyerTimeout| to |perBuyerCumulativeTimeout|. + 1. Let |generateBidStartTime| be |settings|'s + [=environment settings object/current monotonic time=]. + 1. Let |generatedBid| be the result of [=generate a bid=] given |allTrustedBiddingSignals|, + |auctionSignals|, a [=map/clone=] of |browserSignals|, |perBuyerSignals|, + |perBuyerTimeout|, |expectedCurrency|, |ig|, and |auctionStartTime|. + 1. Let |generateBidDuration| be the [=duration from=] |generateBidStartTime| to |settings|'s + [=environment settings object/current monotonic time=], in milliseconds. + 1. If |perBuyerCumulativeTimeout| is not null, decrement |perBuyerCumulativeTimeout| by + |generateBidDuration|. 1. If |generatedBid| is failure, [=iteration/continue=]. 1. If [=query generated bid k-anonymity count=] given |generatedBid| returns false: @@ -1563,13 +1594,20 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. If [=query component ad k-anonymity count=] given |adComponent|'s [=interest group ad/render url=] returns true, [=list/append=] |adComponent| to |ig|'s [=interest group/ad components=]. + 1. If |perBuyerCumulativeTimeout| is not null and is less than |perBuyerTimeout|, then set + |perBuyerTimeout| to |perBuyerCumulativeTimeout|. + 1. Let |generateBidStartTime| be |settings|'s + [=environment settings object/current monotonic time=]. 1. Set |generatedBid| to the result of [=generate a bid=] given |allTrustedBiddingSignals|, |auctionSignals|, a [=map/clone=] of |browserSignals|, |perBuyerSignals|, |directFromSellerSignalsForBuyer|, |perBuyerTimeout|, |expectedCurrency|, and |ig|. - 1. Set |ig|'s [=interest group/ads=] to |originalAds|. 1. Set |ig|'s [=interest group/ad components=] to |originalAdComponents|. + 1. Let |generateBidDuration| be the [=duration from=] |generateBidStartTime| to + |settings|'s [=environment settings object/current monotonic time=], in milliseconds. + 1. If |perBuyerCumulativeTimeout| is not null, then decrement |perBuyerCumulativeTimeout| + by |generateBidDuration|. 1. If |generatedBid| is failure, [=iteration/continue=]. 1. [=list/Insert=] |generatedBid|'s [=generated bid/interest group=] in |bidIgs|. 1. [=Score and rank a bid=] with |auctionConfig|, |generatedBid|, |leadingBidInfo|, @@ -2953,6 +2991,10 @@ of the following global objects: 1. Let |realm| be the result of [=creating a new script runner realm=] given {{InterestGroupBiddingScriptRunnerGlobalScope}}. 1. Let |global| be |realm|'s [=realm/global object=]. + 1. Let |settings| be |realm|'s [=realm/settings object=]. + + Issue: <a href="https://github.com/WICG/turtledove/issues/676">WICG/turtledove#676</a> needs + to be fixed in order to get |realm|'s [=realm/settings object=]. 1. Set |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/group has ad components=] to true if |ig|'s [=interest group/ad components=] is not null, or false otherwise. @@ -2972,11 +3014,12 @@ of the following global objects: 1. Let |browserSignalsJS| be |browserSignals| [=converted to ECMAScript values=]. 1. Let |directFromSellerSignalsJs| be |directFromSellerSignalsForBuyer| [=converted to ECMAScript values=]. - 1. Let |startTime| be the [=current wall time=]. + 1. Let |startTime| be |settings|'s [=environment settings object/current monotonic time=]. 1. Let |result| be the result of [=evaluating a script=] with |realm|, |script|, "`generateBid`", « |igJS|, |auctionSignalsJS|, |perBuyerSignalsJS|, |trustedBiddingSignalsJS|, |browserSignalsJS|, |directFromSellerSignalsJs| », and |timeout|. - 1. Let |duration| be the [=current wall time=] minus |startTime| in milliseconds. + 1. Let |duration| be |settings|'s [=environment settings object/current monotonic time=] minus + |startTime| in milliseconds. 1. If |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/priority=] is not null and not failure: 1. Set |ig|'s [=interest group/priority=] to |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/priority=]. @@ -3056,13 +3099,16 @@ of the following global objects: <div algorithm> To <dfn>evaluate a script</dfn> with a [=ECMAScript/realm=] |realm|, [=string=] |script|, [=string=] - |functionName|, a [=list=] |arguments|, and an integer millisecond duration |timeout|, run these steps. + |functionName|, a [=list=] |arguments|, and an integer millisecond [=duration=] |timeout|, run these steps. They return a [=ECMAScript/Completion Record=], which is either an [=ECMAScript/abrupt completion=] (in the case of a parse failure or execution error), or a [=ECMAScript/normal completion=] populated with the [=ECMAScript/ECMAScript language value=] result of invoking |functionName|. 1. [=Assert=] that these steps are running [=in parallel=]. + 1. If |timeout| &le; 0, [=immediately=] interrupt the execution and set |finalCompletion| to a + new [=ECMAScript/throw completion=] given null. + 1. Let |global| be |realm|'s [=realm/global object=], and run these steps in |realm|'s [=realm/agent=]: 1. Let |result| be [$ParseScript$](|script|, |realm|, `empty`). @@ -3233,7 +3279,7 @@ To <dfn>convert GenerateBidOutput to generated bid</dfn> given a {{GenerateBidOu [=generated bid/ad cost=] to |generateBidOutput|["{{GenerateBidOutput/adCost}}"]. 1. If |generateBidOutput|["{{GenerateBidOutput/modelingSignals}}"] [=map/exists=]: 1. Let |modelingSignals| be |generateBidOutput|["{{GenerateBidOutput/modelingSignals}}"]. - 1. If |modelingSignals| &ge; 0 and |modelingSignals| < 4096, then set |bid|'s + 1. If |modelingSignals| &ge; 0 and |modelingSignals| &lt; 4096, then set |bid|'s [=generated bid/modeling signals=] to the result of [=converted to an IDL value|converting=] the ECMAScript value represented by |modelingSignals| to an {{unsigned short}}. 1. Return |bid|. @@ -4274,6 +4320,23 @@ An auction config is a [=struct=] with the following items: Restricts the `generateBid()` script's runtime for all buyers without a timeout specified in [=auction config/per buyer timeouts=]. If the timeout expires, only the bid submitted via `setBid()` is considered. +: <dfn>per buyer cumulative timeouts</dfn> +:: Null, a {{Promise}}, failure, or an [=ordered map=] whose [=map/keys=] are [=origins=] and + whose [=map/values=] are [=durations=] in milliseconds. + [=map/Keys=] are buyers and must be valid HTTPS [=origins=]. [=map/Values=] are collective + timeouts for all interest groups of the buyer represented by the [=map/key=]. Includes the time of + loading scripts and signals, and running the `generateBid()` functions. Once the timer expires, + the affected buyer's interest groups may no longer generate any bids. All bids generated before + the timeout will continue to participate in the auction. + Implementations should attempt, on a best-effort basis, to generate bids for each buyer in + priority order, so lower priority [=interest groups=] are the ones more likely to be timed out. If + {{Promise}}s are passed in to the [=auction config=] for fields that support them, + [=wait until configuration input promises resolve=] before starting the timer. + +: <dfn>all buyers cumulative timeout</dfn> +:: Null or a [=duration=] in milliseconds, initially null. + Restricts a buyer's cumulative timeout for all buyers without one specified in + [=auction config/per buyer cumulative timeouts=]. : <dfn>per buyer group limits</dfn> :: Null or an [=ordered map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are {{unsigned short}}s. @@ -4359,12 +4422,13 @@ To <dfn>wait until configuration input promises resolve</dfn> given an [=auction 1. Wait until |auctionConfig|'s [=auction config/pending promise count=] is 0. 1. [=Assert=] |auctionConfig|'s [=auction config/auction signals=], [=auction config/seller signals=], [=auction config/per buyer signals=], [=auction config/per buyer currencies=], - [=auction config/per buyer timeouts=], and [=auction config/direct from seller signals header ad slot=] - are not {{Promise}}s, and [=auction config/expects additional bids=] is false. + [=auction config/per buyer timeouts=], [=auction config/per buyer cumulative timeouts=], and + [=auction config/direct from seller signals header ad slot=] are not {{Promise}}s, and + [=auction config/expects additional bids=] is false. 1. If |auctionConfig|'s [=auction config/auction signals=], [=auction config/seller signals=], [=auction config/per buyer signals=], [=auction config/per buyer currencies=], - [=auction config/per buyer timeouts=], or [=auction config/direct from seller signals header ad slot=] - is failure, return failure. + [=auction config/per buyer timeouts=], [=auction config/per buyer cumulative timeouts=], or + [=auction config/direct from seller signals header ad slot=] is failure, return failure. 1. Return. </div> From a7942ed9ee0b438259309030810314a71d6f2060 Mon Sep 17 00:00:00 2001 From: B-Pierro <123390782+B-Pierro@users.noreply.github.com> Date: Wed, 1 Nov 2023 11:07:17 -0300 Subject: [PATCH 07/58] Update fledge-tester-list.md (#889) adding Globo as a open tester and interested publisher --- fledge-tester-list.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fledge-tester-list.md b/fledge-tester-list.md index c60b772b0..83022b650 100644 --- a/fledge-tester-list.md +++ b/fledge-tester-list.md @@ -67,6 +67,7 @@ The usefulness of this page depends on testers sharing information and updates. | Onetag | DSP & SSP | 2023-2024 | | privacysandbox@onetag.com | | Yahoo Inc | DSP | beginning 15 Jan 2024 | | googleprivacysandbox@yahooinc.com | | Magnite | SSP | January 2024 | | privacysandbox@magnite.com | +| Globo | DSP & SSP | Testing | | adtech-delivery@g.globo | ## Table - Publishers and Advertisers Interested in Testing or Early Adoption Companies who may be interested in participating in tests and early adoption opportunities provided by ad tech companies. @@ -79,4 +80,5 @@ Companies who may be interested in participating in tests and early adoption opp | Clarin | Publisher | | mfranco@clarin.com | | Terra Networks | Publisher | | adtech.terra.br@telefonica.com | | OLX Brasil | Publisher | | adtech@olxbr.com | +| Globo | Publisher | | adtech-delivery@g.globo| From c6491c41c05a96cf61af60c777e5936eff958e68 Mon Sep 17 00:00:00 2001 From: Maks Orlovich <morlovich@google.com> Date: Fri, 3 Nov 2023 08:41:59 -0400 Subject: [PATCH 08/58] Explainer changes for how currency-related things work (#571) * First cut at doc changes * formatting/link fixes * One more bit of formatting * Edit redaction rule for reportWin * Apply some feedback * Update based on feedback * Also mention rounding * Apply a whole bunch of feedback * Apply suggestions from code review Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Adjust some phrasing * Apply feedback * Apply suggestions from code review Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> * Tablification attempt, not sure if ready for review * Be explicit rather than "same" * Make the reporting section somewhat more generic, based on feedback from Matt. --------- Co-authored-by: Maks Orlovich <morlovich@chromium.org> Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> --- FLEDGE.md | 68 ++++++++++++++++++++++++++--- FLEDGE_extended_PA_reporting.md | 6 +++ Proposed_First_FLEDGE_OT_Details.md | 4 ++ 3 files changed, 73 insertions(+), 5 deletions(-) diff --git a/FLEDGE.md b/FLEDGE.md index 3fdcf9dc4..324965636 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -30,12 +30,14 @@ See [the Protected Audience API specification](https://wicg.github.io/turtledove - [3.3 Metadata with the Ad Bid](#33-metadata-with-the-ad-bid) - [3.4 Ads Composed of Multiple Pieces](#34-ads-composed-of-multiple-pieces) - [3.5 Filtering and Prioritizing Interest Groups](#35-filtering-and-prioritizing-interest-groups) + - [3.6 Currency Checking](#36-currency-checking) - [4. Browsers Render the Winning Ad](#4-browsers-render-the-winning-ad) - [5. Event-Level Reporting (for now)](#5-event-level-reporting-for-now) - [5.1 Seller Reporting on Render](#51-seller-reporting-on-render) - [5.2 Buyer Reporting on Render and Ad Events](#52-buyer-reporting-on-render-and-ad-events) - [5.2.1 Noised and Bucketed Signals](#521-noised-and-bucketed-signals) - - [5.3 Losing Bidder Reporting](#53-losing-bidder-reporting) + - [5.3 Currencies in Reporting](#53-currencies-in-reporting) + - [5.4 Losing Bidder Reporting](#54-losing-bidder-reporting) - [6. Additional Bids](#6-additional-bids) - [6.1 Auction Nonce](#61-auction-nonce) - [6.2 Negative Targeting](#62-negative-targeting) @@ -341,6 +343,10 @@ const myAuctionConfig = { 'https://www.another-buyer.com': 345, '*': 456, ...}, + 'perBuyerCurrencies': {'https://example.co.uk': 'GBP', + 'https://example.fr': 'EUR', + '*': 'USD'}, + 'sellerCurrency:' : 'CAD', 'componentAuctions': [ {'seller': 'https://www.some-other-ssp.com', 'decisionLogicURL': ..., @@ -383,6 +389,8 @@ Optionally, `sellerExperimentGroupId` can be specified by the seller to support Optionally, `perBuyerPrioritySignals` is an object mapping string keys to Javascript numbers that can be used to dynamically compute interest group priorities before `perBuyerGroupLimits` are applied. See [Filtering and Prioritizing Interest Groups](#35-filtering-and-prioritizing-interest-groups) for more information. +Optionally, `perBuyerCurrencies` and `sellerCurrency` are used for [currency-checking](#36-currency-checking). `sellerCurrency` also affects how [currencies behave in reporting](#53-currencies-in-reporting). + Optionally, `resolveToConfig` is a boolean directing the promise returned from `runAdAuction()` to resolve to a `FencedFrameConfig` if true, for use in a `<fencedframe>`, or if false to an opaque `urn:uuid` URL, for use in an `<iframe>`. If `resolveToConfig` is not set, it defaults to false. If the `window.FencedFrameConfig` interface is not exposed (because e.g., the script is running in an older version of Chrome that does not yet implement `FencedFrameConfig`, then the auction will _always_ yield a URN. Therefore, when requesting a `FencedFrameConfig` for use in a fenced frame element, you have two options: @@ -420,6 +428,8 @@ scoreAd(adMetadata, bid, auctionConfig, trustedScoringSignals, browserSignals, directFromSellerSignals) { ... return {desirability: desirabilityScoreForThisAd, + incomingBidInSellerCurrency: + convertToEuros(bid, browserSignals.bidCurrency), allowComponentAuction: componentAuctionsAllowed}; } ``` @@ -441,6 +451,7 @@ The function gets called once for each candidate ad in the auction. The argumen 'https://cdn.com/next_ad_component_of_bid', ...], 'biddingDurationMsec': 12, + 'bidCurrency': 'USD', /* bidCurrency returned by generateBid, or '???' if none */ 'dataVersion': 1, /* Data-Version value from the trusted scoring signals server's response */ } ``` @@ -451,6 +462,7 @@ The function gets called once for each candidate ad in the auction. The argumen The output of `scoreAd()` is an object with the following fields: * desirability: Number indicating how desirable this ad is. Any value that is zero or negative indicates that the ad cannot win the auction. (This could be used, for example, to eliminate any interest-group-targeted ad that would not beat a contextually-targeted candidate.) The winner of the auction is the ad object which was given the highest score. * allowComponentAuction: (optional) If the bid being scored is from a component auction and this value is not true, the bid is ignored. If not present, this value is considered false. This field must be present and true both when the component seller scores a bid, and when that bid is being scored by the top-level auction. +* incomingBidInSellerCurrency: (optional) Provides a conversion of a bid in a multi-currency auction to seller's own currency. Please see [the section on this functionality](#53-reporting-in-multi-currency-auctions) for more details. If `scoreAd()` returns only a numeric value, it's equivalent to returning {`desirability`: numericValue, `allowComponentAuction`: false}. @@ -472,6 +484,7 @@ Seller scripts in component auctions behave a little differently. They still ex * desirability: Numeric score of the bid. Must be positive or the ad will be rejected. * allowComponentAuction: If this field is not true, the bid will be rejected. * bid: (optional) Modified bid value to provide to the top-level seller script. If present, this will be passed to the top-level seller's `scoreAd()` and `reportResult()` methods instead of the original bid, if the ad wins the component auction and top-level auction, respectively. +* bidCurrency: (optional) Annotates the currency of the modified bid provided by `bid`. Please see the [Currency Checking section](#36-currency-checking) Once all of a component auction's bids have been scored by the component auction's seller script, the bid with the highest score is passed to the top-level seller to score. For that bid, the top-level seller's `scoreAd()` method is passed the `ad` value from the component auction seller's `scoreAd()` method, and there is an additional `componentSeller` field in the `browserSignals`, which is the seller for the component auction. All other values are the same as if the bid had come from an interest group participating directly in the top-level auction. In the case of a tie, one of the highest scoring bids will be chosen randomly and only that bid will be passed to the top-level seller to score. The seller of a component auction may reject all bids by giving them scores <= 0. In that case, no bid from that component auction will be passed to the top-level auction. @@ -653,6 +666,7 @@ generateBid(interestGroup, auctionSignals, perBuyerSignals, return {'ad': adObject, 'adCost': optionalAdCost, 'bid': bidValue, + 'bidCurrency': 'USD', 'render': {url: renderURL, width: renderWidth, height: renderHeight}, 'adComponents': [{url: adComponent1, width: componentWidth1, height: componentHeight1}, {url: adComponent2, width: componentWidth2, height: componentHeight2}, ...], @@ -695,7 +709,8 @@ The output of `generateBid()` contains the following fields: * ad: (optional) Arbitrary metadata about the ad which this interest group wants to show. The seller uses this information in its auction and decision logic. If not present, it's treated as if the value were null. * adCost: (optional) A numerical value used to pass reporting advertiser click or conversion cost from generateBid to reportWin. The precision of this number is limited to an 8-bit mantissa and 8-bit exponent, with any rounding performed stochastically. -* bid: A numerical bid that will enter the auction. The seller must be in a position to compare bids from different buyers, therefore bids must be in some seller-chosen unit (e.g. "USD per thousand"). If the bid is zero or negative, then this interest group will not participate in the seller's auction at all. With this mechanism, the buyer can implement any advertiser rules for where their ads may or may not appear. While this returned value is expected to be a JavaScript Number, internal calculations dealing with currencies should be done with integer math that more accurately represent powers of ten. +* bid: A numerical bid that will enter the auction. The seller must be in a position to compare bids from different buyers, therefore bids must be in some seller-chosen unit (e.g. "USD per thousand"). If the bid is zero or negative, then this interest group will not participate in the seller's auction at all. With this mechanism, the buyer can implement any advertiser rules for where their ads may or may not appear. While this returned value is expected to be a JavaScript Number, internal calculations dealing with currencies should be done with integer math that more accurately represent powers of ten. +* bidCurrency: (optional) The currency for the bid, used for [currency-checking](#36-currency-checking). * render: A dictionary describing the creative that should be rendered if this bid wins the auction. This includes: * url: The creative's URL. * size: A dictionary containing `width` and `height` fields, describing the creative's size (see the interest group declaration above). When the ad is loaded in a fenced frame, the fenced frame's inner frame (i.e. the size visible to the ad creative) will be frozen to this size, and it will be unable to see changes to the frame size made by the embedder. @@ -789,6 +804,16 @@ The `BidFor240Minutes` interest group will have a positive priority if it was jo The `FilterOnDataFromServer` interest group will result in fetching `https://buyer1.com/bidder_signals?publisher=<...>&interest_groups=FilterOnDataFromServer,<...>`, and then if that result has a `perInterestGroupData.FilterOnDataFromServer.priorityVector` object, then that is used just like the `priorityVector` field from the other two examples, except that it's only used for filtering, not to set the priority (unless the group has a true `enableBiddingSignalsPrioritization` field). A [user defined function](https://github.com/privacysandbox/fledge-docs/blob/main/key_value_service_trust_model.md#support-for-user-defined-functions-udfs) could be used on the Protected Audience Key-Value server to calculate that `priorityVector` value, and hence to decide if `FilterOnDataFromServer`'s `generateBid()` method is invoked or if it's filtered out. +### 3.6 Currency Checking + +If participants in the auction need to deal with multiple currencies, they can optionally take advantage of automated currency checking. All of it operates on currency tags, which are required to contain 3 upper-case ASCII letters. + +If the `generateBid()` method returns a `bidCurrency`, and the `perBuyerCurrencies` for that buyer is specified, their consistency will be checked, and if there is a mismatch, the bid will be dropped. Both the `perBuyerCurrencies` for that buyer and returned `bidCurrency` must be present for checking to take place; if one or both are missing the currency check does not take place and the bid is passed on as-is. The returned `bidCurrency` will be passed to `scoreAd()`'s `browserSignals.bidCurrency`, with unspecified currency rendered as `'???'`. + +Currency checking after `scoreAd()` happens only inside component auctions. If the component seller's `scoreAd()` modifies the bid value, the modified bid's currency will be checked; if not, the passed-through bid from the original buyer's currency will be. In either case, the currency will be checked both against the component auction's `sellerCurrency` and top-level auction's `perBuyerCurrencies` as applied to the component auction's seller. As before, both the bid currency and the configured currency in question must be specified for the checking to take place; if one or both are missing that particular currency check does not take place. If there is a mismatch, the bid will not take part in the top-level auction. + +`sellerCurrency` also has an extensive effect on how reporting behaves. Please see the section on [Reporting in Multi-Currency Auctions](#53-reporting-in-multi-currency-auctions) for more details. + ### 4. Browsers Render the Winning Ad The winning ad will be rendered in a [Fenced Frame](https://github.com/shivanigithub/fenced-frame): a mechanism under development for rendering a document in an embedded context which is unable to communicate with the surrounding page. This communication blockage is necessary to meet the privacy goal that sites cannot learn about their visitors' ad interests. (Note that the microtargeting prevention threshold alone is not enough to address this threat: the threshold prevents ads which could identify a single person, but it allows ads which identify a group of people that share a single interest.) @@ -839,14 +864,17 @@ The arguments to this function are: 'componentSeller': 'https://www.some-other-ssp.com', 'interestGroupOwner': 'https://www.example-dsp.com/', 'renderURL': 'https://cdn.com/url-of-winning-creative.wbn', - 'bid:' bidValue, + 'bid': bidValue, + 'bidCurrency': 'USD', 'desirability': desirabilityScoreForWinningAd, 'topLevelSellerSignals': outputOfTopLevelSellersReportResult, 'dataVersion': versionFromKeyValueResponse, 'modifiedBid': modifiedBidValue, - 'highestScoringOtherBid': highestScoringOtherBidValue + 'highestScoringOtherBid': highestScoringOtherBidValue, + 'highestScoringOtherBidCurrency': 'EUR' } ``` + * `bidCurrency` and `highestScoringOtherBidCurrency` provide (highly redacted) information on what currency the corresponding numbers are in. Please refer to the section on [Reporting in Multi-Currency Auctions](#53-reporting-in-multi-currency-auctions) for more details. * directFromSellerSignals is an object that may contain the following fields: * sellerSignals: Like auctionConfig.sellerSignals, but passed via the [directFromSellerSignals](#25-additional-trusted-signals-directfromsellersignals) mechanism. These are the signals whose subresource URL ends in `?sellerSignals`. * auctionSignals: Like auctionConfig.auctionSignals, but passed via the [directFromSellerSignals](#25-additional-trusted-signals-directfromsellersignals) mechanism. These are the signals whose subresource URL ends in `?auctionSignals`. @@ -910,7 +938,37 @@ When `joinCount` is passed to `generateBid()`, no noising or bucketing is applie These signals were requested in [issue 435](https://github.com/WICG/turtledove/issues/435). The signals are intented to ship in Chrome M114, they will no longer be available for event level reporting when event level reporting is retired. -#### 5.3 Losing Bidder Reporting +#### 5.3 Currencies in Reporting + +In auctions that involve multiple currencies, there may be values with different units floating around, which makes aggregated information incomprehensible, and event-level information hard to process, potentially requiring participants to interpret currencies of jurisdictions they do no business in. + +To help deal with this scenario, an optional mode is available that converts all bid-related information to seller's preferred currency (in component auctions, reporting for it is for that component's seller). This is configured via the `sellerCurrency` setting in each auction configuration. + +If `sellerCurrency` is set, `scoreAd()` for an auction is responsible for converting bids not already in `sellerCurrency` to `sellerCurrency`, via the `incomingBidInSellerCurrency` field of its return value. A bid already explicitly in the seller's currency cannot be changed by `incomingBidInSellerCurrency`. If neither the original bid is explicitly in `sellerCurrency` nor an `incomingBidInSellerCurrency` is specified, a value of 0 is used as the converted value. + +Note that `incomingBidInSellerCurrency` is different from the modified bid returned by a component auction: it represents a mechanical currency translation of the original buyer's bid, rather than the bid the component auction is making in a top-level auction (which could, perhaps, be reduced by the intermediate seller's fee or the like). It can also be specified in top-level auctions, unlike the modified bid. + +The following table summarizes which APIs get original and which get converted bid values, and how redaction for currency tags works, depending on whether `sellerCurrency` is set or not: +| API | when `sellerCurrency` unset | when `sellerCurrency` set | +| --- | --- | --- | +|`reportWin()` `browserSignals.bid` | Original value | Original value | +|`reportWin()` `browserSignals.bidCurrency` | Currency required by auction configuration, or `'???'` | Currency required by auction configuration, or `'???'` | +|`reportResult()` `browserSignals.bid` | Original value of bid at that auction level (for top-level auction this includes any modification by component auction) | Original value of bid at that auction level (for top-level auction this includes any modification by component auction) (in Chrome since M116) | +|`reportResult()` `browserSignals.bidCurrency` | Currency required by auction configuration, or `'???'` | Currency required by auction configuration, or `'???'` (in Chrome since M116) | +|`reportWin()` `browserSignals.highestScoringOtherBid` | Original value | Converted value | +|`reportWin()` `browserSignals.highestScoringOtherBidCurrency` | `'???'` | `sellerCurrency` | +|`reportResult()` `browserSignals.highestScoringOtherBid` | Original value | Converted value | +|`reportResult()` `browserSignals.highestScoringOtherBidCurrency` | `'???'` | `sellerCurrency` | +| `forDebuggingOnly.report...` keyword `${winningBid}` | Original value | Converted value | +| `forDebuggingOnly.report...` keyword `${winningBidCurrency}` | `'???'` | `sellerCurrency`| +| `forDebuggingOnly.report...` keyword `${highestScoringOtherBid}` | Original value | Converted value | +| `forDebuggingOnly.report...` keyword `${highestScoringOtherBidCurrency}` | `'???'` | `sellerCurrency`| +| `forDebuggingOnly.report...` keyword `${topLevelWinningBid}` | Original value | Converted value (as converted by top-level `scoreAd()`) | +| `forDebuggingOnly.report...` keyword `${topLevelWinningBidCurrency}` | `'???'` | `sellerCurrency` of top-level auction | +| Private Aggregation `winning-bid` | Original value | Converted value | +| Private Aggregation `highest-scoring-other-bid` | Original value | Converted value | + +#### 5.4 Losing Bidder Reporting We also need to provide a mechanism for the _losing_ bidders in the auction to learn aggregate outcomes. Certainly they should be able to count the number of times they bid, and losing ads should also be able to learn (in aggregate) some seller-provided information about e.g. the auction clearing price. Likewise, a reporting mechanism should be available to buyers who attempted to bid with a creative that had not yet reached the k-anonymity threshold. diff --git a/FLEDGE_extended_PA_reporting.md b/FLEDGE_extended_PA_reporting.md index feac385c4..fc015ff57 100644 --- a/FLEDGE_extended_PA_reporting.md +++ b/FLEDGE_extended_PA_reporting.md @@ -204,6 +204,12 @@ Where `signalBucket` and `signalValue` is a dictionary which consists of: * 6: indicates seller rejected bid because “Creative Filtered - Language Exclusions” * 7: indicates seller rejected bid because “Creative Filtered - Category Exclusions” * 8: indicates seller rejected bid because "Creative Filtered - Did Not Meet The K-anonymity Threshold" + * 9: indicates bid produced by `generateBid()` was rejected because it failed a currency check (e.g. the bid returned by `generateBid()` doesn't match + what's specified by `perBuyerCurrency`) + * 10: indicates bid passed through or altered by `scoreAd()` was rejected + because it failed a currency check (e.g. the bid returned or passed through + by `scoreAd()` in a component auction doesn't match the `sellerCurrency` of + its auction or the `perBuyerCurrency` required by the top-level auction) * Perhaps other values indicating: * generateBid() hitting timeout * The auction was aborted (i.e. calling endAdAuction()) diff --git a/Proposed_First_FLEDGE_OT_Details.md b/Proposed_First_FLEDGE_OT_Details.md index 1b584ff3d..b0590a7c7 100644 --- a/Proposed_First_FLEDGE_OT_Details.md +++ b/Proposed_First_FLEDGE_OT_Details.md @@ -61,10 +61,14 @@ As the FLEDGE explainer talks about, the FOT#1 will include event-level reportin The FOT#1 will include event-level reporting for both winning and losing bids. Implementations of the `generateBid()` and `scoreAd()` worklets, provided by the buyers and sellers respectively in the auction, may call a `forDebuggingOnly.reportAdAuctionLoss()` API which takes a single string argument representing a URL. The text placeholders below will be replaced with the corresponding value from the auction when found in the reporting URL's query parameters (note that due to http://crbug.com/1338233, prior to Chrome version 107.0.5286.0, the replacements only took place in the path of the URL) * “${winningBid}” - The value of the winning bid. In component auctions, this value comes from the component auction and not the top-level auction. +* “${winningBidCurrency}” - If the auction has a `sellerCurrency` configured, this will be its currency tag; otherwise it is `'???'` to denote that it's in bidder's original currency. * “${madeWinningBid}” - A boolean value representing whether the owner of this interest group made the winning bid, either via this interest group, or another interest group with the same owner. In component auctions, this value comes from the component auction and not the top-level auction. * “${highestScoringOtherBid}” - The value of the bid that was scored as second highest by the seller’s scoreAd script. Note that this may not be the second highest bid value, since scores and bids may be independent. In component auctions, this value comes from the component auction and not the top-level auction. +* “${highestScoringOtherBidCurrency}” - The currency `highestScoringOtherBid` is in. If the auction has a `sellerCurrency` configured, this will be its currency tag; otherwise it is `'???'` to denote that it's in bidder's original currency. * “${madeHighestScoringOtherBid}” - A boolean value representing whether the owner of this interest group made the ${highestScoringOtherBid} bid, either via this interest group, or another interest group with the same owner. In component auctions, this value comes from the component auction and not the top-level auction. * “${topLevelWinningBid}” - The value of the bid that won the top-level auction. This value is only reported in component auctions. +* “${topLevelWinningBidCurrency}” - The currency `topLevelWinningBid` is in. +If the top-level auction has a `sellerCurrency` configured, this will be its currency tag; otherwise it is `'???'` to denote that it's in whatever currency the component auction made the bid in. * “${topLevelMadeWinningBid}” - A boolean value representing whether the owner of this interest group made the bid that won the top-level auction, either via this interest group, or another interest group with the same owner. This value is only reported in component auctions. If the bid being generated or scored loses the auction, the URL will be fetched. These worklets may also call a `forDebuggingOnly.reportAdAuctionWin()` API which operates similarly to `forDebuggingOnly.reportAdAuctionLoss()` API but only fetches the URL after a winning bid or score. From 1edc35e02370f231157281daa6a3fd6ccf583501 Mon Sep 17 00:00:00 2001 From: qingxinwu <6334674+qingxinwu@users.noreply.github.com> Date: Mon, 6 Nov 2023 10:19:00 -0500 Subject: [PATCH 09/58] Spec: Fix some errors, such as use of [=this=] in parallel. (#875) --- spec.bs | 151 +++++++++++++++++++++++++++----------------------------- 1 file changed, 74 insertions(+), 77 deletions(-) diff --git a/spec.bs b/spec.bs index f8e739e90..0be88c227 100644 --- a/spec.bs +++ b/spec.bs @@ -218,9 +218,9 @@ This is detectable because it can change the set of fields that are read from th {{TypeError}} is eventually thrown, but it will never change whether the call succeeds or fails. </div> -1. If [=this=]'s [=relevant global object=]'s [=associated Document=] is not [=allowed to use=] the - "[=join-ad-interest-group=]" [=policy-controlled feature=], then [=exception/throw=] a - "{{NotAllowedError}}" {{DOMException}}. +1. Let |global| be [=this=]'s [=relevant global object=]. +1. If |global|'s [=associated Document=] is not [=allowed to use=] the "[=join-ad-interest-group=]" + [=policy-controlled feature=], then [=exception/throw=] a "{{NotAllowedError}}" {{DOMException}}. 1. Let |frameOrigin| be [=this=]'s [=relevant settings object=]'s [=environment settings object/origin=]. 1. [=Assert=] that |frameOrigin| is not an [=opaque origin=] and its [=origin/scheme=] is "`https`". 1. Let |interestGroup| be a new [=interest group=]. @@ -345,9 +345,11 @@ This is detectable because it can change the set of fields that are read from th 1. [=parallel queue/enqueue steps|Enqueue the following steps=] to |queue|: 1. Let |permission| be the result of [=checking interest group permissions=] with |interestGroup|'s [=interest group/owner=], |frameOrigin|, and "`join`". - 1. If |permission| is false, then [=queue a task=] to [=reject=] |p| with a - "{{NotAllowedError}}" {{DOMException}} and abort these steps. - 1. [=Queue a task=] to [=resolve=] |p| with `undefined`. + 1. If |permission| is false, then [=queue a global task=] on [=DOM manipulation task source=], + given |global|, to [=reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and abort these + steps. + 1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=] |p| + with `undefined`. 1. If the browser is currently storing an interest group with `owner` and `name` that matches |interestGroup|, then set the [=interest group/bid counts=], [=interest group/join counts=], and [=interest group/previous wins=] of @@ -589,24 +591,25 @@ dictionary AuctionAdInterestGroupKey { The <dfn for=Navigator method>leaveAdInterestGroup(group)</dfn> method steps are: -1. Let |frameOrigin| be [=this=]'s [=relevant settings object=]'s - [=environment settings object/origin=]. +1. Let |global| be [=this=]'s [=relevant global object=]. +1. Let |frameOrigin| be |global|'s [=environment settings object/origin=]. 1. [=Assert=] that |frameOrigin| is not an [=opaque origin=] and its [=origin/scheme=] is "`https`". 1. Let |p| be [=a new promise=]. 1. If |group| [=map/is empty=]: - 1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s + 1. Let |instance| be |global|'s [=Window/browsing context=]'s [=browsing context/fenced frame config instance=]. 1. If |instance| is null, [=exception/throw=] a {{TypeError}}. 1. Let |interestGroup| be |instance|'s [=fenced frame config instance/interest group descriptor=]. 1. Run these steps [=in parallel=]: - 1. [=Queue a task=] to [=resolve=] |p| with `undefined`. + 1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=] + |p| with `undefined`. 1. If |interestGroup| is not null: 1. Let |owner| be |interestGroup|'s [=interest group descriptor/owner=]. 1. If |owner| is [=same origin=] with |frameOrigin|, then [=list/remove=] [=interest groups=] from the [=user agent=]'s [=interest group set=] whose [=interest group/owner=] is |owner| and [=interest group/name=] is |interestGroup|'s [=interest group descriptor/name=]. 1. Otherwise: - 1. If [=this=]'s [=relevant global object=]'s [=associated Document=] is not [=allowed to use=] the + 1. If |global|'s [=associated Document=] is not [=allowed to use=] the "[=join-ad-interest-group=]" [=policy-controlled feature=], then [=exception/throw=] a "{{NotAllowedError}}" {{DOMException}}. @@ -617,9 +620,11 @@ The <dfn for=Navigator method>leaveAdInterestGroup(group)</dfn> method steps are 1. Run these steps [=in parallel=]: 1. Let |permission| be the result of [=checking interest group permissions=] with |owner|, |frameOrigin|, and "`leave`". - 1. If |permission| is false, then [=queue a task=] to [=reject=] |p| with a - "{{NotAllowedError}}" {{DOMException}} and abort these steps. - 1. [=Queue a task=] to [=resolve=] |p| with `undefined`. + 1. If |permission| is false, then [=queue a global task=] on [=DOM manipulation task source=], + given |global|, to [=reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and abort + these steps. + 1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=] + |p| with `undefined`. 1. [=list/Remove=] [=interest groups=] from the [=user agent=]'s [=interest group set=] whose [=interest group/owner=] is |owner| and [=interest group/name=] is |group|["{{AuctionAdInterestGroupKey/name}}"]. @@ -756,12 +761,12 @@ The <dfn for=Navigator method>runAdAuction(|config|)</dfn> method steps are: 1. Let |queue| be the result of [=starting a new parallel queue=]. 1. [=parallel queue/enqueue steps|Enqueue the following steps=] to |queue|: 1. Let |winnerInfo| be the result of running [=generate and score bids=] with |auctionConfig|, - null, |global|, |settings|, and |bidIgs|. + null, |global|, |settings|'s [=environment/top-level origin=], and |bidIgs|. 1. If |winnerInfo| is failure, then [=queue a global task=] on [=DOM manipulation task source=], given |global|, to [=reject=] |p| with a "{{TypeError}}". - 1. If |winnerInfo| is null or |winnerInfo|'s [=leading bid info/leading bid=] is null: - 1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to resolve |p| - with null. + 1. If |winnerInfo| is null or |winnerInfo|'s [=leading bid info/leading bid=] is null, then + [=queue a global task=] on [=DOM manipulation task source=], given |global|, to resolve |p| with + null. 1. Otherwise: 1. Let |winner| be |winnerInfo|'s [=leading bid info/leading bid=]. 1. Let |fencedFrameConfig| be the result of [=filling in a pending fenced frame config=] with @@ -1128,8 +1133,7 @@ To <dfn>validate and convert auction ad config</dfn> given an {{AuctionAdConfig} returned from an associated [=request=], whose [=request/initiator type=] is `"fetch"` and the {{RequestInit/adAuctionHeaders}} option set to `true`, resolves or rejects. Otherwise, there will be a race condition that the worklet can run without the direct from seller signals that - it needs. See [handling direct from seller signals](#handling-direct-from-seller-signals) for - details. + it needs. See [[#handling-direct-from-seller-signals]] for details. * To parse the value |result|: 1. Set |auctionConfig|'s [=auction config/direct from seller signals header ad slot=] to @@ -1393,8 +1397,8 @@ and a [=moment=] |auctionStartTime|: <div algorithm="generate and score bids"> To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig|, an -[=auction config=]-or-null |topLevelAuctionConfig|, a [=global object=] |global|, an -[=environment settings object=] |settings|, and a [=list=] of [=interest groups=] |bidIgs|: +[=auction config=]-or-null |topLevelAuctionConfig|, a [=global object=] |global|, an [=origin=] +|topLevelOrigin|, and a [=list=] of [=interest groups=] |bidIgs|: 1. [=Assert=] that these steps are running [=in parallel=]. 1. Let |auctionStartTime| be the [=current wall time=]. 1. Let |decisionLogicScript| be the result of [=fetching script=] with |auctionConfig|'s @@ -1415,7 +1419,7 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. [=list/For each=] |component| in |auctionConfig|'s [=auction config/component auctions=], [=parallel queue/enqueue steps|enqueue the following steps=] to |queue|: 1. Let |compWinner| be the result of running [=generate and score bids=] with |component|, - |auctionConfig|, |global|, and |settings|. + |auctionConfig|, |global|, and |topLevelOrigin|. 1. If |compWinner| is failure, return failure. 1. If [=recursively wait until configuration input promises resolve=] given |auctionConfig| returns failure, return failure. @@ -1429,7 +1433,7 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. Set |topLevelDirectFromSellerSignalsRetrieved| to true. 1. If |compWinner| is not null, then run [=score and rank a bid=] with |auctionConfig|, |compWinner|, |leadingBidInfo|, |decisionLogicScript|, null, "top-level-auction", null, and - |settings|'s [=environment/top-level origin=]. + |topLevelOrigin|. 1. Decrement |pendingComponentAuctions| by 1. 1. Wait until |pendingComponentAuctions| is 0. 1. If |leadingBidInfo|'s [=leading bid info/leading bid=] is null, return null. @@ -1438,8 +1442,8 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. Set |leadingBidInfo|'s [=leading bid info/component seller=] to |winningComponentConfig|'s [=auction config/seller=]. 1. Let « |topLevelSellerSignals|, unusedTopLevelReportResultBrowserSignals » be the result of - running [=report result=] with |leadingBidInfo|, |topLevelDirectFromSellerSignalsForSeller| and - |winningComponentConfig|. + running [=report result=] with |leadingBidInfo|, |topLevelDirectFromSellerSignalsForSeller|, + |winningComponentConfig|, and |global|. 1. Set |leadingBidInfo|'s [=leading bid info/auction config=] to |winningComponentConfig|. 1. Set |leadingBidInfo|'s [=leading bid info/component seller=] to null. 1. Set |leadingBidInfo|'s [=leading bid info/top level seller=] to |auctionConfig|'s @@ -1456,12 +1460,13 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig |leadingBidInfo|'s [=leading bid info/leading bid=]'s [=generated bid/interest group=]'s [=interest group/owner=]. 1. Let « |sellerSignals|, |reportResultBrowserSignals| » be the result of running - [=report result=] with |leadingBidInfo|, |directFromSellerSignalsForSeller|, and null. + [=report result=] with |leadingBidInfo|, |directFromSellerSignalsForSeller|, null, and |global|. 1. Run [=report win=] with |leadingBidInfo|, |sellerSignals|, |reportResultBrowserSignals|, and |directFromSellerSignalsForBuyer|. 1. Return |leadingBidInfo|'s [=leading bid info/leading bid=]. -1. If [=waiting until configuration input promises resolve=] given |auctionConfig| returns failure, return failure. +1. If [=waiting until configuration input promises resolve=] given |auctionConfig| returns failure, + then return failure. 1. Let |allBuyersExperimentGroupId| be |auctionConfig|'s [=auction config/all buyer experiment group id=]. 1. Let |allBuyersGroupLimit| be |auctionConfig|'s [=auction config/all buyers group limit=]. @@ -1472,8 +1477,8 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. Let |directFromSellerSignalsForSeller| be the result of running [=get direct from seller signals for a seller=] given |directFromSellerSignals|. 1. Let |browserSignals| be a {{BiddingBrowserSignals}}. -1. Let |topLevelHost| be the result of running the <a spec=url>host serializer</a> on [=this=]'s - [=relevant settings object=]'s [=environment/top-level origin=]'s [=origin/host=]. +1. Let |topLevelHost| be the result of running the <a spec=url>host serializer</a> on + |topLevelOrigin|'s [=origin/host=]. 1. [=map/Set=] |browserSignals|["{{BiddingBrowserSignals/topWindowHostname}}"] to |topLevelHost|. 1. [=map/Set=] |browserSignals|["{{BiddingBrowserSignals/seller}}"] to the [=serialization of an origin|serialization=] of |auctionConfig|'s [=auction config/seller=]. @@ -1493,7 +1498,7 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. [=list/For each=] |additionalBid| of |additionalBids|, run the following steps [=in parallel=]: 1. [=Score and rank a bid=] with |auctionConfig|, |additionalBid|, |leadingBidInfo|, |decisionLogicScript|, null, |auctionLevel|, |componentAuctionExpectedCurrency|, and - |settings|'s [=environment/top-level origin=]. + |topLevelOrigin|. 1. Decrement |pendingAdditionalBids| by 1. 1. [=map/For each=] |buyer| → |perBuyerGenerator| of |bidGenerators|, [=parallel queue/enqueue steps|enqueue the following steps=] to |queue|: @@ -1543,7 +1548,7 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. [=set/Append=] |ig|'s [=interest group/trusted bidding signals keys=] to |keys|. 1. [=set/Append=] |ig|'s [=interest group/name=] to |igNames|. 1. Let |biddingSignalsUrl| be the result of [=building trusted bidding signals url=] with - |signalsUrl|, |keys|, |igNames|, |buyerExperimentGroupId|. + |signalsUrl|, |keys|, |igNames|, |buyerExperimentGroupId|, and |topLevelOrigin|. 1. Let « |allTrustedBiddingSignals|, |dataVersion| » be the result of [=fetching trusted signals=] with |biddingSignalsUrl| and true. 1. If |dataVersion| is not null, then [=map/set=] @@ -1612,13 +1617,13 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. [=list/Insert=] |generatedBid|'s [=generated bid/interest group=] in |bidIgs|. 1. [=Score and rank a bid=] with |auctionConfig|, |generatedBid|, |leadingBidInfo|, |decisionLogicScript|, |directFromSellerSignalsForSeller|, |dataVersion|, |auctionLevel|, - |componentAuctionExpectedCurrency|, and |settings|'s [=environment/top-level origin=]. + |componentAuctionExpectedCurrency|, and |topLevelOrigin|. 1. Decrement |pendingBuyers| by 1. 1. Wait until both |pendingBuyers| and |pendingAdditionalBids| are 0. 1. If |leadingBidInfo|'s [=leading bid info/leading bid=] is null, return null. 1. If |topLevelAuctionConfig| is null: 1. Let « |sellerSignals|, |reportResultBrowserSignals| » be the result of running - [=report result=] with |leadingBidInfo|, |directFromSellerSignalsForSeller|, and null. + [=report result=] with |leadingBidInfo|, |directFromSellerSignalsForSeller|, null, and |global|. 1. Let |directFromSellerSignalsForWinner| be the result of running [=get direct from seller signals for a buyer=] with |directFromSellerSignals|, and |leadingBidInfo|'s [=leading bid info/leading bid=]'s [=generated bid/interest group=]'s @@ -1695,7 +1700,7 @@ To <dfn>score and rank a bid</dfn> given an [=auction config=] |auctionConfig|, {{DirectFromSellerSignalsForSeller}} |directFromSellerSignalsForSeller|, an {{unsigned long}}-or-null |biddingDataVersion|, an enum |auctionLevel|, which is "single-level-auction", "top-level-auction", or "component-auction", a [=currency tag=] |componentAuctionExpectedCurrency|, and an [=origin=] -|topWindowOrigin|: +|topLevelOrigin|: 1. Let |renderURL| be [=URL serializer|serialized=] |generatedBid|'s [=generated bid/ad descriptor=]'s [=ad descriptor/url=]. @@ -1707,7 +1712,7 @@ or "component-auction", a [=currency tag=] |componentAuctionExpectedCurrency|, a to |adComponentRenderURLs|. 1. Let |fullSignalsUrl| be the result of [=building trusted scoring signals url=] with |auctionConfig|'s [=auction config/trusted scoring signals url=], «|renderURL|», |adComponentRenderURLs|, - |auctionConfig|'s [=auction config/seller experiment group id=], and |topWindowOrigin|. + |auctionConfig|'s [=auction config/seller experiment group id=], and |topLevelOrigin|. Implementations may batch requests by collecting render URLs and ad component render URLs from multiple invocations of [=score and rank a bid=] and passing them all to a single invocation @@ -1738,7 +1743,7 @@ or "component-auction", a [=currency tag=] |componentAuctionExpectedCurrency|, a 1. Let |browserSignals| be a {{ScoringBrowserSignals}} with the following fields: <dl> <dt>{{ScoringBrowserSignals/topWindowHostname}} - <dd>The result of running the <a spec=url>host serializer</a> on |topWindowOrigin|'s [=origin/host=] + <dd>The result of running the <a spec=url>host serializer</a> on |topLevelOrigin|'s [=origin/host=] <dt>{{ScoringBrowserSignals/interestGroupOwner}} <dd>[=serialization of an origin|Serialized=] |owner| <dt>{{ScoringBrowserSignals/renderURL}} @@ -2024,12 +2029,11 @@ To <dfn>encode trusted signals keys</dfn> given an [=ordered set=] of [=strings= <div algorithm> To <dfn>build trusted bidding signals url</dfn> given a [=URL=] |signalsUrl|, an [=ordered set=] of -[=strings=] |keys|, an [=ordered set=] of [=strings=] |igNames|, and an {{unsigned short}}-or-null -|experimentGroupId|: +[=strings=] |keys|, an [=ordered set=] of [=strings=] |igNames|, an {{unsigned short}}-or-null +|experimentGroupId|, and an [=origin=] |topLevelOrigin|: 1. Let |queryParamsList| be a new empty [=list=]. 1. [=list/Append=] "hostname=" to |queryParamsList|. -1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] [=this=]'s - [=relevant settings object=]'s [=environment/top-level origin=] using +1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] |topLevelOrigin| using [=component percent-encode set=] to |queryParamsList|. 1. If |keys| is not [=set/is empty|empty=]: 1. [=list/Append=] "&keys=" to |queryParamsList|. @@ -2052,13 +2056,13 @@ To <dfn>build trusted bidding signals url</dfn> given a [=URL=] |signalsUrl|, an To <dfn>build trusted scoring signals url</dfn> given a [=URL=] |signalsUrl|, a [=list=] of [=strings=] |renderURLs|, an [=ordered set=] of [=strings=] |adComponentRenderURLs|, an -{{unsigned short}} |experimentGroupId|, and an [=origin=] |topWindowOrigin|: +{{unsigned short}} |experimentGroupId|, and an [=origin=] |topLevelOrigin|: Note: When trusted scoring signals fetches are not batched, |renderURLs|'s [=list/size=] is 1. 1. Let |queryParamsList| be a new empty [=list=]. 1. [=list/Append=] "hostname=" to |queryParamsList|. -1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] |topWindowOrigin| using +1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] |topLevelOrigin| using [=component percent-encode set=] to |queryParamsList|. 1. If |renderURLs| is not [=set/is empty|empty=]: 1. [=list/Append=] "&renderURLs=" to |queryParamsList|. @@ -2175,8 +2179,8 @@ To <dfn>get direct from seller signals for a buyer</dfn> given a <div algorithm> To <dfn>report result</dfn> given a [=leading bid info=] |leadingBidInfo|, a -[=direct from seller signals=]-or-null |directFromSellerSignals|, and an [=auction config=]-or-null -|winningComponentConfig|: +[=direct from seller signals=]-or-null |directFromSellerSignals|, an [=auction config=]-or-null +|winningComponentConfig|, and a [=global object=] |global|: 1. Let |config| be |leadingBidInfo|'s [=leading bid info/auction config=]. 1. Let |bidCurrency| be null. 1. If |winningComponentConfig| is not null: @@ -2206,8 +2210,8 @@ To <dfn>report result</dfn> given a [=leading bid info=] |leadingBidInfo|, a 1. Let |browserSignals| be a {{ReportResultBrowserSignals}} with the following fields: <dl link-for-hint="ReportingBrowserSignals"> <dt>{{topWindowHostname}} - <dd>The result of running the <a spec=url>host serializer</a> on [=this=]'s - [=relevant settings object=]'s [=environment/top-level origin=]'s [=origin/host=]. + <dd>The result of running the <a spec=url>host serializer</a> on |global|'s + [=environment/top-level origin=]'s [=origin/host=]. <dt>{{interestGroupOwner}} <dd>[=serialization of an origin|Serialized=] |winner|'s [=generated bid/interest group=]'s [=interest group/owner=]. @@ -2373,9 +2377,8 @@ The <dfn for=Navigator method>createAuctionNonce()</dfn> method steps are: * ...which gives browsers the freedom to generate this UUID in another process, and asynchronously send it back to the main thread at an arbitrary future time. </div> - 1. Let |global| be [=this=]'s [=relevant global object=]. - 1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=] - |p| with |nonce|. + 1. [=Queue a global task=] on [=DOM manipulation task source=], given [=this=]'s + [=relevant global object=], to [=resolve=] |p| with |nonce|. 1. Return |p|. </div> @@ -3351,33 +3354,28 @@ To <dfn>convert GenerateBidOutput to generated bid</dfn> given a {{GenerateBidOu The <dfn method for="InterestGroupBiddingScriptRunnerGlobalScope">setBid(|generateBidOutput|)</dfn> method steps are: - 1. Set [=this=]'s [=relevant global object=]'s [=InterestGroupBiddingScriptRunnerGlobalScope/bid=] - to null. - 1. Let |ig| be [=this=]'s [=relevant global object=]'s - [=InterestGroupBiddingScriptRunnerGlobalScope/interest group=]. - 1. Let |expectedCurrency| be [=this=]'s [=relevant global object=]'s + 1. Let |global| be [=this=]'s [=relevant global object=]. + 1. Set |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/bid=] to null. + 1. Let |ig| be |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/interest group=]. + 1. Let |expectedCurrency| be |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/expected currency=]. 1. Let |bidToSet| be the result of [=converting GenerateBidOutput to generated bid=] with - |generateBidOutput|, |ig|, |expectedCurrency|, [=this=]'s [=relevant global object=]'s - [=InterestGroupBiddingScriptRunnerGlobalScope/is component auction=], and [=this=]'s - [=relevant global object=]'s + |generateBidOutput|, |ig|, |expectedCurrency|, |global|'s + [=InterestGroupBiddingScriptRunnerGlobalScope/is component auction=], and |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/group has ad components=]. 1. If |bidToSet| is failure, [=exception/throw=] a {{TypeError}}. - 1. Set [=this=]'s [=relevant global object=]'s [=InterestGroupBiddingScriptRunnerGlobalScope/bid=] - to |bidToSet|. + 1. Set |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/bid=] to |bidToSet|. </div> <div algorithm> The <dfn method for="InterestGroupBiddingScriptRunnerGlobalScope">setPriority(|priority|)</dfn> method steps are: - 1. If [=this=]'s [=relevant global object=]'s - [=InterestGroupBiddingScriptRunnerGlobalScope/priority=] is not null: - 1. Set [=this=]'s [=relevant global object=]'s - [=InterestGroupBiddingScriptRunnerGlobalScope/priority=] to failure. - 1. [=exception/Throw=] a {{TypeError}}. - 1. Set [=this=]'s [=relevant global object=]'s - [=InterestGroupBiddingScriptRunnerGlobalScope/priority=] to |priority|. + 1. Let |global| be [=this=]'s [=relevant global object=]. + 1. If |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/priority=] is not null, then set + |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/priority=] to failure, and + [=exception/throw=] a {{TypeError}}. + 1. Set |global|'s [=InterestGroupBiddingScriptRunnerGlobalScope/priority=] to |priority|. </div> <div algorithm> @@ -3435,21 +3433,20 @@ Each {{InterestGroupReportingScriptRunnerGlobalScope}} has a The <dfn method for="InterestGroupReportingScriptRunnerGlobalScope">sendReportTo(|url|)</dfn> method steps are: - 1. If [=this=]'s [=relevant global object=]'s - [=InterestGroupReportingScriptRunnerGlobalScope/report url=] is not null, then Set [=this=]'s - [=relevant global object=]'s [=InterestGroupReportingScriptRunnerGlobalScope/report url=] to - failure, and [=exception/Throw=] a {{TypeError}}. + 1. Let |global| be [=this=]'s [=relevant global object=]. + 1. If |global|'s [=InterestGroupReportingScriptRunnerGlobalScope/report url=] is not null, then + set |global|'s [=InterestGroupReportingScriptRunnerGlobalScope/report url=] to failure, and + [=exception/Throw=] a {{TypeError}}. 1. Let |parsedUrl| be the result of running the [=URL parser=] on |url|. - 1. If |parsedUrl| is failure, or |parsedUrl|'s [=url/scheme=] is not "`https`", set [=this=]'s - [=relevant global object=]'s [=InterestGroupReportingScriptRunnerGlobalScope/report url=] to - failure, and [=exception/Throw=] a {{TypeError}}. + 1. If |parsedUrl| is failure, or |parsedUrl|'s [=url/scheme=] is not "`https`", set |global|'s + [=InterestGroupReportingScriptRunnerGlobalScope/report url=] to failure, and [=exception/throw=] + a {{TypeError}}. 1. Optionally, return. Note: This [=implementation-defined=] condition is intended to allow [=user agents=] to decline for a number of reasons, for example the |parsedUrl|'s [=site=] not being <a href="https://github.com/privacysandbox/attestation">enrolled</a>. - 1. Set [=this=]'s [=relevant global object=]'s - [=InterestGroupReportingScriptRunnerGlobalScope/report url=] to |parsedUrl|. + 1. Set |global|'s [=InterestGroupReportingScriptRunnerGlobalScope/report url=] to |parsedUrl|. </div> <div algorithm> @@ -4201,7 +4198,7 @@ An interest group is a [=struct=] with the following [=struct/items=]: :: A [=list=] of [=previous wins=]. : <dfn>next update after</dfn> :: A [=moment=] at which the browser will permit updating this interest group. See - [interest group updates](#interest-group-updates). + [[#interest-group-updates]]. </dl> From 3dd120eee6196b689729f40f2cf588764d16e2ab Mon Sep 17 00:00:00 2001 From: qingxinwu <6334674+qingxinwu@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:49:38 -0500 Subject: [PATCH 10/58] Pass macro map to fenced frame reporting. (#865) --- spec.bs | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/spec.bs b/spec.bs index 0be88c227..a27bcf81b 100644 --- a/spec.bs +++ b/spec.bs @@ -890,25 +890,22 @@ To <dfn>fill in a pending fenced frame config</dfn> given a [=fenced frame confi : name :: |winningBid|'s [=generated bid/interest group=]'s [=interest group/name=] +1. Let |fencedFrameReportingMap| be the [=map=] «[ "`buyer`" → «», "`seller`" → «» ]». +1. If |auctionConfig|'s [=auction config/component auctions=] is [=list/empty=], then [=map/set=] + |fencedFrameReportingMap|["`component-seller`"] to an empty [=list=] «». 1. Set |pendingConfig|'s [=fenced frame config/fenced frame reporting metadata=] to a [=struct=] with the following [=struct/items=]: : [=fenced frame reporting metadata/value=] - :: If |auctionConfig|'s [=auction config/component auctions=] is [=list/empty=] (i.e., if - there was no component auction), then a [=struct=] with the following [=struct/items=]: + :: A [=struct=] with the following [=struct/items=]: : [=fenced frame reporting metadata/fenced frame reporting map=] - :: a [=map=] «[ "<code>buyer</code>" → «», "<code>seller</code>" → «»]» + :: |fencedFrameReportingMap| : [=fenced frame reporting metadata/direct seller is seller=] - :: true + :: true if |auctionConfig|'s [=auction config/component auctions=] is [=list/empty=], false + otherwise - Otherwise (i.e., if there was a component auction), a [=struct=] with the following - [=struct/items=]: - : [=fenced frame reporting metadata/fenced frame reporting map=] - :: a [=map=] «[ "<code>buyer</code>" → «», "<code>seller</code>" → «», - "<code>component-seller</code>" → «»]» - - : [=fenced frame reporting metadata/direct seller is seller=] - :: false + : [=fenced frame reporting metadata/allowed reporting origins=] + :: |winningBid|'s [=generated bid/bid ad=]'s [=interest group ad/allowed reporting origins=] : [=fenced frame reporting metadata/visibility=] :: "<a for=visibility>`opaque`</a>" @@ -945,15 +942,10 @@ To <dfn>asynchronously finish reporting</dfn> given a 1. Let |buyerMap| be |leadingBidInfo|'s [=leading bid info/buyer reporting result=]'s [=reporting result/reporting beacon map=]. 1. If |buyerMap| is null, set |buyerMap| to an empty [=map=] «[]». - 1. Let |allowedReportingOrigins| be |leadingBidInfo|'s [=leading bid info/leading bid=]'s - [=generated bid/bid ad=]'s [=interest group ad/allowed reporting origins=]. 1. Let |macroMap| be |leadingBidInfo|'s [=leading bid info/buyer reporting result=]'s [=reporting result/reporting macro map=]. - 1. TODO: Pass |macroMap| and |allowedReportingOrigins| to [=Finalize a reporting destination=] - when it is updated to take the parameters. May need to convert |macroMap| to a list, based - on what that function expects. 1. [=Finalize a reporting destination=] with |reportingMap|, - {{FenceReportingDestination/buyer}}, and |buyerMap|. + {{FenceReportingDestination/buyer}}, |buyerMap|, and |macroMap|. 1. [=Send report=] to |leadingBidInfo|'s [=leading bid info/buyer reporting result=]'s [=reporting result/report url=]. 1. Set |buyerDone| to true. From 296693e36b71e706351c04a5429cf3932d0bd970 Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Tue, 7 Nov 2023 12:23:50 -0500 Subject: [PATCH 11/58] Create 2023-11-01-FLEDGE-call-minutes.md --- meetings/2023-11-01-FLEDGE-call-minutes.md | 217 +++++++++++++++++++++ 1 file changed, 217 insertions(+) create mode 100644 meetings/2023-11-01-FLEDGE-call-minutes.md diff --git a/meetings/2023-11-01-FLEDGE-call-minutes.md b/meetings/2023-11-01-FLEDGE-call-minutes.md new file mode 100644 index 000000000..027720c0f --- /dev/null +++ b/meetings/2023-11-01-FLEDGE-call-minutes.md @@ -0,0 +1,217 @@ +# Protected Audience (formerly FLEDGE) WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 4pm Paris time = 3pm UTC + +**NOTE THAT Europe clocks have changed but US clocks have not! So this week's meeting is at an usual hour for Europe folks!** + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Nov 1, 2023 + + +## Attendees: please sign yourself in! + + + +1. Michael Kleber (Google Privacy Sandbox) +2. Brian May (dstillery) +3. Sven May (Google Privacy Sandbox) +4. Paul Jensen (Google Privacy Sandbox) +5. Roni Gordon (Index Exchange) +6. Youssef Bourouphael (Google Privacy Sandbox) +7. Orr Bernstein (Google Privacy Sandbox) +8. Matt Menke (Google Chrome) +9. Laurentiu Badea (OpenX) +10. Harshad Mane ( PubMatic ) +11. David Dabbs (Epsilon) +12. Andrew Kwok (Criteo) +13. Antoine Niek (Optable) +14. Xavier Capaldi (Optable) +15. Alex Cone (Google Privacy Sandbox) +16. Caleb Raitto (Google Chrome) +17. Mahdi Sadjadi (Yieldmo) +18. Leeron Israel (Google Privacy Sandbox) +19. Alex Johnston (Yieldmo) +20. Andrew Pascoe (NextRoll) +21. Marco Lugo (NextRoll) +22. Sid Sahoo (Google Chrome) + + +## Note taker: Orr Bernstein + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + + +* Roni Gordon + * K/V lookup timeouts - https://github.com/WICG/turtledove/issues/814 + * Macro substitutions - https://github.com/WICG/turtledove/issues/817 + * API versioning - https://github.com/WICG/turtledove/issues/823 + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Isaac: + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussion and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 + + +# Notes + + + +### K/V lookup timeouts - https://github.com/WICG/turtledove/issues/814 + +* Roni Gordon + * Want to understand timeouts + * About how one defines timeouts in an auction config and what they’re governing. + * Where is the KV time considered? It happens in between the function calls but in the same worklet. Paul provided a clarification on the bug. + * Roni is trying to better understand how to configure it. Similar question for the seller KV time. No notion of “cumulative” because there aren’t multiple sellers in a component auction. + * Paul Jensen + * When we started thinking about different ways to do timeouts, we had limits on the number of interest groups and the amount of time each can take in generateBid and scoreAd. Also protects against a potential privacy leak. + * For performance, the more important thing is wall clock time - overall time, not just time for each one. We want to be less opinionated about how long each one takes. So that’s when we moved to the cumulative timeout. Also, the trusted signal call can take quite a while. So, that’s why, as we moved to cumulative, we included the total wall time an interest group takes. + * As for why there isn’t a trusted seller signals timeout, nobody has asked for it. There is a 30 second timeout, but hopefully nobody reaches that. How many times it gets invoked is sort of under the control of the buyers. If we get 10 bids, we could make one trusted seller signals call for all ten bids, or we could make ten requests, depending on how those requests come in. Also, the seller has an overall control for timeout - the abort signal they can pass in. + * Roni, what kind of timeout are you looking for? + * Roni + * KV needs to respond in a certain amount of time, and needs to reflect the potential timeouts. Nothing prevents a slow seller KV call from taking over the auction. + * Paul + * You can use the abort signal to control total time of the auction. The real question is, if we added a seller trusted signal timeout, would you use it? + * Michael Kleber + * Usual process is that the timeout is applied to other parties. Could be that the top-level seller could apply a timeout on the component sellers. + * Roni + * Michael + * There is not a timeout right now that covers the seller KV lookup. If all of these are maximally slow, the whole auction might take 30 seconds plus a little bit. [From chat: actually, could be a minute.] The top level seller would be highly incentivized to not work with component sellers that take so long. + * Roni + * So, incentivized to return the KV as quickly as possible to reduce the likelihood of timing out the auction. If the timeout is for the KV call, then the KV call times out and it’s like the bid isn’t there anymore. If the signal times out, the generateBid call could decide what to do in the absence of that signal. + * If I set just the cumulative timeout, do I still set the interest group timeout? + * Paul + * You probably do want to set both timeouts, but set them to the same value. Per-buyer timeout to the same as the cumulative one. + * Roni + * The spec sets a default value of per-buyer timeout, so not specifying it means you get that default. + * Michael + * Default value of 50 ms, maximum allowable value of 500 ms. + * Roni + * So, I have to specify both and hope their generateBid is fast. + * Is there any indication that this timeout has happened? That I’ve run out of time because I’m too slow? + * Paul + * Per-function timeout, there might be a way. But the cumulative one is trickier, because the bids before the timeout you get, but the bids after the timeout you don’t. + * We do have private aggregation for times - your trusted bidding signals and your generateBid times. Don’t know if we ever added a value to the enum to indicate that generateBid hit its timeout. + * At the beginning of generateBid - while you have forDebugOnly reporting - you can specify at the start of generateBid, you could specify that it reached the end of generateBid, and then to see if these numbers diverged. + * Matt Menke + * With cumulative timeouts, we kill the worklets, so it doesn’t even start generateBid for those. + * Brian May + * These things are implying that there are resource constraints on the browser, and that the browser is taking preemptive action if it hasn’t reached a point where it needs to do something to show an ad. Have to figure out if we’re in a situation where the same couple of interest groups are getting evaluated, and there’s starvation of interest groups lower down. Unlike in a server, where we have pretty tight control over what happens between the time we get a request and the time we show an ad. + * Paul + * Happy medium is that seller specifies a cumulative timeout. Buyer optimizes how they want to do trusted bidding signals, could spend more time there and less in on-device generateBid script or vice versa. + * Brian + * Context that a buyer has control over. No way for a buyer to get a sense of what the situation on a given browser is going to be, how to handle to the competition for resources across buyers. + * Michael + * The seller is the one who controls how these resources are shared using the cumulative timeouts. + * Brian + * But the buyer can’t optimize because they don’t have enough information to see, for this auction, what the situation is. + * Michael + * Buyers can prioritize interest groups; higher priority interest groups go first. If the seller can tell that the device is a slow device, and they want to allocate more time for the auction. + * Brian + * As a seller, I don’t have a good way to optimize calls, and if there are too many interest groups, how to prioritize them. + * Paul + * Buyer should prioritize the interest groups, how to prioritize. The seller should be worrying about who the buyers are, what the resources are, and what the latency acceptable to the publisher is. + * Michael + * Seller won’t know which buyers have an interest group on the device, so they can’t decide how to allocate resources among those buyers that will participate in the auction. Don’t want this to be in JavaScript because that would delay the start of the auction until after we’ve started a JavaScript environment, but can do this in a declarative way. + * Brian + * If there are too few resources on the browser, then if I have more things than I can do in the amount of time, then I might visit the same first 10 interest groups every time, and never see the following 30 interest groups. + * Michael + * Yes, buyers get to prioritize their interest groups. + * Brian + * Will run into a situation soon where interest groups will be starved as a result of this. + * Michael + * Yes, if some buyers are not going to be able to run at all because of cumulative timeouts, do sellers get to prioritize which buyers get to run or is there some randomness there? + * Brian + * On the server side, we give campaigns that tend to be paid attention to less an opportunity to squeeze themselves in by making space. + * Matt (via chat) + * Buyers are run in the order they’re specified in the auction config. We can't create an infinite number of isolated processes, each with its own JS thread. So there's a limit of buyers that we process at once. + * Michael + * If there’s insufficient resources on the browser, + * Roni + * Somewhat of an awkward position. We don’t play favorites with buyers. If I put somebody first, it’s not just that they’re first because I chose to alphabetize my list. I’ll need to randomize the order of buyers, which I didn’t know I need to do. + * David + * Request from the chat - Matt put some interesting comments - could he pull that together in a concise way, in the spec or howto doc. Reading the chat, it’s not too clear. + * Sid Sahoo + * Could Paul explain how the top level seller timeout works with component sellers today? + * David + * One seller timeout, which governs the scoreAd of component sellers. + * Paul + * Matt - does per-buyer cumulative timeout apply to component sellers? + * Matt + * Each auction is mostly run independently so that their fields don’t affect the other auctions. + * Sid + * How does the top-level seller timeout play with the component auctions? Can the top-level seller influence the component auctions? + * Paul + * The auction configs may be passing through the top level seller. So they could add an abort seller in each component seller config if they wanted. + * Roni - is there a feature request here besides improving our documentation? + * Roni + * Curious about how timeouts for component and top-level sellers. There’s a limit for the number of IGs; if a buyer hits that limit, how do they know? Do we know how these different clocks fight with each other? Right now, it seems fine but a bit vague. Haven’t seen any examples of this abort signal. I don’t know if the intent of top level sellers is to inject something that I can’t see. + * Brian + * What can a buyer understand about the environment in which their bid is happening? If we have many different sellers and different sellers are applying different constraints, hard to have any idea of how the different seller constraints are going to impact the buyers. In today’s world, a bunch of publishers go through an SSP, the SSP delivers bid requests to a bunch of DSPs. They have a relationship, know what to expect. In the Protected Audience world, a bunch of stuff happening on the device on the browser locally, much smaller context to figure out the rule. With timeouts as an example, how do I set my timeouts? With some sellers, the timeout might be long, with others the timeout might be short. + * Michael + * Are you saying that as a particular interest group, you want some more global sense about what opportunity the interest group has to bid with multiple different sellers? + * Brian + * Different from what I said. When I’m putting things together as a buyer, trying to anticipate the environment in which this thing is going to be sent. How as a buyer can I tell how my campaign is going to perform across 50 different sellers? If I’m the first one in a seller’s list, I’m going to have lots of resources; if I’m #50, I’ll have less. + * Michael + * That is a control that doesn’t exist right now; no timeout that applies to all buyers collectively. + * Paul + * The only people bidding are those that have interest groups, and that might not be everyone. With today’s world, there’s a lot of play between buyers because they all go every time. But in PA, there may be less resource competition because only some buyers will have IGs on that device. + * Brian + * Different devices may have more or fewer buyers with IGs; how do they optimize with the uncertainty of this? + * Michael + * Browser signals is an opportunity to tell buyers about these kinds of things. + * David + * In the chat, Matt said that buyers are serviced in the order that they’re specified in the component seller’s auction config. Is this true for the order of component sellers in the top-level auction? + * Matt + * There is an ordering, but today there’s no global timeout. + * Michael + * If the limit is reached, it aborts the entire auction. Taking too long does not mean that some people get to go and others do not get to go, which is how it works today. + * The only constraint is that we won’t wait for a network request more than 30 seconds. If your KV server request takes longer than that, we’ll drop it on the floor and the call to generateBid will get no information back. + * Laurentiu Badea + * Time elapsed means if the page runs multiple auctions (many ad slots) the chance to complete drops proportionally. + * Matt + * We use processes for bidders and sellers, shared by all auctions running simultaneously. So, auctions can have an effect on each other. Cumulative timeout is shared. Running scripts at once in the same auction or different auctions will share the same process. + * Paul + * A lot of this is limited by how many processes we have and how many processes we share. In the last 15 years, a rise in the number of cores. In many ways, consumer devices have been limited by the single threaded nature of programs. We’re doing a better job of using all the cores in Protected Audiences. Doing more work might actually not mean more wall time. + +### Notes from chat (some captured above): + +David Dabbs: Matt is that documented somewhere in the explainer, or does one have to inspect the chromium source? Or spec? + +Matt Menke: With cumulative timeout, we don't even run generateBid, (And we don't cancel any currently running call). With cumulative timeouts, we don't hit the beginning of generate bid. + +Laurentiu Badea: https://github.com/WICG/turtledove/blob/main/FLEDGE.md#35-filtering-and-prioritizing-interest-groups + +Matt Menke: Buyers are run in the order they're specified. In the auctionConfig interestGroupBuyers array + +Roni Gordon: isn't that done in parallel? + +Matt Menke: We can't create an infinite number of isolated processes, each with its own JS thread. So there's a limit of buyers that we process at once. (On desktop - on Android, they all run in the same process, sharing a single JS thread) + +Matt Menke: My suggestion (as someone who admittedly has no clue) is just to randomize buyer order. Note that there's no inter-buyer timeout currently. So I'm not sure how important order actually is between buyers + +Harshad Mane: But Seller does not know how many IGs each buyer has so prioritizing buyers in random order may not be optimal + +Matt Menke: I'm not sure order actually matters - we do run them in the order provided, but there's no global timeout, only per-buyer timeouts. So unclear if running first is actually an advantage (or disadvantage) + +Laurentiu Badea: time elapsed means if the page runs multiple auctions (many ad slots) the chance to complete drops proportinally + +Roni Gordon: why would the time against those configured timeouts be impacted by other any runAdAuction calls? + +Marco Lugo: I did observe that with 1k IGs doing heavy computation everything broke down but that was last year before several improvements come in. Maybe an edge case but it relates to what was said. From 22e7c5b609def5fc1fbdbaf380463d32a99e0f40 Mon Sep 17 00:00:00 2001 From: Liam Brady <blu2.5@me.com> Date: Wed, 8 Nov 2023 12:12:45 -0500 Subject: [PATCH 12/58] Update automatic beacon explainer for new sending behavior (#808) * update automatic beacon explainer * update section on component ads * update to include changes from security review * fix formatting * update to include changes from code review * address review comments * fix typo --- Fenced_Frames_Ads_Reporting.md | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/Fenced_Frames_Ads_Reporting.md b/Fenced_Frames_Ads_Reporting.md index e0182433e..4f233241e 100644 --- a/Fenced_Frames_Ads_Reporting.md +++ b/Fenced_Frames_Ads_Reporting.md @@ -15,7 +15,7 @@ From a privacy perspective, it is also important to note that the additional inf # Design -The following summarizes the sequence of events for the buyer and seller. Distinguishing these flows here, since in principle, one should be able to report without the help of the other. +The following summarizes the sequence of events for the buyer and seller. Distinguishing these flows here, since in principle, one should be able to report without the help of the other but with an opt-in from the ad's origin for maintaining web's security principles for origins. ![high level diagram](assets/fenced_frames_reporting.png) @@ -190,8 +190,7 @@ As mentioned in the explainer above, `reportEvent` beacons are POST requests and ### API to populate event data for reserved.top_navigation -Since the `reserved.top_navigation` beacons are automatically generated by the browser, there needs to be some way for those beacons to be associated with a destination and include event data, as it happens in `reportEvent` generated beacons. To achieve this, a new `setReportEventDataForAutomaticBeacons` API can be invoked from within the fenced frame: - +Since the `reserved.top_navigation` beacons are automatically generated by the browser, there needs to be some way for those beacons to include event data, as it happens in `reportEvent` generated beacons. Because this is information about a frame that can be sent to a cross-origin destination, there also needs to be a way for the frame to opt in/opt out of having this information sent. To achieve this, a new `setReportEventDataForAutomaticBeacons` API can be invoked from within the fenced frame: ``` window.fence.setReportEventDataForAutomaticBeacons({ @@ -201,16 +200,15 @@ window.fence.setReportEventDataForAutomaticBeacons({ }); ``` +If `setReportEventDataForAutomaticBeacons` is invoked, the browser will send an automatic beacon to all URLs registered via registerAdBeacon for the given event, but it will only send an event data body (the information in eventData) with the HTTP request to destinations specified in the destination field. This means that invoking setReportEventDataForAutomaticBeacons acts as an opt-in by the fenced frame document to allow sending the beacon to all registered URLs, aligning with cross-origin security principles. -Currently, the only `eventType` that `setReportEventDataForAutomaticBeacons` allows is `'reserved.top_navigation'`. Note that the script invoking this API can volunteer this information to a given destination type or not, similar to `reportEvent`, using the `destination` field. - -If invoked multiple times, the latest invocation before the top-level navigation would be the one that’s honored. +If `setReportEventDataForAutomaticBeacons` is not invoked, the browser will not send an automatic beacon to any registered URLs. -`eventData` is optional, and can be empty. If `eventData` is not specified, or is empty, the automatic beacon will still be sent but without an event data body in the HTTP request. +Currently, the only `eventType` that `setReportEventDataForAutomaticBeacons` allows is `'reserved.top_navigation'`. Note that the script invoking this API can volunteer the information in `eventData` to a given destination type or not, similar to `reportEvent`, using the `destination` field. -If `setReportEventDataForAutomaticBeacons` is not invoked, the browser will not send an automatic beacon because the `destination` is unknown. +If invoked multiple times, the latest invocation before the top-level navigation would be the one that’s honored. -An automatic beacon can be manually cleared out by calling `setReportEventDataForAutomaticBeacons` with an empty destination list. +Automatic beacon data can be manually cleared out by calling `setReportEventDataForAutomaticBeacons` with an empty destination list. ``` window.fence.setReportEventDataForAutomaticBeacons({ 'eventType': 'reserved.top_navigation', @@ -237,9 +235,9 @@ function addBeaconData(element) { The beacon data will be in place by the time that the navigation starts. When the navigation commits, the automatic beacon will be sent out with event data set to "link1 was clicked.". -The dictionary passed into `setReportEventDataForAutomaticBeacons` also takes an optional `once` boolean that defaults to false. If `once` is set to true, the automatic beacon will only be sent for the next `reserved.top_navigation` event. Beacons will not be sent for subsequent `reserved.top_navigation` events until `setReportEventDataForAutomaticBeacons` is invoked again. When used with a click handler, this can be used to send beacons only for specific top-level navigations, rather than for every top-level navigation. +The dictionary passed into `setReportEventDataForAutomaticBeacons` also takes an optional `once` boolean that defaults to false. If `once` is set to true, the automatic beacon will only be sent for the next `reserved.top_navigation` event. Beacons will not be sent for subsequent `reserved.top_navigation` events until `setReportEventDataForAutomaticBeacons` is invoked again. When used with a click handler, this can be used to send beacon data only for specific top-level navigations, rather than for every top-level navigation. -For example, if a frame has multiple links that can perform top-level navigations, but only one of the links should have an automatic beacon associated with it, `setReportEventDataForAutomaticBeacons()` can be called in that link's click handler with `once` set to true. This will ensure that, if another link is clicked after the link with the associated automatic beacon, that other link will not result in a beacon being sent out. +For example, if a frame has multiple links that can perform top-level navigations, but only one of the links is of interest for analytics purposes, `setReportEventDataForAutomaticBeacons()` can be called in that link's click handler with `once` set to true. This will ensure that, if another link is clicked after the link with the associated automatic beacon, that other link will not result in an automatic beacon being sent out. ``` window.fence.setReportEventDataForAutomaticBeacons({ @@ -265,7 +263,7 @@ For fenced frames rendering the ad components under the top-level ad fenced fram * Invocation of the `reportEvent` API from an ad component fenced frame is disallowed. * The only supported beacon to be sent from an ad component fenced frame is the `reserved.top_navigation` automatic beacon. Note this beacon is gated on a user activation (e.g. click). * To ensure that there is no arbitrary data that can be received at the server from the component ad, the `eventData` field via `window.fence.setReportEventDataForAutomaticBeacons`, if specified, will be ignored. This ensures that information from the component ad URL is not revealed in the event report, or else it could lead to the join of two independently k-anonymous URLs (parent and component ad) at the receiving server. -* To send the beacon from a component fenced frame, `window.fence.setReportEventDataForAutomaticBeacons` must be invoked within the ad component fenced frame with `eventType` set to `'reserved.top_navigation'`. The beacon will be sent when there is a user activation (e.g. click) on the ad component fenced frame, which results in a top-level navigation. +* `reserved.top_navigation` beacons will be sent from a component fenced frame (with no event data) when there is a user activation (e.g. click) on the ad component fenced frame, which results in a top-level navigation. The ad component must still opt in using `setReportEventDataForAutomaticBeacons` before the beacon can send. ``` window.fence.setReportEventDataForAutomaticBeacons({ From 674bdac9c5611b0bdd5ef76b569fa21d4eee8910 Mon Sep 17 00:00:00 2001 From: Xiaochen Zhou <xiaochenzh@google.com> Date: Thu, 9 Nov 2023 08:00:36 -0500 Subject: [PATCH 13/58] Add attestations requirement for reportEvent and automatic beacons. (#702) * Add attestations requirement for reportEvent and registerAdBeacon. * Address Shivani's comment. * Add example. * Update Fenced_Frames_Ads_Reporting.md * Added statement about redirect. * Update the attestation requirement for redirect * Update Fenced_Frames_Ads_Reporting.md * Avoid the term "site" * List enrollment requirement in a separate subsection * Update Fenced_Frames_Ads_Reporting.md * Update Fenced_Frames_Ads_Reporting.md * Link to html spec for "site" definition * Fixed typo * Fix grammar. --- Fenced_Frames_Ads_Reporting.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Fenced_Frames_Ads_Reporting.md b/Fenced_Frames_Ads_Reporting.md index 4f233241e..9ecf62d69 100644 --- a/Fenced_Frames_Ads_Reporting.md +++ b/Fenced_Frames_Ads_Reporting.md @@ -55,6 +55,9 @@ The browser processes the beacon by sending an HTTP POST request, like the exist Note `window.fence` here is a new namespace for APIs that are only available from within a fenced frame. In the interim period when FLEDGE supports rendering the winning ad in an iframe, `window.fence` will also be available in such an iframe. +### Enrollment Requirement +The reporting destination URL registered by `registerAdBeacon` is required to have its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) attested for Protected Audience API, otherwise the beacon is not allowed to be sent to this reporting destination. Please see [the Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model). + ### Parameters **Event type and data:** Includes the event type and data associated with an event. When an event type e.g. click matches to the event type registered in registerAdBeacon, the data will be used by the browser as the request body in the request sent to the registered URL. @@ -113,6 +116,9 @@ This API is available in the same contexts as `reportEvent` to a preregistered d Unlike `reportEvent` to a preregistered destination, here the browser processes the beacon by sending an HTTP GET request, as per feedback here: https://github.com/WICG/turtledove/issues/477#issuecomment-1524158476. +### Enrollment Requirement +The reporting destination URL specified in `reportEvent`'s `destinationURL` field is required to have its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) attested for Protected Audience API, otherwise the beacon is not allowed to be sent to this reporting destination. Please see [the Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model). + ### Parameters **Destination URL:** Includes the desired destination URL for the report, with macros to be substituted based on the buyer worklet's specified values. @@ -125,6 +131,8 @@ window.fence.reportEvent({ 'destinationURL': 'https://adtech.example/impression?cid=555&pub_id=${PUBLISHER_ID}&site=${SOURCE_URL_ENC}&t=123'}); ``` +In this example, the reporting destination eTLD+1 is "adtech.example". [The Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model) requires its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) `"https://adtech.example"` to be enrolled as defined in [site-based enrollment](https://developer.chrome.com/blog/announce-enrollment-privacy-sandbox/#site-based-enrollment). Otherwise the beacon will not be sent. + ## registerAdBeacon A similar API was initially discussed here: https://github.com/WICG/turtledove/issues/99 for reporting clicks. The idea is that the buyer and seller side worklets are able to register a URL with the browser in their reportWin and reportResult APIs. A beacon will be sent to the registered URL when events are reported by the fenced frame via reportEvent. @@ -145,6 +153,8 @@ registerAdBeacon({ }); ``` +In this example, the reporting destination eTLD+1 is "adtech.example". [The Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model) requires its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) `"https://adtech.example"` to be enrolled as defined in [site-based enrollment](https://developer.chrome.com/blog/announce-enrollment-privacy-sandbox/#site-based-enrollment). Otherwise the beacon will not be sent when there is a `click` event. + ## registerAdMacro Bidder worklets are able to register macros with the browser in their `reportWin()` function. The registered macro values are used to substitute macros in the destination URL of the `reportEvent()` API's parameter. @@ -188,6 +198,10 @@ The beacons that are generated from a `reportEvent` invocation or via the automa As mentioned in the explainer above, `reportEvent` beacons are POST requests and carry `eventData` in the request's body. The same will be true for automatic `reserved.top_navigation` requests. Note that for any server redirects of the initial request, the browser sends a GET request and does not include the initial request's body. For attribution registration flow, if the `eventData` needs to be used as part of the redirected request, it must be explicitly passed on as part of the redirect URL. +##### Enrollment Requirement + +For redirects, the redirect URL is not checked for enrollment and attestation. This is because the browser does not add any data directly to the redirect URL. Only the initial reporting destination is checked for attestation for Protected Audience API. The initial reporting destination is responsible for acting in accordance with its attestation if it decides to share any data via the redirect. + ### API to populate event data for reserved.top_navigation Since the `reserved.top_navigation` beacons are automatically generated by the browser, there needs to be some way for those beacons to include event data, as it happens in `reportEvent` generated beacons. Because this is information about a frame that can be sent to a cross-origin destination, there also needs to be a way for the frame to opt in/opt out of having this information sent. To achieve this, a new `setReportEventDataForAutomaticBeacons` API can be invoked from within the fenced frame: @@ -248,6 +262,9 @@ window.fence.setReportEventDataForAutomaticBeacons({ }); ``` +#### Enrollment Requirement +The reporting destination URL registered by `setReportEventDataForAutomaticBeacons` is required to have its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) attested for Protected Audience API, otherwise the automatic beacon is not allowed to be sent to this reporting destination. Please see [the Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model). + # Support for Ad Components For ad components [rendered in fenced frames](https://github.com/WICG/turtledove/blob/main/FLEDGE.md#4-browsers-render-the-winning-ad), the support for event-level reporting described below is available in Chrome starting M114. For ad components rendered in iframes, the support will be available in Chrome starting M115. The support works for all combinations of the top-level ad and ad component being rendered in iframes and/or Fenced Frames. From a2e5716721d9e934dc65dfdca38deba42eb7002a Mon Sep 17 00:00:00 2001 From: Garrett Tanzer <garretttanzer@gmail.com> Date: Thu, 9 Nov 2023 08:52:24 -0500 Subject: [PATCH 14/58] Explain credentials on automatic beacons until 3PCD (#884) * Add description of credentials on automatic beacons * apply Shivani's edit --------- Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> --- Fenced_Frames_Ads_Reporting.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Fenced_Frames_Ads_Reporting.md b/Fenced_Frames_Ads_Reporting.md index 9ecf62d69..b09d39875 100644 --- a/Fenced_Frames_Ads_Reporting.md +++ b/Fenced_Frames_Ads_Reporting.md @@ -262,6 +262,8 @@ window.fence.setReportEventDataForAutomaticBeacons({ }); ``` +When 3rd party cookies are enabled, automatic beacon requests only (not beacons sent manually through `reportEvent`) allow credentials (cookies) to be set in headers. This was requested by https://github.com/WICG/turtledove/issues/866 in order to help with migration and ARA debugging. These requests are subject to CORS and only occur after opt-in by virtue of calling the `setReportEventDataForAutomaticBeacons` API. + #### Enrollment Requirement The reporting destination URL registered by `setReportEventDataForAutomaticBeacons` is required to have its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) attested for Protected Audience API, otherwise the automatic beacon is not allowed to be sent to this reporting destination. Please see [the Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model). From d5f4c29957b03f1f5e72ff3d34b8d8b62c171ad1 Mon Sep 17 00:00:00 2001 From: Andrew Talian <andrew.talian@gmail.com> Date: Thu, 9 Nov 2023 17:19:39 -0500 Subject: [PATCH 15/58] Add Mediavine to fledge-tester-list.md (#899) --- fledge-tester-list.md | 1 + 1 file changed, 1 insertion(+) diff --git a/fledge-tester-list.md b/fledge-tester-list.md index 83022b650..1f2b7abed 100644 --- a/fledge-tester-list.md +++ b/fledge-tester-list.md @@ -68,6 +68,7 @@ The usefulness of this page depends on testers sharing information and updates. | Yahoo Inc | DSP | beginning 15 Jan 2024 | | googleprivacysandbox@yahooinc.com | | Magnite | SSP | January 2024 | | privacysandbox@magnite.com | | Globo | DSP & SSP | Testing | | adtech-delivery@g.globo | +| Mediavine | DSP & SSP | 2023-2024 | | privacysandbox@mediavine.com | ## Table - Publishers and Advertisers Interested in Testing or Early Adoption Companies who may be interested in participating in tests and early adoption opportunities provided by ad tech companies. From 734b7f96021441aae09de32abb06a640584a07fb Mon Sep 17 00:00:00 2001 From: Liam Brady <blu2.5@me.com> Date: Fri, 10 Nov 2023 11:53:19 -0500 Subject: [PATCH 16/58] Add reserved.top_navigation_start/commit automatic beacon types (#885) * update explainer to include top_navigation_start/commit * explain the beacon types * reword sentence --- Fenced_Frames_Ads_Reporting.md | 36 +++++++++++++++++----------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/Fenced_Frames_Ads_Reporting.md b/Fenced_Frames_Ads_Reporting.md index b09d39875..bb7ae5f0f 100644 --- a/Fenced_Frames_Ads_Reporting.md +++ b/Fenced_Frames_Ads_Reporting.md @@ -179,36 +179,36 @@ registerAdMacro(‘SOURCE_URL_ENC’, ‘http%3A%2F%2Fpub%2Eexample%2Fpage’); ### registerAdBeacon -The `reportResult` and `reportWin` worklet code will be able to register an event called `reserved.top_navigation` via `registerAdBeacon`. +The `reportResult` and `reportWin` worklet code will be able to register two new events, called `reserved.top_navigation_start` and `reserved.top_navigation_commit`, via `registerAdBeacon`. ``` registerAdBeacon({ - 'reserved.top_navigation': 'https://adtech.example/click?buyer_event_id=123', + 'reserved.top_navigation_start': 'https://adtech.example/click?buyer_event_id=123', + 'reserved.top_navigation_commit': 'https://adtech.example/click?buyer_event_id=123', }); ``` -The new event, if registered, implies that an automatic beacon will be sent by the browser to the registered URL when a top-level navigation is invoked from within the fenced frame and the navigation was preceded by a call to [window.fence.setReportEventDataForAutomaticBeacons](#api-to-populate-event-data-for-reservedtop_navigation). This will impact top-level navigation initiated from the fenced frame in the same tab (via [unfencedTop target](https://github.com/WICG/fenced-frame/blob/master/explainer/integration_with_web_platform.md#top-level-navigation)) or in a different tab. Note that this beacon is gated on a transient user activation. More details about the beacon are below. - +The new events, if registered, implies that an automatic beacon will be sent by the browser to the registered URL when a top-level navigation is invoked from within the fenced frame and the navigation was preceded by a call to [window.fence.setReportEventDataForAutomaticBeacons](#api-to-populate-event-data-for-reservedtop_navigation). More specifically, a `reserved.top_navigation_start` beacon will be sent when a top-level navigation [begins](https://html.spec.whatwg.org/multipage/browsing-the-web.html#beginning-navigation) and a `reserved.top_navigation_commit` beacon will be sent when the navigation successfully [completes](https://html.spec.whatwg.org/multipage/browsing-the-web.html#ending-navigation). This will impact top-level navigation initiated from the fenced frame in the same tab (via [unfencedTop target](https://github.com/WICG/fenced-frame/blob/master/explainer/integration_with_web_platform.md#top-level-navigation)) or in a different tab. Note that this beacon is gated on a transient user activation. More details about the beacon are below. ### reportEvent -The beacons that are generated from a `reportEvent` invocation or via the automatic `reserved.top_navigation` event will now be automatically eligible for attribution, i.e. the browser appends the `Attribution-Reporting-Eligible` HTTP request header. The beacon responses can then register attribution sources as usual, as described [here](https://github.com/WICG/attribution-reporting-api/blob/main/EVENT.md#registering-attribution-sources). +The beacons that are generated from a `reportEvent` invocation or via an automatic beacon will now be automatically eligible for attribution, i.e. the browser appends the `Attribution-Reporting-Eligible` HTTP request header. The beacon responses can then register attribution sources as usual, as described [here](https://github.com/WICG/attribution-reporting-api/blob/main/EVENT.md#registering-attribution-sources). #### Redirects -As mentioned in the explainer above, `reportEvent` beacons are POST requests and carry `eventData` in the request's body. The same will be true for automatic `reserved.top_navigation` requests. Note that for any server redirects of the initial request, the browser sends a GET request and does not include the initial request's body. For attribution registration flow, if the `eventData` needs to be used as part of the redirected request, it must be explicitly passed on as part of the redirect URL. +As mentioned in the explainer above, `reportEvent` beacons are POST requests and carry `eventData` in the request's body. The same will be true for automatic beacon requests. Note that for any server redirects of the initial request, the browser sends a GET request and does not include the initial request's body. For attribution registration flow, if the `eventData` needs to be used as part of the redirected request, it must be explicitly passed on as part of the redirect URL. ##### Enrollment Requirement For redirects, the redirect URL is not checked for enrollment and attestation. This is because the browser does not add any data directly to the redirect URL. Only the initial reporting destination is checked for attestation for Protected Audience API. The initial reporting destination is responsible for acting in accordance with its attestation if it decides to share any data via the redirect. -### API to populate event data for reserved.top_navigation +### API to populate event data for automatic beacons -Since the `reserved.top_navigation` beacons are automatically generated by the browser, there needs to be some way for those beacons to include event data, as it happens in `reportEvent` generated beacons. Because this is information about a frame that can be sent to a cross-origin destination, there also needs to be a way for the frame to opt in/opt out of having this information sent. To achieve this, a new `setReportEventDataForAutomaticBeacons` API can be invoked from within the fenced frame: +Since automatic beacons are automatically generated by the browser, there needs to be some way for those beacons to be associated with a destination and include event data, as it happens in `reportEvent` generated beacons. To achieve this, a new `setReportEventDataForAutomaticBeacons` API can be invoked from within the fenced frame: ``` window.fence.setReportEventDataForAutomaticBeacons({ - 'eventType': 'reserved.top_navigation', + 'eventType': 'reserved.top_navigation_commit', 'eventData': 'an example string', 'destination': ['seller', 'buyer'], }); @@ -218,14 +218,14 @@ If `setReportEventDataForAutomaticBeacons` is invoked, the browser will send an If `setReportEventDataForAutomaticBeacons` is not invoked, the browser will not send an automatic beacon to any registered URLs. -Currently, the only `eventType` that `setReportEventDataForAutomaticBeacons` allows is `'reserved.top_navigation'`. Note that the script invoking this API can volunteer the information in `eventData` to a given destination type or not, similar to `reportEvent`, using the `destination` field. +Currently, the only `eventType`s that `setReportEventDataForAutomaticBeacons` allows are `'reserved.top_navigation_start'` and `'reserved.top_navigation_commit'`. Note that the script invoking this API can volunteer this information to a given destination type or not, similar to `reportEvent`, using the `destination` field. If invoked multiple times, the latest invocation before the top-level navigation would be the one that’s honored. Automatic beacon data can be manually cleared out by calling `setReportEventDataForAutomaticBeacons` with an empty destination list. ``` window.fence.setReportEventDataForAutomaticBeacons({ - 'eventType': 'reserved.top_navigation', + 'eventType': 'reserved.top_navigation_start', 'destination': [], }); ``` @@ -237,7 +237,7 @@ window.fence.setReportEventDataForAutomaticBeacons({ function addBeaconData(element) { const data = element.id + " was clicked."; let beacon_event = { - eventType: "reserved.top_navigation", + eventType: "reserved.top_navigation_commit", eventData: data, destination: ["buyer"], } @@ -249,13 +249,13 @@ function addBeaconData(element) { The beacon data will be in place by the time that the navigation starts. When the navigation commits, the automatic beacon will be sent out with event data set to "link1 was clicked.". -The dictionary passed into `setReportEventDataForAutomaticBeacons` also takes an optional `once` boolean that defaults to false. If `once` is set to true, the automatic beacon will only be sent for the next `reserved.top_navigation` event. Beacons will not be sent for subsequent `reserved.top_navigation` events until `setReportEventDataForAutomaticBeacons` is invoked again. When used with a click handler, this can be used to send beacon data only for specific top-level navigations, rather than for every top-level navigation. +The dictionary passed into `setReportEventDataForAutomaticBeacons` also takes an optional `once` boolean that defaults to false. If `once` is set to true, the automatic beacon will only be sent for the next event. Beacons will not be sent for subsequent events until `setReportEventDataForAutomaticBeacons` is invoked again. When used with a click handler, this can be used to send beacon data only for specific top-level navigations, rather than for every top-level navigation. For example, if a frame has multiple links that can perform top-level navigations, but only one of the links is of interest for analytics purposes, `setReportEventDataForAutomaticBeacons()` can be called in that link's click handler with `once` set to true. This will ensure that, if another link is clicked after the link with the associated automatic beacon, that other link will not result in an automatic beacon being sent out. ``` window.fence.setReportEventDataForAutomaticBeacons({ - 'eventType': 'reserved.top_navigation', + 'eventType': 'reserved.top_navigation_start', 'eventData': 'an example string', 'destination': ['seller', 'buyer'], 'once': true, @@ -276,13 +276,13 @@ When a rendered ad is composed of [multiple pieces](https://github.com/WICG/turt ## Design ### Event Type and Reporting Destination -For fenced frames rendering the ad components under the top-level ad fenced frame, the `reserved.top_navigation` event type and corresponding reporting destination registered for the top-level fenced frame are reused when beacons are sent from the ad component fenced frames. +For fenced frames rendering the ad components under the top-level ad fenced frame, the automatic beacon event type and corresponding reporting destination registered for the top-level fenced frame are reused when beacons are sent from the ad component fenced frames. -### Restricted to send `reserved.top_navigation` beacons only +### Restricted to send automatic beacons only * Invocation of the `reportEvent` API from an ad component fenced frame is disallowed. -* The only supported beacon to be sent from an ad component fenced frame is the `reserved.top_navigation` automatic beacon. Note this beacon is gated on a user activation (e.g. click). +* The only supported beacons to be sent from an ad component fenced frame are the `reserved.top_navigation_start` and `reserved.top_navigation_commit` automatic beacons. Note these beacons are gated on a user activation (e.g. click). * To ensure that there is no arbitrary data that can be received at the server from the component ad, the `eventData` field via `window.fence.setReportEventDataForAutomaticBeacons`, if specified, will be ignored. This ensures that information from the component ad URL is not revealed in the event report, or else it could lead to the join of two independently k-anonymous URLs (parent and component ad) at the receiving server. -* `reserved.top_navigation` beacons will be sent from a component fenced frame (with no event data) when there is a user activation (e.g. click) on the ad component fenced frame, which results in a top-level navigation. The ad component must still opt in using `setReportEventDataForAutomaticBeacons` before the beacon can send. +* Automatic beacons will be sent from a component fenced frame (with no event data) when there is a user activation (e.g. click) on the ad component fenced frame, which results in a top-level navigation. The ad component must still opt in using `setReportEventDataForAutomaticBeacons` before the beacon can send. ``` window.fence.setReportEventDataForAutomaticBeacons({ From 594a47a486aba70ab7c89cf90ffe1211355ae8cd Mon Sep 17 00:00:00 2001 From: ruminskim <129936863+ruminskim@users.noreply.github.com> Date: Fri, 10 Nov 2023 19:22:31 +0100 Subject: [PATCH 17/58] Update fledge-tester-list.md (#901) Added PrimeAudience, which is a separate brand within RTB House group --- fledge-tester-list.md | 1 + 1 file changed, 1 insertion(+) diff --git a/fledge-tester-list.md b/fledge-tester-list.md index 1f2b7abed..ba339b047 100644 --- a/fledge-tester-list.md +++ b/fledge-tester-list.md @@ -57,6 +57,7 @@ The usefulness of this page depends on testers sharing information and updates. | MicroAd | SSP & DSP | | | privacysandbox@microad.co.jp | | Blendee | SSP & DSP | | | privacysandbox@blendee.com | | Adlook (subsidiary of RTB House) | DSP | Continuous testing ongoing; long term commitment. | | privacysandbox@adlook.com | +| PrimeAudience (subsidiary of RTB House) | Ad Network | Continuous testing ongoing; long term commitment. | | contact@primeaudience.com | | Microsoft (Xandr, MSAN) | SSP + DSP(s) | Testing | | privacy_sandbox@microsoft.com | | Nexxen (Unruly/Tremor/Amobee) | SSP & DSP| 2023-2024 | coming soon | privacysandbox@nexxen.com | | Triplelift | SSP | Jan 2024 | | prod-privacysandbox@triplelift.com | From 59df4a70cf3c51db6456d15f6615efe1dcf0671c Mon Sep 17 00:00:00 2001 From: Xiaochen Zhou <xiaochenzh@google.com> Date: Tue, 14 Nov 2023 08:45:56 -0500 Subject: [PATCH 18/58] Update leaveAdInterestGroup method in spec (#880) --- spec.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index a27bcf81b..47e07536e 100644 --- a/spec.bs +++ b/spec.bs @@ -598,7 +598,7 @@ The <dfn for=Navigator method>leaveAdInterestGroup(group)</dfn> method steps are 1. If |group| [=map/is empty=]: 1. Let |instance| be |global|'s [=Window/browsing context=]'s [=browsing context/fenced frame config instance=]. - 1. If |instance| is null, [=exception/throw=] a {{TypeError}}. + 1. If |instance| is null, then return. 1. Let |interestGroup| be |instance|'s [=fenced frame config instance/interest group descriptor=]. 1. Run these steps [=in parallel=]: 1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=] From a13de444379e9895d91634e952db6b1ed2b95424 Mon Sep 17 00:00:00 2001 From: qingxinwu <6334674+qingxinwu@users.noreply.github.com> Date: Tue, 14 Nov 2023 11:02:53 -0500 Subject: [PATCH 19/58] Build a URL struct instead of a string. (#897) * Build a URL struct instead of a string. * Add more notes. * Apply suggestions from code review Co-authored-by: Jeffrey Yasskin <jyasskin@gmail.com> * Address comments. --------- Co-authored-by: Qingxin Wu <qingxinwu@google.com> Co-authored-by: Jeffrey Yasskin <jyasskin@gmail.com> --- spec.bs | 52 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 20 deletions(-) diff --git a/spec.bs b/spec.bs index 47e07536e..acd9db511 100644 --- a/spec.bs +++ b/spec.bs @@ -415,11 +415,22 @@ The <dfn for="interest group">estimated size</dfn> of an [=interest group=] |ig| <div algorithm> -To <dfn>check interest group permissions</dfn> given an [=origin=] -|ownerOrigin|, an [=origin=] |frameOrigin|, and an enum |joinOrLeave| which is "`join`" or "`leave`": +To <dfn>check interest group permissions</dfn> given an [=origin=] |ownerOrigin|, an [=origin=] +|frameOrigin|, and an enum |joinOrLeave| which is "`join`" or "`leave`": 1. If |ownerOrigin| is [=same origin=] with |frameOrigin|, then return true. -1. Let |permissionsUrl| be the result of [=building an interest group permissions url=] with - |ownerOrigin| and |frameOrigin|. +1. Let |encodedFrameOrigin| be the result of [=string/UTF-8 percent-encoding=] the + [=serialization of an origin|serialized=] |frameOrigin| using [=component percent-encode set=]. +1. Let |permissionsUrl| be a new [=URL=] with the following [=struct/items=]: + : [=url/scheme=] + :: |ownerOrigin|'s [=origin/scheme=] + : [=url/host=] + :: |ownerOrigin|'s [=origin/host=] + : [=url/port=] + :: |ownerOrigin|'s [=origin/port=] + : [=url/path=] + :: « ".well-known", "interest-group", "permissions" » + : [=url/query=] + :: The result of [=string/concatenating=] « "origin=", |encodedFrameOrigin| » 1. Let |request| be a new [=request=] with the following properties: : [=request/URL=] :: |permissionsUrl| @@ -468,17 +479,6 @@ prevents a leak of the user's ad interest group membership to the server. </div> -<div algorithm> - -To <dfn>build an interest group permissions url</dfn> given a [=origin=] |ownerOrigin| and a [=origin=] |frameOrigin|: -1. Let |serializedFrameOrigin| be the result of [=serialization of an origin|serializing=] |frameOrigin|. -1. Return the string formed by [=string/concatenating=] - * The [=serialization of an origin|serialization=] of |ownerOrigin|, - * The string "`/.well-known/interest-group/permissions/?origin=`", and - * The result of [=string/UTF-8 percent-encoding=] |serializedFrameOrigin| using [=component percent-encode set=]. - -</div> - <h3 id="interest-group-storage-maintenance">Interest Group Storage Maintenance</h3> There is a job that periodically [=performs storage maintenance=] on the [=user agent=]'s @@ -2014,6 +2014,9 @@ To <dfn>encode trusted signals keys</dfn> given an [=ordered set=] of [=strings= 1. Let |keysStr| be the result of [=string/concatenating=] |keys| with separator set to ",". 1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] |keysStr| using [=component percent-encode set=] to |list|. + + Issue: The Chrome implementation encodes 0x20 (SP) to U+002B (+), while [=string/UTF-8 percent-encoding=] + encodes it to "%20". 1. Return |list|. </div> @@ -2024,9 +2027,18 @@ To <dfn>build trusted bidding signals url</dfn> given a [=URL=] |signalsUrl|, an [=strings=] |keys|, an [=ordered set=] of [=strings=] |igNames|, an {{unsigned short}}-or-null |experimentGroupId|, and an [=origin=] |topLevelOrigin|: 1. Let |queryParamsList| be a new empty [=list=]. + + Note: These steps create a [=url/query=] of the form "`&<name>=<values in comma-delimited list>`". E.g., + "`hostname=publisher1.com&keys=key1,key2&interestGroupNames=ad+platform,name2&experimentGroupId=1234`". + <br><br>These steps don't use the [=urlencoded serializer|application/x-www-form-urlencoded serializer=] + to construct the query string because it repeats a key if it has multiple values instead of a + comma-demilited list (e.g., "keys=key1&keys=key2", instead of "keys=key1,key2"), and it also + uses a different percent encode set from the Chrome implementation. + 1. [=list/Append=] "hostname=" to |queryParamsList|. -1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] |topLevelOrigin| using - [=component percent-encode set=] to |queryParamsList|. +1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] the + [=serialization of an origin|serialized=] |topLevelOrigin| using [=component percent-encode set=] + to |queryParamsList|. 1. If |keys| is not [=set/is empty|empty=]: 1. [=list/Append=] "&keys=" to |queryParamsList|. 1. [=list/Extend=] |queryParamsList| with the result of [=encode trusted signals keys=] with @@ -2387,7 +2399,7 @@ the [=additional bid=] to compete against other bids in a Protected Audience [=a <div id="additional-bid-example" class=example> <p> Each additional bid is expressed using the following JSON data structure:</p> - <pre class="highlight"> + <pre highlight="js"> const additionalBid = { "bid": { "ad": 'ad-metadata', @@ -2714,7 +2726,7 @@ identified ahead of time in the [=additional bid=]'s `joiningOrigin` field. Any <div id="negative-igs-example" class=example> <p>Use `negativeInterestGroup` in additional bid's JSON:</p> - <pre class="highlight"> + <pre highlight="js"> const additionalBid = { ... "negativeInterestGroup": "example_advertiser_negative_interest_group", @@ -2722,7 +2734,7 @@ identified ahead of time in the [=additional bid=]'s `joiningOrigin` field. Any } </pre> <p>Use `negativeInterestGroups` in additional bid's JSON:</p> - <pre class="highlight"> + <pre highlight="js"> const additionalBid = { ... "negativeInterestGroups": { From 3de7fde56a4cbdbe745635085607dbf25ee29d1a Mon Sep 17 00:00:00 2001 From: qingxinwu <6334674+qingxinwu@users.noreply.github.com> Date: Tue, 14 Nov 2023 11:05:47 -0500 Subject: [PATCH 20/58] Parse Ad-Auction-Additional-Bid response header (#888) * work in progress. * Finish * Update spec.bs Co-authored-by: caraitto <caraitto@google.com> * Address comments * Address comments. --------- Co-authored-by: Qingxin Wu <qingxinwu@google.com> Co-authored-by: caraitto <caraitto@google.com> --- spec.bs | 195 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 111 insertions(+), 84 deletions(-) diff --git a/spec.bs b/spec.bs index acd9db511..18f876c6a 100644 --- a/spec.bs +++ b/spec.bs @@ -1125,8 +1125,7 @@ To <dfn>validate and convert auction ad config</dfn> given an {{AuctionAdConfig} returned from an associated [=request=], whose [=request/initiator type=] is `"fetch"` and the {{RequestInit/adAuctionHeaders}} option set to `true`, resolves or rejects. Otherwise, there will be a race condition that the worklet can run without the direct from seller signals that - it needs. See [[#handling-direct-from-seller-signals]] for details. - + it needs. See [[#fetch-patch-for-auction-headers]] for details. * To parse the value |result|: 1. Set |auctionConfig|'s [=auction config/direct from seller signals header ad slot=] to |result|. @@ -1401,7 +1400,7 @@ To <dfn>generate and score bids</dfn> given an [=auction config=] |auctionConfig 1. Let |leadingBidInfo| be a new [=leading bid info=]. 1. Let |queue| be the result of [=starting a new parallel queue=]. 1. Let |capturedAuctionHeaders| be |global|'s [=associated Document's=] [=node navigable's=] - [=traversable navigable's=] [=traversable navigable/captured ad auction headers=]. + [=traversable navigable's=] [=traversable navigable/captured ad auction signals headers=]. 1. If |auctionConfig|'s [=auction config/component auctions=] are not [=list/is empty|empty=]: 1. [=Assert=] |topLevelAuctionConfig| is null. 1. Let |pendingComponentAuctions| be |auctionConfig|'s [=auction config/component auctions=]'s @@ -3732,16 +3731,39 @@ This specification defines two [=policy-controlled features=] identified by the Issue(WICG/turtledove#522): Move from "`*`" to "`self`". -# Handling Direct from Seller Signals # {#handling-direct-from-seller-signals} +# Fetch Patch for Auction Headers # {#fetch-patch-for-auction-headers} -This section specifies a manner by which signals may be provided to auctions such that the signals -are only used within their intended auction. +This section specifies a manner by which some data, including [=additional bids=] and +[=direct from seller signals=], may be provided to auctions such that the data is only used within +their intended auction. Any {{Document}} in a [=traversable navigable=] may run a Protected Audience auction (with {{Window/navigator}}.{{Navigator/runAdAuction()}}) whose worklet functions receive signal objects -derived from JSON from an [:Ad-Auction-Signals:] header captured by a -{{WindowOrWorkerGlobalScope/fetch()}} call (using the {{RequestInit/adAuctionHeaders}} option) -initiated by any *other* {{Document}} in the *same* [=traversable navigable=]. +derived from JSON from an [:Ad-Auction-Signals:] header, or [=additional bids=] derived from an +[:Ad-Auction-Additional-Bid:] header, captured by a {{WindowOrWorkerGlobalScope/fetch()}} call +(using the {{RequestInit/adAuctionHeaders}} option) initiated by any *other* {{Document}} in the +*same* [=traversable navigable=]. + +<div algorithm="fetch per traversable navigable structures patch"> +Modify [[FETCH]]'s [[FETCH#infrastructure]] to add a new section called "Per Traversable Navigable +Structures", with the following content: + +Each [=traversable navigable=] has a <dfn for="traversable navigable">captured ad auction signals +headers</dfn>, which is a [=map=] whose [=map/keys=] are [=direct from seller signals keys=] and +whose [=map/values=] are [=direct from seller signals=]. + +NOTE: This is only captured during a [=request=] whose [=request/initiator type=] is `"fetch"`, made +with the {{RequestInit/adAuctionHeaders}} option set to `true`, as described in the +[:Ad-Auction-Signals:] header description. + +Each [=traversable navigable=] has a <dfn for="traversable navigable">captured ad auction additional +bids headers</dfn>, which is a [=map=] whose [=map/keys=] are [=auction nonces=] and whose +[=map/values=] are [=strings=]. + +NOTE: This is only captured during a [=request=] whose [=request/initiator type=] is `"fetch"`, made +with the {{RequestInit/adAuctionHeaders}} option set to `true`, as described in the +[:Ad-Auction-Additional-Bid:] header description. +</div> <div algorithm="fetch capture adAuctionHeaders boolean patch"> Modify the definition of a [=request=]: @@ -3780,52 +3802,6 @@ The following step will be added to the [=HTTP-network-or-cache fetch=] algorith </div> -<div algorithm="fetch per traversable navigable structures patch"> -Modify [[FETCH]]'s [[FETCH#infrastructure]] to add a new section called "Per Traversable Navigable -Structures", with the following content: - -<h3 id=direct-from-sellers-signals-key-struct>Direct from seller signals key</h3> -A <dfn>direct from seller signals key</dfn> is a [=struct=] with the following [=struct/items=]: - -NOTE: This is only captured during a [=request=] whose [=request/initiator type=] is `"fetch"`, made -with the {{RequestInit/adAuctionHeaders}} option set to `true`, as described in the -[:Ad-Auction-Signals:] header description. - -<dl dfn-for="direct from seller signals key"> -: <dfn>seller</dfn> -:: An [=origin=]. Matches the origin that served the captured [:Ad-Auction-Signals:] header. -: <dfn>ad slot</dfn> -:: A [=string=]. Matches the `adSlot` key of the JSON dictionaries in the top-level array of the - [:Ad-Auction-Signals:] value. - -</dl> - -<h3 id=direct-from-sellers-signals-struct>Direct from seller signals</h3> -A <dfn>direct from seller signals</dfn> is a [=struct=] with the following [=struct/items=]: - -NOTE: This is only captured during a [=request=] whose [=request/initiator type=] is `"fetch"`, made -with the {{RequestInit/adAuctionHeaders}} option set to `true`, as described in the -[:Ad-Auction-Signals:] header description. - -<dl dfn-for="direct from seller signals"> -: <dfn>auction signals</dfn> -:: Null or a [=string=]. - Opaque JSON data passed to both buyers' and the seller's [=script runners=]. -: <dfn>seller signals</dfn> -:: Null or a [=string=]. - Opaque JSON data passed to the seller's [=script runner=]. -: <dfn>per buyer signals</dfn> -:: A [=map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are [=strings=]. - [=map/Keys=] are buyers and must be valid HTTPS origins. [=map/Values=] are opaque JSON data - passed to corresponding buyer's [=script runner=]. - -</dl> - -Each [=traversable navigable=] has a <dfn for="traversable navigable">captured ad auction headers -</dfn>, which is a [=map=] whose [=map/keys=] are [=direct from seller signals keys=] and whose -[=map/values=] are [=direct from seller signals=]. -</div> - <div algorithm="fetch auction headers patch"> The following will be added to [[Fetch#http-extensions]]: @@ -3851,15 +3827,17 @@ HTTP response header.</h3> The \`<dfn http-header><code>Ad-Auction-Additional-Bid</code></dfn>\` response header provides value of a string in the format of `<auction nonce>:<base64-encoding of the signed additional bid>`, which -corresponds to a single additional bid. The response may include more than one additional bid by -specifying multiple instances of the [:Ad-Auction-Additional-Bid:] response header. +corresponds to a single [=additional bid=]. The response may include more than one [=additional bid=] +by specifying multiple instances of the [:Ad-Auction-Additional-Bid:] response header. </div> -<div algorithm="fetch auction signals redirect patch"> -The following step will be added to the [=HTTP fetch=] algorithm, immediately under the step "If +<div algorithm="ad auction fetch redirect patch"> +The following steps will be added to the [=HTTP fetch=] algorithm, immediately under the step "If <var ignore>internalResponse</var>’s [=status=] is a [=redirect status=]:" -1. [=header list/Delete=] "[:Ad-Auction-Signals:]" from <var ignore>response</var>'s +1. [=header list/Delete=] "[:Ad-Auction-Signals:]" from |response|'s + [=response/header list=]. +1. [=header list/Delete=] "[:Ad-Auction-Additional-Bid:]" from |response|'s [=response/header list=]. </div> @@ -3870,40 +3848,65 @@ The following step will be added to the [=HTTP fetch=] algorithm, before step 1. If |response| is not null, |response|'s [=status=] is not a [=redirect status=], |fetchParams|'s [=fetch params/task destination=] is a [=global object=] that's a {{Window}} object, and - |request|'s [=request/capture-ad-auction-headers=] is `true`, then run [=update captured headers=] - with |fetchParams|'s [=fetch params/task destination=]'s [=associated Document's=] [=node - navigable's=] [=traversable navigable's=] [=traversable navigable/captured ad auction headers=], - |response|'s [=response/header list=], and |request|'s [=request/URL=]'s [=url/origin=]. + |request|'s [=request/capture-ad-auction-headers=] is `true`: + 1. Let |navigable| be |fetchParams|'s [=fetch params/task destination=]'s [=associated Document=]'s + [=node navigable=]'s [=traversable navigable=]. + 1. Run [=update captured headers=] with |navigable|'s + [=traversable navigable/captured ad auction signals headers=], |navigable|'s + [=traversable navigable/captured ad auction additional bids headers=], |response|'s + [=response/header list=], and |request|'s [=request/URL=]'s [=url/origin=]. </div> <div algorithm="fetch update captured headers patch"> The following algorithm will be added to the [[FETCH#fetching]] section: -<h3 id=update-captured-headers>Update captured headers</h3> - To <dfn id=concept-update-captured-headers>update captured headers</dfn> with a [=traversable - navigable/captured ad auction headers=] |storedHeaders|, [=header list=] |responseHeaders|, and - [=origin=] |requestOrigin|: + navigable/captured ad auction signals headers=] |storedSignalsHeaders|, + [=traversable navigable/captured ad auction additional bids headers=] |storedAdditionalBidsHeaders|, + [=header list=] |responseHeaders|, and [=origin=] |requestOrigin|: 1. Let |adAuctionSignals| be the result of [=header list/getting=] [:Ad-Auction-Signals:] from |responseHeaders|. - 1. If |adAuctionSignals| is null, return. - 1. [=header list/Delete=] "[:Ad-Auction-Signals:]" from |responseHeaders|. + 1. If |adAuctionSignals| is not null: + 1. [=header list/Delete=] "[:Ad-Auction-Signals:]" from |responseHeaders|. + + NOTE: This step prevents the header value from being used outside the intended auctions -- + that is, scripts making the {{WindowOrWorkerGlobalScope/fetch()}} request aren't able to load + the header value. + 1. [=Handle ad auction signals header value=] given |adAuctionSignals|, |storedSignalsHeaders| and + |requestOrigin|. + 1. Let |additionalBids| be the result of [=header list/getting, decoding, and splitting=] + [:Ad-Auction-Additional-Bid:] from |responseHeaders|. + 1. If |additionalBids| is not null: + 1. [=header list/Delete=] "[:Ad-Auction-Additional-Bid:]" from |responseHeaders|. + + NOTE: This step prevents the header value from being used outside the intended auctions -- + that is, scripts making the {{WindowOrWorkerGlobalScope/fetch()}} request aren't able to load + the header value. + 1. [=list/For each=] |bid| of |additionalBids|: + 1. Let |nonceAndAdditionalBid| be the result of [=strictly splitting=] |bid| on U+003A (:). + 1. If |nonceAndAdditionalBid|'s [=list/size=] is not 2, then [=iteration/continue=]. + 1. Let |nonce| be |nonceAndAdditionalBid|[0]. + 1. If |nonce|'s [=string/length=] is not 36, then [=iteration/continue=]. + 1. Set |storedAdditionalBidsHeaders|[|nonce|] to |nonceAndAdditionalBid|[1]. + +</div> + +<div algorithm> +To <dfn>handle ad auction signals header value</dfn> given a [=byte sequence=] |adAuctionSignals|, +[=traversable navigable/captured ad auction signals headers=] |storedSignalsHeaders|, and [=origin=] +|requestOrigin|: - NOTE: This step prevents the header value from being used outside the intended auctions -- - that is, scripts making the {{WindowOrWorkerGlobalScope/fetch()}} request aren't able to load - the header value. 1. Let |parsedSignals| be the result of [=parsing JSON bytes to an Infra value=], given |adAuctionSignals|. - 1. If |parsedSignals| is failure, return. - 1. If |parsedSignals| is not a [=list=], return. - 1. [=list/For each=] |signal| in |parsedSignals|: + 1. If |parsedSignals| is failure or not a [=list=], return. + 1. [=list/For each=] |signal| of |parsedSignals|: 1. If |signal| is not an [=ordered map=], [=iteration/continue=]. 1. If |signal|["`adSlot`"] doesn't exist, [=iteration/continue=]. - 1. Create a new [=direct from seller signals key=] |signalsKey|, with its + 1. Let |signalsKey| be a new [=direct from seller signals key=], with its [=direct from seller signals key/seller=] set to |requestOrigin| and its [=direct from seller signals key/ad slot=] set to |signal|["`adSlot`"]. - 1. Create a new [=direct from seller signals=] |processedSignals|. + 1. Let |processedSignals| be a new [=direct from seller signals=]. 1. [=map/Remove=] |signal|["`adSlot`"]. 1. [=map/For each=] |key| → |value| of |signal|: 1. Switch on |key|: @@ -3922,17 +3925,15 @@ The following algorithm will be added to the [[FETCH#fetching]] section: <dd> 1. If |value| is not an [=ordered map=], [=iteration/continue=]. 1. For each |buyer| → |buyerSignals| of |value|: - 1. Let |buyerOrigin| be the result of [=parsing an https origin=] on |buyer|. If this - [=exception/throws=], [=iteration/continue=]. + 1. Let |buyerOrigin| be the result of [=parsing an https origin=] on |buyer|. + 1. If |buyerOrigin| is failure, [=iteration/continue=]. 1. Let |buyerSignalsString| be the result of [=serializing an Infra value to a JSON string=], given |buyerSignals|. 1. Set |processedSignals|'s [=direct from seller signals/per buyer signals=][|buyerOrigin|] to |buyerSignalsString|. - </dl> - 1. Set |storedHeaders|[|signalsKey|] to |processedSignals|. - + 1. Set |storedSignalsHeaders|[|signalsKey|] to |processedSignals|. </div> @@ -4550,7 +4551,6 @@ response headers. : <dfn>provided as additional bid</dfn> :: A [=boolean=], initially false. - </dl> <h3 dfn-type=dfn>Ad descriptor</h3> @@ -4581,6 +4581,33 @@ Width and height of an ad. </dl> +<h3 id=direct-from-seller-signals-section>Direct from seller signals</h3> + +A <dfn>direct from seller signals key</dfn> is a [=struct=] with the following [=struct/items=]: + +<dl dfn-for="direct from seller signals key"> + : <dfn>seller</dfn> + :: An [=origin=]. Matches the origin that served the captured [:Ad-Auction-Signals:] header. + : <dfn>ad slot</dfn> + :: A [=string=]. Matches the `adSlot` key of the JSON dictionaries in the top-level array of the + [:Ad-Auction-Signals:] value. +</dl> + +A <dfn>direct from seller signals</dfn> is a [=struct=] with the following [=struct/items=]: + +<dl dfn-for="direct from seller signals"> + : <dfn>auction signals</dfn> + :: Null or a [=string=]. + Opaque JSON data passed to both buyers' and the seller's [=script runners=]. + : <dfn>seller signals</dfn> + :: Null or a [=string=]. + Opaque JSON data passed to the seller's [=script runner=]. + : <dfn>per buyer signals</dfn> + :: A [=map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are [=strings=]. + [=map/Keys=] are buyers and must be valid HTTPS origins. [=map/Values=] are opaque JSON data + passed to corresponding buyer's [=script runner=]. +</dl> + <h3 dfn-type=dfn>Score ad output</h3> The output of running a Protected Audience `scoreAd()` script, is represented using the following type: From cff79837f52b540a61f682cdd9bceda3a8bba8e8 Mon Sep 17 00:00:00 2001 From: Maks Orlovich <morlovich@google.com> Date: Tue, 14 Nov 2023 13:33:22 -0500 Subject: [PATCH 21/58] Currency explainer: Fix broken links and clarify omission Matt noted when reviewing tests (#895) * Fix broken links and clarify one point. * Rephrase --------- Co-authored-by: Maks Orlovich <morlovich@chromium.org> --- FLEDGE.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/FLEDGE.md b/FLEDGE.md index 324965636..c8627e160 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -462,7 +462,7 @@ The function gets called once for each candidate ad in the auction. The argumen The output of `scoreAd()` is an object with the following fields: * desirability: Number indicating how desirable this ad is. Any value that is zero or negative indicates that the ad cannot win the auction. (This could be used, for example, to eliminate any interest-group-targeted ad that would not beat a contextually-targeted candidate.) The winner of the auction is the ad object which was given the highest score. * allowComponentAuction: (optional) If the bid being scored is from a component auction and this value is not true, the bid is ignored. If not present, this value is considered false. This field must be present and true both when the component seller scores a bid, and when that bid is being scored by the top-level auction. -* incomingBidInSellerCurrency: (optional) Provides a conversion of a bid in a multi-currency auction to seller's own currency. Please see [the section on this functionality](#53-reporting-in-multi-currency-auctions) for more details. +* incomingBidInSellerCurrency: (optional) Provides a conversion of a bid in a multi-currency auction to seller's own currency. Please see [the section on this functionality](#53-currencies-in-reporting) for more details. If `scoreAd()` returns only a numeric value, it's equivalent to returning {`desirability`: numericValue, `allowComponentAuction`: false}. @@ -812,7 +812,7 @@ If the `generateBid()` method returns a `bidCurrency`, and the `perBuyerCurrenci Currency checking after `scoreAd()` happens only inside component auctions. If the component seller's `scoreAd()` modifies the bid value, the modified bid's currency will be checked; if not, the passed-through bid from the original buyer's currency will be. In either case, the currency will be checked both against the component auction's `sellerCurrency` and top-level auction's `perBuyerCurrencies` as applied to the component auction's seller. As before, both the bid currency and the configured currency in question must be specified for the checking to take place; if one or both are missing that particular currency check does not take place. If there is a mismatch, the bid will not take part in the top-level auction. -`sellerCurrency` also has an extensive effect on how reporting behaves. Please see the section on [Reporting in Multi-Currency Auctions](#53-reporting-in-multi-currency-auctions) for more details. +`sellerCurrency` also has an extensive effect on how reporting behaves. Please see the section on [Currencies in Reporting](#53-currencies-in-reporting) for more details. ### 4. Browsers Render the Winning Ad @@ -874,7 +874,7 @@ The arguments to this function are: 'highestScoringOtherBidCurrency': 'EUR' } ``` - * `bidCurrency` and `highestScoringOtherBidCurrency` provide (highly redacted) information on what currency the corresponding numbers are in. Please refer to the section on [Reporting in Multi-Currency Auctions](#53-reporting-in-multi-currency-auctions) for more details. + * `bidCurrency` and `highestScoringOtherBidCurrency` provide (highly redacted) information on what currency the corresponding numbers are in. Please refer to the section on [Currencies in Reporting](#53-currencies-in-reporting) for more details. * directFromSellerSignals is an object that may contain the following fields: * sellerSignals: Like auctionConfig.sellerSignals, but passed via the [directFromSellerSignals](#25-additional-trusted-signals-directfromsellersignals) mechanism. These are the signals whose subresource URL ends in `?sellerSignals`. * auctionSignals: Like auctionConfig.auctionSignals, but passed via the [directFromSellerSignals](#25-additional-trusted-signals-directfromsellersignals) mechanism. These are the signals whose subresource URL ends in `?auctionSignals`. @@ -944,7 +944,7 @@ In auctions that involve multiple currencies, there may be values with different To help deal with this scenario, an optional mode is available that converts all bid-related information to seller's preferred currency (in component auctions, reporting for it is for that component's seller). This is configured via the `sellerCurrency` setting in each auction configuration. -If `sellerCurrency` is set, `scoreAd()` for an auction is responsible for converting bids not already in `sellerCurrency` to `sellerCurrency`, via the `incomingBidInSellerCurrency` field of its return value. A bid already explicitly in the seller's currency cannot be changed by `incomingBidInSellerCurrency`. If neither the original bid is explicitly in `sellerCurrency` nor an `incomingBidInSellerCurrency` is specified, a value of 0 is used as the converted value. +If `sellerCurrency` is set, `scoreAd()` for an auction is responsible for converting bids not already in `sellerCurrency` to `sellerCurrency`, via the `incomingBidInSellerCurrency` field of its return value. A bid already explicitly in the seller's currency cannot be changed by `incomingBidInSellerCurrency` (passing an identical value is a no-op; passing a different one rejects the bid). If neither the original bid is explicitly in `sellerCurrency` nor an `incomingBidInSellerCurrency` is specified, a value of 0 is used as the converted value. Note that `incomingBidInSellerCurrency` is different from the modified bid returned by a component auction: it represents a mechanical currency translation of the original buyer's bid, rather than the bid the component auction is making in a top-level auction (which could, perhaps, be reduced by the intermediate seller's fee or the like). It can also be specified in top-level auctions, unlike the modified bid. From 5c3f9231a05686f129cfe530a40616f277d234cd Mon Sep 17 00:00:00 2001 From: David Dabbs <david.dabbs@epsilon.com> Date: Tue, 14 Nov 2023 12:34:00 -0600 Subject: [PATCH 22/58] Update README.md (meetings are now weekly) (#902) --- meetings/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meetings/README.md b/meetings/README.md index ba486c23a..b410bceec 100644 --- a/meetings/README.md +++ b/meetings/README.md @@ -2,6 +2,6 @@ We are holding regular phone calls to resolve the details of the FLEDGE proposal. These calls should be good places for a dedicated group to address open issues and suggest technical fixes, or to talk about particular use cases and how they can be met using FLEDGE. -Calls generally take place every second Wednesday, at 11am US Eastern time. For call details see https://github.com/WICG/turtledove/issues/88. +Calls generally take place every Wednesday, at 11am US Eastern time. For call details see https://github.com/WICG/turtledove/issues/88. The minutes of each call are posted in this directory. From 692ad8825e9b7e6b1b1347b9b0d38ee1fdaadf63 Mon Sep 17 00:00:00 2001 From: Peiwen Hu <pewnhu@gmail.com> Date: Tue, 14 Nov 2023 14:30:58 -0500 Subject: [PATCH 23/58] Update Trusted Key Value Server API naming to match server side changes (#900) --- FLEDGE_Key_Value_Server_API.md | 71 +++++++++++++++------------------- 1 file changed, 32 insertions(+), 39 deletions(-) diff --git a/FLEDGE_Key_Value_Server_API.md b/FLEDGE_Key_Value_Server_API.md index 1f42cb686..3f6035406 100644 --- a/FLEDGE_Key_Value_Server_API.md +++ b/FLEDGE_Key_Value_Server_API.md @@ -39,15 +39,10 @@ provides more context about these namespaces. The server can be configured to run in slightly different modes depending on whether it is serving the DSP use case or the SSP use case. -### Subkey +### Hostname -For a given key, a subkey may be used to further specify a dedicated value -override. - -During the query, the browser sets the hostname as the subkey value. When a -query to a particular subkey does not match any existing entry, the server -system can automatically fallback to a default value for the key, specified by -not setting the subkey during data updates. +During the query, the browser sets the hostname. This matches the hostname +described in the main explainer. ## Query API Version 1 @@ -57,16 +52,15 @@ This is the mechanism for the browser client to fetch real-time bidding signals. The API is called during the ad auction process, as described in the [FLEDGE explainer](https://github.com/WICG/turtledove/blob/main/FLEDGE.md#31-fetching-real-time-data-from-a-trusted-server). -The returned values are purely dependent on the keys (namespace + key + subkey), +The returned values are purely dependent on the keys (namespace + key + hostname), except for advanced use cases explicitly agreed upon between browsers and ad tech platforms. A potential advanced use case being discussed is how to provide country-level IPGeo information to the bidders. The API provides read-only access to the key/value data. -As mentioned in the Mutating API section below, possible data staleness may -occur. Different values may be returned for the same keys if reads happen during -data updates, due to the distributed nature of the system. But if the data is -stable, requests are deterministic. +Possible data staleness may occur. Different values may be returned for the +same keys if reads happen during data updates, due to the distributed nature +of the system. But if the data is stable, requests are deterministic. ### Form @@ -75,7 +69,7 @@ GET `https://www.kv-server.example/v1/getvalues` ### Examples ``` -https://www.dsp-kv-server.example/v1/getvalues?subkey=publisher.com&keys=key1,key2 +https://www.dsp-kv-server.example/v1/getvalues?hostname=publisher.com&keys=key1,key2 https://www.ssp-kv-server.example/v1/getvalues?renderUrls=url1,url2&adComponentRenderUrls=url3,url4 ``` @@ -137,11 +131,9 @@ https://www.ssp-kv-server.example/v1/getvalues?renderUrls=url1,url2&adComponentR </td> </tr> <tr> - <td>subkey + <td>hostname </td> <td>The browser sets the hostname of the publisher page to be the value. -<p> -If no specific value is available in the system for this subkey, a default value will be returned. The default value corresponds to the key when the subkey is not set. </td> <td>DSP </td> @@ -365,13 +357,13 @@ If the restrictions are not followed by the client, for example due to misconfig "type": "object", "additionalProperties": false, "properties": { - "context": { - "description": "global context shared by all partitions", + "metadata": { + "description": "global metadata shared by all partitions", "type": "object", "additionalProperties": false, "properties": { - "subkey": { - "description": "Auxiliary key. For Chrome, it is the hostname of the top-level frame calling runAdAuction(). Set if sent to the trusted bidding signals server.", + "hostname": { + "description": "The hostname of the top-level frame calling runAdAuction().", "type": "string" } } @@ -389,26 +381,27 @@ If the restrictions are not followed by the client, for example due to misconfig "description": "Unique id of the partition in this request", "type": "number" }, - "compressionGroup": { + "compressionGroupId": { "description": "Unique id of a compression group in this request. Only partitions belonging to the same compression group will be compressed together in the response", "type": "number" }, - "keyGroups": { + "arguments": { "type": "array", "items": { - "description": "All keys from this group share some common attributes", + "description": "One group of keys and common attributes about them", "type": "object", "additionalProperties": false, "properties": { "tags": { - "description": "List of tags describing this key group's attributes", + "description": "List of tags describing this group's attributes", "type": "array", "items": { "type": "string" } }, - "keyList": { + "data": { "type": "array", + "description": "List of keys to get values for", "items": { "type": "string" } @@ -419,14 +412,14 @@ If the restrictions are not followed by the client, for example due to misconfig }, "required": [ "id", - "compressionGroup", - "keyGroups" + "compressionGroupId", + "arguments" ] } } }, "required": [ - "context", + "metadata", "partitions" ] } @@ -436,20 +429,20 @@ Example trusted bidding signals request from Chrome: ```json { - "context": { - "subkey": "example.com" + "metadata": { + "hostname": "example.com" }, "partitions": [ { "id": 0, - "compressionGroup": 0, - "keyGroups": [ + "compressionGroupId": 0, + "arguments": [ { "tags": [ "structured", "groupNames" ], - "keyList": [ + "data": [ "InterestGroup1" ] }, @@ -458,7 +451,7 @@ Example trusted bidding signals request from Chrome: "custom", "keys" ], - "keyList": [ + "data": [ "keyAfromInterestGroup1", "keyBfromInterestGroup1" ] @@ -467,14 +460,14 @@ Example trusted bidding signals request from Chrome: }, { "id": 1, - "compressionGroup": 0, - "keyGroups": [ + "compressionGroupId": 0, + "arguments": [ { "tags": [ "structured", "groupNames" ], - "keyList": [ + "data": [ "InterestGroup2", "InterestGroup3" ] @@ -484,7 +477,7 @@ Example trusted bidding signals request from Chrome: "custom", "keys" ], - "keyList": [ + "data": [ "keyMfromInterestGroup2", "keyNfromInterestGroup3" ] From 0582dcb7ab136531927d740344c9c54d3484badc Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Tue, 14 Nov 2023 22:07:44 -0500 Subject: [PATCH 24/58] Create 2023-11-08-FLEDGE-call-minutes.md --- meetings/2023-11-08-FLEDGE-call-minutes.md | 173 +++++++++++++++++++++ 1 file changed, 173 insertions(+) create mode 100644 meetings/2023-11-08-FLEDGE-call-minutes.md diff --git a/meetings/2023-11-08-FLEDGE-call-minutes.md b/meetings/2023-11-08-FLEDGE-call-minutes.md new file mode 100644 index 000000000..40edebfde --- /dev/null +++ b/meetings/2023-11-08-FLEDGE-call-minutes.md @@ -0,0 +1,173 @@ +# Protected Audience (formerly FLEDGE) WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 5pm Paris time = 4pm UTC (during winter) + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Nov 8, 2023 + + +## Attendees: please sign yourself in! + + + +1. Michael Kleber (Google Privacy Sandbox) +2. Brian May (dstillery) +3. Roni Gordon (Index Exchange) +4. David Dabbs (Epsilon) +5. Russ Hamilton (Google Chrome) +6. Orr Bernstein (Google Privacy Sandbox) +7. Isaac Schechtman (BidSwitch) +8. Sid Sahoo (Google Chrome) +9. Paul Jensen (Google Privacy Sandbox) +10. Harshad Mane (PubMatic) +11. David Tam (Relay42) +12. Stan Belov (Google Ads) +13. Don Marti (Raptive) +14. Isaac Foster +15. Jeffrey Wieland (mMGNI) +16. Neil Haack (Criteo) +17. Dmitry Stropalov (OpenX) +18. Laurentiu Badea (OpenX) +19. Matt Davies (BidSwitch) +20. Fabian Höring (Criteo) +21. Tamara Yaeger (BidSwitch) +22. Kevin Lee (Google Privacy Sandbox) +23. Matt Menke (Google Chrome) +24. Risako Hamano (Yahoo Japan) +25. Andrew Pascoe (NextRoll) +26. Marco Lugo (NextRoll) +27. Caleb Raitto (Google Chrome) +28. Abishai Gray (Google Chrome) + + +## Note taker: Tamara Yaeger + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + + +* Roni Gordon + * Macro substitutions - https://github.com/WICG/turtledove/issues/817 + * API versioning - https://github.com/WICG/turtledove/issues/823 + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Isaac: + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussion and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 + + +# Notes + +Michael (Chrome): We have a standing list of agenda items. Isaac to nominate a topic. + +Isaac (Xandr): I need to refamiliarize myself w reporting issues, I should go 2nd. + + +## Macro substitutions - https://github.com/WICG/turtledove/issues/817 + +Roni (Index): Issue #817, macro substitutions, this is about understanding what the expectations are from API, I suppose also from buyers, about how macros will behave. We have macro support via replacing URI / URN, my understanding it’s limited to render URL and not what ends up evaluated. I’m trying to understand – today programmatically as sellers we’re responsible for indicating clearing prices and other macros not only in the URL, and I have not seen any indication that what is generating response will understand these macros, so I don’t know where they go anymore. Is there another mechanism? + +Michael: There are two halves to the question (1) what we design and what intention is on how to use macro substitution functionality of PAAPI, (2) how that should interact w IAB expectations about macro subs ought to work. I think the clear answer is that the way we design things to work right now is not same as a set of assumptions that IAB expectations were written, so something will have to change. Won’t be a seamless perpetuation, will involve discussions w IAB and changes that ad ecosystem will need to get in on. + +You’re right that there are 2 diff types macro substitutions. First there is replace in URN function, intended to take something in k anon render URL and allows some subs in the URL that incorporate info on pub’s page. They are not about subbing info about what happened in auction, just info that is already available on pub page. No matter what you do w that replacement system, you will never get more info than what is available in standard event level reporting path, k anon render url + pub page. That’s doesn’t help w learning clearing price or store of privileged info. + +The second kind of substitution is the one that's part of the reporting APIs in which it is possible to deliberately send reports, could be set up to be sent inside of auction, and when you set up reports inside auction like reportWin or reportResult in auction, you can include macros in those URLs to sub later stuff that happened in creative rendering time or what happened as result of auction (px). Reporting API mechanism we have is where macro sub is available. + +That is different from substituting macros in body of rendered creative. No support for that right now, deliberately. Rendered creative does not have any imposed restrictions on what domains resources can be loaded from or where info can be exchanged with. But the combo of info about things like what happened in the auction, that is much more sensitive info, that we want to only send to parties making attestations that they will not circumvent Privacy Sandbox restrictions. We want to only allow this macro substitution going to domains that are signatories to attestations, therefore do not want to allow inside rendered body of creative. Would prefer to remain k anonymous and not follow secret info so that we don’t need to worry what domains are contacted from inside rendering frame. This is essence of why Protected Audience API makes a distinction between rendering and reporting. In the ads world today, when the creative is rendered, you’re also doing reporting at the same time, there is no difference between rendering activities for putting pixels on the screen and ones for telling servers what happened. In PA auction we separate those two things and treat them differently. Screen has to be k anonymous, can load stuff from arbitrary domains, but can’t get lots of extra info as a result. The stuff that needs info about auction outcomes should go to reporting flows. + +Roni: Let’s say today auction price macro is included, what I’m hearing is there is intentionally no facility for replacing that macro as a seller, it will remain unreplaced and that is something that the buy side will have to deal with. In other words OpenRTB spec requires replacement, even if with nothing. I can’t do that as a seller. Therefore buyer’s macros cannot involve what the API will not involve me to replace. Signaling needs to be outside creative / markup. Is there a signals for winner between report results / report win, so I believe if we wanted to signal that we would need to devise a standard for meta data. We would need to talk about mechanism for communicating these macros between report result / report win. Onus could then be on report win buyer to make subs on their own. Is that a fair assumption? + +Michael: Almost right, it is still possible to get the reporting that you want from inside the rendered creative, but not by loading some URL as part of the markup. The mechanism we have where party that shows up in rendering flow can get info involves their use of fenced frame that reporting API. So inside rendering there is new JS API that says send this report to this URL, that report can include macro values in it, the browser will automatically sub them w values that come from the outcome of the auction and the values that are provided by buyers / sellers, that whole flow is possible but it doesn’t involve loading HTML, gotta call JS API. In addition, the domain has to be explicitly listed along w the creative by the buyer as a domain it is ok to send reports to. That domain has to be done the attestation work to be allowed to get info from auction, so as not to circumvent Privacy Sandbox. + +Roni: Even w/in context of today iFrame example, even if pathed signals from winner, still no facility for IFrame to replace that macro even if buyer has that info. + +Michael: Correct, doesn’t get replaced through HTML, has to go through reporting flow. + +Roni: To summarize, any expectation that buyer has that macro will be replaced in markup, are false assumptions now, that will never happen. If they want to do it the “new way” they report event and all requirements. If they want to use event level reporting, there needs to be an agreed upon meta data signals for winner between report results and report win. That’s where we’re at. + +Brian (Distillery): The implication is that formerly evidence of what happened on browser, result of having my macro pixels subbed and sent to me, is now going to have to have to be presented in another way. We have a fenced frame where something is happened, trusting what is happened, reporting coming from another channel, I’m concerned we are not getting strong signal that what we paid for is what we bought. Should we think about some means of producing signals to buyers to provide evidence of the thing getting billed for? Can we do it in privacy preserving way? + +Michael: It has always been the case that any info received about browser was because browser sent request over network. The different now is instead of one request, there’s two types of requests. Some of them are regular old HTTP requests for rending things, using pixels, those still exist. They don’t have macro sub involved in them. Macro sub was always a black box, some man in the middling HTML to insert stuff into it, asking unknown party to change what you sent. What is in the browser is exactly what you send now. Before many unknown people could mutate HTML before it gets rendered, now there are not. From that POV a lot less behind the scenes black box happened in this model. + +Brian: In old model, when event happened, details associated happen at same time. Now they will be provided at a later time? In my pixel fires it can have context from which it fired in macro substitution, at point at which it fired. When I have to go through diff channel, I have to assume the event that happened to produce info, but w/out direct evidence. Later I’ll get info about that pixel fire. + +Michael: Not how I think of it. There were always different events. + +David (Epsilon): Just to clarify, embedded in there, there won’t be an impression time YoY, won’t be an impression time fetch creative because vision for fenced frames is there is not network, right? + +Michael: That was our vision early in this effort, but not any more. Infrastructure required to realize old vision is not how the web is moving. When we started this journey and described this journey in 2020, we liked the idea of rendering with web bundles and without using the network, but it seems that is no longer likely. However it is still the case that the place where we should get to in 2026 is one where even though a creative that renders loads over the network, it should have very little info inside the fenced frame. What we just talked about is fenced frame doesn’t have info on clearing px of auction. That info is known inside auction but tries to be careful about releasing info that could be used for tracking. The vision for the future of fenced frame is one where it is still possible to render creative, but the creative has little information beyond the fact that it rendered. A pixel can reveal that this showed up on a screen, but it would be great if it didn’t reveal info about person who saw the ad. Anything that involves cross-site info, sense of user’s ID, that kind of info should go through dedicated reporting API with privacy protection built in. This means something about aggregation, differential privacy noise, delaying time at which things are sent. Fenced frame rendering is not a privacy preserving API, just a boundary to not allow user info to flow through pub page. + +Roni: Getting back to original ask for clearing price. I understand the report result / report win, gap is in decision - what price to use, conversions from net to gross - all of it based on pub host name and rendered URL and associated meta data. If I make decision that changes bid price, no way to get it into report result, no way to tell what I need to tell to buyer. Today there are mechanisms for leveraging auction px macros to provide fee reductions and buyer incentives. They may not charge you full bid submission, I can communicate the discount. No way to change $10 to $9.50 because Scoread could not send info to report result because of privacy. There’s a gap where the info I know is in Scoread. Modified bid is about the net price, not the buyer’s price. MOdified bid is to be used in top level seller auction. There are 2 parties in this transaction, and those prices can be modified at any point. + +Michael: The intention is that the person running the auction gets to output - how much pub should get paid, how much advertiser should get charged. We want to make it possible for you to make those decisions and communicate them at reporting time. Is there a third number that is different? + +Roni: There is, so the take rate adjustment is modified bid. Both bid and modified win are available, but that doesn't communicate to buyer what they were charged. They might submit a $10 buy I may not charge them $10 independently of my take rate. Submit $9, actually charge $9.50. I don’t have a way to signal that piece, because all I have is incoming bid from buyer, and modified bid going to seller. Only known in Scoread if I give buyer discount. No way to indicate it to report result. + +Stan (Google Ads): You’re saying some discount could be based on individual creative + +Roni: Assume buyers will make decisions based on render URL, exact same on sellers side. Right now no trusted scoring signals going into report result. What I now in Scoread should be in report result. The real question is, can I get trusted scoring signals in report result? + +Michael: [Sorry, my Chrome crashed, back now but I missed some of the conversation.] + +Paul Jensen (Privacy Sandbox): I just want to understand, do they know they will pay lesser amount? + +Roni: Not at auction time + +Paul: How does the seller know who to give discount to + +Roni: Based on pub host name and render URL, the info Scoread has. All discounts handled post-auction. + +Paul: But in 2nd price auction you would know? + + +Roni: There are no second price auctions. + +Paul: Trying to understand how / what is the discount that the buyer knows is coming, they’ll bid not knowing there’s a discount? + + +Roni: Bidding behavior is not based on my margin. They bid in gross terms before all adjustments. Separate from how buyers / sellers pay and charge, we can make intentional incentive programs based on volumes. The question is, all the info that we need is in the trusted scoring signals. If they are ok for Scoread, I assume they’re ok for report results, and it’s just not there because we didn’t come up yet. + +Michael: It seems there shouldn't be any new privacy problem in giving you the info you’re asking for because it’s the signals that are fetched from sellers key value server based on looking up render URL and the host name of pub site, and you’re taking about making those signals available in report result, an environment that already knows the render URL and the hostname in question. Yuu knew keys and you wish you knew value. Browser has already looked up value based on those keys. We’ve never piped it through to get you that info where you want, but I think that's just because nobody has asked for it until now. I don’t see a reason why it can’t be there. + +Matt (Chrome): If all info in request to seller could be used to generate response, could potentially learn other data. Data has to be generated on per URL basis. + +Michael: What Matt is saying, if the key value server is behaving like expected (only based on each individual URL plus the host name), then no new privacy problem to make it available in report results. If owner of key value server is cheating and packing info in response for one URL based on other URLs, then would be channel for leaking cross-site info. Someone who wants to cheat in their key value service by processing as one big thing. + +Isaac (Xandr): presumably you can cheat by combining render URLs but if you export… attestation … (?) . It could happen but it’s covered by the same thing, I don’t know. + +Matt: My understanding is that discussion around info from same joining origin in signal call, which would break anonymity. So we’d have to revisit whether we allow key value server to process all seller URL from the same joining origin. Also note it does not apply to bidder key value info. + +Michael: The only reason that giving what Roni is asking for is feasible is because URL is already k anonymous. Not a collection of keys that buyers key value server, the already k anonymous render URL. + +Roni: Made progress, solidified understanding. + +Michael: It didn't occur to us that it’s a valuable thing to have. + +David: Roni would it be fair to describe this as 1st class feature request/ Now that we seem to have alignment, we were actually talking b4 meeting about relaxing single origin. How do we go about saying we’d like you all to have 1st class feature request? Anything special we need to do process wise? + +Paul: We have a GitHub label for features that don’t break things, it could go there. + +David: So we have to tag one of you to put it there? Fine, good to know. + +Kevin (Privacy Sandbox): I’ll let you know + +Michael: Scoread still has more info that report result does, even with this change. Scoread can get lots of info handed to it from Generate Bid. Generate Bid has arbitrary 2-sites info about user. Still the case that could violate privacy. This particular info that report result can get we know is based on k anonymous data, not on individual user tracking data. + +Laurentiu (OpenX): Not necessarily based on K values, could be based on some machine learning or computational intensive work. + +Michael: the fact that we can’t give you full Scoread contents. I’d be delighted if this doesn’t introduce privacy problem. From b29142bb8285ff24168fb3dd69942e2d2d11f64b Mon Sep 17 00:00:00 2001 From: Garrett Tanzer <garretttanzer@gmail.com> Date: Fri, 17 Nov 2023 07:55:43 -0500 Subject: [PATCH 25/58] Note registerAdMacro input sanitization (#913) --- Fenced_Frames_Ads_Reporting.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Fenced_Frames_Ads_Reporting.md b/Fenced_Frames_Ads_Reporting.md index bb7ae5f0f..a9c5dbaa6 100644 --- a/Fenced_Frames_Ads_Reporting.md +++ b/Fenced_Frames_Ads_Reporting.md @@ -164,6 +164,8 @@ Two strings. **macro value** The value of the macro that is used to substitute the macro (e.g., ${PUBLISHER_ID}) in `reportEvent()` API’s destination URL parameter. +These strings should be URL-encoded (percent encoded). If either of these strings contains characters that are impossible in URL-encoded strings (i.e., any characters besides the unreserved characters [here](https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_in_a_URI) and `%`), the `registerAdMacro` call will fail with a type error. This is to prevent substituted macros from escaping URL parameters in the destination URL template, e.g. substituting `https://ad.com?param=${PARAM}` with (`PARAM`, `innocuous_value?malicious_param=malicious_value`). + ### Example ``` registerAdMacro(‘PUBLISHER_ID’, ‘123a’); From c7aa129827a0bc79381670d47961d989f0bd3a06 Mon Sep 17 00:00:00 2001 From: caraitto <caraitto@chromium.org> Date: Fri, 17 Nov 2023 13:22:21 -0500 Subject: [PATCH 26/58] Header directFromSellerSignals uses most recent response (#890) Prior to this, if the directFromSellerSignalsHeaderAdSlot matched multiple adSlots, signals from an arbitrary ad slot were given to worklet functions. Now, the most recent one is returned, and receiving signals for an already existing adSlot releases memory used to store older signals for that adSlot name. --- FLEDGE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FLEDGE.md b/FLEDGE.md index c8627e160..f4071104a 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -556,7 +556,7 @@ Ad-Auction-Signals=[{ ] ``` -When invoking `navigator.runAdAuction()`, `directFromSellerSignalsHeaderAdSlot` is used to lookup the signals intended for that auction. `directFromSellerSignalsHeaderAdSlot` is a string that should match the `adSlot` value contained in some `Ad-Auction-Signals` response served from the origin of that auction's seller. Note that for multi-seller or component auctions, each component auction / top-level can specify its own `directFromSellerSignalsHeaderAdSlot`, and the response should be served from that component / top-level auction's seller's origin. Different sellers may safely use the same `adSlot` names without conflict. If `directFromSellerSignalsHeaderAdSlot` matches multiple `adSlot`s from header responses, one of those `adSlot` responses will be chosen arbitrarily. +When invoking `navigator.runAdAuction()`, `directFromSellerSignalsHeaderAdSlot` is used to lookup the signals intended for that auction. `directFromSellerSignalsHeaderAdSlot` is a string that should match the `adSlot` value contained in some `Ad-Auction-Signals` response served from the origin of that auction's seller. Note that for multi-seller or component auctions, each component auction / top-level can specify its own `directFromSellerSignalsHeaderAdSlot`, and the response should be served from that component / top-level auction's seller's origin. Different sellers may safely use the same `adSlot` names without conflict. If `directFromSellerSignalsHeaderAdSlot` matches multiple `adSlot`s from header responses, signals from the most recently-received response will be sent to worklet functions. Furthermore, if a response is received for an adSlot whose name matches that for existing captured signals, memory from the old signals will be released and the new signals will be stored. A response that specifices the same adSlot name in multiple dictionaries is invalid. The JSON will be parsed by the browser, and passed via the same `directFromSellerSignals` worklet functions parameter as in [the subresource bundle](#251-using-subresource-bundles) version of DirectFromSellerSignals, with `sellerSignals` only being delivered to the seller, `perBuyerSignals` only being delivered to the buyer for each buyer origin key, and `auctionSignals` being delivered to all parties. Since the top-level JSON value is an array, multiple `adSlot` responses may be set for a given `Ad-Auction-Signals` header. In the dictionary with the `adSlot`, the `sellerSignals`, `auctionSignals`, and `perBuyerSignals` fields are optional -- they will be passed as null if not specified. From e5fd3d9c4b686213d80afde8b4095de67b1aae3b Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Sat, 18 Nov 2023 13:12:37 -0500 Subject: [PATCH 27/58] Create 2023-11-15-FLEDGE-call-minutes.md --- meetings/2023-11-15-FLEDGE-call-minutes.md | 248 +++++++++++++++++++++ 1 file changed, 248 insertions(+) create mode 100644 meetings/2023-11-15-FLEDGE-call-minutes.md diff --git a/meetings/2023-11-15-FLEDGE-call-minutes.md b/meetings/2023-11-15-FLEDGE-call-minutes.md new file mode 100644 index 000000000..1916b244a --- /dev/null +++ b/meetings/2023-11-15-FLEDGE-call-minutes.md @@ -0,0 +1,248 @@ +# Protected Audience (formerly FLEDGE) WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 5pm Paris time = 4pm UTC (during winter) + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Nov 15, 2023 + + +## Attendees: please sign yourself in! + + + +1. Michael Kleber (Google Privacy Sandbox) +2. David Dabbs (Epsilon) +3. Harshad Mane (PubMatic) +4. Luckey Harpley (Remerge) +5. Sven May (Google Privacy Sandbox) +6. Paul Jensen (Google Privacy Sandbox) +7. Isaac Foster (MSFT Ads) +8. Maciek Zdanowicz (RTB House) +9. Kevin Lee (Google Privacy Sandbox) +10. Orr Bernstein (Google Privacy Sandbox) +11. Roni Gordon (Index Exchange) +12. Leeron Israel (Google Privacy Sandbox) +13. David Tam (Relay42) +14. Ning Hu (MSFT Ads) +15. Fabian Höring (Criteo) +16. Russ Hamilton (Google Privacy Sandbox) +17. Jeroune Rhodes (Google Privacy Sandbox) +18. Sid Sahoo (Google Chrome) +19. Andrew Pascoe (NextRoll) +20. Marco Lugo (NextRoll) +21. Alonso Velasquez (Privacy Sandbox) +22. Abishai Gray (Google Chrome) +23. Caleb Raitto (Google Chrome) + + +## Note taker: Kevin Lee + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + + +* Matt Menke + * I’ll be missing today’s meeting, but just wanted to let folks know I’ve uploaded a draft of how ordering and cumulative timeouts tie into auctions. It’s available here: https://github.com/WICG/turtledove/pull/906 +* Isaac: + * Would like to revisit, briefly hopefully, the Dynamic K-Anon Selection feature, in particular w/r/t to the “prioritization reasoning” offered earlier this week [here](https://github.com/WICG/turtledove/issues/729#issuecomment-1807521752) + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussion and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 +* Roni Gordon + * API versioning - https://github.com/WICG/turtledove/issues/823 + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Luckey + * Any plans around loss reporting for buyers? + * Note: it is much more important for us to know the market price, rather than our losing bid. + * https://github.com/WICG/turtledove/blob/main/FLEDGE.md#54-losing-bidder-reporting +* Harshad Mane + * When an adslot backs various sizes like A, B, and C, the PA only backs one size at a time. It seems that Chrome has the ability to check the available IGs on a device and the supported ad sizes for each IG in this situation. Who chooses the size for a protected audience auction (PAA)—the Publisher, Top Seller, or Chrome internal logic? Can the Privacy Sandbox standardize the supported size consistent in PA to prevent potential data leaks caused by random ad sizes that could identify a user? https://github.com/WICG/turtledove/issues/908 \ + +* David Dabbs + * `updateURL` ability to update `userBiddingSignals` \ +https://github.com/WICG/turtledove/issues/760 \ +Intending to land this in M120 [when Mode B testing begins](https://bugs.chromium.org/p/chromium/issues/detail?id=1498491#:~:text=M120%20where%20Mode%20B%20experiments%20will%20begin)? + + +# Notes + + +## Matt Menke has written up a documentation on ordering, timeout, and flow control of the auction + + + +* https://github.com/WICG/turtledove/pull/906 just a pull request so far +* Please take a look and provide feedback where necessary + + +## Isaac - Dynamic creative rendering (k-anon) + + + +* Isaac - Ran an experiment with 24 hours to see how many ads would be blocked by the requirement to only add new ads during the daily update. + * The % of impression traffic is not high. + * Wrote a script for a shorter window, but didn’t help. + * Want more numbers or different numbers. +* Kleber - If you use a daily update mechanism to get creatives into rotation, and when the creative comes into instance, there is a rollout period of 24 hours that ramps up from 0 to 100% over a course of a day. Is what you are asking looking into how long it takes for ads to become available in production. + * Result: 0.2% of potential impressions were impacted by the 24-hour delay. 6-figures volume. + * It doesn’ mean that no ad wasn’t shown, but they may have been shown an older ad. + * There may not be a revenue loss, if a bid was made on another IG. +* Isaac - the revenue loss can be 0 or some loss. +* Kleber - Not the highest priority during the testing period. +* Kleber - Is the real issue how long it takes a creative to get into production + * making the dailyupdateUrl intervals shorter could help? +* Isaac - reducing it to 4 hours helps but not as much as we want + * Continuous vs smaller window +* Paul - Is the question rate of ads into the browser? +* Isaac - Impact on customers and systems + * Dealing with all the endpoints at a browser scale may be challenging +* Paul - Want to learn more about what kind of these ads. You can push an ad instantly to a user with joinAdInterestGroup +* Isaac - Does not feel that’s correct +* Paul - Can use joinadinterestgroup and show an ad instantly + * Ask: What kind of ads are these? Estimated latency? Is there a large delay? What kind of campaign would want an immediate push? Black Friday? +* Isaac - In adtech it’s hard to delineate all use cases of the buyers + * It’s hard to plan a flash sale a week out. + * Would diving into specific cases help? + * Also, the experiment was on create. Will need to look into IG update. + * The market wants to respond quickly, and doesn’t want to wait 24 hours. + * On the publisher page, refresh the creative since it’s based on information that is no longer available on the page. + * It would also make it hard to debug a distributed system +* Roni - Wants to reiterate on a Black Friday, and other days that advertisers deal with. +* David Dabbs - Potential solution to push ads out - if the IG was grouped by origin, would it mess it up? + * If you join on a publisher site, and try to update it on another site. +* Paul - If you join an existing one, it can be quicker. + * Mask becomes big -> Add the user to a mask IG -> Serve mask ad +* Kleber - Isaac's issue mentioned the idea of dealing with privacy risks by triggering the update from an environment with limited information, and a natural place to do that would be the k/v server. + * K/V already returns info for each IG. Used now for priority vector. + * If we add something to the K/V response, a special keyword, saying “please update this interest group.” + * Would that address your needs? +* Isaac - Somewhat. Update request rate might be too high. And it may stress the update endpoint. Looking for something like append rather than an update. +* Kleber - Smallest incremental change that could help would be the k/v server method. + * K/V will eventually be in a TEE. + * While update goes to a regular server. +* Isaac - Challenge of scale is real + * If we need another endpoint for updates, it’s significant amount of traffic, and it’s a higher operational burden + * Will look further into create vs update + + +## Luckey Harpley - Loss reporting + + + +* Luckey - Talking to the Android PA team + * Looking for guidance on the Chrome-side +* Paul - Take a look at the loss reporting + * You can take a look at the documentation for `contributeToHistogramOnEvent()` for aggregate loss reporting. + * For event-level loss reporting, take a look at the `sendReportTo()` + * Downsampling is a mechanism we are looking at. +* Luckey + * Will take a look at the docs for aggregate reporting. +* Kleber + * Update the docs to point to the loss reporting doc + * AI: Kevin Lee + * Link: https://github.com/WICG/turtledove/blob/main/FLEDGE\_extended\_PA\_reporting.md + + +## Harshad Mane - Ad slots on the pages support multiple sizes + + + +* Harshad - Who is deciding the ad size that’s picked + * Is it the publisher through the config, or the top-level seller? + * Or is it Chrome? Looking at the available IG groups, and decide which ad supports it + * Who is the decider? +* Kleber - When you run a PA auction, the only output is “yes there is an ad” or null. + * PA does not give any info out about how to render the ad + * PA does not offer any info about the size of the ad + * Therefore, the person who needs to know the ad size, is the person that renders the ad + * The party that takes the output and create a tag, and place the tag in the DOM + * That party needs to know how much space the ad will take up + * Either the publisher is picking a single size, or the party running the script on the publisher page, (most likely the top-level seller), and render it. +* Harshad - IG has ads with 300x250 + * Ad slot 720x90 + * The IG does not have that ad size available. + * The size selection logic should be looking at the available ad sizes. + * And when it’s not there, who decides what is chosen? +* Kleber - The width and height of the outcome are specified in the auction configuration + * That is how the auction learns about the size to render + * Why can’t size be chosen by looking at all the IGs + * Because all the IGs available are secret cross-site info that we are trying to not leak. + * If we allow size to leak, then information can be encoded into the size dimensions +* Harshad - However, they can’t access those IGs, so they don’t know which sizes can be used. Chrome is the only one that can look at the sizes. + * Why shouldn’t Chrome pick the size +* Kleber - This is similar to a scary idea that was suggested in the multi-size ticket + * Let the browser determine the slot size, BUT with appropriate noise + * https://github.com/WICG/turtledove/issues/825#issuecomment-1764604908 + * However, if we do this without a lot of care, then it will be an info leakage vector + * The only way the browser can possibly do this is to start a research effort to see if it’s possible for the browser to pick a size that is private, along with involving randomness, and it would also mean the size would not always be the highest bid because that would be a leakage vector. + * Therefore, it sounds like a hard problem for the browser to contribute information to. +* Harshad - If random size be a concern, + * Then can PS provide a list of standard sizes to support? +* Roni - Separate two different problems: (1) who chooses size vs (2) order of operations + * Only the iframe creator knows the size of the iframe which would be the top-level seller. + * However, the top-level seller config is created after all component auction configurations. + * And during the contextual auction, the buyers need to be notified of the size. + * The buyers need to return a perbuyersignals for every size. +* Kleber - How does Prebid know about the ad size that can be filled today? + * How do you learn that? +* Roni - Ad slots are configured with ad sizes + * That’s sent to the contextual auction + * Sizes are communicated to the buyers + * It’s made available to the contextual auction +* Kleber - Does it come from the publisher? +* Roni - The final size is only available at the end of the auction when it’s finalized. + * I know the superset of the sizes, but does not know the final size + * Neither does the publisher know +* Kleber - Taking PA as it is now, as a black box that renders a single size, the question is, is there an info channel that lets the top-level seller know that “this is the size” that the PA auction should look at, and that size can be fed into the contextual auction, and the signals that feed into the PA auction could focus on that size, since that is the only size that’s chosen. + * When is the point of time that size is available on the page +* Fabian - Having the same PB+GPT integration issue + * Get multiple sizes for ad requests for a seller + * Want to look for a path that integrates with PB and GAM to allow the final size to be passed into the PA auction +* Kleber - This really depends on how the top-level seller chooses what the right size is. + * Something like "First item in the size list" would make it easy + * Something like "Using a ML model to choose the optimal size" would make it hard + * May be somewhere in the middle, I don't know +* Fabian - Similar to the currency + * In this case, the buyer chooses + * Buyer sends back the ad sizes chosen during contextual auction +* Roni - Currency you can switch back. + * And the buyers pass the size info through perbuyersignals +* Kleber - Hard to answer this question without any GAM person on the call today, because we don’t know when the size information becomes available. +* David - Has PR supporting sizes land? +* Paul - Yes, it landed +* David - There can be different size bundles. Are the ad sizes passed in a macro? +* Kleber - We provide macro substitution if the server needs to find out what the size +* Roni - Replaced by the size of the iframe, and not the size of the ad +* Kleber - Is there a GitHub issue on this? +* Roni - Harshad just opened up (#[908](https://github.com/WICG/turtledove/issues/908)) and it was mentioned in another issue. +* Kleber - Will talk to the GPT folks and see if this question needs to be moved over to their repo, and will investigate into the information flow. +* David - GPT supports width and height. It may be a way to pass a size. +* Paul - Implementation(_kevin: not sure which feature_) is close. It would be M121. + * Kleber - Merging into an old branch is for bug fixes, and new features would go on a new branch. + + +## No Meeting Next Week (Nov 22) + + + +* Kleber - Next week is the day before thanksgiving. + * Usually low attendance + * My instinct is to cancel. + * Vote for canceling. +* Isaac - Would love it for just to be us, but would also like to include the industry +* Kleber - Nov 29th will be the next time we meet. From b56828dd2a85a7dadb47c56511e13115d27b4977 Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Sat, 18 Nov 2023 13:22:41 -0500 Subject: [PATCH 28/58] Update 2023-11-15-FLEDGE-call-minutes.md --- meetings/2023-11-15-FLEDGE-call-minutes.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meetings/2023-11-15-FLEDGE-call-minutes.md b/meetings/2023-11-15-FLEDGE-call-minutes.md index 1916b244a..134f30f09 100644 --- a/meetings/2023-11-15-FLEDGE-call-minutes.md +++ b/meetings/2023-11-15-FLEDGE-call-minutes.md @@ -231,8 +231,10 @@ Intending to land this in M120 [when Mode B testing begins](https://bugs.chromiu * Kleber - Is there a GitHub issue on this? * Roni - Harshad just opened up (#[908](https://github.com/WICG/turtledove/issues/908)) and it was mentioned in another issue. * Kleber - Will talk to the GPT folks and see if this question needs to be moved over to their repo, and will investigate into the information flow. -* David - GPT supports width and height. It may be a way to pass a size. -* Paul - Implementation(_kevin: not sure which feature_) is close. It would be M121. +* David - GPT supports width and height. It may be a way to pass a size. + +## David Dabbs - updateURL ability to update userBiddingSignals #760 +* Paul - Implementation is close. It would be M121. * Kleber - Merging into an old branch is for bug fixes, and new features would go on a new branch. From 9c9973cad627631cf22002d62b2a6daf9caa15d1 Mon Sep 17 00:00:00 2001 From: Paul Jensen <JensenPaul@users.noreply.github.com> Date: Sun, 19 Nov 2023 10:59:13 -0500 Subject: [PATCH 29/58] Spec: fix prevWins ad json (#919) --- spec.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index 18f876c6a..322bdfb73 100644 --- a/spec.bs +++ b/spec.bs @@ -1288,7 +1288,7 @@ To <dfn>parse an https origin</dfn> given a [=string=] |input|: [=interest group/name=] is |ig|'s [=interest group/name=], return if none found. 1. Let |win| be a new [=previous win=]. 1. Set |win|'s [=previous win/time=] to the [=current wall time=]. - 1. Let |ad| be the [=ad descriptor=] from |ig|'s [=interest group/ads=] whose + 1. Let |ad| be the [=interest group ad=] from |ig|'s [=interest group/ads=] whose [=ad descriptor/url=] is |bid|'s [=generated bid/ad descriptor=] [=ad descriptor/url=], return if none found. 1. Set |win|'s [=previous win/ad json=] to the result of From ec354d78aaa175d54ac2ddfc055f21a321a0fe59 Mon Sep 17 00:00:00 2001 From: HabibiYou <131692252+HabibiYou@users.noreply.github.com> Date: Mon, 20 Nov 2023 20:12:59 -0500 Subject: [PATCH 30/58] Spec: Allow updating userBiddingSignals (#907) --- spec.bs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/spec.bs b/spec.bs index 322bdfb73..0ec994d9f 100644 --- a/spec.bs +++ b/spec.bs @@ -3631,6 +3631,15 @@ The <dfn for=Navigator method>updateAdInterestGroups()</dfn> method steps are: set |ig|'s [=interest group/trusted bidding signals keys=] to |value|. 1. Otherwise, jump to the step labeled <i><a href=#abort-update>Abort update</a></i>. + <dt>"`userBiddingSignals`" + <dd> + 1. Set |ig|'s [=interest group/user bidding signals=] to the result of [=serialize an Infra + value to JSON bytes=] given |value|. + 1. Otherwise, jump to the step labeled <i><a href=#abort-update>Abort update</a></i>. + + Issue: Serializing an Infra value to JSON bytes expects to be called within a valid ES realm. See + <a href="https://github.com/whatwg/infra/issues/625">infra/625</a> + <dt>"`ads`" <dt>"`adComponents`" <dd> From 0b7845290435bc6ad35a10781331647206a44291 Mon Sep 17 00:00:00 2001 From: "Kevin K. Lee" <kevinkiklee@gmail.com> Date: Mon, 27 Nov 2023 11:08:22 -0500 Subject: [PATCH 31/58] Add IG recency info to the PAA example (#838) * Add IG recency info to the PAA example * Expand example description --- FLEDGE_extended_PA_reporting.md | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/FLEDGE_extended_PA_reporting.md b/FLEDGE_extended_PA_reporting.md index fc015ff57..8507673fc 100644 --- a/FLEDGE_extended_PA_reporting.md +++ b/FLEDGE_extended_PA_reporting.md @@ -69,33 +69,30 @@ with an arbitrary `event_key` within `generateBid`, `scoreAd`, `reportWin`, and ### Example 1: Correlating bidding signals with click information. -We consider the scenario where a buyer wants to learn the click through rate of ads when a user has +We consider the scenario where a buyer wants to learn the click-through rate of ads when a user has been in an interest group for a given time. -The buyer may implement `getImpressionReportBucket()` and `getClickReportBucket()` which map an -interest group and the time the user has spent in that interest group to a 128-bit integer. +To generate the bucket that represent interest group age, the buyer may implement `getImpressionReportBucket()` and `getClickReportBucket()` functions which return buckets that map an interest group and the time the user has spent in that interest group to a 128-bit integer as `BigInt`. The `browserSignals.recency` value inside `generateBid()` specifies the duration in minutes since the user joined the interest group. -The buyer can then do the following during generateBid (when the above information is available) +Once the buckets have been derived, the buyer can call Private Aggregation inside `generateBid()`: ``` function generateBid(interestGroup, auctionSignals, perBuyerSignals, trustedBiddingSignals, browserSignals) { - … + // … privateAggregation.contributeToHistogramOnEvent(“reserved.win”, { - bucket: getImpressionReportBucket(), + bucket: getImpressionReportBucket(), // 128-bit integer as BigInt value: 1 }); privateAggregation.contributeToHistogramOnEvent("click", { bucket: getClickReportBuckets(), // 128-bit integer as BigInt value: 1 }); +} ``` -The above logic will trigger a report if the generated bid wins (see -[reserved.win](#reporting-bidding-data-for-wins)). And another one, if the user later clicks on the -winning ad (this needs to be triggered by the fenced frame itself, see -[reportPrivateAggregationEvent](#reporting-bidding-data-associated-with-an-event-in-a-frame). When -the buyer receives an aggregated report they can infer what the click-through-rate (CTR) was for -users on different “interest group age” buckets. +The impression report will be sent if the [`reserved.win`](#reporting-bidding-data-for-wins) event is triggered, which is a reserved event for when the bid wins the auction. The click report will be sent if the `click` event is triggered by the [`window.fence.reportEvent("click")`](#reporting-bidding-data-associated-with-an-event-in-a-frame) call originating from the fenced frame of the ad. + +The buyer can then generate the summary report of the impression count and click count to infer the click-through rate of the users in different interest group age buckets. ### Example 2: Getting the average bid gap for an ad. From 687d76b8e69c3f12c2ed8290689b74a7b1e4a55a Mon Sep 17 00:00:00 2001 From: Paul Jensen <JensenPaul@users.noreply.github.com> Date: Mon, 27 Nov 2023 13:48:04 -0500 Subject: [PATCH 32/58] Create PA_Feature_Detecting.md (#910) For previously documented, explained and spec'd features, provide developers with help for how to feature detect these features. --- PA_Feature_Detecting.md | 70 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 PA_Feature_Detecting.md diff --git a/PA_Feature_Detecting.md b/PA_Feature_Detecting.md new file mode 100644 index 000000000..78dc213ab --- /dev/null +++ b/PA_Feature_Detecting.md @@ -0,0 +1,70 @@ +# Feature detecting Protected Audience + +As Chrome ships and experiments with various Protected Audience APIs, it can be useful for web developers to detect the presence of individual features +in users’ browsers. This document seeks to list feature detection mechanisms for each shipped or experimented feature. + +## Protected Audience +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/igFixT5n7Bs/m/ZNrDcQ2dDQAJ) +``` +let pa = typeof navigator.joinAdInterestGroup !== 'undefined'; +``` +## directFromSellerSignals via headers +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/JpWOdoPi5Wo/m/YyTaUzkxAgAJ) +``` +let dfss = false; +navigator.runAdAuction({get directFromSellerSignalsHeaderAdSlot(){dfss = true;}}).catch((e)=>{}); +``` +## Negative targeting +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/xzrWfs-BwFk/m/a90JCji_AAAJ) +``` +let nt = typeof navigator.createAuctionNonce !== 'undefined'; +``` +## clearOriginJoinedAdInterestGroups() +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/IfmYsMCUoHc/m/yCddTUfgBgAJ) +``` +let nt = typeof navigator.clearOriginJoinedAdInterestGroups !== 'undefined'; +``` +## Interest group limit changes +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/IfmYsMCUoHc/m/yCddTUfgBgAJ) + +These limits are intended to be guardrails against exceptional behavior, and not meant to be reached under normal conditions, so there should not be a +need to find out what the guardrails are. In [the best practices we previously published](https://developer.chrome.com/docs/privacy-sandbox/protected-audience-api/latency/#fewer-interest-groups-bidding), +we encourage buyers to use fewer interest groups. +## kAnonStatus +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/IfmYsMCUoHc/m/yCddTUfgBgAJ) +``` +reportWin(auctionSignals, perBuyerSignals, sellerSignals, browserSignals, directFromSellerSignals) { + ... + let ka = typeof browserSignals.kAnonStatus !== 'undefined'; +} +``` +## Bidding & Auction Services +[Intent to Experiment](https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/BwMKwPP6GQAJ) (note that this is an +[Origin Trial](https://developer.chrome.com/en/docs/web-platform/origin-trials/) and as such +requires [Origin Trial tokens](https://developer.chrome.com/en/docs/web-platform/origin-trials/#iframe)) +``` +let ba = typeof navigator.getInterestGroupAdAuctionData !== 'undefined'; +``` +## Recency in generateBid() +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/-bQKNLit6nw/m/vPe0uSXtAAAJ) +``` +generateBid(interestGroup, auctionSignals, perBuyerSignals, + trustedBiddingSignals, browserSignals, directFromSellerSignals) { + ... + let rg = typeof browserSignals.recency !== 'undefined'; +} +``` +## Rounding bids and scores +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/-bQKNLit6nw/m/vPe0uSXtAAAJ) + +This is a privacy protection that does not require different behavior from Protected Audience API callers and hence has no feature detection mechanism. +## Credentialed automatic beacons +[Intent to Ship](https://groups.google.com/a/chromium.org/g/blink-dev/c/rMyTWCo-f_I) + +Whether automatic beacons will attach credentials cannot be detected from inside Protected Audience ads. From the perspective of the server, the request +has either credentials mode “omit” (feature disabled) or “include” (feature enabled), which affects how headers are processed in the same way as the rest +of the web platform. +## reserved.top_navigation_start/commit +This cannot be detected from the web platform. Instead, an ad auction can register both a `reserved.top_navigation_commit` and a `reserved.top_navigation` +beacon, and then the ad frame can set the same automatic beacon data for both event types. The beacon destination server can then compare +`top_navigation_commit` and `top_navigation` beacons, and filter out duplicate beacons that have the same exact data. From dad42d099d9c5cfc616e2893cd35acdc3d3695d8 Mon Sep 17 00:00:00 2001 From: Isaac Foster <isaac.z.foster@gmail.com> Date: Mon, 27 Nov 2023 20:04:38 -0800 Subject: [PATCH 33/58] Update FLEDGE_Key_Value_Server_API.md (#726) * Update FLEDGE_Key_Value_Server_API.md Looking for clarity disguised as commit, main page indicates interest group names being concatenated and added to the KV call for commong kv URLs, and table below mentions multiple IG names, want to make sure I'm understanding. * Update FLEDGE_Key_Value_Server_API.md Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> --------- Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> --- FLEDGE_Key_Value_Server_API.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FLEDGE_Key_Value_Server_API.md b/FLEDGE_Key_Value_Server_API.md index 3f6035406..2b16cd971 100644 --- a/FLEDGE_Key_Value_Server_API.md +++ b/FLEDGE_Key_Value_Server_API.md @@ -69,7 +69,7 @@ GET `https://www.kv-server.example/v1/getvalues` ### Examples ``` -https://www.dsp-kv-server.example/v1/getvalues?hostname=publisher.com&keys=key1,key2 +https://www.dsp-kv-server.example/v1/getvalues?hostname=publisher.com&keys=key1,key2&interestGroupNames=name1,name2 https://www.ssp-kv-server.example/v1/getvalues?renderUrls=url1,url2&adComponentRenderUrls=url3,url4 ``` From 86d15039319f42d538d436669a9a91c0f24e3732 Mon Sep 17 00:00:00 2001 From: qingxinwu <6334674+qingxinwu@users.noreply.github.com> Date: Tue, 28 Nov 2023 10:09:41 -0500 Subject: [PATCH 34/58] Fix an error in prevWin's ad json. (#921) * Fix an error in prevWin's ads. * Update spec.bs --------- Co-authored-by: Qingxin Wu <qingxinwu@google.com> Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> --- spec.bs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/spec.bs b/spec.bs index 0ec994d9f..de966e23e 100644 --- a/spec.bs +++ b/spec.bs @@ -1288,9 +1288,10 @@ To <dfn>parse an https origin</dfn> given a [=string=] |input|: [=interest group/name=] is |ig|'s [=interest group/name=], return if none found. 1. Let |win| be a new [=previous win=]. 1. Set |win|'s [=previous win/time=] to the [=current wall time=]. - 1. Let |ad| be the [=interest group ad=] from |ig|'s [=interest group/ads=] whose - [=ad descriptor/url=] is |bid|'s [=generated bid/ad descriptor=] - [=ad descriptor/url=], return if none found. + 1. Let |ad| be an [=interest group ad=] whose [=interest group ad/render url=] is |bid|'s + [=generated bid/bid ad=]'s [=interest group ad/render url=], and whose + [=interest group ad/metadata=] is |bid|'s [=generated bid/bid ad=]'s + [=interest group ad/metadata=]. 1. Set |win|'s [=previous win/ad json=] to the result of [=serializing an Infra value to a JSON string=] given |ad|. 1. [=list/Append=] |win| to |loadedIg|'s [=interest group/previous wins=]. From ff421a5ce53f5302af033114fcf06b7ad9495fc3 Mon Sep 17 00:00:00 2001 From: Lucas Bezerra <lbezerra@gazetaonline.com.br> Date: Mon, 4 Dec 2023 22:05:02 +0000 Subject: [PATCH 35/58] Update fledge-tester-list.md with A Gazeta (#938) --- fledge-tester-list.md | 1 + 1 file changed, 1 insertion(+) diff --git a/fledge-tester-list.md b/fledge-tester-list.md index ba339b047..432ea7de2 100644 --- a/fledge-tester-list.md +++ b/fledge-tester-list.md @@ -83,4 +83,5 @@ Companies who may be interested in participating in tests and early adoption opp | Terra Networks | Publisher | | adtech.terra.br@telefonica.com | | OLX Brasil | Publisher | | adtech@olxbr.com | | Globo | Publisher | | adtech-delivery@g.globo| +| A Gazeta | Publisher | | cdutra@redegazeta.com.br | From 1f802ef0ff4374a2a274292c19171ffb901ac36e Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Tue, 5 Dec 2023 20:59:36 -0500 Subject: [PATCH 36/58] Create 2023-11-29-FLEDGE-call-minutes.md --- meetings/2023-11-29-FLEDGE-call-minutes.md | 185 +++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 meetings/2023-11-29-FLEDGE-call-minutes.md diff --git a/meetings/2023-11-29-FLEDGE-call-minutes.md b/meetings/2023-11-29-FLEDGE-call-minutes.md new file mode 100644 index 000000000..caabe9ee8 --- /dev/null +++ b/meetings/2023-11-29-FLEDGE-call-minutes.md @@ -0,0 +1,185 @@ +# Protected Audience (formerly FLEDGE) WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 5pm Paris time = 4pm UTC (during winter) + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Nov 29, 2023 + + +## Attendees: please sign yourself in! + +1. Michael Kleber (Google Privacy Sandbox) +2. Roni Gordon (Index Exchange) +3. Sven May (Google Privacy Sandbox) +4. Orr Bernstein (Google Privacy Sandbox) +5. Paul Jensen (Google Privacy Sandbox) +6. Brian May (dstillery) +7. David Dabbs (Epsilon) +8. Fabian Höring (Criteo) +9. Harshad Mane (PubMatic) +10. Maciek Zdanowicz (RTB House) +11. Russ Hamilton (Google Privacy Sandbox) +12. Kevin Lee (Google Privacy Sandbox) +13. Wojciech Biały (Wirtualna Polska Media) +14. Miguel Morales (IAB Tech Lab) +15. Pawel Ruchaj (Audigent) +16. Jeroune Rhodes (Privacy Sandbox) +17. David Tam (Relay42) +18. Abishai Gray (Privacy Sandbox) +19. Youssef Bourouphael(Google Privacy Sandbox) +20. Andrew Pascoe (NextRoll) + + +## Note taker: Orr Bernstein + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + +* Isaac: + * Sec-cookie-label for no label: https://github.com/GoogleChromeLabs/privacy-sandbox-dev-support/issues/153 + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussi loop on and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 +* Roni Gordon + * API versioning - https://github.com/WICG/turtledove/issues/823 + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Fabian Höring: + * Protected Audience AB testing (https://github.com/WICG/turtledove/issues/909) 10 min prez + discussion + + +# Notes + + +## Protected Audience AB testing from a DSP perspective - https://github.com/WICG/turtledove/issues/909 + + + +* Fabian Höring: + * Slides presented (forthcoming in https://github.com/WICG/turtledove/pull/936) + * Why do we need AB testing? + * Increase performance of PA + * Measure technical changes - when we roll out stuff on 1% of users and make sure we don’t break anything + * Measure stuff in a consistent way + * If we can’t do AB testing the right way - for e.g. sales and conversions - cannot improve the performance of PA + * User scenario + * User browsing shoes / browsing phones / visit his famous blog / checks the weather / clicks on shoe ad / buys shoes. + * With AB testing, split the the user into two populations: A and B + * Split by user - currently using 3rd party cookies. Consistency exposed to A or B behavior. Can change the bidding behavior, and then check to see if this user had more sales/less sales. + * Throughout the user scenario, always in the same group. + * With first party on publisher site, in some websites, exposed to the A group behavior, in other websites, exposed to B group behavior. Not perfect because you don’t see the full impact of being in a group because some publisher pages would be on the “other” group. + * With 1st party on advertiser, then different campaigns for the same user would end up in different groups. + * Existing mechanism with ExperimentGroupID + * Can assign an ExperimentGroupID, and based on this ID, decide if the user is exposed to population A or B. + * Cannot be assigned by the buyer anymore, can only be assigned by the seller. + * In this scenario, could attach the first party user ID to the interest group. Could decide based on this realtime call if we are exposed to population A or B. Could encode when we get render URLs which population we chose. + * In this scenario, cannot handle as much + * If we split by tagging, could get some bias. + * Could get leakage, as the same user will change for different advertiser websites. If the advertise has two campaigns, can see if if one campaign works better than the other. + * Proposal: inject a global Chrome ID, reduce entropy as much as possible and not leak too much information to negative side effects to identifying the user. + * Could use 3 bits - which would allow for 8 groups. + * User behavior could be impacted by being a member of a group; constantly rotating the population helps to mitigate this. + * Reporting + * For each population, can look at e.g. clicks vs sales. + * In the short term, could use existing mechanisms - e.g. having more renderUrls, and using one based on the population. But all of these things have privacy mechanisms in place, so always come with some tradeoff. + * Fully compatible with aggregated reporting (with DP noise). Can still bucketize with population. +* Kleber + * Two different types of discussion we could have here, and I would like to do both: + * Understanding better - asking questions about whether the existing capabilities really don’t meet your needs, or + * Talking about the proposal to introduce more bits. +* Brian May + * Would like to better understand where the confounding factors are in the current model, why AB tests can’t be utilized as they currently are given PAAPI constraints. +* Kleber + * Pick A vs B impression by impression - no consistency + * Pick A vs B using 1st party identifier on publisher site - different treatments for the same user when on different sites. + * Makes sense why this doesn’t do a good job of letting an advertiser know the relative effectiveness of different ad campaigns, because same person might have seen both. + * Pick A vs B at the time you put the user into an interest group. Now you have separate A and B populations. IG would contain renderUrls which indicate whether you were in A or B, which means you do pay a factor-of-two cost in your k-anonymity counts. It seems this does let you do consistent experimentation of different bidding models on different ad campaigns. +* Fabian + * Too much noise to distinguish whether A or B is better. In some scenarios, it could work, if you have one large advertiser testing A vs B on their own campaigns. If one advertiser wants to test, it could work. But if you want to get raw events, means you would need to split on all traffic. Means you need to change behavior of all campaigns. If you split ads, you could see both behaviors. For e.g. adding a button - users may like that and click on those more - then it works. For bidding behavior where there’s no visual impact, can’t necessary see this - e.g. if there was a case where both A and B were shown, how do you know if it was because B was shown or because both were shown? +* Kleber + * So this is the case where a DSP wants to run an experiment on something like the bidding model across all advertisers. Not enough traffic from a single advertiser. Want enough data that you can tell the difference between things you want to tell the difference between. + * But, if you’re a user and you’re seeing some ads with A and some ads with B, then why isn’t this enough? You can’t control all the ad campaigns that a user will see, because some are run by other DSPs, so even when you’re changing your bidding model, you’re only affecting the ads affected by that bidding model. +* Fabian + * Don’t have an example right now. The signal you’re using for bidding is not a simple signal. If you cannot expose a user consistently to the same behavior. +* Kleber + * What I was expecting to hear is, what if you add a user to an ad campaign if they’re on different websites. Different advertisements from advertisers joined on different sites, then could get lack of consistency. Then I would say, negative targeting on interest groups thing could be part of a solution. +* Fabian + * Scenario is mostly a retargeting campaign. For upper funnel campaigns. +* Paul + * If you have a three-bit identifier, still breaks down if you have other buyers involved that won’t respect another person’s campaign. +* Fabian + * But only measure what Criteo does. Only want to modify my bidding behavior and optimize my bidding algorithm. +* Paul + * 3-bit mode, or split by 1st party advertiser, or by 1st party publisher. Wondering what the efficacy of each is. +* Fabian + * Can do a technical AB test on experiment group ID. Just want to know that it’s not completely broken. Don’t care about noise or confidence intervals. For this, group ID is enough. + * User ID is perfect for single-advertiser campaigns, where one advertiser wants to propose a single advertiser campaigns, where one advertiser wants to propose a different creative to see how they behave. Lots of noise. +* David Dobbs + * Might some constrained controlled application of shared storage work in the bidding worklet? +* Fabian + * No, because shared storage cannot be used inside FLEDGE. Also checked this out; shared storage can be used after rendering for creative AB tests. But not completely random, could be aligned with the 3 bits. Every time you use shared storage selectURL API, you can leak three bits. This is why three bits. Shared storage is even worse, because it’s 3 bits for each time you call. Vs these three bits - it’s the same three bits every time. Budget capping mechanism. +* Kleber + * For enabling shared storage in FLEDGE, if we do this in a reckless way, could enable a lot of tracking. Would need to be done with care, where you could maybe access only a few bits of information from shared storage. Can’t give an answer, but could give it some thought. +* Brian + * What if the browser had essentially one bit. Bidding algorithms could have one bit. If the bit is 0 don’t bid, if the bit is 1, do bit. Some level of consistent audiences. Some way for the browser to divide the audiences, without the advertiser seeing the browser level split. +* Kleber + * Seems unlikely that a single bit will remain a single bit. Seems likely that that the three bits are needed. And there’s a slippery slope, in which this could later become 6 bits or 9 bits. Could add noise, but then each bit is less useful and you need more bits. Tradeoff mechanisms we’ll have to talk to researchers about. Noise would make your confidence intervals larger. Not an easy thing to answer, going to have to think hard to think about this. And why things that are already possible - e.g. A/B split at the advertiser level - A vs B version of an interest group - has some advantages. It just works. That’s Brian’s “I just want one bit”; just do that at interest group time. As soon as you want things to be cross-site, you have trade-offs against noise. People like Charlie and Josh who have thought a lot about differential privacy and noise on the shared storage side of things will have a lot of thoughts, but they’re not in this meeting, so we can’t come to any conclusions. + + +## API versioning - https://github.com/WICG/turtledove/issues/823 + + + +* Roni + * Short version - Paul and others are very active about getting changes into everything. B&A services has a version of this. So do a bunch of other surfaces. We’re in the middle of changing things. We’re changing which headers are required to be returned. Subresource bundles to other HTTP headers. Additional bids from negative targeting. No easy way to know when things are added programmatically. Neither client nor server have a way of knowing what’s going on. Even release notes don’t align with all of the changes, and there’s no way to introspect that programmatically. Basically, what support exists for what origin. And when can we expect a stable API surface, not have to write code to inspect this. +* Paul + * I share the goal of a stable API. We want to make changes, and it’s going to be a living API in that way. There’s going to be a need to feature detect what thing is there. Versioning is not that easy. A lot of the way we launch these is 50/50 on canary/dev, then 50/50 beta, then 1% stable. Necessity to make sure we’re not breaking things as we roll them out, so not as easy as “what version is this”, because there’s a bunch of things rolling out at the same time. The explainer/spec are being updated as we update things as well. Because there are a few things being rolled out at a given point in time, there is no one version number that will tell you the answer. Knowing which 50/50 branch you’re in in dev/canary or beta, or which 1/99 branch you’re in on stable. + * So, to help with this, I published a document https://github.com/WICG/turtledove/blob/main/PA\_Feature\_Detecting.md that shows - for everything we’ve launched since the APIs reached General Availability - how to detect for any one of the things that you can use it. Once it’s at 100% stable, then at tip of tree, you can expect that it’s there. But until then, feature detection will be necessary. + * The other thing to keep in mind is that we’re trying to keep things as stable as possible, and avoiding breaking backwards compatibility. Deprecating things on the web is pretty hard. All of the things we launched at GA, and all of the things we added in the origin trial over its 15 months, we added in an optional way. It’s very rare that the web breaks backwards compatibility. Many of our APIs are dictionaries of, “what do I want to turn on”; you can add new thing that the browser doesn’t know about yet. + * In short, feature detection is a good practice to know what’s available +* Kleber + * Or ignore new features. If you keep using the API the way it was, it’ll still work. That’s what the goal of maintaining backwards compatibility is all about. +* Roni + * I get it, but maybe we’re not being complete about what feature detection means. Some of these things have an impact on sellers or buyers. Some of the KVs get parameters; if they’re missing, I know they’re missing, but not everything. If I as a seller want to know that negative targeting is enabled, or size on the kAnonymity checks. Because I have to generate my auction config somewhat independently of what the browser is doing, I have to build something that can get sent from client to server, need to know about capabilities. I don’t have a list of everything that needs to be detected. +* Paul + * Some of these things are harder than others, e.g. sizes and knowing whether that’s in the kAnonymity check. We’ll work harder to better surface what features are enabled to different parts of the auction. +* Kleber + * Definitely note to us when we there are gaps and we can try to +* Brian May + * Roni’s concern is a symptom of an underlying concern that I’m hearing regularly, in which we have an extremely complex machine we’re not familiar with, where we’re trying to make sense of it, poking it and we have a requirement that we do some assessment of this machine vs our current status quo, and how changes in the model will impact our businesses. We’re not sure what this thing is, we have a couple different expressions of the model in various states of completeness and it’s regularly getting updated and changed. The challenge we’re facing is that we need to figure out how it works before we can begin to figure out if it works and we’re also facing testing deadlines. +* Kleber + * I hear what you’re saying, but this weekly meeting alternates between people requesting a stable machine and here are 5 new feature requests. +* Brian + * I understand, but we need to get to a place where we can keep it stable long enough to figure out how it works so we can do that assessment. +* Kleber + * During the CMA testing phase in the first half of 2024, good time for a relatively quiet period, not rolling out substantial changes. But that said, the web is a dynamic platform, nothing is written in stone, things constantly changing. +* Brian + * Another concern is that we slow down on development, and when we’ve come up with conclusions based on that, we make significant changes to the APIs, and all the things we figured out about business impacts are invalidated. +* Kleber + * Hope is that your prior evaluation should be a lower bound on how well this API works for your needs. From testing, are hoping to get feedback on ways to improve the API to make it better satisfy your needs. +* Brian + * Can we get help from the Chrome folks on how to test these things, things like feature detection. +* Kleber + * Yes, e.g. Paul’s doc, in the notes and chat. +* David + * Release notes stopped being updated at M114. If one were to read the spec or the human readable version, does that reflect what’s going to be live at M120, e.g. in mode B labels where the cookies are being taken away, which is where people trying to get consistent numbers will be testing. +* Kevin Lee + * Alonso and I are working on improving change logs. +* Paul + * FYI, the explainer will often have things that are not yet shipped, since we need to make these changes as part of the Chrome release process for IntentToShip. +* David + * More clarity/transparency is a good thing. From 955d9660414996b51a255a8c84d9d61cd18f9171 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20H=C3=B6ring?= <fhoring@gmail.com> Date: Wed, 6 Dec 2023 15:44:06 +0100 Subject: [PATCH 37/58] Add slides ab-testing (#940) --- ...9-FLEDGE-call-minutes-slides-ab-testing.pdf | Bin 0 -> 397748 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 meetings/2023-11-29-FLEDGE-call-minutes-slides-ab-testing.pdf diff --git a/meetings/2023-11-29-FLEDGE-call-minutes-slides-ab-testing.pdf b/meetings/2023-11-29-FLEDGE-call-minutes-slides-ab-testing.pdf new file mode 100644 index 0000000000000000000000000000000000000000..1043989e789720a08fda37423cfa42a8873413c4 GIT binary patch literal 397748 zcmbTe1wd5W7dJX|D4;kfA_#~egVG=&B{*~qB?1N|A%c`3O4*KpfRuoAOAAtBAR#Iu zDPq$lh?Giwd!I9dc<=qc@4e@}bLY%CJJw$7w|;BwwU3wI@Q}K&xQGlBBY!#g!^9}g zBgW%q<IKdUpde~;?u@;tnzfg;i<^U}p|yj(CyxYpY$U2{?dl+C?~3CQHTLrGw)Hac zu(vmIbMxX67e^Zyczd}xxq|j`(ntqAYmZY}t|#5VpzzY(jtBI!S5gwyv-h&L12gbQ z%ZMQ@&7ACg>^%%U>`&Tz*t^<-A*5xXOh!sdOpNxfc8F|nlD~vRgcDVB^L7O?>=)H> zvh%d$k%ZlN#L+JaL=YYcS>&c9`Xz;o%p<iQxhakQl16{+N95tzk9OZLgET>f<dH$U z%c3pikbXyb)=LO`{YyfiL$D?<k`j&VJ>9%LzzTs<@V;Ie#$MK5_TXB>Seggbnuf6q z4>B)Ml(~V8v%ResR3K2<eja3MQLWR!D&k^1;9o>VqUvt0u#LJn4<e$dx&*KZ>6xL2 zo2{|Em!&AMxu}V~uNT@~75!2}zqH^wz#Mi?)~as4mY}N`j~vj2w3OIU9-v`YFR%hn z9w|7csD_7|_Zcu90u<zjsIjPthqbHc8Msp0bE0a-qKE9yI@#JAX{ds6O{{G^K@$`; zs5U%##MUbg4op^@x|55Sy@#l}3sB4<ds{a<dr@6`R|hXgU`9zv*vr$)!`}Kd6Qgh9 zw|JdfrcG>DhK1(>bH1M5>z}irR=STOpq>yu5fpVWisC8LK}t^Bw56Gl<$|N$BL40- zsrT(>6;I8TH?28auxwFN?e;O?*Vt(PwOhxk4lGPoC%<leIFqoTR6mliqpK#e_WU{T zfcfFp4>xD-TYml^I@#Ph?C?}kPGnyCr-{Cq^2)^0#Nv$P0-KTB-9-1OC)SGPr%ht( zhHA!7kH5R}pzFf7C&djT4{H+X&VAM%dJ}i^z`Lapx$2KKesjguqJdtYj~ma@vV|Y{ z@YqG~zI4D2%^#MG^ge;Vhn6Pt7anC2<!w)O@zyR>U+F(I<+S7JmC1@t>{kl#JLbOZ zEUEk@?0F|i#>rx4>pS@|vq}g2RNoVy@zWyu)t({tI#lfD(N?dTUmr>5sOTK-lY1(+ z_(=Rg=h+fmX90_4b1tqDySVkIg0%KKo#@OneVgVTr!_-*&93fv<kF)w$n){qR68HP zC@!Bf)#a||!>^Kc;XOSsuUgNy5#IanV!GpgIyC2}g$MhQY-e#gpVaI7RCef{;hcWt z%Di=Td1+!Lv{7*{uj|fGMdi|chnF_BpGpflAG%-l!q->%gx-g^2*RGAD@B$%BK=XS z0$#WzjUMNC^Ngy>9U=BwLotaRX(A>zALN}k&g|bBE313GNsBc&@_{Tnp35-&&4HU6 zk{oXai}BsN)k1ez%syhkCQ?UI+PO<c__g;vD(Qiy!VLWjDfTg!Bh%hQS%wtfOJz9W z$R&J<)3<4ey1F8DN#3|V@kab{2S!oLvAipR*KSGX)Am?5g?v+sa#z=-olRuF9EgeD zG;o?K>OQup1D~z+Jrg@UoW)e-RdrtUNJK1!qo31o@4JmLzw&CfPTU^sVfsvm`B)zJ z#f<);jo}xnP~Xi1k{mm_iA|et?(J@Ax)CpI*4<4^2yu)YulM`@_yM<-P-K6hiS?<1 zEQ!?AhFqcB_GS%sleWpV7i%`j(Z8r%rA`kzY%jh-u&Wp~_7HID*TV-|g#-?~xFB<U zi)I67_~K#8lo#2NQSCIDv|FT4<ErxVS@pbCKDWj39o#b|A7EP7y!cw3r}^n7g^2Ns z`+BPc`EG81bu`{bVo#VugoT4hPW*GK&rfU0ggB&9YYrww@(omG@3z}~^~j6wcg%O0 zOXOZV#calO&ctNCyU%XsPCEV4!Kkuy<s`r1wpBL~ySGGpgZejtJ1A+>Y7)P1p`e{s z+CO`*X7^Qw-%fYGh*SlJzRWB&d>FFb*jD$)uCG4LbJb58DuQMtp6_+>Cb052Z4J7o z?azFe@}Q@g5%UfQKZ(Nvr;DSuw6vIdR}oIRjy`0u|J76EZ${naUqoYmLAYu&&C#aF z_8SfPwz2A586{nW&xLw(zIP{ucTbeMS9Ml~HF{KW6^@2&c(EmM^^$NaHjP~=;ig4P zvAe|amXzy7Cym%P@*Dpq_=lR%SQxJKD8D_iv;09}8#ce;)J0Aa-cx&XA9B;Yf0Fl7 zp}SEhwd&iU_Z8dJaP~A+@5_gZ%}t`i`S%%(49W{#cjtaLeN4uD%aIQPQ<e)6&0W3H zuJ0nddl?pQEDQRE4MdH9m^+sz<#X)t!tAlh?&Uy*3tyF1m%3|fJ_n306(}oRn6Bq4 zJZ2T(Iox+s^ut|IheI5C8|BW~OkNFtID_e3kWPv8KNClHtHF-J_S#F0A8dzTsvY_9 z)RSR@Y3j{VkIYzu0O`!2m6u;@Vz=>f1zhmn{NwA`X62=?V{|@?ySP_=J?q#T@X*(5 zP-JCn=hD}uiF<TIm!@*YLgNM4jePgu-9Ec-8x6WReP(V3Pk-&O!EpsSQ<vc7kDEuo zb9}(p5qdHn@y{IbNs*_X%457KU)$=)v*pUZBEM|sF5XLhYM=5VSB_=~+&dFqpcs8L z<K!21S%$D338kED5=}?G@GzuB3bEY(AP}KXytu>>q3@*Bq?l)ZXre4HQcFCBSxjf| zhZiAv-(MQv%)v4aXYKk>@Z#AWHqkv539ox=-5;q;EWVTS<(E%Ld7jGOOGn(;oPR%g zoX+FD?rp_9X6lQV>I!X|%c;h06yCortVSU@voq`P-meu`vzSB%v~F2>y|Uxf9TnSq z?0(0F+$fWd6h?e7t*B^Wog1EYd#J)F6HWHS7E`PwV|dCBaSgqN3XWodFXM@$-DY3( zI+yv+g=Spw_~oAFemeSirGC0ixb2DUUJ*A-%2d6xPGXYV{Uj|oFDow?f94mG6kzRE zqV81*DARgQ<$WUOf|X2@RK!N+sEE0OsgD%Br&KpmQ;s=^3J_(ZLZ!;tFKpIgl(M>T zD9>xMQFNeS?3n4x?C~fY5r*aI+se5;0{t?XmYKf(HzXq2cj#5P?-CO#^_O|@x!@49 zG^MBbx!aROVS>ws_de3bJ;y%0{yivNs+1;VGT-WPy4<NOyzfG1+bR9bP0XLF&kS0d zrzT3W*VHdj2y~sKHjRihboe&bxQz<Wy-Vck3$|S`F87n2L0+^qI1bOG;^X1tOJU8{ z@kx5GR8`44_2e4U%`P}<gNgm8<tl|sSR*9!J9c0!=ch5LDb=@40_F*~Dbs>a<-d+9 z58BvfXpnU9o_E`alwyg7tFl#_a!Oa9WQ9)$9iMIB>8eV3J8`axg+Z@4hhM$gD&zIg z)o>MV<#+tcp^6t?G0Z)at;v5mu*pEk56fVDjak+!HtwaTbL{WtSN#3&_g=>SxTjG> zd35rs<qbuaUs-IdHiwI8t#-X`ICA;S*})Gjk+*A=GWtj8dpSfkZ=RcBUbrD16MSZ~ ztNN1-o43=`QDgN4e@AO4gm!*2J(bIv)4DZK>g8DO5x%|eOYd8_NmujFvD!T>$8u{o z%P&9GyC#3)REfQabZhfY{fWA8UCWybp(Yc1)6V=nc!$stW+OR3cPCfNI(Tzuf`EdR zkwM}9qEm7#O$}a8mr6|Cj`k)RHdb7V&W|rv*Km0&E65+2HT+s^?#RWrns*Lk^Cq`s z4*ZI=v3xrs=o|XB<kYays7Ze`?>%qzsvcGQ=dNPI?`-ciY~nUq>^&_d@cwRm?qKF4 zyUbFXJ0h(C$1;zJw7W>*PU2>?E>ou;qaDhutjNC?+#A?e`?~yH_-kkGnF~}0`S}*I zIg)#Aes-NKsH+gj7kE8TuAP<KeCp9%=_RM@Ng7Ar<q2!_pEp0&U@oO-nR_I(!2N<} z^pQqM@mRBnx6#$b6|@dYHq?7JC|*y<W#gCgaf>Z!%a0qlz$LXO|5r2ZF_X=+epN4d zi^3~7njOluI}diXN+pCJIfg&i`Rny3;k}9jE?m`YC%2b1ryOwgw8KAo-|^zNRY-49 zfvNX{M_Y9dX9>Qj$2OUncAu;a@9KKt@zSbq@|lT4m1#L$#h5U^UC^x`?ba8=Xmj6L z)Y}(X6nL9IP>`OJTJ;ND8RfG}9bFB+(#X=F`Z8f(*+b<GTzmF;J#1EOYHCsKxMrRD zt=~R%I`H<D_GNWuf2Gw^XD27`^hBD<R8d@XsSA+gVR_-#IPltv?Y2KVtDKT6>y4M1 zB5@<J<{$ILp0nT+kK)csOfgK}=j*hw6949Sv+Eblq<8$n#8IcD&$BzC3yXJ*gq|8- zkgW@^yLRcumHFa(Wl_HKH|G7*{JAgBmm8E#`8$5T;E%Pg<C`^)pWdAMe!`7rR)=ai z^+`o5w^9{jz;f;ry{VVeGPR=PcPaWm{&YSt`@ZD2e(Qtd$1?(ae^z9VEF={@ml48> z<q5s0**m)!`1pcf1hd;CuGRhCHl?4vYp=;a_S_abcxKz(A78r~WUZEcpC!zT=3mQ~ zMfOVM?3lc5g1ZWGZjGeuYugS{RXtICH;>cSE~2*9JmTvUa=6j>s}pG_B5Ley;{`W} z>Y$&f>e^;OLR>^lOoB&BL{dUr5^Ndtti3#(z(zt+L<(f>U@)*-*)OtxKitE?Eye#% z^2NnurT$LxO=Au)+sbUjpQrlt?4B`wRL+!ykv+ww3ycOquU2ka1srOQb}!`SH_8w+ zvbd)lCHwYT((%B@$N54_Q#w`eBq#4OY&OvMo?W`|sVK>8o9o>lRB=pi7GJSEn%E#F zq4bkC<{|sT%IC?aL$h~_%sgRlc#IwD%quwZ*4Wq;&r?xCalG4PhuaGM%bl+=W+{F_ zzLt!hLY}TVwiPaYDx0TV^ytd1uHQ61_Omqe#h83s@T;vQCCQ<81`pkyj}Nk_kU8zL z|1jpt{!Ppec2Rtl&1}d2w4%I$xtI{;AsspM&Q7F@txn^zx(3FZzy9p=2S%s1_=#8- z)J>dJ3=jBe5fU@0SmqU=nfqNf%=w$i`yGRI&rdgOcQNpDKKCK%R_Ex;nWOOnA-hkd zc-@GaEWI+PJoWbY)LY#cLtz%|%tiN_7Y<J=PN=xmT-ZPHLtH?3+gW3_i2;=%#U0K2 z69Qb6AABdIa#{;iNu+3PduQe>d~xxITz;4hKXLpAn_Hr)I^|cE@v8UY8w>pHLo;uk zQ0e{=t4BFBYddmB^zg;lohPP#B@Uf<WYs*lRY@SRW<$KNh}#>bfNfu{SETY?Pf*R+ zyr1t@(YxALaxENzfx0PdpB)NpyInZb*t*SzA{Gtz{knLeG&z$yAd{ORT;R+g_lq2j zh>b1A6u|__!YBCBsAkHoC0^k(6-yU}7o#ZlOpaGGRq-_zMQPS3;zn}^Zb#}xux=@g zx}1W0YO$PA|Df9FqCWnYJ_E<QImMhI&E_o48w@mbN1ydlS79D))l{q~NUZ0$%Q!cA z@ti*A#YGFF8U@kZ*VX+3-v;k<o?=t?85eTvdsFVRH+xIPhCP$ZwGF|Hkr(Am#<_fy zwr}8FxPIWhcSu3hs~Ib`?;&?ZFV8x?)o5mD@t@%Mpq)El`jAc3axdnD`zy2l8r*pr z*FjrGE*kT(bG($NH7rv{yoz@i(wk+Zu+7x@JZ)0^Ikmj&;R_En1{Rr5p%)kBrjMQr zSpF5TJpFz~bZb&&>JQ4Oi3%EHVi=<kPi3R+;l~|!sI7SJ6z$%0zu{`!#upbZOrIz* z_x(|1@TH?&#O6{^|GTF&ZY{30cNc$rr1WXIzi52r0<~{X0@iu&wL;$qVzX|N_AM_z zwKS`K9iO@~R8!|=obN)pf9q4d3ghES8kB(=vw{!3`RSIAAGjkie&T5yU-_Qi18o<C zuH^e?TRclNPNIl;MEOSGnfLEldrkf9$B`17iNm*VmiO);O2x^2!@Szzc6fx(AyMja zs|(HmFXlRZy~I~7@wP<RjoHSt3Bs12Psxu=ww%;k^b{J9t4NL;tlfTO(}`0JtUFVj z4&i<7xjP#d{pfSu_EukivZXWW@vMKsyT&U{mr{<|lt0ii(2x1ZkCm_6_v|A}r(rX8 z;z;9t(ebg2k9hjwz9SOq-93J9aW{)NZuI@)ju5oH_MdzRYb$?I+kf$)+QGm15Y|=x z>I6$JYh-8w%327u>RX=%)F>{hYVB!{v`|$$gvaCes#&`@*?2e!tGc<^iQ-*BQNzjA zLG-Yb>p@pfr?ua($02)9TMwr*UTz*da$rs)z?2@IUTTik9z2o~pae&{7MBnQ-R-;_ zL8VL@Df+BuZ`ku+(*7A4sTU!l{+D>5@Z#VJC({BYKquRSt`08tJYu2;J#AqXOGa7@ z)OOHoVF~a<&H9X{y_16@`sm<U2Sh9$Y03Q{2>7Bu#ARf~kx37eT8fE@nv;6LF^s+J zPn&@*NE<Y$2uq90@xTdq#3evA4onN922c=)9QG1m(MTz5{i2a-*k7yuXUszCW~kbD z#HA#~L`fouONvQ>BA1Jshw&L}Tl+t?D^XP^FHb{z4>h;bXWU%j@@2`9>yVlWsW_zt zienyU++ev1sc(|2RpMfj`=w>qhqBe4)i0P$+Ui>B7zzps%n9%hX7xQr4MR^$OGisX zPe(_`z(CKq5zDl3!-kF9S+}rYxj49Ya&d5S^6VDb!?SB2A19}v3~ry8xRjI>_Z~S# zSqTLZNht|92n7QJ!^RC8*_oKwC3rb`CH_DES$%@pOi#m36GKI@3q!e?f@(9xYCVP< zgQ1`S(n5hre<&!asA*{F=ouI{fClB8Fq9NjRFu?IG&I!IptV1Ej-lR6!^$gukai2f znr@dnRw6hem7Y(v<SCm`+xOj)HXaul7`JX?-_F4=utyLlBqhCHMpjN9_=>uQrk1v` ziK*FP^CK3vcJ?P79G#p!y}Zx*_@48-bot8FYu9fOBX37V$Hd0niBC(<$jr*l$;~Uh zUsnF0qOz*G?pb|9W7G5I7wsLLUEObc-t~U%>mL{#8Xg%PoBlB~J2$`Z^Ve^<E(#14 zx~#R8{bOC5!MZ4^si~;x;JPR%eZYrmGc^sbI4$cz0-d${mR%CT^jOu1)RLzRe3C}r z*=#)87`N`0`pQ2ImxiqD|J}ka{{LFp+QR;<s~5A8iUJsqYBNR|Gs|e9Yt(gz-jOm< zFzu@~PFx31i8YEpsH17C$Im%LOr;e}uN6^r+|+Av7ALM^?$8|*MHJk?K(r8V!D0wH zS}HWcTsbM!X)z&&yn>kxf>@f%PqR;FVkdD{8J8QRim<=6EkaY{vT6Eai3I(=;#UOX zZR`ianc`lYJD!qJFf+x5prh%yiJ*hWV9TNmDezcBii7FcGR(!;TCAa18c`6F7S?G< zp)S}UOvxG(i?s>9ffvEKt1x9Y$VY}V!1j0%K`25@&=w-jHyz4_rz(!iY!HUhWIWAo zQ!#hM+9V$YD=Z@rEhy^{!LenAl%S;;Yb@624Y<<Mq$CQaP!hq|G*}zr2`mB6!-#WC zq0Y=q3o4ESG8u{sW~SY|u8nhYWRJ@LcUg%Rf}5ghN02LRj9?lOd}6?DI1cF(L)4}P zLs5dZvOvnHc65zUZY?|_D~2BoO`!!ez%L9}gEgcyY6I#ZfX~_VaxBKkCyhvrC1^PR znIQ)1g(%2Q07DoVwW-kT@e>>c#^47d!cp<qplqFZZCub-txvaQGg`K8xQQ2VY!TlO zFR7Onw*k*DOv!jAt4)P@3co)l`q~+R5F>)FY9A5j$R2g|u9iyBngm9{c%I^@s<a?M zCVUI$8*!cP;2ZIVoi@RmbX1y-Y2o#0F+`g!Sfd4?gs`%*s3!mhK<}9;j8;YzKwm+u zu|yyT0WZu0Q~)k?h%~%Cf|-qu4V1-EWtHjJjoLVObta&NN}%T`o4Z6^L!JhHc_K#N z$uTYXnxBQX1qBV3ph=S!NyJ!KXyZbx+M#aH4+0|UOholWMAM9dX+exY0~-;0kjzAZ za}w79h9!_bKA;V3NB(GA5mXrP!cd#-01Z%w8h+Xs3vJYl2N9eh)`=o(_<wv0gO!kG z0rrH}A!6VP1u-eer3Dx<G6viuPYu3-X0$OlM<9>31u!f?B;^&Xkwbjy27r-z(n>MH z*r>9Nz#&DY=(Po>^i!xCM4iR)yf<|4{J?pP`hr*iEPyL%sWd>pN#`WYWoA%P=m2+E zTc==JFscNAexr7R$_90yV=&i33T=CPn+k)DI_~@%UU3~DkQ%U{(Iu58BZ8I+Gc8eD zQpL)`LKkXB-7$qGtG(Tj2TlX*4^a;WA?uc)3%tk?H9jKIdRqV&M*I$gF>2F_R{@@e z3#!b>Y{3R;12&*eBU+qT(;tL02hItHK_tcVW1m>y1T%n#7(?)rJ|rW7i6~G9MAQu& z4%~tML64&W{9prc2Yl72y)S47R0yJRC^i!$jvYGC;OK1&Re<JpNIke900yu~u)x#6 zGlBPKq#VQxv!_s}*UA%B_QwF$6Bo?3ffG8WZ0yD1+3ap;JHkdl@G^pqN`1Dm6P{-) zG&jJlBL-{ROV(IA0;aSe=1xXIY>)*20fmm1j!GSo#2c^=4jCs3F_qC9$P8N<A$*89 zCrlI=9<ih_zcA_xwK-%wLsrED4+qAER=F4gmO;@=w6Fr=rU7OHgaNS54**2~vReo? zV6aAgA;2v94I((q2ZDYEU_I2MAPvIddB9+CGyr9&Sphu2FzrU`>;Ua%)DCZ~Yl3vv zQK1FwjSbQz5G8fuF{Ce59L_Ud8zY+*6B)#abAmvM1Tz@5Q-EoJEPz`n4z$6z5LISO zAr5>q2)Gd-Np{qwEr3zL8o*N&Pmo1X#{~|+fEpCUCvca72zp~U2}GQyN_}QVMhXoO zl4^fsOk_^5BP7_XVV#p8yfNU}rB1w|(C5NoGE*o4d^P}a-fRUx!U13BG^8X7!svn* zreeeaW2S}7;Gs_%QXrE-1d%>IP<c4VA)*@UcbNbYNHDXY29$sVtcEqRhi0X~1J;C? z6hsz^iGnyqe&Rmn3Z_tDApxTn08S?2BnXxeNmK#$Q`rzN;RJ<Q^9QnDSRkkbGLz^A zxDJIQlnZe)fG%Ko7&f8zq91qzwkO*jc>q=lhz1QzWe|0}KroVbqpL&cOAyllmWGKc z12p=#I)I5#2>s(*2jyD=8Sv}AH}(pq<%FjZfoltXQyEp+fXDg^VxUrKxJJ@~wnl=O zv<(X!fI$cN6XN88X(2$1?3o$jfJWnJfLVepa5$$RV3Hs~02s0%tf98mp$al#50a?# zICtQC4KTm}Wq?=<TsN};Ye?A!ZqopWValSQs&S}-Abv1ukud<S2<P>NBQS$QLmwvH z{rekoS(y>YG*B)BW5W>3kK6|OL2&_*@PGS2%tL?119g)DxBeSR2T-}zNnm71*^cyD zKRh%TOdkGf4Ml{Kp;-~0N)l)!4S^Br2f|dWF)$-TR|;Cg$;*s@dfpcxeehf(ARPHS zLZbG{0@JpknH9){fIR^vLB`tS2f+q>3?SD61sZ~Cv<+ZIh?z<V%uzg74hi09Lo!?e zd&fbn1(9zc6pNUKG$i=}`5Ukd0&w6wF@STR+rSHL#GSweAmO#o0Vn|J!<9qw5D<&d zxCY}i1ro5=_xbA@1~ceoU{Vr7$({!J4mcHDIN9YOEO}7TLEwf=25bPMb}$WeE1+T| zn|TF-QaDf_xDz&8hNj02&^OzO+DcKFvf5lZumqr4j5jhEAbvo`khDOnwNYT$gNoa@ z<`@>*RuE9^h;|TL6JZ`gidAGGkq4;BNDoO3$ohrfYf6Djgf9D6?{!X233DDG3c_=6 zuK#C!9)Rwy;YZd#R5chGl`#Z*VeJT1={mtk>V>L>Ud59E!nZXDdoV8kvGdwBLJ7b$ z$PMHNVy{0bC43+b86M;bl1fqMK{jW110fK&58`q{)*A&v>?qhpF)EIv0agI<RUWqA zlGxs+qjC`}9~DO!OONWs0)XQWor18lrXiS+qNC$6dz^tb(MJGxh}qT_50^>S^_n5p zG2UMkzt(^RX!JMq0rI$O`uHC@S|2d}j0UU-(=Et7NEQtMORs$ZB$Rb)>p@))E&@n| z=s6fA9vHSkat4<be1k}iL5S~w9|wWy&}|^uwrJ>r>~a=$v6eKV&<*HPATa{_moft2 z8|a=eE@or`Q%)gzguIlQ0m26&5&+T~RFOH?f+*Q5K@yCDHw5G&XfTCI*`Gy&Ytrrl zg&`s!xi?(yf9mub;1!gKk#PFYaEagxurJgK0yZ><0V;x=4ECTvYLen0>LLHay!Bsh ziMS@2X;77|DgF=oq1jP2K)OPf2{W;OtNQ;Mm}tGRHZeI7z~+!Qbu`I12PuIKR2u5% z=w$1`jLZ(Ucu>_-Xefe&1}$boG88c4Ixs@4qr?gg4%JNltgQuP)w2+ZsM!(XgI){t zhi1_LI_uU$ih^X^{%24{P4S<4Mh#A#nL%=1GDcwH^hY+bjOh2e1&EWvj8Pxr6XB5W z!5%szg92pvz!XRbAuU-KE&|DW@K9)Sgo-LdR)avq;VkH3vk@ez2wK2O0m@Kapm)&P zLKz?zWDIbzmb)NzluT$T1Wlxw|Eyu1e*aJ?i7A2gz-meC{0}seoQG^DFgOB(|7eBo z0w6rW#-$9FlmI0la)Kq$up^{J0up#cl9LS9e|@9#t_7hrB1Gttq}U8n8nzw~@EXao zNDu;yqDu`o<xp(635p`22}+o@R&*fkfDt;wV@?7`poIGxB<V&-V-3Y*nkU7tDF{at ztE8<Qv@Bv7XdRN9!=wyNNMPm+&AQftoU)-=`rpt-kc&pG^+_h=9u!M;5U{BEP;mY+ zIQ;!z9Jc0yB(nay2N?vQE8@A(&ZxoH?tnrN6d%+H{+<%C6=GTPyl@i)w(b8NNMQGa zT8K~Jd9PrNI*`x^y5J}hfQIVH>RL;1NeZHDg9;%j1!=UVO4OB5f`AxUd$8V5$Y4Qp zsy~DQ@_-G0s0DSrwYd>S|1YZk22CGj)c23jvL5UxMUzMnYCjWs`d1IIYatZ`!OH0W zj#3#269Gy_Wx5Q&PYZYkNjcg7y#+wl3PApcL;$8h(vFQ<djj<b2t^nRN&qNPWC8v` zYp5H?z&^Pi3tbk*CkR~7aGg51M%MBx)SF2WXMKK8W+Bw8|HFy?XahwNgdNn%nwKFB zP^W|?1B9{=<bp5<TWbFcy(HxRAvd%aQomWJP@rj2ZjMD!fiN$`5kF#NR538C0Ukyo z=f6{!HL4;}6iJ2uuq$M^e>ezOY6FHH*&x`&5G_>D36anS7@ZXFDDHv^*(Ok(c|*eS zAFxBCBRj`GyF}26<U(j@Aq_&dFWUUy7$G|f3`EdLz{sd0z+@Px0oKZcA^7W%r~snM zKh^r@_Zk}30U9no2JX(#gcKR-k1vszM)t%%IpQWV;lUNw{abzigVJC{AjPN;lmfx& z0z^_w@C~3A%C(IiU=?woVI4dV8n<GIYDj^GgbN!WCn*3_riE`WBj}iDLZzWL0RwF^ zYU>4|V(r%7l#DtD*?@@dQSt%^g4#uZhUR+f5`eWQC=8*>$uW@>b0N2{L+-k3QW!;; zWsT3t7k_mDb_DST;D7`jpA51$tu2`>;s5$3OCCkO08~Zh4N^9TIHQHQCWz8u;xI5E zbzT@Z;5JH^5{XjcEyCa!;UC#a1}tid@BpcTZ|LX{#Z}1kW&{I=?#a`DZt`}+ppR|~ z9RF|uGAgoI#Mj9CNwRPjC=$pRByHOfm6GWR<-Qb~wdnkpfyqY3`T%&L=`|^pgV`a8 z#YvX<Cvl-RCuI|;-=ao<R02^>I^TfY4&=mvx-%NBr(hUDTsmr9rh=LeVc|Z&ec(6* zpbDJ0fa5RtUl^lN3D5&Hl*(*~-u!6RfQ~n&tpZ>v1|uvc$|kl}7$bu%D=V|2ZXi{L zZw4Wt$3s?tnjnfJ+*D@7PEbepa_B)9APC9*F+`ze#J&IM0_AVi!eo+!Dn`*k77-Y5 zt;-)QA~!*d`!B{?!yU|dNFOL46qHODYu~_Ip=)CRqM+%?d0iAa>w_1N<Vb^(I2aMv z3faqQV?e!|9|JZ-P}9)j$j-{093XUbRG8B4l7A7wP9HHgzc7fXFjQ^98t0JCV}NN< z2NBl-*al|~-~<#rM`RblAzL*hw?g!&Z2{dLOao_DA%`Alc}hbk(m1+C?QOuxkYg5D z%?IZJAg=~TEF^V2X#v3~l}uaYl##?wYwChlUCTDfApi+}Yfps1!5%Q%K|Hn$xd1K= z017|Iwj6ar)|fRFt(h5Zc94uAB(g-68NC5+4qb&b0&oJ5H9!zU?U7A^oDIOz7!rJ; zWsqq1Hz+}|fh36_@WBSetJW<L6yM>dnq*-chy<Xn^`RDy3Uq1&N;+$l{bvdizJN6$ zw$LOA`WCDfLwW->G8DaFHId+~l?K(D7P4jLA%Sj<b0l-ph$W;ZcnmPrx?RoMt{RLE zIzWyAqa%Dq+QlIU#OSW^AE-An&PCA!sw8XLK#c_kQeD>vlp#qY11vYJqXSrx1E)&h z%mT?^fr-|%j$QzSAlaV)j50uFBqf6*MkFwDji8hRV1hxHjc|`T;^vU`QNzN5`I?2n zP=AC$Pc~5gCb1t<e}Hxe5|DiqvM_1~L;y87E6J$|nyPT6paa4E3fc?#1&_HhvY?d# zUje#B(j|cSAk>|KmS2OS6Dh}q;=vCJi#5QZ`&D2WKqeNn`~agoV3p*F*X<NYWVyCr zKt%M=q6i70IEVeopcV!Uutu9?gX3_WYy5;_{_aQvS>gD#3osQ}$~u-s^bQOFNCXX0 z0O$X-Bg&Y-*lT2jXd#o7ZLbp(APTxMKoks!VkA-mu>v6%xZi*q52z@0KvQCX=Mmz; z2SFRcZZIID)jLE1Fwz4F!D}AE{9<r34LuQ~ji!X*7m0#!(*ZIv5RZcIf)Hg0ZjnzF z5OgE*taAvG^MD*<7V`c^L9&jZ@@Zj1(pD>&Y*GZkYcT`(Hav8zTVoJX)vynl_fNWt z8VJxI$s@tLDdo_B$X;j-C;(k}bOUvQ#HOSJRkS|3KHng_HTfG&8c6#lsCH020@GPT z#QuFgPSOK8nnL{{(G)1^&nld($mvPC3a}c<`M}XJXadG0oIp&8>K$1d=?oB*sn8h> z`Q(X$_rRtDI06g|f1iUP={j&ez!<1rp$b9yA0B%n?2<{Yo*^RP95<m&qssn{&S3kz zCde9X{cG0-fQ(=h;xi2xdM!62F*DpKBd3W#5lEJast;K<fTkAUiuDHna}5hG2&qFt zK|gB?25JC_8GO;@&%?j20nPjw3BMPP@B{!(1(cK4R%s4QvZhh8W=Y>DG{7MSN=qcQ z!-urq!dO#Qq%QbJ?PUQ_4pKtF8iO2>K$5CND{Aogp#c=4`%u5L2E*{AAsB)F1qxKa z5lN8*d_yt<zKBK>luF?X1&FVatq3d$OtMb%u>acr4K;IGZ2Ujrh+-FPu_Iw&o@5S0 z5P0Y=ECx1U+E4(<0boTSi$v00H1v^7PnHep^N-N*8XWmhBIis<fLs?Okq`{n2np-| zscBRjP+Y{QL5QtD^1B8=5(_~<!ySjMWUeD}YAue2f(CMagyg^=aFZ34E=78uMZocc zWCfqnoguJtIWA;n;3N|89m&J~s<)CrjgTZzJTMp<O%Z=W-vI%y82w2P(DzFq8I+;9 z-Jg9uhymo<fQ}YKCB!x2vyk1uNpaiX7zRrRC#`^jd7y;>MF0N8z}K?SG<mI{N0R}O zy<S_8b4Zv{0q3dYv-7`agGydAAfWpxm5X3>H8S&4^CNK<kO!O-v?W(!5QPE5Ago=7 z3YbCbFKk^w^qP*O9v<ah#T-iwWIrORDZ;G$k-Ixt;e4o3vTa&g)ye6C$KT&I|9mb~ z_DI%yk9}0&cbvgbqxtYjY4vQ|(##^|gvQ^&tuZlew-z=8TC`M7s~0I-j$-}PDFa2E zk2>y(X1L#($513((0H=ys`A1I#_3;0g$}!0Jf#v>F`OZRck))OU!S3v&-H$L=y+GM zncu4<fwr{qoVw4G_K%~D5*mAT&;4kqe>~ZAYY2btrmlPUouMtCvfn?tUViPCncwb5 zN<o3S#h$B}qx@9As7wZ?zcuf9SzbYyJo31%(rCClVd!j&PQk8ddcM*?&au-^_K&Yj z9Pe|co6gGjv&!L~sDJ#`DmzhG$W|YBUTb0RJL3tjZ++j)FRk1a{elhDF8s8oi$%G2 z8~4I@;_$}d?^$kpQZrjb`UkGrX6@Y5`CYkVcop;bYLbF+F4ZcAdnWlOmnWuVE|)Ui zs(q3(V#1s7^S;p+|5B^px6NW3sxNt0-=1B?Fb)`E<n9r^^-CoVe#oRhD}VTHk%%#q zr?T?L@LPjc%gd=g5<iCJUM42L&O8!LXK}njV?ndUKw<LmZs8KM_eP!h^Ec1G&nam; zlo9-M=U&&2#_Fz0O08X$R7G)d%5nMM=5KqeX8bnX_bp?ww6seo@=!Iw!SeJp^Dc3p z>=)O%1vV;MnPnW4d6UWcp?UkPujOyXneLAB`Bh6oTRR4*c<<q_`|D<2y`|P^+~9}3 zMrCw4ur_+drtsOl(F*P{w{OYI@9@4Imb!NhMhOyZ%3^d%UD}T$SeS;+=RFUT$j?^{ zbL#raTesY8r#ulUR5!K_W9=q#t^MRGhNH-}X3LzzhxxI+4Oj06B>NC*k1x7>?l-fU z)-TxhvCEZZ@u%AmE^m5U*T8uiw!!bdpO2`$`mU|G``Y%U>ji>JyjHml4VMk3IIjf8 zNo(gHh#b-LI`DgM#I-)!r2d5m72?ZcpSz3j{fex|n4YDsVq68d+jI3rbD0xkMn(kl zpD(FpXf1ftD{pO@xwj#=NBLuIg|ZgSfi#zwUdF8E1KYLO9)&O|#a$$>6*s`^Vm3r% zmjmkxy!OZP={ny~61~kLSK3AAVhytw+bK-#-p=N%%q?+Wa`;7Xe;033PFxXc>sUE9 zvoa>W5>4gXs$pConVfMlR$|iVat#*~+pASfom<w~urI5aCmKK7Z*e#^tsF7<#WJ1Q zy0d@YbHc04rfP0FASv*o+u}fAsI2dO1LbEj%RiJG!+aN59F!X8*z*Z}p|WAR$qNmN z7qqgHe>wM$T?G%f-H)|BMtrU3sqY@)kv>MB+d(J|tnuEwiV0@)QFT9+>Kv24rT*h? zwOMQJ-MY(jOQYAlg#|PUu=L=SAjh>W5kF~r0^bLKS-Ivxb?}ZGV2=zQkQEvub#VrD z7}FX={%}2@I16nRxB*9)7nG*Ru@ep)1R@TM&#)>E4_}dt6^$R@I2yc;q@@F2hRGu3 zM^W$%BjhDAkOKU9a|ky1n`6=6X;0Q=5aeuv=N|!yG;0h|6{f`@(^)r`oong`77El4 zzKy@q=^p>1L-FQzJ<dDh1PSHb0@a|f=naBRS-9LSFHS~z_H-~-cVA-3RBb9ZZLo=8 zO6-u(aISpsK9{wrGAl0MRPMDq;qJRpVnwl^p`mT&0b+yX?FO+)X`hql34>vMH?I(P zurEl_C(adMg61=O#M|#SyfECvX-7PBd8o)`Hls(d(j&Ugwp{Ddi1Ud@@3L*_K1DaZ zP?7MX(l_$#&e|}WowxCaEO=8pkLt|9rQBnmsd!B8U75{QcpBoaJ$M9LS1ik(OFO+} zQrNS?OSnThQ)#Rl>Avsg(#iZLCBKmP*Nca2b2GL*PxgA#RX4h$t+e>*F(K<yfVwb+ z{@!|zwPP0@FG~J4`B7TcR_2x9FhQg4C3rxVEk?Slk$LR+x3&)VRQ%059NazO%ojel z2dAm(E3~%fgxc+Fcyu-6sP`sMhSrj_R~Mc?s>b@RVvhVaeyb94@xrsY2L7b9SjQt; zJNzzvDp2e>^h9<(x6|G>rBPlRM|)`%W3by_h;WwS_1N+9jdR&2skwXhtOO+d$Xsc# z?zXz+Zq}dRK5j->*r~V8rX;c2xapOPTHyT#^N_K#Ki_%FQazZlQ0WY6A3k-GX-_rJ zHLEV(C+9Z!O&L1R9ur7jvB2-}mk?r2nQu^k!#kGJCDd_L(<`^OE$b1#?uG8A70Nlm zY5qb9o2US)rBf^u?pv1BMjTgK%((YuPqUrcBB4~I`(YJxIsREH>#d(msw*NTR((6J zu4002P3LR0v(F_4ewN-gFX>tRC18W;+?@?$or?)9{g&R`!igD+#cbNgxisk}C&B}3 zc>(pOFW=Z1-~^XeU*5_e%Cebv*&<G>-(T;3=>adUN2-AZCbt_nI<s%qRZT?X+)LLf zKXxNIH*-;np^ZkTNFtiiKSWDf(ab|PwnA?fL<`ebK1Lpm>a7cL@gpzPl`jXF#8DOJ zc<+8`()U0^e&5MGyvo|X#g&S9H*S4gs=xEOJ61XMD=o2a=Q3Ab$JUrVV{~PfC!9UN zC+PHp`B(Oa?J8foZ#@5|B5<>~RM0<+uw>QlAAjPUYk6kU9VxD|!lu-O!Pm7+qEm;v z%NTQ~^aQip?>@=m52xtP(z!v=I2PWh=#(Wn;aGXC;Qjdkld19wLuKu2JM-{j;mjJ& z*f@{0FOQ=9yRBzsb32aIge={Ep;*E3YDO-bj=dS%IZ%D0<L1ceJ=fh1uUJ0rqqv9b zJD<7Ovcuo3>a&=i(WLQfp=hVV40$ns=F|)3tC$9?!}PAqo%^gjDU;JzF?07Kele@a z=DY~Iv+Ue;E@IBvKdjTYbmw>O#mOk&(w?LfflsfTnaD25dGAxJoUeP_EO<nx?<QZD zJ$I0DcgAs6r~3X^?sIC#TrRwBOn9Wb+^=V|Tj$xKIhJqVWNM#qn@T-?U+pS6AH5WM z&MiTNnSBNO%u{TI&vfouPjX)2a4z>|r=S_RRm>xnpGHO3y&AcvXX(21&gmS}8FNZL z9oyM4KcQ5xbGR_nP2V+E>v#M9s;q3w%q0rxfyb^1oLe;BXElA2I`7kS-0W!UVSu?y zdaIbE;gz4tU$s^-3|sH4Via4Kzn^Mu85kIr^3OXyMff(@6KHnJvs>f3*R%HiRScK% zSB<6J@(xQ&f&EzzlfOv>`o5`Pb;wPB|LEzQ<AS33&)d4kf4K%uU4kR-ha)DeEXV(7 zRkHF{=(zlYY9aUhIl8X&4|BYIdSa`XmnXSRq^5pqdQEnS1ITmyXjPo)?6}-Mzb9Vt zVGYYz+oWIc^wvb$3r)(0q*{M!c}*`F0e={}=rAXjIb*5lbpG5~ZZO>J?Y{FAy=p&M zrn5lkGqqlR7s$IJJ<R*z)<gea+4i^mluCGhm$9gUMHe<z>wrj@zQS6wvsrXNx$)tY za8g#()>eVo?%mwLWXHcpzdIXtykp5JyCEj7Z@aR%6~?y1TY*FIVbh!=SJM*ze9tPz za22!g22N&6G3xqx;Z5Pb(+Ve(u*{w<+~#rq7Icn}L@E?d_XIx4{ro+~GO(3yslna4 zSpVzKp$y|Kfm?C@HnzXZn5!Pz+uc2p{Qdok^tPov)vBwQe9Nd+%!6|)>Q#aFGcHY0 zn7Wn)N_%bz`E9!IP<7<@HzQ|X_Sa%U67Fmp-w=33J8A#-+2onc_*IPm_Q1FzTxEwV zkFwOsywXi)JoXy6zWT)Fqxe8{(@01E%P!#^iVxckr&nIIj>`&d$}5)sf~S~Wa<oc6 zDPi(E_i5HWk@`gz$q^yRV{EkLc@_}^&WE+aJ~{FIkj|zHQ#k0V?q)_9-KVmO*=H(L zVplDpQ9?LoOIKfjSAP4>QfFmUFtEU}VR}ES#@)<U=~Y_TRg8kEXH%6(;#;-aw91i{ z-HzWDzC1L@Ke3A8JIpsdb?x)^>Ili@pXPzu7oH~_IV<n1{R9~3?X&kjflj>hjPJnz zwc&G9HS2Qo$=l04x8@oSq}-qInk|23FwG(Md8F4aa?iaN*cGcz_a!aezS9DPm4Vd9 zb=gUZFXlZae4@&m)uyR*!u!lcY!(D}{NiZ4)X<AvVp89|r|gcwu%4ELm0gAUAltDG zFD)bDM0SM-7JuoSZQe@Mwt(*)!dfeMs}uay92)d>Z<sIq*_%B<wxnfI#-!KUv~g=~ zG4L-+z}!L%j0J8J@Y~3>qDq*zz*3hPyi-hrZHkd?9OW`$&J5ct5{Pv)d-AKgAg9Sb zTzu)uMkb>6Kw-eHp8=GIJX(R*XSs6*IIu;#Pit>(D7>@x{7atWgYj0)-W->cp3e&H zeIcSG;5-$<R-3{1VVm+RGkjB+^sk?%wchw0B0g@<?mbkltx>^>Y3A{FepoSoMr5=w zC4~7K58D?Xj+SrThZbTbh7%R?H3s9e=Y!vF_+_$a+LL*3&f%d}UjZZE)h^-3Uqq7! z@xC&>ul@Q*@uH^&4woE#y<B{lJ?D<^Jw9q<bE;L$Sdsj21|cGlF@I^cV9)iPU8Y}U zr8;OshKI{l>%*cwG_U7{6x@z5i<fkYkg>4--4VwT+9)4irs+^iQ<b%)$>OAYvx4y! zyP7LInvQjC{jIlLg1<Nz+DY4YZ*nMfI4A9?N8^;A-rVt5N>@XdI*P55&v7+Ss*M{? zrEu;n%inwZT<Ew)V$V=o=J=?t?b1+&M1`OAF~|4#a4MaoXsY{XTl<Y9Ok5rsZ{a=Z z(jn7dmCL@-JLis58vB$aWxRc>-$`btE9~=mZw_5qTu8ACE9(lqp1W1z0KvV7@2nYS z|0%PNm)pJueH=ehC*j9<mpack*Y-xqY039Y!5)%{ZT@FhF*pN#ykUsG@9qw}j}Jp` z6Qc@W+#a#IWYVkpymDvSgB0`Z5P8k*2C0R5QA1_3TJZ;p1Y>&p64Nv5B)Xe)I0fZ7 zDp;o*4n^F4A}y<K+D}_@vVz}KZrm7CmlhH!evwI^u0VyEdI6h`b&n5xsdCje{^)xr zeWCp+)J}O@ljB{2hEkgpI<|}6O`1(|`fYMt+t&4ccbxg1%!QnHO$7%d4URb#C3-kg z+6uNvH79*BRUC-dYbrlL^D_0RRLxbP>rovQ$&EKDJb99EAN))Yicc9aFw3_WZ*ifG zeYrDwTS8J_?CT~Y8XoS!cJ>y*O8tQVlj&XMVtnQ;vW;}kcg{u--3|RrLh@|6^7dap zS@_HAsyrserpYff?fHcBFJii5Yv#7?YSx^IL*bKDA*R_OzfEXZ-1R7E`$vhso<y@- zv<VC631_gC<E>w{D!p1qwSt<)bsMCpZamGPtIA^a)Jj%y+_ZI=Xl)yR)+rl1Nm04% z#6ayyRJ-*e&Y(a-C3pmvaFB~`P^UW1awbba<c)k^_?7WsJ%M<ACUF)J!wR&5-(p`y ze7b!uh3-3@K<I#1mK~wV8RH)HyKTs)K~iBxPl3^g?Z$=vZ~8L^7MDI_lV&L#T0qYt zt@%su%Mb5vTg6bOh?s9<X2#1N<NP61sK=|6F6GD(&+TMH*P=6jrIq%6@G#M^?k4ZY zc%>6_88fwGx8k0C3jH>&{q)t*Mg31#lSG(h-5PW3`U?~da<S$jM`xB_I~{s-HTQOt zr}hr6k?roTcE*VVCh3NJmy+x5KYXG0DJVed$OdD3H#HH4-8)+dI&N+<roI07leE?? z3i^jr(>`7th;(xNkWTg6^lW>g7u|R16UR2c{q@G1`{3`68n%d}-xqGa4W1MdsIZ?b zPkZ~mvM<FcSRp8o(Wyj=xLb^i)_IQ)Rk+Z!pydI)_`~9Wk-XjMLoy2SdhKUhj?QdJ zA^bAhlKeH>-8}8Wvks!6-DqW38@p?YaXq7kw%o<~P0yd$3KVM0EHp@2UUcgF%-vu# zhda9AnsL~pzNleti9~MaXdXgme3JCes^6WZ5h^rv9`^K#hj$gJ-5Wc*c;T-4p!=J1 zSAv$9jvT#9zr9i3D2|8kGC|{j>cGtpHK+UiT`>yHHi^uy<CHU<@zXqMtC)<@`egF~ zu<sv=Z|D5ZGHl{HQL(X!mwk-B#fhU`GMZlLnqM;OY@xzS%d+1>$>SE)fg!U;5B2T6 zYPK?-O8d}fV!&aK>^GvOt6kY0`;ae}K9$eszwD`B=qda*yq#zlm~PTF$Z@jjw0HTD zdPzU=FUw3`^VOLjA1Ix*pLNAERxfHAF#nb;PAe5I?-_V<XTL-BkG-b5wM?X3*mr*E zE{Tk3WW5>IpOZ#Rg~Wdm>?Gla73@*bx4)3TxuFG4oZ#!y?4(U7>HUlC@bB6XB~@tH zsNcps_;P1*R|s>>2gVo4jXSw3p8Ffo@|8IR{z&`c+Gcg(^X6IhRZLgHom-3Iw!ixB z7X}Evr?`1^zk^a~CE@qUSSf-wt3S)ZjG{eNKV$Q?A~tR<rh4;jpT^KBf&Rt--pbeC z^bhTf$SeB6#+<KXa`L<r53@dvQFV9OOWuTpMaSBB6((Q3#_aQ6f$gG&CtDq&ujeJi zapv7B#GSV@O8I^Ny@-O(*AZr=k3-47?RUtG6Pv1kre>!o+m}?u&5NkAjGcP%OQD84 z6K8EWRvJxzxAt@WH#4i7r*s_YY~Fb;?`0isSmCYtu)B-j@H{B(@y0)u$eF}l^=4D} zVV`#fe<v&HYlVSAY4Tx@&#%*-a|zu)O4Tu!v((omADz}yZQrCFnoU(}`f*C#U$EFJ z?zMrlTb#4l`F7*tLWPnh3*9#qyOQ{1N4tX~2IjFQeWDhEmHB=Wdjq_M8ui#+mvcSd z6&~P<#XgI-wUp_;J5<`focVOI%>1xWvtvsq$36ZCp6Q?65f8%yF;a~WW0l8(mvHaG zh9r9;<v9xHMMqBgeyoxe%O2E|+4GPxzDl06|A_K}!60D=PI5udt8vi%l}Z5i>Q@%i z<MpOTiO+|a67NQ}&C9He7RKrA@Or1sMgN62Z9<OlGC^ZyY6!=4@AqN-S9jk8m^>Ru z+TRy;k~3#$<@L{1%(#(%VwijU$Sbi2XK19}<HMpl<Er!nCx$u092b?p5<l+GC0bY9 z!v4DQ!uDpMv(oE;=z@VFKLea+dvsmn@ksws-93tXjhnfzIV(hu2v$zmvoox4g!FD1 zw^Y)c&G_Njo-Afwzh5uu@?zWkme!Z?AAYEC25Uq~wuhY<RNvFXk}WlzEwg|>?XrE` zh-PP0Rh&mUo7anIsZYLKr%njYW-q1Z_IKYbdAI#k)^NFQwd3SoHIGYgmK|A7wAU~( zj-N=?r`0oAc@h2E^z6W#bnZ~eXoQ}G%vq_<xOm;xmAc)LcH8H(pV>=CCD|EfTzg=V z|FE9LB7cE(@&%>dfd_kc1%A6(srC6pAZ_-oErQ$+%Od>UTMosR2A4-A`Vr6FHNWtN z>ZcLqhhqZ8&p+@V|H))|t6tu=f8l5ALKLy_2dGxge=+9PFAe<4H{x`JCM?=p2gl6% zRari;H~dE_?l;FkScKb>L~;5eu5&5Yg{5|@+I{&}<)mxhvu`j=o{F+O&^74#*dm%X zBl*XB<<PBaB^_*g9yn!6$eZo+IXwE*rL%5jiWBf@0?nPwiU+umq%KWonceOj@oMLN z4H$#`1vTx{*=KX^$ai^4&)j;HzCxu{I$iyO?yD}1<9Fx8inHIJ^PN*Ik<BTmpZa>a z)GC~Xnm8<Qc!uF5f33fB|BmoM2isD|-KMW!(?916cdF6)W^zIL-Xo@{)<n<kw!aUn zx8Y^@&n6SJMjG$FdUB~fu{oO4rcgRT@Ws-z-c*d2Tx+Hl-o;bJIH}wv@3)Cdx)jCH z=xcr+l0~&z!9+@;4V%5(Y_5^<@|aD%WmwYeIcm=K;z^4mfgI6xb8JU#6&$4Pjdzys zr|3UrXhT;n%i<iNN;G48am$ru*S%)f58aifQlXSdQO=xAO5Y!x%i$0j*<IF8%oI+= zTGgcUWZ^33?zJ)>Fk#v$ALdxe_PkNEK`cJ5P?;n2w(?g!`pdKZ@lJBGqr~&V>b_D> zbo&+c#F7a__x|2=+t0)_^J_aRv%Fhya=(qWvUr*OjC|6SwVj57Y0st1j<@VjNIK9# z@uk0Z`$Cp$hOi3jR_v8qx+dqZNEN@v^&G0|FAx~JCDpDkNHN&tsp9HPdB(3Jx>UYn z^M3ykYLjyfQso$(nor@iGCovGec|z#bDoLD!9yuyp7Bu*C0V<UHYIWx>icz`Yckg7 zI;VVBvuWUW`@ruGMY)U?s@+WL{ZoXY(4M}a-TVBVGDF24JIgR`+HhO%1bw=XRL!+a z@r~~yx?`>9q^6z~Y5Q(Z`)VVKdsIdrH!p2}xGFn@@h~^eMD;w;@RGFM#<^Xw!NK@v zQI{ObHO1r_6uy|asEjae+ra!$+u*UqHBUbdzsW|;FKs9G7~vH>JR4Lqn6omD@Nqe9 zjH9?!YhcRbopZS)Eb6iIK^?<4WyFuZ4Vq%&(c?!}F>Xz|0n$RBb_dx%Ncz%t@<5u- zP3eT))|R~`!w)E~D~J^YAJAy}Wc(@bqhOrdF?LgYi5B1HRKBpdf*mZIj*mXs^_>5D z;7d6<?rWK5x3@n#(?!MHb5G(xi%fm5|K!$#^XG1TFX{g-{l@aeG}ru({vMwq?!A^A z$FCQb&6^L}?&b?K*p(ggp6T7B-`u0Z><u0@I~Jd1I`QQbx3h~W(o5IBb1wPNSWvl1 zgHAegV?uzVJ#J-m+@i7O_~y$a-Wqy%Ta8?+bn7?TkJ2w4PVMB0`X*e``u#E6LuYkM zcJ0LUDp#UzdsjHQv`ntif^R(s^S7SGh6ipFZMpDvAAOS#m9^f@eNU-;<+%IO)l(e( zeM&br?_#S?3>)1^0m>`ab5HZ;RFu4JJLaieKg#^|bY{-1M9VT}r94`>Uf9p-m)mK2 z<qtP^2iSF1M@$-J%DkDYJ|&+PbCxkZcMs)5`TqLeu8yIjM&o;OG<uZz8winoeSvcw zErN;};l<0&N9`<9`QE!;&`Ns;a>~wcCchadl*98+C13B|xM#C;J*YIjR$y5=&o=O0 zg>!l|SnJA?^HGO4<p;eT(p#prdmNhEhiu<p2nyWSeY&asqh8N){EJ@xRg6ola(iWd zQ6{h7H4D6uxQ3R@Ed{*z?qj=8%!l!_FM<DID91{XcTH>OWZcdaZIb}i`#L8)^;$Vi zs+#A7RrjV8&2YW)_*Bq>`O+7j=#??h-g%G0J$^&HJ`Jz+xC%uxXIqmeVY}Qo;f~g5 z!vXQ5TQ}se=k$IN{6Y+hQ8XCUYf`wR$7^*iab6+bI{L<!wu;`{*onQNyOV}OjORma z?v@3ZH1DGKYyY;hoQJAbf#sm4ow-yhLvFN&wZZ#Q{F{kGyJT~zh2*3rom7X5W^yYh zcnCelIZx)Y3GNvJ?w^R!e6M}eqU)N{e?1t!_$qr;ee<J<ynu(MTQ-j|WJS9-o{AYh zj60Va`1RMLt7&%OJ53)86&463F=YE^o$yP3oh(*m-p`paryMOuXxdkmv2CjDiJJ|L z=zCjbKjr5U__|jCbY9E2v%HHhZ`Gx5J2PNcnp~iL|IkN)?F$wdh3nTx1Q++&hF(l! z+<9yJlGA&J5r*F!(v(#88_qTy`t4%3lucWB;@0uTiv|~rYN*7^ejQFfnfK5*+hou8 zf)DYbw*nqpTzIwbge2$k3xbIJZHrQj=MTo<2Vu`fO<#!^-HK;9%WV<TJj#E}=CUVy z-fP|!{$-)t{Anywmy(zi^bh1Hhtk*#b9SD$oy*!)_v%_+gw7D}s44Td)ZBFHxfY(z z;)h{4jb9BK;dB;;&$yIXoi>IGW<JUJQU9Z7XJ?K7V|iLp?&Ec_LlffKvSWCWxnob> zVDdj(oS~k>elEj}i2pR!y}W3+H*%@gKwEXBHjh$^{bS3a!E3t-)*nh;=~T+D{E%%h z-bddg)tczRj6c9Q_^~DNgiY*VUap9f&Wxsr{t*oe198cxIU53h=k5QfveiOGJec60 z?KG6K&wn&-PmoiOh@}jVPha>k!Kt5JGDhjUjp=RN8xHW)NGZJ!b9S7%Z~pUyqLak4 z?wh<v6D|&jKT$5w6p$O+OJRS;GfBv_+WM(L^fgakorvB<e&xG1{G*1F?fFf91)Y81 zwu!jn=+_p)k!L=+Y6Ekb);9t!yfot)kF5%s+g_N3|8Utsj_s0y?)G4=aZSaILm|-- zU!(2Rt{R7*s%n>(>J$z(zF}f>Na;~|gLZ;>E_VDtu8V7ouO*FNSiK*I$KgZSwr%xS z{J3A-t;XG&!fqLpl{V0Sc+L31k*~6fT#_&1W6at2n?%g!>v{2?VsnZ6tUQs#WD-NG zHp9zJFy1$LnQr@U)3V#XbUce3K3lVnJ-wy9|2(nVk=H#kh2utk$4`Bwvbw>I+!lJJ zXPqCqsEo%uyi=W(qIr>!$>|_1uOm2y>jNhRez%0*W@6-AS-hnM;~d)W4Mq*#=IgyA zMDgZUU35@o>BjHQrm-dYUxfnwlJ*>*+UW0CobN<O8<nPLbmZv>UULuSZIyl92d_~{ zt6Q=jFpIS6%V13h+RByk^sr>(+-T~=tJKxme0s-hgK>hsLVr9S$CuzW+MOzNuJ1u+ zsr^{F-nX8eQ5}M>?1$3im^$csiypFnBL;t!c8Y8}%sH1;tkiX);SwRLWgFY|^YL!o z8RAK4cgi}pu;V4Endbz=HP!v*Qs@`wvSy4T8U#LcY-RyFc%{3}Ms%4{MN*S{H@4<x zv|_(y2kQxW#@leHYZTRDcFsN=X3uEGVkX@+1;4cj7%24J3}U5`DsJFy{e`_WuB+=2 zA1>2R;2bUx<PxMjy^6`Cc%IXEo{^9gm%<?9uJf1}vIV?m{Yx(M<2POEw%g+>O^fYz z!`OCpzqU$;i#UeJu(F3+2$QWwIGOWp)*s@yoddppW;^cB8{k-MRmROVGK0x`WIY-$ zGjP7`M3q}$?M?^3jFWssw>VIZ+_z11YG<e0_HQOK5nVYmSRYWRT8NiCc*palDV11@ z<g0~-ts7$F2e&DlOgaBr)*`2!<@k&A-P{&u1qRc-G{1Bx%<uLHl)tpI^NYBt_0ikg zwWd_=1m{eDAk1PZ&hBV3Yy3YHU3WZ`j~_o-Wv0j`^u<v!&K_rEkK@itvcsux_J|{) zF0-RJGu#;=LYZa6ML6z|tYl_qk3+xb_vgKydp*zV^}L?v^ZC5j=b5*oqY~TP7UFRE z;J*fP#%~GUeRRdSUSnmZ%}O1-T;9fM7m1B!zT6QP+RDYR=s*6s)h)8OX6~F>n}o?o zQCPF>HEVD!|L&%{khM!8H@B%f8f$kgk2O{mzu$YSV=&Fn<>!-ty`?Vn{&CsOm_S@B zOTc>-(bl40_N^Z^L*Fmnd+j8{r2R&E@`m-@LZrfH1Kckmv&v#>X}X=rXsYS+=l?)R z)idd=x^1rd+30Pw+K^h_)9Mx9w=d5QFH|f3cU2W`wkq~o75l`OH%h1U2R#(C7ioBl zb+SJ0JWNFOG{VO7DC-a2opRc<zN7W4pXJ9LX^AG1)RlWe$p#O5H>0nwVHXS@ZzQ@3 zM5ZqNJhw>>oMUy{J&P_4>WhevD&BFlQLClb^=cr6KlEv-mT`@b^6>vMSS#}c^_%Ku zIQgtnT{r0;sEp_AA<^{0WX@|%;{}STaFuD*&ue9&UIfQe^E$YGbpZ;zpPtFMulOQ# zTlj89`eVO`zUmK53rJ$ec0vkcZx|KXDqmW=B|j|STKge!*jzG;4w1i%o^Qz3>_22w z7`X9yr^#>GYD1-zp6F<;+KZFa58`V&VS>Z{fhtnyA&vO5?qxhADY(Rocg;+m=_dDo zH|5$(Zdrx5m4EgkzohR~4kbdaz^+?6xt7eJ#$GZl6hm?&M)U{$k;)Odh(%`XgTM)# zhoF?eavKD@q8}fCkYSbWgUy?3@aZM(TC~$=?E}jm7nU;SIR~S_Z<%MXsvE|sJ78Ub z;lgJmPA2r54bw$olTc=k^c4ekaw$iFtHmXZo#1n>u+rzNF1b<Q$*2lnbq>1r9(r|O z^^qclu?!s?a9q9u8G3aXWji+Ro}Ve&UL3=K3>4Y<5R+n{G4lNpaZ5>B|7NM1l8&?& z;qqwxa4;`}ZJ!ggwFR9gA+nRr>{Ah5PUj+=VcU6xw)!(fchY#CS^V&KN^+oblQox& zzWve#Y`eg)(~E~*kC8&(T#|ul4||mFUB1lB+x}@Rqn0#X8kpo(>^8n)@A!vvzD>kt zDa+aG({JM?kAuPx!3OW~#2QF^H!tI-dGm`fFif8_-$eL#IY?+OXOU$Yb^3><z>~IE z_SBoI@viTikMqrcpfJi)W%HiA_9V?I_pQy+s%g@8Av9j)4lK}OC$Wl~E8!(+OYaQ) zJ&@Kv^mZ+0_!FSI*&l~kYW~rAD}QVuTm2<jv9jxm_5kA5>L}yP6nebkeTA&wR55#i zPsZI_Me85OD*|;Rw>N!wZ{POhk<q1E3*AWy=<YpKG*SAm_P*Wq@R-OH<g*?I*?~<9 zDJ!4pe;^0vI<}??T~RhernhLOu$$8sKIU=2oM<i~1{xBvK@CP&=h9#;e>crTlcnAr z0GNZVt!$TVCKqAD{(ctxTT`EQM9WQWE{7D6C1HX5Z5RQdi+iDEc!@EB2V)hahXDlO zj}~D!bA@nM5|_F}MCvz9eQsvCoUo;ILpPuM&w|S){ry_ZbT>fTMp_vxCsu3eMlRY~ zBLK}&no=-t6u6>o?>jt$^<KYNI=^CMLC;N7Dp7UEeOaZPU93u+Uo))m;<pacnvu3E z{I41&DW(+jR$hV2z;ZMWYn*DO>n82uehO|aCn<W-3IZ6;yfd%c)itjTt=1yg%lMuv zzr5kNykj0?&Z=N60ax3#sWxJ55fEy)g5ASEm@4s%FH{aF`CC~mw#AmI^M;Ymohz(1 z`6JGwwleN|a%W{fre|~BqUr9&BweszRs`QxP_o0MT^xAF>`S!RNMx#&Q<%Gpe^_bv z%`wW2nijG526|7yCd%MP5gxDGcl2$*H{|^Tv@%T%w#~R*T|Pg+1h%LBeSgl-eCgI9 z3#RwowQQRkY;w8EcolUC=N6-b<uU<^b%u&7@ohP;iic}Vx4HWF`Rb@{y&Bm*0d^DL zWxbA5@RaQh@2nsYMV_XEr(86z<Tzw^1%A0|6e?#f=kS$RSA}r-^Qgi-kp+(^DTPan z38#OWFEAuW#B=e!fc-u5nd?*-fc80czKp$dkG8KCVIkYsCJeQ*<;_&5F%oBOr;Fxv z40#aP8Z1Cg^h4Mh_swG-`Jj`)TENb{B#TwGk(Ut$3K+wrt1(4yz1a`ZViv#MW}6JC zeHRI84!t98<!5<RU&4BJ1pI^h=+$0Aw}fP$Pf4>`T;aF!C%txCGRU=%t}@pn@&X@L zzJxLjleTdhNaPQ%e(sdyvU~owl-Ko%Cj_d8xk>B~sCx8uN6p%EYWcHP<`_gNb(AMc zwQR7!XIfa;%HVBSZb5o%JAnuG_Mp1{&$jY(I&9wR<MZhn?-qJ@tZXj8M6u64EPKpx zCM7<c8|?6;!z0kicm)Hyeqwhg=r!Xe1^S_&5faD<Ch?d{WIT+j|9HMa$dhYdDd<c= z1!M^!LOBz(3Nce^fNw8|!j}7Mn)n-*<wy`o+V2)0RI}}+Oy;vHtlv7Dc+%155gt`* znCU?1Jp(5Uv`NC*5DI;oND~*^)Svu<V6AVFm}=L6>=rbie5B1%y`M>ZRc<hE(H!c* z6F!SvYl4z+C$hz8!|aY1AkeLm1L2Pk3aey!_Y0%K@I5dSXTN3bgyor}Z3D{jFouB+ zC|ZyH8al9Rf)io{P$_{pqz{ttO8<g@JtY*KZajiDP+i$Cr1jqbwqZSnY|<DZCt(g@ zCfe!OIwN9DKM<@-LF%|rX0DGyBU7>(adsDCRPfUJ-F-TI+oUzUYAF{G<O;j1erLA< z@yoo`aXdR<y{t6KUg@^>p45~|zgZ_Z>~!?bYFe7j{K4}FgWBcr8OPKtCO+*P2#cvm z|09}0gH?Y!u}NIDsPt%Wd8jNci{U&Xpi(8CQ4@@R!y|CUdR-?8i!~({awbSPjbusG zlm@0SE?O{+_efq)ykGi$5k?fAx7aDri~;0diL(mOb0()t<#ayaXe)9o2lfxE3<ZNi zZJ5a?30S!_&SouR*hb562(w+b2ujVhOF|>$`L`9_yXI5gHP!aJC~}s^KG2;faIk9R zxZQv9`5B$W5sGpI`(W}}`M9zm)_73Pd>XqdW#opNgUMW+G1#-hf&2uK%Ipq5;<}W{ zNqv9YHF-avO@`yTl#p?#z?(#}?B(buxHk}trI!rMR}Pk<ocXjTX+5kn>Br-1*@Sz$ zf*E&CK0E&d=?-WvPUKv@`1xh~X@%e&IAKs5$vrUk6FdF)%U}tgz`_M`dx7nZ^QX;> z?gh?x-M;=XNAf|^d(WiI;mhdC79us>>jaa5jEG>znU)d>qohARR1q=!o#9-!H|p%3 z&##b7oIdV00X{;%zZdY#C1o9y%V!VJ=TgOT$}UL4HO;ystA2s9PfJK0Kw0$YIC?E{ zJXGgB>#}lf`TPXXJ>D%q+a%*_DZ9m4PvVb$XrmIy>49fI1<(#C@~I|t`d$`0RUYt= z>N3=QHKaCNkNvo}0AFH*cO8YAL04}t>HPzlUsm4f)_o#l@uY<sviHsP91`mo#E|>h z|Btyqzp9aNmvZ}Q0^{<L$J+56E}w5?`rzfG$TyDB;Z>ZkgICQR6IOLb^1-{c0b*LW z8GTq&<z``yP0(*P<EK2(#j3w2H_&rFd!c0ZImO3{44XdT<Hx)@8WJuA(czPStkEVP zJ`0i40%<?Bn4t0ZO{;!&vj2u(Bk?nA1!7dI#WCMYk?BgdeFD^Kbe;u4^2?|WpL=s5 z*LD3>os-~m>k2M;F5Rb*0%$dv3%)r0Z;zt%+4(-oZxGv5W>XB8zWg@LJS5gxir|d| zqB8<>z4l98BNn2?I3EiE#up!L5X7o;y9X)-j<uZ3ZymXHX$3PvuZg^vgd=7A$R&C! z{HU_^W)etw7+myxySeb8ce9_OMkOBN;o?rtGG=Hn&rt0RG*^0k)_b~IN$gJ=B32_q zcY75JT|Ww5zPeu`&PlB({#)AD-H*W-3tWiKygs9r6y;-(9oSozw316%<d(%BP)8m^ zN}fDN^Rc#*e3Gl9z(1MR`8RH#-iyw>RDUyI-2&P3`}yE%(qJH_M5L4ap8$D1K7s}J ztlwNA+IVe`AQYds%E+W(j+C2tx3yQY%a>-KTT8?%l$D)!Mq0gs;icmfFSjM%=G`zm z8M?GriW<kJWEB-NrtB5tbll96hVw`I=VB>U+`KZIBe7>kgx!>k0tXN_m{+B&ZWn&A zrk%LSv!Zh{626rD50nY&RXgFcIPTGhC`ULBfvkfGvtD?0)h+XBGhG1$l*WS82BBJB z2qtXI?waNzjOVdqS*(xTF<zRx`=z;j$de&)NP&aj{1KuVacPer5_qmJA-q8LKo}P? z!VmTdUXAzxS<VzFUQz%x0{6`82`gGi)k`OFu6r>m@@-S%;Ovf;5V6h=DG{R~4M8j9 zYVdM?{q|EMXceThH~aCW2OX!YEe0z+f%k5MT!{=78h5T-gosP?mY_&__tc;--b1Qt zl~43Po$dzqow578z4bX<z{WE<?X>+2xhXahG~fjr?YXu1wXyfbk?T?DsnpcR*@O3@ z^l=REzP^AG0gn4ZIrIEfef!Ok`<*J^1yqEc{(+M95?#jECdBnJ@e_3{Li`iOwLc&O z2xj`u62N(Dy7TGx+L6ujC*GAf%TWwm>Ly#&53R(;cT$6`%F8D5t+L<t%l&yH7OYd| zwQctxJZ}Uge}3BB!w=A<K^}bxVsiBq4iDUv8U|$a*Re%Scie~IoU}FNOdbm;tK2HN zBv)fB?1m7^>QimeZ<py5!kf@4U7Zc%S89|-`x<^h$w42Q|5UWRnXh;Vb>@6f;(>TX zvC1gS#B$_#Eb}VzJ1iG=!|D%;mjwSb_IdK!y@kYBusfdlEX_|@HHLC-(nD2=HhAtE z!gE~S>zeU$#jM@jG%q9Ok9tp$^Oo2zidP*L{_4w4oEZ)c2VJ|BtSwYgzxA=FYm<e_ z*B{o$k|429pvQu$Sv4>8v^T{kN*m_TtV5-~`6;sZm;Np6i%j6WOP`#&7r0`W$sA#; zT`;_=Bb~C>WXUH!aa$WnAVW=xWE=x{C}Z30D>%pE7Kw+Fz`Ig;wT3gQ{{4UEQonk_ zG@`s0nLlt-i1<5Wpgpc9j>T+6c}pUI(vz}eRU_DaXN)#q`k{16I3cYx$t~G1kba#( zYr`%|754W$b2uyGuxx_EP=S@rwSKeRt)lH&TtjdV{iYOSgR==<DZVfJTSLoxdX(8j zl$xFOflL0=ci#!cXjVAxzxL%2tocOXQ)xHzo2kucwTgqQ*Qtf0U~w5+ugncI={0gy zy^LD9aQq!R&aZvlNTtJf^kLm1jufuG*+}?Cc?d>nHx~nX&h7x0(pGoFf`UtEL8YPl z_-}%eob9TE;P!)(j$%*b#Y@XLW)G|Si0GhJ_6Qf{rSmPJ`kbitQjc7hs|7v*-D1Lx z(e*UfW=?S-?d+nJw@MOkq|uw)VqmlIzVM>s54ioRUF-87pO#H`Zu@|W7e8uQi<ewB zGWrIx!AkxCC%_^=-XD2-{W>%BcsRRmR~dK;Ces8Ezo{caF_q-)Zi5G!jRSIy^$$S7 z1W0E^wkGnkr~LoBv^>S^^S<@K_%L_2`g($Lda4KfS6|-K1?uq<&SURgO&Hp~fN|ZN z2ih%7ckZQF%=nDZ<NKaNvk3mHyjy(eZtnT2`RR!rTmxFtt^m#leEdG<#e3yfSjELM zD6?8S5B`C&App{>OO=;d4?P*_oLPc3`KhxXxVxW8w?5sO;mCS*F_C)l9W3gez}egA z81j<0s>Q`|r)mY)5QVcp{HIbncpqOCO7%a`)^~J#$jUook;$vCPxw-ztP6=*_el>l z!GX0q#c8Qs6JN9bfnGd$m!I?ZOaExe-|i*DJjF_<!f*De-)t$4Q)U5QXAeqyZb+0l z7nUsb6eg9ms{8TB-Pn>pqzOsgt_r)R?(x%)spm5WJmah?V=i=;<lI*m_-I&PL{D`A z7qWhUXC^W{EiLTU@2lliIRs4E_ptDbIotT3shuxVx@@^NrF1x>GsrMMa!%vP5bbGJ zISU8Jp#k`9Z|PFZ<;m_9j8{6Kp*>pwd`po`v{p~b67iBxZ|e+bPrgYDG@pw4KgUXi zJT?JxX|C$GpHMzeSO=PP1hm(g?Qw2<=G9sczWw7(MUog&Y^C4C<EV(w{TS7X0}4$2 zak8mUtL-a?TIZQsMhaj`vAuj-o8ICz3#{KCs`g31`%7TzA?%1!n_|Iu$|&6T^2$O_ zHw%hI;>JntNNdVh;l7;S71GdB(#9s^Cuy_SGMWZa+c<^vf1n>Fy@IKW1&hYH`v7r{ z>1q_1jduQR5TLreJpjo!<T+We+P$I$H>@3?tyz!#kxJzJ@_h<nNL>)tvzQIA`P^7E z$JV9;{R=>LHOaN%j5A>6Z$U$WgVtEoL*YS4fwyW=4}mzz7D0}x`xt0{9=?Lp*owF* zcDFjU%D^|Z>cR0yc%q<p4IeA&mm+WDzM^42V9H^yx^`jGA_|!RH@E#obWq+l3zgW_ zTw(qPI;mit3N8-ODZG<II<jif1l$DhIQ@2%ga#!MfkA4PhcYp`w!`O7ao)aQJ(Q6f z#uCcp?Yrkij%Dwb;3ZZmYmk>>Q)qLox|KuQ#5a*N62h4hg5@nORxKle+HBKA2j9Q} z@!uE=b(A*SpaD`jIw&J=C1yQkBsb0oCO~Fc9<dYwo-~iWvO~6nH;{||8vBJQ;gBgl zhDgsW25kmhL?j$b(g6DF`$g?bIM+v!L;j2ou3G;<@fWy*6+)28d`UIHgy^Etpr9E} zc%_xm8MX43y_dvT#ot6!E&B(;ywTVvNT&|SpnJ=Dmok*1%Ex6)$KC)<f5kK(Orzox zy%~wJ*@YpFhv-)IjV@}~_)j8#*Xk#{1f5XMZG{@{q2`4L^Z94eh>EQq9{xV9uag+X zpe7&qa&O>6o__oGio%#8#SohjL?SoS)}H?rlw$m7yNKFTG`Z7QM;Di#Kb`EeaxOj^ zw3X>=HjE~zes(<)D&8$Jb+#U`eP}gq<K6vGF#b()rHoS56#QQ8Yz;s5R6pq2?&S3Q zY@|j&>H&{{9k!uXP>pi=yDxPveLf9+rIrETaq&O|JL2}VVfk9V%;<(TyZ<L9Xu<>1 zs%mutiKqlma=O<`8|rcV;}mU@V!&wBndKv`X=gD4ogdrb<)=1vMH}Ki4&z?3ExKFP zsJvsz-L{hFFhXX2E1O(Hd>DCDe@%~sFkgdnY?y7BG05@~()5j!FuIbBtV<bkoLMEy z8hoM5S1z%Im%fnt9OXTYp?4eny<!wzW>Ytl*Ekm=SdU;zLx$$hCGUX-2G!xm&w}aT zTb%Ln>M_}Rr(!#W6+)fZIJ3@!LdMf3K{jv_#zOa8u)OsE;`_u>j>YQg?sW*|LJ%+U z5#rM)U3!tU6Su7A6XJ{sVr%B($JBOQn&~<+w0y7d;&Zf9bp2EfwM$WnyY>ue5+l#| zGX6Q+)E<$Xl-~JG-?V;TVC2yyRpN>n!&%X97>|z?TI%fRTS*VSG6(~?pi_Q3Ftti} zg1MlTecn<Y3|OtCUK9c>D(f|!Kpj7uW<K=9<uRR4!ky-jo>i^mZh^OfE`99RG3Gxv zr3HBHj*^XJ{uAytlysyV!>r6b4Cd<2rx0iEvHN9%b-r!)P<sxJm8vgE4|#cJNACtL z`2DURRlgUN4v6|$Ym;-g72Q;;^%D2w1Dgj-{B@gwz7=k=Z}2`^&Et*oRj>ZM&)Mx2 z%ide0i27`9-B*Q&5HgXRA>GtjK2Og7xHaV;Wp1S`y8HubVwtTm8q4&a{)^Q8GIm{a zK)8ykQ0bN`mxw3*wq;<P2ApjP5)+w;0m9%j2C#n1@)pR)GJIjURdP-LncQQ$(EhI@ z-~FznaPmDLq&N5>R$J5&Wty$O*DYr9v~FVd1e4SUs4Sbw3{Au~UEfP9)~AE$9_#=p z0&pPRlP_>^#cHnBnXYQ%lmBZ}NsvhU2l`Ml#Qh)AUu~Zdo~Y;w$<z4<TKxHj63%?O zI^rbI2#Cdo!XHkFCssk%JgowdIcp^^yT&lkNC-LFL~1G`B=6GkV=;-dFFD8LB~#a( zx)heX9|4Vx)3Zvy#ODoj);b<^_~iPTd5Ec$fl^OJ+^{w$Z(R!7!Et^;wd~2QG9{L} zdz}j3rtHt-PDYQONO-qS-8TpCX<v?Rs)A`{c@b4h7P>MoF{GAE27Htxj=`Oew@+*q zo9*p9bli1LCEpsZ+$EvXJ1RC%L?@)rq0~1@<kE7%V1?<E2;a&TU!KvBfC$`^qJW#G zLHAS?&8I>k&#)U-TqK0e!z(?;{yG!c?y&e9ZhW5e)S}GG64L^dlTU5xuN+eD3h>My zBN_!)7i`xx2gGwOKbVSo=qjc&QHNE;NbC5H_r8<91SsUAnRf)~HRw0#J$^n=;1Ddo z;Du?nF`C1P@D7M#I@QwdNTGyOyVbo*=nQ1J@z&Tl2Nt%OObe@l>r%_P@C#~WEg$(P zpO`oP#44~W=6&OE<FLz3KVGeR@;}gdb6hy2<qSE__$ttfV^AOLYCdhm@QJqS&d&`y zk-GfZ<l4NFvpJQjmyd;bYCMDjLpo-oIVt~*FVB9+kA^FW{Sb%_u0<C0lm=~n5b!S> zC;rfUc;D_jzvYHt>|92<#)oqihP+;$%LbUYAWIc`XlJH9?N0g;bPw|T@@nhZC5Ggf z(~{jkU65yDs;ib~CO}n}sv-7;@39)bzI@gnS>6rig@y@xasnBS!?ZJi9Ehh4J*`s} ziv7|P8#^RVE&p~}Zc6*(q0mo$bC3k@aSUQp?u0yxol2$tv1F&No&WuY=h2AKD)XiR z@wW3o*K?yYvX*nv?FsD579^D$!iNb^2YE~MmGh#Q3sHlb?4t1!pR`ud`0Fd3?|{qm z3fjk>pUm$U(tq0*PUW;3l&3kpD2f5iwvr+=hR4dnKkxBACo19-1AyU;=%Aw{m732O zLHDbmN}B%rOz4v#&;1Gp$HNoEot^^8Kt3%$-jZEel`ZQ#O@c_X(y`2^izJ1yR0!Lp zifB&*n&N?Ob+$#4EQje5DrMiynB)+eoj#TsAMh&+c_(*NPNWAsNhQ~O&)FS&gZAAw zGYYiWjWWL``2AjO2jp$7P3W${X)qwkEoUJ$2E!B){c~^n=Tr77xn=xHZj-p|`ZbZA z7OD{Y(3@MuXicBb=iXNYLV)jfyk_=HUVh8PwyJE&Elz6VE$a&0&~}}P5hvjx0Jfra zZ=+k-Ht9f7W0#Vr5GrCgr;+xsQZ~j01O60!8J#Wd#4GyZs12j2TB|x23Jvvm&CHXF zHzGL|^7W@k^t6=x@>sFNUxJ*<QdZ(?U^*x-%?APP198>uRUpoJw_8HB_=|%Z3)yNS z!(Y=IbcXzeSKh|2stsK@#GjfgRNXeAOI*t3D<%n$7p~?;Ls&8t)%`Uqgfx-uCwvTM z!nuezYq9IYjZ10Q;(&P5fGw-Z`;?{<h{IF_rORc%BHwk*Vpo;ZKJ-@NDYA-Bc2IQ# zli1IL-wj_F0*&P~A#zVft~jKzEza81D)S7en8*!k{%PUD$~%o3&sS-W^<Qcq@RcWu zt1M3xDa{|<+vNgUd)8x)^Zzu0-i0)OF82gAjL3*NZ~9JsNgr?wgP|-Hn}s^_=O7!c zeieG%UzHB8hjtj8shml}*#*ae$dIto8`%PzuGBwhlZAmY%}ZST_f)8@BaPzRnhe61 z|NL+?1X}!tjOBSlD6{Bha^}b(BHhV;NM*H&P*i`bSv+h!RM+kpe&GFtSk4Iq6W&8# zI*b-lanHU+sIoyFNB^|mD=+-|;<56mNx{$vRmo0noWt00BwE(}ytzHf{mrSqJ&fzF za2tJRGzgGl@(r{+e1$TmY~8{VO`|`tB%U=+o=S!7-`BE$?_Aw~f>v{^4Arl$C)bZQ z#h)(>f1*~h8g~?Wcz_~@TQO*%`c4o8)bdxI66%$Pj7I$0C8RM%xN)Pa)I)r3?v5oL z-msMGj@iH{({7k)4AHFM+=S#X7I|RFr5J9;@)aXw_#|bo@OA@8T%|;ML&v4~W_y&m zTy+)kmWJNyTz(->$EGAn(}#PcGUGwD+x#y@2lG%EtVIk;Ekjpbb8Eis3z*#k*xm24 z&+$9YKD9fI*PWoI=}yG|1BKVYGGAu%m!^LsoD!Nojc!iOa={AA@(;FwR`i=lE#*Ac z%Ua2DFC&h<GY<BRTh638`Ju8Q#?qQX9D0Q;Qhwwnc5Ea0YROlt)Vr8zo%qw-Hp+!# zM;AuzDQ7ljcMOET)EB5bw_cZdh?&Uy&YmV3#emM!{=v<Dxae0nYfTkNLcb`H|5_X` zoC$PfKX48f=l|(Z6lK4hFEB~6oxsc6jJqkFveRZHoGi{wody?lzY51s6_=N~I);4p zMV*kJz8E%Kv<iQbV$a@#^GZVV6fz6BYA_+)w=5e*q~l&izcfB5Q~37g7ZbE6lj!y& z-&|a~Ec%Bp;H~PP`O?aK#;W1$a6zuL1>NS4F64B)snOR~XC^<F;XDa^qI5X5G<T`` zjxRy1_wTxwX20*Ray)8$;NesCxx&czy3%EzYCeZdi{}v>N&_X~Xc=>4&+D;vzdUBP zp*x&b{<R&n5aJ>7#<PE*VB>Qed1P}gap6NQHG{ZYy|r<$cIX}g-B8p$dAZvl=3LlY zoR<jxuJ=32>B&_-1NF@`ue|}s)J}yI-`j<$!qfC$IvbpJY^h}BWlP>4YlaHKQqu1e zA%FgX#(t5&f<@ZJyQ<|BGqM}?BMeNsi<j8rA@HYxlY=+G_fx(#rcZPyU<SuT)hqSH zwlzkQQ4|^2{N2ZaB!}lySHd6-tgMIt#%Ld<X3b>JY?#0tw!eMt2yj6R?UJgLNn1Gl z=L}_y^ZIq^*R8v2rc3!v6>pnL<hL<5xo?FNaAfMJv+R5oq=^Wzx4X%!vSwMIwHaOp zuz!~}&DH6NZ+h3vNmaTO$ra0Ni->I-w|lp)2{jc4C}1i+T$pL_j~ed2R`cG!Th&mk z?K)RLC%e{)SO<WXU&EDxsPLL{(R$n4KCdCxmW51M>6FZ8c?0lT=e}jgM%Eg90b$Jb zAIof@jw<9CmBxG!W}^3>(B8VW%d87!w00~j{=t80qn82{aAZc&caHk$`6IEs@&f-r zCe{D9*;P#S0-rP2D&{gOl8-_vhY)guw$^lun>xX6kxXvf{+cU#S7R7_&OX1q*{GoQ zwe(}O&uE<Kr;o?2ud%dSz5^E?^Ik@Nl5akKJ}k1@FYU=HKSPuD)GuW1*e3Ile^u&% zBYcO=#Qm(KFsFv!j+qyH-YWo~7x>_QhA)2Y#Pp?h%^)QG5DT4I(T?vR_UW<f8Ogm; zH8_);AXdbkllioN9*34|CCPfz+`V^{!Li!PVcIJor_~SsBEQe_<>+rAcu<=WI;{fD z1PSbQq1!F=A?f+N(TUO)DjGsxHdvyI-q5infwm6gFYp<wsQ9YShwhY2x5V_J1)>x3 zxr_%#B}Oe+Wrl}lsj`J0;U3FN!q%i6Jj*>{sanm^rqg67P4u71(=svtMV*sC?F4SA zXfI-65D+wWM71D={_MR=A5Nt}=MCfo{I!4uViXenXj`rec?ZOQKkCO4XQK*rAXRUd zNxK!*@ekxOzgOsP#1ghMm2y1cUAq7Kxyt&QJ}6uVtNG`bjVX00RsK_L-got~DMQtY zIh_=wUaC{QJ+qc)IQ|!|>Wi=m?Q$E?)cFTwPM$%l)cuJ*w#=_Ki$l5Cw(yb>3}*bl zaF)w$dadwfLDj-bhg5R5)aO$s<uf1@P;;ZyuOjD+^>&sH-gW9zt9v<qSEZszhx~MW z=_UR5djtG`rD~q+tr!4;8SwY|8_S$q3S5YgsIuunR)M$u_t^(z{(;C9Hw#kKt#gin zb9@lWYfV|IU{u|J`_5st?O6v@?}@e9vgRL^TP^`m;?Yw{#vKAvh=2H&HgWd{CRkQE zI%=gWzdpvFmVj1M;Uq^Oj5U*Gg@|02d~~OR%ScY(w@ffqTFy?3@KSf2Qed~7l0gI_ zTuiXyab7ZiWDwz*Ug}r!Mz@gxn4cWWvSsMt6lkD1VEK&LCa#J6WugwJX=6808=lOi zG$Ux*s3;T0;{h3Y?}I{Gp{DNJyoD@QMy@k&N+UFpD3Sw6fyh&gl1Kro59`N-Sa@?z z9pD+)w7aLr$;+G+3=*I|8rMvO1<iHx_i}0g4^+dFdz&OSh1GgjWz8@Lh~*6{x2X>< zV=<&Fxs=v*!15HR@3}TW_b&KC-RYd_QU+`b_!EV1ISHf3A0#mME($<szoEPYK6V$K z1%zxOFMjt$$qm_+feU<au~Ea{X0qKYsXZCx5OV57wp!f1xXw>2RyiR=*cg5Sn8_<_ zu0#O*rsL$NLok71vs5vZMWtH?xD(kkuqV+Og=$IVsJ$Duula>Tp~*6ovzh1&8g0k> zlE=Ohw3L46Je-*dw6@!U^D}z32cHhTFOjA=D-#3091x0BxC5e9@b?i`j(~6M8=B^v z%cTc(UTL*hu*r1u>H7P#a&+z)es>jAa!wh!xU~31<ebZ|PvVGPA_H|uQ}j)yuNW}` z%nPY+&cJN=vS6xp_Q_mTxcOPfvDKnd^zsUDBb-02-jtOA0>hun35ReMhE?}}AX>%9 zKKGts!&g%PzXsv@i6hTI#gRFy3*>M+3)#Edn-8sf47Vjqz~|$Iit^o+P2aCc%;X(- zu4kejB8*(X<1&4oWZy=sqoJGkRKpp6+g|cf)rdd<v)Zj9tHbgqWo?&A-5K6UwE=b; zj`!LHc^U?CNi>#ieInGZ-7<%xAb}zIgHeI=Al}iyPnhq@DMXr!LQ6SIMlefBTJ7np zxx#(L$kY%n7)wNL$pj-D$|rM89QlUY^|!3QkIhcvZ`q*)!JI)SpK(!t{4V?M_?{U& z{DaWZDL5zVp!BBiGQqo!l~$(fHKa>e0Bh%76SDZzI&w6lp<a*L%S)m{5<H#>Wr}u* z0h*s%1W4iD!~g2ht5w$2rU4Vb|A;J?h5F=-SjzUyb#3}4*M+LJ&x3CR1W6oqjp|MG zFRTRyN1x%W^w(~%Cc<$Hc_f4nXOS(e;52P!=wTTHaD~|ndEA$gCd*Vx6Plt@wj-|w zKaL41WZrh3F8iu0$xXh&d|K|X8Tt=&Pa}EXXFx&dCxoKF2O2{DXd;c_d<|48H<o9x zH>iN+FSvSDEC7ZcdpDb3-x8fc-^((vX8wP0&yZZYW(I1Kz#7@-@3nwKPKK`W_7-!A zzV*#LlhXf`P5RD~yr=8kSb2vb3as7!PRycJY_YxoJE3sSCI4sQWx&maQzPMia<d>t z<K&>IJ|VUoNXDmnl3Ly$QGRqa1N`Y5|1WmV+eLpu<eNwiat^=7`LakSV5p(<cHt2k zF@f@iowA~PQarB7_3m*}unwg<qg?3uPUrUW^M?C-QRV?`1%bqpI{<xyEOPJ+zixwk zaO1Dk?#id1$CaB2(3O|y_&Z}}aq?ofsqLxD<`8KGl`Z%70o7a62@dtPoU~>0Gx?W= zo(cE7%d&mo{dUqe!~=zCV9O3xy`YYC*1V{fO2R+Bd*l|vU!8Ra+FUAeD&?3)mc3QE z(3t72|NUxgckmdW!(F}D{^Y~SQ)%5v*wX=}E*@vZ)VU(qp$E}aWXu(U;Nh!>7fIiJ zt&KABF>ng-QHUK7N$ytWf$W6MrEP2X94=+}OKPfF<*QlJcI=g&Eq0VCU>sk`(qFia zyX}KNFn;j3*5IB{=7$<y?i&KBn=zx37gZ)+rn+SsGs?YrTwM0}2TPN1dw{gnt+D^U zqOwN*fk+D7>XGR?<*xrgG=6KkjkL|m&1vAYNluwf+8g<U4Bq1yxrFD`pu*#-!(v0{ zEwMmty4)K{(4QzA2;FbDWOaR?bF>E?as-`*JnrZsbe%0i)~_hUqfUlE;~L*uqPl4V z_KwG5!aJLsJxkgdm*FL$4s`tP5)110D0rEO7mUls--ASTw#Kj`VJwy>vU9N*8Yioi zU;UOLUmi$|&yp{r@=E@J8hG)Hp}e+Q$sL8D2hgN50jt;_55fCR`V!N;>Xd!Xw#JEH zo4I^+GJ5{)%3t&hP(7QPJP3KUD>Qp3i|_1?kpW;(o9Y5uN&%Zoo3e^*`4A0Hocs@I z?0Pto`ouGfc_ctDQnp*dBHQ`BXzZ6Ej(tMna^?dqA_f%AptUtupL;c~;d2|3KO{{0 z=qdZMabxaN_TLGGi~_eqc=tK2(pRDKk|m5U1xFHt)pPgo9VBRGFmL+l%!sd|Bpj)G zwFfzM$CYG;lb=pqgCDDw?DXvyy3@EsEaC4@M^Z*<RvD11Z!J&=f6?O#eHNel?@}^y z?8@fS^)8;Sv<n2!<!TclSz=R`7dY08bh=F#^u;H%4KZq=1I8a?WYrKfG0P1aLEW?~ z7EF>fC4oekk1F6lxea-&N`!z0r;+WbAGrIu@OUC8C~GONAP1+-raEAR&`24H@dYL! z{!|lfLPk)D`l}0aFkXROE76f+0yOiQV6XKFQyRz7h;%x+gw73U>z4X5;RM==41p8? z9@+|atL&AH<HF~w<eFA+7v?WPO{_=`2H#eU^CJ*k#MrS68goX8HWlH)7#2%?LFA=E zh6Y26TLTK)1S4S|S(-U4G+unmp-{kk%k0+4kok3CoWc=8*{THtLi^TxC0R$-nHC_- zE-Ca#t{qv2FJl~s=yK;V3f&4?^-aqfWEy}JL_)m8V+8k#^Y?s(^LPvCmdD~u{E<q- z{=7Jgk+Y^Pb19VBouI`0jGc>w*<CX|_BN4~v0OV1N=QM38_kLZ-8^U30R#n5IjnIO zSKM*Qv4;egxtN=k#ce7kYM$l4%a#&iT0d+9$w-#{3jP6+00zJy?f7L0tciTmu09rW zFrcFDRSvX&y#darPMKE5`{kV5M2DN|ue+|Oom+qQR6lR9%M~CCkOhA}G9`+?Aqo1t zG#Wp)02jXUzlQ_7(`O~Y-NHzf6>Ehf%INMmpv!Rm4Ben39}^X=Oe0eJ3YI{sE|Sb2 zh`HmCBE2;m)_(iNu`E9^+60L|V0QRX;F^x+?p>g_LW6nEd=$dvgr#Cnh7_!8NCM}O z`1Y;4;tvzfHKM>;0T#>dM?(yCj@QpcQUfh>#uJ~Ma~0HKLNnL2EALVR_H4w9l>_A3 zEx|bk5td;a2E~_q6#|?uWY^bHzn(+ZlLF1<Q}QH7>~t2{cfcW1`3A5Cg9pBGZIDe( z2b`JAi_nVH?Xn49EeGF@DN4^T2mF=rgjXAD1CqKv`k=q6<*$XE`;zG+Geg+V+cfT= z+TZnFp*b}0ahCklAf4&1i4e4YrMc>XgiZ4sHrVf^hr1sk;>xJSoYmJvFD`Fg30#Bq z(1V}sae8UBl6i7ceRP+}`3w<E=AR4jwERya|3)Eo_SO)$Dz^^Z+>fl^xgDL&_Y@#- zc5LvsD+4kQbslY4pYM429cpt){r5C#{O*@ukH`V~l64ZffQP~4^-g1-z8LMaHEzN* z3&>a7uo!Q0dgdJ*r}BT}(wJXR5F@{L#<#{nXL!zoT_MtShe^igyUWKmU+S9{YVlMZ z%@x(!9S)hNs28_Ig*VHgzv0#KKI{X*B7%Pl;g#`;4(a!1O7k+miT;`JKL<~)&Z0#S z;@SAp)7snTyEtv_Qd*p2zpCZ_2MQKn;<ZNFeaCV38rtM{<sYay#s;-t3Q~wO%~G`r z+yDjfltvX#74%fZn#igT`+v9<zFZ60Qo&WQYH+OScYD}h!G&dvKJJV;UKyZq8-Jbu z-(f{$YN?68yMDLZpESyta|EGDa~tM3U#0#sqwznj`fZtrQSGn6r3sKt^B3D3Yka~L z7=L@JXf%@)2-%U$&Gn*2&Rh!oc0gUV7{&2n<bh9wYl#(&fVIBQcW_xYt2q3Dr{jpe zoNb@=0|qcxz*__kIaetkVJ*`Vt^t=?2ydT@;Q{iMnyb7QRX6gH3nh+ocQnu8`idNZ z97G=X?|`rplxq|7*<qGZXH|A&V9tW^HOw!EaYr<l1)~~Yqh8GP?#kwEmhhbd%8|K@ z$&OhW<6**Y%evy+@XAE8eaCswZ<ZL35;#bWU`?U<2a?WxKAKt~AUu})-(;6x$9g+j z?b*${9SXX?wyr=O-dqKRG@E>W<`&CtdGXd&nmq!qQmz?D^Z8uyS??oxjoYg#TuT4Z zCfv0f+AjpX20ecCo~j4!%Tm7D4ocnBg6c{NIYr+eR$hULYRmV1V7D5J;R(%Wc^0YR zl1k2xjhQb9f)0^I=uWHq(9K;KS)JY_;e)iHc0@zYlGy)2?Q!D$cJwb@+`U|0)P^WI zb}&RBqGtqDAQNqw4WPvh$Xw)==#-{2WXs53M=!E|$LUI!SX$|7G7iK@RV7kc3&=R5 ztxuYtz>K?v%~$)9PCjIwAv;P|FMpuQLN4mxM7QdkuQ3qv+1ZL$@yPCCi6!0SHB86~ zG|}VbKA@)iNxz2A%*GipdkMLm$j_x>H4>622cK1>MXCFR44IpM45>y)>nm(G*w;Ig z3g-h2kS4W@nI6tgd!QUE!)fn-py^roW746AaFtX%BU69DI<^}OR}Es_Y~=%aeLtT# z7ssUgN3TDN6!He@V-IEy%d6<_)o>fz^RQ@vtJ|cQoGZ4BS23J|H(ulx8%v5rbmnKY znA3^^Xn7xAt;TUoIUpY!))d|p*905w<Hrp-3sK)72?{*>r8N0a6Mx3W(#O5PW5tc} zM~omaC|p3?4Dbu5#4&;YxdOWwNp7@%U$cj2(nHzai5>};5CB%0yzmFEBh3Pm9M>-G zP9FEwl%&arxf^0h7pme(j)-Sb?Q@x(-8yUr>Xx-2R4Td3g>4Vd5HUM+O`1~x)n2j_ z^GAx5i5<fYUykx-c>d(GO0f$d!XC))&tV@jxq)I_3YK9Yb|1g%d!^BwENIts?QU76 zFg#sQ32j*qQo%TVP5Y~_8s*~r`(>CWIFa+BMMR*11u~L~fRVG<2Iv#3lyD=Uq+iL( zT1Ny`!ZJhNGvj>p$w+)+gEHjV3F7ix*ep&r0NEOAtX-`hS_sLh(D(<+9d3$DKc-wT z+nz}Rh-)pk6LR>P(Sw+gmUvrbkbnzLPZip34!U=X#1M0eA&95#S%US93{?QuFlX1a zg|P|&K>Qib>;SFf695-&nOG9X>T1T944}z8q;28BG(Pn+qr>8UtI?Pf+~D}dt>Ym} z&zPn{&s2d%p2HIA9ldu|mXkf+%mWwgZl4v&Y}R+7E}cWk6)u(r^y;w>H)Kz+M{xeE zDE^&_b{ZX?4ee{J{d!4qqy~|eBs4Q$oa^2I56S)5Qq-@ZR9MW?7eVMLI}qM1=u1vc zZ4T6C=LVb!8k4CJdj9N20}>g>)Y6^Oi#eL?i)IYRtx;WuIA|kU4cn)wgoE7{)Hy9{ zVdgk4*62a2Im@C+N~bGSf2|Gi9*xI%|C(W0#33uVnKrppYvi+O`l0#lpTD3Xd7Yh6 z?-?_pdABFo55duWGfy)dlqrHMjvk(Wuz7L2CA%;F6qR19`ok(&2e}`QIe&OSyF+-B zwl7}IthZr7mE12{ziD|kA1tw3sGkp0EWDK#4A}xRLL8ZxuVDOPI(8@?O?u^sR1;98 zs0y|IALzf&PxC$7=dvg${doV&x%-@-9a2hhN#9_4z<!riz{&#4bdEq~Mp}c0EWqP- zH{^5Yvh4Fu;l2#mXmv_WwJ<{G#5&qj4bCo?YQ}U^RCi`?`s-gB$ik=IWn4{7>?B4Y z(XBLNqgSOgoGw)LU5?I%#U#nZv7^t{Xq@ju%skfO5*EgRMFeE%+~b^EH*}KHc|<(& z*F55U^ul;oLMNpQr&r4u;m8->+@RN4m%fTjE}K7ds9+oCbo3~vt5m3;jo5}?Ob-vY zj#8~$ZcR_^@5%CXpCXSy6rW6bXh<tli5Jp-#sB8urqJU0rv}zA{t}vCme0P^sW&6w zmtJW4RHT5%uLl|xk#Ij3C}VJ`<{c@09$zT~`zu$+N@gN#f?e~C%IRL_6EYLbE|IvT zgnT}HKkqG1-}w@P<-7SV7QwJwWn%}p0pfE1g6%_Pq{&-MKFwQ-QW7_I3nD<dCJOMI zG1jh{$PR|^61o`|4H^^WP@b|5E?L(j#O238X3`LUOGKsQx}*ZmU&K%lnbY=XVHf9O zA`F=gFVj8q(HHtzc;{_um8LxfRJsuKmgc%o8i!?hY21cc!iy2gD#+ZZ<YY)x8;mj{ z<eBNhXRW#cVKNfIM73`77R74YNn3u1Q5Xs(++UTQ%zH`gReS98%Yig=m~`g@{qi%; zfY&cd8tErg{0B9U2#Z8<URw88AhBc09b?|Jg^PxVY1ZF`I<o9j4~*wtvdwcE-e%zr zZJwoU-!#(-2Jfkso__e-#Ue>pJ~5T*;KpDRbUe?ZsV^rs*&m<;ZMN_+3lG08z{fDQ z$j=bNy@+afeyT4TCrp3I*{1k<l2P%Rku`BwOaL8Pb)8#ew-%_p56aqw!|!VTz{}X` z99rYN`_NZ!*DfGvbUcNnZ^TjF5`H5He^OU0Bn2L%0h}zHHsy-m`PvZehwkVHcNxnH zUD^8pMfL+ymL1s7WBU|favUT7deiiWvS+zZ1sWe+&@AIwzZ;b*nsjhoIJl5@%U^)~ zz#b9ucujaNp<pAIDqGU`KH!UmHw_Jm31DXN?Sk&on}ny6&1Ei;<O}Z(orS&*iTqOj z+uXS4V|M-b8vwm}VR#N@3l3kW8Rydo8}dLvvo~lLMTl=p#-A;)R;{CqLfM}GvVr7$ z4+fp-gVg20Yw71hCG8R-+R$}HK?cjDlWQds&}eA6z|e(FREJwso;Piy6MEcl#e{R; z7)oo{XSikU^@9@>Kd7ooTlapyP#G$tdcFoQ=^Cw3on3#BOi#7k0Ac>IzAWb}n98X& za0L9>77EB8?e@b)><Sz#Cy3Tun_UzkmaJ<S_3O+>5AD`^>vNQRPeY@9p&K1~zntz) z;8?X%F^KxHoLEb!uArGCL#fLU8oTd<zzeMUuFK{I%8MJi*Kb`g0T+6W`Um<|Ycg*% zxD&Z+BC=OSTLv4P^br0_WBIu_g8e&F>JboiddT(l#<m3&YDO7+TUPs9`{a7@M#S5d zmID25Ze~`h+$tmI7cW1c%4SThj`uioQc&+wLcf#Rq*J>3ZxQ>@Qn3GWlG`*Zpio;e zA&)P43WK99rZQT<LRNcO6`l#SRJw@DZ`h)B>zQ3?f%04rj^bm#ghX!@Ym349(7<`~ zYvtyV(0I4(eW6`o;bIgYOxX&$Gvi!6Z_?FN@8aH({6#ADTkxaf$9vrm{6^UCE&?QB zvSj36mBy?nfgv#$L&@_CP^Pft80r_idpIr@x`x-HCg09352PN4ukG^PRPg9gIP{iO zng_8ve7ox7&Pc-UmhvZ?3iL0<@=XSI^ZTn*z6~u;q5Z4&fTomrz=-A$ra6R;2YGYO z;SedgRGZtMe0Ztp1xNJIjl;XgRYk-hjEntG)5TpZu3C{-A)(H><9R8oIp>qHQ}hoL zH*pS(c^0H#BBUfhK-eAk)Eo|-)s0dB7EaXG?-MdA4@VX?q+%`ebpIUE{sG6nt5aRd z`hNEo${&a?Bh0220!2>$a8z_#2LLqWz*m#-baT)75$w^BZrp$@gmnZuBO&y(=;7Wu z&p4*EDFS5x*r%9TLyS9#$GD^ck!5c#p?@HYJzAU#bRc89{S<6!6!B%zjMOGR7uHcU z3tc)tE}4i}06@OhO7TNWkxA=d$TJzWAUua0=VHtugvEu~uusabjuKz9h1KRdWEsv6 zduRG6KV$nMXH03!5d6v4S#TBmE$tOkAgLs#aU+XL$iE(4!qke|Fz$)4lrQ`AB)E9J zs-Vqwcg5g01w!Mz-irAAt<6|bX&vqh?ChedJzhB>Kfg-OYffvpz^TV`&SChvV49b( zDUKD-i;2D*#C&YEv#@tsA(l%epZ=PLTny_8#DsDVfdLAd<#HjD6ZBh2`<8*W3M4@t z<0RLuEGA&p{4yy-VFZo{<-30xT&TN?bBqq^Jl~5aR)LI(CeBqlOEktyyV{NgVw`?l z_Pr$GWZCanGyYr0`56gLQU$qc2o^$Ke85W1OqSOMuFMgKME3ydhe1H(h-ct_#p3QS z&Q9W3-iszzyvmySu1b&3<?xeXAT;5ap-8t>jPKBttRecAFb)B+$%wF*5_oRr%gd0! zahq7~+S2EVK+*uy!b62WkHj92)(UH2(hN}T1JcQ&A38SRH=o!PNc-K27v2!CHkkXV z_PymNJ!`5q2c=VpUV9=J`PDyebNN)NwK=at7<}n`w)>Wz9<28PuM1byJ&f)_Z9)E` zy!!P4m)>Bp+?G0Fc%ao5WSv{t*{b3Bljn{nwPpNw-!Oh>=7CPrLi5}=muFJ5b|e?M zzLUZg^6#h4o9*84-M@D$Uy`1>4Y2W*0Hp?_6AFzEwt=av!9n+u;5EI6w^UT1@rt4n zN!FbgqAE=4E~{+iT4Rm`Sa1;z1raqLi$8;v60p+c=}i~%%a-%eQXgwrg34cuBn5FP zOJ@+$Rd{-rC-C<6Df<t7Fk#)|J?Zx!pZVCtcvYE!_SaxjAkON(TE31A+iSuOep!qS z>gf3uQ%m7meN{^)7xxv|^h{c>H6<?4iuRA>^p^HDjea&{f^P!{cF1ccT}L8cl0zjR z!ny*LG-4zNAEM7xT`@Xk-!9X8ybxTB@&TnueE+ds?!Gc8bs2`&)PY>AO~?2XUCpc+ ztIWzjB`sKr=&LZvsx$dJ=z`>6TSklx8f@U0cRy50<IDxYBck?yeYAZzwk#O3Z;W#` zmI;OZHs5K~7aVX|b&@uUO&MVRbVxEO$)SyyTjF=k7NGrUh`7tm_w0vyrhJ(?+n2mR z=)_D=PW25p<7KaX@sArK%-OeQl&43oiRajY?O&<;qokDV1LF{z7`@uR0&ICJjr3o_ zlCn2bP_Uf|g(i>8H&lF`(c3#^iSEtRKv>spIZzh`5_cGvz&MW4t|+DB)FQ?i>3w)l z5=nH|>EO|b(x-Fr_+5KE9AlsZ)f)gYDWz_nvFS6?9Y~BI3{f>+X9*qn>#^rGsfRxx zERNWn{SyrH%_pbd*E&S8F01Yahfd({v4<Xj!~8*0p{_?`-!s2rmm!`M-t4F>5BO}p zgDk8f9~trY{kQcl2#6&%4Z4M625Y1jM1wDO1;kL_xdE9th1fq+7&?&~dyGPbo;iTU z>gclQ8yBe3S9B@ocFJI1)TKgqEzgzo^LbihVC3Zhs{8zTQOR;~PbIXKo=3QSU9(Qx z(Zw<_uHex56lpY>ga!5s!dAgk|3H^XrwmwEMk%zoXbgW00ICk1@+MzJCjp=sCL9TU z&JgoC2R1YpdntC@edKNFl?bm?1I|1(>`@XqMU8{>wi_fd#IXnQ5SlIcHauCaRsU>= zwrP*_8z&Fi)9S%pgmxQQM1>tdKusG-<mI(vib78qp8tiQA%(Nuk;<ej5Oli2lphG# ziDc!H*!$r;*~@8AT7C8Jd%}25hD3&2x41u|`O;nLX@#87d>z!Fs`eYh2icQHxcUWd z)h~;aUT2o4<{~?9HoJK$<us;Eg)~=wd8ZwUr&#Us4M<%-=P)~`JXJ_k%-B(9BUG3& zYbtV$Sis&6vjz-9UqT&hw*?yoTvG7?o}C7&yv6G>YPHa0ySf(|J8HJubcSzxqRQi( z%w`n|I-3?7q^BrfS@Q#7uSEvLiq9tvXt5UOV**czlep#AS10lomE?`_eQ`KLowMpf zbft#%y9#Nc`)Cfw+53&{-He*$DsOicD(?Nsiduli8-0>ZkE=Q7>SIY+-Yva!7e+U- z^FNBtJ)G(P{o`X;IaiZIj`6`H$H{Sqa+>o{lFBJeCFhthr$}-Z4YSz6NTmo#L<~93 zQX$El&u2M)fA8OayY`1&yX<|x?$>=kpO2>u?S18+d*+HYF|335hM*wrdl^;8<$Rt) zuXT6>_pILex3OWS^5?gN9^(_6zZ&mzhurSOf{<cvWiyuqo^u&NTRZi++qFY9qxT;a z%Z7!RD>gg}FNWCEp1E1N-R`rQZX06L0U-k{&fb`&xI<3(f;C%fDhcZgPfQE4GrsxU z=5R?zXCEk^z6U*aEc<+L9Xvp1GS2^krX&^l49>f4Fl6y)4T&<Kxojcx)ZVTL4`;sR zD!NEUJk!1R=QF3Uv5#ra2=424`}MPz8>mm6z)iqgXt^k#90ZWgu$v{gY*lT(mU@jx zBcp$a3-6V=qg9p(LD{ryL08TyDhtfp2?CNBZ>f6+=qPu``d3#sAda@DKuVW0BPfTz zR*m>Z8s`5w;v7cuL2(;{34pyzL$ihGYY=BgZ&Fdyo58(J(47cED@g)y5Ah(|-xiPw z?vsEqO&-VOjR7E<kMTDMH4G*$QlX)&*1U)jAIoMfc({)apkx5kNR?nj5=iGW23b<2 z{jgRZlM)j-lddo3vw}rGmdpjM@hMUw6X20V`?FGUjN&+l$OPJv;wG0~Dk#$-C;hu{ z0R$>c;%KZkTS$mSm~t6gpR5b&J@*#-J^Fa-!IIzGGb;!im4#Q{?06ry;Q!xvf6nZL zU@K?5L(76nTN`w9((ss^;nLsj@@ANnoJi8eRG*b-j3&KGt$y;?s)Zd{A?9&T37K8E z4qjM3y5a|1)!pTz!YM35&016SzGLE*^jtR4c9ESUrLa1MD(g({Ydp|abp%o`&qFTc z8i!FhHDz;jgY@gF63-)irjg#mO2eyz&s%4ilciB9vLYJnvA<^WTKqB=?M}^9d?uBx znE%69?1t1!e;Axo1lxS7k<w&y(3<`j`d<d)-8ap!do%doumsi5<!nbIY=9!?hJAeq zPz<R;Ms+&uI2-*l!ELCXu@BMnjm>&bb8LAss?Gu&$w!WWCxRu9BM~reCq5j^<jQF2 zWTazSk^Z{Lo}eP;(^IrzL;pJfxV3@rO67D+XeloN>-?9~`fUcvtvxswJv!iAzI;@D z)!9e_Ho?DrG0$7wLr9}Toskm=6<#grraH`7K>17a(}^MWk%T51Z;?AdP*Gm}LfVX+ ztb8zU%O7I<C3wIf#Fkf&`?Z|NHhHtUg&oj@7XKpm`@fmVj)t|Ol=X8eeVfk{<m~mF z*wT%tzUde?cjRBYKYz4bB=ww9H8cl+M(yU_eE(;Rv&%MI*}I6jDB53j0hf}eSH1-6 zE|5?%Qb((^GbW2ilHBkd=J9r@Ec<<@)Pe;iXOKPELFtY)w}TzA@JZ@JU7{n7$mx*! z0vk$Eq(QN%-qmd!p;S(2$uk|tYMDAlnpm{&pM~KM+z;zD!W~Q#Z^|it6K7)%8<xEp z9f{A(+_;7;znia}SbjfiKlIf=;wB;51|z~h-S``Qx9sCp<dauF?$gCL9fcfr-vK18 zy-U-Ma^FW<$L?3e{F9RFHrF@m6#C)v4HI%!hEpO!I-Vp(D^nT;a8e5^!I!C0k1sg8 zipHQF5fPK6*5#G_yiWJCVs6plOF|$DYTqF_<Fy0==18z#pSM@r^PajSVt*seB3ZJu z;2`$d3BzxAC-(?5#|*SF5%R_^FK!1;<lR!Vn>I&&rAlPDdg-78ffKUXdx&kySJeLJ zirye0kVo~PwM-=#8Gd40scj!!85<UV5P)Q&*)M0<9n7TPkP2lTv<Zn=TJ$}PdX;bp z3;eeGX(<|P52j0S877}kSpBgM9TcnX^y}L4o*~G3Fw}vRh<o-jFE`X~WIS@j1ylqZ z=0-gT1sEM*lq|yd@|FmZLqDXGUawPj%$c>KiQ>|GEM+!X{8roiu)~k7ETK~>8R|=j zy@k=eCF*n#mul0A^#<tcxCzif^Ki}^onF=cQI4p|{DnjyoofVi=r@|4@$WR|AYuwY zKY{{~N+ysheGy~_WY(%aHtKlal|yq*a|`MvQEj^yEqKHai&(CY7Q;1&eqqV3lex`} zOUTHF5+U2rqS(+FQ7C6eyg5hKHW?f^1-9)3*B@dirgH4x{#Aigh9!hINctb84za~w z=FDeI;kgjr9^}MzBIn5O_+zfryOAzk_ke41h^e%}rz>S?A;7)M(cL!{^JOBeO2s+* z{7>ZmRwKmCsc41nU@Q}}&a*xF?6L_``5}2ky`@(&RQA==f8vaD<)FV$4q^UcJnz$U zBc;=G+pq<D4jDgElis+k37H~H=BlSv4IHNV+qNovX09G<7{=ponW#5pyn!#Z2hTg- zBJpCGcP6DekleKCSsGlTLLDD2)J1T~ugqvI)mD$?u0B$#NyBaKJLWuab9TA*-)6y< zYw#-KnX<n=cdfX!9e1qK<Blxuj%5Jhue*FLyBlpdPaCqy+?ICIJzMG%>EEP@f<_Iu z&f}tI`v0OYrrkZ%CHELQieI6Z&X8|d-uQRdxBCj%584F0-94?rRieH>)KNfR)xyle zNvY>N-)TNBAO<t}^t5JcZ_BZWlv(z?pG&E+UMarQz3k)agQl)JTNJ>4BPhZQ1w-$H zYc10euryubWqyc1W)UB`m?nmSwxp$F1SnX?PRfvA8{PlD&I~?e2s-ded)@}&ZyjC+ zM(9$k0HC4;v`LTQJ5t=@C%y}9v<<-v)T#t3)<a_arh*lFMa2hX_%WD<ee~Haiuysr zOpeZ~b-&KMDZ8X=VF?f!B~zNolWi(KgNt&=TC|2>!^_f{W9!BS_Tcy1WwqLdxrOEI zHe<ec4@4Iw$EMGZZJI`|rx5sIfSknSIU>Ybbq+&?w|y)~eqkX#^a!{*dvujOK+sZR zi}n^UlWyDPJE#5)*387+%!w=;&H?a4TEfqnjpv4Oa^rr=c38j5+thnREitnwhLWIV zpZ{%@d|$HK+W`!~pbT%b{b>%zWrz=^7MMlDuK0fN6BW43$WJZ4?~)G17vGaZw)lPI z(MXwZKgZ`!c_HogZURf-G+TTi@aKi))-8-%IPApr#-ZUq1ndxgL+G!4T|>F+&Vz~8 zjQ__^)Yi4mibzrl3(n}1jkjjr<IQuP2ggtf|Do^sJZY@Ey_y5aRLVQpM)_mMwT#k& zk*?Of40e`3I+pwV{-av(g78IpLEBuAeU{}AS&e-KkSllX4+TRIepA2_|9_zK1&?P9 znaMizD$5Ml`{1`@?qL*hR+WXY0b_}H1$1^kH8!8FrFa_^;i__0h9|CtnzW?kY`u<t z6}h;_s9!QVgU>W~Jkgq($u^Jv$&fh}WOu3rl?yBwdAYAiJWioAnJu1$c+Fm!Y<A5S zaz8dL=f_r=Va;Qd1>h5mvky3&y9kK7rpWJypN;47M=V;66vyxLWAr!ohE84tM0ch- zafAZO1(3qq+3{SdM+3rDIx=&SFL7hfY3xNq-$4rid|<X3ARNNMnVi<R^!oncOxV6- z>t;H$U`a>3#5GgJTt4Ympe~JZnvS<7B|2>h=}99n^OAbuv_YMz5XYcr79HxTdG=9` zd9mDC*YHN#_mL8`FG{8;OU};L1E;uX*rXxmFDxf0F37H3=c3Mk>|&fc0;oXO!2gFb z^4N7?g67SEm#LhFWt1+BE9Bp;<qJ0YCkl1SRkqLFJ+a#_Et#r^Z);u$i_^Uukeh?a zcH|I-e$R|0+1HC%U148e{OoT3>EFMrtsWT*gnZ9nT~}Ug3^{GN!fde=u{WgT1e}zc zU9UP_tu6UF?Kh9)82Vjt0{{}L`R>bu8#S-h<RG||gjjnnu@vxGonatA1P4|G8yxu~ zdS}=Z<gomTU|$=+$aji&sQ(OqQu;Nie4+YhvtPw7Jq}y4lw!QQsG=gD1|QDc^A7y- zE>`K0@Y?82craM3&X)herCOL+v%&rRl(^%zBFCLJ1(`9a-Ckn}=9!YQaWl(fi9bVC zE?*0#Wj(fOBGa2*26uie_MR5``RGdmHc3lFJ)o__sbr^KOZwS~Zv8jNaS~WNEBzH> zAT`FrE8)wbsbUs0^M=k2wYjf3Q2Vd7^@HcEg6Ts6cw<rQt2DKpnJn%%d@WE?0<au> zQraTzA`<x0u2%mvZ0~m97F;~5o3^hdA2gsnqsaC!;p>xLMK|#diyirbJ1iP-KLj$n zeAA|8k4899ZW*6pItDb^d55X2PSIsNXeAJ#ZVh=a9t^-kaSUFs?B*<J<62Bj>tts8 z7~9_;$NT5=pG!q-&b1cKf;7%S3Bf=u2d$|^{4NRSDy|1~D`e;F{Skg|yd3aYwNzBS z!4UHf-0mMQR3GOq$=WGJ>L4AAM*G>T|6A9}eNb!g3le@s<jA62s@)>?yK6V=dx7e| zp=pnh((Zk!)?7gCx0wIn)bDr43%{JBvcC@Tm(j*p9w(ZY-rVj>zY4i(S1~p8sNJ!P zr^L~%Bg_zdGii1p=m_(!H~7`b&smL+>Y*<Dc`Kfdn>wsfE!6#h5d{z|bN5&J1>PH0 z(!Vt|DnnJiRwGeO56Jqw#wXmiv+dSOJG~iq|LIsfMviE4XpfMmN<JQqgx}A5dH<#H znFj?g+$32U-8HRpmrroYfA#(175Ejtc@}ZtJjkB@>0s!a80LZN<?pHNZ;VZ~;r16K zU3aT9>JtwLO0r?FDUXn4doQX4OtTMh_lAp#1p{^D{h+U`WwlqIBP+pHFgw`ql+;ii zSq0Jm*YVY5vc*N_fX3_bt$V$$2e56@fo4#Gkx**}N~C=8DjzAC2rv1yseSH-6bjB> z*uz%QVeZu;UmN?b=xB*MD|D?W%Lbn0<4q4(iLA`JQJSV+>GQ{Ld*6}QjS=wI)9)~M zj?>jD37p2=H=3|$wW%6nl}qXk3P)5pH%e3rT03oETIcvREx$gR`Psm+-7Xnp3-PB5 zD-4sb{{&pj3z3i>|GgJ1c;S~-C$!@@`D(8Uy5Y5JS35u>5a0J9oP-w)P!}+IyJW+n zp-7+xom@^eLBQw~J%>ykqW3*WkhS|sT5PdqfB>>P?v&7EfiVqOpJ<AQQg}Tmu|-aW zkvbG17TH1BXK=hQ1C_~=faRXRK!+H4v}ems@-igWNCKm9wU=ESqnTy7T?TIvsFjZ_ zgOBY4dxlxAG=`*&xKA8U(RP`^L()Pt%>qzTJ&xEd)7>Slnls{fOyzAj2H11<7{002 zXuvq#D+7Pg?{An3@--O5+qGu&#htJq$<`u8MJJ!td^N8VA&nAF&~{>+8a3P11v%Pv z%pFrUOm)ore-pV6V2_$zKfG0+qfo6xZv&BLbKyRL8S;elJ5>=|&k_D(t|(TP)eAn; zqW!N?j_r+7e_s<28fr1it~R={^++YR>0ojE_0HeWlGaz|6l?m*54VpI5~ry*Oijny zo%m;R3i+LaEz2yhsqZBd=@NH+qU~&ICwiNb*E%%!hn@RV^MWrfe~%uUI(B*^Gxwx) zZNJD@cZZx!w|)=EJ)itFK_-5%o6>!a-Msm^anE&nM{447&HqDst92Es^wr(wr-wto z1*KdZN9z|U0@m)n`gOjxb#8NRVArG(tLgG@n^NMB;hui+Mn#4HPTuH(KYPe<VTPks z`W}%3j+1hISWRwM6H`Q@!epSh%kA1lj_YQ8AhmQo^!*vqNRSa%!6_CacNTi|nR$=G z;UbSqZnAsp7=HwFyJD<vdvZ?6nm@OG*{HMCu~oo7Mv<;dM;VDo=Kf7@PEvr{tB-Ay zX9`!XEFgg=R?W}n7&2cR9%&lUa~Nss0OwnC7$<?(mdx#|Y2pK^MAM?@HR<rmc97IF zBv($_5RSwiw~7x056uI}V>^&<m9PlgqMhj0%WDe51Za9qK})cbDLV2C`3jApxtMB` z-X>%@!CXAGVD6eF3$7E=Q>YVC4i^=7=Z(913PJ16QzFZxoF+R_E0`4pB>4`G9okg` z$2=QU<p?kVSId*WZEWjI9rSb=sA-HOLt}KQ?)6>-j2+6hXb|sNU*i~J<|nvd(!!fV z$I>3g@>LYmLv|e8j#kK8gQN8oQh$X|7n6FQ_WJWYdgU8+aFz4>)~?-)lcT?kE57C# z)`~t@6|03lxfi0g@Rh|VV6bqU@S^?u`$N#;UoG@z*Ovl-d<VwHGxFH8w;$ypw{_&l zW_3E)Pqg37DPW-_vY{Lw?uAoi@AAH7*|k+J_o5_mBFfR(rKI54Ss_3D(4K>*>BfoP z5>J2n$jo0K{PkQ(dtG)s&=Syzz$4I#(_($EVF^B4;*F4M1;<dRb?Y4AtB*0Rs@8Xs zhw!Z<%^Bo#W_sx9%QFKD{{#J%8JZE*_+&Hs$amkT%A7{;U}XCqB>HZ=mPzT*bdW4C zu0zZR6K4?YHn!idX(ne3WZ6G^XvOhA(ATf>kigj1dYgoBTgz>Da!#E2d48|YddGO8 z)UwVALjZ2Y{QyV|iwdj@)SifaA@cf!c|R&JHT{Y>-Tzp6$o_CwJ?FUN#-5Y!*O9;g zF;9evcnqa}nHa?gj-YlY_4IwTJ3HSQnDx8)O*dqlEU8v==bT5q_(O+dt*(@aZ%*+B z8OG*H{63*){xw5(&)!>JSj_-3jI>j=<V8n0E)T%G_HvFcs4W|(&<$&<Z&+%E_8K|~ z`^2qZDqRpd%_;jYMXuzB6xl2cVe6IuDNHiuWo#ztMg&n*HUt|^QgT@dANic?Czf_# zGt6lAFMb!<lQ{Tsx~pfSXnU_0m7s9yjU+WS^S&*lXPk+vno>%u-fKc&aNd8-g@W!& zjD{3}M_wt7eo40s_+n<GpOkWc$ymC6ars*BC&h*s(9)m3)@O8XwkV^pIb9V)ZslER z54;ZVA1OV&;E7SN*LCLk`F8Q2<FKzgdy&9!rR()?A(z-|(y&=0AJ5&C^6Tj{jL#Y1 zC4GoYIhWEkr$1c$A^W$*iP%qLwf=Mt`!q9L)X)=Jy;~}eqO>kJD*e?MzPeFDr+gQS zH;I_7l9p)3V-$w*HZqfOKLK>vR{5sI*DMQVq=Jq}Y1x-mQ?=?Ag~zpA9doTmZqA8o zU)zqnQw$%M-VCrlngmh-!l($WSaXChOk+;5*iDM8f1o5n*F`=vK6+(`^;$40n#uo! z3@urzR$b%1WCHmumFEz}psxnm*Zz7i30-Or#XypgL9t2(TT-o%zb?y$W|xQf=m(x9 zz+kkwmMB33#-n$Imvt6G%tzic((Pw2@i7RA0)S~vRjWY$fvdsLIN%-@9=Rf0YqUZw z+OBAPKVIN8RBh0nJr1C%)C;_575{W6@D7djy=wKFC9cNIHAT^0g9~D8Cx;0B#<DTc zKgz63jETAq1d4lc2f^oJ$#?aNyE*D@Y83O`;GO?QBIT+4BJ0kqTmIcdkD}-cmt3Wa z(ijQ-sGIfB`?LEDMIE|0T8N4>RZ-K>rHP)h^S2IiJhg0Dw?++=R>CA<!zwwWVcaFh zwd~a{GznUvf0wl*YKOh}>!4Et-bc6chSDWl9ZHgCWfXs&klp!`j#4e}>g0KgAlt)v zbw(WDeuyQb$PA_ygm>>4%y12dsT(~O3_)R{X7cNdjZT{B5FJc$>Ok1v#7>#y7AV&< zA5-=K>#ne9x!8`xkbh#a1BvFTZcZ-+7{vhg)!pQDt|~&QyT#79*CoB%M`Q$ZlQV5y zbQOJKugYcX1;2*+HBSaq(irJ#ixKMX;f%{L@(+ENS<<-o!}2V?OzPr|3;<>8Lmd&w z3ezp$diUFZ3G10L(e*k>*=WItW?FMOr&mG#%XN{gpNhw)=(X3=zbPbEg<ZMz)Fvv$ z9Z2mwPh~PBx-st2AR43nTDCuFf9V7=_!;al>CV_<UBC@q*;`+*$Dw{=#j@tS7aD%q zV{=kp8a8?boUrbW1-crsX`hdg;_n;Px4rO`jqC_Yl2^=ZyD(oCx18*cRk5%2%m9^h z8a=Dq1~JY~)rOQ8BjrX*^z84a;FG_T%n7Y{!J45T@FOZC&r{itt=LpvDd?1B0r@8p zJHQ!8DG~$<tOzxLc;fK=aE21;HzUWe1{k@n6X~}7D9v7w_BUuFh&a1O#2YC{#G=%# zN^a#QzxD$GDr&MW{hz~7tr{;HO(+gA_cxN~*Bfe_1Wv-HkB&SLmQ@#N8Kt>u;W>by zX`1<otQ?OseG#;pCfEr_%OCh#2){)m2y<{e{WFv7$M(syc!1l!Y|-{)J6JGexCjED z7C&&r%~Dwwf&)$S6S4dAUod~MXo<%xg1_nIv>8IylrI@2+Xb+>Qkv>%4*dRCQnGS> z48M}Qje71NMxRp(%|KLKNyfjc4zf&3@|>YstfN!*Xo)e*_$dqEz(mQi@R`!CoWWYC z0&}Z&QObqXvqhZRVJb^O#<FvBK@I`CWnpUnbwU~Dj55FuPgJ%n!D>1@=hi*CdujE0 zy7(&>pY0_@*JK)1nRfbYR(#xe^_#G)Zll2Hs9~Gl13P(dPs@s>h02V^#WDQgmFM)X z3yr6jf}<XmH}o5*HeK1M)^XUgx1jfa6X<j<b=mPq=f@Ow=&+Z4(*&d*!!*qfh{7=L zTzsUC$g(lr9;Ok~++F6wN(F`JNZ4FqykGldFIe40W8VdD5>H&YMPh!Fgh1EWbSaui zB1C0<9PAZKOVX;uKM>?A=g1bZ)z640ZR<$J7x*Bc-Up$iF9B{vSZ*Wz;B-OXMQgcT z-Lem$!}59NkYLd)0v7qDg)Gq+XC##e(iWe>-)wr1ihwuy3A(dc80*Xwf#`rHbFmjJ zB0IZ3)cQYAU<|zMM>$E^vUNbZ#gRbCy<jmGN^&xMAtZ128>rhj@k*%qOwY49Jtx9l zq2q;p{yZ)tq>A3qTYCP4z53`zU}eq`3(e`Q`=B_(-*dLPySd7;;TleT1q-CYqK_<` zmueNWb%JmYv0+*upx!B-3;EMP^E!FP!>J24CtNa|IWVD6G?n>e)i|5SBhgOdHX7^v zuja<+0AJe)uf_LG_kQ^ehvTGFqcSFA`~x(L5^S28;<_f#E#HZ&zuzQRm4f>XLmn<& za3jRr%FQiGJTDhyMiWz#o&c$%?BK;Pjpzz9RiI4p#L>lv9%Aj)?ObhsQf3L5#-?%} zer2|H`IU|WJA)x?n8Lh8xKt5;P2oGuKZ_3Uu|r^Y$z~Lng&PYGi;EKn9EclXFB%h4 zWAXpyV)Z`VTknHW26i0xu9*(zy>PMkw`vqF%kjPB9Wrb(&ga)WYEHR(B3ln{k34er zcGY%sOsf1JD9dzU4;5v@d9reHfH3Bm^rBbAeOmMDb)s?K1#8z5R79;|E&z>vF(q}I z4lg|`q3K#Wu<w{eQy{AZH}JkZ)vjY=ROR6p4XA2skiTE{JfhgA5SV`<b+fMV-y~>% zybbdVzI669D@Zge-BzgYXStSm0k@{l9Z`cl;uOEM1II)!MorQSI?BP%*Z@5v1tYu# z22N&gcy9X#)*(QPRt1m9GUqbtzY#_&dboSfL^e0(N?zI!aVi~)8yNbkP_IiGkw|$& z-G=@ZMcDmyJW)7KsJ?_n*Do2@><`wkq^evu`h!sCcS>1G%eqrx<S$#3ul8=Hlyyty zzUFibZ$GD7Y3O_oQO^D{1DOPW*?x0_?uLeLmrkHJHb-7e?N)xiUCX5h>WR=CaK0Az zp7Ei_q|7gwSZVvUHiR$heVXH?{o$ceDpl*u2$guK)Q}S7W83e4X*llvYJ$zB`+d-3 z_Tqt8-TF4?bSIn#{f<nur)_VD{tP+;)TR1Y_P>_R^E)SNI`YHE_H5EvS&n?CH)9yM zGYftaX%Cc&rw^`9&S~o&G*?-FmME0cR5TnL?1}H0z2X$9AaQ|a#~=Ewr2Ccm-?=Zd zLFB%8y0kP)2MCF=V{h~x@Q{!d!oVYbWQnD^een*wdq-CCRL0+{WsHDx|I}CR)`?+N zcQG+N2~8?M)Np2oNoG-X`^~499hhfsN<V@42Z9-SKmF2Nw#c_qkV-Z9KnYX7P?8*W z&|_2Rd7t_)S+JwI?XpFsLv4%1+_cay?QR_~^z61)$;EZ4uvoo5`~v3WZyE4_LuhjM zuiA@ar=s^D1I{q5B=D}onU(LkHz03j?Hfzn(6dYE_=TJKXo5#iQpnFhrL^q$=;+=n zHvlE3L-ow_SCuZ;ax=}hD|&*Jti9LGTFp_O7YKSx>u99d$BUB2L+k`)qk|q!{nXwU z5xr_<>g{)H)Rn|}vz)wj6yn;^4`nKaz8X^UzZs7g^^W81bSnf`KogE37Lof5Nku`@ zEEyurcsP?;XIKLwG3<e7v>XJQOour3$`B7Wjd<`Tu>w^Jwu*g<pjm2_<gYRvQeV^% zTLfezH;j_14>&ON*GOHfmh-(A)%Zh9MTyaWI&i{JuOF%UXdj$}xr5E3RVRr(J+}#_ zZuO%HEL<xx-!49s-0XV!43rpRl^Wq-#5YPPpt6k@K@7M9Z~H%2kHb3d1dS8U0J@mD zdY2S)Iy=ebi8ymn!1nXDUfY6BDXaSW`PpI0DJ=K9Oy61;3#9;kq0^^>+JRRLW5-wG zXi*0l!y@Oz<dIi$Iy4h*&S1``Ba~CjM$Au;{e@>v&^3K~q^qV;QdheQhKz$2zF#yF zkWWj^2$Np`<-iLY%6Fp%KgVUGr=0W`U;$+*k9zxwMAJ{3&H<{Pb?ECK!(UZ4Ij81j z#4TSxZL#rT(l+|8DgV?5%q@Skts2!20Rfy|?|(jDXmPsnp{`*eYH;)MEH?t1b1Z~$ zDK-VaJES7)9BuA62UvPW>oEX+K6M}_^s6>!y@7x!(5|R~LyY9MX7?RhM7@ko_FD%T z%a|j{vbxC77<fC{&VT{>uY}68Y<uc80`rsmQ`Q!#&kovx2JJ`tAv9Y6^8z?%7jQYr z1>8H}2ANE)L0C52#(gj=rF1OwI!5n~DM**hv++h@<VAJiDgmKn!QzIE&Hflq1RI@7 z<L6X(@W3AsDTm;#r8)`{71C5uAo-Fyc@j6M9W2X3ho4za6@3>$9vOcecd|~Ftbbq8 zUN}1@_oWp$9nu6+5a)IaNpD6y1g+!sBsoFa7=s+!J#$;X(YUTdPDOM?hhZ*fLJ+;` zoK+Nd=(F?0?y`}7A-E`<2wpiF>^zn=GRvIRQmROJaf9k%r$O8E0`b$O7<qJ$xD&S* z%;6J4w;}%>NQ-(M3&jkXH#F`&QKLQ#a5+L;i0MbwzH^wS+-@XT(t;(@tZs@eO!?d% zyAqoiR&{_d9B)?_JET`i*4~{{G~DJJ^W2$0`!4<)u+a|3fc68H#L}v_DJwdQMoShh zI}~Axrj+Zmf;6nX{^=Dc!xlT?sO{|u8212q9Wt;_vzN1evDbWm=wV3jS@z3mQ#p7O z?54x^N|5CUPU1(rUw^H<F^eoJp-WMd3x}i6ESt)R#QqxFfW^K~c8^|secX4u3S#Se zQF`V{XRJ?r%re+!2XH_(|6(yRf3p7hF&}kK{SWlM>6!k4L2UTPEN{e#Ls(2Jz~`=b zsy1V;@-apq4TyMW|J^M=?uRDZmG<aPhFrFz@*$~0gV6~e7H(H7ir1d?=t+-Vl4P!X z#NC+eLfB$VbED^`J^IqvJavHZY2{2wn+H5DK$_Co!MNSC=?+nsIj)-na9m$0azKjX zK^b5dU`ocP8%JH{y-s9_9>ONOkt^EMH*P>BbL-hl6r(PSUspKXc+g#>oMT|}C+{wr z#YlHj_3Np2Pd>gbmWk;!hh=ossGEwX+#1Y9zMJf~8!kS|KedF^Yf5z!dsObWR0^+e zYSz2GRNhpvqS!88t~=#$+?B$Jy`%78)|EX~S1_cr|G4||=r*PJzvy+>P@nWGk_@xk zJE+;0Bt5--{4jYEcxSNS&(D@!WS;f`pht)}c5cWrn^2rGUiS8g^(@+$l|r4n!W)s5 zi)FjvV?2j37>|JN*+*H5{P|fOaP^ye_%@9z3v_=pI9i|kyM|=9;-=IG#cAU{z@HNp zGsh!2<@m$ugWaBYbH3|<hG7(1IAHQAL=(oR_tRJL<aWER^8LZ^L=gpo-uI@d9nv_& zVIQ!6vyYfG33?4df&U`Cq>(`y|D3!0&B*QP(&8@=`9Nne4n3`3w`g%o4LR%?cQfm# zAPT+5-PA5?C3Uz380FIz=WH(I(PW$@_~e&D%Rl{1KMUOccFE-~g&}C~eI}QeHHJTS ze~Z68A$<maJ=!1O#eF|xld<YRT>AFdSz_T*5!P8#y&sj<Ii6dT4Ksc>Iwq+1-KTLj zH8C4YP|`4()3C8adgek5HYAgU*mBuzcaYC`d7NTg=KS3XRk}_Lc?T+K9ChwHk%Kyv zPOI4nv&;K<S>I`)b*s;5_M)Dzn9BkL9D5!@d`@S004JvEovNG<0aZTX03^OX_x)F4 z1aw&5L%$awW9F`YDsnktbX43J;m{G_e4P;^S&7*Kl5ahl&Q9g^ijB}&Jju%RvSquT ztpHi=AjDNP4jP{Wui*tmGLESycS!xcMu7ER12KP+L^PQl&LK+`OA{g9GieOpQM``$ z0NY4DG{_wAorRJ~hl)h@{8UBCSvE%6!MZsVsEue=lZ4{FJxF&lAC3#LrTcS<?@ksc zq=H(gY<O!yTu>)f=^(~wLUX(bx<8=KzP&?@V-(SPQM6u}G^a_D%if}+@^u<3x#<75 zftd%+i3z~*@`%?t@hOACvWS!3rVUH^7u)mKYLvIjWGTCa_M)nJ(_x2f>01+jP@F-| zfU<?z+mRE^{$D4#v)n4f)n?0u=Ult|dd9r-VYi(|!C7s_1E7h@f&T{D*RuxQHircN z&xb)4w{TackLI<%M{f<OaO$)9b#kiDI^FDPVH+?178aK~E76bYe~#|CUQkUbRk$EL z^ZjJ^SApU8B%hFmk~ePnj7Z4aeY}^%SQee8Rca|X^|O(_mUh4puhVZPmXF)3LGNVv zKTAK1q#~CR+BGb-C-Ty~cV!PTFZ4e?4wwifk9>8<RUi~Q1~<~Mc+d%n|AAzz($(xF zb9=HFInR+SBYxkO)(l30V8bkYJ#N)Fr%q&x#Mb%-KszL+DIQ`B*JsHbm(*|qA=VuK zc}@2taOFMIeL#3jq^xd84(g^uAgJG65p=FF2T+YAy$uA0{bzLpAnvdU5Rwd1cPt{< z7#x0{$tqxh<K}I?$i7x&Yj28`v5_PEgie$JNRPphI9_nARgGf=^wBT6gEi#Ax$5+q zu`|p#J7?B_!ve%`>oNR1uw5!%(xq~;<TF2T39l1Pgidzp8s?t1yQK*AiU)O3z(%`= zy*j6D*{84r!fAEWD9gEDL<k?zdz*woHqtlAF2D8^z~iLr?uo}MNUekSp~O>SEj^6| z%eIG`<^@nsb$p!=dHkg`a8aDQ;Qy^{z4bES9ojVqIepL<xr)Ev&Pqtgxb=PL=iI;u zt_Q3g;(Ai7blDWdkK>MP5!K?q29p+P0jE0JjH$O!gtxV1t7XpPZw#0DAlQ1%T+#?z zoKLh%+!(^F@lrVkIMY<-XHEnt$A;H<YTZGTKespo-eF-^rIxpxV@WunyN?crKzY%2 z(9;&cB$?qWDneo_sS?%gN8MM^94_D~L9vYv=TONU>*H}?@z65b%V2DrF$aKGmq~@t zO4HsnlomYut3KbWS~&8u19Hnxv{JnqS-5Oo*pEt9sMQY#=-_*mgxm)bNhW-X0nz0= zX9C=Op#iQ>!v)wM8w_y#fstFih~=8AC_a!?Z8VM7-`v<?im?I*i3oq-)b)}M4*7=; zfIonPmMPDg=C!k|J`J#acvkw1&d7gQ%YG(6v0Y`=|7IHlcP<t7OLFV9B3n%ea2ZE| zZ2d-}F;Rm?Uq@F_kR}nst$F}i0}V1ml+%G|WTe<7#_~2rMv<BX^@4(WxYa)AW+-EJ ziv&7e-mOoz#;YXz*x_tALdI!@E8WCse`GC+p3#?+Eta5q8lfb6eq~B(+WAqJUC2K% zH+5ZjQMdg?(M-TJwqn!{S1|{GKSkwAZUs!VU^a$oxUJ>}jMCV?c`c%rutJuzFK03j zzCX^E8FsE1`ZH?U;<-Fmn%9v4O-!0jM~aonzr0X%KGF46Ur&f^c1+F6wF~fDD?&Pa z_4{lN=kmQaD1)m`m(T1vuG5?VcrsZ*BbVn~(b24wF$#6SG-B1tT9na*#Csl*MmGll z>a*np0ahtZ2LlUY6zlD{o}(S0(6(~}Ap92Ick~ILXL5Y}UBmk{jk-r|w7)5&ow>RL zf(1iB_QFb$90%y5Vu&NY2=4*sW(5ip+tmx3bPGqy{-gcmdhc`*NNzpDk99nChL=Do z^~mU;1mvA_WQVYTKy>@M+o<B?zYeG9P3ZqJ>#DBhFYvkCi*uGkm}AS|T?fa&+xq>3 zD69`a9e>h?wU4PmOZtg~PBFyoqm%w)=eBLai~(|`N!;oDIX!y;c+@10x5yz~kqqTk zB#|fMAjYO567z~|e)|qTsuUN8acpKlN2SBBXV1>ok8;%?N&=sesxsjB1NjtZJYZyU zL!cEfCqTkbZ6pI?iBKzM*Qlk=iMGLtqGG0m?;c(|)C%4$TAsgIq6;1S_UZCalNL6V znhqhK2NL{968``7V<R|rfZ#W;ks`?gh`&7ywDwbC{$U6{qr?@KlJgMAd2NRGl=S7m zc{6L}7t-+7K#tO%ZPK4rhclLV4vSm(+oSk20!#x7h)26@G{VcfX64o$YH-2GJU9@! zCC_QJITftwQ1gloo@NabeLVxYq8FGJ!ICS0*HGxxoqmWR1#he{BcJ(puCzSUhkN{0 zG%W4aVFOSU$te)%pIjBo85|#NP+0O4!yUGbpz%CEsPW2JG~y06H$VqsLu^zu#|G;s zia4dJz+N9-$9R?ao3zbw!qt(XfV~iBNQr}79PscvcWpfL!`ReT#m1QL3ODEl$$2_m zN%e!OX;(Ri1}b<qVezVL(wWlD1ygpm8QrNw$=@~>DbTG$8@>1-3-^dQ*a=y@8(~ZU z3k;LviYANyq0ht(7nXdD$^8n`h5HWY!VHgF)06<S1IV7r$OkY2iX7`LlJNv6zW~(D z%Q;w4fuKwBBCxSW^6R!J(h4QF{RN=zCH^)GfQ|)a1SZ(A7dM!iZ=UI#3J1C;RfAc{ zEna8Nh7Pt>3zRB&=E3yUs(S${eLubQqpAUJYLhR~I6!E+Cp{`0T9nNra`t1`_eEaV zuRZQR?*=@QXG&%RT0*5*uJfmf=Zx(2xg(`R%Y*O8UD9b)<YrF|H#$_(*n_wJ6b0(7 zrX^kIjAgrd^Zcrf%1L6loa#9KMtbe3kd`CAE?Ln-Q}E?3xp+R#M$b|m$Qw!K+5I%Y z#b?~oB{5Hp>vuJZ>@y}QNYCK-nGL!NcEfnx+gN=-y+wC5is<m8i^3CLa>YGuoF=UT zgmYp{ZW+|YIE}$dJJYMJBlXuDd4%QCCt!mt__<)9zQ|r3MUi#@<jATLkBe7iAz=T0 z8}ZV`2W<_)N^zHrAS3alU^DaTGEd(u6c?9<e-DQU;w1TwY>{`ABk!qMWqwSn8kexF z;TDJ=D;6j|Q@Rl!)bKcZ{?Yq1h{wMHjmtmaUPUtnr}jAe^zBm?+jQNdP1&XB<s=pY zlP1>(X8Y&x0_>hN+XViP1I;w_0I%#$W@zW+g4i-c`Y>+FHdgke?v^{K9HzIp<L(9i zlZU4Iscm~(L`fJ?VAZi@mk8b>cW#qF+~I>pTp05zk=ayxM7bci_aZ0?J&8M)j)|ZK zSr`#HTFRj4(-419IHXF2^IBx*@tHlQK!kZv$!oulQWsPKd*~glt>TJH^)Kkk=8Sv| zG0Lx38|Q<2IIl(h%g6Cty}m79*nkOv(q5Binc_zSoYyeZIhAMZMa^K3Lr_b#P!~Ya z^1}Gg*}jw6ueQ}I^RsED1NLb9)y8p6V++*pEC3Yo#Q(T8Q!W~9V>T2ckE@Pdj@UlL z@V~5?ZE`r(eH7z>uKEZxFv>2+%-ppX<=!8Q8;_kR$e3Jrrv{nwyeE16Jso-1gfv00 z#PY?%1-GXbwp%4Cx+LKCUuU?jt<?HNy``)tI0B0EDyM>1Q<XVz&!yDcC0+XbHC(pf zILR3xxUUV|q^Mx9RsMlhRKy4~z$*j$Qq^**x6?Uuai=nHsxr9l0KL*l;?}gKliAO8 zl@bhdz2IzT`7vaFPd<3+Wf|%88itZ*O)D%8tSThR{z|C4z@9T)bkRX=NvSQ}|B?uW z(?^_Xi>PQ57=C$&a{g5ro+hnZxuWU(>%x^zKT;dsM_;UF@K{UK+J~kgCcQY4!$ldj zOan5c1X;Blo+OWvf{;{C(I4`e$Ds?hifoGW<}rML$WbsiRJ6=s&5!8G8c#QO4Tz~} z5*Wq_r)pYmllyGg*=-d2ZJC^8B4-(#C>8<bHR9KI#8E4xP+6YxI9dDXc8k*#7e4C` zvy9B{1;TfY_RgJ3%X@bBoD)B^kOQloJ=?9T*RQrWAULfgsujo=@;uA!T(K{;BJYhd zs5dm{Q4_w(S9Y|NTJKu8;$Y)ukSewiga;^;nz&Q>*;yv-A(6Wf#{Io2p-GL}1iCi5 zY;*qAo)=jr&5JC|UgoU^@*U0>53Mv&^*5;CavT}YEffg4_9*rC`Mj_8O6Jh}2)*yC z@6%>VUz8<c>&R+KdF7JMjvGZ;dyWArmU3V^u|lOi*-ZddD>>B=e$g_pfIfcgESd`t z^%tG*)8*Lq7-`_=THzK?)4j3)(^lMOkcIbB*?M_PSC?D~mV<Y1v4wcr+@>`1EkyP? z=}S<)esmnsQ<L|v*(B`JZh)PKRpYyKgkR?@-bhAgu7+VH8L^Mf*6jalIZEIJiHC~z z*Pb&A9vdVW-r`gRc^|_;1-kP#;UjwBWgCszM2V;Y+2i$I^-~fnzb&P@37O@(2KZcF z-taA=ifu@o(aDY#SP+5a&~y!_X`wMj@ME(*F-w-${K+iXraWKH=)?J0yFa3@kuH{e z)U=>y6bwBS_a%dL(#pp$ItM*byChMCxRMaNQ;&Wj)hRNU)&E`tHy|(zxJP40m>6KH zVio^;4e5GW@GV$;CR64?)6jrZ>Ps$lbCCC%B3q*wVqP@Mu;z4c>lz?g1OcD~4kWx} zDgFETwk7rb?~PH{74E<7xXnzDuT$RAVL}@8M_&)NKnpFDd-U&~drFYWkUgLis~Rt| z%gL-*<{jyC|F~k23nH@pv}a5NwO`J;;}Tq2nj``WWzQ-ZNKI^z#d`#3_?vrrDJbBd zl{~<vy_JPCej$PtmD+lW0GS*m9|)1}H_R=r?uUYwf6j^$-%`9;1L&etaYo#B$l=W5 zCR>aiw-I2u{<=%*GcPaW%Jgb>1wD)rE<*FN;<ljyvSdikyb;9TB(jq#7?faP&W_`a z#+alx9MYn&jE6){x-NS@fb6ZXoK3y;dqa`!5}w~kbPf|}s_M`S7OQ;Rr$eTDpfq&* zIQ6N34@=vxS5d+SnYM`nb%Ypob^{w?=;jYbs>($h>z!UzaFYxRuUo}y9w1RJ#~WKa zl0)?eq##oVJ4BE=M?#;X&L%rB8u9kbkL!=wBaLbMHdleT>3Ila;-<;bYLzI6pa^2= zmI2Ucs}M%oE|G(qPtn-S4(pJu2=dGN!D$wyO;#eFjE@z&+0+XKJv*%<QGMvtC=9OB zuT>;+MOrZds)>$S%^J*>lU-1H8Smy<h6z+UTaS2l;br-U>z&(_7ob&VUg~g}hSR1{ zr<>-)PWi~xLnPS|I2*1E5szieH7{fdyRJ%bn*7jETg)Ik-0jSbUScZPXVi*SZ<H=- zN__&LO07;0E07O(1HosOU;rxa>&5NTw(5J$WcYirCz4nH2YMc+^d$BpO#R7Y1jc}3 zSgR&LP~T&|kgdEZtrU52B(wGVy)Kc3wlzv&N+a0fj-A{r{xVx7UvPmAd#QHB-`G4b zGwo~00RBPd(VAgRRjB2n!#O}pR}k)93YCiP+IPaWCQKV4x+?Cg%T{Uj=qy@xJ|b@{ z#2$sdptGDfI!LG0!FZeM^5=E@6ucWN&Vl1%*OCA2T>c;nxBwmg8yAe}8P6T36vt1x zhm(KON62noBE1Ig_UGBoa#{Am%Wt)5xwGI5;t>01OpBDUouVEyUdHH@cdAL`yyKqL zk1FkNqQG-&Rz={m03G@(m_c-U5&RIjW2b^M7xl%5u4N6E7;*8b=#=LAWb(=4O*k#B z;h<I>$|<xKoCW1gOjkOu=}0K{*95d#B2LN(r8b|J_Z&~L3Gu*yW8$F@_)L)}?L^XB zPLmdQ{ELdS6(-)wT!@8B4h&Mj_BrR%og)Qy2&K!6QeBEgs~y$@&cb{2`DZ375NdpK z9>Cp)1d~Uy^Y5aU;U@xM>f6+mF6g>&E%-c{oqBf3j-6~}jxd#e|NoFAOT-1^doDXP z*3i!#a!+#ios`jWvWw-?T@QFiU(nS_M#29;0`ul-d)EKeDG=LjpQlBh|7a0vDX`}J zbIVL32({!Y`#ilftH_!3)@$Tr`BvzyhDsiChaT9pAmr=x4?E=V%9HNc<)aJKn}#wY z1mywAPYyn+e(7QGO=jxb=MY9+QjL2kc_W{ZepS`aiyZ$(o_uz$2{P|m`rj7x-cDKW zt%2T+BPf6+b4vbq!Ro$z8zDFNX;J@K#;F1B+wbbag<^df&*F=d`h1U`exHx|D&XjN z`_`}dfyf{E>R&{4cxP!_(9ydG`tMWZ|NL1|lPWLmeAJUNzYxWU^-1q_y<rL`8hEEF zC-wELF7@xwkncre1*^1-Ama+_ly~fEmh|efJb~gDbeqhF(C9dNkgL<_m%(2_`Z<7z zDcm<Y=^)F#|MaN*o(N~@!OeKk)zcD9QP)%>W3|STUUco_by4VOt2!(t#^tla0v6w$ z{V=3UOY))kaSbv3d$`3lvB>3rz%nSJ9rggQAi#61jUpz?WEJp{N}qBZYN(}wifoq7 z;w7zkw-SHrm>Mq$KhRY4fQ?L_?)kjxqI4w$9T>iWHy|N4f3h}!x?}BG+4hM3F4dqe z6L26X?Q?UTdmLl;qA@#y%CRzw>~zRYbN5R1P*u2JiW6s4td+?ZR+Dr?{yFBcr|SZ% zDkRzlB+tIag(yE)h*P%(DSitg{GQjC@**Dj2^Qu>9Q4jxJ`q2pg9jYHJ7FE4e3{JT zJJAHNBX~GjWO-YlpOlC+%x!VZ4(Wpl+|G@G59d@L(oEiiumUKMk?zXZp`Eix<TRQC zOl8jx>=QiwdyYfezH9)!fej@p>^2zY0=@YNPEggr7ydU%B9ih#w?)*D8Gk7=p0x%A zJ@7dwTPM3bnNIirYXAIx7KJre`v&uJwe6<%w_n2hjDWW49KKIEY8IJ|QpWA~M*O_a zt=!N#2Hm}-<58C;=U4GL9=`$7W9stBtka>2r?t2tMldl{Vwb}U{vfpT6IYW+isqRT z*R<2v|KID}CWFPjb*9h(tRW!f-p;P$#dussCzz0%KuAut_RNgc^Ax5s2Z5Q6e()}d z{n2k5iMZME{3<Z;4br#3>70rI%p!mdpRH*urGg3SPy~5F;GjF<6ApcfvJfhCf=e^r zk4+65M&=GNk72>LSsWQ1PjRjM(S9R#wy-JpnZhEe5EKif5n?M%2(o2~&f-BVWFJlt zq}i+Fk?d+j3|nOo1Od2!7miOFB&jR8Expgc)v%ocD}1og_Y;90dZ+8zW49-9vfL-9 z#2wIKrBCA?hUr=w_(EH`c?ro3oO-|idzn2td%UftWkONvtteo4W5nTGG!%R;&W=~T zf1@m}52*wKjp%LK7=$EP(XnnpUnYSsxHkdlBmr3rtS!9;#L1G537zH$#u!7(IJSu# zKmvSDk!PyD7oI~=vSy7-ml6yS5>F3GwfTv0i|VOlR3iHCG4JO%6zo1M2lBS0@5U|K z*Y@dg=P$7u+SRi;5Bd}@m~hp54LHePcX>z~nf$G%vJkh;DHX&C7P-<pq(jkqm9bk0 z{qZ^Pqqu<oYsUL9ue~9jGfyq-4||Y$5oZ@7Zgy0#TlU!?jJJWU<=q~KU3-Bl#oYb4 zEg?{b*7?%7et(<zEAb}gf8_Hb7c37kLS{fL2JNriBc~Al*5@NSs}5&<Sn}kNrVYPN z2~HKy28$ha$=nV$ER(9hWct8F)+m&v@C%xrFEN0|s^ZN#-E(PZKAox4e$0nv;Tuug z<h_sF-*3pd1?>&Bf8=LRWuN<I@uJa(bhaPQ+~|ma-lKYih)#|v&XjDFPk6qL)Lpi? z{{*nETGzty4Lg^C+%K6e%7xrbTM6v<YM&_Xi1+Z;X;Y6?+r13qYo^p%iw{(BuxV1L zZ_=ZqG5bN?D$`ozZyM*zozfn+&i0Kvy*hHgrY)=9yqhFk1Xi1s>bhkjSEfSGlMZwd z&+bMS?K=*Sr89#+sQRVFzSkzJjcOZs)_uyFgFQ+_luvo?l+SVmgX7Q~LCmYWzr0pz zO1v|Mw#iFVNdGjO&&=8n7o}GcHi_l|0%NzkGrZeIWd$9opY#b#-yoXkaUNFKLp<z$ z@r*`_&pmczXd~Ce_{bedW*1;t{b8C4JCIYocOX7k-LM=0i2oFJ!dRhk&EnkiG|T~9 zHK6at!TIfELDoXsA*SSK{_OE}#r^u%@6z@02)w|3+3f#;5+B;ju6#u<li~k7j~adh zJm<KQwbzY6f=NV7D8bw7RVq^KQOd1hUzz`bPLTH?8aFa3rPe61tup1lM|bLuwqjcw zrSw$y=9-JSBARDQk3;`|DJAZEDDwl@{k{GG_&N#?VFK~1{fBk6QUG!{yu>g07^^yK zKH_owuPl#e#A34f@5#@Ifcr+kXU8VVtZB_29^Hrz{PXu_-N^alZ7IK}2h8gbgLJ85 zL970~{SSx0A2i3kb~*g<R-jb<^`GTavDmnvQ^!i-CNo*>v8`b3sDI5TGX4!Ex9uRK z&<^t{!0$@vCUxZec3D5r6zY<KSS=?z!p<TsV)wU|{_+15uU(?fi%1QB?AJrO-d5Mw z(&xdOYkY>hy=Bw>1-T}*M$7r~(LW3`y3n@IJ!jCqUDk8kRau;&eytVncPtva`Z4Q~ z7Uj+1yUf{Ryx5OT;o%JRXv}p8Jnj1ce0v@;GsRpa{ZgF#jTEb!QLSQQ?n0N6dd~~J ztGks+1UhwQJO?<*VM|E<ug&J!XPn^*&pGwow}@&8K2=?c%%#E9yN3G5xq~tYfq4t> zdZ<UV(#5H5fSJaRtyQa5VBjxH797&lg4)Ea4RsXYuh{SB8wefJ)V0g0LNR-X^MS|7 zo26~_1M)lY<|g|2;!UiW8^8j8`&x6Bem+OxpjN>!x4<yh<)Km+=DvPqZ$P$25iP85 zXc-?^Tlc%M+iic6s-KLt1Ns=@d83=S6HQ!5?%Vl|=)av48QnQ|eT(eb|3>?@R9wTS zot56J%I`2ymHVMtes{A!D+?N(CD0Q?i7WpQs=eP{_1sDOh4it|^0rp@pT%p!_n&=L zy>ly%Fl0aieqUQq#zIl7Fp=t+ZGlmqm7B?Qmkh@6)DeMfuxt(b28Dy*H{aE+R_&1; z%Wb`mQ@8GigC_0XNNzD^kqWc;6JsHGdl2!&&U4*<fbfL?R&(JKO7e08?Ac}GIWa(h zawcy&CXy}@Z3Di1J$b!|`$4Y)H~X76*qf;(ns=VTv$4Erwie}R2+LZfC$Mb2tb87r z8ZcS&)|XA(XDb0WK`izm(s<c|iz~?JtL~Ssc8Sjp89U`t+6Ge7wtWac!PJ6Xg$8m5 zFxd<;v+RFR1%iRZtmAf{!Rxt$_VAwB^mIEK@uXD@XvolOD9-kTz@wph@vwb+b~$&i z25O)HZHMZf)zwl)<wlBuY)EPEy?#EVX6!^r=H3V0Ng)OxxJI~Ce=nLb#=k2E=1rB* zDnAULb_?eEe!LDXfTD%2wm{~Y!^MOg<^O@;&F8TXwP^RfIO{o7ZZN;+NIPt-qo?4H zM@KLF7kUBGHH{Lok+*z-rMo|>S`+z*d8cdDVYbL#b2yXE)en$+XW@(pVkj`Xh7$a` z+U29|P>!9fDzKotB$nZmwhxG>i6$ZGHJ>DF!ndjJzEn7Gz}Ti4!w$Zphh}}YVHe#D zCxZ>}*zGUvDqIo76W@bjEkQu^`49a6adhtSO!w~}|IDx)LbY-lBgN(}IjorD)a`uQ zMklF+Fn2lTG+`3enp0CWr^V(_sobeZ3dN`#+Ln}Kh@5jiyMOQR@A2rb6+SW7`+8s3 z>-BsY>tGZTnKRaXmi5SC-noUxu<>a2G23Zdu8LkNmY}lTl#yCV^E~HF>1u8UPHKt4 zyk7&PV2!59o!D-1%12r6RwHQ?Uqrv^H@4p9T;?3sro`RTpc^TZUtN-J(3ir#!WPF2 z=8B7ByKRtFxNT{FxJF|P)`{~}$>|HJdO#+!jC5PKRVf7#N$q_De3jmcg+?`_MSRhp za%ox&BX&F1baA5*Mcv_W&0oPgwU8;QdgBkSs;*u<>rNE=s4vZiXfx`pHp*3KSJ=cT z+{d@-*w52NW;<M;0UVlTM$>i-itL@{PD%x;M?|fLu5)qTN_es9nb(K4LLP-{#H5Rz z{D<3W>|i+6dg4weX+!fte_0_(yp~7MM%2djxVj^@#sDe_?)QKjI+<Mi>6I(-dBtKG zV|!}mH4!RZN9>YnWpDA5*a9uC$z)&Q?IgOg-I&X%G}Q5*fl(zl&B{Ee$a}lS$T#1< z2){6t;3CI5DV4eLud}vQV&{`>AwRfsxqisU@9!h8+pJh}=M)wXM}EW)xOSpREWASX zm%q=fF`f6c{0>;T?wjw8c!stQxUciTNe#{x$$O51tsZ~+*EiOAOyux!%--maPKpZ} ze>ii^Q>-@{Y#!@sLK{&IAhGA1smK5165V7%T+%&$q19gx<}HQgTe*Mo{^jyn5Tb5M zzj_n@eOsc??V7Hb14HI|LHXgtgp5^Evrh1~x0ydtahabTgz08w#drlDbL`yh>;j*2 z*BF0W)DXAb!beN2k+*%dGie`k$<#U3D>se!X_L1N9kWmxft@L6Dhh|cKo!0|7+Z*@ zp0DKn`1e=ACpD1w@q;C3N!7(rw_A_!a`Q8zi%h+$zw2mOgm?cre0)ow5vH+eVE-$| zpe(wf;GM!6E8*$Tx#x`lVkY@(>yx@EVE!umJsq-o|2=QVS2kQTd;^>Es5`#hD~{GF z-_;h)J{{&fG;Ce-k8VUHkR<*?T(gZ=`n<;{qD1Q0nElW%>x|ApjZFviii+X-W$OOd zX=Sa%b***WVx{O6i@WkNZth#%Oq30Jm=ga=M;1D?IZwO|ew$^-$mQ8Z*?2E(r%pS3 z!98dxZzAjs{r;t}AKWu?MtFd}lz;8I9{zK}AP$)y+k*NyI{pvgG-Oc8zkMm}Sph%g z7)vv5B6)mf^~<l8-t4%;9JP!pH;Bqo`grV15|G)@r9^LZa^!T!Llz%Z{IE4<vSLnW zdFYAXmdY*EI6ouX#+4iP3*H!S=(;?U#(pGqX?N7bxc{$R_w&D8AAdhz^4OkwB<^nH z<U{9EqZ8z9nO7jvM;E=nkJjpkkq=hQoHVVlZd^o8>iCl8R@Z@}f!biukG8LVL5X-` zO!6Gj-d1~$vqRRtKx)cf%tUf{@BW37n>?;vs(+(MRsTVXDci}M?rAezQmg(dt$)6( z!Wz)AWuII9?$5(}GOi%z%R;O%&(7YWVSst1nsY!*WP1^xL8>*g_V1AmAxKnG$pez- zo3fBlpBdHyI0F(K=#a0K&Ul0v63X)*xp$AIY=f(;gnk&6c#=JdBLA}r>m4V5Ccy8w z1T+Xu9YmGy^&l=ZEv>)1Q4Y6z?n^0r#c28KI;rQIVcAMHgZIze)8+Q_4bOrO<7a$& zW@<X}6Mt*ppQy?$aJ3A;?z9Wvmvl?(K(x2;>(#5@waiCy&!h5PYHjX($l%rL-`Jx@ z_BO3(Sm(##m%*3`uZ3DP^M|d%OMXr`Qp7_TEPt`;b@sBElPLxgL#K#H8^lh+eq#w5 zbjJd!?+{?~*BVBfUg7XUtSzL$?2D%`vB-sF{~&)UtSKFJLrFq<ZMGsAxmS=4cBV{+ z%HUIUKpXoUVkw30!<%1Ad0&`l>8Kj7PS}2^=DGrRN4lZX`HPzvwfu!f&t^CyU)U)s zcxIwxp4%akw7?!h+n=qTSaWqK%=Ok%(X(o3xZLi1jrBoV%p`5D<g(wdx1=$L2Aa4y z26kK3*<<tvXR6)aYV~<S#(030$JOt6RUy=o^IBRmxFHp4Jw)Q!JH0p68Chf_E+1?$ zf>(1y^LOSyd!GBsy!YY7<A_V%F>8|0EwyRt+SgLG=$su-Y{y;ft1lN<UdQpaM2t_| zu|Z)#@xR7x=FpecLNyitw600MQP>N;kYKV5sr1`DHL?^L8?%5Tp-zSxf<K%<5Z$wp znqL`~%L*dp8?iSjkf(3v5CUjL!HpYicOoYo5_mYa=i-1sA(5ZSh#AR*lm$4?k@Q4G zv^`{gA31;@$qjZR!p#~46?aDy30le&f<+RfX|lwHr@7cioijpmcH%)@gdhEb(a3eJ z9uT~KX^X7$?MaQd_wW=Xhw=0Jxsc5@S-3@#36#Fwf}%23N0!P+8WkWpvQ3=tJo~e` z^R_27;Hs67%i91CqNPZ-haVipAMoa9`D=02#|W?sxssMztqfP)P!}$qpkc~a)CG|` zyca-4HbJEM=Js4Ew#|m$@!z1>I9tI$_93@>%()5A<>8C>>Q@(X8j+7p?s%J()^SGC z?-<iNK1U8Yyy7#}*1s?dg1|yc*4u6aICJZpY=-P*6%YjhP$WO4q!ic7t5w7g41&XL z)Jk(`92*MEl>MDqaIj_`S|Lw^Cw>D0eM3^K8WFE>m5@yCVVyHwTeuFaKV-T{ph$=8 zTBZb3q8AJ6Y?l1f0w~YZDt7Cxkq5~Cs(knO{`3XfXSX-%%QO~P@Gb`ZOZDX6wy)?e z<Boz^62d_3jAb9^%*B#v+|($)09fI01ooAZXzyY%<uc1PS1r<!n8B2SDe?#%3hbvk zqDjs;0Soeg3HgC8?nh<KuvH2zIB0%vg44WBX|bGM7yqKopG3l`$h>@70h`k|%GhDc zpF&CcWq<I?jS;BavbO09abBfP8$IM^FR`Vc;sGo(>DH&xG3Elt05h(=-%$pzQ9dp5 zepxj%pEqC(@S_=2X-OBYf;W^2IhB?*fNR${V7K12M)dYF(wZ%+gTK(BB%JZ~L6xov z^NAKQtSq?7b33}|@jIy8>$|1g^J`pwy2GsT+-}yHwCs-#b_#bsy2XascjgbH?Y~OU zBRZ%FR_UwXuXi59>+7zm#=BcQ{}lS9KP52QZnJTttlNgWM<(Jz`F->UJD~Z0G&<sG zF>v_RGb(u!dCFt*qeECatX=5!xcn{Ruam)8OV!L(tG18-KwG~z%KF?>?YHj!6U-@W z7`aHM$?U=<{z8w>xp3Xh8`6D97kZx9naOpS@{P#mFZ@+88>P>loRl);V(6~l=oQQf z%YAF0plj?ng15M9=Dmy?a48o{*|WRra#4Xj-mFo}2*5su6Rppvl;NlS>)Sm@7jB-V z{l>zpQ81TA1tiqN>|{v0Rx~QG#gT|7@y0<}lkvt`sv}uw_XF~KC5v9zDyu+T@D?wu z)5?y;%x^PIaHu3t0UlPqKW}fQeO^5WoB`4QbSB95<yTgpcV{$Vj}Vo14o9ecN$qj7 zGO&A&C}T%x@sQcO(VtEDd(11hF{Q?=zl@Ql%_{>N;hKXCH|6FT>-h=7tv{GjhaJK% zZ~lW~=prA4Zl~iukg^szd-gZ(R&~!~5@ZT<s+J#qW8E#Mi{}#*Hif9?v0}OvLA4jh zji<_K+6oSst=*=wWsg-(p3T3+Hh1$|LC(b$SC2+yX%%+(Kj^6`{U<VuA2;Xve1*6Z z8K2@8c;G`p_WBY>%;qxh+Y9xOafzj|RaXqz*`TJt)%JY81h6k!|1Ty%n!QsV(2kj} zTAdDldpB3w5*esXNTBBNfZph}o%z5(B<{8(oH=h;R%X|Zc*Ru{T|oaNz%GGp(a~5l zW0tJ>qT=@dpm8>Wkzaz_DFG27Qmcv$pn3I#FBji~LPIIr_EE_+`E=0W`WpSl)bVgl z>5r)Eu2Q%>UGqwqdOGa7BJQiANe;7XiPOy!RF^;qGnaBmadAwLS{c^QRa6{X;qSS$ z&?q7gf8yUVDdT@!i%H&IT9YHS2rdN9(Eul5JKLboV|K_C7wNybza!<*=Ewu}<0iEI zX(w>W>iV__G5N(3(NjG1eUAQR6U&}H8hQ27(5MBiSY7I#r<{+V)8K0xCF*$H#BXeO z*e5we2^I24s8eJY<j8~p=+)yMo!zlzKgkyNs{!Nuuub}$Zqc){XBo3?LtQd2%xWJm z|9$Daj`^fjKsTl1j5JMg(*>8CeyZ)&v;5H!=5k2>`?B&=2QR#IDlIZwDU(8ZqwnJ0 zJ=1*f@fXMT)Mz)K#bc#~Sfn7hw!H9x+0+rn9g3`DE~$Q+Lc21AGbGuZ!-ll!*^2UT zH#GXkT;TbYRii9#<%HDaOsXq=fS;r?wvB?|XUe+A@p~4EE;K^8g!+;lO-AMmY;+J8 z3*uXvizo^uNv($}*y7%)1@2KEsZ{b5pkG(qo$0(=7uaFKv^GDNhh14}HBnRnq<}9e zm9TN6lBs5HlMH5e(_MHvW}>+y!|v4_TeJyW|H-8gD+1qK6ucwM9-)~TKIQ@#?sA{~ z=z4wmVxnOLX%N*`JARfO&aG>N2ngI}5h}#x`;_&M1M&)N@=&f9M}kfi)AR5Z(9f2< zuoH&an!DQS7>F)%QNfgzc3d`FM}3Xtd`=Ac!RlU-j>YB`4!B1l#7mEcfxrfKK>$Ll zLy)Et4bt<f2K@e%gl_wo){v@i_L_93q?0BmGf)u1@;IW`2!CsZQ3G>V5yZLVv=3p< zJtorpE3LZQX<_XH{u6zf-ey*!At3Fh>G;LfMA=~5O)HF|TCznxW#XG6?}Zql<=l1% z(_@_WF+FzDZ-kA`%H=o1F)9)Z9Q9xu(Gdo4BYb@Mp2>5MFq3i8MTUVRKbP+(ByNX9 z#Rm!+viw!_G01ARXm>Y@s0)<JBwI+fTnFI{lw3L#niqp)Gh_>4RNv(xlNliWh+s+< zgEL4h0|HF7GMn4FA5w>&U`=1FxmH-|?(%FEvoa|MHEoLf0~_K%*e3r%IT~E_fwC3? zuY_60QfN71%GmFmRuQ@VI_*?LB|{}RDT3}H>1SS9kOFwO<(fYo8xKMz@hC|ro(dMz zyvRPF<5I3NW?=o3AmzZ%VHrw75tOi2!@Z344iTU%_Mv_O$pbR2ikv}4nmhPAkVIf@ zQx2Knd~;YH9qJ(8K_Al!={OxU#QFHr&@4y3Fa7`jnU$^z%fJc99k{KAIKWDR30=b+ zz!}OP$!S%@ZHw>+FaPfY3>;f^{9)gV=s{ErEZ7Y517M=qo<t>=1Acgbt}`GcdNvwi zIN(LGADAvZC(3af&4-_2Qju|2&TiNI<OAW29zO4Bl-u`gsPB2;q8#1ft)9orqK6Kl zjow-S#l3l(_;RH0!60_qT=_P|fo2{6@|;EMW#d^V#y9^l>k9WeUG}qE0Z4TI>bS!A z9Hu_JRC0L;uhr$c!x9f<{rtUuoLxMzH;-Ot6g0a^?Tsl2h}g%R*`c&1Q`xZtPg-Fe zfGdYB?zb$td5tj&U&Q?~Yd`Pq#6yMpi(>=dOIGsr<IA}9&HLu<quQJ?3fGg0vv`EK zOc9Bp7e=uDTF7w3ELaR)44K4I?4Tu!kIb2Hi!89HiT=3JH^SVPtGe*`chRe#L`9WU z`2@l)e3u^S-T^(Q?uj*iDPE;ENliMWrDcKBWjD;6`cY6h%Fpt}A6y{?Kl?lv)xuG` zqaQY@O*FhR;7U`GXA*WiMEPvF{dwaD$x^K|PSOkwU+7N9d2AwyB3V-kJ@K_pbE`e8 zz6(><zbt`W<<QK&vAJ?c!?vt@-;zlBzJKR<0c(+EJJsGKd@DPw>x{j5OXC#pQ&YTq z1TTpAc2SLhAOEU$G;S6mic)qa&e5Z8qbf?$vXc@bU%j$_Cw}jY?3M34brbR>3et;y zI+r6+5cjp@A1=q{bIvHW>d4;-B!WoFhd%)xblZrjBFHnw)d3a1ICj4s>HULU5gL<7 zmx&sr0omgy4kBWEQuD?T4~j)XoZ$ub9x{5)ymB=q@i6;cxq?3!v^(U;@CJdJ&EQn& z%u8rO3=xvG?~PMzLR@&IjTjGAe^`-X-N;?SXt|M22zVhE*txXs#dtALp7bmVDgyNQ ztwku;Ys_xspCV*PE_ruTK~2I@5ivXZIU&?fg+{q1qDrLtR=w>+N_|*87ZTKo(5h9B z3=`$efL+a(A=B$GqN@wk_PDB+k|ef{uB2->a`v}>H~0{#f^x`<qp(n<fV(yv)dEI$ zR~k)FUsi|^R<HF?0Db|?4ej%<W%(hi*IXm#2|V&{K&8QPlhmcIneYQ4@F#o%=qs;` zWVa}!3f(Mk0VTDA5aeGLCxYSH?|@rKp9tjD-kP-z2}G@OaxBF|?ER1_`ReMg=PP7} z%t}eH4X)1rG=BA+J<{C#61pLG8~ZBI2Ek$y1TVB&$NKVe7eP!^8I)~ygnunog42%U z<O}Nz(JmiTA2H<2Fk){j{c?fx2^t`HEFr}a+uLHD4*&a}Ax*}%lUPu&wgi5dzllY( zPS`CwL8fbT#E`ABRxP%9p%KDxi^caXlmt!@WY)-A$R3vCOMkgF?1SglGXaphg_5&> z3y?J9YR9TIQ(dUg`Er%*D3&AO*_avF34O20=-FHfAwXjeR+<!Abs^J~KSJA+iY;d1 z#BL0eeREd7Fn@#VFPr5XHNp&sU07W%!qHgn5U6>aR&<icv%nGB_Zhoy*RVz^7}%=0 zP@vYX5|`=6kfyujJn>f;9A4seX5l`shjT!@f&Uf`rWuTxm>>=0AKmiJV^AfbV3qkb zL3B~@5^zNl)p_BfR7NcJou0}&WARukU3n-RG#sV{E)7}cB>>g4)&b8{{SW$>34o~h zp@N1?Z<XILJixN$npb{)x}2gj*#TcQv&d6iF80gMtR{64;s2TeR34&a%-R54#n{Ix z>_C(`xRovP8GufM2#&=f#M6CP;h^|paBT)#xU1}0P<qD=`QB!~!82<n$n-j}{G5g0 zZN3pvct4HmF7h61ps>|T+*V!iy}}papvf<G8CK9iWbPmxa(B1?$MzxKh>eKk?vr_O ze7Xj+;dCPUdz$9mkEBa)mbcZ;ALrC)(Lxp;Cc98mh6lMX$@Kkq;`E(-`vU%wQ+IZM z)YtoO-t86EhpN8*4<Sx_ll#u%p17Yjn3Ub^X8&1N98rekU2LvvLHVXL1^d3<490MV z?%|4^inQonenzBLQ?(N<tGRJUX<~hw=Et{YCtOaP`nF@1cfje;KEK6cJ*k$_zI0h> z=(ogjX&<S7B(Nb}!vf#1mS4HpjqaTorwSnGj$yFur4ElnP>ACJ2XB<1LAI1l2;rUc z|ITExLZ?XS296Y?ws>Q4qnAeTr&LD8J`uYGq)Pj@q+%SsDBy`ZZQsx6ppQic&waGP zbu)FPCko^yc7W;(eNi-hrJ0us0@{2scrNb8iElt4lKOa53Ff%z@OsCoUG-c^1E!;R z`sph1{L-SAPU_(<wX2c1*6B%tviu@jZZ!NHUW=bIUsZ2%vV%;!#b^2WTBr@J_m;v& zFNKUIG+Im9nv)X7DIaUwKZkX4x4CGh@8Fz?9xiZoof_IVk_lG+*TC8r#Q-2xE&7SB z+xIR^BHXVKd(OVpIDb%22+nie*AKeCrd^yk;rZ;|uz1!oWsFrD<h}c)47_?epx*oq zITZW1Et}qZ<OAC)uj-Y?90wk~Ugwp-N+wH>nv$iN&D=4N)wfQB2r9-Mcy3elgo_jp zDV+v?1qL%lC6|$t-gLs@6IuQmtho1S=eZD!u$^bQCb%~Gpw$$kQpNrLBV8KkGruS1 zQ$D_}+)x#I{Ox55a7DbQwRYEH%OVC`VR=zzWk2=JGpC9axst|YxsEsdDL6gCgggnl zu?_<VdhjxmO@xQcI8;(y>$u&Gd*nWo2L!;=GF98Cs|Z?}h(7;rmZ&C}LzH8XlSFw1 zF_R#CqpEOH4kOni62<Kbb8sMRZ&WcG`>vY#10prID#xytuocu(wGRy5hN?A?GF8RX zKy}Q~CtGO_M717cf>z}3D#fMZBOM^?QIB=h3jR!9aX`u0Nx4=`bI=LG)`0@_Bx)45 z(}eE4ZGZ@$x56o5L|oGdHs#7T#Ne1P>y6m$n5E`ob#9*ch@xs?rd<3D+^FYCzo#Ao z5zO!|tLqklAdolliJ%_ng3rGR#wuT8D4Stv?Ahi`e+>{v2vCXG^8t`<OqfH<P^}jH zE-naELGi2?nzN}^2*~dRglW@bd7#}rFE9kJWZj|Q(HAPllAf2saW(Tz6tK=J*O3@S zrx-?>4rUs9QfO?{Vo^CNb%6$g5Ah|Eeq#<SFBLndw(Uk8dIqh?>+=bX2i10_HD&G1 z$&X?qp4g39gT<D$iOo3>{JypcN+Y)i=~w%Aw9!8P&ZLSl#{+h6RBI^)`GARMlV2By z;}Zs^H!xMFaw3ci_{=!4EOjs3sb<uIs}VdW?omA*){e`WqlP#Qp|84K`qXnLHVNhx z+ck<znE$r;aMIz*IqcDNV@Z(@Z@m(ilhmuu(F*F^2%f{C{uA9e>1>Dm`{*Q{jj)Ur z;nAZ;jiRHX>6qQO-h56in&a#Y;}`lFHI%L0EgnsK?J`71c-1q7vTX^P7RhW$JpuX_ zjx86TraFX_{E##kb;2S=xhr1ALdjptNHp$BRU9`n7Mq~P)G*@A>&8vTOJ1*$$t|D~ z=F!s$gj1QVZ6f$J$<UVZ$H0}KID4nAfNMw{9c7|Z!2=|CcX&@&$65!dd20*@wdF&+ zesF14Ne3FDx&^fR?Mr@X*;|^K2mZ;mVNMWsipb8w7jQWVLyE=X=pHpvt<9@WT7{;3 z7x@n&zRt}u5!^?xp~gFT6OJd)_0#cpb>cER-uQTu?)>lWAv5~YLK|k(sP#EUI)+8G z0bBAq6aM1j#zRf!NRtiF?YNxhgHLB6c}`F078AX=)^XyPz#pJSGB$sLQQB^$WCXLI zAvdg`mLS_>(8-Ky(+3ePmsm~@Wj%mQcC!xnZZUWjY#x=g2>Mx33!`x>%>^@M3wxKW zFF<zDK7fI3Q29zh=UN@6!&X>Or1^q(YG$A8Y+U8#^X^dWL4yQf#R0-0s9NQBGcL1I zED5CCjB}=(D7&dI2+L>F<F0rd`0iu8CJYL`EhylUDW_jE9S^2vJ|W+_IPH-tqYc+| z(K@U;NU2>d!>a!pOM3o;ZZD2waU&x%#CGjZquv=Gu)coCy*Xp~h|6KpO+zod%p};; zmJ@4yC0<xto%OUW{h`NT@jvu@guUxkE#?r})EL&i<Mk$T1=Q<4M?4s0g+<XnMR2g+ zyQzOhYoV0E$=y3lb-f-va%@EsqJ)lalNItGij5nhU7h=kWw1#t7D8|c$FTGPEe_aY zU7jtLz!{V16Ku;$8M{Wq_!22nuAWI;*u)P8=2z-ax0x8E<L->~jE~|6rXE_#>13UH zCB>`7@BI-<RjrhHFS9Chil%L;pc2K6CYjG@-k-O%o=^CV)m5pAhxV;?$ZP3DqWM_~ zyZ{*&H7}aTdsG-$75{A6z#c_~i?BRmzfJ%qF0k)>4za6x)vK^3hzOP1RbWqEk3vEN z^f%0TSI4|epEb8=ot24&vJ<-)N`#|v5sT(|58W7d41o^egQc}C@?GQDnB&pQJStvg z)|sa`X~NodCFLdZ09en$)Tz?UgqglPrPknxh8yU<!x7sLr7v%<O6`5P_K^MKcBNbO zo(%hb$5f5CuC=w}%L+|;-3fL=&}0vBk5!*|_Rig)35+%m@w1T9zA}Be{NX>wRDqC6 z4<->FA3g~;ue_|%Xc9z?6C~Jri_E%6y65kj<<|ESwl|rz>cGPX^W}5roh81}b<}Ax zxq@pxK7u8m5NF8{e!BGkrrEW6E|OLzDr+6;H0eLs`Vg0H0#dE20}Rr|sRCNvND8L| z9>Jd)#SNIaF3l327*JX<;+$?itvJEM6Zyc&1U2uF)<CQ3t(*)=bg(yYJi2>{!^2Il za`6)c37Rno8^rCZ8q8u3(vXtpGJC({b{Y_*QWtLEIlXkJx(<=VZ**cvBkryCk#tGu zZZ@1DFq|g^wG>4d6ZNmoI_`@sUG6wzDk<{*lZ>z@JsJ@H$80~yR7#T<a&DC_r?QC( zEP`Ddg$DtNG~L6Orm=64jWrcMrm0;@B<<ntrJ-Lklg0ydrx*gMd+Y=DXYw({NeV56 z*`I6@8{sO^t%mR1-F>7A&QT0^4<Rp2Z%3t8H$o<%`MFAthT$8fb)f9;5NIYyyn7`| zRmCW~xZKOyp8DWMt)@72hohL<Q&0c?b`S!hBl{Bb*SA$ANN+M^99tsX0o*XMN3qds zV2@FA!<sDn1XHI$!|+PADMy}}-7FTF;%TgsJ^fNE*@jQHqee&2H#xc>2I?1_6=XDo zc1Na1gJ5I7Dz*%@!#Xwvl_(^t2ghQ@jWYo9sSHug7SqruhyR-PM<vqrW(ZP=oe4Gp z7?_L`gj(S2y}sVV634b&8cJ~Tz3_zs!{aqGb335xxq0u(t(Ba5O3}y2>}De^)=l+M zCPC66e}L$-Ji>r&*v#ViXDR>)FcN*tGRUp{r<2%g<{J5B$TuWZwOHh>YK=|c#rEGl z1Q<y2T0nPhyi`2&j2y2-wD>+cL6CX{z#DQ8%~v+YI28l?HMarj^gk=Eu<!VR#1--@ z)2t0`6ni)ckc->o&>v}lCor6`N)8%@q-Bo*xYC2LX_pt$24BIK7ay2z)f8%F6qLh* z2oKG#Wr~h5!K#BOl6IHCPHu~kZOVOE^p?W$E&<a`L+^Z!SH7J0y8(X{6Y}WS|JB#~ z1U!SeDu~j^Zdl(bX0MkY8b9Fn4zpfrp?x9rVE-Y>#GX48x8Y5}Vxz@~R<7jv1Caru zV$XC>TNZD8#%EMaRw@Ta>x_1xh!@T;MK50J5E;g-4{y4s?*w3q9X3`Q6^<sd%Q;<S z5klSU4elxx4#0}}35qtwVipRcK_elKV)YuyybiLs#B%PIX4Z&#0gWxK>H&URka`+P z7G#Qf&~(}d!RxS=;y|ys5yTUJxwjXbYvN(fJEv#T8W_@7xZON0G%&>I8?<;YAgcfa z<O!ul-ppVzAP%XT_@`Jz-fG%H+cB}@UB^Ka^I@_y01(;25vAK#Si$}MV8LV@UXOd@ zC-{w#t6Ic)kJ$`3DK4V#v*GW8K4yVb%T2u%auR?*?Rqd#P{!SOrybD~-l&Q2e0LW@ z#Z$9Vn^-oh$j)^2)f*Fz5^=>0nnC07n6zoxwg-N`;}nm8124Z}YVm7sheD@129AgN zw>o|NWgFr}&8JjzIPJA?5to3#sF8cA7=^sD-m>at_QJ%ft6Y`pi*tiNy%FL$W_1LD zY3JY14e~jg+IOmQcAl1II7gK(hw9n7n0m23o8)$0r+)x)+Y5{ePH&UjuH(ZeF8z9^ zE#@V4`@!<bgo)!{uD)mTIqSxw!e!08^nxpXV`Spb>xz<yTD`oSi80$#msfACNd}3| z8L5;iTwcVlxh5n37&v~CZ(yVf2XZ$?f&A7WFi^&Yi#clTV;X<Ob&hVNP<sFNPMF4O z#~wr=y=qO;^LAKZpvw!4>o*gd30wYukn~j+6n#NqHC60yzMYQ!)khO9rwo$Qrvv-0 zag5+1>CJc4s`gh*Q-${dFh>g-7Vw^0_JH2HK|(Xj#D;4a@>@Tohc9=#rNw)~5x##- z#>`3cxZP0x!VR5RkO?uo<x5ktixUs|0pLydOkKY{b@?Ee?|)*#65X2wc|vAR7QwEK zhGJ<bzPu!1z4bRn31#k`ztA!Kwo6zObES;^EPwdgf6%_TyHCX`PmCW)SS)+3bke|6 zurDLAC*PvRy@H3*-g8)_K=|b)w<hy0O`1=KOhcT1#0WFhkZd_{J|N7-R)+A!aFMj9 z72Nt!dio)1FqGy_uog2q<VuEOB#GC*gh)%Z=?TdX!vIGA;TCeyLlp~C0Po8ZF~xRw zrs7m*rc8A4bpu};u1=qrT_rh*13xnB3{R!3AgeY?!Tlp?Fjt<RZ?u=D(cO-ls@#a= ziex|0J%sceQgh4Zf;0oMA>4E=R+v3QxGs|U6j|v@+oe#L^1iGnGK3(NF=p$6Osb_M zrD8;m(Jck6+p(H+RxmHuM$O6KfW052`QrQLFe*2uae?iwP6vN5gV~5_9KR>LczWNL zYt#<dyIfbx?e^k$&H)5Y+Huy#B#O;)oVA5dIQLj61(BS(K@i-&Ue-}Wm@U*6W(#85 zCuL|Pnwa(JiVS{Qc53DgFRM7r!QYewTYL$a)gmi^`CSp2OO_Kt!9^_b9;(vWoEz>= zZ-^olJbSFZc_mToablB!!-CP8Fow4r?;bkTF)G;ox1>QEl{}i}?wAfHmeVI_(g0lL z@QT48hoojERE%R_{iEfFNCI5%`&x|J68q>BdyncMW6dYl3PmOA_Q<-+o~tUF-vGC+ z?Yb)MPvSD~*AJ7b?YP6Jkp!vw8M<!QK%!IgQjvxk!19HLeMFaXdaj4pFP9__CAVr> z^orBu#Cg)PTx^fHZL8+4*ItYW>G!j2(Kc|b*&MYIc9=GrzSadp8!+iId7!We3^7WC zL->KwS#Hbpc0->__!H<PHD#Awh8-Pxzp4kb@Wo}`9gkwc{cf%b05U>4GdzOEu>^Rk zi;%y2i4CLmSjXE3DV97_Xv5NEYB8|)fs+NJq&E&Vt0B(a4k@36!$i@)BanUZwR9#U z*rtPZ1lA7p*U(V8rk;?W(RIWup~yReH$;%gx0c|xMS1f&b6(sCmMw=#jIXc}cNJET zhd4E(Ba#V4CO>l0;y<u-V7cf&xI#<8h}M|XkI2}c1s7c4@EfCJgzb`D%_q!zB-625 z2NK3umQ^4gi`$S|0{T+X@hC{PEi)sp=4};M)X*B4BwMzz9YU)O?Aa*Gf$%MW*f{T^ zr~wZy7L8K;JsF#HNX=6nIT$hfZXTyncd__~Stb#FgxO+k;pzgjF@kqVI*rFo?3!VT zdcL%e^8t;2_WkubbSJZHy>3f9Q_Qsv4xaAR@DU41h?F~;;M^3GPsu+$ZfB9s)nU`l zXm$8>z&GBm;`j>aOlhj%-;kcIOhFA=2eypcW_@Df8s+3)LJUU&yWaMWRuU)~d^#S+ z5*KT~urdeO*NGY6^3v{Dz|R5yM`@pR;IV)P_N=iSY0;AJQVd2d>eswCDC1Sbsd1Ii z2IEi23enYcCg{CLP8+qL&NWeb?)@w<g<ikn_#gD<!<UyXRvTrJ(trBXOZ+AXGz2`C zJQoA}85Hcs`LdGj*#qzuBHTW{(!%&S0k5SsW*t2cm-!}=4cB^Rk*9eE9g&&;U1Q8i zUu`IO!=0vbEyi$;?TNa)@gv(g{#LwLD+U#>xS>aoZC}@946P8>SV?(qKNB|Gi=w|3 z$~N8QdG$G)&$%58c~Ny~Q|!3DLAYl6?3C5}%=^<SRS1y>TEbzzAD_85!%m869XqBU zVz=6%7iPJH3;U5sc%pSqcprd;619vt(iWRXv!%L=<0^BRxm#`qo?%I<BiTNxoJ}z} z%9bRUe;6r$2Epc3z1~)vNo6&$#ysX$M_=I|(s%7=MWp9D_Xk|BLPrfvkmS9hToX1y z({&*1)5F{=maLA?Sx?nZZDr=9M)Az=sw%!#x0q3iKpkouXGb6*j-0;J@q1P(Ti5R6 z>fU}erLrD>v}-Y?@-G!0{dEJ4*}6ijsB1IB95-r4QS)D@)ftT~aBzoDrc&47&T5{1 zbDS141hV?LYVqBM_sQbU5c0j&vUu#6)E?6<w~JP~a(??>nJ;ikNAFM`+%CvUm~a`? z$@7QhC~nQFkyCE!V(ok<c>J^jzUdO5LVgsaVhgmT!-4kL%iK#ORd`CrBs7tynetsR zRNF!?>;+<o%!yLZnQ?`QkFK*zK~O3oeACGk)brqy{#CMw#j>?a^<c`IUm!flW$2~s zGw%MQ8$9F(O$ngpEY<%Yy~K4n;w!Z?Kc+L~ZT77jIimqiT@lp<NQ1NSk5*kfUmSd_ zP7_~m?_pI!9uOo_kgBbGP+ca3t{bglWg$98Ihr2LAp!HpuD*Q8!akxuhfXjIvX5vB z4zM~GUE=*CVaMcRiI{4Ed!{-{DWa``R=tyLX6*XaTAPq7cnKqTcsh<`Vx|BJppw5! znZZwRk!m!8TV1!Q6kKCPfvp6nrlJ=pb&;Fc_2>y_QaeCch|D`wM()<cBeMsyJpzH} z^kptWq2vm3n=hU_nDQPaaG-(eh1}I@GXi1XUW9pF`a+DRxn6CE=`h(Pzfc_1u2>xA zG=vkoB{609j<Lfo!}b)lL*$;qgyR9*!EBch`=<#EqTYMl8@J2*wGOr;#co9B4v-b~ zrmXv^){T(z^HvK+h@%1zSqtzH!PvJEMo2U@NCl&?=Rg%l(ze70W^e2VbZMLrmcAZ8 zbJiZ(z)0O<b`e8ua2vD`JK<n<a?*_Tm%f6=!_T5P+bBLLDnAIGRGP0hLD+9&kGSxm z1|2}+xjO2E)p698&HP2k1F$vHn+%fJr!ZG(SSzHanIxVMq1FViWP~5Ae&sF}7WWm^ zBCkzGA|A94IWR)?R!>T(7Mc3(wN}mjx?+0lO5R0jGX=lZuX7crCgR(XVX4aVkGEa@ z+jeu<{`=M#pdz}zxGL_OlIDvdOBvV(wp)D6%V0g-J*@v9^yt3Ans3Q=p2kzEs7Y$W zHP|@T$V^N@<AFuWHiS<|8#ZF({<j%V{y<rCy~=NB)RcbyZt`{!=V<ZFDGf7>Tn>a% zf_P7V+L)zHIL+TZ^N)zc(qKaBz?Vv}x>xk@iOYP;Fj&}|An_t$5wLQ_vrOl(p|a;Y zv$sjiSo5P%f{HPxiAjH06@HjJSE5*l8#on?oZhac05g*vwM)#m<<_f+8KD;0;+M_b zW~Xc;z3;?pGyU66qVFoy4|uvtF-{HzQtH<DL#Dt$=BQdFN`^(DofmRthQt#xgwo`# zYw6o;R$JBTa8;8o{G4YpVT4AEal&G8##V?6^14isQL)Hn4?pB}8om|fH{yjcnjE1i zxR_!$C`MX$Y&zWXZ2Bxxbm93$X;gx4DG!7{2@-@X)=|#Y)>T)CU{I6RlyEoqtZg@u zhl=lOIk@Uo&eo>w(dt*BaEer=q~o7EnMl<8X^n%hpQ4FZTHlcDlC$hMWW#Q1Zk%tz zyzJfnxkg>hRq9OL8tHDkw1v{GNEq$II@5Z<_|*hU)Jgas^mwC8rLdknu`2YO9*wh* zR7_VzYi$l-X%8;*oT``HqfgD|%l;%KYh}Drtr?SEckVY<pOnRUAO_8Pw%GhToS}cv zo|%s@7CcZl-dGrmHo+3|uE#nlYHgh^sO$J_H)y%)YT2>{7WdopNzmc}JC0w_03ohq zx0=?!35&QC=5i{?;rkn8J>N@0ymZ2!*GfjyiY}eqW<e{_W}~&0#If*4VT-t))NXJB zMi_jx8T4=Fo&T61vHo6Qv^eJI8`9}1%N|MYG9KCzr6A|$X1B)UQ{c$x6uzCy`a?17 z3HVCddb?e|xmWyvb+)hLpYIlvj1JMnh`7Nmh(*2EZnaxs_3hG36Gsx^R7gWUhkd0; z<quhK4WZe0bAy?Ll9%!BqMFljbF!C4xTv(Z{Yf|g7}-d|+>L)@A>$7VnFQU?y*f^P z&`i9x_g?m=-RM*bEoJX$UdaU0`Q#5{+4_*<d2PWG8WVO^cZY>N5eMFkF~q(4?w6W2 zwOQ`H-{H&X=$cG?y061H#Fjb>qz_)hET<lRTqVjC7URpZEmBM48nmVviB>F-3Vu03 zTP`d7KjtssPN_0qfqc4pBk6En*YNX!we5*OShYuSX|ZnEo1Vngi94@%V_j;~>8PYe z@TY<$xe5TWdglGnB>rtbpZ09C4)wCpoDr!cbw~fvU+b`hqccsrcOahVksOSlu6=qO za|j2G>SNlocE(h+`t|e<&74L32ZhU*A2a(9y<g+bv95Rag?z`2^o;f6jS>|;A%FSU zXvEY6Q#kLIhg^t-*^M@R*{|ZTH9y-wDSDYbyor3Hb?tO}2;q*$AjVDBwNZK4bRR+1 z)$Z1r<aEqZv8FBAZ^RB#6?UEydPlf)W_WqbP4=hkOY#O1)H=?<J)<$!@nb!s$j8=G zpW`xf?$;(+{(XI@dINi8{@&0J7BUrq=*(n9a){h@$)IC*EEhOB#)r(=<Y=FQY?=v- zAbIK)<jUXq{vbb}j<9O46}v&U`=3hWac$;cN};)RTuHfM`u7%O?{}|V;CzS49IU)} zQ-LiXh=2=I{ddqp`wgh9h-h_l-^D3M@d2AQASlkHm>1aJ^&Sn&-3)LXxZuA->8KnP z-N|X1zQ!y85s(tY1q}(eX(l7-Yolm)YtJ__0jCc9s;c)qI+8Azyl?8}o}hr5pkhT` z!5x#SN3-s{K<IeOVp&~tS?DA=Efjal%c=AMp(KI1@sI!l0(G`KT-;}%IN|)AU+_wU z9(BGcy(wuVcbA2GI+iDrFGnTr-S7Ot^=@#lwr94fw4h?je!yCzWz2b-0W0&MNua-Y z^R?8<0d2y4WKDDvMy~a3<v_KmFel8pn=bmd_;!n+t00F3v}{+{Cl#Lqgr^^h9)(QK zz79vqQN6N^I67w0Y%xh}2%XVF56T9o%q4-HNTEKJ90cH<w@ljuOzS6z@-4+930>J$ zxCS1e=b*@Y4jAwgQk#IeB|FrH3cv`%vyS~^*7ynQU?VW04ePtsHD+rZO94th3%t8O zBEpt^Sh|&;AhSGXmn-RO&`;MTa7<*HHMr`5bsY~w675|(!R^WqSAQ*PB(G9tp_;^} zK_%vyLyM(900BRFUx#RBLl+0nLw?@q@@B!*H(r?v<{~;2V74CKbWg>DmZFix)0eIk z^`@xFw;nH%upD`?AJfeH2!d)F)7%56wKct+K6%r<D)hp~wU2nG8a;5!f8+WUWR5)1 z$F;`=c=*ga|0wIrc@x1t_Hwx>=ostz$LI+s{bxY^s1F4k$>BdTxI^WKno*K&*l933 z=~VR#&4o0h@*Chi(FwNOuRETlhe=;uV;42Q`hEEU@bg)ntdwzOLaE7IJ0DW}-q+rj zeQh?VjVlMWz8^?C6KtNGdPP!mU+DDK+>5ixYty}NPoGgue!7{=+lt<?pjohF;#8$f zD+@jLtm|;+&x?e(ynpNuT1!OroSZnFQvBVhX#^ou(h#V*RGa2f0e!KW^fvXe`3c0B z^X6ZBO~MpEItEOJzTTYnC-3J~1f;x)EWP@(pk_s|u`sQa*YbQ{9Uz>i+Qff$(>#t~ z0Iq%ZjcT;J&b7~x&}RP!(luk$x{~k8x*T@>hOa9jF=V=Oz*3=fqrOI=B(W)~aNyA1 zv?kW6A=547UxuK@XRs08bQv35?}w+K+DxwC_C2VzT)04of`h4aa#0_HF+kV1fiD(| zNG~FAlS8HKAzW{lQ4<Ch((8}Nrx@z0U_@0<2gjB{wSO>mGsonNm)N?0rH29T6hEDD z*pwv;-etKXsg@;Zdq+Sz7|f|;zIV&sDE(nVx{#i3IZnCpODmW4Z=G110Z~^cE>H}9 zOnm68lZlbS&}{LfrGT==pE6p1v`Q4cREK_ZEmw9E*Sv(BscGtqO;YeOpBc0D@=>h; z-cS)eA#5dANH70w^H$7u*Eg1zkJ0kRZvVM?;j6i_mkB>u&2NjdZ`Kj<yit}TuN%Gv zCl8vBWbIfditZnRPY14%pUD2T2RkVT#tD*XwBX2B8<GjBGO%ATbB^FuNV7ZRvWf=8 zPu3`ujNE-Aa9_$}#Fqd9g4|Rn<KmjeW;fgPDw=b?1V2}e7==f#k>%Ka{zElNgwd7u zUrxUGRZ?6DOXpg{Ci{xVuC0%Eu#q*guiuXoil1s7(uhTRy3v|s2!%f{JW!awi%$0U z)MHdEA#3KSo@4-4yv-IeJW*n#MO+EuarP3)Ssma9(_IuL&64B^dT%QJgARP(?D{f- z9k`4>wuKy$9Niy@rtaQ0Hn$G5suQ()?>YKyx8|2F*|zLsJ6dp>KfkHP`iqd{RAv{7 z7>io74=1}OnC)TC`ZOcdrvK~R_pz>%2!8fOiKeNqQuqr(fraEr>|Wn0-=9%v`<r*7 zHJN59ij4=GbO7s9W$f`lSi#3^pJuReZb9axajiyBo?#2ct4V2!7M3jU1MqP|5jE{i zU5qcgEvhZ{-KJY_y)~G^BfwVhfFkfyFSR3kKl7AnYasYs;^NuQHS#sKM<s7h5jVe> z&yPu>M+tlG6H#wLcXA0dffr2P63^Z!+$bz$RIjo@&QgMX^n;}O^<_(O{HY|!siNa* zjraL;1!bkr#W!&I-Z3IwrS1x^r~2Nna4!i$d1*$o8@k07?$E#ObF;Fl{~ochzdfb4 z>;AXRu6spuX`=4Wb+@qR?%4TRru?y)EYi#ty(3cdrp)6%NN|i6kU8IySZSqd)Tlq` z+oUv*F?RZM$Gu<oR~H}A_y2qHGVhQDuw?4$n9qNy|LIk?h^xtzIZaTZJyJ7mMEtrA z7!^Le=?@RFZ>g{*yD2Bb>#CX8Z8h?e-HGB<nDePRE%og6ukmJGSLwVzWhYxlBcQ1S zH_<d~iY~NvBF2$#sJPFKsd4XfTEcG(5zu17W6c82an&E-ThvobFT37}F2+4dDFdtE zfAm(XRIhQop69KcqYNGidJ{5<v3;f+4E+|v7v#PBm}42ddOYqtpNam^J4VoYp>aV* zqNguYDn!D&?k7dxAmNU%=4_kGM>B1!<CY1ld_{${$o>s6Tad8EbO7r6n`jKLR#&N| zVDY;5Gh}a%r!*OPAg*#T4JlqIJ_PceKvr3q`SDQ|40$fs8o$^G-MCtc*BEoAV|8SN z9<uJ$LEIr(LoI$K`7r4^QOqI3e!oMknTBHg{iHLzOP)&UhfEV^T(-rID`WqXmPnN- zNm6V-tOkApmWn(SUvZmdE{rU;>KuR9wqiZ*u-3hhM)e)qA*`r#vD$<;t_^^`qI=Lt ztJZc;-ZN^)Ul~&)c`x(j&8V)|1iPCX<`bQ}T`wz+Inc#I_d9~u{)j2xD2IiJ2&w>9 zPE7Z$jR$e>IX$~{W8r}n0D1vgI=NNFL4$048DZ}z*o_<DaW@nuh<f|@j780au8aaW z@-yGZ_u2=d$gk2-6w7xowk-4rfHZ~b(fv34J$6`A^pZ`OghsJsGynQ6B}h3KMHX>6 zht=;NvbHuBz<3FbhFXXh$}3~Gc0havcKXgP_VU4|3nePGV$h*Wbi5`r*!>u`u8y+@ z-H<OFN@xq%bw}Sxiw%4px(GTYCo&*K2p8b);|CM&4CF5~HJee~3aHlPQ#--_2NJiz zJ?`-&*2nOJ+&vA$s6^7O2i#HMm&zdQq_I8o{r9Q02b9mNX8w8dUZoT^5*#JM`k9lT z`AA%lE6i4$vX%U$5MJiRST1><G~sA45aNh<O}7dsk>q{deI+=e?ZIqsWINczt^WN- zJmA!nr6V(OjNpH)_Wo<Z%Uo&K4R#4Lmn<(C#rBDjFcsdGSD_?3HPJ@7kj2Nd-%EZH znzU>1?e3KH`~{fbXSV?oG0-f;N~Gd^e68|0@Yz$(4qp)!-gEDt#`M9)jz=EBI^<Uu zi?LUWf*;m*@n=SnwC8WUl`E__WE8%J`u7s{ylJP3z6B&qw-(fNiTJ_@O-I5^Vq>f! zVr%xHdMc&+Ut^-!&(Pi<xjJc2$4;+$nU#fhu}|R4zfPom%v*Z8bmIBd_v6?G=NRH1 z+*_eV&6*(T$Lt*I)4U9&FUZVaN~v(nY`d+_P^<SX87hAjv^|X<Q@AzsywL{gK&L_` zoum`P($V=lX!VQkgnc=h&|mHu{dQr-5L{#;<<&c`-l$cU?|k<6q_G}&swtjLP+RJS z7=ufHBdD&5lmDR3+gdOL$qz7F;IIxuXdHg?JT)5EdFy352Y&iJDKq?n{b8)Zj{@Cl z#iELrb9m0h%e4k>$;F$(xGP1jW`I}kfj@mkHj9;FHyVszDitrT6)cv-Q*49}3V(iV zi9}Dc3{ijHmFouV*s<(%sGAM!xTRH(*Jbwo2VIG~((u^Y2s!iejOsh^&B*cIIC?v^ zy+SVK2K6i>X6vq2!R5_ad)1zW@QpDLO}e8mrMx%ADcfZhr1$+=0w@cq^eOYo9J@!# z-dighzq{V`As@^CHOcutbs|E<=wi{Q(Uo}P2&ubEA+{&;@BZ^?jr2?MfR5Lb{s710 z?P}y`RCwX%tIcI}?e=tv^uaOv`p+jDHMhGAKbx}qWypoUR&UhQc2yi}Rn{Xc>}|r7 zOqnNVT~<>B*)?$jyO-G#OosyZvsJ}<Bw+{qd8^LP38JFSg;jxK%LL(69+%XwSwuOt zFyLlYSFA`F2bA2%B2%GiU=;F?bI%>9#8VR(|Da%}zkNs@Ow#>GU<U>Qpb^Un()}c> zn(hMUl7-^uNp+WW;@?DX+`vIgVZ!vv>uawRXL$3)fkP%|R7;k<7e`piuan?k<+Zlf z0=zYwEVZS)t5I=&bZ_UBx^#p1aPf^e54Qu&yma5VDt!Fb3yUlD!6F~tO}(_RB*<(I zF}B6eOvGE-sqfI5d2;>O>n2d`7sqQ{0%g9{M4EM~Zy|4vmmK*Kqh|rOnwwOy3z6=D zpHGB&7%t}&2)`y7wx;PQT>jS2B%!B7swnK2=t)LFC;Q?H#PTxJF%}-aA%+vn(rXF} zi>X?JZ(`q3X#YWF^wYY=2@K(mPdnpzZ*!+ohrMw#CZzakly2Hmsx3#K7>N3HkYv^+ zc<FKZ^D9i^+xp`S!$VsyH*3E_rTIo)qn}tOrcViAbCr^zes@l+eLa2A<AUpDo5P=r zrVH824;}gVPj)92GO)72`gW^ti|@}r?bR+Sw~oy(!ZMe^u)9#lt|^WZ)}Lr!0knHz z#BK8Hy!o=fk132~-xyI{LDoEIm#A7NAJ}FRZZ_`oqeu-HS<Ci^z49-%!=iM|TJ`^7 z$bcT9nExi_x;WF@_AUpW55$<sW6I2}*s@PB3xnMCh}}BK$PEheKnU2Z;Rah2%xWL1 zecrICTQn0hwSE|>*8)nq__<@uyXS?1w{GW*7D4L3!DUMx$UyQ@X%{Zzq$z#xw@IeC zcIH<+WGtFjKJKNp^J!f`QV)T3t=SmN;{7U%SleB$ZgvBxyd@OP+9>s*nB&KXb6;^a zjMl603&5Qzy*7BiMr#`^fF*@}5+nEG(LWbZ8b+TaojADr1(!=qA1a+ga08A7W=Lx% zoY;*YLjJj7rmb8}*>Ty-%C;iESNj5*Ybz&Y+;SC^o7ym0_q}KM9El(4H?MmK*#|o= zmx+KSJ~;ZWmxxV~A4*06JBZ}4Wo%i!v$0zZq`)1J6d3}_bSYaOXc3uwq04m-=eieD z+gP|=&ulyHE!h3lhjTzn_>i0PLd&cb=H+b&2p)E&Tjwf!mf4h@@|x-9F1S`9Z~+1A zb&TMQ(AA~7NQ2G3Fpa_a<zqPp;e#|4;g>47lc{RuA?M7;@b(vmrlAyht#Z5#2*Va% zVq@E1m}plfJ6@Tw)q!nW;+ojFIv)5iYnSr96|Sl%Yi}4rx>^XHji^4!VT`bfRGcZ6 zp;e9A#Z;DpdSlg?Q=63qBaH5?&+wuhGY_R)eFAvp7vT!XhUqi35Jw3RB6XNUG%7}d zFL^-`cp`g;7dXTZg5`althDw~h^V)9P8K)tP>gUI>`b2sVc2jI(5+?XX9}b|efX;Z z2u+$2>V@GyN^!$rQZmn{p;12JWk)cmjN=;uhO53X`SgJ@9#Vh>%3UWj;$XtIi(a}; z24R7NC8z4ZH1!~WrryLdnJzmnQXC#$Y1AsnAjs@Uny~D8!*J6i#|RWl74bQ6y5A3l z1*6h`sdRsf!y*+LCVu4x<CI<}WeMC7y|;szqbTy^1()NaEFHLLv|@>Nh^ttm`o(ij z(B8&IWb`<OZLJd=wKrFaDumVq@6qm7OurykpoF|%`mYJgP-YajEl2AK#d3xeO_RaC z_5Gh3sGyENq)~1;qIBK>E;>6!*yY9WTr7Rh?B1LCiVCH#lNZNrOP4E3L_Pp3!^SLc z%-T76Xv|4#?C7g94!nwIuWO!}REy~e`=+{37p$2z!DqPuT|oz6G#ius1YE;#bua2X zLAF)7)`-&=E2c~XJ+~p+{cOLx*;u4kx}=2ZaEG1B@7@esXA`=o&X6@YtPM@W!Ctjg z#06-|zuDYhD4r#BPZ4By`pnv7yF8&(BZ=_kml)~3%wAz22fmz+=@Zt)Bslj@5t8PW zGXIaFbB|}T|Nr<k!z7JrmBXCfm`V<lIgBBvF>KRG?h@{pZ^<F&ViMJwQ&X75irFZ| zor+s(9h|D6ZMP&OL<l)Y^!t78zdarvd+cys*XR9yy`E1G_w$k%<p@Vbc}Ed;(=lw> zWmHISDoTND-Hh{gstoC4#)|0%zg&{pC+cxag2xMsyiX#?Yni{)Ccd>?WoN!Vsrhud zTy@ra4{5p4ea^~m8bE{+f5)9TV+w)$gkIMtL+w^qyXgg_HTy0-<$XPPwAAaB8fv$A zZIn9-s?+wWp#p8l3BQPE53X0G)$^9us|#h%VV}ZUcAb24?Q@?+4mZ`mtS=@lF3p73 zm%&MXACDF^Z&dytG!Woe&-p*-Ew)-WwwIkBJd=3mdtlw(G}`vIg31c7ZeNiKyszr7 z!&4+nEjrctZ&R<Rcd6uB|1CN*5p@^Zs<0)S(ASk8nfDgoM@3nXoWnx8gA3onIS}5n zLe6emDiA5qP8k_+$WQcfM*Tl92}<jCbE8Gr(s6C72r@o>q1*S@^AVyK>w|WU+bPx6 zn860M-{<|)!VSK-#rDdK{tis77nU%GzCKra-vrk-UX&eQ+yRe7cL1c^ThI91U!!RO zaHZ7mUi<33>e6hXVqTw3aC!HwjCr(V$E_FhH&%ZSf7dP^D=Ew!a}0Y-me%#tn8B%D z{ei5Hi2)Ex&hu3G`{rjM;KG^SuA5MHc(p2H8ou%8J+LXSpJsW?6(TyDPbX}eXSf(% z5SZ`ncKr_9?3eTyuB(4NUNaHkMfk0s4M>*CXQXpUQL&>(zH8kla5wdMU9WHn&tKbh z`%V*U<4iZfPDc=(wr`&?AqD2+6*jBCeUb!ehdgPwkOx?~dK$=ioQOVoMKPOe5G2aw z9Zoss`pV8e`?thT_V3A^Q!6t^JHBVsn8%^cE*%nEH>y@%-Fs5ofas{m@R~=wF+=do z3{yVcdU{~j)X{~(e)HBL6Se!tkB?Q~h)FautT~X?_Pj*bCatIVt3ZwBsPumHNxYTb zEA^bTfWH-Li#1{*{Jlq~%S8v!LDJL^n;~m)`u1t37kUMuD<h9w{|?3-$8WLjxZz)C zvy9-`Db%+bsGVA$y!YX#ouB`)(C9)OyypgyYv(>p+kfz$$+4$p*h}e4{B8OgA<zX( z4aPo{HBGF&`85Y6R^4PH99?O_>FN|3<<QUZ-tgaCW4mZ{tmJB4Ojk4*SF~IgkQ=_{ z_)bt1YMU`HAZ{=dS$50n3O)%tGU53%)gO|45EpXJmm|PoPr2FSb^N+WM=i(A=R%bm z;rBP5$H%UYu1561Ul*)O0O=^1z3*fNHEUP#<5p!r@VQ@%KJ$-Hzyp`ay7YSGnxjWH zBG3%t>&>d)<jpAxttrx%`<y8E+<SO+`Fqlcd4@?<JM9yyWY1k3)pNMKL$A^f*q~b@ z2o3+;(P&?kd&=fBu7_Ks3sDL(08o>hS!wjh?a!<Hpt{h1auz@1PTe(cOSVwp?(sfl zRAbgC=n8;=S<CB;9`-RAHb_Pz!(AYn*H)26G|6aeB%iREwc7m=kJ;2QLHv(RfaI_V zNfSQ3yROqz(>>s7_KJaFRh3zbm7`0ym6FgQ*bGHX#Zc&iQ=H}mo!8|=gvW(=4|L6g zjTrD_D7iURS<cUq{6)~#7uZV(yqt{X2OcJBi@s$Lh|zMjNZ5ZAvu_m5)9#^Qo#Cnr z`;!&DZ=N8A3#SQte2MX}H$`Yk?OhL;y?Uy=%_IhT76j+H%?xCkIy3&~fgnOLS$~bP zBl}}~NY?L+(!CyK?}BX_EAYxO_xy^MTskr;X@H%=W1v{6wCP5&#9QDle?yr2W=|4- zRnf-qj-_=(Skd_Xq)Lm<uRdGM-fR+1_<{4|z=Nh{8KZ?w!{ylOiX7VS!}gSh_IULu z)o)vlY#qM!q||-FRd|1U9L`1L_3{UX+50VAWrL24CM}@O39gkEPx;m1C(<oRtQM<^ z({Z8$2&?^O#%jCpH1{5kL&1C_*eeDF=Fk*ZszQi~ghXD{Zc`GmE_8vCWar~*3tnIl z>I-v`I}|7AU3kIWbT!cbFR7M^;c5Q^i(|LwY)=Jy^>iLS+z20TJ|{BUZm`%j?rIWc z4vvhu&)HFDdy0QjYi&>EJFx}}4aCR-;5z%H#t(r%7$>s`5l~?Qn%vY=u90o}nM&BU zdyV?AtEaplA(Q9W4EZ(^#<5A9I6(q(6{v!o7P$#VgZOZZ7%1SHV8ZLCSmw{sIIi{c zp7Qlrucq`5bAWiYJW7#oarW^I_;YZq=<3RH#XuL?k2xgy+o6D77zf)}AkSdSH7A&? zBy1RNtjPQW<M^FC<iH|tN(wN><IsZ77B-X@G6#aXr;3|6+MU_!%UEdcx-GSCmb7KD zJgJKaMad?!H{o5ajhb;3*c;{KD6PtpQoM2dcMxq|Zh_Vq-Wy;jYr{pPo`ZY3#dqs& zq=@IpGhOE?7tMRpb3osJ@)Yfp04C%lfUX&<8;ld7*>RA#{#-R&r~`_%BtzvoR54G! z=(3y;RJz`i5FmmQuG#>9v@a5a#J6Y~t9&Q-v560;3|g@}e9r}Ak4<)QsOcB(Mmvt3 z`x~u%13X+pqrWTJ&V~zwUzJ7g+Gf$z=vjhrG(X)N{s2lfER0NEnD+Q9+c$6nQ+di> zFZ1^~m~kJ%o`Mx#_}qENZmm%#?UBd+vZlt30zciOZ_yxgdh}&!^iOs+5B6+c-l+0> zS$kTxZhwXjTI>6PkaZH=AWS%wD^vz+)J)4ia=t3P+9>GyZQq}IW7|JZ240+93(*2T zj0@_l&`Y7OW=pQdt|2j3Hb?5Gz5|zgud=s1$B?Zz7d${5>q^_GjX*ur`H)vP^jjnD z#rm3<d-d7Z`s*p}o*+9?kmQwJdL%?@GV6HDGkfE_WSXNaW}TZX+S;bt7E3pgzZHA= zDS29z8+z|Ltf=OTOWD)$d~XZ0V8iF+->-vj8xA_BCD^a0ZN>2)u&ZU`-ycw3$pxS4 ze9`$T?6c94Rmu8oPSG9T1e@xa&Rr{ovbi&@=46nDa-i<F-4y{fJ+t~YiFanW*p~g{ zxo(pCN!kA(6n{{p+nC2REBq1YXYt7w^UZul<X8Xq_9tDgYyKLmV}=gjBRp1?<_i=F z)^9D)8dsH{M3B#_bWV$wZ1_*#YAa2e`x{A7>vtP3_pqC`#~a-kb`n-^6E&>gWu)KN z>;xFnF%@}>{~fq@YM?{jql;*5tm?>fK7L3Ij#A*+bCedV4T>C+gObH6oSP9>KDDRi zGQxWMmy8xF^<LKNELWwz-}Xac!oTI3nQYzqq|4c}r!7`vzuEq)yYqU~|3R_b$!PN1 z==4j~zoYZcxb~GlaU$6mu~^jTUUj!f(COHdl3U|(wXAv7|LH!>38e#m<>@zht3_W* z)E1|R-27g}8~#YdIH6SzWKXu{5-BoEHWgFdiqM}Qfg9k`IDg6|#wTf+2bI>-qwJyZ zE>-wkc_c#Av55LMUFt5B1wy^)excICgqDCOwMj>|A@M1PvLCYr7VEzbU35*aN16m) zBky(!&mTI|)f})@`gRwOShuWqyNO9RL=cPpf}*Jk!YP6-O>tPE)zVkN+~b(O3@f@V zkQ`(HyAa+lAE86DobWzS3XD5!@lC-Baxn^IS&#!j9vfOl4A=QDtu2PV9-5~;3z{GW z+ls>`fZopiZ4VpAEw!n<4sliH6S=WHx5I=ZHLy&G_>TLY<rg}h?%V(R+#R7k+S-s4 zFU74k@^k8isdIfL4NIt<u9_zJ^(Y*7lSlig)Q5l%@0j)eOKpX_2S-FiSnotDdY??D zJOCcgEu}O9IK@IX{L=_Ay+H`sQ=Smxp$daAo(>Al2#oG2xtJt#tFsTvuKQGD*4`^b z%_9OOn{$cs*5jwg=-g70Tt_7o>%D0n!E^iWQSmCwUc6*4h6&!$Vn!Dzmo%e&dijrJ zc7G{aAnJ!4dQ3Mb?b+1~i@vI=Nn6K^-JxYA3f?txHw_Z-CWxZp@^~!LRUvq051wWt z@~BI{NF%OMRr-^~Kf?Qje$~Ku7^E`H2Q(!D0WB_svt@C?d1tn;Grx{x_^EktH{W~J z!%eD<vJoT{jum7}j|3O?ha0dXCB9^^DZWTMngCX@otR0!DzFh8D3>o|r1n#)=Uj!S zx&Y3|+_%r%+vqIuFzjFwAC|%L{_IVQ370t(apn0A4fC!V-AJ2Cdg}DcJ2Yezrm3No zhF_!BBKLxC@aR|>n_$D0Ta&CURW8nYJ}<>UGj_^iMq;G#ouQyeI3N3T15^B>?W-?h zGF<gCUbIgt*0O1_PT;|6=OOfh&q|B?G<cfo7AE2oTcEif7IT#RbL<*4(_682iUmq` z>*25@z<$|E+FNSwHu5vMTehTO%9HhBsWQFPlehl!j?mahGuDfPlolBls)7bXlM&yL znH*P6$2hHjQ&mnTGfQz5d(&Bj;3Szm<#zoV9c=%Tp4_SyGlTXC4<F<5@CtawHrv=K zpEm8D5+)i>v<0EwE@BkC`46-*m4NKrV(b7)b!I9cT#Nq(`#<Q!xK}<qh&RE2Qr#b! zrhp}ppXDH3vtb++Dh?SeK;lqz@9WX*1VH>q7B6_q0_t!kH@2^k6IUTK(oY#<o25`B zD&H48S?s`Q0>}Wtp9CZjiShE`s_!$zx4L=?YSHY-_4pPUO-Wy&4zfAIvS9-RsX@JK zKu{Y<i}68)zQ33{w=U<XuL_?BT1|VZO3C2|3+2h<bduTgN*_D+*>?lqWKLLJ9i`(j zl}>GlNs=C4&9E@h`-afyL)Gtk=((M;(_&?<V$2L`Bdwz%On=rKov;d681FdSnw}5s zu1^hP2RTNO^D2}N;r_cRjy+To*roM)E5G|U*5vNU`I8$eY8ne*f9y1WtKpZ#0r3?y zFSrQo-O@i}d|l<ip;pmNu5h2m)~RSi#3&}q@A>WllibyDg(;7sk+=0>{|807fRfvf zp{T#jwFjPfgMh5t=*+Qmvgc^WqIvHcRxADCf18pH$d6<{d^^)7L*Fx<_hW?+_BY+c zI!AP**vrG$?{!|9;!ZW_g-7>=a0llLtMaZoJ50%hojnbj7H;M)Z}l<Th;`%K<D>&C zH%Ct<JQ0^HXOib#GQL}ct7;qk2)P*o)N@n5hs}T7oa29}asIH~W;NK6l30l<&h64U z@fUaV8SI9&vF0j}y9dc1_eV^znV(+0NC<NbNbVCptp<~<Qo8%{70<S!`4l7gBLDuT z;ZNT@?yCC36}Nx0mB#q0hjOl`^;O6W2d5ZoW@?e!49ZUbd$_rP>Aux5;F{=p$hrwW zi<S|Oy%C61G+wEeaAE@g)!#F*!eI^G^|BYe{Cz5OtBoF5$+s<4pZW`tQ~&v4`}Et? zgL)s0CzDocuGd{lP$A;0p3@F?)p#vq?OB9JSK`+NTel4=h4JkFWVMPfOuC?rQ@>SM zx;4HWU8BMdbdJohD40|jV4e^RZaO;~TK0FpnRr`gu#9@`x#v4fk+4)9%IbfZTCj0% z{JzP7Y^M<x@$2rbZCfWrRO6AaYAaRy(--!e`;0gCDJQ$AqXb>l$?#X(H)x~Nt#&I| zWsr{0f;KOx)6Q?a|0zk0%%YorsDVtXW?4S=N?{KoT=J~9GhF+}zsf4g;|Z-EeEN}e zF)!;44d)*+^S_8L;#No;^O;+9M#rP;vE*ph*of6#xjU^~x%G%XXH>{i)kVm>?_tdD z;J;tPs(MT@J_yv%5M^`S{^5d0)(Od^R{;C|FyE`xL}uJx-5Tw;^A7~ut*z!jXG%1& zD{~BZj?i%;JNA|RB-|5wb`Wm3ykme)>!-{yff$IBOg;7i5KdIPu<4hhS%l3WIO@4$ z18qdA?stq0sPay~0tvV|25qFYzIt_<Apa)O4-pU&<{%x6We1TOkkXP?GdW|mQGnRs zbjun%Iq7pSqz9zC0;yVr`imo%f|S_KLdBCMyEFW*`zG&^ZAqVCglH4P5Aim4VTJLj z$7#Z0)>&1)LJmzySx`P^#K`xDxq)%Liplm4-kEAlR+O!JmS;M!yPm)r3kJva84o(_ z!QK$fkk<+JHRK#(QiTS=w}j!UV`Ttvj$-G*`o*w}8plY`RQ5k(CZDdn2NhSTkr|L) zR3~_|?IS;Ek472s+Pl4+Q+Y-paN`|KP#GG>{@CKJ0`u`#<3;D6-ea@F#C<-L0iYM~ zbOv;Z5p&Tv#*TWv6NkMods(KOh9J_;yeyZEe8H8Y*-@?MI?8_vCj4dORk;fu<sAPK zFawL2^O2R(Asa69Tm=Lf-g?rkV}pO_dm@&ga98AQCg;|#g*i9@jRh`NE~>WRtgOnw zCDu9GJ1mg0OHjs!Xr~|Pb_I&7huNw1(5}^_3bn|Be#$JouLx4LS*m<Wr)0@W|MJqp z&=+HTYwU2dBt`#oJn(|f7DYSXH>UPgjG*WUBBp}*-do8#tQj-WoqUQpT+-z&EdYb8 zpX4?lWo*MZN1~EK=1_*tX=0+xTWLz+oxnR|Ggg*`H+RD)RqAqMC%kfKtK-=BIpsBg z5+uD%QtRjp@3*6<-o8-h)fPfh!@J^`$>8Ef20(~?$;Tb)A*B@n4TyD%o^bmP{3<5R z6K?;>t~+TqQ=Q?k5zUnMEjpdxh7}Hr?X+ar#){CT(u!?KTqs&9UYc-|5N)`!B2#2E z$1i!23ui<7%W90#;>@n|l3EDx<hhg;-nyk%$8es!IT3+{tx_8+Wm42Bh?>1dj}ZZc zeW*BIAASP(tYiu(L*n5g1zSlSfFPb?Mqi{UAb6%`srBWRZgSY#y&tf`RE&juig<gk zQa5T5E2J4EAhe0{u*q1;>CHVwN8(WmfxorE!V;MZa;yHJ<<KV13*iFI>6l$8JbkfZ zcBPT`m*#N-qFE<YJ7$0EBn~lG3H$D3G|1T@oXAbioFQ`5^qF9XFTY&5Ep*gf|JR#O z?q3Ppo?fZR(CPTjXZ=LdnxCBh>%<{l#7}9;a$aRz?#7iu_SqX6nuF9v#};#=MK0nh z%TfPg+Qju4$6{XZiNfrnven7Y;<Bp>YU^}i<r!8P2llPpXn`xYTW{Z+xz^?%=6+=l z<E|er_@#vbdgAQbBR3uH#X5N<b{Sl-rNHh+D+Ri%-@nkvTNq{CxZ0cY19RX#=5^Ff z$L}@RuH8}k2iG_f)uB`4iVWYsGz1PQ%Eimdu_EV}6PMS%5+WKI{ZD2iy~+q_FX;w1 zxYXhY8sD;RFVv)O0Md5KPQ;q@y}M%WfV1O}bH%GtYq@17*VnG&ov*IQD4(a?D@4E* z9MRI>Cj^L%was_njna@`ck;d;*cogl25n6hc=o&LMO6V$8tg>(3V9##aB|l+w85F5 z96x#byyT~&rRVtemH%OD`k%kv<!~|YXy6mWQ~aRDJMp!vy{YGlGfCwAyEGlT-NCR| zr`Y11sLfkk8(4a*ot1yk;CYxDfv_Ur-Beh}i6{@;X`uJ7n}N-C`}-daq-S;`%|%#) zcQ!8>c>&|I4*w%v2|Yp6iLoUwSJ}#11vzbt<DW7BWR>`>P*U$X{vN9J;g;QjcQ~-J zmnCCwz(?#+sYj0FZkzR$S7;mP8u8nl#Q9pX!#=)a*Pc($>cs|RJ9IvndLe)1qB+vs z!qpJX4a}6n!RgX57DnY>;MZpjRm%O}ApUtS;Pj!IFXTqJs56ue(r0LcU~R|0w<k&A zby>utorSTc7ESKWyK`DJn{t0rA9h0WPjtFLbjtBYxNBwKt92mo;1?s?_G#8jtQGsu z-R+*(g|vJk|Ib!*gu_8q6tDdoCiX^%9v(ug1<v)=>q=^FxBiRv|5cPj`ooJAQoHEy zgHnu+G_fCH6F!cLWe680tf%d%E=m%wb*V6QX0ap-Q*6W>yJ!Xi@kk38n2|k^VfV`1 zuw)R7aZ|)j^9_^z8a|%oChk4yj1zd{4!w)0bG+%+aOhj3;|;?v-S6ukV+MU}uuw5> zICHP~R-=l4YLHQe+b}9?%XM19J}SA<VClC1NY6E;L+2M!>pKI&Pjr?xBGg2X>&0Yg zH787!4;t402MO*BndKIuOkh2nBf)o)YH2XgprU$n_XXUOETcHJV{Db>vN0jHC%855 zfIKpmGA*pM*iY?Nk7@O_;m79Z&_;NWSs0F|=;fc0E;9VC?kv+VR@NX3!i^@|J`P`Z zF|eFt<ai>@J+>PG)k-UkE>vBtl69%7LJ4+gJhvxDq3gB`L;#Gz4#oE99u6{=9RRkh zg*6&Khs!$?%fYZ%b1atp(7I-y3#mf{87{YBTVzWk{N!L}A1igCanwc`F=j~dkbVz+ zhrV{UQU<Pawyj3)T5ujx(cI@#dW&n*B0mc-N_}?T?fApncgLSU+9Z8>t%xqvmoDt* zea$#iM2*=l)Vos!&wz1HRm+&*(~Ay`^*#k>FfDPT;6w#(wfVj}jM@jSCP;_}Qo(xE zpMKm@OENQ`_#lHpz`S86Uw73#FZobf06vjb!89=n#|PYZVL-v!3J>=kbBPVPfh%JW zZy;S{R%+{K?kVUHnZ~wQeagXH`5)(;)wb(x@)_5Ys)m_oDs}u-c~Hi*N0c(E`c<=T zj!}-QJ4e!iz#`p=(6udPb5*DX#&OGbP(1k$#M^b!)lTgW-DYsH>GC7%DsD)rvFZ=y zN2ZR7ktrd$5q4TH^N_;@rMGBzbCSUgf(_Xww3sUUNa=7XH7mu>+y>55H8{ryaEr(; zCxU_;K1vxoc!8D-IJ~S0&rTa`ckd8oJ_&RYXN<d^jFTYB$Rh}|0!oJ?9QF9m(S$8S zDPrchDnBJSy#+GGMCaft9J7tr#1J}}+W5`V{R;t9?&45G=7VfZZyR-$q6)~h5F>E> zc>u(9HhwW&_F1hw`)ORc5s=Pj<R&A&koduL#Q^gRM!Yc$VN^;39Srv#X6R@)WE%>~ zuqMatDDX~99dhK;l)DkPTqmx@I=TzKz(p(q=*4hsj<m?=dN}U*Xg8cbuu?>QthXe1 zqJo1ikW`IWWo?Y$KP;dqF6C@6-jNvgrdfg8Q6H8*1u&j#E0qt=*bgZKqR`3G=*d(v zxfr2i9x|c&yB=m9X@gF#>%)}N9HVZkO{kA7S!v_Gkd^P=YGv8YZ%T4RD~9Z-@aR1D z)@9OXx!ll&L;O7xpZn&9pWvl{{H<KOMxKB}7SCpNR6tc`o$9y`8~LQXPY>26Ivh%> zl#bKhCS@<-P<MAcJ^#gtE5Etu^4b-zl#v>(GyO%n2N8``=YI;n_~4@tf-AevrjA9p z;Vog2LB-d~uD>5F2?kzjKjr?q)yh5NT6U#IGxsi<dg;mRMLmX<<1HCfQ=N{%{Bqj> zO8Df&3lw?7XM`eGGVAGpPnRj!S2+f9=MC-51fzR*S1DM^$oM~Pe<LG0duHVEN5H^v zUtxMy4C0Qdv5ep`bErPX<3ixSmpr=9SE;Y1yR~$^)!3i*?6pMQI`SUF`1Br+upG;` z%0hqTD);wryR^SCSqia*g+@~zq<R;opNz)U&~FWh`y^w!qXp<nv^HOLn1cCPO~hVu z!yYjWRB^ss`kc7=Wd>c2@+ram+x8zKd)i-}6KFQ{aJiu=C}c2i&`o)Z$m(2Ec<UH> z!#GLjF}cn^_?q17q_6s4onbQ(oZFx5MyGnIM$!*lM|$;{ID@h{p9_;>J@2wNxm9Y| zruXiu)o)nOHLg@`>q^*@7SJuqvGzb93`>@?B6s+XQ2%&J>-R4{peY9(+H8L-QNDCf z+u?|Ue#Kl1yYo*^u~mNLwREYWM$TQOqbTnDx0YdJHq(cP-WwP>oEZ1{cIYqIp6jJJ zt;$<%PB$GMJ=uA6V|n;~8}HL=#2e)vo@nnizY9Kbx_KK?gAJ26w8Cx6@ToslGY@M3 zfv-ON(W$Y+m}~MGWlOp2=URnlRDLyG0jWuaX}6e&z@qO~!P)XV<m@v(F(PT_`;i4% zHcqWu<RE)V0*kbd#p#B(lcnNN|0IJscl|z)xGSP2FIMj87-NCo(U&Gl=$crml%{|c zCg~=jfIGKhRbf=Tvn>(>nwQ&2`f16uKQ5!_RuB%(p}xSiC|rJEr9*_S7SwTFsY83+ z+7Nnls0h1|OUxY8dMZ(y$6<90O`+jCNeeA5*J)E)9#|-5pn+>D8LaRhtJoS!mHERj zfY*wU&wie19~6hBXZw${6UiU!CC9zbRZrW9pnyRbAe;Xjz8fjBOaPC*3%W)%h89V9 z8Z_(EI#VzM|JNV%=jCZzH?@$yj^%CLz&LZHP5yDWZ>6Y1k^LM-;F%SH_fH(^)$UXD zI=hCpfNSqm1)TwGKLA5##V5AtPI#2-=Kz3J_-4h+8EnOw${}{~_OG{VRqwW9;$aj> z&I)vzG~_KA=6&o?C`kQM*DPUs6lQZqw^ZYr62lc?|L>7a_MJ2*gA{-7avS*qbD3;9 z>$b?Q^oE)Zn)*buk&7_HO(s?#^kus%04?OZ&Myk=OC3}4qB6gQ$PLa@(tn1rS>f9V zmn+A0*pT(IU{$24d>o@D1kk!)PT+t@HwQV1()#I-Q{J)(!{sMR9$_L5>f^VV?Ltd4 z_*QBT1>EbHz&*RQqJ7A1R$4YyEI<&2cOsI>YMr!S1e+@1aGuH#tdGMTmr_R9e(_6O zSSt-?7wyxT%nkuHartEClSi^EA}9Tk=AE#wS;-QwSVp#&x}Qg6#65Ti0&sxV8SyYQ zxfaA2F8SAut5y!Jpl;Uzbj{PSgaGGD(UhHC$)LEPsy|#9g2YVa_f&xS+15-@rgk%N z$q?tk2J;l;-Fc{n7L?Lh+6`m-t+P(;DDL9YogwtvZ|7TG4^V@>Etsz3W!Z2TkVY)@ zu;zHGT<7`37Q}=n;NK*TGP}(am$=cMIk(c($!mapvDjkhsNH%?gkHj)g8`2%hG57{ zNyRqXb;|^?!F)3?B?Ma`W7{ngw^$C+0}^(^+2&P0nfR7{JuC<M1}!Cq1er#EqrEI? z#bex*&$iN)5_si{d@%HdKgQ5D!J%}5nu8RYLEv~I)pc+hQsY9@D-{SMRo<)z+&;Fa z(4IoQJZcPc)vkg0o-9k1Zj>2=Gg!GM=ECJE-!_Mr>CAJLy0;U@4GZB76GRV`#0V#I z4XQ|?x+C}wl||yxjJX!~hKEpe#%$Mwx0-o0XFIE}=+D0i!zCB(==iQhRLK4A>C&gu zG5~F2|5!spPiy6%_KCWl%{Z<tzI-8XU9Efo1tAsNSR3PpMMx!uH(+!&FqC?(XBD+R zrIq%NMR>e@@gM6u%aQc;e3=UYd5S1=S$(^-q%PFho?Xhu1Up3<EmRX21b3+U2i_Dq z)QBK^+qAd1w@+%UD)O{TJx11IXqnQ-h+>_^<8s#H+Hrc<q%1HnaP<>i|D$lAQx22I zhwg;@&17Ht@~}9-<(u&zhtYCt;A+$7Hub1zxxZKNvHh3WAPMBanX`eX!`7((8VEl^ z@Xsh1-2QaTfrr{YG=I-0D~BR7eu-L+Zhhl!aVG`FmfijDpu1zBB6N8}|93#(>x>Q1 z4ywc0>@z5%Qno9eJGeum)8otBPd|%;n^nJ{(rix`lHD9mk!MKcywSgSj<*iY4;u{K zbR^0KvW~iH>kRz<R{fy*&&G}Zps=3Oyyf{Hc#?M=J@NJt#j<eeAHQ`FwUryCtG^f9 z=67)A9WSGHZC>dmN7cFi+JETR0_X>%`(LfVs0I6uP&@@M0PQO`Ablyj-(5}r11e&t zYkU3ML?Fvj=j<UPFaGViAsG)f0<DLOpGhn2es~0N&n7l04i%!dWBZAhQSi9M>bLxz zYBx&e_!{BCn)0-YEtj4c5~6x{IE@VYj2rS})yJ<#)I~<w{oA_VvY<reSlj0vhFft^ zv`7A1-M%YrKkkylKTwurm6Pw@Ieo}NfL71G@7T1e*q`z0&(X-;Zd;IIQ=+_;smJ+y zqxq(lxC1!6@b2TaKl(o>25ARO-Fd=r{D%&tZ=5hj;0W0b<)C>GR&l!LlKP)d9fe!| z{APm<12t-!{dRg*nJQoWVU*=IBC~D^aDhp0(65z~DZ-o^szVEu^A&zFNkzjKowOcl znGM!Aw#n1An{uA|pYBf)kKnh!0rMDsdAHN58>Ru<6x&1B;4IxftdHF&4mfv`Fh<u? zN>)sG=WC^_$hX@5##Rx^gGt#mD8`&DbA)mZ4^W^0ludOqpoAsV;6n_kuo4e`kW|os zmdqEA-4I^&U$U20bC;$_G}J!%JJy<X?q;2IlEuFJCdD_Z7@qd;gX+%k1W&GG%57SV z4<UGv^+}Pb*o1s*@P>{nsC@n5&4_Z}fyoE^_T#CETvHE(Cav->ACt!XTw(}Z%7%*X zZ<-)&v-FQZ5DS#Fj2n~;SR&oyKdYiatXr+qgBwbS=gn_gsd^oRmaIUSzyr=&wvwA> z&EG73(6W3i`{;(I0!(SVQ_CTmwU(t@6n>%t-skKa;62{Q0y<s#uCr>ho;itC2SHn~ z{@GEHlDuj18ujIMGjQSN@2do71bPS~`Z&$Uvtl5}k|6)y$4C>CdBtjbN5&vsOVnj} zCy5|nliC=}>!gEps_y8D;92m;DjBxVE#PFAm^{+ayK~5<#RCP5hRy>I30=f!@5L#f zY?}&re(LcE0(Y7BX<lsVR3USz#SxBXTjsVFk)VCa*1_e2mK=(G1`4KM+j7`qjS7~D zS+@rksI`g<no`Es9L#}~Tw+Yiqs9qu`4Rb2#E#wWIR)<&p_9JEND0N-H^Rvy<fc6m zpjDs<($i2j!EKje*+XEjfFgVr6>`Dq>Se}CEUD9m8@zb721(2OB|YWheV`-<ll_PJ zUmY!0S35mgAl<yh3jG8gwhFsMk>3I-G-u;-?EVvPltxbx6dPuJ3}8ZmP_wGnAOs6- zzm8GHuk!k08OfF5GP>ZrbQ!#>UsPv(0mgr8B);0U)pC&S297C!bTA~|)fVAQt6>JG zGsH?{a<r?N*~32O?`Kk2zElhBdXNnjGUKYPv4B{<(B-fgI>O9Y!WQE@#^{=K_rO#v z6b<rq6~aZ{_<dv5=Xt!Y#>$L-CGmK})FM}|gC`rD-m%0rMt~+5;t7hYE}z1X$72HF zf{_|r$g^;xoO(`aaf{h5?9<YVB~wyyZY1z|ov49SQtOpc#9y8(LXNlg0c08aefJU= z1GLrPwsNSxfu{=8A!G_LgD3~sOcRY^iCsk4&;qM3$Cliahin6W!~&%8L2xMg6fI!~ zSpl61fm@nJOn#N)!Iy>RV+mQOfe~}`TI0INla4EAcFRQB2Iq1X#2Gqp##P=>8DJTn zzYEgcr$#1#mk}R@Z~T3pqM|x<{&lhvh))Y(t$xX|Wkid%Zskr^`il+u5vTLX$}9i; z_J{7+j~hI;9p|aJ4ryILQLRHmvm9rmz}NM35=X1u+-Jzg8c9&Zdsc4O$Z!1E#hvhm z!gRt08h@Xg-pGJ2j^)V@BlYO;Nt$+N-q+Dj-;HTzNmDb?<oZUm7C1WpxY{LKIx4ml zOul(uLpWh?F+NuzOD7zJOC@Uh-i=fGX(r72%YTHpYE_8OgU(oYG_h9cf*7Pzidyq( zU-=xv=TWX?#RRuK&AO*B_u(r@%<I@)>H5`rjhVsBEpuqcRUJH5uX~|i(&sUv8HKMd z`0(wiUL;nbsYx?*C@qS5JTdRDT;D_Yu9}*TIbsx^y<+EnzwYs=;*?SU`yj0L;q*-k z@C$O5znqV{s|MVEoSs5mJ`H**tkYt2{k_<q<Yk@Y_TI&TgMHtsgl$?Ei&kPozPfaM zam_luvsMTHn{UHUs?$*=mz_L%X|O$tAHIxQs%uPZ-fuJQF1S_`lfg;%!!JhoXhbiM zWs18W|5^O(Q3T$>01cT>6C%Q_-p&7D5LPNL<cviImc4x3qbmIY>6LMmOaZ#H{h9}! z6nKq9egPe<8{?dzQflhIU%-EBIvGlM+<pr}-J87I7MXQ_@72kf*rlqQoquRrdYCeg zYK49AXESLlR89!A_Q9jJwOp5gZMy88dhl@FKI$f{jE6<z-5(P>-vc?H(cpuyClRE6 z4giy1l_fuTL#O`REQgI7V+QAKdz`o;Sfv63&i_FV{u^6qJkoIt2%C%J$MymOV>CeK zX@RwCrn3g?1s5J=#4z)yGUHNqfn}X4tP2|oU##dj+2US1M%R9-RnV}sKEY@}D;DiT zotBMI#__AQ_=|kwUK<`wz7P7d5iS0K6CI*?fYv#n!tGVt;l5*Q0n*h{txERjapTQf z_IOlY5&7sTTG09dO~UzV8}``=d&#v25$R(#!b-VYjHeQpOrsq~+C?om^gb*-uRn;* zY$qLX+RLs(gC21*OtoV;^LRw`&Mg|wr8L;ifqobx>KbZDh#oGIgkfQO!fho31<J{S zhv+%CVPEW#O<HG(J64cSrMM2qH=OElnCEI$beH2T4WA1Uei^7hh2=Hs(M>zT!ew$0 zM8e^m?LE8$FZgFc-~qBAL3SD>IiWy3nq)Cbt=+a-y2yOhb9a>WA64J8W2NH7gvjhU zP(g6!NoHt&xK~Cl+07cn%!b6O?@LGKtNdkX&e@=q)%SXiaMfaGfoHE||CdJoNsl4m zG8~n>fHSUW)_-8(zsVem&Uv)i(P~$*_dbywY&X$eR=UqHamwT4*$COtc?_MQAi@*M z*?!L!??WCUYc1(UBi|$p;6ko3rLW}ERoa?yx|$Qv*W70`a@0Whcu!^|koJ|b&3kU- zejz`c>!G8MmDaaKni#U!SDyJ8yJ&s4^LM>6OLWp>heX^)BJ@!gfep}5&f}@NsSF(~ z!|KpE1!LIvjQlI1_=&0Z73>+=P`^fS`rd6A?IDPz#O8#{=G>ucRXfy&h*^N7v@b)X zqbZrI*vFt5FeMh7DrH-K2V^9OnBwgugE2aKz*d?h(sigGYzAn^1vYCIiD6Wn<1+=f z>D)8Zz9XpOegyV%jqVjEk!n{!qAIGWV;G!k)p!(3pXm(JC($k$XL*c2<0KBPPUywL z%!Om@cky%Hdl{sUTsefke1=31coXKFWh{DU$yh#4wCzcd$&Rxn`98uUhlNXb?gCs1 z-4YbK%O4o#rG)+9Emp|P<uq>r8~zyIo&x0>$kfpmTH%3?ZiKwf2s5{pV>#i5NIw3Q z4ILk>FE$!182TlSEo*9laNFHH(dbm{E#q;3rWL{a=y;MHbC|A_EM_X6)hfFML=fOW zutb?l&+rr%fNjrl+u_0oJnQtH(u#8}kRjkjscMf9D9K8{6pMrQSfr8(Ti2iG*4P~E zjZ)rWmg(;MPRbeKj}ufBYGXhwbu!})gLT%%kQ0R<6S6KX0qTA-Sl?6@og$YS%bYLm zMfI;;kAUyqF%;4d=$4c3QaOII)5dLnh(-bP(qh*KZsj)1yrkt(F{hL`J|KeBf@80H zECPC$)Ac0b*>~buS8dDf-{r9FZFc&?r4Vn#8O_$T!Lh89t;f<Q(|8BGtdGVx_M%hc zw4{j4uEwz&^t3W<Sj^{{9E`>24?r0@*R(t*rJU^=a3Lt7;Dy1`8Qc4a?t}61otsS- zy3uTxb|blG^-4D?G<#D*B?;G)`U#-Mqm%$8D@NslR2aah%#}i2_bt61bxgH*)&5e9 zZ_zx4g(<epuKHh7L424ZcBw0k-6aX!IK~E&t!EYSm>Lt~4y&6VBpoZeWY|0U$J`9w zpX_hiyNY&eTsM&~9dnWH>!xhE`$0Q%iwR$KT_gjK6uoWt?Ws62;#0J4^6<~hp>3%* z)RM-&nJ-nyO~2=Rr&?_uJn+2rdG_I7O4rd%?BYGQ!EkD&QufqOo0m5oIF#z*6s=p6 zr=5YE@coZnWkh+CV*+?O^`0@#O4Xu0(M5FBOYQS)5CwKS1ks3UYWq<WnCk<b7yUeV zW%|zXi`V4dy%@v2<Pje~boATpJ4&8s5H_lM51Z7`haRf`ee->~gq=JjxdJ8<a?v{u zCbpQ)I+3~znP8wiA1*7_Zt_;cgYnKEMvTAAwr!G?%r{;521_{Ki~$IXM*J3>@ow-- zR{*?e=`9?p2<QcdFBrejx8eDZ7)V~3%z4Y3j5K>BR_<yGpq-J@i;K<-QDuuKNZu<O zG-n9xzI72bhL-JB8X777cEVx00XfH#;YXN^z`uSVU*yzg?`ILM2lo&&=lrJIJ86@} z=x$xFzi6oI4fu&e_SOMO5IJ5p^*9OV-fC<?k20|aRE#4X&kjy8+;0(9Bkqr38w}I8 zC4CPc^bLselhbeum)Z8&8ujB6h|UruFX=%3`JJ!OFji_-&how<btjvU=o%2MgEYx6 zbKHpdbMyiB$Y%KyJ~Uoiaz=FJO>j}(Za%^YccuxW*)d2OcxaFH%83Y!_5=@_CQ6c* zOz}QV+AA#G8$IWBtG*c#kl7C>Yy&eBn#1anz`H@P-suxw+Yx%!#m|y6oL^!eUzw7? zKZ%4J)!6T~mW!f!;_i%S=QF%1$|XAtB|qN>>3m#>J|q*(_G=uKHpM)p$e77UUf#r( zC;*=Rr=DBFNU<{Z$IE<Rvf7w{>2q=(X-z-(t+C>;@6RNISBovjihcU7CY-a<K?kRA z6$H1j3*1YaX)mHSmCJ%FZxGVB6UVccxL0D7VwloQWg>H*75Lnojr)?S@V_W33INZO z_sYKen3nX`mi^Aks$7>9r4(ucNaD7`#q96qgtqz$MsAv>tLr~`;|avu%Jw;!j9Kbs zr&3HjbKEh&MGJ9S(nK*)XN6<U^nwXMf3aO$!Qxr%;_2*C3kagJ^O%0%iWjB54~to? z@@ykIy%?h#g0=etqKkxah1Em<BLRwDpOinpSP^_=Nw8)G**myuGy<}&0=6PStrDIt zf2+lfZ_lBs4#ja@IHQtspCy%1MzPNp2(#*RJ3IoIih>uhBO+^A$>RmK3L?_xw!1wL z^-a0Tprdo@2XCnDNqOH%Q_5RQBgzJsuyTx*q|g``eyN0m@F9}|Q%1Fg<X}W(PHANo z49-yxR~x%!l#03f;*OALKEcKy!?|uA2piP*u-RBQuw{Hx5Z|K9Fqf$EG}p*o5q>r; z5d6PH6nU0y36_T7XRJ}1*!I=yro*BVWgM*t?a$$_iWhptv87Kb^IIS&IrgWdHnyVz z^yrktuqfkCo)bRk4Gf(>MOa4B(^x(SX&Q>Qevq<Yj9CV13isUK5z8X}uGLFJ0;{kh zS=iNy#81YhBL+Jh{{7!ceGbh1EjWQ4h`?{x&a^vQwT|f@mtgrh&pYYr^7ty%^g)mi zsnw>E)lj*GduMD@&mBSRd@)4|ZtG1h#gue(;?|U>JnPdt+Q2}S0!POFjP~wym~kA^ zFY7EAdG0VONqFG23M0rXM<Jx6@0*_Np*5bJNuOXj3GJVJ^_J`Z{JqlA)@8;^J2suv z{v83z1o<HU)}#rFQI}bq^RF65C6?dP)L{cNAkUEBVVK9tr_=mH>>*4%2b2hzv)_me znVpmGJ|Dkf(e|GWG?{St$m(~8f*-|8>k+}^<b1!5B&85FE}}ZUSJCY{b~2)5(%XIJ z%TzzRMt`6y&*#POcJAic3yKMXXCKElUN%^9_NX-mdoCGru&b;aG5Ab7-G~!^4O$$- ze#Ri|&sC?LdJ2ceC!^gz-haF0HSF^k*EGQ4$cX*~JIm|RaSKO9ht}wYc4hI6;7s?o z9czBFd*(e?oW`ZykH69_JW_9j8ocYx*|XtF{O924(}%KJ1K~2YM}o)IDpE!fP^ybf z4eqJq&hPJ9x*G4!(H`e5W{1}Xj?1pFqS4A3Q!Phwy_*YUeg^*f;IR|?#UBtdLkNK# zxvuS6|6@%b4wg)RAz$jK`uI?Yy(?j>WCVv~qO$YFITx98Y{-Z9#+-yCOnA-q&}D2! z*ilYQNkZs+_}V-M`r4vnWF)4i2IiR9Ur(0QDtB&yWhhC^(}~J&q6sbio^27dH*9$l zvR=WPIaX*CXY6O!t%{Upq1jP>w(LmHZ<r(7fV9u$Z)mtkoI<$-QZ99PTA;!!^9sd} zpzuCQ^<D>s_tQ%}Ie)2L$5Mrw{a8Ayo=a8Yqq-Z1E9Nt0>NeY%@nr`-=MoFwsFq(+ z6YZue{E)-(QC;@uTFgiHdT)B>XG=+<`@=fTiPf>hSLjoJ)Ooyqgk@^o&{0FZK5$rT z(Rg5~inzUxQ^gGRv(UNRu*39CnwHcYqNp&Mt456lZx_f9Ssxe>2bAxwyv=#EbAg@R z+YKLdHj%fx97{n0cBlV~ksSm#{o&H;Xht6LV#QXFF#-xPmXG<D20r%%A2`mj`{6Rb z#N4;kc1<~0lm!Ml^Fp+bNQ>_G_uUJ5A5kauR)6W>iQskm9bFNbpYRyfoW{yXSt_KT zn;cH<7hnFPj&jC;Dr5F^k#Dj<z4US%_3sJx4WSusxI}MxnD?m*HKGEf1;SAB$ylF0 zjBqHJ6}2XY`3F&-1o;PX77j3>N?q?_!Q1V9xA$cUt6;Lgc4D0*!i>fXdO`DA`}ZR( zJlnb%+(2agWTg4?NyFuu$^Mh&S_RPebRiGdR%3P_8E!DHSp^L|m4L#HS_>pm8A=>0 ztB(`38J1ngD0xrMl9XH#8W9$0>QGW@#QsQWNwXX6a*f&6Yv)isdnt4ULH~BbmV<4{ ztZ=j>%H4$$1`2XhjI`4X($gjW9Ju)jr0e61t7(orM~4DvYZuWuevOh*iaF{uMaarK z_6X)t1ye28`6UifQOY4<$fcMDn+Y#gP9j%!0LTRdqsg&zohI-OE&`(&K1)*5S{wpQ z6_`xXG5t@?yOp%+UriG>u}bU3u^FFwc*kj<oYu%E1B02`HQwByWJz?olp=34e52K# z2{Ofe@eY7|w?<`FA$%|uT8lbpwSVGx8dV|Vf+|%QK}l7lk<>}6c`-y8U0mWiv)ZuT zZh-yT;%45&mfsx(dMe-~0*J#wpsRU&QS9zQ^sRB%t)Mdwwu|;V*fN|~XFW8~RH<uj z%?_2eDC0Y?ED5;r)%SUb0H3E?V7Rj~mWR|#tHG$XVUb(lU@OuV?cq7WaMXTN031>< z!U!-pq<_e%Zx|~`SzNA!G0eT#$Df9<WnRuPEU(+}D@?~T_51(5GOawv`Go}g*3Kw% zcCk*pJzXyFNIo<a*2jaF7Oiz}xp7^JnMr+QTZwll_-)7O#!ctY6ar!GsL-{rp8TSH z$=SRY!j4MW=f?}glX6aD<~GyQ-g_)JlGzYPl;7gk*=C==D0n+MUR613B>UJH_ER&l zeKNWGC@|_a3f?M>bKW-@G2sAS`YC4+24-Se4h1h`ISW6<kzAJ?yWf0lr0S5wGM{s* zgu_|HDp8Vv<gLv+8DJ+HJ1-b3f(9w1x}?WcTH3%2+pkHMGb?0MY@r6=p81wIP5cuT z`um1bVfa&)_hyZ#)MrxWn`e)TP5GVrl!)^FKZ%1G54_(8HP)|ql&e)wpFft_aw;>* zWt$iECc$>5{r{j-*A&0LJlg4LkgRyZ(4JXU?KYm109GPRc$uA!0r8vJiP`Q0>l5ms zCww~}Ql}+(+aN^nzY%!#Ww(v*pJICz4{c_AXumwGc(1Qyzcc16FXGjgUs18T{TC+J zCYIlyW2XAQ9Jky4xicycoy>01x|L#R{}Ni<@sFTt#h)@pZ!&h}3Dokh-X-@rsS26e zf~w6!a~?-nY?%?^!EYc~&{471Eyh@7`eS*so5E!HzHi2`Pgi)dwVfC~uACDBl$JQX zi$4Py=J{^s-jI2lV<%IrC9TL@;W~BFKASs!@x1Pe3q^**E(J-RoUcc9^%RD~4YS~Y z={2XOZ^OMYY3?CL2dP7cP6YS?`s6i(99lcj{+%#G%DH)385QOdy<yTh0z^4P2cvXm zbvc}!UAaX#)Gb?0m?eg)4p)D@I_3N|duQ$Tq>mG1HC2}Hrxue|yKY(g6%kI?;gN%I zi*a8wP3el!4n4l6@nGY$H|>J)RvpMsT+OJSuUitB&35ol7N)*$YR1-`?75x2<;X$( zM>6`*I6MC^BYx0=){aPa(V*LsJM5L;loH1-esWjk!rzMU{)(>WB}Z4mYpDQXm<GWU z)*#zQLQoFV0qhA>$=@WvizX;mUW_G0Ghox~AZw<i){->a!!c`3-&DV|>R*2tc?6Z2 z4H3=Rhpe`3XD6YQ679)SN%B7YMD_nc)<jzccGl`)Z2w$~g-ad{>N%a!cN;)y=e*%q zrPOHRk>TPNqv9N?@P9LU#p>w!2=5u*=JXepaG^}4CQeXTiuqC}tkC_4|5<@RFjVJ0 zU`4&CED!WJ&-1yJg1#oEKZ6~NjxIHB!+vh|`DW|SM4J0Gg;ntzM`Z3g00{p`->p&; zIs2umD3Y0~4{2Yj9L`9-FcP#7qtwvkm1MR>bPmnj1vY8ZUL_x$;qAmuTtv|+{4?(L zj6#R{9(@#4UdB^GA?wrYNCPeANNNs_7fW90q-i$ARhX+ySVxPCj`*L|0b`**Dnimp zhuSB6a9Da!2nC)m!akUC!wna~03Qxn4-?rdb;IGYRLBG5!Q%KxAO;0w;+hXKKrG@> zj{kOA;-4>av_bp9<!P^S7P+|rC#PDJHdzl*kBqT>o83e$u#;YKYJwHyBMtNERcb<B zvP9<m7%O@d?)`aw!Q+?_14`;}s4rRqRAbQ8Z^s%c6&bgoO6Ew}D@xP`?tyE-T-rrE zFyS-M72q8_)5f#5%SCN-sL%Mo14#p-GWM*nG7S8e!c@$QYw?2RIU=x^4YOY{{%78z z{i+4Rd+g8%;xN29RQfPoy@DOMQZYpJL_s?j1)=A~b|<UuCB%{-ar4AC{DeR9GM4Ea zBPXMolX&O0>4or0Io(`hAUk5=6Y4v9sY+F8yvEdH+SM3fG9XUe_=FEwiTG`5eg98o zPM@cnhY1*w>3?9vxOGO!lm29M8;_4UG~D%4fr9)jE*^b&VdU{W-rq(dy2tDxGrSFN zD6U0U;qDUu96F!WFK3<h2y(O!q989D0p#FpF3(NW>7?CRv~x2ZCtx;?;PG+?jy1cF z!DpAiLFe-frqVb0S}MY2slpUm!YU=Dl{^T5b>S)_+k7zAVS)*QvO(BjNm*c;?a2;% zzhq_{cN22(vcpFJ{LgX7D(;vCeUOO>f_(CbeYfqownpA3*3_)er&T{VVKrIuc>J-e zU5sFw{OBb;X<Z<5kerjq>(3}Px$AR8Ny*>zUT;T>&faFJM~vuTg|zVJcB2V$N#csk z>+Q2%bxuN%lvc9d_9ppE`S-7XAIbPBokBejqA!>ntScDV>nwBU6F-vn1^QKO+f$GX zz-1ACJ<d*67Sp@m{Ibs$s;(&}iq|{6w*KsS){THDP%Ou9cX8dfTJUJ)7|^JBY3s=8 z5Qj&>Y^1Uw9bH$g6r>ovR2kVm#<~DGK0#Bqx0pS*r)DTZ$EB?{YA9Y-VkHY~QqW<| zx<TNJqZ3zw218lh(-H!9hm{_tQn#qZxYd?=#qYC~?#b@0gjXyty0T$;Sh*}iMH$)L zSP8V6Bt@qQionl?tMCS$0~%MJd`n{+Ff|^}@Ysrbi6m*X_EmdXDkf5B^o9LCa&Dmp z!=-i11+PcIg{&@5vO5D%5(N^|WIywF1TGP=Lo0^1f7?eCOqXR;W6r5-k<lZ0=(QQ< zDVdMPI=hHSd3V@<35Sa^-T<+U0JT7V^rFRm?BOEs<V`ODc#aO!&OF@rv6J>mBf9d% zHZ`QJ#39&LA~s>Y6#@<>_|p_cZ#(5Q6zjGW0Qnky9UWuqE%DV}Opq;02aKhgqV7(3 z{53v7mhTGivjLr}q`dre;wHePXLxIV?5KceDy@#78iq5S2$0C+0iO1giw3`Ok2Ye6 z49VsbN1~L0g+k6I(^#k;mX-GLSRbMHF+H~L2uVIK&yE2Voa^8XWH7F1$;oQf!@^Hy zqJ!@o!c`&kvLIFJHL7`rkDoG@Zi6i`^IWR3KvC76cY^a9xoOTRPw}M2b9IO|#vJl< zv&|<(0`48M)zv)9ma;9H1Ox@~Dl<3qu6tC5uJC~oW53<D{c>2XSfVK3qdAHO?X;;F zWmB1R6l2vfy80GJ1BPNwJ;+$@)1mAXIaW&(K{8~7DW#Z3{3-O0j4@VI#E3}qf+=q$ z`3qI|SC3<^P<6WGIU4#k2h|W(#v_0=fGDjGV+XSu*lCfpz)c4)M@qR1?8^p}%N4RY z7ch-D!Mn?N%%nB49$LCx=dKg&Jr3a3y%joI_1{aSPrGH2ckW==w=$i(2rUNzY7rmq zw#45K^h=;F4+ad(jR=cqXPLkS-{UtFOJgbH4AsjQH!WA;S`P3_X`-?K7wG9&L5(5p zQ?mdHlA*$;#WzaC<>1XFAhJ|>Xo=ZoYNzwuPYJB1=XQ*H4?j>n$F<$wPcG#D>3S2e zq|!HT_yF#?WMQe{?kHHPC@Q$3h6}kMXf=*g?ut_;VlGsMnpT8}X=O-=$|99bHCi_1 zq!pT#OK7%O=BVkInVH&N|L<x3@B4n=`+nbdU0#<5ILq^#^PK0L`@VlmkJ2e42(?J` zrXU`vF*dg#qJ+N(a#&a()OkchOLpl!vMXCAwD1<JtQnBf?-qbb`A6KudJu1i(p43S znBg-@f@c!4Y#jhldeMHd5g=9*^;0HrO5@o;Y<*BLPPg`0JLdX#+@u-C0$S)puYw0* zJh?RbT}DV!R=URVnmx$TmfJSwuAGBYlBDoNtZ)$Caw8u#b;7kfHk9By#OCgqAs#hT zaOp*hfPLU?j)u7d$q#Ci@sAXEkQXm~V^{F>*42?o#dBADkLP+N``?^?rZPE&S`~7w zGO%Qx({e%w+Ay~i`<I4~GaCQOa{yS*if^8Gh>4~9R3I~L>cyIGHSGm~mY=^lSU+O| zO;qU`*!Kh<b*r8F48dVQFyC;i9;g%8k7l^q<G(q$Oz`ySSEupb1BiQHzDGa*WG-qM z6pr(dSp@M0wP~MlO{taoweQt6z5t1YWX=TPX9W@aF)utmQsAhGqE8R*%tk!z9U7xu zhJ5~MGb|EeMncC@MR4w0OtTB3Q>?ku3>(pbN<Gs)jE^ClDQ9H8j!CjU3KPFM+Z%mi zHZyX$iPU`m(DVk^`7Ji82$!#>iLNhiRGm@ykxO?!yX<{gZ>f1m)o7M+KX=XS1C7G! z+ljYqFI~9lG4Aj>*VS*-w$Sa&#Rd^%LFOlUM|1na@dnqKTN+!+HJ@voV~FT^EFDL+ z!fl#GpJ*5R?W$4C@KG43SX&gU;}9acEKIfAz8Ttlb!+pwM@DOcTtnnO>JXvU2ZNmt z_qv4Hn+A&L0H=-deQ5qQ3nP8<5ze-q5KAU$0m4P9n(ZJ=!*c+Zk?%iR-f4hjuW@9I zjMlYannt&DBbrHz78#K6&mvWW>#_WqfbPnBRCNj?9J=93D>hxBj-rL`q`^jF3hZ$v z#D6fQo09}l#$6cLy1Ta*0_Kxw2}Iev_Q+eY=0Tqs9j9iGzW&x9j*Q+$+i#w{53hf^ znRYvw1O2vH1XJSH_=Ni;bOI~NSfVQ(_qVqE6FWL}Vs}J!NB&Wbx_8Z67dPt;<}t|~ zKQBg`(yQz_hmiFV`7-!Lf@DOLk+6oIt1iv5)UKmNJ}HKb@J}`IvJ+8tu@I?ZSY$}- znWK20^Nil*<t$#I=khzmDVGt(&+wI(GKijeG6c8$naVwUU8ozH;#s6z3wM^ANIUx+ zwxcI5h&4*ZiW%y8ufbFPCP;RvzgnWCiylzy8lH$?gdkcSCcFpDi46^|jEIhiIo@~! z-Rog)+ouZz$>=ubC%}Yt0omUgt~s5(DjPF>e3Ax3qzP5?OUMC(3?l;;R2gbrE)kAV zi;Dd1r4X8&Pb13_1o>G6Eej$jG$64qk1hqy<Z10D<H9yXGxpB`_-dtH<jbJ3aGOfb zN-d&2PRurNGc3eNd9D#1<ZW&Nk-eP6o<6-W$hW$~f4Jlm?Gh-Is)@>u-@IL7tW+DL zLjH2YN}^tzK%c3^Lk7s#%n%rCwj^@ed?*K*21Jw*$LN!c(C#>DRTl<2)zS2UI;hWh z$~OIFYErezfJK*~096pYaml7Za`oCw)Rns#{8bM79rnN*j=mXUF9xn0^BTMu%17&o zupw&pJ_=3TSDHKUKf@m7u)ff;3aiJ^#^=I4kj;afO?{peOFa&CXqU;jKnwWm@*c)j ziCQ;snX~gD(0W0VaWhrZxM{JZJ2ps-DIk)64F+nfv5mTUjN#Lw0=EFWsDARP0wW!B z&n3l4c`Ok#UjF=*2S`UL?Oec-4vH92=l2fX18-BC5-P~Q2|vg$EXi{4N(h(C9IiVS zL~>~Ixhm~I0;DTDSye?gh@+_gyj5^8*|gQ_%o~z3^2&K2X>h;?y`7}t0^l2Z_E~a! z+*}QEpbaQURq4nX3Ycaq@%BWsr*&{_d_)26<#+=DCpN9+)^K^@u0Uj1>4937U?pE@ zkE9-Is=4)}Mfz$b0~{|^+Nj`(Mp1<gSEYkkxC0ntIGztiJUM|I&&Gx!G@Ic-HN3Ga zIQIA*W#FHJbvAp<7NfXnB_E?~zCK(-B*;SXYVLcfCjdi&G0MLJm{|Bbd!xd-3L1*G zJsP8JHovtD-s6W>(RB-K_W%!~NY$xp$bJt{v2PAZJ~(}Y>|yY>>FDPrNk7O;7Z7mI zJD5sWpm;&_{XW#GzY!#CB=)$0|3Kf*1RVGl4PCnsi940ZEFpF=RVSyslP8ARdbe3R zE};ObnR|>yyU8dC(R%x&$L};cOi*iHeRaNwc;|wTo(V!MKi2I<a=v9F!UMOJny#88 zaZ~KP`Ss5_mo~U$-v<c175FN#Mh!=6ko;I1%znGazd5|>Iy(UK|2*Ku-*`q}%i{Rv zm*{_PNFCFiu1MFcWC$2GMNuVHy<YEnq4g^@JXQAXxINOI*J#+wL;gzFyx#E6emkKv z8urAeSASAhC&5;vj>q7j%yGWpzzMIRBBTyf8dDJ!fhn7%u3a$@P3rN^6>G+;PXXcV zroNxAdQ;gy^tKv0@Kuj+&(`4H(zU@2#kwT|_@nJhMQoHHC`;3hzv^rI8FxGJmtfqY zT`+*HGi*7jTal&PIBCajFNSHh+~dNC2TlsqEcf7E>n?y|>@z`j5cAm3)V`di532{L zCRTB@5`);1je-I-?tt|cOMOgHIWCz;?+gV{)q~4T7jBP5e<9);6NRFdH)`u){cZ^q zCnT70Gi<Ev*!EULiAzz;hhyop!4%EomqL&a`J$G$jjC#~SYw(oA^26)_)cMjor`$N z96sK0Gyz%cSL=oabrQDeSrPqX$0SX+2we5v>1HS*4i<GPW7QJ^kglC*_JS7eQG*_9 z2urdapjEmx7sHw4J~4Bl-*xefCK^7KY?<H$qBOtYGCwtKkvnRGO1%6s25?F8<i7`o zXoy;X!Q?bS4x}6O#&jP{?Q27-m|=iG_?2cJ!5Tyf_qZV@7ettC+BGFF+_nb+7nMt$ z`Ewy>uQi>4<2w_XH1&~Q9}p4~dO8}$FPts*qy(F2RPoi(nz-}uF4&TStdEV7$JSnH zw<=#hLyXM>Dl`;?)*R;;Zk)eos!pf_<I#B4UZ&hOc;li58Xo@r;kp~`o00(%eh?N` z;{(Jc+}4#5ly0y-JqUlJ_m2FH7XXkSZ4bFv>_vmS#c_wO7jb?qV(Dnlg{UEb=&z+| zd8Dss$)dd*K-WLmG~r%;X`2sOn}u9P;Mhc9bKL7!K_>16Wh8PY+H#5uG*%u(X6fBF zApeGyZ1C%mRS^w<>)E;eN)O-V?ZJe4OWU+gC00~AnIkWVUpfO@IT<b5mJwdNwUuDJ zNFH<BN*|X%-!R$}QlCg;YxcTfQHfcGb;KJ7Vz{Mw!CdHQbt=FR>La+S9H2XQLk9!p zD%IIzw8)6+UJ0NietR<2z~qh#3!^Bj+a}r}FOzP9bl==WE26ZYl|V4IUlwmlB239g zj-!S)V85Y%HrB81*b?VvM;NP+nrtLeK}zbDWz6BLMr)&#hC=hNRCw;!nS%@=?UI&s zj7v2!kIcl}eYPxF&&h6jjXBH!ZWw!q4l=^c4oKI+Johx>Wc&%Uj}m8Z4ovB4tCMA; zsxiDb*t#`7^v*Yjf{-Q{VQEPm_`nDAT7yup)vXdt3N)N1LPE^iBqno0D&DUYtIZW< zM0XjG4~ZuS`NF08B8Mxz%FRR3R{p-n?Ouc0>=@m3F5Fh7JH_vz%}3vd#hwd6zO3RT zuBB^owE8pYBb~@oCStWGN;@nybG%_AkFKY?u_Wj%$;N285tR+RLWK)qDPw@%BvQ9} z&K(SJz)y=DP>Zu$PHXqf#nhG*MO*!?O~7^01iya&4>UpcP3eU^y<xpZCW)Rp7~O#v z-$}R|y|YVA{oBLQsBwPxZr@w8q1SjaLG<)7bcZIudgn<|RUO^Kypp0%g1{3#3_#SK z0#QHqI|+}roEGq{mOx#}KVPmsAsqT^$M5gtz}52e5c>$xUhX^ecXvkBE=PPrM=*F+ z8dgML{=Sy9C{M2Bf#<t<;R1jpO3{4<jcNk55FK7I|FS2|c%mq@1psw#eWA5Gth%j_ z-s%G+7og)jKtpJsIVc2x(e8V~LC6*XbS464hl`&9(`Xt9TtSq^QWayMYh^6zVmL~0 zAOmvWJ5&V0YmD{fI9!Q0MeSJ<5~cqz?j9!)W5a>!^37hkR|(FqsCr>!898ppUfVm3 zyxJc@hZ}TNJI6xd<+B`$*qm+}@eNbdv(w^c(Xp0#R<5kzssy{n2Df}z$I(hSb<#v} z89h5JxDSJ~ZJc>B5$6nHsw`7)69SaBO_1hTa&i+~ICZ)>ve^=O)h{;2WJ<8QHSBCl z{D4}RKK*X16ELU|Qm}t*5BG-DT^VNBs215#t=cSP8If>iq{oL5@e1=;^HjdfajGyJ zhcd0qM^WIFO3T^E&VFl23=sR!3c-m{lS4Jr$hkIPhO<&o_-qey+0sc>(+`k}*MOul zN|2DiNqw8&y9PFA>1Mt_xjNk*be}lkciIcKp`zE->rm|B<ahKj;O6M3H%kPp@wN*H zK^E2XgE-Iwo)K*_ffVh)E0Bp*#$DU#Q0Mm;LTvacGdj#T?!El*9XD%BId-I<1<?b^ zK@UPwCq^6T*=U#&;JHjGte67ZBvs?D-GW^BgQTbYy#mrsZgj*)e6O>47eDcM_7?sR z(`ie?AS9C$LyH(88ZzrLVl-{XC59!U7v%gHIA0gaLnb{vX{LB3Z$}`1!W+c$VI@l3 zfTe@>%x12BizpRSj#jRL>}BfCSN091EDj81Mx+~07y7(%d198~kr;_Y`+OGAwer<? z)eGIma@f27Kw+vepr#+;XBq}YU`angWGx%y!3ilY&6_&c&k8h`@3B$z`u+s8yfOi% z!AD3@4}DG21(M<=W~DxiQNck<gq{`8x45PoF6b3-uO!kB=hgPQ3EwyMjLZmNnu1(d zHcPb%xh%fW^z#wFQt(u=oQo>%8>+#}Z~I&%VkZp&@@dyh;2v3;CX!u?+9UfyEhb9z z`lCV;->DO}B1-%xX+v<#VSr%EOCCB`VzlO&c}q>tA@Xm)){5#3G~h%_YvxATj35{K z;eamwUj*sy=76rE!>T<-D|gp5<H2)R9nlJfL<BdJcm=5F65ddGuU6P^`emh^J@e!j z0GXgqkXeIFQ;8sZVvxgxh0yip<~E0S&ONQt1pLgJ$`?|HRjjE~EmhQ_Ql+I1tMIs% zpGRxtSD?)z5$tBIpi+$`fHvRfsTv4}f|sRcK27$Tf^0qs+RC4*w?_@VD~Wlwubp0x zeYJP0x{j5&QbSJ{@OI%uW(fW8Jz5q(x(9OyJQp@!0TMRqM+Pg0EB~q<0C34qc6_Co z>!`5Jq8xj8S$2dVQ7h*T=1aUkd{*UwIU(N9{&yT=agR7zCxG#Bz&dVlogCS9AfkGb zFg9LPzCzS8R=wES3%le=Rl~gnG1Ox8Aptil9d2i<8~qcrYV_QV`>j7;GBA-H47lq* z_h~?mXbyR{I4VAHTya>)e1VJBxy1)rSycgO?gd6=kSZT8Ty0<1C9bcJIMD2+X};{x zrS)EJ1f?NiT7k<z*}^3_HY;;NP#A$ZoDrmsxr2wZZ)el<y$2xKNt}vg-|nn|mpkeO z^@<?e8GUg5zRro;lx7!2bok3~#M%Ozq7d7s1@%OPn#viemHRf`-oDv6XN>adhiu?4 zNKKP2OuL4*i9Ce}(2_yp1>@DAphti9TwUD-sO+rKlp5nFX>9))vI;XpEZb1niYB&a zIJt^EX-5*#@m|@SgzOi2&2C9Pp$f=Eto8m%Gv2EHMXSR_Z}XuJcf{sORWZHB>zWF- zS#RjtkvU*~_g-P-&T;fIJQga|3iodLE!-6b3}jZ83|Ga|Dk&|Kb<JLdTXEZx%eDg{ z{pNsQ>SD9Yyc5~xo0F=D%Sx{VH%osG(O*Po32N`f>OY)-*J!QgKqiucLm6~_ZaqLO z&W8cDh^Wj&MpzQ@NZzunKsa$xwzfkV<go@ISNfGJxXFXLRgsT#-(k2U2q1Q_c)8`R z=uURSxV7Qp9r;{`e9aUaSeERXo(*=O4-L)&l)LdXhdN>0bS0U#IY}YbTr(T>=@eeJ zre|!>nJHMg>JRgW7OVq1X%KFpvnUbs*UvU4ikk}ozxNIwtxB{q$InvF5kZ2jl9R6q zWI`VQTF;`c#70b2JEj|VMwmQThF;hs8Do%cTTSkfXd+$Xhf=Q25_>$xrfS|HqW*ZB z0q+&Hqc0q}l04x}i}Z0=73xi^UK~Bs;SB?d6XSgN-sr=aIIXwz((H#=V<Y39OhD(- zZj9nmo?ncJv7}I1t;%Utv(yXtUTZsb@Aw5U$Coj=wD+qc@W@&PTYXuc2A*Afor8C_ zjpa7n+<<#LerhW9ENa>wca7(xc&u&m4a58NmF{JFSm=k-%^zcu8#fNuwk5KkWuaHT zD^W=B|Dcm9d6*^w4rc!Y^`km57cj=9Y<<dCTAa31MUu0f-0Yq)m5?(A0Ve)r>SSUS z&JvlGFZErD2M;~5Ml*ruTYXE36|jFYp5^?u`f1}ch9I3ON?$pCz_j#*iIUuH0}zK{ z@4wR7H$UMge<*V(Ej--t2s1SNFXJo7ZxVe{7&IG>$3aK?HBPEWWMR&@3%1yg%!X)Y z%7C}J2y?f+*Lmf|UUZ!3lR}3BcywEh9TuqdGu_C6Cn)MJP>JEU20eRFjGiaz$8oZH zjAiC)_-RNjS~s%vqDtsYKV}$`xXP27<TG<{*;;sx&Q`UVj5ls9p?TELM9s|;cjEWm z;v8AzImC=S<yU^k-6k4O<6c(|pDy}HE1m}Lz{GSyb}*T*Lxhl5l_A|LA(=u$&{ZQ> z6AisqtC?=b09nKx9LjB>el>fOg$Lm*qLNF~MA*_6Icj!yGoKdh{7lmpC*3HktrS(? z4DqdQ#6iu)4lW-xn{`9RqFvH74#KYkam^F`C>8VBpr?mX0IFcdpC+RJ<4P^<a!H3H zsa`Sctd{t+^Wjzm6tzurgL60z*p|XxrP~$*N$lduJR|F-?pQV%%UiZv<kaf^s3BTT zbAY`V4kd^WsmlX0&aLej0=&UyiXbL6KTB<7_Nluu2a&H<YQYjX$m4dB4tQ-RzP{M( z7(Ey+_~k7!6Itdf7^CGeJLP+jP=Ds}b?UPb*~}<mN!TW87Gty_rGI;?yXtn8f1D1~ z+`@54n&V)eZNXL3wtb;yzQK5)5|1BZbhe2F6`D=J?7EP}Ag)TXq{2!@tE(!={-Abb zwQUs<+2-4VnA<EM>8<GXD!)FMr=M<bU8JK0Mme_f5%S<z65z(>naqYgE36)fluvIi z>vdjR8SXR}(E&o_P7u~K&kR@pktzf-JHQr?ZGKkZ8}o|J_M+WRyDCn&p%QFfEjsSl zIV#L;s>ixq4a#6CD_Bh5HI0jhfeN;RXh>T2^l0wl@JVBFe6o+i{}WTFlKgDsAbat> zeXSux{l(1zq<|J%3ncVteKafpQ5F6ZDIg6$M$?~0ZcCnX?nidjRI(l14xZ=@eaR5G z!(HxoOtH&nX_9TIg$OUwTKMnBwtX0Hwzb%}Zb(OW2xeKD{&a0yZ-5Hy>99oo^egqC z!T3GOt+&#eolfkZ0TmsVY32%3_^#PVswNU<%mqQd0W0%AP_5JtSej_}%=*Xis^jzA ze!?1R9io8*FYQz@hij1$_!GpU(2*RF4BhTS$3$~!03U+xZpMk|r57Jb?Un)Uim}gh zi_PxXb8lc0msMbf3LMIO#y5y9kN8EvZ}?18)A16V3i!~}*)d6tp9JB+WmhE{VTNJH zbBEYWz|Z-;*%4?>2UL>ft-5O3ks}<}K1?1*&7K_a_%n4a6upY<Oq?aIHpy_WUX=lT z@)m5F2KQ)>61OVcS(nxclm#_T-%<(J+6x$+NPuQcYBEzGk1<qI)H3qy+E_=ce1z1; zlSMUxD5u0p9A1s&hc5Bx3BLXcK$SfXYF)2A2N1Q=pmhRzO^$5-4W0cVqhe1`+zHv_ zl8k>SWKv}p?gw$HO(S;zVM|Sz)AZQL2>nuFyY5h{R?<q2h14y7RzNL~sQGIvjPzNw zM{pTM&+G8v^O`t^65&wasmbUJEgU=B&Y*Sk<x`&qZ{<p`?U?R2gCRh{5X(!4ooS!Z z0Z!CUy2;cI4wSt#Ir#I%Fh_Ma9?4mAH;7CpX*=B3yhFnSBIuF{!P=?qo?iyG3i4nv zMFj63SxNT=UiHiESy*COsamSY#Z$+fSw&ouIQuw<yB|M<Ecu-l7N8%2nKLkvpV4ob z@=oO6;Tz%F6|>~68b?bHUt&^oCF=o~I$wfV3u}MX(S>iy9h(vwWI&bGG%fj*Ab*~y z`(7STAt1Z)<LtHU40~IFwk;Jrb`4$0G>wD6Hv8NyBy`G5k7V<i`iJhc+v@BH%#lMi zkr^=r?}4+CD|($F{d}_wQk;HzRHSe9c`v;r-c%L9x>iQO`O1;**wklxqw8+<(Y5BE z)*Qa0ut7aomKTBeP3MUj=4=%(Q?&=I@1^;G37jOE5r*22hX2}7Ta0lH`kScBN<ihv zFWfue8TCkm?XYvYLRE9u^`DHviG?$L*^#*0p%w@M^TPY4?&q?Lz$BpyQ)|9-t;fU& zW`26cAMoR~PH8K&Y;$B{82vWtK&hqaYEgLjSMTT~-|BBqzNVX)nBe~I0N(a#$k(a- z72V|YxDOyk*pHs;5Nmu+JSm>4trF3nvvd;8uHi}uGg0sK$cN0*VbTap4Sq^yn`C6t z=d-`bcpxI%GrEUML+U2eOvB|IVi*ypYD7K<c7tJ6VbDhG0_Om5PAm>cH#EWfzKF$O zMGc(z9V=cKODFK+%X-e{;SiqRSQPaAD;4z~S!=M5Lkzu2UL+qh1hWN<bvb?2;-C}? z=_u+)mdNd@3KBv~h|1KcfjyE93=Yfk)n3|P0G11t+9W-aM!sAaq6L1YgchP#Bj@J) z8CQyWT@(5+H$CHV@NjgXXm9l2(M~?V=jjoWoj}fRdJkm7a;6#=U5PzM9hQ)TcC2Xc zsy=$w?JvM>-FDgsbNv`W;l9B6wIvR=)yCqq^GzlVai!VD2fhl=o{iYmu1-uLjGy#k zi<AF~j|y|Gnh!1Bn_3Fgj3`!6>NM_eLqJDCUl&qM*kcsfByXuLYPfdl7?$F?W}di4 z_b{exAJ0J-wO4iNvL{7N#E@yG`VJ|}kLI1#wm|A~r@aN)3IICUv~P&*z=61qdR_?g z>ftOsFe{SSe{^}#Oero7(Bz<&Z}qmoNxtax%pGlVyh+@YWP9}+>^ji2LTn%^vBp0k zMEgUUAUDVXdB<2j2F%mTSc@~n9b~?4R9hMnawMr8qnnZtpbArjH%o{2F~aGjEqOlJ z&x153z>n^$if2&fv!4lSNIgr^6pCkzZiRX&j_>m-Y+;b2rIz^PUG3mP)Vbh`Zq9)m zM=J@6a_x^}86?yMigp)3PJ=WG6ci>If(!b~#F`>aT<=Gm>Qj^O>-7QlaVfAg+;~57 z$8cpZY9K@gzlyg|i3xofannWNo$tlOqiwW{mrt)rj}Mh#uTM+Km6Q5@I!44;$_M}* zrgVB!C)&LT)59kb=1Xi6{Pdt4`CwRLMi6TxUB&>w6aYPU0T}Cqz?DN!;3Qo!c`w%V zz8;fWQ^j5ISF8BmzA3sS9Qr2Z`75wIAG#va#<~dJ1x*RIih{{;RjQL_*%;mQiB_+? zPe=nQ+8zNCUvg-2fxOP=qs-Y}knO~bjMtbEr0TPVBx$WMZ6upS<FJbLeDaZ!Jh3J) z8bs0d(h7k3&IhS7_?pGvRE6<Oh{iGE6o2(c+KAK@4}c+{yw)DBHr0^CfvC4EX=PXn zFJxR8F}l=Y{4jNvdMvWAWzf)jAuMnr;R<K_)y}V&vlbWS4WO{q*6BYR0Z7mjAf<*8 z5FKChSTuHjEEp}J!2Q4^$TNCxfqYG7S@lHb-a!~p0RwK7(F;m196JEJnG-%#+5}^X zh8jwhUQ%dX{!GYO4ke2q0Ujo!C0u6M^I71MgoMsz5xzOBsb0-7TO5kXk_g|+)WpT< z`^HOSjf;r7utPL*H?O6AW}O=2GsSx23lBRfGzKDdhtDz9J5C~X53ka9pj<^7L3;;J z%7EUQn5mLX;11@=zPS>+R~h(+$9+c*wwViQC#8^=r4IK(e{2CNCQr?Sm1y68Z{%s! z0f6EH)j_5J0yx)bT|wd=1xtsBs}#`<aEE-aN>SVeqF%2n-VFnxI0*oY+O29h78cFT z?{jE5)P{s6PMAM5oaJO=&FI^T>4%ArCzj<a4I=v*XQ=ge$BQaq+$rJNUhjIPC3T%Q z#p+`RQoP8k{`<~&af@!QkK$UvEE$hdoqq=Ca3(K7^!Abz@-ri9)m2~#GUtzcQ2An6 z`V4zVtiksz2{ASxQ~keYxNGLMI$Lz5I~5H#Q2o38%GFHO{O<Q#a~A{T$hn%SA|8TM zwuvw<L+MaF_NT+uXL>_h_RK{jKc&|m3RJOCSsKJ9iy7*LJM&SMBdVfp+@%?kx8g&? z>6^-8pY*47<+w?JMP5Bbg`NAx7H8t#vXiXqt`aAZP^XC!Mx5O|#X0;J*fBL45$=-2 z;ljhcH)+eoO0_DXAkP*!#;k>lz_lo1Em9pdnBg1yRW<jwO?)0uQx55*3AD%0Ub@mu zAR70=&EtUd(~Hwytc6}owfZ=F-ODruPGNx?^fPk}TkUF&Hc5gKPiAw@Df@Ap=2z+P z+-d~ygfa=m*C#zIQ0%+Vo({*JkUr^MPd+;n^=a%1YJhL>7&iH!Jvu&G_x1BvF2*9v zW76+<nkj9Bb0i4xuIZDLQSm5M<~&(5I~2I9y;p2;0fZXeg|5Qt(ftk#V>3l35r|Jl z-DV0dt>%iVpLf!moq?j&Vv9LOm#zO0R$ZmUj`)!`SZ}S<sGT}_<~3oeI?Iy=r*;b} zvg`z%<<{%dM)|ADCZuT8yWrTw`hMKl^#SbPd4`<0l?<vqa=a0xPl8*Hw2jN6p`6dE zw+6W3D!>~bFKM-kZ^So!y(QoUZ9repr+;%;?Yep<YIRA(_F#BZ82{KUV_B&U7^h>? zZ)Z1Ov*UL-vcB)JzC4QADo3ga<9vf2zwdwkRzkI2Aa4aEyq~sv4qi?Y?om`iX6ZXu z7ZITjWXq^<@DNBMo;JWqOKm1DPBqxu)vS8+c_@?lI=!b!vX8>v_IP)vJS2ajIR?0f zyu9>`22V*+RSt4U6Kzw{vGaO%YU_EL@Y8kV+<^jd(NZrQnbSwV3ml%IZWRx0?8TfR zn#jhgs;Fm#R2Xqd4iP(%V{OtT@M5&xbKsY!ysxxhtl1iwt@?#KKPdhj+6f^CGzm>F zd}d-U&WAi(5^Gd6V<wt$d&bgKr|V)96H7#X<h-3jac>kW_O+;&()@Rthdb~vI-oS_ zqCL)CJ%X1YG|i7YQ?{_JXnhV8XS|FLn-LsXmoI@DMb+;hB!?i$N{7vI3Lo%}BZ2yV z^$qZb6psito(p1z^7Wio@BR<8{WOOXoRNHphk>vkB+r!rJ6=kHe!4&}vU_dby6$o? z^4-<>UJuQBvDPEM(~jD^Gb)L+e!IGNQ|y2Z`)D1@(&zus_0yql<nxw=-k|Q?8C#9t zqWiP~yJ7I>px3Mc#8IY@dZ-^+V|%~>$XgR{foqk$G!xmOv|i{Ct9_=mDY1VDGy%b1 z2Ly3DZ{;Xf9qP*$YYbl7BRfV1#Rd*G^jJ8)js<bQ(AL>2<RU%i<?$k}-;w&@19z*x zaA3<aOM)h{%;%XPtbAzfTLl>k7aPPL&d%795kCvykwH)S7ZB$iHV6|1K%7_YTQEo= zPYbwJoS0ksbeP>6#^#Rss48BGz=Ofj2zesY<@|<%^*X-MM;qEPKdP$La+-|ZW<)x} zIFPdjJp!w$=@nEI^v6PVS!Q}xCs8r`pZL%_BbyPn8}tc{1sbJ0V&j+sHOFj#<?r>< zJdZgz&epVz$?ZI=mTB=Vqm&O+Ke};k(vHuxJH|4EdkHn@`gdf>MTJol%y^NL)j3r& z(QcWEf#EymL))Ug`d9!B3`(hWyjF|APNnrRqS!#dMujd*5JQDHIYi4t<$%(%MHfb5 z>XMI_?@w>j(lGEIJgf##puOMz0MZGpz(-PtW5H1&tat%bN&jSIYK{q=;&;B?OI@EN zqi_3qox{a1$*if_1fvxw4|3sHFd5kNL45aM>#E`>lI?4RTXF2)R)!->LuN_N_Ugg7 zvYk1`O^5LEl?+w6+Pb4O{mqF|k~AH_L42;$j=MgUMng<;Ry*LD8@?YuDYbh8f>|VH zTA<;@n1-mU=VQ3t-c*y&8B%F>ZWiXRwDzrp4A(iqhPAc@`uYwlUq_J0$X365-5K%D z$=qdJTOxxd$?rC@^atoa|H(<6$|UH$LL16$5>UMMqfHzis2a05SW3(Ny+ditJq?}N zcTOTkYgCs#hmwHP-dvK9wvwAiYv^Xh931>wBBVUF9Q#b2!%wvPSSusWXyVFZ-fjCl zsM6IB%DCs;ZDesOL`@4Oe;GVnZ(9}R4cxI!;@g8%jNyjG4EsXhR9%`)vwA}>v0aQR zd#;k8_R|kj>DR7~%M90|RNsWW>N2dqjZHIN(M6m(XS+?g`K8m}q}wrut2}8ZoE>^P zP|-j^y{jO<eruI7WSePByk;xpVJyBl7j+N4+_djaK0&N~s;y}=Gd$0B?;we?Dsy5s ziU6crB3L@vvI)^R+e+t`r;^9SX=&J6I>^xUOQB6?z&no3w7oQ>iP4Kc@1=qvVS~t| zIw`E6*AMk0Y;4@kcv`Kq1rJ2k7kE?b#%5PWKP&g|%QYG<bYt$`!Oe>RJ~;_88rz0a zW>&oKqBm|xzi=L7`vE5{+!5<O21uRYv7GEx0QB$0fQwSHAbq-469<*okvDlyw67N` zI;LukeNUs|yS_#zAIk`XXXne$#q-kPZf>5x-xIaGaMI+|#5;vi;f}B_%xt)IHKRwI z^kMa=pu641!$h{4SlWNXZQaF<MG<!pxLe#oSf1f1_dAYD-0tw>d2}v_q13@kx_vT! zZHtAHXe?nG?scjN=@iitw*iaP;TKhq%WFz{gRfU{2h_$-^L$%ZdM7`)Vb2?4n_U*t zD!<U&PZE@2m2)y@U-7_IoP@PNKHF=hKL!M=RdX`H(1G%21c54HI|dDF$CQW;4wmCU zz6Ba%0BC5Xh^0F5p=rdPqu~KB@7NCl;@L2CI&9>fCp8`rGTX)mzYMM%Rzvi<MFhLq zk72GA^oZ4|`3fSC$aIZFmO=4TH9?WXb@RjzVvX~}aX$YS+}C6p`AcE6)^EwQK-Az( zeu2DTA5i_2a|&PhM;V-)rIt+?i`CYLdov=v>sYC(2p|fi$%!kbw^^58B}mqw9{Zf} zW>WXlWi?v*B)5+!RoYbj9VKGj^&Cl}*MA_-!xz6QwC_yS9Gd^y)VFtth+3MBM1c~B z+CBgj-Bib_H7~Bc%r>cd<&fNCKGZ83TJlPVlOm>$7xUy&*q6kbXB;A8Y7!Q{@rqcg zbBhxcDA)kcw3ijg(YVP7PuhEm+NwQWK%4c(_cIr)rSIM{!(pqsA~OmqhN9WbNHYZ} zRPc@)a;MJEH9ZFG{w>?OStm1}R%X#H<T&V|r7-nmTD$dxo6|aA?3%B17Te>-gEKO} zds3|6V~K*E$W&vHERN26Mp4u2{N9o|A$2RV$KzfCGYe<vwm~c+c}eMqJi`X^iA*+K zCwW=v{d=oVv^h};`M-S7!a23TTQ=$5o*o8+^|@9^@!uGnC{^ReVt=vba%_T$+|Ktp z?XBlHUl)OVt&_CUw0sm$ytMTlysI9)lY96s9rn_JU}kiNK<Bd#3-U@EWgG1$;fslV zAdFdeZ6yZk6Grd)a8(h36&(45gO)+$4=Q@**xrz~ZlL*$AFp<nT~Jf$gZF~li=-gt z3<(N>b+?i=k*{@W0D#3V3c-E-Jmk9@H_WfBB(82@>l|+1x*;!KkUz~$JzYE@qVcd% zlXcR~FBvMKHMB>v@lG+|8ms&=Dr5W=Yj^4KZWl)0>xDZqXlvn(F2FWjKN^baSZWIU z8f~{_>L@HlvO?A1p()*@oluM!-5!CBxViHF?J=5vs`t=M$ZJ1++>!nq8Yodo3>Q?A zCv3Fs#`V102?Y5W2vbJH6c^HA$&emqWcbYW`<lzL^%n`a*Xl>?bXXwHU{rF>Prj*- z76F=OUGI2J^2B*Mx14u?Oe+6l_$YL(MmQAlv*6s}OW0m>V6A6#7_!>`k0I8LkpwZH z76*Jox4kBrwe^E>!zL(koBLcNdNRxS2D+NawMP0{6Sy%S1q{uiZ6vbBt9+MW9;ZH1 zUH3bfJ(&xMM0RZ9FQEoYj$xxFY^umEda$gWt@bB8r(~KwdjUmzoNc3Zbv8WHN3o5+ zchEQ0TaXU9v!WMxo>W`ndqu!X*ANZJ72sLXnj-o)piYjL&iZdho8iTQU~Jnw6*`Aw zI%dMuHQ|l9$V}hk>qG@}A?hYw;WqA`)cQN!Ga<L?<jv03NquzYtiO#nu$cl}v6q25 z`+n<VM)A}M78hh{=ZO}v{@gSTZkhBB#Wf_!g*h7tZc5hJF{U8ccStMqS>;Sb*Qk&x zURLNV5OpJ2RdR@GZxLH%g938LCd;1(n4Ivh)ZJqB@6p5FG*hD2(B32SAZ_Ee<_%s> zz=Plv({CqOIX+1Na_56Xz*XasSc4gX7{Qqy2QzP679E7w!G%k@rh)6Y$sBqTmjS}~ znst8;AdCxfT8DPT79hv+W!Bc%5uEiZ`WOAeRu`aqY|YiDKkjE4ki!;3)JFtyiB&g{ zfA=EvZtEmK!Xa*r3`W$sx+Jx?1`1VkD!#7who)b=J}T~XcBN}qg#}nIL}+QxP~+7l zz#vEO-CMkDP8pJH?Bk%34LAZL!K^U->W730i*oOZzN1j_X)Y&oP*4e*Cm#OvUY<84 zq6reHXgJXYBPBU3JUzXPga+DhuXPyXwS9p1#U$gUl4(^Dr^D1a*jO5Iz_egTUy<&7 z1e98ZdLT4~82-ID9$pUMYZv@tiOwRr9?($~p-tAIOn1K>i1eHA*K9&|B*X!VKqc=u zmKL_67a~L(eUPN6jf*tA27MRAYBQtU)q|~$FS;aA#BCLs!R-W^8$OCdf=tzL!IAF{ zQCz9I`spq@P{qA@PJq~a=pA@S|G`d&`<s*0b5*t?nc&?Xani?bGTpj<5$GRX1DySh zN;}|0eJFSD0HB@A;&jTTQ^luztBVLzY@{Dv;bI)U*V&U+)G1E7DV!?9%h&7D)|oY} zyh)HK@LlwBfXhsxOBlkzYlH8(Od>}Kp2hBq)GKEHbZa8xl9Ozsn;abTqKk^Z48SXa zBMopd&2|-pKcm3CxI;S&8!G>(i}j*d-M#e)IauC(j4t`6Zu!B7&R+Ijpic9S>p=8x zo)l|$H9<@ib#6k6i2|~d_4#5nvObdhtAq-3odJ1}?bs@R=yx1+wigrjK~`owMk`5s z3!t9=V6M5aqQ#j;cAb~m>vvAfgiV?+C-6Wa45ab(MJ?vQC*X=1I$IqIc=jOldfH{Q zJj-mVDkKm)tMt1!CDBpGuGHdX_#3Y0FtR{8k80ci8&Z8ebKs_U?+F_Y@qSRam)2>S zaR+$zAn)tTs(+UvP!`_f;AOPeLEkleABzf&GVaJ0h2uh)_W{pSiQU_WU=WS7W4-F! z7+N+T1^ng`yLk-~9j~EX&b@9jz?PgH7+C!>-BHsm%ysn~b+Luw5>$Hucgx0ub)?KI zwX_dQJea-psw8Z>l1yVv4spc#)wkWgDK`{WkGn9aq_y|@{7eHk?L6f-Fw|6o;#6f+ zG-IDRu^{(_&F_ll!xn>{mI|kTN5ZhxPB>7u85K`n+1`q-;4#C9m)1-Rs_51=Z8S~| zN}sM9Pb4hKbyI6^;Li3;zmp(@3&R4`lAW*vpn+K$-eVOn!yQ7G<W1nF;p(UbU8KB% z<Zp~;!}hHv>LPqT%6B1}9pY0P3tX}YGQ?-9rjbd~6}Oc=`#@&iE~$-jnx3WgVV>NG ztXXvyltNxl-<XX`GanLvUI<D00tVCyCRdf&@x5i+CJ84q$ieyc+i=34xnlMH40@94 zgty^lJ55~YMc4;PymLWQ&-7D%-QA)R_tB*n&V#=+BTAH5tx)@Bhay3K*kEz|gcNSH z6=>210T~l7i0-MsY@;Wpx*Thtc|2`b*OFLN+12(Q`S$9o^!IX5uOW&}bMt4SCZ{X< zMB*jzTA-PSd`H)Zi3MuNQ*$AqvdM~OXVY7D{EdXevNExHH*PpCPl-;tCiVF<d68&% z24FdO)o+T~+A|@E){9ltWJKhOZrn`|3S#pr&(x}8`HD?()K7)QY|BomPF||)sb*{- zN6llmNv{L<eIt;nJxQ4FMXa3mrX8By+)}wD->HPJD^WW3`L?{3pT|7EkPi2$ei`+N zdhxy7{<&Dq_n`?~G-Q5CtTC25B?#%pt!X;NOApa>#~6Ky-g{(*sOj6%!6ftr`?hG< zF3Daisv&HMmW6Ni5%b{1v$`<cS)j6_7sB>&2p6g{O&asXn(ByVOSoW%4d*~68ul!) z3KDtIj4Q*pP9tHMC|<R0YR$WS?HPW~6V1>zC{OafY2VEVOvfV8z+Tfwq35P3>S^c* zk&7Cn2BL>Mb^|%bWYmD#xlgh+QzDxUu2IJw7y@VoBTTO<5(7#?X;R2U>Mg3~%J^Am zm<~uieCWm4a(-hF^>wivZbj|abd>pZ+TlqQ1xvIAh6G81O#q~@+ZdocjNsL%T-ix5 zzUneGBHQ-Teq9&<FEAMakrQEoA|_8ScuF)4JhMbChe}ArlP~))E}@e&N~Rh8n<kFU zT2M8dtcuW0w_!4fhQ$o7&Vi^7aTi1B>DIly1!fj@{XKHRcs@j9)Rm|c%)%@26OZ1? zP^oOwUQW7AduR*IdF^OXh2Bg^0j_s+Xt!^RR&KuRgwm=Ipj>8%-IG%%?~gb1(IZtw z2&^sbBwm&$$B3a4QT6a0Ye`bnRbPO83&x%D`g1TaO^Pu#@upoUeT8Wj4V{T#L?Spu z(iO(C^hwc@A|E--;Ca$uM}{T%6%^O6&rD6@K!V`{N|$zB>65{?2Q0h^-qN<M8{Z%^ zX`^RO+A>rETgxv|2`7$%Zk5;hV6I(isqtxo<xw>{mt}nBsBopIi*38Aa1Xlbr5nUu zT|qvT^ogZ{+b0e4v6(IB4w|woyK%ay5uO9LD|^FVE<~+7;Hegq*^WM|j=$4Tbj$>L z<KSNXrs;<1_V29$D1Vz~+{Cb?+bqLJB7oltQ5Z&e4j$Z><{f?Juj=#b4bPxd$CE}l zCm}#Wc!!-Qbtk%+KgXD$=>dT9JOOB>Y=UGl*q<`L0Zk#TG5)}xHf{<fDBkO)wc?t@ zo2;0x=r6NeBcgaMQ)<m?SLjv%iezvm-pzCYOq~k08b!_6c7a;32OS0y&OG=O`=U-g zZmtbi-#HiV)D6r<${STBcAn-A@bA^5k*cG*dm|zNBcZp~D_yb^QAbw8>o((^kPis} z1M&5-b&Y-uLJE}s3Bj6(1&QVhsa5%7W|zaSH=Ka?B|TqaCE9_jX9T)?4U`L@9T|lW zICNlW057Vrb<A)-39q>y(!Har-f}QxQyDq@`?8@e5KkS1?|<?S{ra?RYLV*nqo?fE zjHPkm+7S-rul6$}8x)9>nI*vWjP8*pmL&B3J<5M-(JAI@dPm1i!>iAlp4G}S0k)}l zNerkFwKGCAnx>J{nkJ2{LH#8_f()SYdPSJhBX~0hB7UCOm8_GQjV1d(SBWZl!DKa3 z%V)~!Vfjcmm|+l2z0Nj7bwUMh7+;8iY^z4g*jYVp=m^YNnj=QHVz&uybtP3)0PIRT z#DNsECyJ19!Byl~C=TjdBh*%|w@Z)dN;g?o97%?JTQQ(GdA@N$VkM=Y)1Z$Fo|q}v z!(p8Gu;^FW==Hr&P?JaM>6W3UzuM$LKY9JZ{+-chYK)v$@G#eNamAC#7Gx6nfJyJV zF1!pe6i>CdTVq?#i;P{#UJQF8;Op$j(C|n@(T-!TPB(|0#z5-xWa7+hg#GW$t{OE5 zy@Ae6B#U9D$W<BN>XGXf0a-LN#kF*pIJIn!x(nbW)i$_f__QXR<PO3YBF0EBt0JDX zM7PO2fc8OgS%-9cjr=%(gAw`)B(IpX*TzlH8C|YKL!lt|CMW{GSHu8)dBa62cU(5I znH@|fZix?ZGw;iI5H?jV-h+(ONj5d|FunAE*&)>~61fsrsxK>`2|@0Cp=tuiyd62T z-N8p<uD-1USL&RNVK=#W()2xY6fj`39-?^`!bV+G|C9Po-Lfxzg+Agbmv+gM77p2A zcs``i;^5d!JtzQeEqPKBzP=Y>ZAs-7w*1}!o^SouY$S)?#~hY;bHWnY)|MaULx5^g zwU8OLMy&OiN!IGZn0#E8Y4kZ93=?LtRF@W?3jTU%3FliSh0$t}XS_^*s}d&iJJ7%s zFAg<GBPa~uZ1{e~_0+07@(LX&D+$0@A>7}0n#=&70p@bm$CFz3A1EeBTsk3OnwNk? z#DAdEy1`9NZ_|73DB-rzUopHx-n55@$W$0gpqZ#2tP;%jhTJPsS^|nffOuL%I<cGV zY+x+_&R)0O7Kir8ii2^hw0#uh1tE|ozS`gHQ{+wC3N6d$L8-&IkG_pX^(va7v|L{n zYZqCRJLZo)48$M{x?8<qDYc`g?lHpks`_6>Za0ux+T{1|6L?>5{&{3zSw5$hQ-6Wv zEEBDMDnq*pDk+8o)V7s}kIaQmE^fKV$un-4aM0qhqVKZxYmkco9t!xjI*tdLfqG5# zTlrN<r+wW`_DaKuEkJPJ`;QkKXaD(-^erZm9a68$m{Z-cYN1aB9TellGQW+^HghD8 z`dJPdZq$wY3QuonGDKTAx)QgiH}DU^Mo(rbkrb@7y?0apj0&uz(Z^CX^&&w=KejS* zf`o*|@e|83p1xKChv?`Etg^snI@bMUK2#z=i#1%i({5^)uw$lZ89O6QmY!-nOF|B4 zNs>Wj68?Y$H`Na}cqBze#RJb7wY1L<NLCdtj9Jdn0(*P|CtceniFV!@>`^zNKbsz{ zZoU*n#F`w6C~HX5<fS(pglkN2e)G_@=3tsT4rQf|OQXQIWme1?m8fR90Wga>KpjlQ z!C)JR1ZjjiFspyhYnwV<bVY-Mj<@t4FUFFP?A;fdPDM5&X|R}JCN<fxh=*=qTcu8q z3T+8p>PQ+;*4V)!cKe_k4!V#ikv86g?<WLki4~-PEEyyu5;u*XBd@jNpl$O}z_F$Q zq_Y;KAjty0S!t1xKmh%PmMH)i|Koh9Sscf;^@0<+B?8kGNJ4H4Fww`v^ni`rM&Pw= zm7^Rq?Al#Hc25-v3G*$CP2XpV76*1NDWb=s09LBMcile??A2M_v6Qbr`j_RMO%F^u zmfpbD;3pMPK)BSvUN@CHRqcbM8P5%MWqE;9oaB99C&~$Q(0IX-z9N-_(W+cmA@z0# zr&TMq+AqQtG;r-#j41xch2GbfzLA8~qTH-28U}4SRN_C~3Qk*AI%uM|9SQe4_+*8R zTmiO0>5tcraxl6{?s(Z02g4rjbXyC7KC1U=iUG|T7e&1D{4uZ981yb3YIfkRL^l)} zc;^^PgO<T>M^-TE$YCdNQ6cpJ{4aX4e&_)S+EjbQJGwR$85JC*Yq9r+N}^p!Lh3Sz z>Nuw#$IYd=Gr<^yyg?kzo8q7YZE|OOtwnlB+CP@Fv;Jf89JE-A=VzKl*xnLFbg|!O z-nv$Jpq+%gZR3TP>6ZNH(OsAQ;oCy~0G^NyoUJh6Y$b1s0_WQ94RDT_Hg4bq8UuXP ztJ}I3U}fWLJ#&%IyQSdJlBxi16bT~x%w%D~c|wF3%RJy53^c%aTJr?pMpir$tYAGL zAyyM`Q6!hh|2)ytNy$uR=47WN?D}_ccVdQ~4i;<aZ29k!x3^PtK~{=W(C*9}C)%FG zoF5;ev-hO@`)x$RF7T6!Q$PYU<=-^|0yhPbNb6}SX}eQmLY+vNNxPHjnQ2a2>6!kS zO#1)&{A1-!Da@p7dRETvY)h;QI3Cq0h@Q>N2~1DOwsduI3QPDO%Pu%~uzhk)I@8k4 zjqqbdU*G>nQ-5sw|7z<0z3+cp{%<?~kG2KvOh{w?I8bO#!cKaUe`eaw6ia6(e`Zoj zW{xG+*@NKpV=q5GY;?goI|U|Wg{08a(sL|5T<}i*xoQ8l$<oc0;1r&a|KATTZXPcG z9&qb_*TgwHJ8k<PTe-M7JJE7dc5MNh{JTy-!0!BCEH}D&xc++pODusv__6O_E&u&F zh`uw$#S)mG|G#?d`hWJAl8~0-L`lg0(boT-Noopn_nz#e6ehTSr2L#<T24Yv3Rn)N zxmmjX*dbW*u=M!vuAR0;CT650<$&MAQ*sipZkFKh-_!hWL%`QTu9jH$e>V%lSz_`3 zU2?N@`Oy+^HJm8fyOU@sIlnkjHU&9Fr{w22h3*1v3i$88!2kXW{nZkz8lI9&Px!az zKRQML-E+e^gDwYx5dqrIw8Y~6-F<NO?mb!H(EpCJe?K_Uz`#q$WM=*7Xi|YwAProg zTzXOpH8=q5I65Jb309%yWbaAJ`R~a9JNw^;%8xz&&!GZNZ%#_K6Bq?KDVtKjFimj^ zOUX>jNw@UCdi>bxf8G=M!q%8ye;aW|?)UiU_bgbkl2msYE^VY=Q(e6IXX;YI>(21% z+Z!&sj?~|~@#47fc-g7rg_Ful(zDEpKA%6$MZ>#%`(+!szxR)AMKQ*>Oh?HihPz5X zh}rZj>baS}N${<EzaWm<@zge$mlRmHx$J$g*ogo0h)o-D=<n^kV70K+n7cvR=*~9v zT9>o_k_`_cSLxXOlx3WA1Rq)6C84f+JmS5PKhpY}Yr@#|;#zyai8UTQ|Hmp`#i2)O zTc<k?)%}qTyM4T5_m!ndwXW&sGl6UBjXY|WUQATjYkiF>A{(DHwPQM|oq^!z63E5w zC#-IT{(Uhhq{8(lK6dCR5u;cA{^VcVyB_3aUwL-(9Q;gANr~#J$-pN5Aod%qDw2_d z)h_<4ym5_<Z0J9s?-{@SI!GmDSHHgHTj$GA*4}<-slM*X{_%iN8Lp`^{<9OK(o%Qz z@JK@UzTFNKzo}<3`+n+)-3>cgnA!)k=&HfLYxHel|4CO+Zo5TisiuAsBoz&6_pG}! zW*?)?!2R@#@Q>t(6mncpspXu;*_baLYi}|_`DeQFO4c3x>Bb}di?6P~4GdK}Mh(AI z+;t4qHZpt7PSwBiCB|Z_y5zc$#pm1o<~%qne5yFP#5olB*=1q){F{i`hi8wT6M7!d z37;CP+rdBoW{nqJju&(CM>H@!?teV{n>X!qezbEU^mnB+*_*&tE_-deej~&wHSB!s zoqgI{&gztZ9^3!0Lsm5Gb@Az`7suecS``Y?+AEva%HAcG`>kp*%TFsCxcWkN@!00u z4vUKa+}Tq9bnqwhg1i!u(H+zoi7G?(8b%g?C8xBoH%*u7M<kNRIo}*`m3yZ*H{bbo z_tSx29{GNDxUO>rSy2-6`h4oI@w%or3%1_(u^oMF8~1ZbVQ1?=BiuXwNw{X5dqGL~ z#asWdeu-bT^TekMyDCh+Lss|Rwf=w4_CN0S|9M~hd%yjU3E_WD_(8j~cRBrczWQ<3 zx?mlhon0((j;=0PS8(r!C*%O~$uE|!jyM<mk2%2^Oc##s?my<DANThE|GkEF#^e6? zn=R&qmwu9mE@>}f^wwFLR&~?73pE8+vQH<HegFH>xWY|6#~J4>exgdy)Y!9r)%Zt; zL^}@L*kMzCNjwyAs;<tO(i0i6XX)#{(ceW|)@Gi5hp5pT_;TOiuh%P_U3@=Uow#m% zz3ooju5!7p<6?)g@&<Bh=uGp^k7%?^lI4|)upPtE>vn(Fx@X=8Z4tBB`M>Be9hjM$ zldkL>CmPQ04A*RpJA9P3{o^I+-B+Fuitewuc(Jbh)XPm(?*;7GD;~Rcx^IO_-B;>g zwub$Um#Rn~<KRc2;@awLw_}S>k{ur!-3&e$6b$Y8>2~g&%hcaivm6teZ@y0T;TL|4 z<(_!s(~?sdqIiqvWz0p7tb2L$&Mu|N&PY~9!81|C(9FHXUj=qt+uy`FN2=dkDqZ%Q zf3#!%QP>H}Mg!zxG2`0Zw9YH>#NF5SxxapgwcEHhmuB>Ok~rnFuE)K$aHrqpw^8+| z1iPy);?T8Ewq$H9{_>7+j+gioXZD@ZZec(W{BMKVt0P$5=KU$<(u#QE@Vk@Y@TsMw ze@;1VEk0=;KmSQM75`UU&&xHwcEW2b1REW95BL_Y9Xoub-sW&^fW*+<rsDS}?e_`2 zrUwp$iH%;QH75=4L^T)<Z<(t6LfP=Cc;BTusYRjGLYr@w_0r;QQ*fnjFAY`{1wY?G zx>Vf*Uvn{s|9`Rf7EpO**|snm+%32}!CeCccXxM}Ai;wt5L|=1OK^waZo%E%-QoX2 zb-Jp$tNV42QGM^<?<M1mzyZE<w(mLTT5GSfntS)HyJ%qY!@YXAI^wR<Xwe29%ANf6 zs7R>@WR#L<zck8L^@psE>Uwz}X`vfwD6E+ap1e)b-W<`7P~Z?+?XzHYK+Wi)JT=8h z9azcG7l%GB(l|bM>hcZTbooQ|Yh(u-6*v}X!p?hCHmf65mejc@H8A9d4^5rk(2+hI zihH=uyqGYAS0A|M96uFD51eTV9)C)v^E)@266u8+^w`Im7tdc;YDA;cpa#;l8&F<r zpmYPb-Y|g11y|j5Aq24!(MaER_<}79shpLDcGl+H+Rbx)^gz_uXD<kaz_u9TbH{O_ z<>L8p<N0thcSeVvQk#AX61`sot`HOoO+`@KWuVeB_8Cl*;BzSnVnt^_JZzu4`-yIu z>buiYndPx>wEDj9*JfJ5Z3eBIlJ8CzK%56F?iBpp!QM?LqMB0&mb|N`Keu5r8th*j z>=jtqJM!ObXmd~~vIJp8Z<VT1(BTyU@e(<wXmlinc+lbc%($o98c$qBKFc-gPUT<Z zk*nUGq>us}+YB;7*6w&4XCx|}+Y-r$6too;Ts4aw#2n9Y05pJYqq0qGlEmCHY)L62 zL~niaq3oStQWRt8$MY_y#8(<i7M$CMgT_*KZ>iQfYEt7jnlRN6buBuP@zTuR2sszp znJbi@u3BSENlPCNj;FModnC?u`J4HsY3o;2i^)jGE|8*fw$ZdNAdJiQqVB78RnYD2 zW-SOoZmp^@3QtbEPEiJzVtrh_!H=LY2>j!<?K^Dw-P-ogkSx=$NS5E;OwUqE@n46q z&tU2wKv)JwhQC5s)@OY4J6!VpqkmV%KZ3A73iZ#iD+fKxzXV;GnHhcqU0GRK{uy+Y zG}8Ny<O!IV{(@qenSYC70iXT_#WK><)Bl2Ee^<rtnDOtb_}BgA`=&$xPugD05C9F$ z99&+B{-t7ude#o#I}(8Ko*4n1qK%TZ*>@BNK+NCC%kMeD_rH05y9NQ{_uWZei{MuV z@%)n?W&10W`O(xrIFF#%o9{3DUQ)*2P$IyO6>UVs-bm@$()}nU-5V7Ee*i##z%LbC z-U2Ycn6<GDVAuTq=I2KHwQmU+e*x?&fO7u@P5-83zolU^_J&6GfF7Xu@fu13I(Z`# zGXPF?q2M>P(KiD8K*7=0*3!u8I}xD&ZTmmJ<wqT#xA@;Pu;)@ev!oyO{;wEf&&B>h zl%5;%ca{F$pnq5CUkBaqSuD%1;}5_TMF1>T5Woxd?alt>C4li4=JLlZ_IFFbGlTkF zQGZKK{%QaGP1*i=H?aXY=dUCdaPu1y3%L80!~)i*zmix6Hs)Ul>OUv3zYyIYB$oa= ziDd!cK1OE1^k;cSeSqomqi>$c<L@f`cbN0fC9#Zb1c2)ocKUs&e<!j3A;QY|3p4(6 z2rJ|78tJ#2*FOf)OdPD=KlK~J8Yv^QMvvNY6mg2XX-Yid@`%C}lO`_#d|)1|i(MIr z7APA@fh;ACtUPPeA|3u-;OeV)VJZ((3tQ->l@8iWPPe{eP&Yk6H~~>UDu?7NLRLRk z1YaGIymo?m)ozLg`fv&z+NhYUwWhgFxtE%Oz(bAZm0Kqn%Y(=V9peHL{7}f`$e=rZ zEH<#&ve16L6-W`mA#6%yU5jgjlO`G)9yvI%a3xD5xJ(4<N99=E-J`qbbI7O<J-f&> zrQ~cDyoq{c?m75cS)-_KV`109<1ne+Bj{!fG_5v3$nw<baFrDT#0&78-(0~7qX=nc z?FZJnxQ~qa=-QUq8Z7B`(zYU17wz&@b#C0T4^^xCuisQO?56M58OPu+5k26&FxlA) zT3YEXZH@X!f9d58Q6_DCY&ic#Ys_(?=NKa;10NClT*eU|uR?1PU6XUNa;|9cI+M}@ zTGK9f8t1MyH3KngfDqZJ_{**W$;<=3j_{$E{gz#TeXWrJ-&{IDXF)md_yC`|Y!l)i zVv^^9`MY)LC*S(Xw|?@ipM2}TpKme#9nk-C_jM+E0>JehM}L>9nHUHF*I(}#0doGY zcT51T^6MQl0n;z=?D=yn1Wdok;Lmrg1Wdo|;m>z$1WbR69DbF*83_J@-TqX~oADPC z^XEVarr$w`zfzy?2<RVb-VDrttHU*^O4(quAvVE`crDwZeMJpymmz?Z?G_u!c#)tg zgusswM6Drg#1WJ9;^8WJ#lEWHTVLdaBSNf@IlDX4dNW(a8oqLvGuzmnh@Iz+@;wU< zMS7MzbfvQPn_NE@@gn2)R-4ied-j)JwdJc$JUH)b7hY0BKwI_SZcf-9+p!}a_3YJF zb$5YUp^x-$gZU`(gVFgSEoU=@!10^Eie{%~lkd|IOf)wTvN*Zm(Q8QJk(T=y3~^HC z&8&yGR#-Zg{qDil{pPY8CcTSKCaxwU{?)K&6IPQ8@ep0#_86_MtlF#t+x;07hi4c_ zvf}KAUN~}}a)Q@j)N(Kez9fE8ZkK3KDUpzVszuf)B&h^dUbp9Z?AMx_JoCdHH5Zno z!X>IY!?9x%3+>y^3^!)%@7VGy>d>IpMXi-hj`(=EkP&q`J`TSAB(jq{vM9P{PqN$- z?DsWaCf!mhhA@fm(~#wfk)J<1tmYN`Jk@%`ndP$kM<m~PO)uKR$-oGMr=Fe3xhVOe zUhR;t7}2g;?)d)t9yN_TIKD34`@ZMurWT~}CY{GI`tf5r(0XDz#tVVR{V$pZ-}gcs zzs-tBHpd<#Th1Kk2P97*10IbPHDW3=mE7hoQ<Ik(nCXcTrc`uVbEu*+X3GZe;^r^3 z=3K6atr7D;;?T(Z#+SjXk8%sPki!e4qkw<g^;&3EoDuPr2n$>r1M{|93wR!EGU$S# z6j<F6I`g~ZmU7W;J`iT)<JVw3UqttTT}&my$u@J8X3a5EK$Fcn46$x_PbCSXABa`K z6rcDBdh5Ftd{l?=jU@>Kr$Grog<N-udAMGvR+y11+ssSSV4+aSSjH-%yk$Mjj)*95 zSo>n1S)TX}L@;Gq5H*d75&Jz64G+no9c#J3`bQxHfsK!Yk>>hC!s*NckKNWu`N}i< zIhC(d$u9}p;o+H5##tkc!Rw(Y-=&>dBgdz67ALmUhGs5Vy&knyIE!0s*MSqw0gVhr z#T?T!<jgXOe>njv!=g7jG2dOty?hEAaj4s`76ON0P=P!BKJ=66BE(M5`*)GNuTs_E zLXNR~Ci9#L!T2jCgEmjGf;m2AN8)dd#RgEDt0RzDmSEBCGHlwhmIl17rtfXD<DB+Y za`7L=>swO7t2vZUWWQCxOG}i*=;ipRXY*j!c$!qVn$YV96NTx~zA97FKZX$YHlu$A zX&3CFKgx+<EuEe#b8Xd@6?X>K%Mt9Jm)TrG%OHAO6**Xb#lhT0E_rY@bePm*Fc4*z z=rkTZ3*lzgJOzX&<<{?d(wze8ejjp~ZsY><TNFi-K9;BPgh79S$*l;4eJs>sNZuQT z_C0gyML<@7q=Cws_Fm;mtpi5;s4EB397xX5NaN*7Fk;0_Ar>F=Xsg1LBsfKVu{ex4 zzJ|tlPbR{!OVixLZ_*z=T2*Z{x3hZ&%CTZON~7j}kO^$oO?#<fvAb-Q3-;w@MpRb$ ztf-T;$owR~ec?eArSsQ0)&(3<mpGD!y#6bwp3~0H9r8C6AF59yh95dXg45124vGWT zE=gPWND@V#wwbc9C>^~9-%RH^Z4$lj_m0h7cyp{xt7Va;I4YK)7>>DcxZ9HmQB!)~ za|cd6+w26BX(j%pNx?@YVa=%1`<n0Ee)a+%Bxj!wSAhJq<!Dk&3op!c!{KS-le64v z`n)s9md{4~qr#O=;<ad1FJ-)qux{`Uj~2RuJMn$@*P|BJ6Qj7Cow|_W_9vr=H2hHp zgD28J1qw`VzCyaoYV^BOb{w8Wh9saQ!n0R5flE$!z)eqVgQ2d(UeM>lG0xksz@3!f z;E_{1Nel?91~yD8B0-i=<vrzUCmhLrV++-_?^`{QsUvE_>s3kuxZ{LbbEaT7-i^L2 z<SyAidpAT@&%9#IUI!Tiqg7Agm5XfAkhyNDTLAv`txiN1$DwKQjLM2(HcQbyoJd3c zBOP4)$KF5WAkUlVPY&|a=JV6$^V8<@f0@nanG*avYa0UtEh`Hn!S^rBEWfd5v(hrK zaeQYD^aOx!*`K-1|H+=s@Hh5sD`hcz90u5ihCZ)tj64$a%*C~Wj=<ihQsCG5Zskdm zl2ND~;P%a)o}L5abM>x$Go?DI_$l_KDiYS7F1s<8UtYM)_-K`u4u{2@CIA^-SIMhg z6qpU#&Czd6oYsr0Pf2`*eveVFbo9l9Wj4DFZ;@!zJBUhrw87h(&eJ@^vP(CBGei#f zt@`075EUH+SY^_U{I#!*mYW{mSZjB-A*jr|?1<`oCWu_(=4PF7YN4$^%|l~Fp;3R@ z@n<1gh$%utw+EYpg3o)mk!|_qmbK)w@yc-Vo-~TswGoX`3Z)xxl7C9w*xR<VX*>on z&=Ncb+)4-v_6pxiZZCx^T>cL^M}jyN^rI4F+NO`|JSTPZ##Oj$qQNVschMisGr?o{ zQ9_Of?Vaim;(?7{f}A^MU<I?_!mX>eM9KkO;MYp)9b=D1V5i}M$)zHJ#!U2K*bTN- zg??p?uHy_V%aGjP6wQV(y&IU1t|L_Feif55>J&|2d96q3L#^BXLUCSim42Xk=bN2B zsPE*HT;duo)@HVOiJ}cH;v8bTmO{6XY9(YH(mdmWWsonY3c|!E8DbawH1kYbXj@3( zFOKMGs<lX~2|@>a;TS8EsV)}Vg4xN#;K|ljmcqrSh2ACEF*lT%<u4%MJT%+o`B5){ zqa{K8S@L0f)v!@Pfc$l_)dDa^$5Y;(h)3(Zdc){)Fv0TD$c7~}Mgu+B4#xX~iCff1 zfCntD(QIEhM!PG$POe(j;ngeiSO*3Ul{ohuG_d<)vvg?kivTYIXfk+pM;J=TJZ+Xd zdtpJ>LMI{;%#vcuDrL|@^HhVz<s-=zRV3y&t2}0|dwN}~6je@12FQ=`xRgi=9uGG( z1ZQkfH3PjCh$P&oJz>BrZExA~3*y&=xr|+{(E4MD5apFfAU))82C5)mHGW7#N+$=4 zUl=fK<lJ=Jm*}})-I-A#IL5mFs^9YVezr)fU473uIlF+pMo{<0XxhrPs1wd$qdq5H zVmSaW%it|qyOiSseeBNHV;m~7Y>#a%D1lKpQnoJ$dTl$Nl@Kiu=_N*}3Qf3VaIPij zaSyHC+3EW6EaA5ouXWrl*c-xM@N5Y&#rWQFH41IQO*%F!_nMP%Use{wAh_ekr;_Gv zKk|LK<H`{3^priXYq_1d1eHog|E3@zhS8Q;f*>_)J?#+)HXA6+^6101a>O*QdNg@i z>Ck+~!-_E%p#3@MiBsoQCn#=uj#wO>&KcVh`3Z-)sOq6(hB|sve*&I4ihbbI2p?hq z+Vo7ybWin?)VWj#gVHy$$H44kmfrE9v7XYj`nOEceNCxn2~!P6QP++E`)m#!Yixgv zxV}ph|IVt!L`x5lHvs>!{B})ZWTNHx{v?1G4ihaq+jphnpD#&_%zv{Yg+xk)wi7~j zUP-w^$mpW-g`Y9+IGh|k)c6wVV>5l;ID#66z?vU^K<DPSYZZZons0z99zl-xNm4M! zEsG8f2VKjIGcXl2V~5^Ni+;=4SLPP7OZ%SA@{o2d!Q6f<=wsTB(lUcw)FP6<zw(`3 z7*umvRTLqaE#<YTJ6uj4EDl~A0?Nh%*7Ckxwr&A+TAL_c_C!~MWcW^QREhCo<$*QX z=!UrXLgPT%`L!oy^MR4N*xtpPX`;>wf>%>D-MMtTr6aT*2-qnEyAt2LYXagX*4tQY z&R#aU%pRo?TRgO$F1_+P*sqM(dborM;E4J5$Nlkl*1`XS3jZhd2P-rC@2xdjF%s5* z9pcT^3->^d*4OtETMXfbNK0PWN@XlOCtdL(Wu%@#=kM+x?_Ulxy7g2{e(7d=7lgA& z4=M|#%71JYRyvH}0#Ca472KfYfz1NA1161M#$&hbO0WI=1mi{jwVvvp(MYbv$-EJ= z0pb|jsQ_K3kusO0toST8_@Vg`>pI6~4ab3iwzi=5Vds>DGMAxuQ38&)@*B5)6tg*7 zK|HRlj{|XAohf;vnyzJKk`<^%vnu;bOeY!!tAb~RwdKg%I}~^59`Iq<Zw}r?7O%SM zOY$el8%7(IrSEkL(e5Q6UGA}6cMP&=;Fr(!fE^<bP9Y#2uszP_e8?<RwX1D^IimJ5 zJH}T4hNKfxjA-g2pC*%TmjVvzItfg~Nn0d3A4HGF!pO>3!Hu-YiOe3V+GdQF(eTpT zIA0;a<5MJ_oOJ@5<JJQo5`qIvnV%*lz+*gms%R8E9It3Vn!Oa&In&H`vc^1F|3Rgf z4*jYl14hQndASByjff6gWhjH73gz9Gxy@uFSb5T3l%XLxeO+mxwG!#R_y9+FjS{;n zeLh6@qn@@(A%jmt6iYk%CwO-7LCN=5y4!dsDhHS3^^W{8B}pUK*4)tbSMZb$+QFt& zaJ>dIr$Dk9Z5CrgUrbkKRqZ$Be1`3<K4bJIn1=^wE&)7Q@xR~?DX7$WGl@<a519tb zB1H|HRFk1H4VBq(4u9O<`g$%t9y15)YJO^Khj1>h3hR-lBN6L1SIjm%gz2G~VA3v+ ztjapAf9GL}(FBC9e6uWF>!d4o^flaR`z+n&yjph-adeKWjPPpJBJENcXA07sp=1J! zZXyNX>8Qh}v}mz0wbjk%tIt#O$8+TG%+miebA%D#s`opKrd9+$d<Oxf&{fnqe9BjX zv{jdcfq{&sCnwnsr+V{63|@Tbm5L?;^j=^hast>bM0pL64o%xel-{q=5YQBdO-X|U z2Dsn@zJ5CykqvQ5h3_LEDR9`V{o5+rdN4ahD67aOxiWMI)X`~j1pF7xLO?4O;rdrI znG^tr#@D-_3%cWH`eem`7<i-E0^h_BH80vhRX;eKjtz*_%ng!wYD(<H)!-&wZl!)R zTau^%%e8sL$cLe<-o-e=m1$<l+jDb!0Ll+FsQlwr{ySUv|4b{h(Ep9y*eF`eo|*wN z;3~fl*WHKK`$dO~=7l!;<wK1gBJx4eK0-$t{`khp(_Nuv#kokGFdZ8Hk-@eST&aO6 zcZV$PsyVwUR-~H-iu<mexgk0jA5alkXGZsa;=TiZx9)_ize6*|KrhybNL4j*k&}9V z6X%W6edWv7^VzOtt><512;-rtYviiVs8mogteL-l$S-kYEJz0_bjvU<kQdiG2jU3A z7#O58>cFBIG222)V2We7I~2&{XQt34+gl6`jkMWHBEx*40#TYmPI=8BR<<q%og=n7 zaTpbCeHb-<$Iq#AMsmS>F9!$s5?ZIyD8mTbTwOZMgWet%V(J4aP;fTq^8!L6a76KI z`II-z0(+;3xYly^372Zn*&#9RhnK7hz+n+yjurQan1oV*4DXrV3P+Ryo7PTOvhR%} zV5YnAKlSg}u`^^BzotGYP;aPfN*AwgTrBoJ;4s-ToVOE5wpaH6uPwY4RTcyuJ=okh zXK&b$#wOY?$dO|<JYA^tNSJ4AiP(sxY&Z7yTt{C`oWErZn{PHO?1sZB9mI@737hA# z+Ac3lupAAi#99cLZ|jD_K*?dS%f3Uc!>L<IU>aOnq3PClE~%|jq&}FbQ*ty@EO!^1 zGjT;a0a@G<{F3U2ZLPC#6Q}Ur@Zsv=0tR%Ho#u~6<!_x2o?TM@XGZ1!V{`xSeE<Gu zTA7*UZ&0C?qL_XAYsf|bPd$do(TxXRj4B|3*m#=yVmhMQ+iMO6=U~vfw|DcNsH!DR z5xAffAI3HgmIA~}M%2>w^3e8u8-hgYS9CLa9z8Iu5ZdwHTJAg8p5rN#gKbB0e4^m{ zecriazn4}+FJF-%tj`d|1JjIbDizAkVsoHdzH?MzFBwHH?o}Z`@1LFK>{W=}Z*~YC zjm>M=On7*3ANM)p9S2E72y(*z(lZDVvd^olx7cmeY}MXKN8NxRmLhL-HDVuvE>PM# z1_5WuJ1*~xkGkld=kJ6MIKzb`gCut_uqdQBirc97Fntco>SK_X`v`WS;TuRp*1WL~ zRK4`>wL>1=3B9$aVHyv1^3sTKRd~_2%qUz!Qw-8Yy3=pbs!gn`iJ7_?>tm0&4@}sp zTaT$yCY6*pUcF>BQb5WCk9>KU@`+$U_8>r4S>(0JE7=+#hDcoBt;mEM^?t4o)JJbu z3_K(i8PyX%t2q}T*DZHnT+Dz-s=SWD9($riUJ5i{02Y96iZ|Q;N)-rv+EQ$t_u16O z9EKy>W;QALI;o<nnInxH=xK!z#@VGiF;nk!F8ThxDe4Z_tat0|1g7*OSmYni<NvTl z7U1s%xPI?x^{c(~KOQc`^k<q*pXUT19`2c@JwN#eVf)9XQ&y(G!ShwIS~7rep@1Xe z4ZftpUg7ZzlU30o1(;7(SQtggP7DV`**R~h#n5xVJlxIDQu`?tq@CwfB}JX_ZY51w z-?itwDmm>(7vAbVrVgc$6`(Xq8bdAj^NB>oLJ?VlPy3YlIHTG+--YCR!x>NZ33}pV zGv|lQV0IscxT>X5RTEo%^(+#J*YpA`+tH>_G^8KhNqQi+UZ>X}XD};$`)Hq^c6PcE zV!*{_b$BjARr~G@*2^@$k~8Gc(A%wUe3|!`d|Mkh;goJV-S6n%kM<VarnP0I^?iKQ zc{E)`Zowcx7O3;<jj{3D1EC)Yf`pehTZJTN<5k%_ra&4%5@bRUHG93wduxv_vNRgF z3$IQi2VSkcj3*)lqiV*C1B{->QthaNzPN%<e}gKL8x{D1k23T?F$ru)G^e4Hq3`1+ z0V6+2Lun`}Eu7wL7;*HKA$7Fln|x^qjfflR9&=*GVeNoV?`k@^^hJfr<7CH`nl#tr z8OG6-%=92_bSpisSJ47eEt8t$NdT7F4eC$4Gwe58AenYe6!(;%^C+f4DCguwv6IZl zPRo;&$Z$g=uwR577b_p@-o(X2Dc%rc^LnCp`RL3mGQHha{!}8roFd@wA9(x?9X&Vi z0z0SUQ>N330$Go4Y{rtKQB(70@ExZIynVxw!NJvU3#P-n%5GKyV(lYYK$Bk~b2d4z z&TE7=t`ZMomE0OiYo$MgyU|;f*WB&i^juXdQN$mnT5;%4){Q>|^tct$7B5}!qUOcp zHgA%WN0V^6K)E#~(c<XomEun08Y6$sZ?7&PaK@2jhgAZ-*`G}2T6+|!)op;@SQvrh zy@SEtSsD4m72tV#{us#r%1-_>zUOCr&(HXtpYc8a1@S%1zYURiUfcd$e=}w#0>JfG z53}F-n=vyJ0InauV`d=$TtDsr&SwAE-|Y8(YX1xVX3W31$^AM0W-Pz;H+z2akG<v} zgC+)6wr4lB-}tPn%~=Ed%{(yDyp}UjzgoZtst`aTe)l&6PM8+L_u=gcwS<zhRFPL- zKjIR!CoQ2J71!dMM$cb4#?c-c7}+Y_>fc$|cA})^ZA9|Aa+B{77l#rTBln4EGo{>I z^E?{HSWREz^71n3c*s}+wQFIFMJGuJxL64GJThn@UyPhO>%yT%VE!zk0#1!cwd3y` zGX<h)<j6p%C=NwA^zDs2XQr8ac8Do#^Mmj-@25E8kkwN;cbafv*wy=8vvUINX6~os z%{U3dVJ~c+`QX;;mHn{7l|q%(RmQTgiub~1rr)e?F{ak9aiJ??6xB7CP6S4%AQ2Z8 z^ZZzwiTtLPrd0^ul?xDb=zHQ5)<NdqOypiYEN-<<j9J#Bvhj6Xb-tqwuzr6=w`#_$ z^N1*jGtbNGnH(DE^>I(<uBm2fuXBOm#pmgT`~8L7%#Yqc?H1~%-{7fD{O#+%v7&%V zXj2_GqD0IHtLQtNuyZr{Vhhm0gQ_HhvLWA4;KC&hGiP8-)ucj<b?U88^VrveZDx@I zBwvJ9IMbbp<)w6dnjD0yK#pw_Rgb(R<i2?5b2*%p5AA-QME(%B^ovbUEu|xgu<`Cd zI@JFAik}h5fib8yz|GeuNC^7EyNWoCg#!C<3ke;&{X#4mgA`{%lrHkZ7f4`W>wJY5 zjA|=mfnE4zyZA_)vhdHb6&3b@=GFH{(BLpdaeH4g;}rWL5W*~VP0qqsPqJmhXB#Og zgDv6GK_y7%TN6VaVunZAwx4`eLym?iCT(^0Opay(<EPN@i`$Cv8{vRxetC!r9So&s zlMYJ2B$;)Gy&Yt_oNr17-(R~MkA}<WTof>li^6K(E2_d+SEkw!F(Xy}I+ZJkdg=8G z%+G-HIimveh$g`%Z|51PISmh0;qtl2EZ3uuPVt=#9C`W-*?K{=4yOYpjSP*nb8tHc zUypW=B?zCsZqV9|&H=Nmk+ky>UcwH`u&o#xK2NzXdhf?YkpFr>^#Y_YMS&&>zP8X$ z2;yz3yS?uj?Hg1n6AMdYa@GV~Qw7n|<Wd@3ODS>`_AfK~_5xXEr$kENN8lG&#C<Ck zt&`NPw6%K!3-#<DjnlJ{Uh8#F9?aB-)Flt@ZTh`(sQe-s!SnL7NbNqM2i@BSJKhA2 z>>W+$_tNCJ@D|kPZdGZbaR`QSCQi2fyIp4O*RfTrdn54ZC&3$j8H2S#wcfNu8v*7T zd2NIVTr*|TVIqQ2E5jOJkBBs_A)O%6l)SS(MNcLr+)TMKC7w2Sgt@%E=j^no;8}oB zI@l2?K)HVPPJ!r}l~nC2LeU}!iC?w%o2#LbfxHpZZ8<211mCc*d`2E;l|}MGUT-32 zzd%iPg)p<0RiS0Rn>kuNzmS?dY*K*k`+Al_4cVG<tA&&=-k+$<&X&)s27Pz94&D}i zP7?g!S^&HCFnby$AbvhoL`nxz%IEP~MlOrN_|+Z@54?J`wLG(8y}om$)!;j!(CC{T zM)l>7;%syMqG!`-@*$x(#_@bPkV0P*kb)Wy5aw`-icq9%=1zjh9H?F}XYrlSb>EXr z%93)NRn)Nqy``{zH!C(Y^X@);d(3k?9@cDvCaEV8w1Mt?>!uM&O2@+7-1#7@-b>m} zo<S!R7BS_7Bm3?OHPCKU=Jn&S15&5gOooH}0$(mWHWjy7FGs4W!cqR=l8k2B_zLQP zvmm|iXpO3=7x}%_vUBQko#IQ%`jQp)d$tP5CL#ZVdYNe&6)x>Br*g{o?ll#6nuA34 zQ&2saO!(3G_sk<8ZdWexRVkoDP}9M0EHND5LlBjyJ6>)Wyh`wl+kvfRq&*d!6Xw8% z!z!69Yd;V-5zsmkq(R|;vP+7HN2I<SPeHT#JXhsmEi?Uw6or;66Go>&wpZvjg)#9! zz#0x}4>lO(WidOEt0Y|(1!1#?EU)0)>pCpJN%psFLqlvf*Qrmh)3q!WvEFM^nC(!f zO258;LjF+OUy9Ipr~44FLT?1IOpM<@C!~35eMIWJ5NU@+-3P+rolbLY%6I_-<R>c3 z@2YPu(d8f^EVfP~PpHM|#*LW>Y>Fon?I77=P74A5c`r67rzpZ8GE4Hp&*S8xA9jO3 zT1r-_J?z1XR$@CgFq>0=YZkc(2WL=liW3NWwY9*;qmXA5SI3<I`8F?jI3cv`HE_2K zYMCpf#>V?a71a&>*Kbec*k@^Z9zi?Qlzjh~K>fR>!k+}{CxQA&pnejl{{{l}zh&b6 z>6Y@xd(HonG5Duj%1^hH{}#6t=D#yd|H+~cI|1`^nBTt}Wcd3)!ruoO{!S2L<{$uE zKg1%yxe0&^a0fWX?#E#TznakgGa-k}&oPd4e~tw7>__s$Zub1-e?bCbV|_lN<hK%# z#P^WH=D&m-0wf?n$RXmEKRU}u2d%59t1Qk8G8J`6R^@Ta5o}z;YF~L(BpXD(1TDwC zF?-StyW6d6U5Zv%>E!DEeaN*5d$>TXytu45CsGlrutZrBEQD7xV(`lHdAmOnTj2^& zhZK{ldbp{2W~mM=1b!gsNoZC|^`t4uh(4YcX3=YkY>dSiZ5Z3^i5VYRD$*?WeDug~ zm{P%1R&Oj$Ctm4sr51J12G=ZgcEg%=5J=M<cEOySZtUD7>MTOL+|IqTBM$0aT@MQ$ z1xP^qR@ok!;LPHJ!Muu3`;lNRBHq=};=%nEtYB*V?~ildkXD|M5;is(sd+E=B6}kS zZ%FyA6J=c%%HRk14tI7gxL2d=9Dx^25^H^EII;Jj+uk|sp1QGg$OxKnC`TpM8E6i9 zM2>5Lhd82T6JC@@jP#l6kGe{QS4ISTS#4F4>ZHm^9X*y^Eyn+aBpYm)3z=npw}6@J zj+c|6a|#JvpU-xJ%a%AoYgc!9f9`{}rnU#Iap6Nxnb*3*%K<qu69YPt<)EW|_NR!k zBIDr12hQzOT@Q+6fDVLw&d)g?0k3cyOhvP;SMG-5X)}@t7H<fIPv=hq(19?3F~k8n zkf8-Kq7lU;GwxZDV0Ngn_yWTQe>E1Wk`aUQM1=sdLde%}PSZ(8ABk$%o)`R>PjVxf z>;f%mv-}8Ot$gt6iwHr5#IOj|eG-5^go7+kPR`<0Pu2+HiT97HA-Oxh6CGL4u9pzC z<pbsbw`Ip+4+Pr~*a}~E<CE^g^dX2I{5CKQ2bJ!Od#zh*pr|SZ<rc^e#Mt_Vv&B2~ z!wc;o<<;{~Qr+Bp;rW@L<((y6!V6#Q$Sdp9OzIl~iuO8{vz&NI-~|*w3c^xG)<-QP zvn`VOUXz@^)T9~9?>?+kRcn}0Op*meYu6Nl_<(}xMIT*C5&8t^>@YX7S%!K8D3St$ zs}0}~=>amteAEx7m}rm)-34FE`Y7R@;cKaNg64P1(z@Y{r9M#1wz2N581oRU$!R(^ zSFXQL;D%%ep0VU;OEatcr0#R&;~Ii=a~|S82R3Obs5C3Pw@Q=%N;C*0j!<nq%w{Ed zz}#pp?cx_oOhes?{7I5YGg7uGE`Q<l3+vTh>PH|KB&)J2(%beSOX){xOS{h2z>3@T zps>>=VvVBJ;EU+U)+|BR_m3Pw<+1^pm232zm|>DWE&D)A=PexG+wZfPM5p0>pR%`s zY7thyz)drT5(AYUP7egz?6cygUA5v=YYJ%qj+}nYwtiky(HSQPG5>J(0yaGhhKH0* zKWCVy#T~bEmjPF|MQ=wd)b=S!z%6KE7xF>b-In-TEU-U+AHOz-8Q(7^i3_1IDPh;1 zb5RLld48x+E>^BQYkq=cq4-psYsVhmJ=`J0G}txX{wzArJk&Q$zY8E4<$RZnN&%A5 zx9NJG4PZtx*+epxQmX{Xqe_`#)@*M?g<?i`$ILaV9kv9I%qm0TFAqDwJZ7T_6>`Id zumRSvZ=9oP)o`pd5*xz_j8d30!L=zcDx&J9(+U`27(w+O%82N|ilnqnC)XN3xqNcW zcx6?Qwn(#0&-ntGq$KC2hhdF}eQJoi>g5;%nX#3eTVocPv<uG&l3R8%KN^&FXGxX$ zQpk={a1|-g;)lz9DIt1?e8_@Fv8bq^;-P(zHUkr`LMYw_he<vrajx4+Xs(DSE{#r_ zvcvFPrKhBx8QE3dxg)Tl^~(MQ?Tg`H9Hcs1*v&npczt*5U@AUHFO2Jlx5T;O4XDX; zwl6)Mj$Ph(p{NOCXcyd)i-pq2=v_jBD-){}iKM>_0}8sc-dDUB_R%~p<8;UaVMxGQ z1(qbYo%PSue^Trbw|7TP5ga-papXIFYza|)gaq#<Fd1;yKdQr<0(N^!6)9rL=7V+< zPQFrFM|3uHgJG!i6XkHH!BcAC-~o?2!zuBwnMhrIADc&ZhJ7QtIsAU7o&chZw*z&I zVTqYAcD&${+oFHGq&xRAIxx>1aw;(cQYTn8=EE+}$z&i}60H0grmtl&S_O941Ualo z1_%l<zD4w#aRDp3$L0DlgMB7G$8WJU23ebknZ0W}+FuWmTfo?uU%WXFnYzPiV_7n< zG#Iu|L5q=|&CB;uomY^ZP_kN&xr@1YpehuVkfD&Z_s*7M-Fa6n(;W_EidH52Em}R- zszQb;BlXT3>)sb(JV9AVgzUobRJ!jNv-6!dP&X-<am9IqRQH7eM(UeEmL)hwei<ED z2M>>ROw9=JyriZ?7}JST7}fe6aDi5~YHQkKK6AK!(mzJ~f9IU@e{lc$sVx0emVPQr zKb58b24(5DN00m~ZbyGofX&Z<r#}vOdZw5^c-jA8fBbYc{(r^QnB_n0jKjhN$er+4 z)#UewKd~?a5()hJyMOucCl)|LgkRlu{x_5uK;-#%A?VLhVxChM{7_<^pZsIS{}X2% zz<Hg&54WoNTW1`Tcc4B%cGjk&KvMe|2>ke{BGrCWq15@5_umhH%GT0S>Dz3@kY7KB z4di|sQ18y6BYh-XBjI@Q7;~GuG$xLrZb2{XhL)@xTbU4c*Tk2aALw~>x=^Kb73_&H z{$T#aDQ%Qhc!_84iuc@Y7fz$evZ$>5YcTk^kOOr32tT+EnEWz~NELWGy|9_19Bo!r zO-C?Rc>%-CCAEPYpLQrs!PL@tAl5fOel2ajP`vT8t+*qdhg0>P{v~0AD|33!+Uqsf z>s9}HS1s36Wncj-mr<*$QtRns4aIF}E767dUg2X}3fWe4Q`8w*`nJSUeQHK-EdqLd zmKK?Ccc1b5?X?Eaqp{^%J65fNVHs%jenPnMHPdEy`TM2q{woHXWqt0r$@BhWI>$4M zma9$UrgrQ_{>wva&y&lw-bHT^YHSVXP;T@^%C&rgxF*nUWoSs`(Dg-Om7U3nniYRs zcf8ftxDeKy5Y{YxE}WRPIF=o0*4BJ*Il*f^Wp3;4DEn#}w23_UKKRFziLGAk^s18h zhhcZG`Sh;RkA*QUVA7)8-x=bQ-A8G@TlVT|@IAhR2Al>p^P*>gkwQ2m#0=@UjGmt` zeV+`JA@-y31Vf=?{Cru0yrZOHI5h;RO6Mo0iK6(yXkz+J_!P&ul~ZluXgL1lNBT8} zkH<FjQeB|O7F~im7TZ0jy`YNiBS8;{jCWRkla7e9BkNq_(s?uV?p~avh^g}Cf>4j- z1SXdOW8N^NFYz@L1h(%vF>Nq?7)xReJZVWghCIT9SBCBM81(jEy#sOx_~`CMtb+ui z7Nin6|EVxktypj?bRxRIfXLUK;{&u-f}QH;(HTh&5W&Mdt(zB&Jw28{mtQKwRXb)V zG*h{ZtKgHllobj>Kf*$95JdCocgeBz8#8S{p4S=RGe$*BbYi*;B}P=pEb~YWfr>N? zDRfX-vPpduUmLc1t;AG;ZdR#~b&^5G=(JKr(YP5Rn+dT~KsO*_gU>H6xQ<3tkW<DY zri>gh1-fXusf!QY9T;<6=}khdq7lk~NT)KEhUl}ZZK33GJIh-vT3g*2Uo(AE2?^zL z3cIYhT5xH(&^15QUby*2SQcxggR)H5F=eH~|MYG0Tu3~dqy7~p{&k1l*JNt?{iY=r zT=zE&+O@64^s%DeC&lwmErHfwMDc0JllZ${$wN*bexBw>3ahId<62ofF*RkncY(Rq zA~}LX4lP?g4V?+i?yECz4jQzivJ-pST=uK7v_MIrmA@CRL%tSBV7k{3l|{a`gIQiM zc}KMQke7sB&t0ZoW>m#Et3&{u+;1*P8qhCYV>}t6-_Tnm;Gi*Jt~55zTFUy4PI>30 zWCkhmR~KmEJoSnKa3$)n;#m~TG!%(??z;Qwjoy1q|9Nw0>kl7gLeO5xNH0Q*pEO^p z_mlNJp7Fh$4(>{-a&t;%g_RH;vJHS{=+?6^reHPPZ?$qDfSDNFmz1GRC_fYyV_M~l z#SHRhVL~0AO${Pd<0ws-tUg1d+m;eH?eV&H7EK_Y5OUnwPp=}`5I?n2<#ZSRv`EO; zC=rO_@|ImadL7}jaejw|i|t+3Yhjck^I7$N#JSDl9*3u-)vAc52pW)+?uzvj=a@r$ zW$qkR949^U)1xt=zL)*zEYUlUTAdB5%VkYVP?~Q<6WfLz=nCBpo9y5>8wjUcw=D{4 zpNzh{<<P~ss}W*0cb+icr<y>y2Fp)4&_!9o3Y}B+i1F!=<BBXc0ojwG4!D^RU<}yH zrmTmgfnOf7gs<JsCi{EbjoQ|r+K1Ot=bWR<o2fsRP!k?sL{lAEV^3INjnG#~)3~a{ z7Dk8rE9wP#o)8&ZN`kx3q)g0m))b!9@k9{j;1Ho%Fd|W*<S@&54rQ1&ywDVEqdEz? zBqZKp)V<LS!uqBFDM1(uOLG?9dA?hioGi0^?5k5?OM@*0oi?tTbwiQp0RPQdI!(Sv z2hZh&K!qy;869~igq@7rL8O;*u1%O|1$t!Z+t=>JLtnKq$}}*FkyeIQyLzJzbAna6 zHM5#V&s29wAt^stEmSPjZ$ZH*4|eF*nzM8G9NL1BM$C<Qoa5fTT%SC&J23@oUxXBp zL}He0epP)z>$H~~v4^A@z|dPCMJ$Te6h5$39ux^(>dqlaKF*Mgh=Gv7f4$f+hCr<3 zu&R1h?z$dKy>wccCbS#RgoBZ|&OxGjZ8gNc3xV6Lh-@a6i^sJa&;AM3weo2Cpk66* zf<dWfdBcM`CdIB$J<CJMr36ikYAPZ9p#H)OzNXdj5A~O4IPqhL{8upXPyOYm{_<0Q z`KiDB7w9j~bm-q%+kWaV|Iq_yo@wUK{`mjR0YEJOVJ{LEb^^flo!UPqLj<I*{E@x# zuTCES8P^V$Khw42Ik@?+g2Hc4EBMEP0u$Tc=n2^ogA!}9sGV2d_XsARA)Dv#nomK9 zR5c_z+f0coUK%5Dnhg+@<wTqeU$MNJp!daAL0EiXZ*h~hpSZZlQN4<%DLp}c0fzjh zLtZ{;0QnP{gVD=-Zb9r9z3xV`2W{`=k`sCvDVcT`ll)sfUg~bvkP(NBy`bAvq+*2W z^uf`jN_vsowkzX9lLfYNPw*xh>p&=*^(9;>_HZ@LT^qY(s@>B^2i@1@v*@pAX(Kl- z^r6KMgQ^7-tGB`muTPPqc2;ir{i}%9gr0c3BJVocU`fGU2HY#y+8TfYm;}U3sr@T@ z5+6zi)*@v0KaMJa%5xHgNFbciU!x5!?rJ3oc^uT~Z{|@>$&>{JRWGs}`?okg`CYS} z&e6wj_%<woPDX+kmVSIfsDH(ys={W3%_Q{DIL9|!Iww?=$!E}!dBZ0?bQU=CjVeO@ z3-TmCM{0prIpI(kXy}vMx`7ol>w2?kPyzD{!!`dYF1Kl-^dDp0pSH%IY5snu`TLpX z@BhLyf6qJXKgCwhd+;ww_y{-{nCbqKm6?Ny4Ul@+(#BrFR?ol)kSyyj35Dqd%pBgz z8rcilSlQZGf6u4JPA3M)P;75&^F3oQfw7+DTR`gTf0$5#iH()vIr;Ff?v48kZl5%b z9<EOwL>?pKQ3c<$v>-}A@-s-0zK}2S36G^%i4;|RdJiNYWLjH4?gNcZVQ)cCQ3(km zPb*v?MAZR;qz?=(6)d~$Z(pIQ4#)t|&~$X;QJ#9_**wg<RnBDMwB=%)a<vy`?0h-E zG0gF{{w#&bWXKp3=wJ93UU_r2b+wN3ZrOY3;m|qN?Xa%N?J59Iw_Br3ztay2#dt6Q z&6VJ3t7=NSVXvg&w5GrP;k2Lb>AIVb_q2!DQ6`?<Zk04nlZdUWj=V=XhQE(jlVLCb z4m$@vl5Upu3uDMW?8C!D%XKFmJjXhsT2*E!=k8U@Q<FQ=#3LxsYee;8WO4<Z)8hHs zqvpFsucrr4P|)=5=^6dP$%#T0e9!BZo0G<;$2*f$k81A2wXP7Zi*bcgToRq08vC`4 zIGtw4y-5Pll98AR*R5pdK5?lOZZ)!ohs(LtcdJkZXh82R^VFNRJSZpPv|V>T5Qnm# zj|l3xY{bYKw5w9U<|6Q3FK0zbM@~`N-)#;iF5nmIw0O=|nw3Y*+qT2GUGAG5>57ba zOi*dO+Z^}|f$#q19%5W0mPSpW3Ir%TM$v-xWeMAod&T{BdLSM&BmJiccXlz#!4w`1 zyuH+?`>h7&qoJjZhpVNh$(m-g6^Z!6!pX<S$DOg<erCq(#qUo^>nmV+%4{={VT0nm z-Of~y<}mt}C1%rf5z93gipxb?yX*rf_G$>*;up6C*S%u<;DO_CLHL_q8P9Uh2iGgw za@5aT-?Al!+1Fq{Z%!M8JxsMcDpf<<v^-o+sOS`L0ZS*bpTufdmtB=-x2}uWH{4tB zknz)wsb=j^^&l^~Y$e0cHQLUnRSa=j%#<4~&LEW&h4DRJ_mZbJ0y?FSdFf`z*--J2 zxx6@wEyd$<29wFShq>G*82#0$fKW>erAo0nsl;ffR3fWXENzAB?M|-aV>#zx5OdYS zqQ}(&1m3&lJ)Ng|X{QCpDXaO~Q8HT@-ATFLHKH@_&3J>!5-pAD2*8UD$7J{(Ix%z{ zrdCtj4kN&OiQu`9U(dA3YtAf}si|e87!vW-uSZHOx}QlU$~5;`j@5A`T8n*L2ZuqI z1a!M6331~=^;{!dWU2B@z-d~N>u!EIoRMNV+|ya=lcM5Yj#Ogv!+{OH*Zm1#V5Kiy z4=@e)SZ+Ao<S$(J5Qp`IoR)fOG$p9@@+Or|s_1wqDN6-VA$UBJoRRvTJ{=jVmA{$W zG9sxazXv>zd-*-+`pOp`h34ARK5C;rj<=iBI8KN2E+?HBTTeA0K#0Xb2F0fx<T4L3 zyf;~kjQUl5HK&!^ycN_T8K0R<cJKP-EfjJjBYLITSNtqWo0PGH%caP|b8Q-eX@pX` zH*U0YB1(t(p6;&}-AZlmhk34&B+1sI1EQg0yf*ftq&atd5qL+S&e_ukq`GXViI!%W z>!D3jTyo}5v*|o`f~ZTv@kZj^k6R%Q@^xHy0JAnuZ;x4^`B?fPW{{$l04<%IH0A9O zM}Hh0UD4#2G?!GQV9k4y*a78O&$SS?z6B%So{j|bZ`qeQ?!I$U)*M&!Z;imcuG{fv z-3^gW69mY@gPQlt`wc0V?l;+t-uBj1Bh)4{5orYzhjH8AU!U;doX;&ivSLe;VZP_V z;S`l(Y%*Azph~PMEwy=ixQbKjz3nr|qSg<yj4f2gY~jY4Eo3C|_+<FDceSrT>FVta z0i%6`oU?&*_-$8H(<zo6OGTsydkYhe<G7qt_g1Qx_6y>go_FhdksSTLhYu}Lz<ig} z2KE?g88lOuE^{a(Eu?J=>ywOepL@=4`viI<5;Mbi)wQMjEXrQsI{*Q-Q57juR^A;p z$fRIy<WGiLv&a|IHJyKJg}~qELF*eR_GD3CpW`}e9E11lQ>dot@1w#lh%g(=QSt&Y zU8r{?PkEOyuaeSTRa>M%+jK6E-L4?RLyDPp23SHKD07omg^NmjXoo_@n(t5hBZ0pm zH~~qqMRSFuz))3`6Nht#yeZErhb#Z0ZsZ3@>g;>tN~6xSv-I>>Bb`%b71)+AYt2Z- zWln`H+ePDCd2!KY0I}LQg*D+oR<2|;HycuIwIK|n3&%Yd8KP3C-QR|%HY4te)&8nx zUZ3fzKuLr&EQiNjquTOj@v518OfiY@%exc(&&!K$M-w(RR&!)@Y+12JnKP`TsN=g9 zhTq$Edg1!?<<8?;_2CB-NYQRQ22m%urcO@fD=;|A-is-1H!1RPx^)egFZ0BOj2ddK zyHV6YKp(_cVoJvWOS;Du?l<8ArIfT`?lZ|NLm&_IYG>W2lQ6HIid@Mx-k3d(%0oLX zk1qVOOmrI6W!&(A0HP5dsIeiGTEMI=X?b)lb$38JCAZoYsk<=KlJV@3$t*Mg9SPZK zMo5fNEWC=XTpWcLF%g8gD$)itj&{&H{_PMEd;$-qdRL1rm4ag)2Q!HyL5+ISt)b*Z z7PaC<;yXZXah>Pw4s*^XRnQ5S`m|Su)bJQxmZ=Jq1f=Z`SA*#m>)z&i+-2fFY;R|V zRj&=-RyULg5Ep)q*>A5tIUo&7Z1$h)zVpiM_HGJP6(*V!w~hlDwkK!m!8lbvO|U4j z(`oE+pC5Jy210CUqt^Mp|D-IhUseqB&JD#`WT{uAZ&_1AcqGKue#<pJfaWSOI+qln z1b$GCU2QT;%+(^lioA2>i@dpleZu*SS3eGFYLa9ZaL3@H<qw#gCUezRhmz;DWwBYF z$*IDup$^dlYGF>hT{JLgR~lDMvqkG4YUVq4vri7lsITwOh8xDVL8mOMW(iH>YS5Kk z#l!qJ@!@$UogZ(uY?hjv^35-dW1ifbG>RGDs`<HnlH0jkLz^fNj1&ee)Xt7?dp!YO z&g)%(mDr;{_SMXB*DoVOwI*?2l+on#$Hsuup}xG5$#TbmfFr1S)CI>2RLB{j3r(yL z^98bMCm<jPzw$Hn?7j1lHT?T!h*=dl<w9PASuqggvYUaCvlC6%^6aW4Y)hl_8!eEv zZxVDDn`8z<2uhr9$nf|)8!?dUq07s)`D$JA_h@;%02@Xf%(n_etGs%KrhDolWgAOk zWee)L;(GO0j~DdG5%6)f<rs{&&Ja|S0(=V!FBM&(vsvX8wyHKwvgcZ>zi1R|yJIyq z-C}{1$EhDkr0q(s2e%{exnJx~Fj`_Z;;CBO0!DtfK#j)ma%Z@ajl(d7t%!zlv3laE zK<^!@HtW4mZ1YAsUCueJeM3>Rd%9dPikl5I5D;QrkOky6cKKuypn`6lKpvM4OH-G; z?T7ht#b|He2G+Y>S(|Y;Ei^PoX$gK!^lDb`uPj#Iv#QxOugab~ITl#V)X7x85Oq|T zLhLyLGEgj5w|l!aH1Uz;;Cwr~qp_qY<<-ctxpB+{r}ca-U<-Y{gj5SyM;4mOI?byv zbjoRO`BdVrM+6aepa$wa&K1vchM<6f2x^1OFBZA1zW~PF*e+n6rRAd5Gfg?ypB<IB zV&zZX=Sov;L&Uj4xTJcGDjhGD4+lsaISeEA;D=p&(yFR1Ul1-*_K26}KIs4etC&HT z4)ejjCC;g0l{Hvk8wqm;R=0rnp7jOw>Qyg{bW59WceBKz&aE7HS{;XyILi4NLZ*7Y z7rKD!8vsr{Ly|L{$5V{Nv`b8o+s}+#DsQf|XBb`O3#}P$)UDkwXH1NkTuqcg0kbE_ zd}3H?PC<Jm|I@AH0jW2hLnP%<{T}UAl-kS)d0ZjFo>7QWA>88Kxm1ehsZiT~Hvg%= zn;A{9vQ5&=2vogmWPx=M06ul{7V9vil;uq-SI>Qz;9S+g?7=FW+zq3gxf{Jf;XR-M zFI8{4nDBi%6#3dHW3c11uH(Gpx>B`kJ`u&2Eq7G6l>z{4I{5rN49k^(eG#zlEeO_z zlp3p5%{sXOw)YK|Xt&Xi=zJj?TIb6d!L;?OLDV#|7hZ*)BLffH_&`9o=|$=_)(Zt& zRkL?@v#^KY0{yhqS;Oh416)RZs7JkWVRSC|$&<lYy&>{-t`fcz^-c$~2B92XP0-;X zy8v+Kvigynacdr^$@={j`3uG^0}&N1#~57e32L306_L6rz?zm`tdB7siEZ?X1aye& zh?^(IZoi-^=0I7sc(D-SF1Uorc;I-^BewXw4Tdhswham}Z#qfSI|`Hv&(Vvy<{s-Y zH?(ieW8Bo{XJbm|i`SL*5^b7Y#^prn?tJ&_0lTZGC&u8IK@1AHv;(LTvYgCoM>ZAT z!Wq%3**)+(i@IXX8*yQyu;gaMa21GC{MJW=T|%Ry3~j&)5Y%P?DGD8m%_d#ZiZ$Un z+~n7g6>4b33zg!2+Uo%^BlP)`wwjiw!)Y(Mj@v;MBmRSd%pv$XcG0Beapu@*BTXjH z!}%Dg-|g+~Il>FAcPsu_b2q^W>W<qkAnL_B_p2D$d>5sl+d^wbyoU{68QDJPTBBfA ze42m!5F^FvG%?%fbXK4g*4Dc#F(6v6>I}e~a!*-tuLP=dxoZKzA;K;rueSOg8O>%k zt`5ozXJj=lVIS(iKFf28<FU^qH<~9in?-6%EIn%a@Dx=yFFK6{&Nanx7o9GLsusKQ zz8*f7II-xvTrYtc?J;MSFP<5prfYbA{9!`<MCC<e80Id6p7Y%_gViGmI#3!4ns%vD z3RoD=<+O%P(}Y{b5`ba(fWxed@C>CwPqb+6NadR;Ivpn6P0<^vG0p&n-qD1p??eLJ z(_ZYUA}!k0^;*~-l3W8-j!Gn8p*!aW<|=i(Io%k`ks7<Ny<QD&LU1<m4ZOqiyw<}k z)<&1?^17H%0f7Ix#V(vo^Wvt3M)L`SL@e*cs>XGZ^2sS3uO{w}`p|MEH#avU%0<dj zqlpBT<6P-Z0MsGYP_3>&FVD((NY`-o?P14%w+tNe7BkY){Rn{rO*>WDI6Ex!(P;7e z_~?)^Fd9;ucWPBCbG_IFtg4N+DwgYX^?(-9Uup9%$36F-_%KmG^_WpuLvxf-gurti zuCfUPL?SIi{_=!-;AON277Q@jB_9yb*X>yVQ<|@Pd*&rZC9P=Tm!}K_M4zJ#==!x# zF6mNH8+`hYI1^Ze07eJ&DWAn+5&-yJ=4<U#v|X~@nvDkXCL!gD{{_PPZ~w{bKIKwv z4-R_)KAOy<7!_@(COHF#L6#{$PeaZwIJSAj+ZFL~KzGhQ*?L{C1g1~9jo+^zc$q%E z=up*Yc6Zt4v0%1ZsAoAxKY*1l=6QLz9wh_+@Z}S4{^ZCUi?E`_T9&#XpXNtsrQ+|O zl`Ym1D_}WKVM)lFd?8otqG-XHH`yguoGx4Z3J^<%Jdr?FI5|^c;uYQq=-|@axx$Oh zL>u^~&+Qr&#v#^l1yy#+#idP`>e~?XPymAV4Gynb-DDsh$yH+f8~|{3sQ_>2Ex72y zwt;Obop5di$B-?SvMXdcS8bC3lq8IlyP)bt&G&DhP82Qf;&`d@CJ#52Ew;<XMXFeX z%^l^6Kc=Z$q^Zw+GPgpSm|e)5WR@$YEnq=Xw188zNR)dnCpMs*1rtJ5WIpD_-sV<J z1yw?d7S5UKV{fYJ^CsWO7PH6}TM1WHe=t9=R<uaSQ^uG`fCRj_pz8l)?!CjBZi6;a z?7mpAQ3L@yN@x~9K|oLh3j&e^2qh{anoy(*2q=gJMQnhGbZH48w9t!)pn`Og(2Gbh zp(qfLekMVb_xpCgJ$rVqv-^*i3BU4`d1mgJxo1)lPvg@iwff<-Hd7f<n9Zsb+Hp$8 zR%+8u0wq_M1O;^_Nc_%tnqWLlE*fKWlHw#!kkvvGAK|o?Q!&e^O;?flM=<15l-P&= z#|Mjx!Awm}#c7AP9cp>L=WOZaHv_5^^eYw50;RIed(Ro9Tvlg|9xQsfU+-J{Iw84p zp$e3-CkOC41DCc$Ver>tFx@rd9=e~%>nBzm<m>u!&qFplS4%Ey*JqD?Zqcnfr!I6A z?|akWG|ZTiGRa9VEpu|ExbozT3q|y+*m>x0Y&+4o9afEUfi#(jG?6y#%$l2N&8L6z zlcjm#tk6s<L;1qwnmGI70G#BmD#5|I##17FU^fMe_noBBsxMP=O5zI@N)H?7e|o7t zJ~mdi{<_=QS-QU7A*3G?uV>ZI=)(n2oJ4IKPd<;$pde;<x#gab+ae(Q{5I?>NuM~? z(m4<{kzeWF7&50#awh-0a*`s4cOX(4#k?AHNIu+Yb&AVh%QL7L8v!49@2M2b8k?;q zZPVS&h9^b?uR5OvdG^s>o*_(_+r>X9z{=PG5_c*SlUC$jwSFon-?cV(%ivR1*yDKG zRX-C-*@^b%W<`t2ZHnnh(x)73eT2Ubipe3yH9claauqY*`^Zt?#6@oOcgz}k+hB%7 zlLi%U%V|$Uk;&Q?UnM^gX}T_2Fm)LxDq|*tZj*1uKWK`~D*Rqk?=sT!-H(VS*^Mg% zNA@2bCe2`OtkU^a{-If{wRgX}r_QSHXkts$p_E=_H?fq`Mu|{Ul6h4Jb?#XL`tY@S zB6XcW=EaeC+U-*_YnQm~V?BH)a&la0d+Vi9jkc-6jPSm?qEz$p7WFLhN2@dA@^3S% zuj-P_`#;Oi-TkVxs!`F~hsr3h>1)&N#op{FZ#^M?uVxE@a!*&~#5=9BTNKxBGy8qb z?W0apGhMSzwGk!<KJBavb1w6cb(wmrC5^pV82hb#`daG^tpNjkPu>y9TMY6q|2Jgx z5UCl|ORH5qQP$prKU>;wME%*Ew#k%(EP-MeJ$qeZ=!bga<`*+KyYR<XtnGWgq&$9R zLx+&fFM_fEn}*D>7Tu|qP3jc%kMme(f5YrKPZHlSl|ebv)4#IK@P?F4)qbH<dhER& zuQO1pRAs%#Rop8qwZ*3J4cbiXx;aeAe>K2lGDY8R&ebv+BYticW69U%xs0@|wf7v+ z6v$Of&gJ_DjSqD5+IOpv@?-pTNm4D$JlF3!Mcl^50V~lvUhCSa%9bmCO3r=7mSRC4 zJw^@BxXgoNX%eP+21C{+uRT$w2IZ5;+71oZavjpTRA<e!=W~TVRLrjwEyUeai!t9! zla@<|eQ=~p0ETb)UkOAJ^H;Oh)A<K&d_>9B&+Es>t+Ef=Pf_%KvWK{aho|Yh>CeyO zSBTV@<~U2mthr|zKkr(wPg^9$52aD!LSpHVDg;|`6>r*)QmKsmG&#=)BDN;kb}`Df z4WoR=oJujBL>mI-OFWiLeR8rwaMt$X3o^}jS0{@gE97w`$rco9v=NC{Loq+?-d*QS zmYqq@Jq2rLjdL6l-0os6_RQg`(bKpxePVyUg1k_eqHUvxCWWw3d&_8>JKp^vC|sfF z5ls2|;2eu3x}+tPI854bW@l=V@bNI!D`<t3^M=13ogGh)3v(s(BRvU}a|l?E$H%^g zOqqYgtif7m6)qokdm`*;^Gzb_6sYX<ILwIHgR)F_clW{U3f{tP!{O(`4_Q3<QWQ&n z>1bhKd+)YBX=3DJs~O4sbl^n_pS2(3eO34&8iQMh)M_n}v?F55wDIFVMk)hh{x~bz zE7KG2to&2`k6k%2v@B<1^P%aT%Q9Av%Ntew;5oA;)-Elcrq<SLoZ6ycGVC8KVkkL% zIB?40>c@%}?9xH+!M03S0j)?3ULY60I?K&xmY&i2x$VkNsl89z+quK<4fj56P;?)( z33!jy0)TT=-+Hv|ka){|yoEt8nrOYwhBUCXa8l(U)pw=ecNT_4SL@7`*-90xkM|TT z7wNuroX^yBZ@I9^&o&LGA=H={a#-JpKsgXk6HmLB#E8zzyxh7OonNfeHneIy@8tLe zwL$46<ErCP>6ZokqG436+GgD^N<9vJ(-w%I-R>{+rfpW|<^|vJ+Wm+LDpHq3GXV#C zq|&==Zts`-&fW@{m;mRMcHZ;)B5_VGP+n^`Ef|U4KtkfjBRPh!`V1u_YVt#m6zw}z za2sesOakpDNZB8o=!GP@M-^I~eZ1;F+sh^_X_C)AAMfb2<Ud>Ey9y_^8~$HpIRDJ( zf3KC##CQhhodkS!^~q9dlLV1g&10gr6OdR)q%wi>D4QziszC(N3`8N$IqM^g0i7jc zYOY=)Qr2)_6Gah}M-&FsxPuM}cKJjk2Z8JX1ag5i=UePCHQ-#M&hH~qGROTJ;|Z}m zLmg>`T_62<lzitlPd@uD5GfizIhfV8-sQs0{*;euJZ}reR9Y^O%<?Zl{5$=aRA!4^ zxq);ac3OVu)CH1NgMGnp0Qt?$uMe#ZHc*>vl}CcB97c~)uT_5uK2-R_NBXYFicQ1p zm_MU0)Vb{+r44IGetr}!?-~ZYcTZ%s4nwH@SE->zD6i|52OHTqix;3*=|i0QbUgYc zN3x;-bsf<qJrJe(9%Q2{bUGXaF#_+;XpHVXHn8#qtkrdrveN^JNXlUlq964`d~21k zgHEUaH>pSsKiw0Qzt7;FkVU<UeIcej+e9xoMR8JE{K8M<{VtoX-*P2TKoMU%M36m? zM10ktc;U3REq+Tp?St;W|J>3(JC>O{RG>Jz@9Bo`)DY{O>u`V~S9x7>>TlTLU;bJa zug0@{A1fCUSulMbCGNW?A-lr09mWi(AKvk=4|}agdMcPS(i$c1-B&(75oYHf!j#<L z5ykzjx%whO1I?NDVexRq_trtez_w3!`)-1)t?>l6RcQeE>xTgH29=~+E8r_6qUkZt zZ!^{Rmo6y+vsq*DO8npT=W)n)v_QHiQsd5DO|q%y3=6`;Y<WpD`?%i4nEgfdvL$Df zesy?*yK2ChGWc6uAO=ey;-$iNzW#oYwVj(8@>H4rQCuB;Tn#cG6YRiwW186LahWgg z-rYVXrRdbZT4_T>y@sfJI)u&PGR@EnBq2G=R|<{{z{989E7Ml`O<F3h&@WI6vF#=v zvF%2D@JC?p0B}w~r*B>mLREmUu*?q^mbvc<E}*}E>)}i9@A4wheSX6}x0(-q(9#R> zm>m5M=4k>K3K)C#(_ZG#5MA`Mfa|t{<{q}N;UNdjef{3vxcMvsjx`ehCLaC4AEzFt zPyFz0R236Y`xJApZS?i)Nz%DpD$oBJ#Y<lcaLbiaD-1lEdz2x0ehs>i*4#S9kh#1@ zf3Z+I0PfzJ5OD3I%82uLPZui2wp_08<#a8pA<^v^nu#188*93i`s=*re|&Ar*B)~@ zfj5CZf-z&(1?S!jRlR>aDqe4t<H0QWK2-4`@N4M#rz-k8j{NIwSPJeq#sIgosnsYE zt>}W{>1}E$BTyBu3W0z8_iV$c0z-FnP!nlanHH;GhW?}D<aSpq)phaluK7;Ij9r(I z=O4(zGs8>mhKPGwKE<V2-W<I0?=`YO;T!*n@(Bv89Y#Llmv-_`Xz~}#8%A}a(ndQ- zsB4V@<UD)4hLWN4KohmB6?X5B3aQx-URj&sY(*JX;bQ+Am!4qxwwqmT`EJbCP@Fn= zjJ8pjjUZfr%&!uuO7;=`#*GJdQpI_`E?Korhinq=G5K9_Fw0D0<;pFtQv;b6Rblx6 z$E%kW$uwu$1bsAzU~c59r7v?JP0TNe+2Xoo^+TK_vde%NdbGL+Z*-kPXc}OLY>yHs zb=lN2xl6fjTdPx?a&A#-leoAdrgTW5Nr{;2`dnPqTCYhovImP8K3N|(D;j0naOpk@ zNu)60)X0Cm;$oK3zQZKfX#i8`p+tUr`H+mvcK`CqP{k9Vc_<*_l13SzjnxRcq>m7y zvpm^Vj-9o0bn*DQIsDZDvr=}f^oUDWJo@p9q+7gVNw<7{fy5s+BE8wMA;kC4@^pPV z$tY-@@{OpUjX2EX#`tI8ST88Z0S9ma#t5)h|1AE}l+xpd0^Pm*?_qILAktDzQAos2 z)df8dQ#?<g<mmHKeKmFdE_j?!%76R{wEs!3g@XqAOqH^8)51wv!Lc477{6@+$CY3F zX7KmbcQ4oyZgx-rvGXU*$i~FJLN-L+W<6WixKBB`7(;{|cm>B3Ap16??K!D8uU_GD zF0Q_791{eaQNwvY>`*i(=&*$AxJLB+fM5%nvTWHh1S?;>cJ10vT|52H_ub)&$*^op zg~&Bq*Ki(l(hGqtd5FO7@Br2Q`<wrrvrD;Dyz+E3r1aV1xM0ebQ@JCSE*Jz=%F_7b z9Md^J9f-hyq2(+NzAaJJPdm-7y9~VlPy8djRpH9+uB_nT;kuZ!K~HKmL#oT{tX70j zE|>W3*NgpB$O;tlwcK}}Ec^FOuj!hU*L%(evV#Xj@h|wECkA9$U2<?tPi=`sSJyqH zHhntl|8~(kML2PlO!uj=@R@!KaA~>OIy!&6Z3=SWZ0Y4hU3v^DX9%a0C5^LmW(T%j z>5Qw>tYNKvMsDq}^?d7G?@(`Jbujp0+d)vlsW~sEaz<)|%r9p@YP;q~3fQ+SL-ezZ zpm9=V_0^azb|kVKEh8jybAnZIPoJo$+WBZ{_E{`8d_8qA46EUcp6u%r$WwDFbj-YM z)G@K6F_u>GwJqiAlBHaCIU%Hq5du{~W9P@(l2}_FbxeuNianXRyl+p(Vsirw8q}TI zE#toiuC0BXuFAOOuoQ7RoBV`S)ZJw17^dLf$=%dIpwq3L#j1mu9r?19fZ>%rPmZc| zFmR6alGeTEC+z4oN{q?_23!yL*y1f)MMSR=$+RL6sUeXoo*VfOTiMu<rz+iMzuZlA z9?RcvwKkAK2|{2;*W2+#K|t7?iO0T_%`SJXJ@qvys}jeiP^^6RnLtGG4Xm$~Q!goB z9@<v!#&tZMv;Qup6wGotBa(vqtgwaRy~Y<^vKKlpeZEyzcBMABZAV4oTMRLXc-Fx_ z=_js&OqRdxTemC^s{e$7dm%UMY~yY4GLV$(=HcVE^hD!RZf&=YQAomW<qVz7!cjIK z%&${ybsb$V$%jkEtZ9Eh&NLRvo;vTo%VPDGB%9ef1KOPlCr67x;qEaS<O3<*Dds|r zLKkMaQdw572NYyvl0lJylJjAsA3#Wufdr5QU<wX*1wJ2>Kb#^Too^Pl3$5dKXu04~ z8YaUy^xT&a`6{K5%tVaj>T+6Uzu;0I`kqgsc*$epOp;q;Hbw5<DO2IB6XJ>kJL*}Y zUR`DS4@C6~md+150q1D;nS@5{QCc57ClIvfGOI@289jJ3*gU*cd}^Efu5y-gen5C! zuJQN_tU1%j$rRs7DH;CG6d86@Q8(`$%rU!>>HP#7)YlfaZtkQ}=Tix6zMT}}N0P?h zgXf|JKE3-fPo2(~n8SBl>dv%E*=c7;Y|~EDFAz_pZ46?fqAJ^!=IYAOLoxTS5b5-@ zu11$Ti@r>&o*&<0Jbp8Qlsir2FRyjW&XhLJs?I%myP{08bNZ>}<=jBE*(aghaE9>R zgMW{v?~~FM38&I;O$=AL584Aw$UZ+;@6X{!C<sy&b|#>e(8gqw1U3+vSFgf;IN@g~ ze7;l6Z>tCzIU?7E+GLq~;qT4Wt=vS)&%f6&P|P!2!e6UAXYCCsges4*H2GGCx_9s1 zVIOId%MPbmR7p)=*VEqoP9PGaO4%D_N?F=>Fno42j?MJBI#fb-|8N_p&O?2D&y_mq zd@;S%so5$OuLK;g$W^sgB0wWy3{QU(Q<<m>pLM8-QlG>Z0`dg|1IT@OFW872eEvwK zBKu<TN<7uHHT}AtT>4DNBt@HTKoIk$;sfNEuCMUXMH-N-$>IdwP$uaA*)GvJ0gllI zPlMY*o{SmECqM!qloQj1FMeCI+m#$`up%b}iFah*eY}^Ws+P7606FT~H_J<ZzS_A7 zs9SIl%ip~_-gjrWFHXIeF*MX(;O_Rv(CjP<Ais~o)MRH3^Ue<rEGQq<7hb}i630$n z(k1m7FO2>Fra$NXEEUo>wk-ihlN!%%T_i$*ZsOcZxme`&$MA7&1taug-f&()B5t2Q z#Xi6*o<f>Lfuk*WkDme=xH4}OFAufl!$B7k5Lm7B^dx)Q0Nxw2?JfT2)+<JbbT&w8 zU}%VJ`w>i9qH%U=o0`SCVe2<4p0lIh>qfly=en2p^0IkPo=m?>iJxzqH?Q2rHE#~t z;&hM7qGI^&?s|SDblyo|NM<JBBsber$}pdDJ_)YawrtVG>Xg7p3=z=Jk_BW^?3;~= z5pcVgwPGKZ=?6jf>ZrQ+##uKar->@Hub+G7?{9Ts9CpP%Ivsp&Z<wNUQpFj*UTX9d z>3q1Tg*s)7#rpmsLnrfU>(<H;d1)-^U`Jb<>BO^h+r3}ftjT;RSrfR&xn_rpnSG&S zkhMH6B4@<eCSg44B2tI#{LO<UgBmokCq{%(pZt=m&cM!0d)FDU<hw824D+&8_hFk4 z%T-zKqgu{l@PjF|R2=Kc#~d>$BARIKY$&JcjGUzCM;c0{wN8Aax6<_aO-x9G?yZeE zb<H|QX}$tF?DPv80VZA}Qj#b0T+?sZnMn(YyfHP;9{N>Ix30g=?P_RbLTdZbl6%<h z-tCHy*5i9`9I7?)B_&R$XJ+bu?6+1R$Cr!O&!A@=5y<<QmW>B9eb-SJKl=!glK7yd z5_wRopqiVAvgzMi*>ly#g}?G`4yHA;T;mvx(RS@ova0L2_?NEt%ksje4c86Ut|3y5 z){NicGP)a5jYM2N&K5W}986Zo$E@*3@S%xeD|N=ci{qQ#FUz1>tZq;o^4o?NX5k#Q zm;Knw92l_5!{ndHatWjiCV;;Or*mOJZP9o%bM2i|Pbh(?KneH_iEj7z#AM8XpBp)< zRYrt)XnBhnY2tcn)Ub2a@*m3AA%HnzCKV$2uSs1aQXd@{H|bB+HseJTorekX+Mxlt z61g>`gQ1app>5Vw2Fkiw*{?e^8Q1(F)LZeGdr&){{>|K}>#3G~`v#jR_}15s%L;A? zH$VKXtDhO9U9EsHjJ#FT7T4_$eKRm=J>**`1Cr^vrhth4=UPrnmW&smo!hSDRQs&q z$7E+8GS0hc+b9<H(z%;By=tU&$@oj`L|N|BMCUUEx9Pf!NDtbVz-!GnXiul*#+6_7 zgl6G4^M{33N3cnDtigDX877wPbCbR-34OxWQ{3Ah<zf!xc!>&DC<3>YN3lPdubFp0 z2PiN76i<8k!I0!S9q6R4G!Luc>_2}+3|REpHzE%gV^SkA57$$ihuVY{od8qc714}} zM=u9m?U%_+0z@#>)*2SM6VkIB9|3{&L6I@qKwfOV9XL}pH?3_*$r%uz>P4w5&rMWm zzd4ffL*wOX$kjo<kL@I&^Kq>}<5m7A-SPvD7otbi5HL9Q^-5T5SVwjCpUe0xR&S5s zI76N+BG$ZO$nM|)4om>=fUO|ZDLW%laTK<HQ}*XHNDz3JbQ7selsYA9?H^qLzS2`8 zk`LRO%m=#Iu8aW^v9uN^tm1LYkZnZF|Gt>&d;2ZMbD|vk<jB^ANErA+>mDr%mHmDK zgp>aL9`IlP^&|)e?K?4l0BDJZ_KoI2?$bX%My`6kZ&6r{dwVpd=AVVZ!ET`)mM%Pp z>mZm%Fv(jv+j9FcPF*ZwAsVL%yVKv6Z#27(qpbhN?bzOq4=fPGy#BQ|e*<~o{ee|m ze8>Ot{NRAk$5G~o`g@Q5=Y~LBLvZ|F8v|5v*}<$!#rFab`ZS}yL{-*cb9PTvxQhFv zLu*q83!P|i02nkA&i#RB|7^g`85W(*+XN(YWc2tZ>US!`38}X`C-!`3&Xv#4UCXu7 zFn+l#5M>UAWt%`GUXmkB9E-SuguWgYw!?Z!8QrxDIPd8`>CgD2jQ7nk{CA_%imtF? z9eNY$`rJvD<_Cjs4z^^=Aq?NpO$IX++&$j-P{q&oGnp^U8*4|pHXhs*S}L3^<<OSr z(l%h;{Gs%sid}ndCglatCXJ+xf~Gt29|uYI7btX0cz=6D!P9#(O&dRHtXPmXF2gJw z^-bNWTGQt{YZX!_pBo*%<FNG6zU-iwXKsn8f{g2yVU0SZ#%b9G@h5yunG;Xb4#4l4 zYv~*i8849Y5Pqv=GcMV@w^65z&-w)7icw&0P0K)s-KxFVo9dEtP1o{CVtRba+|fRN z<VwPr!iNsm_vgE4J#1d=U8itH%&GmSvp*m1%;)8%r_lOD`D5c!=2V7o_!obRfhLMi zN&J9CU2{&5)n;LDH>bPnKR2TXS328B7;7|NR_i&&&c4Qy*1(YynlN}Hb9`Z&em3Mf z+w|>ti_oOFeq83)9DF7=WmB3IaB#=1Y`bLNx@}MYiF0hP7X4{}?`$4zyV;+<WV~YZ zR{!^%Wf`YE){c=vk37S=>(7#I1!rYuI+sKg6cm&^;%71peg>lOyDHkb7mm(@<@yEO zh+&+gzbK5~`9qc2I>VdqGA7q9QCyS$%#76bPdab-SnBh7SIaz%RSiszlscV@qY~aP zOZGYOTIHmFR+4e{1w9CQZxo%^ifmw_YO(sTT_Q!|%N4^(7pbAmrarCaakpJd`tDux z{)iFcDRH$}jYJZ2Nnt=de_yw0_)2AM{K1q^1!73$`E;<_ynmj>`=ica!oOJGQxL3J z{tNwl7e-=>d8428?Dw^@j8P{dnrtVeaw5X=n2@}+!?IdIa$8&qq*bY@R-)t4R}3dC zVuy=wNFV74Rksv%f?;z1(Rqvr1QyI2{|l!x7FE??gqAJ^{4k=@`q?3J4Zl?Spq)j0 zuM1y+B6*nKzrtUvJam{Ll9JBU=&s`a6#f|Flt|5gAE20@TU4&xGh|}=PH}0!Ns6jI z+pk3;)HwM9juH%=)nA!&N+^lip1q*K=9MEJOg{I&6_70G-4%bghXb@1X~_S92KhPH znA<L(NKokLIvZ8Wzq-#1x%1xBrvm>p+}?Zna#T@+m#5d=i$M`Pl{No)urnoU)6S#= zr4i-J1RcGXMiO;RWp|v4-{701GuyaHJ?BU1JGB)VqdZpamG-HHqu-pXz66I(S@cX_ ztr{QkvK*=mb?a%P&J1Q-^a!d_Vgr7-lJxdyNqJ)nUv#|JldPeq)dmHMV<&L80)iR{ zk<y)%tLV?*m_=d^sZ!oU{D5?qDrkH#z4QKQYX9!6?Ve|+d$;^La4vy3p84}e1(7nW zSBw!f2m+O<Lkf<-T>3BqB!7~PJ09GVgjLV?D^f9QMKRr>$U!GBuPVh2#pmy@H;)fx zuGyGAgLHtj4cIrRY&m`@3&YBt^H@rAPjMN!n(5bKfF%Wp3iIB2o>+M-n6OS+q0Alc z>gwv`gboyykd&mJTh08*<cWVB5;7v%%qVEcaU{+K@?6Z%H<jr0SL2Z$8!Vi=LhRU; zH2LK3OA;_F4RX%h<PalZS!zUmkZCvflDXD0+&bEhUzHN=Qf`5|-)DZQlVqu+@x9oy z7G-Ut_oK?rd+j&QXS@^jQGWCK^mS|@ey`yg0xx8=_kv&NlaiLQd&KLP1TvKIn$&)J zV**W0@?5~G=L4-t4yz_@PA^}1cIobe<#D$sUack6YX4a2_Q*Z;_7j7xPQ}@JN|&13 zE;J8<4dbl%(tQ#Y6j#;FjE5C=>sBh(yhusGQP+Ks*2VH2U-g3^YPiSwrP5UA3Z4Py zP5qL;;!Kz6D07GRrF1WG^`f_`%dM#tX6`5O9{4@9&p6VXwk-h0!<2z*+J0(C678&| ze2rSg<!?+<uJ1PO&Zc#6A(~O5Pu6$H%6vaV*?A9F0Vr%&hE2Q2mjfSfbQ6(l(fEoz z$)}QN9l}nYXnmI*_#Y2cEzs7n{4$9-Y7waz?`1WurY`H2xWAhGT%-6b&UW3obUuh1 z#M92{kYv1=lvwj*%%cFVI{SwnI~}MvYGz;Pr)H+|-0n536PjHsgtFXLgc_b#6@IE! zS?Y@-iari^CK=K(N0)7@FK9ku;M9x-{QdiBIIZ%l6h7}YTIF$y6QM{cPnP1(ZaMpx zEv6GL%Zpqw4@=9GM|0P;dD-0TCYCvpCT~J@K#vfWC)e)gl6=2{m1^z${{VvfE8s}# zYjn3_|G=|H1xbEuX2rnk`Mn77wDjRbTE?LZ(g#e;_@}i2|IbS+@CUA&8<2))J(_J^ zGf~TTGhh8V0L$TV_o%*Yk(iAqC|A93K0qbIAQAnb*8YBuRjzS7<1WJdAUlzF`+%gh zw6v5I!^o?+zhj#Gx_E8UyXsy4nsR>t*;T_c0%be8J8@8YN}Ixm#Gn7OB9CyPFC#Dr z6?H^I>^dY~mC|!}eivZ^Ytckwf%b4`X`9q3{{%QKFPxiMVn&}o#1`auq&$C6S67#s zpKA*_!{_$TpA0%pY~gD3FZ|@$ueWy8qA<s5TIO5lX!p#Fh9Na^)#}o{%f^C)S1a?M z!+O1&tDDhRekqrAPIY3}wV5Lp78VKU#Cg#Z_zC2F&n}_%hD;kQ<Ia^b;7<^cthkqF zDi}PL)RK7Oh4v(s#54N%YTwB^{h5zx3@%#c)BuZOz&get;IDb7tO%#Zs65Ju#USpJ zL@}N^iN|7)2$}#vb~CvD?;9Eoa?DHuw8*QKcgY$YVO*$ajWYYvE>dr)Lz;DJt(q+u z_VGZp+wkSFhT5IT3AB!4gVxBBQoe0!x<;g;^yInK`i&@;0{N`7{tMEubYEg6g-_$G zcA>s$*t?f^M{K-SSuj^U()7l$GWF5;>R<(eH#Jg=fO>I&{<vs}M!%kjVGYb~G`nw@ zoWzTVZ1itUW_}fR_W>#qW2X0@3yGH@6J--<uN_J2h_dK7Bz`jzuguvzE^Z=~L3gRF zsF<j@j94ySMUyTi!a2J|I!)nwhF`tq8O|z8?YMNbxzF)+1X<DF$C`>`eU4Kk&00#h zZ_58La0FCr*d|o`w?`<v`5uN+pDa%RzccBW&{<E(M|X}2;ZY0kles)KHelmg7h-zr zXG#6C&qyM562h?ZW26QPvuuG8{tZthW7N7$+}yi~!z-p|&VMT~L*pZ*gks#J(Ik(l z21;6NeRrC;bPL9%8{wXd-KhH#Qa_3*<vh0$*h^Yb^Hw8?{u+IjItj&l?D{y~9s_To z`XY_gG0o&8N2`CGgUw|0cT{kDG^Y6kg%*JsQT=mbHYcK6iAa1iaIOA~9wJ%zom9*q zRgS>h2;R`&^8}+z)K5U4+W;;yM?xM)VCn?3F-*4rT*>kU?aHxdH3ZgZoi=$0Wy?s2 zlWSc2>ImGRhs2A-qXoc1%3>(iZFv)uOtR-lNV_q1J$8nnpUGu5H48;SIsu2E94K$3 zk~mG%QK{{d{`)Qq6DES32U4B5;W)AKXz!bHsay%xzNf%(1)*Ro3_s6xcV0t?vj*HW z&PH-xm%yZ;GZ0i?G&|kSwz&^_p<IwbBzu4#pvSXY@5PK|Vgy7~(;1L?YE3mi%h25p z6b<$%i1N{PkVHZpl?$WJUbq!H>3XF16sC>GNJx#wN-pAWo6?ks=DG$XR<?9P{-zIj z3hdkAhH8uXk^KBo%v0DcX~Qn}W4{!Mn8X8B06W!0zu>=gzb?nLFQ?<Rz<Knv%}3AM zdQf!`Vw{bF5bR$?H~EMiP53=$2)#)!nk~4qh4KGC+$<p_WeQcXWT?Ud<pc3j&sMu~ zN#}NV=f8{hclKN>sN4}%zYioVQ8;J1OSZrgDMz#SWa&Pz^X{kElN_j>o}R9c2o4U; z5FP#WY*&b!)v$kGfm7zE%&X{gKT-mNg5)h5l9Q9Gr=@@cZklNwD)efKJmu=;U8EC_ z9;HL-)wzUM|E<W13!Ky9^ch8ba_V{>x)>$$UMZ=tMCna#No!kMu`C&#@BZUkgc<C` zBPK*~!7ew&*uA2J;-pr4pAx>Lke+?Xxxj6Fkj12zZ^667_ig&S8CK_?TUuM6Z>w=~ z2+JnV<o@umw!eDys*@9~^{iY{0xe>ETBTKF)MQj-+KuTNbEo+t@Cj0PzjGfL(;2DE zHQmvnFP-(#(JWBo8KEV|5kK*i^>gwBO=Aak${pPkpJ;l+><9MoSnb7I?BUJtIOXVP z8PPimt4-1-Wa@0na@W??7?|#mQBsm@2lU~w<+Ng>{e;tL<%imZqWSTZmb(QQR@-h3 zcS=t4%&VD8jH4H_O$G<=lkQ{cr6O1ZTB)&%<Rye?yo=HMkGG3{LhkUn@5qN?!4mpJ z51m$D>nhjXvqm}Ltea&cQANMJyK1Qn4c-s9i5kRxlM~wfnd#S-totj7w4Sm@a^`~$ z*ROvr<Q<&AQS}~l^Dgx`D2FEb;50qQJ5ssS#`FqxXzevajSq!`usb>q$^J%K`QIY! zT#k3Yb*P@`Tf1nnrO?ih!>!%?yoo>+Ja-<ACZ>OdJo?PzYZd2u2yxEeyO;0MCx-7@ zxA#tY?y$L$wZ0OvwewugUe&(`BIFTiL;Uqm&xoi(S!s27dHLRDsXZ+*cHA@x3#-(5 zob|K(vKf6te4diQm+j3mHLtlBjUkC`4rl@70u)j9W?j1{z4dIBLRs#B>b{jino9!R zE=XUIJoCs*Ur7joCMh4;lkAOKccx&NfG(1=`&4u(>d>N%%<d@DFXD|E4Mr;{!)1KY zfhrEit=mBkTo|&iDyh8&6MG+P^#*222x2D)b|yssbHSSfXV>z{{W?Uttlut<6-FGH zTN4_IsR8K5IavT}-Dh1>UW^-koqWO6f#2j+_x!E$<bskhMirkfP9V}kT_A^nRe^vT zlu9MlM;|}K)=#va=SbqQYt5pLf{8n~8y*5C)Nj?hNQW&t#TAZuYTIwp3x-pdSslAf zT-7IX+16IKebZEW<5>NhCfZL!n^+wZ7sxI9Oc_7NnVda)&U@GMw0Ajk5x^(h1p1(G ze$=`oGwvt*epx1#Sv4J}pxL7fpZH>tls8=VcXVFbTdRAUR)z1~K36Y#1htm$*||e2 zgJzuDUx$T-g@y*0bDceVHpOF2&+ZwE4WCYAZA6<kV?CvAw+xPTiRflHE8ZH+?w#J1 z<0o&^*1u}MqO@n8*X+I}Gj~=DZ%m)$VtL&!^M593AChfxVz65SrJP<S*3MHbte%`2 zHC^-1?1s^gJw5F8Tu{s*Yoyd-qSFt)@zR!Hg=0_!CY};6+qGvBqoq;q6jZjZ=lQ@} z!p6_2{>S36GY=+rnX@eN_!uKN)}aVdHRY>k*Xy*4+_Iw)-1`Q3``i6hJ?~m;Q6>Y| zhwYiGo}{c+PLY>iEG>4YCXf62yx=*eMClug2(q5ESrIhuAL_@OSDX}dZ>3wc8>|Cu zs6^k%QHK;DYZO22)ZF*^0@l08XihZ=kkyUkqBQ+BQ<ZR8D&c<Tc!V?WEiP*rr7&Is z?+iPE#onejdErSfPK_IxADQ6hK9kTAH9Ir2{TmK_bJBdJN67H<SS(S;<0O`(DmI1l ztC%d)9cs;`lSO}gyXd{e@&XCd-M)0tv}mWnoXaH^V)?YpbTsq+`oZ!XG=bOs<nMR1 ztfn&JmOH9`-+$7o0mmA7;qm?uniSBh6d-yz9v5Jq8L&nV(sdO%w0qPX#z}dq!j?rN zG%n^{TD0>5{k$DU54@!0xl6$Rx!ZgZvd*(w0}b4F8id-rswj+aBd_5ZBRUg_a>hG0 zNRR>C*)Lws*J&xEpH+vQ@+wJ=2(NAH<W~1^J)#n1kMN(XCC*wVUJNBn4IZJ2TbKpV z;g_<_sF*NpsBW(jZ_G$!*-?y(9J>E=uVo?>*(?}eS`V8yl7x^2KS|_UU>oX&7i#98 zGhrOuZ?|MgevI1(IP$Ksx>$U<w75VT=24M$MlHqIkW^Chd~K|}H!FW~|GFMK3j)AB zw_$I1TC5do<Vye<Y}!V43Tv|@iYYq#<310R)SErV4_vdmRD1ffi{Vwn4OQ_FUY@u6 zuWnM#kaMiqJpxiRGWlMT6{rj|U6RP6h5WFbNF66czzFax=i4}HJnip9_Ff>Vk}r^s z55d&PkbIqZqBy9j#QpXp<?7`xILG|SNFMk2TcsPQ+@ouLpW(;Gq(Wf!ndP6MEX_ah zTX96A@a|+^GoS^|arHffnk;MToNmxh&nYem0AU9(l*+2AaNxNT(agDJ)tj+%lk_Sm zCkwepZ<|wGa{L4+rBZNE*<cSigu?85W@VRO9ymj}yw7uPs@)$5UNJE-^~;KG&rFT8 zJ2XH!GWbDUy5UnTy=>0uZ{@MqF`s4!08YSn`da>v_iGYXc`X5mZci?U?0X1Minh@4 zfTkXP_K*v-29h37bgiN=mpFu*&70>=(!X9~-_1?MZKiThaiG<;Xp9e@uDi--n=VOC zmz2y&#6KJ(@c!#6h}0}!bkqOdj~{?eI~72_We#ar_KfcHh&qwWA?I>|XZeH4@4%1( zTC3C_aLmOuD#$^M|8M?tN<u;+587T}F_<&JziKG-EOax0w0lAQvL#WK&|iW`E>QUM z=u<cH(IHu;i2g3u-|%`hfx4H#JGOwf|95?SM!;C0A3L>ocXyYRl++Bmef#t*RMENY zyc`D&>J;X?ZO`mZ_W$a{42yx*BH8zatlszt;tsUcb&tz9*1uX75+3fXXb5$-P+%Mc zkPg<)?adt*BvFeKJOGFt<xFi#mP2GC?TdP%h@E4Dx-DjYI;6pB<I3zLcwEVk6QoW; zt=~zN=0Rr76QaP-1X+X9bdvI3c^-q)1fx;J$2ZtT_$jBtwud4qWgcFakZlc5@g4tE zl5vaP^<Irqxs5l^Q*uH~{)`gC=-c41X`WcHSO`@AQEmFIgODRUDe39onEIaODuHcj zmU~|WPSzl@KR#FbB|SYbNphK~>d<U$7}aT&oBU4LcCX(G;Haotjl@CLv&r*GEs<@t zO6hIc%6A(Z8#m6TMl6!+Qv_;I<OhHMbE3K)Zc22)-NDTb-EXGiEW64ptRym-?u?nf zqE7?L56czz<9fwenO@gB4JZtamql64<Abe6F28F1CbOS6o0AeO$sdy$4k@0szR^k& ziVp{LRC;Ie`FG|vUu?iZ>lcf{>2B%VWugqzYt5a-_gk4?gAA6foB?7;HqgBE<~<*o z3nYc!Z$`>kZ$(<-h94VwTj=e3(4>@<@89e*`-(pF$apuiB1;IAgA!&nB8iDV#{DXo zIqPth`QqdgKb#*ABtwYo#M4PDvjN}(nuG3mjKtqadK#uuKjh4hq9nA3(CkSbA@`^Z z(eu(OPw%e}+|c)t`w2o*Pw9jZgae#(4N2Xf9Lz$(!knf=#UFadomctCTHpHq^P&L7 z#6;S~uCdAn=)Ch7S8=x+$E$pXRZF`VnQ+%whTfEiF@NY4hKAsQ+)ttE8DmqcW?;+b zq#Qgb8|+Pe<Tf+lF&v0n!8HoprGKWV;<r|R-|4GmxgJF-Dh+s~CKTpCwm`EwkxmiV zV=@W6OH=gn%c|m3-c0f?tsn;Q0{8ST0Hs$X+C|qxt2I^J60`%cnNhJAme~p_VXB(E zq1q=_+nZY?XE@@Rr$+v&tt4e3;;pv<+PW2u1}QjFp(!5zQ$cjxX<@d6OGXe3$yFjn zAn(JAu;Q01;%A@hcr5#_G~W6e7r?NeW8<VU#Jaco?$0K<UOcU%yNiqAExmO4L$L}7 z{s2ODX^;p`Cs|g%fRIRwa=1>usH#>GKo&&f4*+R0dw|{gM@mw1ouhQR)!gjNpkp?W zZ1q4X<#c$hNy_ed{aY<xKp|){o=+Nd#=p9f<N#JRd}Pf#xh226R^%V@4myZ`fTKLb z`MCdvx35;aw<d3VPKm&f{^(~U0-_Lq)%Ab)7>#0{z^mc4#ZUd*K*a&%oLAohBn+Jk zyod!gB``);pf>5bR03&yrP4{t>p#bN*qDBXB6xD~0cS@r7M=J1^zkRViPQ75Qii6c z=RtWMx%DgA&180>$}?7E^#&FYmu^~H|9{oX)9l;FL9s&@j2MyCEBo6E+w-MB*PK<_ zu$=*A`;hT340he3`EWiqnPp1UGA8qmEr8bl${t-yz_9%R9*-a1W{-&`NTTW@Rdx9* zr&(5*ZRu9)kj>|hT<Wi(_~2w0@6Wkpj5`?;YX3H$-~~g>=<)4E8~NCf6aYx!^76&c z|Ar%dM-g~;E#AyO2*QbKwJ8ciTCmH$mpn;&BqfL<wb@rG0YAXWoi7KM|5;|yma^eO zWe#o9iIS(rwNh#1%OMEDmY0|RHI>kLCjg9py}!q3G#h**Xxw=T$LujgkPO)29<GRG zphgzJ!@|d@MuQ|1mEmU)(1foJv9FkYm{bY0I5Bz>hl|VwP(qG?%5oBR)B)h41%Zxh zWXzq&V?d09{y$&OO6R|H-7avW<K2?+oM{%>Q;WTK?4A%~P59sHkPQ{+c*;X2n3W_t z8~ObQ!T!JJ<ISF63#pvGC@{)wD0brh`fPf4LR=UChwY5}D$|{8Zv2892POK|cvv%b zt^WV`KLS62Ui`+P_B5pGFEH+0e0OKrsut$(yJb9Y;V4mTyGo(I+~1@0U*HhU3nbWk zb{UCax^-(#Yp%0@c5iU-)=c8W#Kdc>7H44NH~^Z69HfXl>pXh&sH7&^$iP6rMSrm1 zpqhO00gY~5$g(U5@g|5<J4#iRuGMcGDD@L+^~5W?h{e<HjpK%^yIvC7sH3Cl$9N{0 z2NvJdk0h3B^1tXhCz&H$W^FP<TYd#f!-h~cUR1_C`9p^`PxS(u<F9gYBA~2a;zA8O z3%lp`7af(C7kk7#+8=+C-2BBe(s^*OZ|I<+B9lnzF-<wJ1rf>Qm&+1jd99k$_H=MH zYyWmg<MV*Wv2Kg27wUi*^;bzMQW?IL`q#kK99yGM=NK9;5%674H2t8zc&FI9?}!xk z<35RelPXAOZTwDVrLJ<32=DF=efd%6++}VIJJ+<Z3jJ^VsBZ-v8~MD4SWL3xsz74Z z0FLTLeY_*fL{wLY)O~-9C+?%p%e^mH!Ix7sw(&vAD;^yZk8aSQynk<upE#BX7EYNl zt%9#jKSpl;25<gwRT)8~Oji#I#Kpz64y@ym5x7wtmkFBt@2zSSK15?|v10>{ir4Ty zdz}i7UjAh>aHwXMa&dyzzwN;;s(2={(w@O0rr_4K-56I)>_1m%Tak||Wm{Q}X*D?e zXGEHi@v=DjU3QtBn-&EO7|PVKtW|xl9HOce!-App<@2KKlh;+15)#pcci(wFN=r#D zot|o+D*&H@-IV07_(L1Kb8PWnrShvt8rVT>@gD%!4SFCpWa5(Og!YJW`f~zy#|^0Y zKzbZMe#8AXxQ1GTsH69y9J&!IugXM{vWEjab>_5PHhIM)GwI~sGAK6LZf}KTDnWM{ zfK^!MR!1{G3H@7Tpk<CXULm4fQ9Zl~w3;6ep+tqt`~`s>+-JVx<Kvq?ZPZ1+#>-Jp zl%GUO3z4ne*@Y7nTY@ZY{?p@|qcs}PckWvd*5fGaxJ(Bew?RjjjytQ^9z_mx4Jibd zAP!=xg3y)74V4w1BrMaFm{w^=Zaq;9WlAfP=(x>vypKCroMJRnLuIlCbS$MnzhtY$ zo0=<!9J*eaJ=xl6N}6fefnCu32V`rFnHg5il`yNx4qFw>BN;O&(hJy32r{<&3=6p} z#M+AaasAfl-&WqYhJY$aveBne#@>$?jORnQ9Z7ISHvX~YaTxVPlLVS6jOf6hFAFj1 z+5hp&S4avsJqeUT1jg+yPW|J8BwS9ViogAj7lX%F0)19gzP_r4iYehgqXC~U9|$XE z3-bXN0#f0Bo&{l*mOx3P->~P@EU0_;*^zM10SX;fb=i7hg>R-oU=?<<j^B<KvdR0I z(QJK|<7`9e;X80CU?;(kf`8dQCKuOjz(Vi=5}k*fM=IpW*g|EP{4-$Ry|F9XFI_lo z_g7DLc=NC!hvVlxLAQDp+fUE?@K2a9T4OSGFW8kS@Y>>OUm$KPu*gpZg4v&i12YP7 zh5ur9+o--z7Wu$O7p)DLEeN?NjIq-mEMO~e(jLo~8B=oT-E7i1+f`>HJ9t0WZP+f( z(s5Ao{GD78{2XUH7b<?p9Cx0J>msi_blD_jw!P+n9QE;@-rjlLz0tG${d=z|-InA_ z#lyqH*AyM@<veoRK7M1+R^w(?LET5?w95@jeQwaVyNrnTFf0ddVm`YWX8W_1%7^9O zCWsH@4+?LK@O-Z{j`?-MDAU?xl{VRJso5M}ctDJs>ov$z{&t()hW9JZR}EM|B)@nz zHWu?S0j*7cRDm;b)STJ$Ey``LNi0ME#+Nx+Ke@GjkoyrK@V3@T9+;Ij9Dme|VkVob z0mgKH8-Bytc(AWb8mo07<G^DeGe;;P5jnj^I|CDEg|+9L;+iiMvJ$#Jx|dsFD|gH_ z>-9uW8^zn1X=Q)+WK5NM@G~<bSt&35)vVuyhC1>LSQkR0FP1WE2U0nyIh$!eUXN0~ zK73`RbB+9@8&w~_VRup5j$JQ>Se32x;nbXsWs(8e``liIgsce*?&z-Lc{{E*>n3)y z$vZAS7UOMrrqO6dS94F<z$`R54F;EpoM4%Ur%P?kKK6M~v)l3IE|!XT_qd?fvf!g< zY($TB5@-MEDD5cSTa~dkYj}fKVaK$J_lar*qD*DC$D6?fs0K}kBR0N!EgW@p68Ylf zr;mi`rBvImo<nDqS2(Zr7-6($43}q~rZAA!2g%)tolaX)M+|(KugJHIuZNXQT=F!Y zZD=i3rDhq8zSv4c&zMX!sZc%cPVTR@C(W+#Q!=Ubb-iylZa@hP=WZ-4j8<+N)<de$ z1*c{Dls<i8>Av(_I`heKX7XA2n8(vv$4T<N$z{(5y!q3o@6xMwuaXX*uH&J)@5m*P zX=S4HivmSe>|NP|#P>j9M0hB)xfNE454VLHGP9?b4%)}GyNurX7T4;KpC#E!PtBjz z5_DUYmU`8U%9tfa=h)%S&XtKU_W2gAt;2p4$sA7cnxU`uB3$*k{iL=6am#mVBP1|H zOwILHR7JL1Bw`$sS9ose6BSZ<JS-4<W;DJ<_Z)fOeFvFM;~TnN^tWc?kAhKn#*Z56 z&$Xd$)0FwV&F#IJeMYyS^qINn2Q%jUEh2gD8`kd1vgs%DUffwQ8Y682#kupK_RF4Z zQ)1YLk<H4(qz-xV>Z{7$&b2d9wATW4Hjm}r;MWcAEEBs{?%|c`jDNE8ri7@7>T{H` zwWYPz_?2LhOE0q7y*8ibeU{>tw2`0M+J)LB4iQ@=Q6f#vv7kLtd1sYAlVG+_<!Hd6 zHrHi_M|C{3^alpYGV5oUDEsZQBXh(`N~v9XUcRR}9@<P&JQO4Bp66W~TeU?-kOOb+ z69}?5=?CTNVkX*IlY>RF<Ztq^g9y=;lkRPMA@q6;!-}}|`Ed9a>PURR(8-TsnPnDx zvs$H}tm_fiC!rhdpnc=Pa&g3c))liLDq~fb|AAL+i7viq5_)b+No}Qye$h9JAI5%Y zlI*J5w-_@fMhK1HP_+>Bk#YgsAGC3GpljgJzTT!^&Qx!_>1XM>#zsT;%JUOvRAs4* z_OIIp^3NYlhlai~PFn(AytDHNTpQbCix*5h$XixrUkr=now)94c7+yVIuHm6FL;-B zcPHB0+k1HTT*6{WsTPecmZ8Oj@<XNJc+#<_d#Qp`x(SB$tyg@G|0vvuUj1%8JA%|B z0Y$BqN<Vi*T3ntP(wcB*xSeX#q)z>`Av5Kftg(Ybg43~Mar=2SHaE@T)?e)`YmKs5 zOGBVV)U!A7p9xRi;MVeb<r*ATMBQIY#gT}{>pEU|F7muE$U5U56$00R%DS2&Qa9-y zxEo3YkI%jY)N)y~eT7cldTpbcqua7PlWsNn>A^y6g0M)ZSEjgcw8}Bp{pvCg33H>> z_sL?lthrN1gw{B*%NGt=yu~=iFJGg`LTdkDqS`VghmO7Ktw(HPw+j{CG_4kX)b)E< zaP&8)d^Jjs*4)LPI9<$Xrhk<2L)EkO$E@AGC6Oi*xKk$XXV2`qsc{5NDhi>ircAkg zSK0i!iZY472E-Ma$AdOrccHpf;LB-75X$0)%)Q~u$gNgC;_i4pm?%PEzl(_(+!G%c zPQ#e7M?KtbUeci*G21C!SVH!cC?83(%XJ%OZL_@bGikW9??eNX;_EP>z46vwD7}h} zr{(QQpgp68JKd#-XWUL(N0joZ&^YRP=YV_1GSQpuQ*H9>@G(r5PR2=wmwRvfrAN(i zkszRSNUx6QlMYI%V1EBS8W*ZdH__M|xQa||UqYZpV-DCBU^MU$Rfe5)MY0VY(3Ts3 zq43+<IYg&oLNbAyaEZt=6P;>+a;eXvW~5)xEqgY}IUm8=$Hj$jKP?st471iGsk7Du zu=8>3is*p$%gU0QcOjY3x?oN@k$33kN5v=5G7iAzDRwi)%=`hXA@?CS2)!&bKA%PJ zRvL2A26P~4M8OEtV`TMG4}|~vAcle8UOZ??NmT<_@i;<R!-Q<zm>OfS|3&1PVykl; z#sfs(AE1asC=O{0K#1@@pcD}~L@lV1R)`={QuTq4EWk!94#x?U*!fSg_GxKp?0PY9 zYPY&T--@=m+3_K$_WuJew=(EUWF+)SBO@b3>r)&`*tYP4x1VIs72D2bjzByE9KDtO z&6!pCQqa=a1`q=h5w#exD9%&D{y-KGN;d24FJ=J_EihRALb7?{*<aM+&7qt9g)OT% z<Q6t=ImL<cz?lTLRS(eYA9MU3VGd>NFJ$`f48R!}2&T3ryr6#{AA`<>Y`zHu&0n(} z|Gw%S<2lEm?{LDZr7+wm=#+4q^H^|-FLK@w>)5cc*z+@5xP<nFO|oED;c^xg>I1YD z2hx??#@GwB?byv~hz4caXe&LHEtzq3EIb@{d%b(-8m#7wcYD-+f~*Zdb72V6L%5A5 zmxT?|L)6_nF8_`E_K|eK5muFl(W13&x)*{b$g-jJ!^7ix<0aA_2UrI4Vmps-X>yPu zdUdi1kb9TM4`^pxTVEV}Y##J+7BAxtAmLkYPiL7rHJT@A9KN(@A+44HaQv?M;zm9I zm%8=WQy0H^C7{SPJGI_BLc_v;?jMFWGk-RKb6>zNt@kVfG3ku#+s{DoSlDg65NuQ8 z!P?!%WC%0vKJgmrQ~vBEXE2wa?d^00?CqrT-?(uv`^MbCoG1T{H&QiT-(^BGh}><p zS0JF13+XIcgZY7rE$jy53EJ)qXqygkoV7Qh4R#AN)$HSw`elZCFdR!N%n|zJ7dAIO z-3uHJu84J;$utN+kU^&b`v<}jv!})>x#pKH6}c;=UH0-n65G(g$Is8&vD(=I{66P7 ztAe>*8c+J6)uEcVaHvozRPeRnB{c+hRh8EJHUxU;V`i)=d)YH9UMGLJC2l|4MX-V_ zASBpwlk7Vg1wZ7+VlYbMRonAQlBwc%;=+BASH3+F@)tsN%ekhfSVY7t?8~$rxe=i0 zc1?Cu61&%e=KT<Gy19-E?KL75SQrN}6rwO<hiC_~4rD#EY|f~dQQat1=pl}Kl736) zgmCPm^n^=mQMdWnQL*$(sZ@rSM${+I9hn~qsKCvdZ$9~{O05(+tMT1A1p&y`XW;&h zaW<*ge_z*rf32(Q5$(SM4`hWdSL6{vo{F)VC`8<%uh8n_Ny~fDP&xAn5;lx*KLh!) zz`@+vM-7O+xt7(lgZotScj+^M@B@A^j8fUr>v2LNdL|>)vcsBgR7Nidy^?VQK)!2L zz@f~^Q`tey-u)HMu|tf8hRgP(K~q=FR6`x_S*Mv}zn*=fcUwLgcsuK)QrRKBLd)|k zPxO~L_39ft?zDSWjCBF_SIlg4Wlr>lhr4e1^r_2V1v*T`Ehw{&BJV-RMkp0!+)3QO zIg!>uauU^7e~a<%7>$gtvmN0MGAek94wZZ<S-#(>Ao^H!GL_J)ITP<?Ig-hIH!|)h zpW_Y7u|@=u@uFd%Xd_C>v08({Q^af8ebsf78`a{-O;MGM)lTP-2-o|6{kNuj(B(|W zHRnm0xj`7&zWJQCb~$6|!}JMWYqR}_C#-E9qEcgDP8&_9pt#kp3I_!S-Xoyp*ShDn zl<=Hh18#KSQPhN*)1Hs<{)mRt{bL;uE>i_tM2N2Lx#8S2PuJx}fmIoJvz!2&Iy)K6 z@e!Nuokroir<?0*s01wnRa?D`U(tE+r6Jl`+7K^z@>#e*q6)P&6HlZH8m$oA7K@cf zRNYoQ?)>UPvJVEkv46LdTQQFGxNW#5K!3}}y(S3#6q>R9#ck}F{q~z_a_0ybM7y)o zCA~DK!x?JFqcmwNKe^UxA;ihYbVf3=;teq}MZ8M`?4PUe|8XT#S+8|qP+(@gnc~CN zwzn9B1-iRL+`?kwTk76bF+6@a$#`1-f{Qyp{G-YRPhN-nb%XbK-MhSN)lb7GF%flM z2%f{ogb+@xag%8&;`AqsBhvnt&V-I{X+AwO041g_+lRNTAnX6gqe>Ka2rgwU)>!wT zcUr~P3&Vp>-MK&1sR88CfdDb572||sc++symTyUg!>AkTi5D%E1H8StlWxUmpe7<p zY7VoE7@1S$RYsO#vKmM%DTTTsfPdRQ?19AL0Fv>#+FIG`3Fy)F3qH2ht6vso!4w8& zslZ7}l=Fg70-eZR4jh5M*FpRk%F%!xJ@3g=)=dES;lbi<1Qi<yiz2+>uQwm3yod6! z{1NECKbBf91wn`_SD<NM?;HEd--hc4bN~eyQKKQM1@^@U=L5wZ&>{tikYG3axy^Ye z-~nK^!(iY{#-k0OT$qas_?GM^+c#Tfn%pQ_!7+(HKWt|A2}rYGBa(MT-m6-f!w@Hk z6Z!O7ZT|9N77TtqqGaWbWNO_${Vx&G6ySnxhkg7D<G=K=zHGVU$UtkU)cGbMp8kIY zF8)t}0O&jeKcf)Co-wHJx|#M*Kwo_h7~uC(KGP66t+W9u_O^hk<$^H-R)GbZ#}p9% z;eZcVW1x`%DgMtTR|omw*HL`<O<%Ef(F<*57n-33G*+5}EYR8`H-AJxzG*D85E4Yt zM8p?Yv5k&b|M)u<^uGp>Cg%oPtsWbrX5RfQc*j4v)O*rj;K1(P7mwrJPj1+EAw@k| z^EDUo?&=)|E;7p<-udpcEZKfH>f~<OUmL76b<8x^dVL^#;`2?n#6H+^>(bJ*Ev0f9 zxiJORS7ybOI={*Hwm?7g{`~Rj!8b#_>S>Ch+4h6^X^QPi_Py(=+)972-a!HiT8+8> z!FuLMBDB02{j<#=f1&Z{zCTzGBwaz5RQ(6*Nk(HFqcD+wupZ_Vg>jOi#xsxg<ZRk* zeUAx>6<Ki*BJ6IZTP@fvssOZJw6(4253*{`SXf!W!t;Xw@fTqOLlFCj1q3($`ahQ( z0%q*Ei9?M#M;aPZx{86xGd+EaE&mX>YLtf1>y<wM*R}wi{&<AK_%QL`9VYZ-dW@q& zdX)2Kb`<T}Rw@A~D(rPSj3lw6wKiFu_kP~@$<SH+w|Y}jtUi!OEYl1Kl+FKo3@#B( zC-PC7{y`!ZtqBE5qytU-{=c3g0gYFI_&u<J!25SOU!@RPAk-5d#FTX#{?jdwbx9D^ zJ?%oqzz>KNu4aTngE|cnmn*;*-qqv$U}EM6&{h=K-htN|DVeEmppa`TZRprJqBH%g zPjJnieFslb*rfU%d7}WF$r={?O2v5oNa)Zxwyx?f3(ydDtY=V(Y==jgm7pCwW7l*& z4)!W}j9n{rDM-W~s%?aww^4!o<-g$<#9~d_lD6#t$LDs=V-phkG$-xH6<@xINENpP zpAG)vm=J@JWH;M@|JTQq;wZ+yFFHFw#RY>Or`XAk^4HfR*|PvsINhhAqM)J@4yQah zE9=@=`Ij%}*pW`Uv3&*Pir5K0StO~CTiKjTvP*BJ!&kkP5$(`oT?!(2^Jy}`y1#c8 z3Sv1%=J&?VaKfSB>&(mlB!^!E;P<!qNB;)rzonnuA+G`)o!`RGp(uf$^Lw*6>?Q!m zzqgswOY48|;#|n%$Hm41SAA<^wtX*np$Gr#d2-^`)$?&{m<p`mD5ou41iTzR%)s2( ziCJj!t;1eC__>;vkIG{yzr7jYm%pBQe{^|7V-Q5Mnr#Y|z!zb&Mz!9MQDT*J?wKQ4 z1e`cX_OK5#dqTX&L*`FDd+w;O)sZK_1MQ|m8De>=D&&913daUpbKwW7-ka6N^1N7+ z(*D}Bf=(fE>8#_Nod1Wt_ke0@`}Rh`-aDWmT|l}ZMLJ4T5s==SgdPaeyOk~_ROu=L z(j^#L2q=hj6s1>@DujTci{P8Vb3Et#ZyEQ!`+eUV?~UtlKuC7h-h1t}X8q0I+@4_C z#|UHS#_}OhNcV#7McvYoevLQ<gR45T@Kw0|*28mcZ9S9GY)2VSQ~vE+k8}$H5*{M3 z-r&j(Q`!7&K=uJb-W>Z+Z+u!xyixJ3fYmEi1#jDuMF(1X^7SpIcsGg?vOOwN-@oc9 zqiJt#ZA@5e+c9z2_<p5&qColA579vPaO}JhXGsclw`yt9&NA$f-j;vx{2QwbRF*4h zUnzz6zrMIW<=ml@i61m+P}Oa2aS*Dsy-}v;Q=zO<MAz0uz&BRtROq43jUL}oC}xR$ zr^EGVIMk&|HvG>SW0|sBp5(CP^DcUh>yN$MOG9r%&GO(w*Av|mhB7_<NYV$*7W`Yr zYPyz}V;-{_)f%JUC<179v_1V}`a@IlgnjD=*;9O*hKo<84ZCJ;l)mIJ#(JaX%4nMF zo9&j5Fh>QQe;AWF>5SXup;R0<qqGCtj4uA`5}<H?XA$DQkWRs*PQcuhcAkVzw@O~1 zOTn<KV-tQgEK4s(=e*LktcC?ErfW~Acb#w4$UzihF9_pt3y#DH{pCr635l22iFi}3 z0@&LVWR^j6q%XqXUz#k!!ObEhaHRVRk`pd@g_WTk`K=R11)Co|EGpy_C%SHR&7_KV zwdVvL=A3UgY1o~cr!<gAG#P)3s(0BJn}2Hl9Vlq}I4|tVn00k@LqhXDp8W2u&mFm= z$<J$XCHk|Wox`bk*7?^4UUoa?J$2`YEg6EisnVvnBvW9`%W~vuC#@Y7o6y_?e<;D3 zhjE41kDO0E?fVQi$n=YpJgm$brQXT({P<+k)U^;xAho|HSfoS23lZq4_Df@r{=Pjh zpp3|vyh3nWQFk^5K)1w_x5O9U0&!3w(+%q&6L#2~{BxZmObW(QEov5A3|hKK$F&^% zS?+qU6fGDT9v&LIYUrkAH4Ynwbi&K5M55Rs<9a(fxhVva(y5?Kffi}ej$Tc=tKUYh zl&4jpL}0>jfk1VOF?(R}!r5G^{h(mUGDaL2*~6-gcqBXY4>D3KLbijfdVw-=vTH{C zgU$pv(fFfvGe@g+9QhLzrsAIe==PJ1s~~|_YlLmq&75$UP=adY@CxUm9v8;s2}i?A zdscHW&b)*&Qc2lhQvav2eqJ*^vWC9ZWk)kn5OL-uevs!)fiXeujnU)8gKhD}$*Z7* z(1zNDIr`-THl)b_!;hsS&~1Pxh*`HU!go5I!WrqVMH>4!zBiuA-w4D^et-ueK)1k| zsx>Ra0DYkAz_utTG%ybBEp$r1Z&#_X@^rnZqN3ty7gsh3IoIomPH2(9q!aCS3W`iw z)v5XG<kLHio*u8AAmQKZTrh2Hv0ywtdpncXk-MUMW!C8&QJf^~J&&R+q8fTl;5*+J z?T#dVcie5sr;~VXC4%vSsOv~&*L;Fbp1rMDmD6d`>{(UX8-Ff!t-L%Pv6`8Fxp&Vm zx)x#=j$Ie6=iv9aH*@%j@2hw^!~B#9K}*$^W@ou&JCPMf9$jzuQIhOU)P6sK*;(nR z7P_YcJfk|{%OwNC#k^lt1aU3Ox!Ub-o11!jciGB3*5u9CsgOGuG&&>_q-H&<Szz$T z!{mxQ7L0G7rH>SUWl)zRiAw<rxF+%FqQ@=QAJOZcnSG^)t@Mu>LpLxt_TcaWM^nRH zGj*L$;=0KJ+xZUdJUTCA9<`2rQ~Z)uE~J^y<y{g9tX@M7hDM$(+a-1g)o|O08=yVg z(i_`mhYg~Rt?6sfw)DiR=XLq<T0fdNbqkqUi<09j!GG;@D!2m(sD><bLt%F`uRc)a zzlm6UC;7@?h&|IlN#XZw*?VClTp!+*@D*@>csG@q=MkHlIj^qR6(-5x&T5WE;}a66 z%scIb4+`nNM0rQ=%?ec77hAP}e_PRA%d1~(V3EO<-#w$WuUzK9r7KK<+eX&5Dkj-2 zUvCY3=6eV48x!F-@?q(vhed!=P(P;xjaYFEtBTTaI2E0oX=|{z*i7L~&r_H0=wZF* zUqlaZ!84h^)a8V^{oIbXFS^)nZf_qd8(WuQc+k4TV*XupT@-59*pQw8P$;c^-YawI z55@ZOrP)dg8Ba#u<gNVguW=oFbkB~rsC(<>MbqVavD7S6Ykm)o>!fyHHnk_`vd0FU z;}xWz+lpUejQvqmE3jmm4ylT~VTl679-l5+hDbZU!D>I8eQ9;0*?g<+=>8uQ=C6iV z<|9oCih1=l3Rb=kpRys86xYh_JMiAOi)OD|Z%j5-+B%nr19zDVyLI&r3Ny(>UHc=q z_BwStlB6G-aoVjL?Wdsle6t{?&EH*C;**C~9+^b<CV#Hm{iaA&8_F&&vK`P#j(t(w zg=xGi($?Od1_5l~+XC<Bke-o|(8h1X5Yz<LKyd9>LEO`L(}BY>`MCk2YE=G#Ih#fO zBlvps&ZtYKd8#QzRNq0w-7ILL@(<R?7&TbCO;H?KlsiiVzw?(rKsJcjX;kM#r26Rm zKkH_gU&8`Z;V)wWv{hG_sK@u!UN6GIk;wT};CWul&-5R!TADn#YEC&kRKeY-mV7{_ zsCi>r&5Om)tKWB>QcqJ;6ROcLdv_v-DzW1iACDj3L7d*betG{2kzifnooD3v(Z7Ov zR7vDf$<&A6b{X0Q>&+jFTXE@__G^y*aYGHoJlgPhrQZ6H_v(aSl#M5>)jGR;13bFr zsF>R-pNvB1yXULlZWLSC7-Qc_$Ljby<`}7<UJ)}?hbD#_u3%Tb?Y$ZB=el$*?A|gH zs4TMJ|KM}no{E9huJ_8~q_M+LQ_>s_p3YwXYj%F+dr9nrSWX+hSk~J+OH;q%6&aHi z<HuIJm38t`OnHBt)hH^i>s3tqo2+-MXJai`m{S*-gJ_xHzPYxk$;rWjvmhkb&CexE zzw*%1C~#!yG~7MUfS*0(xXVMXr%n-xujRCvH$<Jr7;HQUI_u;q`;Q@u?IM4?qGwxd zWyrL(FGUmz=i|t<fuE8|2iUr3+cg4LsTcwb1!MF9B=V+i|GPq+gw^5E{LyEF!nQq! zetB`*s-*vp)H^V!d=F}jKHV|w^CZ9b_zt$iV(u`{Z8#6NJ|FbNS9IzbT#`idtLEc7 zfCd$hYYP`~KSJ5g8wENT+{bP6d8o>CZRNZdMXtk3^^tJ4qWN5u4YpDlDPH+gSb5*b zOaA#<JY_R)L&V7J4IgYRtJy{u?D0Gu55Ed+iw0~U$LA|Y{+u%?T--a=n{dWfu7iQe zj=LpUdb!<q!m_|OTYIgvXhD2fc;kUmmozXjIXi!}H&Cu_xXxbY@$jxu{_1tV`irJi z3_V;u6Ohd*i>Y*0)lQ?$8z&fkXq7zj6RKjv{apUK>V)&7ErX+BYvF<(Z$om;B!PVy z2$Pq9%3I6?C%r)^nLHW~z_$Lqfth-Gdf-WgaHL%&1CpA#i+;QltwwKyCybvx?BW`^ ztRpeM&{OMT&8(JXFo#^%=!Xud>gol`vAG6#3!~)E^a`?=TIX#JT!6jqI31!}@QRz_ z31lqpqEG2?15K_?|BEhi3r|xB^WUL}$}76FIa_SE+`k-YVLOvRPw`~z-HUD#2M<Ne z9F!{;IAcBVv&KXo>n`<z9I)~W4X`s`v(o`A%QOSzx0v;?OJM1Le4%zS%b=~!>PXC& ze)}S+(T68NC>T3~7af-{1pveEa4ZSRb%jkuzt8Ry29xJQ<RbP~XZHRG`_u~n>$&vx zc?|h08qP*}bJ{-8ox*V2j``&lsRQE)K|9QDj{1+K0BM9<S|->)yq$W%&=u^JKV70n z&Dv1+%=<6jPPF5l|2N+TAa0)XznmxV=08RgdiaksK4aFhFT456a!La4?C?_q97NWB zIew758`)^JmX7g0^;i~;gQ^T3)9N38K1^uWSw0bO_)An$B*}u*olyX5ZwGi+FKEC~ z0xzE8i3vO>b_mPg^#(Eg=RsCPGCGS&*9ca^uc7(){7EtCpd28EO`(oAnFo{d`X7j) zMeO!vI{j%-lGAB&FS;F{{?gmz91HCgtUFW#ZCg!=;GrJ-=XCvZ61urs-#0c0JOepT zg#Nmxzp_t$XIy)|mzGv-iVTQ#SiG$Id;a0z$fg3>uvR%DIf0oxdi`%7A+ZppaW?no zNDdk#O|%Rg0;hd@U&F)Hfx1tXQiJq6TkEiYHVXo{|GK_B2<St~U@{C6F?Xir80|QW za>yp`_R=tbT&75co$wY^qo+grG2Vy2zlno99yFg#_CD1Q;g*<u9l&F+HNax*cP;1R z;dv}$_H!v)M%aVq^@&6Tetk0e7oPX^O`swl*UtL}`!B`4-<CIB8`30C0Tc|bJ|~Pq zR`Jbo-1~JY#4>)poAc5j9JZ0Eb*dZn=m91}E$$1a;Ig0s;?A0sCSaaL;9a#p-i20| z#pUJYR&BJkRI-8KR&Q5VK#y6?$SV@S@6A=DGe)lWgf?}CsB#8K6TV$onH!ijV7iF| zR{XC}+N1jWS?j3#U{%%Bk}V+*tYBhOO?HN#$_0_(Qr^pUi>UC`a`^y@izDsr?SZ;! z(#Yo%HGmC-66pfV7s>(`FIudG8Gnk-ODrfRyo|Q*SGXoeGkd5&XN+7S2Kf_Hi*o0` zEu?~H!*;@6rQnl83bOYHw`Kt}apDs&O;)a2C{--bIq5l^b+!J`0CF8@+aEL67mg_! zVs?LjbG?sS_fQX4mtBEjSz)15=I^CwPqnO*H+N>SNLLBEq3kr?vC;Du(lw6Vd59m* znz8w|<r-bOpLFcqCVNQJd9xXR`=YQ;Ubs|@IPu`BX)&0hCr@WNw*{E+1?rZzxE9?C z3S!YCu^~kdNd%e{P2pe6g*!led~%@o;E0v2)qdguXZnfMe)T40;KcFobHnVPunRmG z!aEr53s|ugQnaH`&#Rxa)#s~{&OF$3sq<6!#Ilhu1APt4a`KNrk9MbCfuLK}qy2eZ zKKgw|ZvyjDh$U`zG&a@;t&g}U^QBb8(Nr2%WcKOA8q?DmA`83dqVY-jm%S?J3eJXX zinmVoUb)Waahz@|^K;|R=(_XcTP!b}neG|+H!U|nf}Qd2=ecBQv>ev_;h-u_s35%$ zei%G62geExu5{j4J+COw9#I?qFx2s)Yo@Iz$r9Kzy!s{;xp%%F>Ne_?xG}8T>n}$` zEKv7+@t`crk?K~%lS%}AWk6j5$ztytKG;FN+wc(BhU&W5z)X(W^E`D6!j>-d9<KM+ zO&3j9!g6vr4Q-rDUp|i|oT$}Zz`t-QiOA5&s~Q|eKy{wuRaL!$Nqf<3JKcsK_FFCa zPxK><_$#8ICpTxQ6Dl11bYsX=c~m4H@Slj&9ZzQ<C5={dr>D^${pY!<+iNPsbHP;M z`si<7XvSLFGYj@-V9{k<$eZZ0$`*HrLIcp99lh#LM!y}hGA8ik8DCDo6w6&xJ|a+{ zQ4k<-*74Os@GY0@;%hxlBXQ|2W=Jh=5}CyoqH6{U#$B}4M5GU=JHdvq@7~s|`nX`1 zk&Pg~`{cdeT^T2Rr10-pcM)7|2!7^7)wx@9#gvow5{U%*+q8V=+`Y<)0m;vtthxp* z%-sV~d~}r>q)FJ+BHMToXdGjg)7|UiYecVoM>O6rX`@?0s`}CUT0N3@o5Z4QoQK8o z*pwfamuS34cEHq)eGN>edXc=($4O7S49Z#DW4t$%9m_~{7vi0d+(X|iXxvLKB6ZQS zr^0I46X-RFU2~z<)y|@^7t2Nw8Mru)@!YeKxceT+0*S>q4@DjnvUIjKj_g|~X?te# zsmuxE6E^DRbjqVh!d!4+9lMK99(ibeh<mVPw1eqzYD~PHg7kKbasZk)00~0^$jL6Z zhj;y<H{4wjH|^Ql+FB@HA)?cc+>IyWU`Jk>%WbnoP@N973ovlg=B5BCyhBdC;3oJB zQ4o+n&6N&Jyr92e#{cm?`FK!mu*?!S$kmS9_=NMXU_a{^cX=;-egmZ;tBKZW`rn`3 z4TSo@Q9xk)34vWCD~Bt*?LDEspwwW53<J;zPl0FS_o^j-o=dg<2P(AyD2Cu{zn?mg zSzur2j6WcAGC+#}h&+PP@YnQ~8vNWhE%&$W#<TMjgcX3VqXoc5>IK^8(o|-%fV`x2 z%R8st=qFs7t<|NIj$e;D|E0g4F;CJ2tS<|GR8ib?dr13-NB(b&gdym{3rRZF8FjNA zV7NE~Y#YSg7L*9fku^EFhrNpEQ0%tFxBJ5`2x^0CMkNbze+pSV{7`uU$-89$p$Odr z4~^`m{dthEi_Avf`$A~g+L`fs7qk+bfIPQ-PvIsQUXa9+?Q9br`7t!_FS;F<O%j9Y zB<uNFNLesWkt=Hd)t&*Bxv#4qXcQp~{0k@j-?1We{_mJl|8i;~ST_cEZ@0fs8Wbo) zN)j+R^2W|hY=D8V__Z?sD^vA*K0)>Vn3AdaRmpP_dKJb$*n89jvYzC83;B7FJN0ar z9dFlYot?7ZwxmXX8Lz)A(|;OE|DD_XZ`f&vwP&HX4cG=*f8>vTKRGZD`c3@m=!TsD zZo=c{WHStYhZhtiKxqIwbQ|K`d*tjTKsNzs1K>`woz}35ihL)y$+1bh{BH0|$T)Yf z`}EvTcO4jiL|%1y@pjAJadx}6ZCLDEJ6;0Rf&u=P;zdtym%+z8Fl5OKw@4rt+cO)t zn(GEdM~*w9@}S*y!w-gXH=vQBc=GmiS0(gC5Uu_eKG9@Hwv>N98HPZh?TQuoIpe>o zplH7vvdCkzoIyN5$A`JzVpeh(m`vpZ3{9(KV=Y`Az~$bv)qWd})$5Za_lbS?R6qL` z*d(q8Soq6S0a%G#LH0-R0b>3uvm|m72#`*{(=N9-yX@-wAvFe@?RT~%G*dT^3OI=V zmRbV`!%aJnZQx&z^v>(TK$W{Yw1fDayHPmVWyj0I^GJ;S6{PWhpXyl!aJ>Fb%l)># z|LggoL2|2e$R1}xvXj)QsYVYeGHB6k_eT{$tN%LWl_8fU+gVRz+WIv_aJwgxEL=JS zv%%7apZ}WRxws022js>;<V2_B&mW64(32JFtjTG)BMg#|5sRRg*e)r79`4&k<=YG- zlaS3Zc(-og_J<?)YcKqsfM4R|_jLZM5ctoMS5gbFcm6mbn`~um-KO~-)-t)?0&rDr z{$Aj!!o>ja4pa&`4Fwtig7IX34?^(ULF`b2*7kM=aaS8Cb>`N|f1H?jI{~OJJlc|k zA&o>l;ev(YaTMg0zQ25`ETa54DM?VdRFtzSVx7O_M#;E(kn!z95og{(GP12EW4J?u z=*mgxHle;Cky)XZZRfqa?RsKEvPXzfn_^FUNI{lgYfJk56BaVA4Hm?9pL4GkZZ54v z7>)EZa<Mx2x<cwZmr8jm&C3{F`BPAhk$v%odu8Zp;UBFrNybl%J@N0A61DOMS&enq zPG78P7-uVOOHxfR$i-TkoC~_6)!jZEFeoueOxh^9viPpyBROkW>`Kb{;KL=l%?nNP zdh4scDb}*|l*hznz?%aAvF+cw&p%?x3lMAF|DwBAd4_7MO0?2X2<6K&1h4}#doH;S z2oPb9{T%$jyd?>1E=t;)W*b6!E05pB976X+Uz(<FNuVt&L@t<?&zib*X*=H|U2Ddd z&rd3Ee5n}rGfx+tyM#~hz+VVfDXX+LF^tQKX)_~y9E_W2iFF*p3zSbet`|rV-VA>@ z^iey{=*iiV!CL{^CkOfiEP(MYeZ6Nx?zJD?Kr#g61my%1P!N%OZqOz?ba-y2my&1V z8&l-w%RIBK7TyL$g{DIEQHDkAW=z9SYE>5f%m<nKRmENsuYAXFO0hmp-UEF@MuiDO zYr`3xblLVOuNvn8?~(?RNvm0HkO#7-aqokQE7!2z_^E2)af23_!2@N_H<dpP<_sxK z9zTyFq6a?E<IRXYgTB*huA`ID_RJpFCH96xWJEC6&AHFCpLnfVTD@{=-#P*@rnJ>x zW||C*>IoNPaYoX9p5aqzor9e=qs+T74uklX%hamLr&OJq-d%X$`amFIz?wS|K?0MG zt1NJ{-|-kK^gZv*LVsj`gQLUx+nG|k(bI#q6M`+PSv}8+?c$OZhLxMf-q2ke9ee8Z zzTbGvkw{H75WV8;;a7HlnD%gL`N}&hO(n-4q`k7pUQ*#iwUhDOoCivHXzXo^g{}ul z>Ahhv&WO0w3sV;8Bs??{xA_?`goiz%HhkXrJnrK)D|<Y^Nje(tq*mc@KEY~LeO=8J z>Eb2B)Wyg_A%4#;)ok=+rY{yRb7_t<y@gQqVQ?^oMlyiDi_w=W_R~{$t{ncfj0u-; zWO8jLRrOiZwfk8;r-_MW3;vl;!Kx>w8R9Ld1~s3H3TQX_>~Je_nixgsHXB!b8GeMP zQ<mmJT6p%I@sae5@o^jvxHwL7E@ByUurU1Sv!s)MeBF^1$9l_x&SK2Ro;gf;SYa(q z9+kMcwzHMf_boNVMjsYkE@$?_IV&$X@)V8M*~LZfMJ-QU9e;07{=L{1A?A<5H{W?? zk<3j!K*7GVOZ-h$HuHRlT)V%g+QbT{8Mr3HT2Hw%qkBHhm8~Sc=$UQGIlW<L;kgUB z9#%4ZQEQaDwm7*QWl_X>lwNK$zL;0*@%@R5%0$(J=|l^QsFV7b*jz#zR|B@+4V}U3 zCF!}U_t-bUP#DM#c+Z5r2z9Z6KL%+@hp4C+ACih5)b3S7Mhx*@Ka#Ofim9A9QOgD^ zUgrEQ9DBYufAkOnc@0}xQ(vXMK<vP&mTP{0WAuvN1c|@y5BH$Vcb&oc^(f_Q#1q)6 zt45zy#II51xlO-~#U-t~1Iw%Go_<^}OS?(eSG(n`msbk8>au9D215p9kDhd<qIo!9 zqrm+c_JYL3KC+Kg%lX#-<+5UKcW->YUO};xVX;Aw;}6=rt|43s$11y9LdZ@o2o{?U z0qHY$sePbMo~W3<UV-B{agyy~;zU<JqhyL1!7kjP&`G@zX{&1n_~(;6DfZ!bPbsPI z5W(%58Qv`-wWdMnG!Iac(JAVFs<iKI+L)sFmDdhY<PdMic`A`OniIt}yT?^;Cksio zU#$9s&h6^P`hAK?d3}iSD7jRaM=SnPk3l&bw~jqe`Ykc>nRi9s_EDByhJZ0$-3JTx zT89%1%r`$qS?K1KQ5%}v(Hw~XytddI&tH+GyEUP-@6?ujgNQCcEwFcDIzF6EbokEC z&F#!;_x{PvXVOAz5$EQ4=~@(hMRoLqiTVRR$3I|1`F#(%uXB%ORMX`xh_(By#A;^o zNe<ri2ot><TSKSJ_d&Yer&#?`|JO!b@hyv}GLo}UsVFxz6_{tmOB6ApHqg1krED!n zOO~?kPYm4o{-8nfVPu!3!u-2XhaW@2u<{G*G0!{%o7sY7cu14Q9u`!@B-k&T<xM+1 z$1l|}H}SHUJzBkZ>12wEuF2&sig)Bdb$4wWl|-Si2uGwN*qE>i^e*8)(}%N9b&n@T zjBB>u7{8$uuy-u(Z1`s>j+MMrH@lY4Q|9&TH*(MJ=ID`<T+}u_ySr>_!M41L>D5oR z_r7fWtKCD!dTae2P2CaUPZ{N}tPd~cy6L}0-Xllyecs~jWLzIQ&&6wyGfMuCGgt2y zl_eFI9jH`N@T|`2eK#WIIhof>ha0DW3=`X`KhpEl7fCDk4bMA{1bWHExCCqfENz{6 z^v$&gRfOfQtGy#tjvRpllD@`u12x4C<!t_wd9~@&wQX#S9L`Ed{UXnS%&7;2VW`@{ z65OcTndvAIj<8N?hJMkd^KBw*zKOVI%8$bRCw{J3x%RUq7-0ZpR*X^w2VTL{BlCvn zdPpI?pwt>eVb;9z+}Kmd+F&IveKH8I-RXI2@1BfVD5j9tq_=<~4ba1WLvbwcRi3*? zg&&B#?T|FtAO|j;ztbc8leZcM%xZh>u<vXj2uZdiZ0_ZE3xFL6&LRbc!7-iLt6<du zBO(O_Z?Lv~J(!IGcGxt)5p$$C)n*HDwgdYSIIU!N>i9;~#h*~T=}VvynuDrY&K#Yd zLa3!bDq}MKA|t}PL1I{a%~a9i=`IBbt&?F;nvYL$q`H0ta~J3z8XEyn)LN7ZG|@6- z(8Exrn^g^TRsqn%g{EAsS(@sF-HRw56=fmn>o*^=?h-76mSiUj$p+hF(@T>*?JfK@ zDP));U<wBa3FJN!VD(<p@qc*ttF}+|k;Ub!ndXJt#UX8jb7dp`fRO{TML{wgp$u?m ze_D`Rn;T$mL6HKOTQNL31-d3)nUXbtN!l(IdBv2k^C^$NYT>?zFd2FG$CTBYfNKpz z*8rv4U2350-L*|Z3M44hhvp#S{tF2C2iA}HG>Bnl*_(XfKjr`cF*qe%2F)nQmDoKd zK5c{qh}ZHh%YyTu4mAXSw=n;USis*<EQUYpKK=%>+YTK30mk~@1xBof%Gp#18Iy0Z zwY9Zs&H<I2oJ<CKl3AJh_-i(X=E1TB=p%&wDJZ1=m^#^QEF;;R{S!L+YsP*blDGi@ zlW$!`{^SY|G}%N4N|B*$B4M-F_C<KBl@<bl?6LkTxcTqm5&ut2)xSO~;KltGtEmb> z9|Xe6Y7&T7TLuS>$ezuwbqN(o|1xur8{Rc2k+au#10Sig15bq`Jut!Uq`2E8p9r4L z_P-C+KsrI(20<SXBI?$B@9L>u!IF!vU=9Nyri0ujWxr2ZgkMSO;|I#hZ6*u}pvBpF zR5Hr@)Q4$kvP&KW5;x&v;98!UvhNC6#9pb<&eJjWU!TZPq72_AM*Iu*_lx)aFWlcR zX6?U#f4^9I|MClek!%0Wef&kK{o8$l4M?UG`OAO$#VGw3?C=*8_<wQ%Vq0rt^AN~@ z8y|DT&6NTQS&Y1r09r+A1Bd$Gndx8ym<*_sN%cOp{{7C>X_*s;4_G=PTwI+k%^kL1 zqHft8J|J>|=>pUCD@jRyEiWfa{+s63<R8wKj;>6C@Sz63hNTP2&Dp}z1rAa0bXC%H zHFvdy*GihgOv2koC~1l^iIQJQOY`fg-LkW^aD~rREM3h-1exIfuTK<Fj^wu$g_r~` zZGTNsm`U*BuU7(0+i$`5Z#ttaG%Z~X`ESZA@@rXoy7FIhfJ?ga>zCZGU)PM8;7}Dy zgsu4%l&2w#ae+w;?nPMWf-w`n9GnO)--Ss;V0&~WXOx>0oO%2Hw*TPQ<kxaGcXV+g z-=~Eaznmt&yrsLXg{6kl6&P5{{FVzGqUq}FX5sp4E?k(zq^18hZ{(5xoHs>Vq^qSf zzakRmMc&c^g|OtmVd-e?YQrQdEJ*&=pR?|ng4H%u8@O=FKQi{G6T_UXieF3Si7U@u zAN%BK=K96F{{g2X9j_bi66N=K4}#Vs%ynaPzZ}g5>8VAJkPQwuP1U9Hd!t>PKSEje z@R&ck&8&Ci!K2H$r#smr9A)l?XKdB09MGguI-B)AO#fZt4N)C6>9-wjXWxkF%%PS% z3-7iaNaT2M=$x7!r9#@N1D<J!83nnteUyj1jalE3w9GZ1YV`I>rm>cCf11AWx^G9J zDbwN8Pwtd-Qb$C5*Ue6_e*N9_Rq76b($%>@2FALDd<nnl+BgKK$mYgc-Er!z=dw;C z-a_9bnfAZFSHi>T9Cc;QTxb>R8K`~2#Pjt{wVhd#X5P!hS%tHHGPm*@Bk#PPb~&3G zx%FZ7fcPDnC09CEP7k?}z{i6c`p0&@N{A7dh_<n(dBt&Ur%Oia9XtDGF}@rpljCoP z9{yaGL<+_p6nvU88rc|pMpTH6m@yJOzkaveQd{KZ%exbr_l0*ASIds!Mu{ns0saMr zS1#+S78DxkGMS>Fl7l1f%gw-J3P}riy-g*?M!9vfJ8#EN?B>tD$bbETIN~kekMm8b zlyePiGpEmWdc=KWxS1+qj&^KNsd#yW!8&Wj>cZzLLvh}FR`NZa8~I0aab}q_%=uM& zxvtq#hP>Ikbe7i6vf-kULH>m4tEaTcq|Y@M;+o|TuiTpH$mmWBp|aT<T=g`x^|~bc zEy9&kgfN~qUreZ@bJ;QuuN|N@=%H}<$8(L({g3j$A5A-BjAg$`jGAUpmHa>%Sgf2d zVp!&`GX3#W2+xrpRXOe)SLt~!OR603zq>1QukwfC;3nJPkN^oe?S#;7FPE{M{<L1% zcZS#+9$BA{SiYxm?nO~!)3G2|ha*9`B93K<KHR>~o)+hBI2^m1euPstN66gSZ;R6T z?TMyu{U(e*CvJFrU(Eh!UYmTPW9@G1x8VNxBdC!3lJRYXg3+Ns^{0+T)w{<(c1{fH zMZT<ffgV@DRaK4DE~376A2I&-MGjdW{JC|ux8xrpgJ09_mMd8VDWaSm_^<rl*n$Fl z7cK}g3GrPN6u1c6TgBYf*%mhaMLr?HOJw<Rfk{AwPh?xpkhlMTyd4EDToU@{e$<Ya zIAS4sNWo|4a9y6}zStM@f*O{T4}1@(-EG|pGxC>jio0FN$foi9yoN!ZOzfqepfuAv zHKwfL&}-vLVtP8u%_cQfx1}Gx!$oO2G>)mHosSQH*l0akO*nW#P<o9yzUp*Ud1Jam zc=kEI#n-3nYfepe=0Yn7O-)Ayrm|v6({3#~)YiThhIR^_C*F5G4G*|*xi~6Ylp(*! z9-l|5?8O=dhiRIuVKSR%#5?Y_QWqDehbK<R$E+mXH7FBxK#J&61c)3vQp!R(dMWdx z!kW>J5Q_WBvChKLi+u>bE~;9khl)xRZftMe8%s6pPkQs27t|80q@w)S3?9W3rCz!E zU(H##6k#`~H9$8}+vre#2C3$4=QWrX+4;3)(Kw0y(K-7kt|75ROu(|te2?jT&yDz- zyhl$h-oK4&wtiD)CX2%PiV#Qw?7TGYnpA{w*-0t7CXr-+q)h38`qQ)K>=lAfuF>@A z*zw-qAc^Hi++quzB~hVLt|;ypJvv)4AaJO_&oVqS(oD9Sl%TR>a>-&kkze<I0)yH7 zddj3(wNcXqwKRJQ?qCuxAL@g&Kh5XhvZt)U$yc5q7h#Po>ch8+wb9<WbK?osh;@NQ zH}dQ=s&1W0^u|q|_4~e<^h`$oOve3D>`oJm%`cSDhuSnL@2T%7e64_qZQ4Oy>>9OL z_QQ8-BbJhb2o#4EtnZ3qui~UQzvhg`M5~}roGgre_=NL~!RGU~rIi}@RTb7%_tW+* zOTC!9+LU!QWdH8H#&!L>Dk!R{uS%5_q`aj~J+Mr?@1=V7{)T}DPLe;Ty>g6wZldI@ zJ(Z%zEEnp_2P~31`()Wc4&o-h{@#J;`(j$N^d8b@4l=I>OANR@Du``eG?H6*l*<2b z$+kzSX@8p^fp+kE&bW3J6~7@jh1u;^oiQAz&u+&Fiv#q#^=7=7cQ_~+KAm=bNq2Lf z&hsZ!i?tqa8l=|dH(9CxqPqX6=y3S`4Y6;=UjCcw{+r(h7Wt{u%Ab;U#1hJOYlcP~ z;9@F&XQ5m3DRGw(Q)1D%V<q*0j}JBb`hGJj*7GD4seS(Rk?+=nyJLNCcB9%H@u?f6 zp&cG=B^#OnzPmholTX=k2NimjURXk1v}|h`Zfm+SIy)aQiK}(h%t!7Jp?;%MrfDjz zwBwG_()lVkw!NFC5{ZJdW^W#|VmbOHI()eT^8K<6>QXe*DC4Vld|<D0`<`HVRW-XN zTJU)2R7@DQpDtABvDh3%D;-LAn$<c*sOCMAQ%&K5<G0{qPq~yB!HAHhckao&h9mak z)5JC_l?@lJaj~-W#}oK7`p3-d>rXH|v6WZw$h&Q)Sw#BcNYkULN^I*)t6B0(?t2$t z`{0SmEo|vEHP!ebwo~G@Jat1yJ8w3fBIv&>;h&v(KBTa3>WjXhVt2214`)~rZOE5( zM)Y}$pnqSsk;TzJWZVB@b4r*=<d?~{Z4`-!Fv0(ST37#@EGZ%KY54!wSW*HP{$Way zhyHWU{$tsFQAGHkqT5nk*?vIwSoOgr#_BOgro2SI>&JGur3A*(MjK=XeSB~g!Tf?s zTj$8;s&Ui1h-rtu#PzhkY;&YXS4(i$<dHicAIgRX>)9VTFZo8l_GWfdB)6+=v=ov) zNiOL^(xRXj`xx~AE>Fly_2i&ZC-Tj0#b89m{@jHN`RA1wv>e}D_S(1?71zyV#26BM zzXYvi7*zkQMcQtl(_(_Y8|At6#I^e_azK~f(Gk-&G)5ciS5Ud<8L_YiH8IDlGn=uI z7*N1WbM0qY4HxTzbzny*PxDZ$+#$+GgPa-W1)Abd2GwpVXel*2oqF^%kt#sH!+B|r zS;arp;U|usE#~yVd8GH!GKH=DK$B5xjCWMNf?rhYt%t9kok1`U4{vzkXH1wMeEw8k z6!?w*In8{~{)Uhh?X4^8Y%0VSW#PuO_QVCYJ$27hf>tzX-WkT#oiZ2n4EeGql_(QV zt>nTOxsjWLm!T3oxwR9&5FG#SuXXZ5{PVf}j~@RYJ^nv>{D1WL|6lYtS*!l1vTa-c z^6T0nz{?l8D8PT!($?C>l}Y51D1;x7C}&M4a|_GAf(rasY+YS$S~|<29Gp;&<k-q3 z{%a7WaCSnGqXtY?=13QCeE!2gf}nuVg@4h1gdv|t#@g!(-vnq+Jb1Y4#Iul^rK7?R zANL=-B1^f*Dx@hFe3$d<F$KeW5k~Tqdq;Qg+Ebyxd9Ld6yVzhs?OoSG6Q~bpzfqUH zP+(*oIv94@>iV?9lNIM-j>RftugVq6l@zfJ=kD+RTQ*khgc5#h)z#H}{HoX|JIX(! zbN~8VR&K7ZWC~CQCNIt2ynXxj#{9;YF#ch{rdj4|dlbku96ow<b!q9*qetU6SY_gD z_w3!PY#h_k(c!f?xxBinrmEUpMmmSi4&Bf}_F*P~ozVxn3@95PrkK{a0|2(E*2GVW z2y&4>Ys95zgjC<fo~MU~PV}vg-1#}^^4?*dik9M`%Db0&x<%5^YT43s=$*fYN6qq{ z!u_*16AV~p(R33^^3)WP^U&~$3{&2D<kIJo^v!&NLI|>l8AI{mMkOlNcuBNoy^YMv z=_bQDHVD{*bf}+knQTRKTE6z_P@rkz)4jvBvBJP=uPY-d$%C7QxHoZYV_t?>K89${ zh!CGy89<GcIv6_Z1E4tmNZwKL=_kOPITr~9RZ!RJwnOT=SDSE8zA<hEICo?BlXDSd ze4622{ZQXxX!ng0P6H^kn(vpBq9eW~Jm)K-bFd%T`hyfq;(?Iya1f(^xnUh}qd5T+ z+lmP^h5C-|G08Jz)&ww3fxEJ18Ot)#isbYS4p{*Fm<EGXg)zgmL^*WhWKqc;t@!2E zi|>5_@0_4(M8a(|s`@Q!iw33C)mQE~lCztF&F5;Ln0-BF536?}lyp|WWUPk+NDDF# zjV1<;UeIT3Jev$L=C2q(!Px^C`SUVyC{3Dk5>APAuV24r4m#^hE>Qr|R18xebIb4+ z<Sn{w&-ntpBTA~uup7FGu^x;z1hQh&uR@im1U!C8xm$-F_cbfoe`8?8dv*b;5Xf9g zdgV@|KJ)mg?#q+>UYh{VhbDYm7v0#x<aN4N#$(jtm1N`jTB3PBMqgJnF8>Kc3{AAn zb}jMELZl*J-c@JAq)IAsRM>A2iOB4P2UR$!-K|OFHr&J(`SHqNJ{7`zm`Gg1xwVtT zmAduWeSnwMja>{q^wRu6)w4^Jk1dWs$8M-yogtHjbr%?x=<K2R5=-01Ygl?!8?b+C zkh83$WAvVW3XAf}yQkkB&~jMXgPfC)6>@FhW5qy?)i80!)N6vOuW8_P2t@xcTk*{@ z*?;WEp%Q$^h(dRvnSuwqlmp97FrBHaw0+mmPy>vDye3t>bkY(EEIv?1f7NgNxYNl- zR@U35m99B^Hpu|<gqk0gxJ+Vw9iWAH3{y*}^dpnQ^8J0F8CSVQDPZ98BkWule%kiv zGfE{kK`gkyB_10sfI$XS9r(!Xz7?Q$mT%8p-<*wWLkZ-TxMHZb^9+4Jn(;BBXA6)> z(AL?smSf#s<#1@E^mm)YkHa1IDgN9UT4(Ymi|SY-C0Q(sl>*tcox?=$<XuHfWSiim zyr1_EXxPr~rZHmLi6`fSthu9+h~?dp=d?}2du`+SP16|rwy$X2xDoYs==?0dA#>zo zzSPDYuaVD*93F(;+d!c@9a3ug;|tA+-5%bZoDBLN1of|;7rlPC17`3eTG+mO(Djo_ zv{~PKAM|p>&g{Ym)Ps1*s7@2$1#Y^cufW1xv}@_o46N8SU^QqNiy3@29v@1E{X1_! z*?Y|POj)UpWVr$u%VDH?NR>5@`EZ-pkHww}>}m&YCO5Cj9Q)${;;Y~>$K(1Gk5ltE z$Dt;E6EZkm#@#F%Gf)ij1+Y0z665#DO)-c7r=K1w>`|$xdkU8r!&7Mq-P13h(BB{q zjaxGz3LfZmg@1lkq4By?Gd=ez!h;A_zJ<O(S)gEL?CGz!&HN4>6&sI&QP$r1r9usb z<D|YJ`g?grgHoA5#r{vyTkErgNhbcC&J4#`4pNk$OVVRIW+89r+rnE0`ON*58S&_j zP%3VM<;72mI$5`S&Pj-1)TEYUm$dd8kr(OOT6rh)veRvJW9bS$evMqQyV6u6#;w0F zbBj4+47QkV5#^`7;~++dN*$7M1`^7==r+@-_=?I)Q<NYYFVO8?jY$?oRWG(nWCjvX znS86OALgI|RNojd$92}#6J=*%#S?@|LI^NgnbYW%Gqg2uFgXn=v7VgiiJ<p7vj8PY z%PT9*c}F<Q9TjFCONqTtR1}$YD&|p+*Zbjz85S?Y+<9<Ra)BZ!jPePq#%c^KV*<z* z&-ICffsPo$xTWsAVpcutEdH|g(b1WlYsTKruktcFR#*m-DqrdltD$Ow6WKjrfls`; zI;XGfMG3R!y1NwF=lo_j4Vm5?g<p=xXQZLJ&`%t{0?BZC$&(cp?u>S5RgKHbK8x?< zn*GL)X|Eg|o^bFUjgj;Q&N0_8Se^t}o|Z-28zy}?X&_P{D*73Q;~Y7#Dh%QE>PqyP zK7@F$gOS9kp{w21d6r}E!XZ0@+4OzzqmjMmviCXdk1CDcKKU6P330K9I}M-T1RQaM zA*Ek-fv-=Gu}8(h*U$Z+(xfyDoxccWY5W(_Jsghh;^}h0*f1Kz*xnbK-_S-+saN5g zc}T`m=X+pQcjr9IPhLrdZu0(Kgo>QylU##_o`ct^Ly+j%OiCuzbw<Te>E_Q+*fgBN z>5Nl-GA|Qn_&gfsS9Zom-GW)dJT>yvWtr8lkT8qz>B)UAFXMehrtUI(Oh^KsF*IjC zAzItktl2F-J*`F^ySSpKM0A@iD4W^vvb<>dL)wFAlv6d>vvJ`-qT;(ixQWz(WBTT+ zl-EIAyjapI;>R#<eHJO5Yiwpg1UiTLn*?p~9g+F5@FOoQ+t~W>i>QjPLf<KA8_v2s zl6V=#sE=>GG09nz4?B$vb6X$SO;Owwiri}8DqV^2cCAU3w0I#zEtt4*^))m_7zHgI zj(e>=wMbU0uRy<=k+~W%umBQ2L#<QPS0H@&)ZDJwE<XLtWthSKnk%_h1YfOOx)ey~ z*!#*hM$0yfF>ehzQ#NNHWX@`oDctFIN4Oo<Eika`Ss>Tdy$YHQ^UePv++#Gxa3{57 zu%*qsU&d_}sF|*sFYm;W)UNHM5YKB&M{+m8^e>JuggyRQwS!{UlfuU8t?#o9jCZP5 z*OeEJ=~GPGQ7Ns!YO7iLs5}LN6}qsWdFR;s@@dk9J11;u<AU#K0zkZdUsLWq3n)?8 zv!0d*=QO}t`G5LP_7$MfGk-pKSb2x{xIWfSd#Gmas<BI(u-i{kab#usaeAHAy1r8< z`WOhakh#s-=s9sb1UXc*aP@d!mVUXD`H)&@L<L;$tpBCt`;F|!`?!wxRUYfhV#Zu{ zM&sfBMk0pa>}4F3L*z}c_&}*(*XBlKEu^!vj$T4L(1sK4?PbtgbwTI^=Qk*p65Vnb z(FJMY$f4O2yIBVG_%LooS2w^oq-U9B#!#aR7|;c$(GEN;bmv&?kN3?S?+ZQN_l^Z~ zndSdeA10|FI5;>qHa2`#garjP-g)ahXw*T8pi>_|)_ZAo&+j{Mk)T{%Up-pZdhp-@ zDJ8+W8fWS0*$XY?Xri#uZrp-$6&5H|QCWMX@uw|aS~@!J@>5}rBHc(9?)P#iU4oRl zq2~M6PCqx&PxSe%v!%hvj|5ik8Y7RetrNJi68Tc^lE{3&YPOgjeG}P<8nDLhYJJ?| zKb@lC6zHJjuE<#yjI?MI#F%JLT(e1M7QDBqljcm4QAjV#d0#d@+r$!#)UakvuFAw6 z>zi>C!R&6h>#&$~-t;OWC@^r4Xp{AGcQ8*%yP{5d=yz}aW!taB=<mMDepaesjqGtW z`s;H`%gbOJwbGY==uxe_wAtlTV}u)VD!~K^Mi;#$3~JDbXYjIMy14l<!;VTdL$D7A z7SBs8#PUZ6rA{b%DSnM{0z})27{6(w+OmH3`x`iWF48F|jKhoKd2E2iaroy!k7H^y z4yeSh+y`JKrG_J02<i?_F~P_jasTq(&1Y_rqy7aeS20_v%Syw1?Q?@mx;!{0+&<Cb z)&>>ZbeZ8R)}f6$MPor>Lns+x45>iMadPtWTma!@t2D3S<h2(bXwEsi@*#unlfyot zmB#wrqqy<@%67r%!#5gO?d86jJZ5{JeeNgYSC{0vdisuU2h#`d_zu~Yo2Ga?YbJ&* z9b|Ti(Os)N+A-BiZdqYcAFba<hnLbGP&ycbTo(5kjgh*KrqbUycUw(Hf>xV&W;Qj& zx#-;TnLLl;lN_c}-Ul&i>V7kYMin2aO5?89_(^m89BW;=%!&!uwnG?(NR_UB;hp{2 z@#t9J^Y#eDa>9hWC2=)bJd^NgJezn>3Xg^IL_DtL1<tNrBAOt@wltyd6Lje;iy<Bk zpSvW$jdA~A7a6{E?)l_LDT@g{_wl?pUF?&RqcPTQL(G=*c50%Es($p!h&oMo1g~H1 zR7#A)QMAeo5@EPeed~Ql{zlFQ`r}Y%Z|`FwdT_}RHP)_|X<~Q<fm5|+9q3<u=>(VQ zlb%TuQkDXR$}+2%u;LUd{cT*)Zy3&^$(pCOHGY|p!g^6&MA9-PrtM5rr3;IEsaBVK zX`J6uzVPx=lyOXJbLx&oK537orYAJ%&(l2FFvi)K#{P_I@xrsTw9aZ5eNJ@8_$o)V zdYOfKFtzisOgR<P=x=tXl`Sh`a*8-Yke<!umA$EN)THtFDF!s}wH#fVfz)f=ZcMx` z>Y4VA@2e9SaSG2(v_A^g9b*}AYsOXfN?%(Nn-nf<Fj|^5{%W4?+0@uC=Rj0M1&Yx~ zXDW6N*W(tNa0D(daVtgGNpY*v`hMO%Ma_dJlN;l6$7rOz_I@C!GA+{|F7V?&>d033 z7_*A;q4PP>X5yfLz$rKI`;z!Xy6GnNTaC2!U*GtA3i4c4Swn`7q|*_ib@^or2!&GY z>h(!5dTNPFgrId#R3mm){}|dKA0zXvDVg2t=@3EmUL*UrzIqUwCdTQ;gDa!mj!Fo+ zu=jjNPN1>D$mN;P{8he}p2z-@peD;`m9+Hm1Ah~--?E8Zitw$*Jt2(-AUNbpZ^@Sy z2P30`^A!+zN(k=%_daY=T=}UO*{Jhgp_FLqFCUD&Skc(Mxhs*1W%f2Y05r}xOBm>f ztd7ROdyV4qA|Z`BA&uPujUtE9hoj|J7~7l{-t4^t&6^5*c(-cE8Zc)=cc>a`-_zVa z4uOR{ABBG1Rer{e7oSD9KBaGIrM-fvL7|zxn@q}rAGz~WN2I^jssV*Ucx2@4RxXi> z656__Z=F-?C%fcCs>_Fic`6U06(DRNz>1mXlczQgYJB&o@fq%zzAHTo-9?r#;uS=P zTQKqvxv1->O38@-hTn{4`t?opU?vf}$M@GaWc}-N*rXtGP`y^qe?s5&AWK-G9KwRB z=GM9bO?q16vqU)05p*~uTH*A+_lli^gG|#>^L-}It!UrPPAK<bR_g}=+=*v7e;f@I zxaYuzxEl>N2*vd)2uh0c`(Y%gFW&4nMESuak-rryX*_Wa2i0bky1Up|F#C3*Mlbh_ z@=6LY!Ruf5_<!hC-T3%8RM0I!?Ka$itUAOtDkW{pkbN4fp-<%h&7J&ldv?XZ0Sw4U zAE*(A`?)TU5Ky+TusC`0q{HBCXJ==CWX|!rdU}@E)R<11q0Z9N&&|!n-NA=gE>rX9 zT@VzEPI>=1cBT924$_+EKycIob=v7;`mKSn%HO*b5t;NF*K93)T2j>!E<$3M95~=u zANlh=Xx^jf!wlqy6CQ6>Xx&`pwP=+5JXy-8V&4&BX4!1}h-%JW3rluEZhU>ca<$W9 zPe7VjeS33Q>PC0rbEnJiLkJ%}M3t!zkKV#j?cBMusj<0r!riz~dPh!V2;O+I#(Cnp zF&k=#Q0DGJ2s<fp$C$A~m!$jPHTnE~m%a`U&;77WDBSQ}ubu0{KJGttIL7^Y^2E&8 zEoM_60qj#(%8y_1XrvBeZm!a(=SgQ{^MP}s&5GSaz5R5U&c@2{W#ShH+<-{|!XGi` zH;0^~7&O#Y#F(>U;K|><E`>>wd^o$ZsKJ7(^O!3^#~Bj*=2(R8ly>fBoxNQ~BW6UP z9&MgDY&*wI*`lMJT}-3$l^r!$-r<u!C>KkmUy*?y0*en@Mk_CZlo#0}FQS?=r4ge$ z+MHHXRHWwkKJ-a)q=%8H*NabdBJJlf#NHgKq$FB>V?&g*BQBbsSHs@Xx^Q*5RN1i) z!ZE9Q6@gX?-HriLYe+_MR9*<O7j{=LGUb3`w~B}Z0&ns3n)svTc2#OIBcz(Cszmgh zC&KMen(v0%%sx>W%y7rua~@VA)^x{Du+Z&fq01IILPK+=$;vn<Z=LK`9lWiI7|M5! zAjbQZ_tG_GReN4NQl`mjf0UJ`;>3W|b9oWZUpHZ5YLw>8=X*Uoe=aFr$P0h7yZ(xM zntO#fBaJ@Y7u%yW9y7HZsPlG_J~*5H%Z0|T{LT{QR%#34&#?MTAvE86uwLCB$iSg0 zpkb)TZ`LZ>H!qBS)SFde6RnCox*PW(Q{>Bv)a4bfY1@(7G2;`+*`kx<aBy;kRI1&b zaUHd-E|1OfYFvn=AEteQUAL)yL?z|BzP8PMAS`R0B$9`xp57NhRJ5rNrJ4d-269+u zcqjzsi|4~}d66q8^rf~wnAn*@=@<m4{GkhwWj-D4{l*>iml3SvEE36`EJ)aH{bLI8 zoh%`ZJ7j${Se5O}AsS+%ri!@6+j)c42QZxso}cgi+$r>)92~3ErM#VZ(OT6X(FG(8 z-ks`7REZyxI?~RB!zKc!=Z@5e3%W+P10)j@c=TaEGqHqG^Cp41_uF=SeQz({IM!#@ zx}@7QdQ0dNL@a>(sK~^aeBgRe7+Vp!53QwO_~fI>8;A#&5y$tigw0qgbWdm>?|Xb) z|KYvHXWmVX-d@`BB3AO$=1iCu;B45LP@%)mY|GBvY_#z!8+Dz(y~Ba_BQ<ekr#>P} zZk9vx)Zq#U3&rh`!SevQPL_TazlR6a*c!}JD~ssR`*n_9s9Yqs2PShzfZX{E`-T-m zag&QI{tr@QZV&M<f9|V;>NpXH{w1h^ECa3L`)j1nyplHH`heEBa7<r_`p;{o4f`)# znR!D5JsFuy4zz;+U)a80iu2nyzWc7m-~S8{77!>ldvl+`Vz|mHBO}9--va??H?8Wf z0m}|N9-nG_Z*+8YYip~isfpzzZZE>g>E#?-GX@djjw2<+UCd0@o~aA4+P<-ut}-Z( z{^;iz3GT3{faYh*hWhb5>W)09+x4sx86hRp%Dd4QxeKx#v65RWlub!DzRsQ$A3$v1 zuZ|$5$xxhIKU^p1W4xu}MaGnmXtqNA685QyP`?zHck@j_+{={m8OPws_Pw6o@-;J) zJ$kM`X?mYJ%40N&ZsYrRX!MkI5`>Ka2gW3AX#m3XEyy9`s`D-PtLoYX@A2HWvAOCP z%V`-R7?U5>H`tqzgQ=}Ng})8dr9>q@(P6Z<sK_frW>eh$D%Cz5F0L#HJG6u$RZ8cu zUN@FY?Da!0<6_pQLo4{BKOO6HlqWBYof%yptiA#cIX<<9I{<IoGE1A_4GxEpFb3-4 zFmbLy;&U2=1Jf)7U!#iXol-RV5~4n#np2ZI>_k5ux#A|c+3gS@#g#1V`RZb^Qu~~M zLn4!Pu$?aFonvz*3a2D<36rM7FBoA9l1~;RS(7stb*xva1ZQk98ZL*QwIh`CpV43M z=IhkH*3h`}_Sx2XH`xT?8Q0mbsadXhb8Wm+pGyskJG<Jy5aaTblhxW^mtav@c%=bM zq;LC6q2=0a+p-<Y+mG+wH}MxZA{a#MtF7WyBt@sDt9?%$brAURuS58QfkWmqwrZpq z`k@rJWsR~H!&@`o2X@vD>zw+Uq>Pwh%_w4VZXfVoB`K~(;Ei?lzzL*f>ia&9rW86% zUc85I*gb;Y*)oXK!zm(|0>2>t9JIq+IGP@16@D_z=-R}Q;&yh7xA-Nox2g;!Zp^CE z@?vN=y5y7k$!jV1vPD%rI507@G2VMbrtA<xpkK*D&WwJ6$82qEB$V9PU-#VG%E`=( z$?HV7;j^;f&L%<!fh8y`2Hke%idE`q6+Hg)=$Fn05x2pl?|azhFMp88a*t_rXC-ek zy2mL8)4f}<MTPaB6h*vt_2S#)D?jIsAHjPYFS0w)^m)g4g}>x*4>MW=HReO<L~<(j zyBzHn?)c_ldT7<%Ykqo!aQDml7AA#!L`7K96Tny)#9-%=dg0)(p(mkzB<);VWv&R! zcc*3wCidx5W|Y~i!W-OmCAlbJy;5b@rt@pmX%ICXHjFpYz-J5&pD~Q2`9L=QheX{P zQ^Y;hsx4kLQr*&5it9KJC$N;)A#q6rLElOn9s9u2*zW>I*2PH`hj)KXcHmyCQZics z*(6S<-<DTh$&SIk;Ko?$zNg!qsIlK;bBcwoL{*`CGOn@vMSSDTn_<jRgMPW@Q`E)} z8{Z*U&?@lBj=NxViX=B$P5kk?+XS(=m>bWdFSv)IV*~Ok1wQ>>f{_=jzUTdbqWhm@ z@?e=FJ4g;Gu<xWecf9Wc2<{x#K4>4NW|#c)kQnsgNT<jpeULlaR6+z>v%p7zVq{J; zx~|L6u|gs36}iPow`XborZiWl31WHnN2jwYwKgpyV}kV%l=9A+9Dj0Nis#2<GO8Oa z*$yO2-Z?DrZV90k@TI7ctp|)hK4&JF<oYPweP#mLE3c1^!&Mbvmxov}>bn70-aCg4 zLvgp!jSJJ972mjnf~BXgkxPXaEMob>M~%5a@R{A_wu6Fc--H77i;p0bAx2CtRsson z-VW?Y((|}%$06?fC&;R$Y~ji5FQbsGW@fj|zyBkz%%KF5oP7&COg95F@&cmiFn16_ zD)dpf$pT77_F6Cx1qB;K=qX|!!foC>0dHb^@jk1-IkZaX)BMA3wtHjfc}o^S`Gk7g zHn4MQCQMxv5a<{g;s4n_ZBkcP=UfCrzpqHP=k|cKxOo4-0Qb*syyA;}Wb-y)Mhl^& zsM!DbD4Gp(9OMTR=4NVWeyhB=#3!HQ`Yd$JWQ*#cB`ddS<4HO9EfSWnIMtTib5VgK z>g?51Nc523gc2CI&NTdeB8=iLY%bk&C0EA$W{I=J>BL{5F;!O6@{I1Lf)9U4cXm-e zgI6|NKi1vTn)bfs)1Bm5rKhDOQ9oZ|CJ}F;UahiVI(}VAAt$M5;AhL@PWy+dtj12C zY<gUmxHPXLEU)`C#D5K@FP=GsA1Gm&jT=g?`DnX@y*KnMzu*HYtJ>L#E)Hvy%H+1> zP}U-?Q`+zCv1)dr@6vIydH>=Ko=|?H+O5qlaojddD4$eBANzHw)Wc*WAK_cVl9vGy z=Nk+o-Og+@S_tl{!?#VXc}4B@3*Jsk{G>!3?+e}@<-CV{C!OsILAl|!yYCdej$2!^ zZP1M|E4>St6+TtcIZSJV#OdS`s$mQvYB1uyW`aG(O0OPAg|O?a8X^PC5n04j*FzE_ zB9nV;#2#R~hhwLg`f2CeB>2t<?$wo3xk1t*yh3C5zQ~?vZ*8stCbsj^<F1gS!&eI5 zFm|LvcO?iAl^!8LrNBr8X&Esi6=&V8Ub%etTlfv&YBqWl-4Jg1{YPV^%aa@q^F`ae zu=ta)R5^0Uim?0=x^}oL4$S|>-gkgSnKbKSKvA-i;{bw+<eY;NM6w`A78vpnBxg_* zkm!h@WCQ_~JV;Igf&>APIOHfIIcK;%1Mcd-dj50o*>mr6&$G|!I`hpJ>Z|Uqe(SC3 zuGd+sX&Xv*=Z|!A$>U*enT;%dR3F1TV7fd$YIuK>mR*>qE?EP+hC}CwC50+jE3FK^ zUFt7u551IMNKek|0z<Z3uqqLRukoopTYi6Dxz{NlpBf$tzz*nOh;)rPlcM#PFI|W_ z>zgawKD2g_bPSEP)&o=^Lur{K<ZN36_tDJOoh}`Z*J}|vK0EZrST^ak4xECQ|FKKa zOEw^7R!GsJt1W|l)<wji6#%}#2ecmEn|x+aIg4l>0%0k<>~k^x4awG9nwuEa5e-dj zj?<r0^W|7;WT5SQ3t5~JFdoE>o6V|N7YMc9N``yN>_`UsBH)Y#*QLSG5p8UEqU{RC z+uMs*5SVIZU>h!cvCTVRzk|pujyL=r4Kx4}qZS6vVGvX>%12E|b*HU=;~Czp=ZD@0 zru))bI(Hv;N?u>!toP2`24|AtI>=l=0Z7`tud=}6NkLoV1UqC3&AwUdqV{TsUuLDJ z^pD<W7Ss(fMVZEnD~G00>cW9t9@w6k8w8{;?kH@z%Q!G0st<kiHGBFDx30$TSXH&6 zv!SmX4M|bhQoSu0#+4KF9aeTZz+0L!(0~Aib=NK+wtfK6LtvlaAO)HK1SZY}ixK77 zN*;)N-9LrC+rPlxfBA}4-x@EBwocj@Vu!GIk%Z=d6ZZm3{1-$HLEzHuoJY#9V$`Ab zesdBxYwo%RB|J&rPk`|GRB@7n)k~Db+3XPt#ZzA0h;z!pEUi6II#ZU9b{TLbp{j8* z>!7RP7XNreqY?}Ky%$te1krX8AtCLJp!Z=7$pRp=y*M7sG(v&k3nfw`>5nh$h%5qO zdFU}m0=V?u#)iWCGc0h-Pm)q3b*VCi#2P?``+1-T0k27lg!?fuQbPh<ilSaDu;_!w z?CJZ@rv52{t~XRi(lH9<q!iM93z}VAwDa*f0A$J6ujU|HP-(1PsRxQ^%E`w)fBto5 zCU!jwIhp16QNvWfKCXX+#%IBKXXbhgKw|R?EGTaXcC8bH)q_1*iyG!kSd`9|0jB_D z;Y`XFmOC{BX?GAknoUgW=t4^bw+<wu7v|!kS1ug7EX6nc79QU|TsKp{O@MN`_@quV zWU#7%V1|2&CnpC7#B0fB1CJCGOC3^-pkNSoAg!*hu%CZ5__XZe3f)THO6TQ#)5rq4 zb^WXL&0Ln<(Ph(Zf>Ts`uW?c*1=$apw!aQK1<qC88hX=bt42GK`Qbyh-$qlljKLR{ zjF+expy|=<TjSdxBFjsUz-@os&_~c~XMW5HKc{G>r_li+m~y?OoqD>9{wq|-LGN+= z)?2IIm^V+bjo?n;)U0x)l%km;Z97fnqKZ;17t%5ct&DG#E$)v^zSuAg`N4XsJ+3=> z&8}kNzaf=^-lHHy`hQi2nkXlfIz+|vs=lzgvDCn1>$0(CYUA;2BC^^4vYA$g&2@V& zfc5WD3--~bW;<v=)o7vo>MljSrv;rD=eAux<mG#ZTSE{Mp+NDD%!u_@ue1C~344Oa z;EFUVk&l2oGvRFeg*zy-wOhC{h8Ee0+ip7tHv@D+&cvt|GP%>Zt})sJAHD(U$6X53 zo{GaN1Pj;-t@r|2R2V?trmk9SjHl|<b0LR2F%%%By6<{9rkj`%X^Do!QAK}|>Q;>6 zrD_$t80-0158!GAXukx?%k3v%)YF3r-v+=MDcjxZ04jiS3+a}F^~pQO-zC_#gl7&& zS5lLaUDq3(m>%!E2Fk1>T1}KGweUzi(2g)=@=FIqwo4tmr=^J|*Hle<A%j($W?z_D z%LS)v<r!IyF`W(Wei|+z{7xq=*^@pyb+oj(Kb{-!;L152Bo&37C<2BZYEXe>3a|?T zJAit5Gb7i#6P`KlI4{JruMaXdHhfe4)XDHl(0250$4AEt!o?dE;_F0a-9k|7K(B*f zh4H>QOg61s(E>AXE(q&vxc~>xrUlh=`h%qk3l_8ncZ(K3V!<(e5#k~A;+}dh$0^T! zWQceOz!IGGRX*j-MZc$I6aW{}>!_UOm%^WmTD{!TA_+a_EAAA4;!Pn4z?ouNf|W!2 zFYvtrixxZC5*k`pjY$w<VXu$R?M-U!Fr_e|TGurZc8vhZ;v`*IAs&=&Rc79v99M*S zE99`Rs!BrF22)bmk^^%YGH9J&Bx<NOe-#GY3c4d#i#tt;MbNFO5xR5j4`oEGHJ)2f zIXBDE;;mh|m*NCS62Q^OvneqM^YFZMSrY4M@Zxw_HW&=+riDeO7Q6LzHE%Oy4bkSU z(VW~+E24PayjC3Uu(}_nUvbn)Zqcwg56V$nf*{7uh*3^CpEHGko>ceg<IUkud~Dga zPV4j94bj3B_jF}<OsRwuGuxOI_81C>+}(YM*qusV$EIb(tjV5!BYQY3UhT($XCJ>F z3hPcZ>cQ`IIdO}>Elyl+T)JgQ`oK>ATe69UpwA1)OnAMi*EjE0T35wZ5wj947YpLe z@wG_0!_mOwd7+<6R;40t?SeUHzEZhqT_;Vr6AbFGpJd&g*tb+zmv!qKcqv!f!NgKs zVJ}3T-_Cw@QYnE}k_<3~F+NHfB_gT&n4)DA+(44ATo)0I;=Sobqz4RH>*2lb%`J~$ z-(HM#lAej*mKVyGJe1wMwX2R#L5p;;cpe(bDUNs@5S+h%-?F;4?lqisQ&w9I|Dbi% z?(XuM|DL=XXdd*y<(cwAtkcs{$1}DymcEGVA#`Ep6Gwok5M!GKN%`VsUW68@n8_ZY zPBWfndd1@9884YFAK4rVDUw%&z=nR2Dl{3A<u2B=8a~nPEMnefTe?!-5e8KowlN;Y z?aW^=FlApRNq|CikhY_8K=Dx<&&*baYa+OlbM|n-RDiyVj5MG6Yf=`>aL{e~z`y~S zR-hs}J0Q#R7!W4cX-Km7a4gmUMj=2xQSi7e;0j2*Ko%79@7s`!3I+W5<yAXK43ZUF zhJ!@G+<D?h)NpCwPN*;pUF;{2A^}bX`n?IXP@V;<lY-e1xEGy)4SXk$&IBgpS0~c# z1kfZ=4c<<qp$~=-ApJMbpCe({&jc<cbQ`#Tsc~J?HcsNzW=E`BYRV4zph=pCDL??I zFvnkLFMqJ{Xad;ytWEsDbMVUXO*FW{c#4KG$0c6>2Vd!NKokI!h8hNWH0m2cf1nMq z|6P{t*J$HEMcSdH_ny%icHiHc0x0jDEDBH^OHxNuVHh{ioa1l4Qge!k3=9v83knME zXoZG_t%KyLs^x-@b|9p&TnBP&?_*-i0LLtL3PfT*()mzCOE6s#Q`TeLqU8|~=pE87 zNaItX;g6Q<kM;k8rYFA!;>mQkV>HI;<OgRC$j`^pBKf`y!xg(ViIT^|X=41)Q7i`f zklB%^eBB>Df3ODoaDjB3j%wi=z!AtmU%Vs*mZ)Pqv5%r8)huZ6pg9zHcJ2>4XfAi% zhV{Lb+b@`2x&bXi_H8ue#@@Eo1(AClkk@*5Tt=%1Fd<sx6`Z_*^90$Sa+{!{9&Y`U zd@V!rJ>ArGPAhrxdE!p^O5L@SqHh`tB4um6+Pib`6wwNMap80}9t9z(>}$Vg=Y&f; za|W+#RNCFTK~2-gnd3S4ZJfz@QZWoV7&pf(s9&u&Ja@gDO)tI2cJ7UPW4_LWs8L~q zbINROB)3$7j%xi244#uHR_Wmrs^a+a*>x}l!!&eNW}&Pd>^)c|IS;N`MY_jz^QoVz z;}TfA`TV>VX=SIUS?Fm8JkqkRLhh$NbA0Y|N@7eyt^-O7qPkiRpQ4LD;NC-r167;@ zZ1MAi*bwWBIWxf-k<^&!2?d>JpoE`!_pbV}IV{FRIw<kY5WT?*tuQVJ0cKnUneLYN zO^;yq`!+f#Vh!vBE-G;y-LIdvNOm9ltZ@%y?#Y<JU@S8?>Ej>mUf=Ipnk{vj;VI5S zN_X#fCPWnk1kYJ?bi!f#i`-i(7Z|Kg?`sVzC~mzaHGe^gCV?;6UWj#Ky4zP<m-V{7 zam3Nw{L&S2cXrKNB{`1W)OX{(pcNJaH<<8uOIwy?5Yk4Pi*|P{p=uwp+}}TMPCROT z7+(1mx7m_b3wBR?hndFxr>81XW{PRb3(Owq<qv2RKgx6guXZ7aI=5_+$xmz!`T0JG zn~P!TKU1T1J_&kPW_bgfL1lT1(^cx5!&VU@41&cAfHPw(9>U^ZQ@rAQ_cfvI93><^ zeAf{qdq~S5D5Ms$cx-eAVoe5+w|7q6>em(4>h^aHzum3ldXpj6NlIvn?06|DJXDJu zUIDgx5ZfqeL)HGu*XHKA*(xWK(J&>B0f!(sXJAktP+q(xURcwh?K~1f9FnO}TOut1 zlmloYz8opOI~_6__`UW<gmysnrnE??{v#F)0WePUAHg)ff1Z=(1I*WG&BJgEiB+)w zq3zd%LIHZp5a6eU3x0WCizmzie(yVb0s}$tofd<`;izpHx7r@3%0JtueANVYi>U%7 zo({HqssNSa>)1FrZ5%GTo)_)~1F3`5{V!77`am*oe4=)1WAcsh@$uzM9k7QcFn&a- z0S|{gS6Wc9T99pYOT+RJ%Nwb~P&44ZA{AKS(vgRuV###+4A>7p1A;IW&|<I79maGo zF(8-^Y`u=hOCMg{6wIQ+co=_1!$Wi=`rm#++h&j<kJ@w-B_6Mk5VLY0D8L578<LNH z!A|`_Sz*-z0|t`BHbF7M9#pi~XRFy@LT(4Jg<a_AwKSP)B8Yx3MEo}V{i~4pf9_aT zdv9;=`}b0<Czm@gu}N0RfQ_T1rtV6_1B(>UixJ#6o}6*_@EC-0MO0Q+wqIVB1{qeQ z-^1Zf<mBXVUy?_e3ez_5+`iVdWqM%&flC|qF3)VuD&`fBS|kvr*B1<1j=DgpWxM)K zrXarez9|xn+p)S})UpB;+xQK5lus|tl`T~2pvXEx8I5xcev+cwLOeVZxZC9^2#SKp zE1IRXg*NKFF=tbSA6v-=1B<)2x92`SG4awnizjnEOk1H$!zMSHR?DMUz$)cbdT$H9 zD+e});&~k??@bD+J#CLSmmSyOLDO?Wp_KNe{W@v|_C@{3rYg4hEHCc#i0LBd3sz=U zJr~yO@?v8Fs+38^^9T+}I)*__r~|DCeyBV6gcQ?)%DPHB%{}I7KRYQq<?w|bT}ok( zzPBb}8%*q;=WO-{3nyStsnb2U6W5H-U_6(B!PoE-OUHW0i^764gJ19P@%peK8iT!^ zT&==Sl{L73h?raYHld=9k3B;*a38_PT#zo^`t3M|(ESEWe}sRc7QCxBHLWQ)GhwR0 zPXlC(-4QgK9@+(il1CQ?ZxKRRwgqW#F(5m+`lMZ5il%f93_Lbg7(S@-*?Asdp2T`g zaGmblO)0yR4=yl0@?$(8ICk&BozQcbk7&8hoeQ|$N_YCfdeGak2K{0J`+I)usseZJ zYQ@z(TJ*n@>lJD&yrey&mc7><`$WD?qf4!$qhEBet8K#}*ZD&}cUMKlUi^IYd{`kg zpH{|_T+5l1pSC3<+-uet)P@?ar@{IZwWH>QJqKtf{&fish!vdGXYq1SN?9xkl1UKS zb&E?;ztgDd){F<U@sx{3fZ3VYE>>|p-GoaFw4P%ETIvDgP}W=$q>OkUqr0s--xW&a zml5Ht=_&Z<^c7mWprN2O<qN|^VPbEoD)g=-ioS6ZQk^~~JS{1DehDl<0Sg3t=6A=X zNV-6FC0R%&&jL3t->vwN8tHD<P-U>oR#E3U@QeoSJFJN16G{*HuT8y->R{e(aHqa0 z4^^e6x4Ku*z&G|*$!cui2De5t=5Z)g_+?Z>vXE5waX)w+PbyrGx!~~j1X>CYNRUw| z(}D*txPxpE+X8DdMAtf-C5F9$#U-Y{qP7zo2ewCU92^Dv;y3TJ=iqQkN_F4IgQIrO z-y--_behKXjv+MO)@w$`09eIDIVxf2kAw62$I=cay@MKz?gwUK&a%}@J#`@!7T=pz z&e1Iy>yeii<pQD*YGDVmFeMXcC2IQc(+49V2ofNY6d!^shX!5;+XXvod5k_Jogb<Y zMzsWe@S{Nb*e_imR?B=9%1KCv(AF2F$4;V`A~`=wuhR-rpN^?NXh;T0JrdG^EZ+cl zKKh!U2U`6RSeOGg<Dv9`kO68(FObF55404BH)Dfm5uii?S8!4SHPHtHKLw<T6aefE zZU(%M|N3e5s4zHc#SvIZWDIs$rAIv%Q-u)yEDT~g1Vt6s>0B0u46LM3UiyqhwQU!S z=A?XIDJZXV8qrs{PU<d*%e~C^l|4FOkcz6Jn4FKjhpMm8nJ(r8EMXqlcb8BrH2yNC zJCVj^0J}xvS$Bj#G*U<$U8S44yZJ#pEguv0ni+ZAsS@GIx0;l_m(L4jfDT7+c<s~d zo8DmIRtJ)W-s%__%h5NJWRbU;z-Cz3La`vR_vo~jSvS3b>HmzxLaEAfR^jrelp5wq zu-_ALd?aXhDGg(@8~11;H7|n|67=!7e;#7hO)Up0%8uO(sGBJ+sFmjB5w<3Iug@a! z#dkRd=2thRGKwlHsN?DNl}7CJ-6kU!LuA9KO5E4pR1JFFU7l!Mv}TXm<^>5s@j^~b zp_Z6cT2;CwTAZur3p!0BmzSH_JCObjec-)Cm0s)gmz``_%i8J7dNBB=I2xo!P6)8& zn2B?ln++;ND34xS*r%SK?mLLlUDjCPs_pUg^3rQPxVv?$>1x&fTFx{J`u(<JZW_dy z@3Gj%89?)kR+~RC-uRZ}VE_8G0dk?U&1@sbgP4B+J0z9GL9zURf8F(iBj7Z+%~}U4 zJX~h)-I0*e=;(RMHsCbfT@Mz3Ikc?JP?gxP$G)4Mt8CwQMsk(xsLzW(Epy1<A$~^f zSJs|I#mCRTmoSP=$_8SA#2<WSX!#r^Ww?c%<_$JNbaZs~>p|`FGM@skm-Yz(qD5hp zxjrO5<6A3JwLT96p0u%@CP=$FBnb*4`3&qWw6=y(IlI34`eDy?U~o5cy(nNftx%Op z|BZ=3gJR;&4i}BqZJ;eL#pxPrp{k}euca$GRW;9c#P{aBS(&SB-Y1xCNg=rA+o5j| z)=w5@q>ZuY9$PJ&pLTV2xr=4ahfpQ0VUS|L@!KeB9(ZsnHJ@Lh(lhFD6#;V5&z@`2 zd@>WSs9D&&>|w1}vZ1W-=fUuusnGhAJt6w#hfSZ#@cbp9hM=#lk|CG-9ojvDk&$i; z-O26Wcwi@*o}W@(pfItHtE`${7`J(ru|beyF3htx5;4H{QKnGv_JN%-PucF~plE&; zT<5iYFnb7hOfSdm*LH+(Vt!RvRDXynwD!Do8SmTI5w&<5a*5JRm7m5M=@Gf0+iH|B zW>|l1bV?gG__jeW)3tv2Y2Bk`!bx^Yq&aDxRrUOQ_P|}{4Lg~<>*?*brrR(Jc<7U< z1(prhW_?njONpE!2wHufoEkr=@F=ljDw)-oi{;7JH;B_a$VBa(WlB6q=F_D4Dn#8= zdAy`ZKzDEXw9x3USQrKGs(}x2pRDmBw6?cIzz31Y%d@XoWHrKW1j9Ck+)wc91U-aX zzfW5-q@Qu=N{j7nSAP)ShU_d1&#W>FXfWNNAu1II#58IIg{x6yCB}}W2MaH-g(Y-u zOoIGn>veilz?3F-Ifpuj!L~Irch(0=97dyNl@=Vi@?EfN%}dGzLSc?OHTd_eFgxjW zhV;tSp&gnG?XhbevQT#Y^3CWr&o7|l#i7B9$qS1Jb(SwY7>Sq-)8!6O?s>429veit zeLAuGeRcYDT5?r|CssI>ug^P<&0K!rZ+gYo1cUoXyqfXFEZ~s~OtNLcDWqrmY|gSG zCh^4z!ZX*KZm?;BM+qvStkJZ~jg%AD&YF2X8D{gqYV#L({j|KwGeC8RCsX8stnlu| zo#{!Yq8YBi%M>z^O16$uU%jAPTnwTd8e$gCetC9S%AhCmwAIc8y^5WVkU7yT!$;xl zh^4&KVA;RJI!yf>i(VdO$ti@@`a;~VhTIZ!+Fb0lOu#ddifYhCTgbQM?1*cc$}|}L z>YH2rZVZU;X0qivd`&nnK<ur<XtsUG!-jKUzR0X^eR@0v^2a&vE(IPLiuliq(OuJt zY$JUIR+GjOpYyL5ltfv@=F7b!Ius#>CY?vfdgSRaIm{tpYgP`6w9*xV2qe%#+uKzS zuAtnz{7V_Bj=`{4-*Z}0M>lql`@G(>_teZOu(kKGs8@B(mB%)hNP|N8UhNf;vgro4 z<|XO%6%ZgFUcCR+B+BU2(PgLHm7NU@Q?Q$9me0QIn?p8~+D=Bn9K))=e$H;6A6r%M z>${A*6O;Oi8eRc5hsXC`^lO~&xyl}xnYQ6TO4?d8WrD9EIzfCr-)w*5qL4lqqN#d4 zc$Pk_Jv645Oz$<+pjyxBM#|icD(aX7_g8k(`L(+Dc+M6%;}*l9{RVxv^p6>intZ_% zm*>Pk?63xE%sLFiV<Gk(Vu;GvD}kBL=W1YVwG0GWZ>7E)g4N}mzEr!YLA?Pcgtaqi zK$)}-!kTT4f{8nbr7T!g27Mk*URg0=;&~<E*n}1_Pe{oM@%4V)OWjlKH=xA_HS%SA zP3gf~Bj=j}Sy&*5m?32uI{XLid^1s^57HH(1=w{><6eb@g`UuBxF*k1#@!LLo=y7A zx8`Z42xz1NXTkC^RDlPOcI9wr!nwmQQ!ic3lOTsr3ZVLcDGi8Nb7~#+pq1x0>4Sk? z`QB~*=n`OV<T!iO_7+MO0ct`}_Uv>$YqPVOV;$Mo`$I(nFJD(SO`TJB$sYrYk_Hp{ zT82PouhR~))_g@C$9TrYhW)79nZ|%eJ{vRZ+1_?{w`^L4sau#8bl4U6d{f2K(%zJh zYd{tqwS1ajs+99(Z>~KpvE=4c(h<?|cJ#uRj^wCJ>#Q657|jj#${b};Mh3s#M#PEx zh*jt-kG{#AmSf%x-M877Y=VdSZv=?%O6rJPU3_n6j91&7Fne`~jr}@Nyt?2(WkCTW zLu|avTqgC+QLajB`YS$)qg4|t{*P`b^U>Qr@}Kf)x1s2G#Qbr>ZuCyc9VuFB{NW}G z_zC^<JuX<r!TO(}7wyI?&26a8fgA<2DTCu`zOq;ie%s_g+0<VUab9NhaXJ*IXZwt@ zYFH+fzM&tRSN7MKLVKLi)$mXOT4VQW-Gk@$37a{4ZI*4Z2|Ju+s!Ylm#MUM0Wx<12 zLLK`B`<_HzbO>YHq+EN&!6E);^<?|xikW{j`Cf7}JoI>s=*9GM<!zmai&G)lj&ZGv zCLlEeg?m;hwcPe=XQj1M%2-8ODu<6N=CpQPAjLF4k6bKA3R|@iXW7=i(dlodkd`dd zz87M#?v@fEVl`2lmSf$0&Vpd_!Dh~+*X||=swIRf2_i<FOEBJ+*x5NOl2+Ks^SN6d z5IuBIl-;2Rcwb)K;IzT{qvw(#&8_J5D$-|qACiUyJD+G0jc6CLGlZs$nk>Y5Wxrw= z?S~nBc5?0Y?#%v>E}Am{*BR2JDv-0eC=)?$y`PT%MAX>96%MHi{UXDYyGlK^*z}_1 zp<k@uoYi?P!R4AL*g9ABzI52SRDcxpU?uUu6M$1?af*9_bcmRH^kpw}UpgThEPGy9 z*;9rfZ7e;AI)sbLzYHSaxXM}5g&d)V%x^nQPq1#7%0`sfeZ*$(BGqOZjuKUXPR`%A zf#WVX2FP84HKr*O`Ga6wD;OoktVo!^+Xl<BVC*u54pV7iy-6=^n?}<_`CynqS+LGL zNvrowAumpbVa#~~WYmImlz|10-yB=if<eIR4pUgbU>(Se^>45|6_n`=*FaAoCc_RP z-S^r>WBuA;=e6ca-Zt=^HjsZ%;8KJymfBVpU$&S{l}jSvQUvQRI1^5z>&^D6WO#{^ z-=+b}f6OX}$9;Dsf+{?*$O1a~p(ot)!Z!;rQ4wk-QPO9SUqXc1qaG9LeM`e_N8A3L zG*3wA&If}`Y7y8=U^k|ir3$r{31|eBC+I}_c$!YzR{02*zmyv$@4=H_T6&_W;3K7^ zzFIQB3eTYtd2n%1no3m35i8uep{?Glon2Kd$>$i@M4GIBe%_|}n(IWwIjtl{G$6m7 zx+<-Slv1MNJV}pzILR1A2Ertu!>;3@U={rezwHne+J`~m^2~E^u%h8Z<Kgs0M22}d zh)^DYj3o5YcMPt2G_!y!?hySk+x>l~BLT@j1=g$TyO&)0cn0k;fajo)$&n-|Xm|MV ze|ONu*%_6c42t81f(?8F(QXAWoy~W@yB+^`-fKLa=$##~qVb~i8F$r6Pu;m=eDETC z8kBL_YIUj1FDgQj14+E}!EZK659Id(%fzu+eSw-gL4Xn@U!nX<-=JT8HR1!C%F}o* zR{!yaXdkm0{eIwTBR-UyMB+q;c#ey*LWiCz3ZJNwe)p08i>HmF3c2LBiFp7w<j`aM zw^Dz9CsTA8KGLeqy8nmbgRqd8*Y+w{!4K$~Q&K3!pjiN*GYn=f73jh8v#N3smmUnj z1dz-(Xq86mSx<^=cxeD5g6uf(y5Teol*``;wQ%l%#=6c94_yXxI2F)tF-R-|5hq8G zzK2o_H5UR|eohM~0JMsLQuqB<IO{}YgOR`?C-9X3xwf`uuU`Q+_Sn=)vIUEOi*-s9 z8d0@V!l{L$hLoV3ifFRL3q+8V;{@875N5uW)Z*T|VEwIv{C23VXDzD}sL=T=e~%II z971m;IW<@Z*3P&K768tKd9cLc1FMrw9vJQtI^agF@U^pmtho)y-fw`gz$4dUkJY9R zz6H1hz~3Z2Yj9TutT9+og(7?I(=g2JfkKg@ZeVYgx*$R{Y4phhDhhT~`F_crq=w^Q zwHS&uItH&387OmEc>n0UEhy^Kd*WDM-{7DVc9w^i0GfQk#&{=zVueqjau#t=Ig1>q zO$|^7zZim~7I}m1&mhc&y0Fx7`iYLY?Qo^&A#LL}azu+k5YJB^$__39kvSA6MIY=2 zI2a(mZ-Ws{Aj_L;D2V=FIjtCMZoV}BfnBeZXI;X#(AmXh@ahgwcnI2@pu~=a?*ZzX z9i*34_6`k+*-tcdWoXv=l;jMu=9DkrC^oURUFdwRhT5EZr>I3*f559XL3Ad;$k_Or z7#_wu3O~5hmILAH*2=NSX~&|RoSdB-+d2aWr8~tQg>H5(MZo9Zv~12fhH;8KJaf0t z#{;C>u7H&kB5qvo+xK!{HqmAI{k~n5m>AEwUN>wjR%K<e@-tU0ePt+Khvy1T^NSA- zhEWNQ9mv}RmA=}dob<lqGXCXD+RkN{9ha&dJ)hHwN=OwKAAVmz*Y^yL(Q>Qbwpp<m zxJaAcXib{WiH#AZ$ckXQshVG7nzmEp(mhN=K{2GcCW#|HKTkV9exIx|tWbY)Xe4)Z znzAp@Mg|VBub+Yoi)`D&(b<KCGK0IZ{4Mt$xvsSE4_@^+8VrgY2reIcaqG9LmzyVJ zzfv%}tTeqVIl#pyeyD5%D=ph9aBMKyqz}rZx_!ys`GftY0Z!03=v!eC1$XYlaVZ(H zwX7bQw^<jbXY@bBCQZg|bZmaxXsx#$eyohvu_!?Fb7lD`;pf4+<qz0!y>F~~j)y(7 z`Y8jYHHW2()oO$PZY0BuJTre>tyhhqfRyvtVSjmU53P;OMV7Ial@$|c9k`{pw6we` zpSM|djkAH9xGY(M{5imwa!fXC+g^LIYe8RQ_Bd*9M2#<a`B8HI&Efz>@z1(pnc=*& zo)nmHX(wQS)xu!KjOBD!#6MBujXoNCMP0*?PloxnaV{q8+%OYD?6v)Fdp)oJHT2l2 zeo5bdvu|vA1WIH~chr~HgFBeROu)E6RU7zn^B5FGcET2lB`|zZ2A)@j1jE!9Wz~;? zi4u$gY>bp*&n<*biZ@u?hw`^$)S;8SE-#78_ezV3T)@(5(>~kHbyxl17j4%Hn$+xy zd2g|wKNodx2)}$eAX3`)Q@R;$*O%w9Lj0kF2|^0$?`fS9!YmO{dPe!r?sa?TtL<mV z&M}c8zvc|lb_ji4HfT;HgDbA_($%t_*oXJ@^mLrJYKF^xFgYC{m?&qM{6?4%EWk-k zqeYr-5?^KYF_Plr-D}teC2QEV+-s}_muKJN5F#m*r9dmao|f$%CX3hQ?5p^4;Jn*4 zl;R+2@yrWfGeCSFzUXVs);bipa-)Q@EnfH;ZqV?laDQf79O0SWhy>to#0@c*9e2bZ zOSqyC=J|OR_UOT0#Jm=uzEU#iUgp2zcsXlPK!V2`N7gZ%9_MQ=;=Q;$MmS&P4Ipc? zVe!s`i%tfz3t|noY*sVi7fB*6R@(@kKie#E+dZYO*n(6`@C<NAMka|VYax?$<Q>xV zrBh%vLhbPVgX)@Pf_PI_7FFbK$wjB&XdgB=x-SI-$X<kxN#D7QtdqOs4SRkspJ7|z z$!Op$fW4X+5M&K~6AY9}id0^#J=*)>O4*Mm-I;dDw|O0kMN5UsMa+!1#%7nBFug?| zXWyCBpI^*x$DX!xHt`8qd~VOhXf4tQyZo^}m+wkjvg7skadzI$RkMz+JC19o1v6@U zCnB0SQt854gQlxm_AMtCM1x@K8=p<d&G9O;1Jn2i_2NXG<W^<r68U5DM#T(k`eBWx z2P7nH_{(}<R_{}fnibUDY;EL|FVHn=zH)E*GqE(E2%Zjtto0;AnX}4jGJmOi*g?c2 zK6s7Lh3#wDJ~!GeUl1Ty$7b7yQ%DN<cH~nc-JC@pe!x*nZ;3Lmm(ejaj4bG6xxs$_ zar{l|SE@Yu?58F~lpRJ2$p;s-Wn^Xe^m5X!HHq2MA*L0~OK_xW<qgC$8Ji>(l*8uC zGW#i7OtZb9wQYsEG!uho7nU2Wm96s{_alj;dZVt~<Ab+Ue$-Dzm6E$+u+_A)P*pWH zRmTkM%rd@Kw)5FDO8H|4>K%Kwlp8s1YzJv);gMEK2U+X756?Vm*mJU%cOLcboc(6v z;!?ERbYaKWu$4tPIC*ezdZ?jBWim!3wjSo5EKT2+a)}|fA|Zz=eLVx@LB^l4j=Gn& z*~cWTU1A;SMNl$va<nUWmoNU+vT@Ule4!SNwv2|2re(0=dX9pQ5vb_fZ_oIN3DF)F z)+HMSA_l<P#QF(i6ja<)wCQK1L@sU`OY;fY7>zcGY%jq|0J?jNJoh$ywnj^RNSg)! zR`vj5<{guZ;DttZ{63`~bM0O42J>3CNO(&WV_AwY^)<+8D(lSDs}Co|hH9lWbZDYN zVTO5H%m{v)0rQe`*Nfs)D8a05JO*DYiaVG1p<({%Okr8E4irDXOhDW3q06&AS!V|1 z=@|`SROjjqbuJ6e*Fp3J#Dh^&p0Bm}QpM1E)~6W|#`f+74J6)*NQ0J}aO)}@DEGGo zBpu>mPc+hE8hBmJ*8*6PHD(i^tGKKmt$|zIkdSd^-=Haqo01~Q;9P3p+tAD!%_p!j zI&FWO&Shsrjbbuw(8*ZGd-3ufR_d;#_!kp~Sg@gzX)s^HTsN)fjev=%$aS&tniqUV zR#(cDg6q%gi>1=uMJkCYs=J=(3^yC!Kb`p5K=EyLu^oPGjY-m?JdUs{sdwq^FphzX z6rQDCq+cFIRb7SZu;Dk$6z2AtqlTu=?K3aSNGE8ouHKAmFyaL!>dOd)&iws|>L&q< z4ON*nOIYo#mku;%do(8-{OPh-eNb#-P<77hrm~!rEl7AUoSRu#=j~FQr57L#ueZmJ zBXKioRAQlXq-TiNYZmDH<XH?7H_N2qL3pc=wLb1!)^O#PmGztQd%KZ;;%lsZBj&ZC z)vr7+OUVmrG707(Y7CP<Gx#Ck)_trfLEA}VYYd_b-;-z@pH9n&tF`Cy0GYY_tLd5s zUQWowvtS0WQVW8aA**sCkt0u><(uYnvnZN<71<Cr#M@wxvn(A;l=J4S)$ZL8wV+Dh zP^qOs8g<N7451$Y0)SvDDN1jikEy-ty)lTxw|)E6C#nz_`j;<Yt>^6u9)x@<n$$d& zM9GR60wI}OE&(;+=e4k-LT5o83b%;{I4Q=va<Jg@4S`m4pP4<4+XSIY0NA~Ney2)4 zE1FY_nttaYyXWXh4o*~U8}a?6aB)zv5=>40BD;&V*bF-*ZC>-M(;f4{JSiW-s67Dc z&3~xp+!E4g<id&Js5YcGySxo5*|rY0WN{A`p+bJ~xL}?eG>7B5tp#S9fULGsIR?r} z5YUSPLVuN!;fvJ_Z_q|1Sy9p=uY%y76*+*V0Fj7qe@!7}*9SnD<GplY+~HZA_+Ue> zyVxsWA*>icdSvi|5Hy5j3P#-nMKnf8Ls=QnU=nb0;29rJ!0W(7+>Az_MhLVFD-tOB zuA2*uL!X0y7wVB93`z3a+XaC1Z)#C@M>8|C*?SnAs4FmiCDFIVzzIUje@6v%M{Eo~ z^kXr|hz@VIzOg|I)*7JdrhdP&PQ)&b<-c2E0J@J9Pzx4`g3`CGCBdjT?q5Va{w@h9 zWnOdZ;}g_+i7AG%PRpo<)_PkZa*s|7l~9`uEqY<FjBCBfz-z55PxjbbCtx6fYc)SR z3-EPP7HUbY%?q!Cy^RkvSTc*KqQj_SN4+T+eW=*@2kVT|hwFnb!_<JmIP`5%fS&;s z3`OBC&?kTshw=u%mJA^D+C_(IHsGD2Tm{fXATEnSasYAwUl{m6pd~@j7UjPHtO8u_ zpKq3~oVX8yqXO%fd<#*k2i4hvN!i0ta)L>xne}a485w$;Cf9@0$A|k|f4yHaszS<7 zdy4+edxHx?_yoZtP(@h&ACy`-Ea~z$Z4l1+(+1(FTYp#F@3%-5{MXtJ1sd|U<9q~_ zl#4!Kvw3r<*eVyn$-oGnUL%Lz`Z^jC(NBde=OZuQ3U^vr5WXf9D_{j7JeSB4QR@b> zt7MhfVp}uU5Prx(;$2~yyCZZ{y4M@ko-<L61zw8?mmL<nM;*>ow82R<=XxP&)8ga# z>RX<7D)xD3yr{!RPE{!38SSq6R&z!Acbt5R<#tMo!jv$OM<LnlnDiw^JAsvZ0?Ol9 zeodGB{c4+8zc@d05sI#H!Zb)U`DX9i=#|A9m#93SEoN{c(X+h}BdR~YYThpx`?=oE zH$5W4%QVKH0P1dOUs@o%PN>9*+=}s)Ad>JMx%-MsCHgG!$D#@O3tt(D$Qf}IN9}Lu zDY38bms5vVCORaflKRx{hA(|J-9I@T+*t?8B88`APh`BNZGP^BtzK`B)q1WFN9z6C zf?EMTjQ!?i%qtM1Bs!JMPDO~omE&~nL+kyRY+rEItF_*DyI##}CU=}*ux&(G-Q_f{ zzZxpbXjaOyvdj;`*6oZEqrpgFQYa$g4B)cWS)Mrem5=P0VShARAoA4x6L(IJMN&Py zLSo2;l^uIvsac5p!gerEa?JA8gP@!9Gi@0oUHi@WNjCORORhdt6MUJ(&!ypoVI1yq z$F6=>KKtNq+~q(Mslm>r(^?&d+<e}tU2hRBFI;r4t8XKt5mNPaQZ^!Ni<?3O(Y6Wv zTG71LnJ1!0E}I!YT8WP(tk@<TDNmv({AxetZ%BAYVB%8rxhd(7&XoC5HT7a6HHz&Y zIy6nsnK%--_NtA`X0~y9QLGGH4M<{L4#j(5B(5Ock0sND6L~%_RTf)Sck6D^r{XHf z8lmlXTdnI&67r|AUf*%dckJ)ij;(o;|J;|jZE0wov7n{XWM3>W>`HQo8ySA=-ET{s zYh){yk4|t}y{K_MuhIWzseERJ;&SeMR*Sr4!82t8X0VAQ9hchJrLn;;wvWL&l+Tcd zIQfzS<*F28YI3!UA;?KflU%E&m1fIX`5Kb?VKyHB@CO6I$CV^XH6ItUDNenor_a0n zHLAfz@4V;->^NBUS^A>oiFJkust_Fg7@|&t<Vyll<jYn4!Ce8tz6~euahyy`mt!n= zqEK6tIYL-injMo}l;+_YpWWC<W9Z5kqAby~3boCtCeObzXMUrB{cG~o`u6*p4X5<K z5q!?`^le6VoM?QsxSzM?o{w;eWRsv?X0H{K3#2Ds{%~=M=yKCF#zn8Hob9b3_U(jI zxHHK*HMb<0Em;N=_Lr`^oFREgqQdjO^G(jZ`WtVHJKC)f9=<e^4AyDYd><aH`Kawo zCH~sBq72`66Y<Yp^y>fAl=-Ko%s(|{{%6#b;s0+g(Z|mP0e}8IZsddT|F;(F<NrI0 z^>L!>?ty}b=t%*6>+jRU?-3+ey^02&Ka}fxreixMK=ff4zKJ(w!swwMGPn8UIu=Mh z>T1{MLvr;6bcsPBpJ3OX;2M_ht$WO>T*A2-(0_tpta)o|)2B7B%<qj-`ckp~Xf5w< zzs=o|5C^uG6D0Jtl2`C<eYV-#I<xGY;j!_`u+Y5d<j3y#5<-zrIu+@OeOc^tBm-la zgRGP@<ezSn-6kQ&Iyp}FAnM`S2PQHV+?Sp|efOe+Y;3^tp-k%MTwYfZ*}{OAVObAi zk5`s6tl@m}Vi~7$ub8i0+rwR)x4kQN;>kpOPWap5fKkPKcU$RKzE(Wj<I4dIahsZ$ zHw8LUUay=GI(8C^O^e{_o#Xz-vJU*uI0UfIzc}G<`6W8jtj}U+JbQ3E<Aa;|j!*4Z zhcYMOzGB<cdT|f3H(oS<HD2|4KOuH-k-SHpFe%>m{bOSG#}n#UH#OC7-~1GIfsuED zSXc@gMLax)6BYdOKEguBl#@8F6C`gGT&Syl(y4y3<#v+JzJNuvHl^trXERlf+n336 zqdao{(-R@)^_Toh#g5ONr4AN3<|%JQ@fdSYMSR)l^RpPtZv@+k>YjF-b+if!*{Y{v zCa@`ZnL`~mp1!CgmTZibVN&eSNj$mH@MQZkl41J_L6yXP!ewfYi^OxUZe=PMrRQr} zmh>B6`{M1>K~8MQogYp{>cnlvrv$%zp<w(Hwk@5mY}d;h>1%@5EGEUtF+V={+a;Zf zFqZr%M&QRgf)z$1+ip*HN>|FSl3>$dVC?ke)g;>0+&J7Fp_(4Tg~T@7o8)QXcl()6 zm>}(+eBplPV4P?k522_CO&n}feu?4qng~*0s_J@=D2YAtINn7jzs8f6q*WPbA98** z>OVc;&izEuzxQN@icTu->8Qy5TBlw9F8uTwCfk!&S~eReo%mxS>LP64s9=nwdEFp= ztOW6P7B%jD_1;G`{S3=MMvrF*zJOf_$>Ucyg2SbaS|R5|+UC?AVQJYNgZFX=LZ7*& zKDqX&5z>72O=EDsevw;{!fOD#qRK~xALID%&&A%>6}+vx_0b?HhM5dUlOEphwL2mQ zzqmL!XHJnA)#K8gkw-5x7PvOFKXq35W~zg3K?molI%+XK-n&{uiO#xx)o%wl7{lMO zFmDE>E5B5o$orU^=Kbo;;)PphM4%j%inL>|uid{HBUhFj&LMo41gpG1b7Z*6qSt4m zB>7UX^elFD9%U82-16h;MZ2_CL2?z3FIZK@@>n((_1QT|j*l%sHfQiniM@##*8-Rw zY4jy@KY?HQHa)N`9i8;u<vYksU2&J(s2p|$E6V#^tD}iev)Jj56!^V4_4Pw+0O{O8 zCAX%*FEJ(BD1J8@|6t00Fy%k>jsB@`^gpD&5gN(;WZO`T;U5K9QPz%w{i>mZ3HtEW zYf{&xrLSBwgjpEbTd+&pfD*?RHfHQ{P*BLo!qJWOIw*AHU<}Zfp^YQz3I_=PVZA_g z+gmmksDj84-ov_uKk|C$bI?NQfI`VA1gZx?TVnJv^pWo({!Wzd6=Sc-Nui#LlAG(W z%rjbWa9G_|R!&OM(C!am*`+ig0O)bBgCEu092`xo<!nrCA^hk%ifG~#^)B`nc8<38 z5Po!3Yj#Z_{!xAF9|ZidMwGHW)Wja><kEMYT!w(U*=801O1fQ=1Sr%598hzzvxAvf zqpCmsQ~?qFl<%*Ko@r3h|0xDqDkVc}6ZU^;2~cs`%mKp9#V+Rv+QwMY#tdcx;b50U zwS^<lDaTQ}I6_#tz?W-=c1LBZP(MjJn;n*~;^pE5HFaGNzi{&NaHF56d05bj2WaZ{ z(N(B>r~!p(KzO;(=N#7PW##4IMn3?;$;HEgdMv64FL(ohv`x5x>W)fO{-C-a8C~=X z|GiYW00#v8`PrrUv)1^Z^~aBDWwOigLj=&?$KPCkoFC1{|6NrxxqliwKQdmwcWL;! z1%9rYSrBDl+s8pvH_R|8JRqBXuKpnYI+n#-unoVL`HQ~Vw*ha@5U@T7gPMEp=*4C~ zB*~(GX?p>0eSs#?cz8eHmYPDx&M6tqsl_WeWE@Ro<5xMb9~mYQ``w~BHQbtX)^9&O z&tHrB6qTtmEq85nr-y-ZTg`|N&d52lxrMAHo)c^&^77|TJW(UL2D8ZY)v@esy&rcL z6d><^NS3cXntauwcV}hqI5K;gDU@87Wz;>OlUu@P_pt^C*=kO!xB<qDk75S-<MMBV zVJV{oGNk?A_Lz0$((bnROolTFEXm^D?>K3AQSIW%HyBg`9qRQEV>w0z5*s!fJCY{j z(>NK?W{8C8y55#_j!h+|6_F<=ll2vXKJI1GvtixPoPg731XA7{e?`ARs0rOF`*=qy zlJdE9T!aYXWwol`30#&zGd0hrFQdm5N<0`ELFtkRc0)VCr7{QYYUXa9r~~%RJMr9_ z8v543=i*)xn!S7^U=$XVDK8cOzVof5F6p$`2fFi15ehFwas|KArM?#QcX@Xk7GQfk z7*F@$`0XH#cN1(}(DA)!Q>}X{*p4UM)ddo{S7+q-dIN~MRWh_CvXf61G%ZJtm+M73 z1*m-1ZhAtZa``Inr;n=133a^=^7|qaw<^5W&nfL)Udq3wouyL4_qKwK?(NH%B6#NV zl;PytK9(TU73adqGLzWREXE<afp3E~UOY=mr9~FmdJh&q8I--0<$S&8&0_CkFi0F) z*8M)hMHnY~^l396F-w$|KK)$r^O9hJIi8&u?wCcs+ijyCMrNi)9P(m!-Ly?op9#^K z==az#ls;W+C!5zL{wA;w3++!d77vV)ur|Q<Xz1I%U?ogBJ8C>kk9mpl(oPTYh1+x~ zPmFE1u&Q=Uo4v<{p9V122wU_wS{T$|)eTHKvb6ZhW%$pL>7Stwc~MW5b6r%HGihmV z!17qOiQZ1RW@U;Wm%&cn@;j0P%#!9v&0j)!v@!U}!2VNm{GXEJ|CAj6r{wtm|0T!K zz~v{~hK9c1k?~)lyxgBqp7p9N4EmqK^8#pwnEeMl&x=OvKSC1pIcQ0AAOdKr_(wdC zKJs18AMyNO<oPc8e;w2d9C{%?qiKi$T5=Sq=lu()M_=(>%Ks9mM?dBJo&FuD|BDX( zCS=de_am|w;QSHU^Zy#zAEN*7$evU1JF@5F{wuQQ{R^@e_|Yl)??Cnf5CL?i$$u`% z<xgbKE(5MSgyS;Y5Y8jP*;VXqjnzyXb=Xy;WZ2bBTpiibg?+Cc{&Vf{A2~e;c$}gM z)WYzpt*Z`jEI1&7d>jy79+anZ4R|`h-Ex2k96F1CQwj{&Ztzcs34QDDo$2>zUy$!# zY6NFJ)3fcnPUOG9x+Nahe3#LGD<O|a+VV+ZUzdy}c1A^@`{>O8_a2ET73rOYjgYF` zGpBG$j(wzRbNeEiGv!*p&=Wh$8ErlCWuIgp_r$3XuKHqvk5^%2=5=@C{i_WY?vS4v zS3ZxsGQ}~%VS7J%RN<S_>UbH)=DAag$IPf*?0LBFa9v~##l5Z+eZuUu+B;U>H<6Fk z=zObRDZGE)bvEK`>I;Vz*ge?BG}B$Yd5y(XX>E>ouFFqZM!#8lf^Af&bC+lv?eQ+? zh3&^l_4L>|Xl7S7)I>rlA}aOwTZk_1zml+{V3=KP$G*pmak`Z!67OY%dX3}g)YvJr z7Xxm0Znt4G>2S=2c<m9L!q*HD^w`5qs|u(NnAWJIcJwAJ9SUZvQ$+<Yj0+X)1BtX= zsw(i!z(_2Pw>Q9_v9O=2On>|_g>VX58CDFL78&D|qi=0s8hi3mJUQhGiLDAtevZcR zo=|6s+_Cdk7lxB$Obs6SpO27>VN1wky0ku?BLa5!y}`B8my-;K1Ycx1buo6<gT_#B zqz>OKHgOQ4`<^X6#Xqrj2!Y3*IsQrL?i`iwBStIR)K!azIylS;EI#FQ#e{+MZO5v1 zs6vVEO)`5Zg;VP4K}m^<gXcaC9DjQ5X;-*I$Q5IC`vKuAU)RMMS9-2?X*Y74ye;Fn z%4ykkC*}%MR;gI{Xe6YD%<`k1^l~Jr(aVZaBDtPmBX+f+@Vkbx@=XEhWJ5&}PCB%$ z^I2n6(z?*eo1;-z@*+5GC8X~b1zjFbvq-)vXo)Xl&Tv_rtoqgYN~=Djhe~hNxMxeV z`rq4(4J|QSF9@8~7CFbcB4_;6DfZUw0YW_J94&kPdboq@676lV%$;GCoa4AjtSo&i z4!CY)3N=aka_93~+TULnXRVR{W|_+Qsqf1hobkEbo6$m<<!`t&`uNF<-oRdG7N{2) zHO<&4M4mBzZp{^`86S8fhdH^FnPGiSw$w~~`FYK-?TzUrYek2uo>{Sbc)6?b>!|`= z#YU;-x+1=HGsddvr<dK<CSqH227H)eVFe<UCNVTp1_m7jmJVDmI%DeJ1T6BknI7En z@D#%{^>|nQ`ngbmf{sRc{2XKKg}})4i@qfc(zoi1s%o7gy__avN?la~JbmH>#B|45 z?W&&V_|9<QW3u5v&Q8UM65JF0Dj>QbY}~0N5M0Gq%ecFHVYkvjW{y<kRSEYTJ=MA~ ze*@U9nqVXTJaZM#yV^M}vSMS>Ii>cpg^w!zlT^D+tfZq372*3n?V~D8zjkQ;LZJNP z(EQ`j{NvF4<IwyMaA<yHHva(5f5s;4olMY2(S*2+z@K3XNqY-J7}}*#RR7bd(X_CU zv~jTbBWUq2&VV4ACuWziuy=60W^QN?;p1mlFg*Iq$;r=-ro|lqi;V`4KY}v!rQbo> zAA<ghw*N`8{}|c}a`65@+H?Ly+H(o~N!s)93;qf1x%j|Os24jT?f(_pE0`Ff0yYqC z?j!!5hyO?Z9$XDjJ|_o+3&cf0GLQfY@BRrs1yR)aPw)Bnvh{-85b)>MZ2jL%$O|62 zv40apM}zI}IY#JPf7jCQAv!lF8rc7tVq^kWw5{R5@n48sru9^Ke0?^}qT>u*XgFQk z-8+tB9CM%YZa$VVwC-InxOC2M&ho>;O0VihL4Wp2q+c}*%Ya2f;!z-x|8ofnhUZu> z*ly>}O4J?a)grq@NkZ`S*$1-omJTcKgND^{m>lb`zxm&lTja<%A6=g$my8*Eo$?qX zS6H_1g<1lFQZoW0BYJ#Xh7<g?8SyT$#B9pEA?qAq0T;CdE1nx>MM4a2I)lX8Q%%Oj z<ZqQMQdRhV?QT0!SK%__FAjQWp<<iWzF~AaiD4t`7$+adSk7c<JXx4kk|f%}l3Ryj zJ0Z_9W_?N=T6ut(<H^9{av#U#^b0qK^rw*K=B$3I;mI5CJ*(83r&S1+AK8EC^CGF- z%sU_<TDoc-`{g!|_s!JjLHrFgS{$w32P3DWpIKG>5*MNS(f39`56ORU(LcE8A6)bg zF8co;7YU-s%s*_Kg(J-5l8UX1iM@)g1qk-5*qb;27Ru1k!qx_)8b~@hn%ml6Qa87? zHgo_#T9`Q5gTvSCP0(jZ89JI=k`m(L-~u(kxH-UIL0-Nq9Gn+9I4*+I6m6mZ<_y4_ zL7j|E>@V#fU?^f(U>IZAW7uLifWM{~ju_b(5DXRY*#*M{97lb!z_2+wZVJBHgWvyp z6$FDDgAarEyO==y|Bjpgglteu@E<A#$s_E_PL41O8xw~^KnPeq6fQvnLI@}4QHsD1 z$ml1w6Wt_gFbk0F!U<kN#n2v=g&}yzHUn7br~^4npuVl84Q>nALkNmLR06CcMDQ<6 zH2TONvZ3z{)S-p}1G<C)y+Sa!FoeMWH8IRF+`zw3pjQZ5;}D>06Yw7te3!(yijf2~ zZvxuJ5#0)A;Hda-#N+&xe4uAJe^<nztVaaw4|@2Cj`%?j+`oAc*P&8=R>a|h4oTF* z2mKXt|KuC|@E{%`h?=dn3B<|4#2$i5e=)STu>IY`(ektZ>fwjKpdXGZWrW70f4=77 zp`Y92u)TSOAlGeOAda>W2RoRBBSi8l#1S;O1LSv_=Kj45=$Ah16`UM@>2imMekB7R zPyzbkMs9~{;I@ZC><sN4-5|!cwpJFX45VN6Ngnhwex;5h6?~WFXpz8=`am7}l`Q-} z$inI1cqE3MlM&3q!5p-Z1@w2q91gf&w9Sz&z6*2YF#ISC>d>!*5%{GrhEQh{dq)dY zfBCI6y#Ik}4n2vZu7Zv;{b*S@IsR&`54(z>5JcJ)<b|R9F>4cJb3+>o2WyCng`+t* zZU>UcQ2AkK2SpAF`Hhwi<1W8$vcn;KBo}&^{Vdl{Chvz4#L4kD2nK>8D0}(K<~xkV z9SMeR=AQ-otu5s|YCp8ffQBGozB2*Sog>7|-qy(uVrT<}{MpIS7Qg}u`JL`S9P76t z9$KX%5&vS5IXO^=e$~S`x&BW?{7vH?W*Yulhliu%NI<j+`B{gkL%$S|TL^#vTRU3^ zLl}e=B4=Z1V(bVpgusB&0^JS#;s!B;*&2ag(fYHqwR3`@kpfEDw!nZ`+c`O!T>b4x zK`&DJO~e0S(K$K(V$u%}{VepqOmv(WJm{(JCYZ+T(D31psSI)+OlJ;Y3PgblNAMXn z)!AcMgHI+H&fqT!c0j<SdH4<X8=dq2)*N$k9R75ubHI`O>zsf-^l!xH{SU>50pV>h zQ1kMi!W)9`X5d9k!2b==$A4!r(Gl0*X#U5k<ge)E5YYTA`VoBL`;DH^RM4*<_6yZ; zq0HwW_eaAkBTF?$Yj!0F4@g=?b8ZkGPCg#+5e9}dJD|oKO{7dv3B&9PCN^fkCi3wJ z@}v6rpM*)4-f;K;-xF`~k^R%6Ov((1&GWZeMk;3MgJ;?93%nDB;YoU=S>tmh@R{~a zO;lBFzcMP4Id?hC5q~|G@z(3xncHvFFEFMW^|;)4*!oS$Vn3bgfH!{qz0Yd~>#gSt zm!$URgvafMmL?TsI+5?D8Xa3lisp4!cYB<MMvE7&mbN-qkGsw$kB%1?F5IQJs~y96 z@D9|cN!irg9=*#sddl3_7<x8k>DrRdZW|)EX;GE(Hdk%=lS^O27NTpoN&*(6a<FNL zJbARKRO9EXyVm11C`73E>D6)-w8u%plvT%?NGWRw2bahz>s8bB@crSG)z?mT$1c!a zO+T@rok!vr=xL@A8}_&^kIkd*bICj0hH)cVxnuecCz9R2QU^_TNRgc}y>V)9Ih!Ha zJ5Q`pG9Y2A*fDRefm?GD7oW8AOSHr6*7ZBf4K5mzPH9u4YSnfp)OXu_D~#62L-R%w z$nINS`x<gj`?wR6lb|`DZ$jC5VwQW-p`P!r6=d?B$CBM{l?tKRc%P>FWxs!jG0R0G zb;;<&am~6~i!)5M2btujUgk%IsyJNCS`(<z_;MR(aD|s`j7V+Ek#ptDE;fm=--oZS zTV-l4S9;(i-He~%%w-9ZXR2kPx?W&Z*7YbzNcQ9vtbse6$g{mKwR~dcdbDsVO~qOl z3D-|eo$297d`A?sSC2W57mFk8TU|GMO!VOMESLUTZrVFsyD$45EhmzZWg^vqy<bFE zGqsM}-rkE5es{y9x;I5cz74msw>on~Cqa%^_!&M+nyISid)8iDuZij&*rgX!d7oHr z__|m+M<;dE<zaW`pUI!WG-5DHnLm!t&96%e!{;_DddP3#obgU?@|2p}=1GqmBN<y* zWsaT252uaVZhVFf5R#-KDd<^l<flmQrX$H2SkBVaeKTwop=m!!bw=+k3%kcT{@$BB z9%_!BX1zwMXO-$FXyQr^2>H^qtT?6OjQk00PT&6KfkP*fw1BMS#i=}9Z%$@_f9-Sb zDot@RvR_^K>+!hUiy^curToQ$8F2WSy=68-A_$@G6UG`wkJHCQ=D$S5`Z-V#;Ikcb zKk;>q@Z7s`t>-kw7_Y|fbshV_Lxj6{=PA@Hw~pDr{3PW70tOR0P8C6nF-FF2r+44v zdR-M+)eGVg91rSCc6?W>2<--In?_883~4ZwY9BkE{CXaGDjT8bOH0t3drKwp&hyZR z?kexFv0B@{oeX63H5E>x*}xJSB`44weSYfIMeT<q!x0!WCm&yUXq-!SUq2A*Eulcp z-EdzLd8Kz$H#ST(Cv$7YC7ChFBw}lv5<-uQj@<oHsd|<lz9vg?EZMB*!UNvgzA2Iy zkpc|2zhbmruFoAhQ*4g&(kN#V>%?mepZZA&a}jyDGu0w9XS-|j0xC|7yuitg!g4v$ zdrp`pfMhk0;HEnU4}G9C#)WQi*~|0d?rp4vck10wvaCM2`M)T83!q4vE?pQHTn2Y{ z7`$<JcXxM}!F`|^+--0h+}*8lcXt@v-G|G*8+-4!SN`2UqAR1L>PTmHR%S&#=bYzg zSGfpd0+B7IWoUW$O=Y|O>l?}tLE%+k4OBF~)5Dnwt=(#1HaP*a2<WFuKVTahb#dCT zUlGQ)5F>vZA5zH!k`eaTq!9jFq-gpeix@M^v1*d5oilKI2d4_<7s?g}nJT<f+~^N7 z5nD#623KTAUP#@#FkLXl-RnPK!;9iqI<Z@jmlk1W(mQie@p1@?7I9|wJprBMkYZQ2 zcn#Z!<W*m~1ATe|{2I7^!Y&6xWD{VpedU7{vdSfs<hkoB-X2;MpVsMd3|fNj^8+(+ zdNPv&ZaKYC^y@<k#InE;0eiZHdxF8bfyuSObyO-mm_AVu9lT_2WVu3Ouw+kOz#Oy= zUJ+i%YV#{dD3MZO2e8<~ueIY>W`m0TUQW&}FnnpKNtA&el4ewpd|^`Zh;INg2OLk2 zD8@o)*hF|spN1A>=$1M196%TgKSZ(c)ma{CpJz`?nK0_iZhL)sVMoL>_@(!6I%wf^ z<s{m`qfS#@4){#e>1YUSM`tWF$m9gHhPWuO9B-g{u+bXpwg+t(GbAh2X?lUcDe^;a zWzvupNmZ{l<h_}Eg{{N&G9HpnsLv6`z>1B^ley_$1?)(*$f^xZW89R|D8fnxBB{Zb zrETPOk=VdaJh*aF$d@F_LJF`QK!^qsTwFJ}yKrRvPocG9F?35Lo#~cde!T>!Ov2cL zA9n;1(=Jj}E!EH?urP>b*25^?1ofpMX5&SCLHui4zmbNE5drEVcL3T?!eCr6#h?v5 zvnI&5V7JfMZ&Qo7XOy@>lEK<j6>rFGtcwgZw0<yCRhc}M{4n}28oNDdNO8KutZ~S= zzgO+Pt&b&@kaTkl_juww+l{gZ3LsVw%P|K@fe`IBf7?NM$fN}eyF#NmMe?ta6q@up zV`ciq)?+b5)^Cr;Z1y^~K=G4HvY@WQ(l+j(vWE>eNotI>4ffP@iv0l$|B;g$L9~kh zsgv6v&5iIjB}Tz8T@juuUl3t6ZcRVA+X_BKMYUaF`Kqvzvi}Du9N<FQ1Rk83Oo%(e zYE>YKz^$lA8!Hj14DK8_M@*!QkmD?6!SFUgnp1lv8+v3Ef6w(48IsC<G+9(JT6c%F zxpzen??N~P6Q4%zAu|P(YV#FBX!udN3Th@8Tmtbtdm%IY5##@mu-nE0_&-$-B`S>` zpf~BtAg4$j?MM<`_miRDT$vzTUP}u+WehFE#p_l~B~iHKV_x?Jj?4Uz_1?bm3{x5& zcxnzIeulO0iS>2m`e|1_wD;|erbkf4oA9c~YKI>@9!G1EfrtTN3w{`uzOEOHK%!y> z{K0;wvA0g#D5^DN2*=10EJbUP)Y5euvD!%W^jazyiwv)!x0Dqi5PimA{&RQ=B>;1f z1~iDtCArL+kKTNR0?+^5CjJJ)%yk%>#QH8Qr-D+Ub^0{v2kkQ0u066ZNq_04WNw5c z^ug6H%NZHipbA8<F5!O7;Y6exOsI7>7IP!KhtSjQ@I|sqk-@*kf*WtYWMKUs=O)%N zh#md^?%iG=oIf9roj+G24=HjAzO|oz6t_QLi%PZ}d{*b4`ar>BViP0|5bWlC?-DCj z3E3^?dEdGa^!4KTBoW{WxGieu6(G);-00i6zIcAPdS3SH6bv}aezx>@+`oQ$8{1=w z-6G6!%()QExm1kZ*cp4iJ9g^o=I7&koAKikAj<iAxVItn;PkS(kxjI<wM9tm7`x>j zNyZ3YTv~+EsZYv>C?3L<7vR&u&t%Jrr26e1F`#r<&eCG*bTqDvHrf6-sC(0GG_ZmB zX{bFkqG`-5fP3RzS@}7tW(pW!*g-gxOAEkEv)8xKA*UO$;}|^?J4nwK)wgJu&`4OZ zPvZUx$mpW4k4YPvz~_@KGK?JW?|?zFEcMW$SO2Z^$iuLgXPOo{0<HIDT6j@|Or1mp ziIBtOVbDN48=!OfL}Dl$h3KyCJ7X-euLC4TdQAE;(HZdie8pAZ|J~=WiznEn<6jr= zC6?`vy{o64j7P<FJZo3Fsn<hV$<D;R_Tssv!`C5X)vkub%fndem}J$eqMpX;^gK+* z1{2lAVMAS_q9SJ^?|P6>LNK7eQkkss>H7F?=lJS)?z;5V)pMA8;CSb6l~2IORZS*N zOHkA9SA;uWuSo{xvp-sOJuQisw?lL5VCvvlcI@x{rWSQv#eb@`eiw9N;dp50egl(1 zum<PWkwVy>7SRz3#F~}x&?V?LSNXuB?|%2}ct3CD4d9zJ?%Y<Nc<UxY9)GkRY~I%G zib*x7n7eFLFzl6dG%RTUTnuA!QY`f8TfA6(TAt}?usS-@j&~de>$a^o=R-vRoR|BK zl=W8l2`RrcA0Rt7PVe2Tm!PVV@8I#%qou%+)6@Q5zTdukWh-IU<fokvg-}!mB2Vyb z5esB>jjv#B=cS#uhtAQTodk*gd?^r#%cLJhS4HVVHhD6x-U)^OHQ*mgs0>b@p4Rnx zGh}B~0){;yhh2~T&C@Y#p*B3BQ7jz6*-<ad?@KU%VA`D`4<dn$PbPv?M|!^kr(|NN zux`IUE(_<AlR8uH@WxHW@d`ABkd?Y890Q~5kFpQLO}zi21%9`D7bdG(Rzynhyaxow z;<-bjYyhmtz}ZXun)|&!`*rb7Nc~sPx3RMmz#QJ^`SS&UPkd|9p;qcjReWXAv;kc` zo*Y(W?kK=;)QQuPIXvT&i6~GET;cB^*&J0Q=5Z=+MSH;b-c0IiQ60GEhCNL{bct*5 zm5tha7R#_fS3!P5nq}>0vnL~N&AMeHZav73-+yx!E@ygV>_SsHi~qN5l$kxc-qEN= zM>$=^roK;PT_O8B!Zj~<3O&WypY~s@0}yjBcdJTv3J5Hr-4Mh)XKX0?UxM7eDBF@W z7|^YX=zxIGvk7aQaag_?2I^iVYWDD(i{ssDjkKNw>atKeR2yuKLQ)g`!zsAawl+h_ zW%A$<=_^d?_G-N!8EKQ{9A(?@soKN)dCX{Eq3asnybj~~p`nvsq<c>%Z29ukW>&`= zlmuyw#97x0U!=js(!H=wsG$O_E!wpNX>%h=eY#OEQ-{>-DMVQk@|OLJ;nLy1X>|_8 zz&kCCyO#RrBY=IfZ?j-eLjhaIZ5U&t$9ZkiJm#D7M~iA}7(7*e1Vfaq*nIONZF$Zs z@E22OAW{aWwChtLKi7$BnpG?vvC{pasF`KzHDk@6Use>L){`;TS(de#x?`QDJHOXD zkVc{o^q#S1&A(Ytzz!T^uW+2HqGYOa)7hR<PaxKu_+sF?s$c56&|DhGn(DK_bMDbr zoAmYGGu?i4NYnP2iHA@^t!ecb!e8$~{k&mq#Ts1M5L|f+(aZwUtP9?(2+XVtY8a$I zatmSBg=lulPG73HzbmoI$@P}Jr{e;J)=nmEXwIIIQW$nal2E_h5aRfhv6nF|9j;d+ z&}S$CJfm1~sQZ@M=$a-_wzRkoEQ4|yVijeD#xA@lskGnMuKH|RG<4TSn+<d`Tq=Vi zQ*Z?d``gSwqOsJ`P0{tXMm3)olm_{~PdiXgx!Bv&4K=Q=YIH5Et|nQ#m1&KQr^Y~# zD;rV0WI?0Z3e`A}*dPJ%Y;5tRQdxeyEb%2Sl<AEvPfvEM?dwQ{x_5Q^s?rbJn?Juj zKY4N*-Zq~Vp4*)le=<vSF)a2J*`2}_k4MJK*~~JRrnw6v2Y7h@a4jcU`%ry$#FbxN zVM_T(nfaY{49c%Gk1gub`AeP#Q)o=YW)Ilnrl|cPOzF2C!`K$cSjNt(Rq=#DQkZ6) z=b|N)WYHv>+z0WS?Ur8cD?;4tI976>Lrh>>Ank;2&QxfKiB7M6M(gYl_uFw$d)Z6D zA+vD0K^OBIVV!6KuGZ}C_ZvIWHp-$UU&Z8liCLeMLp88ei=sw1(~LBYrRa$k4cl3Y z#GKF1oypDjF)gdL9wWbvWvp3<rfHjdr>l5ko;va}@B13Cuk-o&*Brg_-_W}A>b8{p zf^Nl&-^0ob`00%h+0~H4br8!Jty$E*9V)2hi2KeQdlmu~%qB5N0`ba1&2;J_(!~)> z@YF9Fv@3}Y6!6*e%S2je1H-LLh!R#F5fxSP$y6m0eu|`53?#`&c*D$IX~sy>>WjfC zbe6QGZqFZXQ?_=Xl_veU(ealRj`>YO4I7t5wkEBiFI>s3S&21Sk*>t9#y%1?J4+j^ zuNq`SJ!P_E$2yb@TCwO_0IfvXzK<vs;Yt_bjzlDDY5ud(C~{)qR$xt9bgtAR&7A+y zrq8rLXi?!>8*kR&%3!G!OdVwuOW@%fkt2<^gm1=`f`Y|E6s!C(?Y(37xsjlMZX^zd zImW)?6O~|K6K}HY%|Uc+Z5zXU<k5$?oGanw%hG=Nb)5}rLO(4YA`1&4xY$_rwX`*Q zpbRVh636`$u<agwYB!pn{0GqCrRIgo5DbVP>;`9{_^d2+43nDD?9G)|Ewb;$tus~@ zu?i<D8oM4O9~k5RjA2lS#!vWToGF|VPL)sbbXe*F8GEEy=T`F@CgfC`w8|zw|JP>b zIJxQsxoVY)k~({O-!H+RhE!*@<O`V~nXn6$D>RGXX`EX%D|2cGtmtBMl`~1w0Xbto zi|!RpQPugQu&;{DZ!re^aEV49Xz?8JGp~Ai1$BAtCDiT%TM_k^eAIdDU;JukhWEOT z$EFmEsvQ(Q7aGp|veyT|q~4|a`JDhK2Y{HC3=0x&BCCs0hPCWv5ng97_O#O`i|A5o zef}6+OuXM*SdBF<8mkaj9STs7XjWv7S*!dSI4*TRS^|hmd%>8A{I{QjIXn)C)Bnfl zXYTa}1sNkke#VdSs6aW*ALAH-a?N0An{Z};QYtdW8|~_J8A?EE?d)q?Xt#@=`(z?L zGKKb>Y~6Q*Y?WJb6>r6dD^B86ISB(oVU^_MlI$<~gMSf2aY^gu%y>u37)tn4TTa#0 zIrD75jrgG_(Sm2ndt<r-{@(Y^9giIvUS9gYdwai}zxN%VHaBvHtS(`76t*9;FNm)& zChCN29OWnG!8VF%tVUPC16%RhI`B7!zp0Co`%QX2wT*j6S5UCpCuz$$cWl{?_T9Oq zP2g!uTeQntto*SUyj5l;+SC8|8PWcC0I%+6{rs4mTOWOzl%bNeUw7A<v#x1Gv%M2% z+9k`LS613p)i>V<j?ZZ?SB%Fh10IQJ&~^LtH*g8vz4&n>&qv_%*_5A;uzjje76IST zQ!k_<90!Rf3CY=lPn!KaYQm`vLc2?>30hkfG$tFAsxNI}7e$ENlQcBy^Zg!g1<$Ng z!$R6`$fvQ0kMT8IgQQ&QQ?@!un@V8ZbJx`U7IV$X){HXkT_SCOBeQ&YP~13h#aO_} zYnp;X=7chRau)knvswCHDJae6#E~4H*MWCafWvqi43p!rYuCMtq5aw~+z#rS1&~fz zlL}(o6T)b)fT5i>u~KND+#Jgm|I#G=2G)K>KJ8QJ^JyZfMt&MIP1CNgGXCEs)^Jjn zEcpz~%(^n;M-J#~BPx#R-vPHN8?hFA8C<IJ{H<`GJ{eVCH7zX!{>|lm^RaoZ=ko;( zx+W-Ehg{doay80{a((y!4}FL*>qe^=``=G~diTY}E-&U|3{E@~ND=*g1_12oi?doV zG!D>Ep}WPS3UsU1d$hklxWBE|!v#b8q^^*n){u0RXZ+Ceb)u|Gp5`KFQ)jKYIpO2o zWM|pW(*Q*okn6%lS0`&XMJ!)y#N)=wb{Neyie~v~gDd>H$FxAgG>LD^jd<y+Uvbt| zZ#^&EY=y0ABC(Auh}zoVFm*};dnalmju;-(`^Hnvl<EPMj};w_Jy<<l6&YvgCV#n* z(7}YluJ)(0s`XgR-7tk;twpb2t0=jXBL9Tm{l`*a;LZEBQ}g&_>c}bGhv<)z0mu@7 z=Tg>}ErvOjkS3l590V~Wb1GSO{z_>*T(YtQ!!neZ5-4)Hfp$&ts^#ZG0i7D9m1I)y z2@vBgKpkB*B-cjAZd}c7yux+svsJT~!whnkWtdBkh_8&$V*#jg)`{R5=|qidMA@nT zA(XJ_ACAIFD-}Kwe;hcpU#T#Xr>ruV`_b1Px<9Z7z_%=|NWSOOa4F7gG<!}Bsapuw z`Vm_~C5DtyUqSfX0~8h|9&BvHbxV0}pF2-g92x>GJ^ms51IVH_+#O|7n7UM+to}X1 zYjZ>3ob5lZO5z0|SvtD;;_1&k(wC9UDkZ?!8*BFVeC+vl?8>wC=IYJ$_x6h0F9}Wm z<@&0BqxbmEO@=^5zxC;0|E*i=R*>N1NX>xemh<4zlZV*xZ^*~r7f+A(cu87X{P?#g zwg%zEwSWNMmH@u4chA5iuB(H1ZUW|T((ate$4lgOsqVk8cXw;;bH~l6INQUwLwnbV zv{RfPeCq;P65SuC<R5}B?;GzsJ9oye+vk1n8_urhPC1u9M^eUs@9$~)hp!zUCx(Us z{PoF2Q|?8=@;T>neQ5$~Y0zwbO{_@jFLsuAzwcHQ8uVW5sC5MVn$Rob1lGbe<UZvx zU+*?1=hcq;vVxrpnLLW93Kc!RQl)flq@{ECb+ASoq&#08KfPV<9PTG(6vT>+E*$?3 zV|ixWy~_x`y?mzJJ=Wa+8LVA(VhK8Me5($ax9&>?Gw^jUzB^AH#fC^1$WwmF?0buZ zkmmNHTO0E@Qv75e3wY!W+ppZWtsW!l4EtQ?|7dpP${f*lBYwa3t0=(M9J#+wwM;Si z!{t4bJRNSXXE;E;WVor4YIvAzxJ|XBziCgkw7=vZ5|1=?TDG{E$hMlK<)^P;UT-oN zDIw$7uC=`0Vtwdujr|Nd81DG4ec`b(Pq$?F&_3#xTA6!MrnfTN(v*79=3d%WXyYe8 zH&)4B_)d7+s9;ZbDqG$mX<Kk(V%GY%PC*mYXAW0B4xy*vAtT|W{Y0~*zX<thWZ%VQ z!<-UVKbes(yQ(~Lwl{Umqe#}YXiTAsjuFjSLCb|F^J`b8e$J$xqGd=iYt@qUVE@_v z+nTF`EsrBxR${AyD1}8T+I3|9YeTMI<$jQr%0Xrd%6CkLrAC)%nk8MAUJ}8dhn8z^ zaj7|(Rk7s9MGpXn4;Xi}1gC!x_5VOy{v)`Rh4o*d97QI%PXPO$M#0VA<e$PPObU(; z=Kl&te#RF43;OflQuzdh{(q~m|10YM-}CaH3VZ$cRQ^+3>3>Uwo%vsZ_Wz#BXR_u0 z!pjty)QnB+%$Zb89Y5oeL>=wi>>d7feAxm2x#$0t^uJ=)|E2AJl6(IHx%+>Ea{$2q zhRx~6$=mcZBZfQ*grv+3Y?~EL%flwohS0x=&Jp$0CP(GPNAJ?RypB5j5`p3vzVzGG zewpQW`-6Vu@wI6PvVeN11(?hL3QVL{*WB)q_tA9V%_wQ;d2gb~<i!iN!J8%~V+`ly z;%j5x&YE>Ri{qDfdTP6yeYB0*;v%OkQCkb@Q-<#R^<-lKsb6DyDE4U03x9j~v`z*p zy}NhB!6#sx(J~W7FDpv0$@5CF!Ay89zMN-XEjM<~A-)*!D?9n_e0iBRw$&a|M_2!c zmX}7@1ya#dR~3;(_4y49rrPoUo{h!+PdvtdJzQ)6*3X>Ve+M>MK8xirvjYC91N0wv zn`h=(7Mxzv!pl?6ZC5=r{&-E_XFxu4U{4KsBxsl_tOV9Hur${y9T&K(!KlqRlg-dv z(csXY($@mCHrLm6Fn1esSgW*aHAmpoJxduJ|KPr4C2`pAY~DKmF8JZK?bUtAcgTIn z|8K`-8VNWwn0Lo;Zee~y$IiwKT|*C%Cm0DyQNF94cEUxahLJ}%JV}79ub=ngU?0>7 zm>uDwO&Uveqv@)TpxT%5PSi1`%vz@(t$%6<tHG*XafNCfG={uxFJAIp5qiV{VCvIe z*z{@a&(o3~5bG}7J^bqRmQ79Xo)-z~%h_0KV;RxV8y6)@EQT@9Pb;@r^qWnTuQUh9 z;NvSU!mm+_U{jJ_JrM>XkJ7g~*d7%8DA^JF^)p+1jt4=DYZ~@CuxB%eECJ6UmA4lD zN-y5fHItr!QFOekhfG&E#z-+kBk#OCmhNw60mcG7vrd82$UlZel%IC+bD;cr7>xQ+ z!>+zCws&{@p`7F_$Cl@NPzb2vnRSGCDH8%it0)HJtnoXMAKK(@lOUvRWD_H6a*A}u zS%>o0LL^(97v*UHvkK^ch1dEvItc3{^ws}HcYkHsj7`}WlL);B83<NLGHRAj@(O8} z-H8&w!co3!zqFV!VFb-ZRUklfiBVx;L}Wm9k^FiaFH$r9;pw<c$F<=oit`pp)(%-E zplf(tU;mgaDRj@2jNoj!wYU-idS7d#rQ_dBIh#da!^{ay*g6sDP9ByBele^{M7Hh6 z&U<b!U)p137wflG9M6&Nm(U__C&W{<zI@obhk9pf4%y!cKIYzhaVaBz^L=TH_||dx zy_hMn^Gi(q@oQk%`_NiEWhO?bI}NXWR%EXyh`+gK-_l1=n-K?dBhDp4A6mm%(8|BD zd#m@TzH`ZFjlD+CE~soSnKo58c^0`0<F8sw7d!R5I_Ot@YiP|^G7LpgpbQjhU25p> zHPT(X6FT?otSup*bwlMy-Z%N;&EV7#(b%;lRZ@thuIr>G1-$a5CSQ_?zi{6JDg}?o zpU2>LM1=ReQt7559kZt=Z{`-%D}we#FFj-oZ4?D9E$@hDQ?3@n&m+=`w+i-Q6dDkw zvY!m%Pf6vP?w7XM*Cic7naw$EW~*Pn6Q5ls7~bNeTu-5V`v9jeUM7aFe}VvJ+w<xH zsYw;NASOh(|Bxeu9OlM#!YhN$Q5Xq=Et)U}>&N&V5qwxWQPRz^b1xN3By$6o5?8^- zu|crz7^lXBI|h2863ht5`J0c`-5DR)P)qDJvHq6^PyN&a*KpxA-~#-nD+HeV-7Bec z55@u*&X@rY1UoO~f5(g&ZBA()sD6d=>@B@bO7yE+eh~e247(D@+UW0d{fi|SdR=_m zH`UMSeSB57-*C>4sI0<Uo~L2LDaV_Y(-OZMSn=rc5>Oc6!Yu77(j~TZEa-s<>+{t{ zS@Hwg4V{89_j|IFfLV54faU%ndd}0INAwj{=2Jm?QN$o8Wu!=$8&E+K7E>O76nAW@ z^kav8*yW>vAt621qVP_@Dt694JqTCy-Tl=4x6X`wG+j;oLi?DQN(*+ox~2N4cn(<8 z{XfM1T_ZEPMmOM+=zq8IKg|_KOoJmCr1*G^cH>?XZ<%7Td2tVpwbhp&dwoV)ME)<Y z|5HQY`v3NoB74aHA2;3gVFuCp-4p``Jp_9JQ*dTysBCP3gnv+?XbJm;0l$T*%tRTJ zM4+O6+LVOADIpWqKyvi<)gZao${DxNE|{^Jr`O517D1?nYnv}-1dr<<U>?X$q^4<R zR7-mv{~9NM-=MKuK$H%yjKP~d5wi-JWNp&nTRs6emTQ`p2UY_9IwnUZ_QN|Pe}E3( z<fnwEin9ZP5`Lbgk@AsiL=428j{J2wpRVrek1Y;Zf4RmBjMbc5f*}X*2r#t;#g!nv z%d!?K`M(7Cy;9(EQcQg4M9{>bI)dZk<l+_qen2tvN1DyhhszsH*uiJ?F&dp$L^7C- zEn}X2b0=(%J~#4NQ9aXs$dpSOSr$$K+1as;S+eIE2}&`1INcaR_H}H(zZyfl)hWrJ zEairc4Pb7n6{q@@7=Gd;Ki!{xwOj>^@u9MB*rxh3!A%MepniyO`cq;ZIjgYwo9lIV zhlwU2Or8x|-k#x`*ZWQ#eay4MKa5(d7H9IdwwBJ!C<)d&fS#NiO>GC&G^493Xqe~- z&6#M4xbsVDNCG?!9NHKd*hkV)9K$2wkU5UNxZ*XADwf8LiTx0^2`Q`_IBRI)GS`q* zSI3*u)tQ;*>7U+ZD=57YBQ9<gcVW#rvX-3EruJGLnG-k~xjR5*CSzF8GiKp^Ow}Fl ztZ1!5ozqO!O&^~Wpw*`<G}oXl=##UfUu4z<PBC)wYDcz$v|F9rJ;Y_Xo0bZcQ?*Ae z%H~w^BrAJ=L#s|w$Vwv1ezQ;!kt(A(L+w!<ay-RA|E9B+iGG4dHyT}AE1!Tg`nxGJ z0#K}CGsYMCh+D<>`1|6#t4tGlPFJPDKBZ~#JARf4oyG|kU0eGS4-)O9nQSYo*D>`D z*PpaWHCe9^)`6ht1v!Ea@b9DOcUa#aQF|tJU%Gf^W=|Sv(C#Dysh?3``hfditb4kQ zk)3^OYde@UA6AWdEHddn$sinm9!p>^&#9(oiXbqp@G7D0Zd201$Uv7jYneQ&sW*6b zV^4ndsLFIukR3RZ-GY0H-nS^WvQHB*<*+;*caZhs9;nQlv1S?qb}sNPMr231-Z|R$ z3Xks?m)N=%>GEXurl`0G1*c8*X1++2Ml`3hwv59uuy!<N9%Jrz7#>7iq_~`rIF6|- zwII~-!}z$258AK9eUa}Vo}30`V%Um%n6A-V%0<>9EgjN-FJM`;b_89qYvWmRTx-`I zWsSgGyVuSV7V2;{C3e7MJ`X3u`5#F1(r{d_hy=HyF{R9+YUK_cC)D{$$V&dgPeX-X zzhX2%&gRJ@91nvtSMQMeqdry^RV!ah(LGIB(5!d^S-ch3bZ3QghQ4tarBCj-nP>KW zVEl%ZkS|ZUwK;fmQDIB*#}LTJv|?wdxZWmLO0I_*+a7|0Jnf18XGRut@48i*wRPP# zUY(-VAJe_sl!NA?O%>Ipb()DLk7TyYxPlwsQEpPKNEm<!ZdLCn#$Hc@%=3(jKeMiz ziu1itZR^^Uit5$`ezPY&B&&chmsLn(+x_TU4}mWmowG;1T9eKdzuL;i>Zvw&XZw)D z<wc2An*Q)wjasvt?g_pmPGOgVot}l>s3RsUdqq(m8w2KJ_AC*CuI7@d<>^TVzQ-~6 z_$eNqJ_P!xj!cI4Zf%8gD(<8E$TufC&YP$-OHWyJmObice2*1y4Vgl~2+6+X9U#um z{|g5+t2b2LF^nC=s+n26EC(Z(^iDlXf6Io(ueGN;y;-*Q_QG&MJ(LL5@U8I?`hjf> z`T>49C95o(v2m5+L6y;S%5?(~cc^AMXX6^BpS?RiDjtzgkF<J9(MDzs7~-41TbK5% zt)ey@&uk+G3f&oPz89z_2l;gK86&<#AFKu)%uFV;>UatE%nYA?Loc&r+o>b8LeVeF z`erA*Zx7D@t&qo;+oTYei<9ez%6sxJ=PElFj>4-9j!El;l=@9L^%RjzcN<lQeNGw2 zldlbC(o<9d@F&1Vf^TQ|^PC9-VcH$q=upz71KCqGMl(@ZtP;A=tS8Q;a|UG`3FcG| z;eb;)=>-W#(ktU|IJ~UY(mLbdr-?Z{`~Zr5xX~i2la3_aQ@0+U(=5ERcsD7UPE2MV zEwzc)pe@_l^7VV#O*wrgxd!^dtPl?!8|m-?1$_}WI)}e%hQU~}e}&8iyCkhT?9a%{ z6Jqruow3pJy!jt>Q~JNgH>e>5a9@SM4eGbl<dwdf1%G#u(J9*+(a18pxOkY$>Vg;; zQ{<Fl3zDVu=N_d<*-2nRliazNVfn(53r~VRmxtsAegdwR_KWIkux}WuYNs4(XzPvX zZchIhf61D%_>=*g4jP?@bU4lT{Sw?=*kSC*9#Skagt+J7onbyRMgUA&bOXs=T&>h+ zR)P4R*j+t;Oi2~ogNSJ?CJT`-Wh8|z9j%wj<|y=3BHSm`C1ejgsD8tBVD~Qb_{zw+ z{;?;a`mudj->+g2Pt#}CqBbq;W}?`~wfYd@cc?WRXp1zTW-zmYo{H&sFt5Mt!0z~b zdyR3~LhB+Wpz@V}g7JDl?IPPt1v0_rpnpXbAorDd;@v^lY=FOJ*%u)5Jpw?HeQlFN z4MWx|a_xTwKEei&cgQkcDqYxvbb*|30hArWTtc2%S9m*2Kux%66oVp#GwKd8&-g2d zjfbf}&wM-Fpn9Ms>?>>l8K1moL`~`yMdLH%jx*qb^o)v6Vp;r%l22w?dRcf`VOhcn z)mu+l8<yI*obDU`HSCTt2n%EZ60Q2II1>znDcO7nzQR7DU68)TJ8`OaN7jVb#5+;% zd<C7)-$8@y)!sEg#IVgM4pi%6_YM>l)aybm*-nHzI-pO2%>}jhZ=htL0|*o7re@4w zjAYEd;{q}Vsxz8?-Bkg}fZ#zcAOMIG7zrl}Ckq=17YU01rw@bzJ_8j%;=r#W?Q{Ta zXHsLL9SD#f=o!cjTmjy~*2A*G*#mKb$3P7c1Y<noZ^rODdLT0q*1Qo+7J?Zmu2AOi zZ4x$=6F77@Hy|AF8t4qv0cnXK86)PUD~aRCmr$sojKY}%RX{XBSxO=_R8bUBBp9gh za8OlO5MlzxT%@savcsfi=ykAZKtwpQ?;&f<sR|PKq|tFQQlyCF6zB=C;gEEsy_g!n zFlsG5V_)H+RuDXDtr;7-3G56cI%$Lvg%}zc><*AwgoYG&fg<MtOJ+*aD>RJ`0s9w{ zP*`>vWgZf<@mNwRL0LEs-3&6G1O*42f*HA2{)qZbj!S||<|+J&d?#nteg%0pY#9~c zulN*m#jt}9G6pRH15jRI4N<!&e1)Gfox-j@DM3{=OQ5bjK-5)AdPZlaAjzs}-~Lcw zaMd)RAEs*B<=<z~_Ye(|O}7vYvQ5$sdC$mn|HLazn=>SvGq4>uknQ}kVaaAWP!pC3 z{Q=#8tV8PFAh+m4&NG|mgJ4IyZHu*PTBTp0?25W=W^VqpxTLldNDZfmLPUM`&!m#S z%rEl!q@yi8&H@qw&s_`bA+hs99Zo6iDEUO>1?84SmgPLdu5#%hAN3ys>C7;8{Xu?J zaXS5-RdLQ?K6<2kr~$4aa$@V}@U`R@WU2Ch>f-e-C{lS#&fIU-g<98!Z$D>R35Wrh zp-+mA!l`_Z4|fX3sgznpJ#{*K`#ImL;&}QO{&->T$cQx4wV*nO(6zwTPGb5pnpDzx z!ka|Xc_NxL(s=@QUB0zP@oC176+ToB_km-w7`|!_5X{F!dg0yE&Ucn5+E5L&DETO5 zmFOxH3;W@?A)Hvuhbj?^`GMX0&%Y{Nig&`?$Ch{$Y=*SKxsjh_ovg4l=WRy3z|89^ zIZAZG-Al~hmvH79#Cm7hxQ{oMEae(Rdt;u^Bwy7#VNeN2IU#c6n=Hd?q6846wnIG6 z>InV11Y8v^NVkMd3tLg^N&S*+31m)n5-^6$8!kMgp};`7f$M|w0_ur;CC!N2hu=PB zON<kSrNDvp76I$c$^E|b`wqY$EUJXA1}PXcTezoMS)(ZN_e&%4J>5K$a<|YsLGkUE z`A6j~(Rcil_L9rouIRZNtdooq#aw}yHW)X~6VnopZMF57)iDi~->Gegz9UR|+w@fQ zWb_oSsH3oj7@^9Lym>$+IUH%xucVOZL0s<P`7|wOERTGo@J~Amfqo_Vu=A;raQAGd z=%tqbAGe(|Q0t^44MjAJ>KCjsBspmUiZE=k@lRBdbNsmX62Sr@QT~V*bcL(fk`J+W z@O#*k$C9m`3jfF#q!Y`MoczCp_vrJn%7P;AD3%_AC$c3>`CWl8mh*?oIih}8_qg+Z zB>^Jm;(i#GzSJjQ=g&*llsK<euwQ5g$6!-Y4q6aBF-+>=4wbbmP%Y3_VOe44;3|Pw zAU2R12m{m#906L0py$OqeKkhw6}BSzjc$i=!Y1;KG=w=SPELx90<8iFnV#Vp6hcBh z3`-_V!t71f>(4nGd?LXQ{P9kAf?oooWGLx}bk9^$o!=Go0)Y0$KCxjTJ#d-9`i@&a zP*J9H+~RsGGZax~9<!g3%FQ+wk+MLK&OR0u7MW^q@NfYbpj4M7#C9||iDN)A_*Rmt z#^6G~*)g1_-QR#v-bR3=pX2JcMG5V}?%L?aaMV_N3Wk^T=xTqtx<vWl{jmC_{U-98 zrn~+UC8TL9m_B`AhG{$7-(-X`9>QBr4<55D?ktg+$E-6WYIFe43UD$-0lc%xZID{s z<#K&;dRWHKQlhw1wWFkLW2UxsgQcsp(@*?$@PT@5pKi6<9=pjzrlz^vH5prD;=3<% zY%fvo7w`Gbpdre#H4g*_qpQa4CZA<J#GYrIFz%*Xf_l!J!(ZmM-^bV24}KYETv#<W zauux<aTPga?{Y0Ip8e`*U70bnb<GU^n`nphb?5+Eva@oM#rb=dX@`BLDZ#3(J$p=T zhAn}qoqEj4gnA5|x?Mx%tTO4rz-K&h{&hRKxB1<URa()&yfGS&9E^OZyou!e4vle0 zJd{{fSO<p+Vo#({YS^zZTXGHwyXZI=DLCad)E0o!5px9_EG~5Wj(VSPFd||GqDW68 zIR2L==&-#nMNqzk+i-FANJhHvId=gAh6I;_6Wtqzh*yVR%8rlC<{HpPCaw=N$2`tr zZB=5N2Gj=SrtVn`<+D|hiWT%TF-r<_5%`VcRgF}d{*@0UQ0;gKT^e3$L6QSPW)_2i z$Ef+llN0V(XsWaVlTXN!`#sBU({U<u<#%!w&M)%6&dg3T;qKpTs%_oBEpqqH@U_;4 z*4n0f|594qMm+ei*B`C!da+?nUgVO$k7jh9qf)h2js8xlxOT3x+BX--C{L?;=rNJg zO=9j3Z=h5>DLEFz_?FUh6>+B1Ba1Z-<0{P^>=gS<pr0`JR%NZf42_lR)n#_jTADDH zw)#{(iYs}uh4SFD`S#%mt~czfK1JMy@@&%M#v|y9_nselqX72!LfWnGMC-rtHNzN& z4_dJo;flw1Xnq=^d`J2Trz_BL2S=b;1`Cw0b))@u0Md?l1w8Xjhx-VF8-ryRWKV4% zdkYMm_XdQS^B;iB7Wc3ebBiy{GJHDQm)`3{zIc~b8F->rhHB>=mMDR4v-z^I7jGKW z_G)ev9yJ~Z(c9+0v!<aUjp67+B8_qBLouCjD}FTAe68xys_3~(cEZ#{TIy+ZBGg0X z?D1|vbqLDX!Fu|#4&U4h9koa3L~VDMa{ZR|<W{dXDtqzsbz68j=#6~+%OmLh3haOw zbmaI$a#{jwR4^(<-U(ahQk3p-x2f`JA4ufX%ds5uUE=wN9@AM!))kEl_T+)X@|V~? zbgoz*XN#N^yLCXEU_G_|2juHEt|wM@@Zru>3%~%FY9!c!SpB9;Ifba>d7=J<(DBpu z9IOL8AcS+r-V=K>6nUG(7g&B#t~$CU66-O2$X~q_dUWscM8N+#o%l9<=%{i`S{m|2 z>ygA4^tKI)zK!F_JYacgVg1t~`5=CZC@0J3H`nd+a)g(F=p*vvL?6yxsI!1qOtItb z<RJOcS}-a>*w%5uL!E~^&8E+E=ulAV+2i0Y_odvGdp1tRYrfh+!U;eB^2v4BEbJBz zT2?nw_|DdjDlGtm{~JFM|HU=j%N5NnheFi3q*iMF)TztsG*8DF;dnqyd!Htb^(0ea z+7p@pzFfco!)0(l&ytf^8_`ckC&A~hT|;lkR@_mos+H8bf5Qz0L5fZomRFWX#0jT@ zrN4>SxrRJ@j3Cf^{rKG0zm-Ofq(MBg2^N{y6q)lJFuhA8-~2|KFbdyELOZt}RZF0Z zgQ_)JXX?}9iZqj0=ai>UAE?p7;`~i-QqvzriG?+V)?uEfG7;9>#&U$p(a)J?UL*eb zN^vSV=2$MJ&t=6)BQS+++|sxUWeh-(0)qVY6}w0InRJKJP7uc<IXl2(DMb*Hv}WYC zpm^TT<AcbV+SZ84SnRDgnAMH6zK`lz?HAqU)mzUl-`23CPgerrz3%{ke=AsLonjJn zxGlP()dH#bV>_FvE0VVfR)!`}2L}epM`-Ax$G$VJv!%0Rok{)~(gKRP9=jL0`0}ey zoZK{SG-Zn3fVxRmUYnR#@-!Ib`(^hdy}<(v*6&Np<IDT^M#Zg<iae6eOCduED%O5H z3Zw_@B$*HpnkBjmdZpLOiuQnrL(Br&A(K>7X2;HeiMvJv2{f`+1XQ-=Zo6PCHr>l! z2xYDKeVR*30ty!TpF`?Fu~W3V32^qtl#bt0t>cQMqwh)KUWHgg`7F*%<$dS{a^X8R zziHuDJ{s0Pj+$LQOb>@gW6x2)VzOZk(WM-*1?la3NUFF>`C7~m<LL(~TsR^|Myb5u zzAf~X>AX5d%fYIa_o0y$pn2-Ty^G_-Gfye6<oxMHfzj}c&50+BZYSCNZq-f|7~Od1 z{dGm2FFAKX8{~#E`X*Y5*GQ>=1VH!<rGtAaog=be3QU2D(6P^_-82c;I2Gwd!>&SP zlSgzNCPXn%Q9;Aeh;tm~FfuBZ&q^R%NgW`YEmnZr%1Q3DJMZ$N_uZPOO&TBWM{l_9 z7dYDv|JXLbO{1lihs(=jvkW(>m^EzZ*RJ&H!<AS2HA^-)>fI1A{Wg9UWL0@a;PFQ+ zZ89mtWDHKjYNZjrvyiL31Td59na)4DT0De|5Fh!iGiK!FJ(vw3zRVnXh9(*&fx(_9 zJoV5WY<q13rcG2eY9;l<x5bpCi3RjR7@r=8f^?O`U8Gb0thmD#AO6(qqiazF=vv~v z@O-Or&^$hM0eLZo22?cD;XC=p`_WSR(Q>tPL8NS^CU1tGvetkt71tha*;10%!=*Ni zqv2alu>bjEK4c;!@`M+Qr5z(*qlM`E1BOs>^rpgGl}97$yC6zN3f9;+tPP);FehE@ z(JNX^=?jJ(+y!#YY9<;*1cpdPyQ;SL@E!I()8&0k!o-NgAT(9;dR6qq6Gm&PYNn}~ z^7_G?DFG>Zg|BYB(Z`hUf`!qOVXlVQDH?+TubAXC1|g_&A(AxSzJVa52Qc+G?qS4l zVTemRC1k{XbH5k9TNTGF=u}38{iv0^17zqImdhp$W)FX?h3h+mmQ`O=w0NMaN%-}r zG{c<_9jD2Dvi=Z!qz;`!v*n@<4_1XKdBMJ+fwxurYtyQCUhQI8+gJvc{Z*+owPwll zh0phm9fQ|R%!JJW0`E~k9>)P;k-5>QlZr2XsC@M{#4ebRNM_qUVyUU5B+%)vsI?U0 zGQ&DNH_8Qf14H1#&%LmwV+x|pqJ6XQwY^>V*+`Fi*LCHEP4IG`6|?rTTmdaSC*}_( z-G@8rP4LHJf}=fTZDN1Mo@7rWLt+c&u=c-G7b0}(t18bH_-F*tYc`usUj)WxvFHYt zdX{dk<u!kjDj%!0fl?NtRX?1Bjc1-Y*^3oqxX^IMgD2dN$b;rd3v?zk65Dr%MJE_0 za~$lC1gh6dlGT6x6ffBe9f;L&{TP3M;YA1z*0#|xNMe^OfQyE^xQtbZjDpwT<bT?* z$A9%H`Z=IeQ1_gEPhifu<Btb1@<ovkmh+;f{2txf!{j*rO?!hQj#!JaV+i`vhYYy! zJ91K{!9w!Xl|_58zrsqtL#JAU=8DY6okZM2RS&2*4C|SAVX<@s0Dxxa7MiZEh7I!U zeSC{F$_M)kP;xY}^A>=gn~xDp#^IHFr#MbVxT-1Vt=g|_LpN8XKCcE^lY|o!g5dUV zTN=+pLhFk4bxt@iFLj73-u^5YQF2q09A<kp?r%k$+@u^>gPiv3U1<YOd`55Qk*}O% z2fVEqyaVERsuCi;5=k0PhNK8lBVmzaVQ?55oCxVht_>M%Ue>yHg}4?B2&uJP`f@J* zBC#wiCQ@PYLjp6n^Z9xOOT+mwetcHlY`jc8D$Hkx{_#k3QOH+AI&U9Bz1nf%TnNf> zh-00+>K!J{HAIL;XxVk;J#i!q_P)V|cB(WDDVx2i__8Yw$fa{K1+l-8xI=~(+lk+0 z@1coe(f5LpL*xX^Zn4HR`MYi)E?;IXsA}bO--E=FN-w&iMpysDgiywG&^X_Bz#POn zP2mtcs~;ba*6do-6{T{1oogxIli=yts~T`V6y~<eb#`1@Lmc^}mZ<jx;WOGfQKsVj z-ioe0hH0xB;+*AZ=ePS4XiU+S<i2Wp3W8qj>2dnKwDv>b_?l_Ex;dacp465`xgoq5 zlA4WP=dSA<1QHR|j$xm%Aq-QmG;}pytf5cTXd<DYofELz6<WS(<P>P1=W<x#Zqj<4 zM=d&Q_?_zoZu8g|QrNp<jj;5G^N-|!HN-sNv+9|7ZJKF4`G#=tOa~>qGL_BEq_!Hb zjf1FjT!4yj<AiBrnEk_`P%Fr<lchfM@{lrn>KZd1Y@z0J%fzKzuOk<r6Ogt2Qw%e` z`jp5)Fi&q^Y|P~!5`z;q9A=PWu@nOsO*|DX6vr417&l5qJ}bwW>%#cb`EuvyJ0g84 z+{JkgzUDZ0a{aEu;RIP!UnjpaK_{ZHK83lfZmP)-D6sQ4RsJpUvs&Qe>@$Y}*YtY< zz@~UA+aN=Erm=R!{Q|gaRH%oN%o9yjaI?Nc`;ZiOcWqz4HfUZmX1U>RpkO7ZXI8{u zq4k@JgO<ZitCqcyf|b(rx2f<(QhD+6TVFx&dmnv#(QhexwF(vr(xD`g{aa`Ca%Xky zF%?pxgj@?rPp$mLvQx|xBBc6!anpf`y9+`id1j=($L`IlS(`8NtY0k0EWd1ZI*shu z4Ak3mF|Gv#^+3G)^hb^F9ZvNpPUQf20*b8OL?VA$9!Of76|C1wj6OfJGO$XO8t-BJ zeA+$xlmAEROBWdMR2#%5i<T{v4BkfV{q9_@0{j|@?zjL`YA#nakJs?nHgxkLYKvs> zb*y5OwWMGuy;HXZjLj3a)AS1ErHr3T9lez-p3?uy=Ac(Dk3Vq-4)EgxLt`stW9-d4 z=}=hO5H6ryv9-ie2HcR&^&p9()KGx;XQrz=2C}XU)x=qaYkPiTVuAL?`03h>NCN!s z95u#3D=|XD*Qq0eoNRQ<VR&g;rZzua@6QYmI((MKZ*+@-o8LB#qGK7e)RVQ8ndMGX zwE*Gzc6Dj@f}vWo8*>vY*TNT$U-kgkBi0YTv<9?vL3%jH@S*)1pwrv|WTw`&2`Y<- zM1LXy*(38GymPFwfROQd1CC}%ZWzH2!e6u0`oC`xCs(8`!{byHh#SfV=+ukO%0^oC zW2;NcI!!Kvl3r$>m33NkCKd4wxoUG;%+>T%?#FjCSKq`cRVq;~r6-xiLtv7seXP&h zma0l0kRxM8#{t@X3ljA#^<K}*2V*Db<Z`I~c_VM{LG?6r{o05?94TM4AfVvx1s-ih z54scAnA3AJu8+1wY^FuHmtaM<FC^g$JWWOWarEi>r7WwG=fq#z!IprqN}Xwdhl8nQ zrFvNV@q)TIhTUtSqM>qY3vGEf`+a6Ij%HW(Yz=iOvkFgSwWnGL^)-o-_ygc0%bPAy zVQhSRwsB|9_(&PCDl@Xi^c4nq)sl-OG}Bi|VUP4IAl*ZarvJCxPwdCS3ec1xWn$^u z`+EC|xm7|l-gQ00y*8#zG+;2aRInGw0w7h}cP|H_J^8l{epgd7y<~{nARl_1C5)A@ zW|Ig5j5^cWvEqQtI_W(!S{b4Q$2#Vg5AXb1<~vXIoK27wy<@{{I(z-F>4vIC_B(8S z8fLULY&9CNc!|xYBNg{o*PpJ}hTBgJ3aL07TZZs*27Q*oiXW|3VEH)J9V2574j&@* z<1ns(HE^lUa0vZh>O)H1C5Er*L?;3q3!JdBlO^xW#;>8hoR|(Roxcc1=3F#n^0wsG z&Uxx+&>ZWrdm3<zs^f)_`mBerv!}9|o6G6&@f6Ls=!Po~t|-+N&eW3TrTi=^wYJ@C zu@>q3*{m6>Kg&lT_+o&Uh%<=oByl_1CS8uF>el8lPkJ36{}J25^uuAV<1!O{Xnea% zn4q7%#W8`zGw3%YqHy4Eu?;kFX$&`=6f@Zr2HF^=ktUV3@K`qIIc&%DuHVP*=+a4Y zLopluHnS8OO&Ler@~e8)n}?t8)NBbH^~T5=wmvzfJY`bmHbNg^Q6N}u-~B&cKi&ns zkZuCY0e08Ym=cYdytjQY#DA~n%(Et{Vk0V0B#a#Qq{g(7zi`&3cd(II;<1Dj{ldKy zQn<LEtgjV$(#EFD{wX2R&xO~a=_ieYE4d1DTte`r|EiiqSl}v3V6q#+e?uBBNIWm6 z{H(NVaI5MQ=A7AESlaC@u<Yr?M<I;5{qRj!QM~pD7m;j}(hK<M44<m8yi=HUkFa|g zNFM?$9gW5(`O)@MK-3@86qO5su2+jy5XpOQYr45-0pbl3q9tAbI1NI2A+Mf-34-Rb zOMH^@JD<b**G-oL<my^;lZmJ#FruWCk;Wp6!~y$U9Gta4Ef~TTcN0H75jsqGzxomE z`cdn2lgttKvu+K?+A{eM#ET-rkxrmz4Y8tR!QjJP`7&I8^z`zVFx0%7oI{K-7UumT z_9j~S=x%z&9B&Rc_OBxqU-l)j^OWdkt_+~W3Az4G!CUH*EYDWNYiw%um<hp?`EyL~ zs-d_v=HFCXNeoIk6PfE3Y2;pN{#Ls6?EgsBn-=ye1ZJD60fHdg=v4938<LsSg$^pz z$$}>OHou&*iO#zzF&0M9=6bHw_d9^!kG-K$<O`RF6Fr4@7SBy;5D4!)WFoeq>81V} z?GG&VZiGL$mrdd(A(QF)dZx+?l9xnO7Gws;|L)RErXXH$fra9EHe!w9aXMKNKX`to z@JiGOOFNzpnLHh&h6rZ&(+d|d9e<9R<wc9$Z?@3Q_r;7Yu6j-$jyR)6S!<tK%*XNj zd=ZFFaG<B19^WzF<ZP*+^;hCE?loNq>-x?Ie!y==(8#IabO|gjdEZ*q$Kz`IVGwE~ zFaEDipt&d^kvfIe!izwl4K*6?=`0ATn}ZBIJFsVYwdg1gF5TGIqo7CaUVj(7Hj&s; zyIYd!&+DzGDO>t1OUESC47No#v7A-F&M3DMqUioX+!|ryu<4ngRhCA<8%);^3&a5> zH3zs>e&a}AduGtj>B|Gbxx?Y_P?Au#dQp0oOPWnld=p+0nz7z9-IZ9jfyD+0c2BfM zeQsgI-ZuOXn7N-rRt_7Y71*nBek0V1+Ta#b>_CHd8`DPGMWTQ?`F6Df^Ko%EDtzU8 zb3fEF+Ahzp8eFK~DKF2@3lrJ?onzeXg<3JSjp#4&6yFna4(%h~+u&^hvYmn%l|q%? z>+pf6#V$CGIGCRws#Gdrf6z!h{jef2*fVWQ>-R8dF53aG1T){Om6}9rr$9{`<xNmO z+JS<ZDG1oT?DfQSxjAHOzB<{j#fC=X_4?@acl0uWMSr;N(yEOvx6hyZdR{F5#)iBM zjdlZ2=csR?C7zIsu&BjEwt2g@ojun>_s|WAIJ#7ncv4dY6%$yKg?B`6XN&}^KIP$_ zUblU~Bvgx<v};o-Hd@T#$gzt1K^AVr;DkBb<K6$lF}IG2)XYYAT{n9X`5LjX|KrGd zVqVpUr=qftAti3A(m;0P+ty-@zWw8R+65A>t4c&aoXlrp6UmqjT}}nVqi)601R;UV znwpimYK&F$hb0H^gQza3p!zLia|z<!bbGLSmy|?Wbhs=v&j0KWR8xq(^6JhNe7;;q z6i5LE3PMXCi*KBtmBz1EK<KAOn(;CvEYA1<mi!ggJ<8a=SzdPVRBZDF&culs8e%F7 z20D}7>9reB?#Ewt{KY#c9*>U^D?5FG!juHAD_R$xdH!^#!p_z0p4DjE*I+B^;iNsA zNd0mESM+3HT3u_#{AAcf)?GWqF~}_7de}<Jx~3$Vs(IjKc1%tqarJ<+4ZUJ5=bIf& z7#q0uGPGG9u5-3HEDA{`XBq50VmkL$L*gzJN5~-4gaH;=BeXmIE+LAF!(54@(BY}# zDki5H{BW4aPg4LiSD0h7WOcWJX{qi}drx*avEB!2?i#pJEhy{}^EWOp9NStLztazs z;(1khx5kUC>P5HM+?>m(aG|N%>Mgfz#~3%(homXww^VXow8&&uj@5XhU}xUwE~mSx zizBH^@4v!!h6{${{^oY_MI+g`M4%#@uW3V}H9uazlm8C@LO{L0$#aMa_>Szf+eDcR zGuX)-MVstXMp6t;w7{P787iNi^0{fXv<7n0wg!)o0y(P``yr`v_oTb?teUL+9ZecC z$wZr-CO*L4ClvOUNHnFB(P6co!g1Q5#Xsi>>S1q0b^W)vLan0-sUheA_ZPl#O)>%Q zuM1h1lgB9r=}IJ+)C@M3qq-QAS>f||7&o9br!g~`snAryL*tEMA8>KC+qT4EPHk2T zueDjeKvZ1>?!lK@&fJBOW2DN{lkUp<l;l_Oza-V(TubYKPeWGzAjhp8Ezxung?|V8 zdxB|7g%cSEO?)4l#%WtR5`p2quw=%f#}3Rsr86>fmakD=pT$1Z=xKtWb?R9hyRHFH zkopjxiLgMH{|R7`M%KQ9c(E@cRwMv{NLkV;D|jGEI4fm_mD?}n)Cj|}OmvE6bj~SV zV-#hHr{iWoA<tr#?_>yNmxf-KUy9d?4R{?7Q>F$3j(^*N+Iqvu_GYDIhNh-TrM=Y~ z?XhDfRQ5X^ZR*Ly+nfsNSCsS%q|%m*q_cWj^X^o_tC0|LjRGy%Y?bqjnj$0`PZ+&~ ze%Tw;fe1^@RDSAkpkAdG{EI&5u1tWH(_rPV^VOC3ONa@(^PGaQ!pSVJ83EQjCuf{f zW{Gx6QkB#AY?faiY`@ktYH=|Y-HuIBxujF*yE3tiQ$c<Ye~nbw)8V!b1EWPxS3X}0 z@ONW<-T<IVreZ4hfWTZO!%01mR17KHcn7}+|0(o3s9&hOos*k@)7d<Y`29%747M_- z*5D@e_a@Xd!?d8+ThJD`Z&c0zFj`t-eW4lDoNM~E8^u52e!`9A+@tPoZd~Pdx-o`u zy9xWujbG=Kj0!E;&1$r4zZNUPQf5vLe(8QI$CL@g92dJvVWE#XK0YzdH$uX&2y+-% znM-_P3M->I)&Jj{;cKi=;8?b`Rcwqy8<%bsV;S)sg1357!LJx$GK$}$4~L>bP3DPp zg=6az-S<r&Td(o=C3+`IX*I2(C6q0{^<d}T=e9-O-`2gZ%~I%X-57H!)l#WiS?KKd z4c@^G-#z4Q3-yNdHn&Y_Wlc`6-Q&;&*Ph<;bFDY+YR|Q`z*yq`8}ASZc?bz1-N>^d ztCXwlWo#Qr-@@1<IXPmW+FD%%nW$Df6Eo;gPQezN^6FBSFL!3)=K3627R#Nzu<K{a zicu1z;^J+7MMG=LZ&>I$1mjf=4W$~Rkq-@#mK{%Rjt&=AdTC3@;S5?R#-8x`5_ZPD zVg(nNJhMJf`A`!YNLv!=Hb?9B*5rz)9{ugHS5I>qwj;QmuTWDen)Fa=S|Xv<R7K}b zIF%!(&mYb1Tb)$8+X9t;Tv14k?gF~YftbXFzlpR~tNrI}i2qgW2%<#Hs1tG4diGv8 zJfJHQ-$Xei2}F^m(Q-1vuRa1N5OQ*U^|RqC;j4Uu4@z^2uRMRuFA}Q#l7@I1L^Bd0 zn32q>*tu|0YVIhmkL~{A9hrf9zq}(*9%wbnNnEeiuq|9_#~y3CoNgIvXBBdgDu2W3 zF{?~2t2+0I=_99Kf1pQcb{JJ=kEJ6H#O_a@=I$)|oUD^-3LyegQi8k}If~qUe)q(x zeb96yGOG~V3^sAz@1M}WicKIg5Z4_+CXg^{&(Q}9E&tKc`}@>RZtcrpu_dH{=5y4h zGGfEsB_-@Um(SuwKEQycfA-4N-ZcCnWDzjbP5tr;-zou?QZSB<nGwH!Y5fhB6@xos zad-@KKs1_IR)iBb5P#i&y14lhWjA9>dVNV7qh;IK<o34euW}pRG8i-3e3S&&Yt-)4 z%A|;8vDFK(lo2>7Gqw+|<B`wpdt{~Bt!y&4-F@zOW>bGigKx<7cJ2Ap<m@jfA+e&+ z*}h_{JwGt}_3Ass;}~iQWu383zsl%o>WEvNR)GVD&p}(mF003+GP=w>Tc^HtZ<Zu2 zxk%sL>yjkJXf*;ulB<BBW5`42*A3@3LWZ1d&UoZiU=OAc2JmA<c3~GU9x{T*F!eI_ zA_(}B*pZ9FQ#84M&^iNI+gkAaM=<t#*BG|~vet>Tq4^7gWlf1JK_^{j36dr<B?RQN zskhWM!WOH4d<=%_B@>AhMS*X;O54+cK#NN&sk}LlrY5#d)Aqd|fhJTg)w_~>Z(6Oa zTtj0F;{r)A^!p0*%}QWCRiPYvJ5*i2j!rUK{;Oz}TUYtVN>pzb_#@vW4<q*@C#R8P zdq?mYY|Av48Bv13cOplpyVE1!aZJx{n!%3bsAHw~SFeA!c#=B+dD@9gp!xH6mD3<w za-LUqb2d006)g|UptiHJJfEHSrmv=I1o9<So;tqet^O{s_m?zK)oQR~27`z>%sq?^ zG!fM_gq`aYZ<$;4y2aG8=lR_`pPq<)2jZ&Ny&mh-H=DIm2_++FO>->kDBa1qck1*I z@=2X9>+`hx4JNOg#Pn*lJFy};&z?0}zudl4fL#2dr7zNVcq|d$^vJql$`r6?;+4bW zgHpLvYVg`335}AGvLpBILNCNK_JE0MiLQ(ojsC1B+~ZZ5pe3wPD_BBTqs;`=wo9NN z9s<$T8{`3m1sUu!q937~vM*zBS9u(}D@W;Ec{=NFB9x)37X=~AU`}o>*0wPXPUn<m zpkzY#TX3O5<|PC~^4t81#vKQZkql6<nlr|0s>u_U!QY_FK}U1ILa+SOExVrB7)bAU zdSd8!7tOn38*{B~vMpH%8??a{E!JeZt=V05yOYJ$z|&4bcii2H{!7&d&$g`KlB=g$ z+xLy7RPIawqE-Z`T?8>{7->Oqad(eS=Ze6S1i~#K9R|3$@Q5ygHAP-0VEkuNpk;(m z6If}K*hXM45Z@p$g0RJBgv~kdIoAw66Mu^>n*V?()k;i*E9GVeEz8Z|1M&}YHqpC= zuYj2Esu=!_AKp41zPfcBR#tu?Zu!Z{|DRr(50)ez*ODp&e)qTWEJ^W;LGSEunmWh( z`gaZ{RKT#|7$H-1Y&z0^?EJl*J@@?8zC&N!m3R-|Jdr5GEf{(&7RiqHxpgL;RO_-B zoko??Y|?Zc|K=x-y>=?!fAoc|&HL{2c8|q@6|&s8hJ6lrkuK!0$ca&nG(jhy2>B@B zBF?uJtZY>TSzv80<`P_UNzGL^DWsqWzm%T6l)l7oouY2-Z|3iWYP3D|x<}362%R15 zbA*fnQGms5YVuo|zmW5$<S!Uo%Ii(q=|egl3En#BEgxIu&j(<h^se2blS*Y$jjuDj zS}+N-v8rXqek|C5q0NtPjww_Miyz3T<;FXbV*rsU<X+^i=}^evjYBxH)Rsfwd3u$> zkli%{f^8aE(UYYPAKF5Y`$332y}h_D?|^_63$YHc=A3*5*HZFw>e3MqFP{bBG7NoS zkq16s<%8}^X+H7+hC0jFyBiu_4KcJt^3hN-iOzG0m|JozJqcp&GPlCZh%q<8NGV@1 zVvKfql+OzG`8md(oC9iL{i&@@J?&w$5=Z5hWY7y-uy<f37uX@h=)n~!OEQ&lwt*OZ zWn{4!oj5I#$fUT|*A-lnit?t%H%AGnT+Yblz*;XK&<kwIUL}tsTI2=fi__0Od+-Iw z(uI=~6UB{_@YO-x!QL=EgKf*ni_OJ@;BgY<>8CEXo_^ru3)~j~Vbgz-KQws~GNw7r z-Ba3I+Q_Xe_0m+BNGM^Z(@`cNzlowRKL$R2)>7b^yvlRfD^Qve+9+u;JmP(9R@hv| z=ePp3^N2u~Ak6TQMZmSBGzgo6YA)I!ozVovWU6IHYXT7UVRw*cHWM)`2vpXT4Aio( z9iLhsXw1)?4pCOv052=5=O`sj8nmCShGdls;FYgYYJBCRqmjIY0lKJANwsE|z9WVH zd>)aQWn}YXJnb?Cy@2+~svzy4Rj~2_1nG<fs5Gu&JA-Q%3erNM>fiL(<{0=}py2jo z0Lb9rSV6FT#IJztY)3Xv7Ygn%FFcqh#u#DzMXhmb-C87@j>({iY$}X#Bk)CU-eZgd zS$Q$b1xvOP!y$D65DeiZC;(}`*CQ%)9sQ3*ovZ#f@hbqP#?ox)NCO)PDfn^&1@jbl zQ3{6G^3he{f`wMe2;#j207b%$-8Ps!ec=0*=74~!WDr=;1IW(lbUHJohjw$5!!bZZ zfDc47;OSzyFfgUFs6kdZy{9;l_e0A$R>%xMJ*3K9cPYwQ#3ZC{GhqsHIW6=<AjZ7! z_AQ+x-nQiw^H0ej4{O3fYke?9%v4bp3})Cg$6(GA{lyGs|D%IjPL|#7WfH^NHIhQk zi3s@1J`LphIpovRk3BZ|>`rJ04~>oWl-EN~Hu>CS3vUm5n4U@SI249_IFBDW^ep#j zDB}<0cdkDKc~Bka_Las<WzJ;HmVB@hRGzjLHTeQGgJjhV!Yb!dMsT4CTpZ|S68%4# z>2qQKXE96H_vj#B3$Q1IT7WOhCU&$|t5ASwxhJx;wM*TCsu8NitlO>B2>u9Wj`xvp zckgjThpa_L&#pvX#=ePAh!g1I+EvX^Hrf)ARa_ZrU{|3z0+^p}OQ=xQ40_@s*~YOY z3$KP(u8ym(RyhWdGsr4`w6OV$-vTppN?HcEiHE=y&6!}Z-K9{t+JnJNvqHCwPbnQ4 zF-8LpT1sNHTB0)846O<D8p{$t@THv!g){B*rka(?=G2ER%i$$B9T`O{jUH>lPe@2$ z0$pAKG06~**h%D}>Cw^Xy%4AA$av%q5Inqck&1vvmOsz!<d!J(7xIDb?7f_b+If;3 zI07|kvap5Q0ACE|qs>|9HU_wKsS0S#ZNTE!coo)af#pZM?r0lh!eudD25w>zH?oie z$&kX82?aAQrP7rNhB7X|fv5$Q>6^&>N>&tki%Xw{-UU!(i2Lgl+4XG+^h4Hv%M>jk z-b&>Hzq2@lm1jhm-;GS2T`$Uf5(xWlw|n<w3UbD9{XGf&-pK~qxCy8Q!-Z52)B=uc zFNJ5&6=y9Yf~`wcxzeQ50$rDZZ3Bw%-6cs9d(uM0_pz12vGVS<#;D)U09*+vEtQ#^ zW`ozP_*hD!o&4mcBq671mC<gp`Au?}6eR6E*#EwDl@SmZb>=DL%=AMKZGCbAy8HcZ zfc+}~`&B?$QnA$#c-2!|`?mI_jvm}Un*Pj_+!?4LC-M`k_e0Q+ifp_{9_6M=8%jff zfa&&;7#Erod{^xe)F6?K%hkvW5;8xZs&7tN9Bj>^o6c@WzZUAz^{+vFFvk6M$Ofa5 zDh)P$TN3JnGk^D(ITEn*d)Z{PRI1cj^#+ecF<0dl3#xtdyv%%Ff3-MQ*AI`>=yn(( z-6Tl@zC+lJMf49`4*N-?dr{2wE<&`I0@2<<<eupjE8;yI><p|y4A?eAf_Oo^5#Jw| z&R`cWYU1Fr#xsMxIBnUwVNE;Kw4DWR4WD^!<%UZ=T&N`RGL8~6h~%p+Vlnz_h%5N0 zVm5WP#_-%tc0$FtmP4T*D;mV_hEW?zN%hUJGwW1nV5K-tGqgR$*Q2HNdNfYUXm2EJ zm>UzO7ADc%9U(C$BoDz@;QH?tsSq=?5@gNuOVJ-aI27Z-`+#PC7Wwm+kW<*j3r|f< zbnfqho}UYcjXu7<(RoMbGcN<?9zkdr8yfF3c7g{-0lIPwvbw}QLX&3(?}vx?*{AO+ z?B{mF7aQ_jaSjs5tmgVlttB6)sRivd_tx7h2JZF15YRU_G+b&E<!wiQi#xq~;5koT zWcNWvgK3veQu%4s?Eyw9pTOuX2Y>UlQiwRS0^wF6;zVUKAWm?%u0o}P;>6IdMcKZs z_-~GamN%W*9D|W3!&D>BMWs!U68ztR9*-ge(@v)+PeJQFYVklZ$)@8&c^y>P-h!u= z{#rP)8pqV4!YiUu`aX6JhX4EWinU0xRaY!N*>ZmjwSh=gty??Lony$IIr-RFBJOn3 z0w&wy@vZ}~uypR&L;}8%&vo6!gEYOXFu`qxFG~4@r;E>M^ITi00kOJn)L;`bS^%C# z`;h>=Z55ET*ODAcPI><rat@N+#v0NeQIHoY5b^B%miQH4tDQKTEAlbjl*fa#OieNQ z4QT}0HKUpto<R#aYNDLu(p*P}F$$Tn6^aN0duK*YQbI&N0PwxNg0BITT!M^ftFsf! zqTE==uHt;tb{hJ%1$FDvJ*)gf9;FP2Wp0Va;xfUpPIR?Ug|IW#-dVIu?43zTTIY_p z*<kMsdvA%#wh%Kn7Q(+rscDh~7=BOel8q16yJT7wEn!FQU5$QUKv>EG`TsQXsp*~` z>o9B$T<~w%qPRl|Ga~DV^}dH8?gqsHg%v#fpG1;j|9#vY+}(F4cR{4r7KS<CBJ3A3 z`G=d7e%K92a;}oT^eCX^tW+$E^V70oF4QYj5gOW+^UDaesis>G&=#ZUqcJCCA=Vk& z5Wu?f^`-R#b{~SA7j_>Sn-%DguXN99Ht&b@N@+l^*#*Kc@DHnLyYO9&^jb80YxH;{ zAIob^4stDMO#|13^5)04L={S<IbgSWbifcw)V{9J+NDJR!I7rQGx(SApCCQRFfxH6 z;$-%SDj~(&J;ikK^&;*pqQ&2QpFzzG%6xweb&R3rF?8&Amkp@NfFcI90aF<a+uHFD zy0}ntr2mzE4CzPvFSi#}n^85s`Hfuj2)}=5V(WPC)$ws{wwK?I1$SnFU&r6%pZIM> zO}Vv=7p9Bo&97a*bXWfy{TR`Ys+PO_*7^<1x&C-{UlWjoYD~%cB_Me)n#8HwYHpE% zee||WwVQ4<fusU$VQV|Z;0z(__bYMnH~dRR^<JZ{W&7i6!ovnemyZ3cbZk|)<H*;K z-t}L0$2G2mGaPRVdqSBVkF5@sU1*cWQ2EyAps(Gh9WAi!K3yl*d*15QNv5`BhZA~y zTOwxeb`9S*7B(mqUZdTI$#CDm)~^1e>r&p_##UEXCS@{>#5=e9Jv#=6Pppkn@<`<a zZqyRaI#-OCLz&ri(F8{7Jk1Vus>Q^{`Cd1Wgg5Y?BHbV^m^hbmjLu+NrxB$R$-{=N zB49^Ww-2UzMjeEw4<5!EErNV)WsdTcs6Xg+ULB^Jx$)~4wFXXS{(u~T^NHcZSF61f zK5wh<0`x7Gg0;?>?ZQko9bMSO?z`{5-O;&stW^UWq!LETM7XJejx}vfzP`Sd{%T)4 zP{?yZ+7fU&gJx<$XFGi83)>>JR<BT-oCXJLkZMg@V`^1)ojc`J4WIhP_M@*nQc!z4 zLK9W>tNe0BA-QU2OZ&c6DV4j8KgZ&J5KH}-JcOi>{nfc=8bnj6kRHSf=N%zS;~aQ7 zC(lKT-aKFK=8q8IN56%A|3LiD-O|VBp29G{h+5l*C)Qi>A6M;{&O4{xS$!6(qRSMj z8+Y7QYtI<6|Hd`+333=QATDG;So>>;5qk}>@fjh7IMEXqau)TVaPx0kt3xDBFD?A1 zMNgK{!I%c>8r)ZMeExmwde*G%>|VR3t9Ix3aS-T&`vhx9lsei6OPyJPA@n%@-Rj)i zwrPsL?$UE_3$9eZz{%<>U^(vu`f?epe-K#<{};xWkRtZlxzWHD_@9xibM!!;3ALw% z-{S+cXR^oPSur><HiMp+-dK(eX5l6es6Fp4r#)|`K*$Z;W1|9HxvIW$^(IQRU?+d3 zzQ6`p$%fbXcXG%6dSA!x(WG9A^ED?rymE4&eN~Iu+A}Z|*m9!i<oy?bMD1?%nqtXT zJ0or!nf+0f4y+se?Cb`=2^yx+YgGDXqYY}9k=L*__P9&iG4)s(OI7il{U8Q}PUTAZ zuwqRRV<L%zRWcFm#y?e_L0<r<dyxb(Ue!1sKt9aCAaL4ZK~gbT;R`qi_0UY^NWuK~ zzIj!|ke9*p%YUvekK$<n#<|lFb42qA@8F%qV2720g&j&pI<;2T%rG`lP9Z1|9AfW7 z8>2L%HQ7xzpOGTfo=g}1%tDbxP=1w90Gah7uCx5QE`oKj!kwNa`4XkLn3@<YexEnF zx8-lCYTsT4_N@ikUe)m=&~7)vfS*RhgIzoyjT-sdfii~}-82~(wB<E5i^bOiu2}hE zD%?m2ojkqRry9?`Sa!5h$l~#r#VlSct!MGoXP9=ok|6DNG9c~#5RHMfd$Ij~b;GuJ zs$8`mVEqQ9M~sbB3Ij^hC{3XX1f>bU&Ng^tPF`4xaAXd@?R>oHeD&SM56)TI(9~~C zya$OKc;->$uf!8uK=KI^9)}|(r0zX_xHCM3s2hC8xuIg?$y#MVPhYVoA8j9umMo3H zi#y7IFlG6(65t_Qz(jwX@4AVHTFPY^#6gK_)+&c$$|mfz#?$JHZfWBicK{}hyUiQh zQgdXKHRx;(nW*A3qnQmWQ<^||Xvn|u_)v2VPD~S>=h7CwQ@8EAM@LQJE?>CEuj|@< zrd;##fPob9Ns)n&4npqWoju}E!&9SZw9I>Nrs}<E;Jrf@?_dogEf0`*W=<96kMM`L z=J^db^ZYfyK0kI7&p!tg0LFIU_qiMI5Cp&i&W#?d+5|mzl%F0w3a3ZwCy-fla#hh| z7LNh4HH;GQ0w+cTxA+GQ`^c7@KP9@3&zv~+jU(;d$6q{g?>Fvlugn@!W4-MlG&CmH z^kmnxS<!dydgZZV|NS%f-1V(Ti+%UcJlKD5bu2h?umGN;!Qq2&{-W|6fq*qO&R@9N zsOtR1spaM`2Gt`UcmCogU(q;!u?YQ3&0m0!c&op!yQ{e-2bLhe&&NMBJQnBoc3sm1 z2U3<KoWI!Cl3W=vpjVH*cA8T;W6sK!s!1Y#Srv-Cf$pHbeEQt6?B3N$72M_X^MS$C zs$GJ{U@!A?Nq34G!>Zs`1O~CHC?^%Ca0O1mJ(fWDsTp)EN9DprR%K`&H1HxX8j}gQ zck_~{E7VOtK5whxV#>jzBf(xKWC}{Aw>Y$hP!y=hJk{{@w71(7j%G7W0>?Szjaey} zWqZ3KvsV@>$H7z|tHPyniZO)vv+dr&-UVwPMBc8Sg%qoug|s3EyeAPuV{c`E6QSPL zWOC2~WSTP=&YxhU>O#BVF=S2rDMoL>6O4*RH5`#bjHsG0zFU<DfR1>K(KtUmJ24(s z!&ce&oFkHQ&HuR<yN#2Ruy?b2o*YYU<`PDRkTG&PoLk%GZuRSZ-Q`u~ZeMEaqiaGV zxrk0i;JB2L$=U2s!kubXvpplLMtWG(Q93g0SDDO)XvFR@NG%Sl(i*Tj!p$~!B)6$I zx4#r(v<8*R;50S4^-_b`ptO4Q&QP<>70GQBI3mA59!8!<KKmNdj>V8EWDB+e=|c`- z1JmB1?!+m+)}^wj4)jg+=~OCR-xN`P5GkL4|HXtYXFHm2-?A_7e>*nx_UagTtWUqi z?klc;H(x%bf|EcN?r~W4lJiwBzHFYZPdLL<!uX2tl}kXM<8e3+DeTt&CA1D|A-b0= zy%`^ykEmf;1{y{#mMD3VU%(_Xl{*Ftj0MkLt%0Of@;y3#*5~O68Z9<CE~6n0rA8W- zC$V+y9T~k_Wihwz{j*(@Pj8DaR`jyD4GLwg>{Z>YzanZhux-uJc56#;5&pWDXMbQX z=OYRI0GqpWb*ynhpkDX_5@5RVTkJ{VEYg8|M$pn1H5x@{5b?lW9_LJoXw@u7Ve#0* z*%j3{6p&vNmxO~DIjNu>z%pOvomzS}bt$E(o-P@^jqeb={K83$<><qnq_rNgV!2<K ztk^fd)(FQiAnde+JRXVb=7GLUm5|4ZY$oqTb|PCZtnTYe?M(C9F>GT~NXiW!iVed% zxvg6zX?7ScYy+183%kgbBPAPWgx!2eL9G75`Y){f0;Dd9Ro~0v4ocYJom;OJ3qMOV zLzW+0sltV4eC2yqvjsog|0t77q@JMB7O*H9wo~%`rOJT@fR;uR|J(W=a=!YikT0?0 zys^~24BW_#8xUV&1v!kd=vP4)CB=OF1Q(AxkpME<hxDF{_o-om8+JItDwq-Ct>HdS z9fpF{*~)>;uyEd2mh&Bs-pg0vsh7gY1HhJVof{3e1K$4(xoY+AgAD*tTJMqodEM8) zx;P9`!_qJaQYIsQ15EKaSS{>2oC^<cfRbiZ^eb%OfwYF#Aj4cA$8nt-lyL3mS~)G$ zAzyh*y~)4}+2s`9UbqB1JGEgb9*a3W1>=ILjKy%cNyC7Y(K=5o(*&C{l?NMO!bz#x z9a|hI^pkZB<vVeW&7R|tm|n?<ST#Usa~V|%<x(KNUp=<*{Ut1(^m(AgPa=<=+i_$7 z;=A=hKNPC|qy1_t1lq(t#IEXZWsOF*wSN_f?Adzfi91j1f#V@L>aoIu+!1cTZ`}%k z-@_Fk@Egj2hQfueGC%bpXt>bh=@rlUf|@QkxrP>xD3v#x3t3!HZ&`d@3ttk_=V4C< zHfxMcf*BAeOGGI@(7*zv^Df3JrS;vEQ}h{Vc6^*)CC6_zo6@Kv5o1k7Zc%gUq}O|Z zf=!XU%G;D_!KRSOs!fr64QSauWcN8|&j{a2-Iv;@+&4bHPl-1TL$T;j!lKhTU(*<D zs491sxl#|8<l5WABS;e@-^US9-3(%MBPbi+P!%>d@_h3|$N7%xN2lu+>=pXuMvGnR z*e%TomJ7M-)@)vDRp1$WZ;1}+(x@+O?iw4c0QvjiG$H<7B!%o1b0XR=j1oHGRykdC z&`*<=L9e-5XPG<oC!8$>l4ibBro4quFE$}KuQ1$JuM6XEz=Y5hG*iXTuio;Bva4F` z<u^)i&s1jw-HkPYJ&*6gYHw6zdA@*vt*X_@QN(!T8h#$EI)V&~nY7yFoWUNMHn=1% z&kQ!6qmi5|FzBMKgS42;!Q(=#=3mqgeQA1e-Uq~_Ls~m%xuJ1XJut+9;pb7DBr5Nb z8vj6B>j0}EEAL69C=FbG5T2C#Ly6??afL0;`r=j!|01c>7?sz5rZF%C$r#kQU*D{h zz+DZbT*J&Bwpg&I7>%4HC>2<j=f*YiCtzJGk<W_pqs^|3MI!3Z3^tIX?do==n!r0c z)Ls9Vwl9H>qq-8U_o}O^Yw7B)UaESp-gouht=8VMY)Rf_$s5M9@q&S|!IEtZ#4Jt- zpa1zl3}FdBi#;J`m;{I|86&V0NHEO*KXJkY4p~@|`I(tOh_n4+a{hqZ|GnyNslC9E z$r<UWt6sIb`qtgvz4zUB?+i><4OP<Azp${-l;w@XoipcNnMTJHI#xw|(rF@<@Iqw? zyQJ9_Ael@yYREX}3dc07$keN}x~fKe%S(K?uZ|y@X;znMmR7;1bFM%Ordm#^S84rk zDU-h^m+K9hbPqvzm(CdK&E<R0=r=5d*diRuyLs{`gpZL1XC@p@yLfVngkOhRU^(OB z$V0r(JBLZ=W!ba;XAZ9(KhNPEJ{(4?AYim&BpbQ2JNU*(#~QKB_z?HtNO*?0qmJd1 zL;&7J*ohEKRN1s0{Spc<%)m`mt>ptL^BE!-<hdF6bX6p(e0*V$mplulxlmdQcVV>J zO>g0Cn;L$brGQ<R{v4Jkxe<6F8~ALuv{b5TsZ(=@9=JQRZSAU2clfYQ^b`}Rq8+e* z`bQQxJ94R#SELSpg%q4^(NswR{M$vudKAeTIM7pjku$I)CCU<b27Jlv5NVP&aJAP# zLN6d2R&-cv+c9qB+JodVZIxh49XH1T%Zh~4H3R1z3pqKbeFpBX8mppHUFhH}3%SL* z<;3D<uy&5QG#SHfMDT+Pm;7J!<bJZQLE0^mNEAehEmdu_tY<3&Z{NX=ERALDkh#HN zqiUxO_Kr+4?-rRKkuT7eRC}_+rLUcG$c)J@fh6q^$zm{U)02WjIr|N`$tmgea@avY zq6|;MD=9D0hP<=hDaO`01D-lY;C!DM@MP6u^!Z%2yE7Ti^>A#m{XuRIxtr)~6mP{L zY@{VmH<y|lt6d*a>SfL=ZmskJuZ$$yg8s{T(#tyivE_T0mpFUE7wc(LIkRjU*j^pJ zs$czfDUeeQv4Ah<fWHt8f-w?^Dadop4Yt`_Hr2+NZBjO&IJ~l>G+Mb^FFDK}uiK5D zZXJ5M6SP1?h<2hl#i`j7;0O+<f@iA|VNp3T^;BTeajm$!aD>{^aGUDuC}*0_G`nr^ zLZx1(3eyM<+v>4Dc*0*@-{mc4Q*tPaySQ+2#O(>o`oyY2|GEyx_gE$Db{9h4lGhcs z^W^)(yGK*J9JH5^3e)opX`(rrB+*OlS3!Svbo-#UoOJk-4~IgIL=kaf1%3-UDL0WN zN>g?sJOhqbMb7q>AL0teUo%dUhmodx0k3YRVt>o*(N;Ilt6i+sWu7HQOSp)xQ$%|x z=p-q9U~R`e_qUBq3|JD;u*}y>yy*?ToTt*;-5o4P1eVnSvSfBhyv_ZEdq?&zji8Ch z$V-Y@blZ)z)4X(KWU=BmC_cQ3-HB-NMVd!4R3h?ItfPc!K@e@=Sk)w{*E(1-_Jll{ ze^O}Sv6kKYjV*tlZ2vuCtS<&KcGb$XZR(ys-r@9DujorJ3FG3wo`}qT*IQOyF+0yH zQMaoSgukp~zucD1t=Q3xXp;2%fsLt?f~hSEMVyJU%iErC1(MBYxeG~6m`D@-N7Kkc zJ95k=Nv_BYc%rHhE>UE4_Z*455P^}1J^p#$B>RYc&s@=CO>mknW21)f?5=g$b{>i5 z_N>FZT&~*V#$Y8L?=Sd~;^JJ9@?hJcgNc#dixzF4?>k8rimsSbgyf%8uP5a-vI3_B zLmm;)?Y>8buOCUqhBkF5l^(O2a3WrE!<WFzw38?knPX-%A<8r0XjMu?0{X9JuL~TO z4<~lIcZ)kUSK~}Qh3{<s)Z7Mu*^q&Jsr=LOT&5U!8Bz>I`^}PKq%RkZqG6ns!yZpq zVdsfx*zYK=Xm{kD91W=#tPTUk>CGM`<4wf<wW}B&M-zAkJmQZhyy@~-#lz@1$%QMK z+rb~<^^}w7CYBJF6F2tr#0v1=i5Ou92Z$uG0DO+f5k25Qm1B}QhRG$#@KW4Zop7zh z+RYc%J>0P~w&FqC@O{QKLza&SF9=W&eAWBPlWPw6_RdlaP4s8pKGV_HsG?jqx=mXA zP%A?A@8&X<FG^)Xf6T?HOf=mX!Rtl7n`eX7^%W%{>N$_|&eHOdGq&vdWlOd%@U=x< zp0L;94bNNO?kUJ8dGXy;%;vRnsi;l0a%v>F*(nwCfrOLO{qLYExQyxHyhE?oOT1Bn z6tu^?L-E0q#}+C1!vjts=MMBJ)}C}`VbMj?>KB4BgUw?MMg*IywpEsa&gM2b6wa*R z*>D|v2_8aPHA`fU#>`lZ-2{(V$4I!Pm?9ocP6n=3c2m3SdCYVA^t|$ik&jQNfrpT+ zdfbRZVo7I7MYEO19g(>?b(-lKEy(bfv)qxXltY2q-!{jsiZl=i^{&D>4a9Q9@kykE za3+oKB(h?Dhd?L5k!LvdcMj8p2J+h%m0+C(uDvxE!OPm}ER0k-I@(x6y1&|%>FaNs zg9=*p9I{XtPXAmf9xD{%xN66_pMpPvB7!1-v`6GwA_#sv6&DD^m{m?m{Vw8}us%*{ zyr+S3ss$FE_T8F>`v|CFa$&SfDY;mh<XM^(Ehe`IBh4L_Ss`8308GKx3oE+<G{+j< za?C^O$Y25nFNU;E>H83+i$oWatsM9UuHua7EhC_xLpB2k-oeHo&N7&AUn@0f-XM9s znsdt}N?wBA?Q_`%j765=eJpZ~R5amGe|;g*@1l4)<nhGpoM5^2YX-K7XF(4fwST$< z<qJR13VWb;IFI|G+J{c1{!GA)o~fRtgcLVtx>kc5WG+c`;Jy%!Ir`3hR|8u*3C#+F zMD=Jnh!st`TdIr4Aoyn0%85t&Cw)gdCcDe={6u`W(t@u>>EFzmdRoB82+D<HO!oRp zwA@_J*Ga4mlU!k=F-Kl)GHN*P%+E?vFp~{rH<gB0+a0+~-qF1xXZvVrx^N6_BKoOh z)A@uwpzxud(T)bU97NBbBHE6Iq&dAH5^nKGbTXv)CYq0I)^urOasFc-cJAS@PB@6G z_`4%@o!~`Nh`atInP7HHxqB?Hoc9Fn2;#>tf>?tU5*=s;KZ#(qpgBBnlCXl~cvT%) zQ!M8=Xq*f_TDJ#3svI+O-f}oHqEjnxS~hmWvQT_<-`MiK%cB32cc+7D#%ttV>0nns z`TpSU(R6Id#KOT{D^jr~JC_8zQVu2A9f@=$lqFa<tpo4F69^(~tF}+6Sq>x6rrD}i z!p3DYs*b|us%ye@eXF^uT-sbckBw(>c(J+Kx3R~Oh#=pf!54aqs$_$itv%JtD^AT^ zb(I6&62de#R~PPHkzysM^n1Ldgj2EMuNWi-2(#&IX2p&nY^?_34~4>YYZc4d+nRR~ znGQG!Bi3<(llx9|GGMfMCv3Zk2J?f=*;D3@^TU)E^Fh5W3V0h*9K&!1$zZTMy;3Vj z%h7PaEPAXA33Sgp{pd*P^k!AAed~Ni=t3W0b&THZLr``jUZ4<^eZ+!ii4Ji8)4r51 zB{*il*N+iG;@+IrL0)zY=gJ2h9aMOdJ0QsiD9yOmO1NPg`x2FuTUH3m$Pdz;zu?la zxxG3_#TH!A5$MgS0)kdgv))8|Fqn#VFX)Pes+X13O3H&!OzSDy6)Sim{zT7kPn_JB z8Ol0%(I|Ml7Q09pCDHCyoHixiUrx<yQ}n!ncdHh~pc71j+iG{(<XFFE^PL1QQwNDW zk(wrgY7|q%WHIvU&gfwWf7r4!`E{nw`KPsgG^fs<daK24C|zLMwU~c({{deEFY68V zK*Vy@6;;t7ihWp6vHqD9(Qud3?@%d<L2A?E2^d(0+O*|EY}xHWjHJW4kbAJ*_ls~y zpo|WUhfcynloidDZAaN)-D&V(ts(_kGCrY9_@-uEhS`F8mv9(b!g2C>(KvW0khS~F z`t-K;?$Nx$Dw>vO;|WK*7xBO5Ff=`cj%+s6JJtb~VXi09OYKMPl~4ezX^yr1P4H!S zH-b1y<fhDibp}iwv-tIXG$TBPEK$GT;G8h*CMN275XS~u!f$xvWotAk5;;GD1mg%C zPDdZYeJE4OlGi{UVklmTdc9GFBX{U@SCO0?rmT=*O?J7K!WDQa&cuV)WV;E;D@hA% z?LnUpY-a_U#Bm?^GWh|5c7Ry*jL)BwGZ||eb_968)!b#(Gd(@lK5Q*ZjI}(G>9LZo z*o13$^8xBj24)K|Um|vP;S)ta`r%qm$wxezgg!{}&P*hlbqR1KfJ<=4foLq_637FL zj#Hu@HEL(!I0Ty@YelnM(8|KAAzTZ2rGW$4-hu<wV5t4W97Ysn4kLn4$B5?e-Pasx z_<0HbSA?GoF?Ny&fOl|249^pD5i#)YF`3Ws+zj|Nn(Kmmd?LtGo(XAouG28|(j1vv z;$NT{<%%-RC|5MnK#J0^jTi=ghK6!mB$%{waMk6c;D~#oX&KUw+(QFfDiTcCIdXIq z6J8A`ZGieLe2+&iC~p1w&2Q4k79{ls9*F<O85td<S>`JTX_i74MgCv$ItBQ@@E-Jp zexe&&M1P#t>p2Cnz%jqf%GMe1OjY1y_k@i#PO!Vky+lh;tNBEl+G|9u+FQbObM>Ub zJ#@7@5SJmf=v9uiB*THIU7#o77Rbu6Kp<`fG?XNR4iV-F2o;ZshOAktodRG02QVq4 zOUAP#LB62n!t;bcSaFv5^T%kG#3h5?KHV_jTC8DkPcv7#wp;i8M%r)f8~8rD2-rtG zK6jtL*Y30RBkr@WYh<Ledt{`eb_dlqR4Fe&f3;)iKL32~50Id)#+@Ar6?qhJhVT(K zc<*tZ3cHq?@RsYhe$X@`ntVT(+kC!N0saASj-={KI5^-G)KUz0ETIhkvR0@-D_l_a z8^Ghu{4nxvgVjJY28-c?<?%|uXbe>1iH@Mr7}UI-AD(*`{6u%11{?Nv;8!)+zIvQD zB@lGi5C}BWsS7O}a!yZP0NuAaCGPVl6xPYQOUY!x!wTL)G*aIoABh&c0@%hH@NxvQ z&0iBO2sFVWepn3G_s)kSMSR3|K^OQOtiW-?NJvuz!#@lBgpR;{B^q`5{dLT1%~C2z zg0FDMvI86vB!L2d>P%-kDrwvu<=i=<3##Z&XCOoFLi54_0-Spv{79#R2j}kX`^bCi zbT-F_%bYfwlbjOFNEKAtGnw{EhI2&Gz0bW5D>@xXL7Ln{;7q&iwS&-29Uy{4;CaFc z{tbPh3H(2TCP=tv+NSb%5PcbB$h>~$bxj(OacEX#Yop|Pn$&hQ)g>A#D_5@>rRBDm zJLWQy<&l!pRbF0#f<5jFrR^lO_Ql$!pS@Ar^0G-W>G7m^^{YRAV{+n+AHQ}DrDsS+ zlo33e5IklCkDmx(4&FUwwoxY#SVlqxA57bvTpb|Xuln@{g&QsAitS}{sR(B^jckTy zXK8tvG`eE$c$-X*ty#T_A{}jEHRj~Wt9L-><QqSJ^=dpt>k&w&z`-|u1`fVxkVOQH zp88R348e2lIWzbd-S-fF{Ld36C?m``p@OhP!tGNCKSZXEp4VE?)6jnBVF&znVE$k~ z(roF7JLWXPw*HjWmPBr=V2^pjZFZgRp)c2-div?wk%J}~X*7nV*FJS*dj0z8BTueH z78J=Ctau*Yg5deJ22T)oSeB=3M&bnAPM8S_+NO+7P6Ox@pvOysUt5#&+DL;FL6ny1 zdGqHF(3HI`?2X!an3{)l?jO*%KeZO=RvlxMO<w^ko_-pPei_N9X1c9?^2jve*6p<q z5eJ<?9Ca%(j>enN*sP6jBgT=$-b8MNKcjAFY7-lzk%IC=`gojjMTSg6NSmC_Yam}r zVCVeoNZsg%FS53P(}gBQyWmRsd?^=K+re6cPFKLD2MWL!`*Y;I%>`EQd~?yY)_?vr zo2^mTvQw8u{H7jN_!;=*G$9H64A?*IzMR^CU^{zS>&Vl(*N36$dd#am+;C1|XQQo_ z_=@b27(5998JT(!HJWxXeq4`^WQ_vJ?B;1H8F2;`6LVBYlYrFoxTD2D?Hu_fT@SI2 zxcXV50N<(_Mpnf}=EX)vV)IDc3+4SOLS#>X8<B4}1a3IqV?n?6$_%)EYVoS{46r^O z2vCdH+h@SuqtvE)OBCdDn=a^zQeRg`)7wYw|IvEE%r0~^ugsOTryEP?kg<75@=Lw@ zPTVrMdriB@Vk@6#`0U~<`^#gUp77As^S2u<*d~z-J37~O`{d+6x^($ao~L;|h30Tu z&-xpOHyqfU_jIl4=-a+5bzsGP*Y(>x9?|4!^E-TI+U;|@@(Ys5p}b2kM^taf#<=qf z5`pfN!x#23wuq|uWyu;2I#OddF74X3yhDU^cDc5;wfr1G9?(UIUhMs}!_d>Qd`!!p zeRGNsd^4bDy0eoi&w!hzQtJ>}Zz3c@ZlF#pV%=;A)bxJB7kNLesA+BPhjeix+(#Z5 z{_M=o&TGah$hKt#Js;`YI8a$%4LW<aEcE1437f~E2H+@*S<zY>@-FmVb7*_}x3@pG ztIKG!%cYzvV&@d(0F_o$a*GO19YwmMuow*r&ZOE^s=Wuv+!c4Dr+olvqa(Tk@+Pv+ z5^?xs)hKx-9{mz_i#d3CT$%y>N9l0_Cz8H}*twZGcV@OdVUyyQU~NfzmLoK>z0Q^q zU(*yi`@<`WN1~x#6fm3HqiQ5$*T0HW;<mc$ZDicIk2kz>H&024h+Rc0?HGa|ueazw ze5TRGdllmP<B03m5}ThTa`5L>!?Ll+vT9`6vPhK_5w-pmas7fBFfiTKC6_U?FC0r@ zX7~B1h3hqOIG=8_OrQBUelPzA+5PyU&(2&sZ_j025@L6giOVh7*5AIe%M)C1&CrCw zEFdK#36q`cdJwbEPZ!rOEC_n7xHxO-8^2}IhWoY@yq#-0=I>Y>`~0Sdt}0tyUdil< zyR%`J>UQPk$J!PaW?9{pA4>T<F{`VzHKIEFvQdhJTyw0>m6l(LaCpTzO#2Hs9cv84 z>0&45bfg&?oX(v9dyxXMe*#XwSS<wTk7V>C3-36wt9!@lvcyslvpN?axMHAl<Ghf! zx@}?S#)QV`S2h^E7+es!=Fy#<C$BlYt6Ng+qS+B~;y&*VkKI`uL9AYM37#k{%rQC% za~to)9OFjX+O5mXYU?jg`!#KS+qAph@CR$_w?0Z+H^Z{fjT->sCVJ1vP7?(g1OK+s z;fbq}v|aCGwXI%8jx=rNbe4F?5p+oOoh)7~WOzM>V(GbGlY_c$#JAUDzCC;q-~I&i z?FnEex(F6js)F>nu7h2$OX`v^8=I>p#K-TMd|;;!U{>BH&w%V~D=XZ3wyC+tFR8l0 zU(Cvb^Kbgv#?H-)a)@H2N#vqEt2;77d8e~uP46~?R4>E3qis0vGzQ9%>{vC$;@}uW z>b!kyM|EWX+BRo?xUFk_pAWRJyk#sd+8mPE8FMF9o6}|u7FB;KWTCAguPbP#ZQ+uN zTmXy1Yo{#%kIgGfCa=dD7`SqNZnQrmkaV)T65(~@x%UuWBg8!139JLkv%LIR)k=uH zzcu-e_~3-^5IT?uZ)p1Kno4a&dLXZHbsdFGt{$KK1f9Sl7b|eA4;!0c$icx+J-VT^ zeqmOumr<jIaL4je`_iKQx}C1Jc-ZW;I#uYM?U{MAAS({z_~*Bk!MZj7Z9|TeY=WqS z+)lrRHd;*fL|1TVNJs0Oe(+|{i(P$B)XAR)Bml8xdvJ~y(&SZL8pnmOCcotwuY{C1 zZ!yn+Tc?9pVoh$Ux0=mstbXb=E(Y^)YP|hCHC{z-40HBD#=z3}?8RqnF2w)HkN%b3 z>PdPdDLeDH-oR2DT_L;%6mq#DG6#2W;eebD%Rbpi-%a6m)QA~Ae3FwR*jpJx(y#<c z15N(Dwqmfkm5N<Zc{)){X#Ly{Yg9aA3LFW*iNGOrAdznB#8gagMY>7Qs3`sURJ_zY ztdX&yp9Xt&eeLS*D~6JS9=Fow7|z!|)|FdQaw~<=PIopDH9KuCFN`*uq}BG=OQBT< zHW$HVEAPCbU@%*FlRe~i1k8+NGh3qFaU>O1olfWQgP$Qn+A$#={P!S?F1wy+T9uR? z=_&WK$kx5T$|@2s@a|D+6?UFaYn5aE5|c8>8#$awCXm10g-yz^E2tRt$4E*CNJe1m zef8cYzeI(Rmbw~islU5OOZ}>@rPgR#YQu4<sh?KWr&*mg&5j}6wE8Hu`V-ldf4O4% zQun@-x6a?Sx`O9eqlwQh+BR!Y{*}RkLj;nreb%5{H<S|@O)=@^-tp__Z~Xk0S%VVn zU2)*rKC9bnG`my&wxG-Ba%Pb|Ihc1da#Zz%t$J5}FcIiVIn=PKw?;g6zhctt$(1)P z?%Fm|5lJdL(y%ArB@a*{;%OXBhr%pRpF%k7odIDy%OZWWbt=6A>7&gWC)d$-$yxT3 z^D&-g8`?;-C;PUK=1j;P#M3Mrowu?7V=PL^=kr^zO$q*H`(u;cCRsKZ9Wm7vQFz6r zIE$l|>|)KVbVXr4hG$!Ece!>3LICm`?;)C&C8Z#JG~L+0Y+&PnjRAcW05iyH-M5Tz zX*CN-B0dA}pZ3~$Y3AJ9Pos+xR$I4J+2Cm0XaYQCngPkFD!sC~AFQszlBZ7<a4W-& z<4Iy1;C;_kdpri>=xbWO34g&SxE;dm#_{@X#>X%F&oyqzMYG1OsK>^wCV3ycij7-j z+u|-3So%O;BfnEW1h_%KuR}OHj<7?l1GyRazb=r<=is{paqgXC_#Z^vJc85CfRV(a zy7~f9t?y_oH+KcK$Zl1t3$Go$FKaozSdOQvh$FSlpvk5%CzCDWj5q1MmONjk5m`21 zq8J+RBe;#^e>yCfkQ>JFH(&ObE0w0<-f8}`40lMg*4_>KhFcAHuy4~t+e#L<*JO3Y zJ=k)0IWq(Cw&6mHQW;A6yOKz$_!w)%i!67OB@#kT>P<`PN=089sax*vBH0p=<^InN z4x!3`DgnOQ<d7<8pFz5&ZUsFDPa)3uMU}_z)H$NFp?F%6zI7_Kf}H`IpRw3ARNGrn zjoXIdJ;0hWLg>Y$ZYZQCl`V-fNVJ0nBnSc{`4@c492LQNg#7bei*`x>XSf#NYu6l} z>^3TjvEf@_H`-nrLHe%f#J<IxwtG*9e2aUq9piy7frqJ|Lq><p81g}Mr2?OWlhi+< zEBeNj0d!?2^%}auHLfg$Rj{AF4qY)ft_-0oH)&Ta_zI%5=Uf&%3>P75z=Ny-@NAXS ztbyOVZ>07$d=||dpgzWD0S~isOj{4T5gC;fq&fBpO0cR9PtdG8)?BHBy`6e!@H#9G zNuaNWItWN)uVGDIITwbLaD-S!tbUeg1AnL*1{a0~E1|)`P=yp7GqAJjCd8h{N>!_4 zxRiaOe^KJEy<V#SCiaLVKS|x(>R`{V4S%eEUA|CC%PscytccQBLg8fT@_mEp#T7rx z=pZjJp0@6A-+(#RlkDLITn0^GtHXoYqQ4`h>J1zuDIwLnA~SDmzi)VPY<|Y+sgCz} zd6SVfSbPrEElOg#O%6K*TJp#?r;#qCLkW{?@<t`QkrV7Tqo=qiHMH3bNpGg7ZY_o3 zPS}T}aSZv<;GU-M0e(~EkRyHg05Vu%07>R_x-g87RmrLhW3hO??FROn7W)%T9O216 znVkF&d)2mbUJIx1%&y(HI5f~6HPAYU7ttAeyeknbg)LI35)F5|twxIjJcz^BMzQuw zOUgFys=-LHdgX$!-e3|0$!W2=Bw8>U1XtYc2-|tatbk1}S#MG0Wb`x8)v;FdW^3O7 z`{7UPD*z^NFOG17`*4ICOyd=R&k}v7T2=tGJitqbxNk0%$^{BYAs^1yBZGy2$rQ*3 zAZPI@?vO<XkM4T^j{oxh9sy0IIC-*f|Nh$t25$fKZT%#LE@=BAh7dG2Y0!jlp{IMb z_%=9(<J;igX`_>?gM$Oy%_>H70dCA;tpV<vOo2iW@>W&$1tnb({pfV&pxf@VumHVd zdU4?P{rmf{M?>*OVb8zZdB^*^@ZJ+hQDpyZpS~Tz6F&EE;8FN_oLh%w_qnQ|Nc(w! zjrrTCPdAMD@sG6TXT|qXy%JNsaU{NGS<nHR*B{aGW}m|wvQSnA%}aQV7W|;X=y;by zvYUBo3q*z(q-dSCTjY0e7=D3RLF~oS`}?Y4cxh<3Gc-IL>Ldjuy|HSZ5K5&uku_zZ zHT&=Y5eIVoe${BS5~@js9luw>5f!K^HE`SW)*o7-^$XNzkWD|1MS61AhH))#cf&aT z(=vH4E#110nS|%W`+_ML$@g%2Y|mhPs1h^ld5(3(I}>WkWe@}H@jm2+YMb=uS9=qA zPciA$Q!EaQ(|n?LB;7OKr%HiBAki1MzK~y5a<igj4yit?!DJ9DPNUgl<tWi%vDgi| zc+eF#N=8bwTZ}eQ&)Lj^oUF#&`IuL)b3_XWk2!?L0eB}-!CEkfq&$=gr3BXuc(2M6 z!Yf5keBg)|cr`K44dY|gqBw_<BFr3$-}1ctLmA2sH4xX7^YMQ_P#if=&gF)f*VEDm z5+i#Sr-llupocU=vyNyb;Ys<VuKswh%WAYL;IjtNAlBYDr%m0P=7(M>jCJ|+yeN28 zvt6VGk>_kaIT~Y(Hjt9d-e}Bs4MgtxVmzmX;iti)loQQGHiCe6qANkT7Y<V@x}r3$ z<j|D?3en_!V{~QBx^A3~ZQHhOcWm1>I<{?fl8&v8ZQHi(+~nJPk8{qrcieIR-!aFk zdaCNJS5K|=W3HOBBo4b&e<0OFsTKd#YKqkRL6iqii9o_A%rz|rjW8O<(kHq@X+UNV zY>##Aao-wO=32g{&~klnkzt7B`P0)&)e6RX9*zzn8Gin`^|{DuT4T-rHoHRV04?G+ z#cJL07IvWBrG35KY;nWb^U(Wbp<DCT*IE0S^RN|W1Lk0Q{>EZyS?bXttUh(a^VAtj z<*{hCy^KxE^;Czn*4hzY&`8!)Rw`;eH)?zn?-S^XY|M9ptlAM3Ix#%RtKPnzIa+de z$t$Nt&uja-=Mm%i&Hl;%m8~<zi$;^$1h0$EmvRrX1)jI8;c$8~AxNtdK<xTdovZ`E zHs^h_PR=;u+3Uw%ct7?N*PDqokIy^O$0hg`#xuOfaK6IV(d>d3hh_k{qGV;)>koNo zR~24GPA=$KJgMWTc~#ePEMQq}0ela$292qrWTBR4SFcyVCphA##SmlWY(1)5u77-m zcZ*F26IR?rv8w#(;tB7?n0+d*KOO}{Uf+ff)X=6rK7$U>d4EUgrsH(xMd>a)<hk^q zZ8M(4^Z_tjy4~19_UPAPNYSJxK&e@X6c{(_(WWMi81l$cG6GvFjx7GcaI3@}JSqWa zh#wBF(zi~V)EG-qXRtYkFCY;=*{a>!Df961J~t2O?u&2h0t*i~p14@+nTK-xL!wDp zd0~K@7SGug>cO&(aV3h(+GIAKkNvE5=@ugiMH<br>{S`MYSGmA3_NUCXsGNvSPI*u z!|Yg(&k=j8SDPxlOaKz!E$<%bCsU3@K>T%DHX>_iJ~o0|HZ(`U_K<{-5(<b051?gW zQ0{dvYPAoWEAqsifLxJ$b<RXV$fAy2di0uGiP@ZPj<7waFOz8)weU6`Ii&_<A2Lr` z#r%r+0;Yl^Li$Tqw5mb3_{y+i6%VVV21rn24LhgLrFOZ1+>MGPLsx<S5dWSCmW9;h zjyDVptN>=eSYH^)ENdN^15lfQT_8>yhc&C?2gcQHY1o!k_TfVaT%bPtSaS{%!!h9` z1I*0)W4hCvvQ3fBimuczenp$=KL)4Eo{`jIaR)Ff@H8~zNKfkygwE$zaOc1L-uquK zDVpx1J{s3js9lf^Zj)W8&r`*CH=8zg?K#`8ss~%1(`Ql%t)K8w+)L#>>(riPvF&vN z>cRk~z2{0N{MgD=25joFAO<`fIv@SeJlZ)&C2)HyvgfkE*=9tY!P)py8tpeS<u@q; zij>;|Fl5um8>koxw-6Hg4N9}z2d#?KfL~#&)5Z&%#&tt}j@Liq%C90<3FF;co?1Ao z3&FnZn5R$$w4JlXfI<+Or32b3k7L|}<fS5)koOA@Hc5Pti9na`7l(nBnA*CJ>r~lk z+Nwl#u}nUYMc^ZtFP|((XIWh|nM|w>25Q+(TN#bD5yYQDB&j~WRCSJ|z}qrtP>Xhv zQ|b(LT8%Ey*;F~5zl|IiC+HL;Eh?PW@fw|K$Ou+@xEpU4-@Uwg|0&!&E%g?wl>i%1 z?>PAdqxu$ulcf{JGQulZ5LzVl131qMD{501l{!S&uWxd8G5u+7s0B1h?Kcr-nUcX3 z+h<NY-7m|Rk%!LC@=hxd5q$hnIRSp-XF$r(X8b^rWso@oHbF#u7GiTm5Nc(~lw$+a z6?02#uB;W8)^^_2731<1mwdH)nhGYDdTHmPJ7>??6Xd_r))7~Hj~knGAi{%bpJT6W zBpiqr9v9Eqx9x`;vG^|(ig)pR!P04ngl0YJKgNUBf2W5v!@CSb{s1+h_)r_W)<$4T z^!P){k?tm4N`N~$p_4AdTP^)@z_4L_N95lVzxRlna8(6CKJY~G(MZ-P%F4vx>NCS@ z?BKG1{d`df3S~m#s5&?v6(PU=DW&{$*GFzUBHb-}zWnv*`@Kil$Jt`xN6#3DjBvhw zVem3S68s;D)G$5*5+m6qQznE?CY=^E?EC;8)*p06PS;iB$S2LJMQ4DYC1JjAd>PoU z#>s(K{F>X1cmlizGHg>!jw;Sd6LJ%yGP0509L4Sv{=dNs5@vd5n4r*xJJeQwCf{H% zSj&06C5A2?q&M&Vn9oTLa}fXwY3GA;OGD=r`Z`y6`}W7Ud)o8tEfb^AwQM?KTx!c; z@n?mPJl*_h?~`i2J#9h(efsDS7f^BF=QS&r&=b~{!Huk}WKU-`OSe-z1YsUNPOqI7 z0xuZ@t$n(r26kE!YC!iG^Bb>?P04V3zR_^zKIXG7p~<yET7&~6Nlx7r5LBmiI}x4Z z-XzFs$C6nXai5QS5Q|6haYu<=7`2H>>W%x&<J4*D?|5`|m~f%std$|v-=lG0GAXEp zf1D897fC(Wz`u@BBbJyMC+Ix&^Tov=2vZ1&w3<7<OV7>;lu<stm>-kQM7mfwN`<AR z440x8U&6FD`e{|(8m4SEXUZnL>l~2^B2ik7OCu)1l_KM-uJI%&=<oGlS$!i|O@Q4o z`unzD8u<wda#%v*m#NNA|0naK>#9YxSXIWpjBNyj__=z?)tx>P?qa<pizJ7aGxuwf z{rQwbiy~=-Lkz0go87tuL-huY-;1Osv{~yr8Vx%Rb;KUm#!~F(iS(eBsR$@lIi++% z<C+#*21HPfinqObQe&YJvn4%6W|j06R%xV)nhdo`()mWo<v-MbtA2DR(OtE9(Sjwj zLsUa;Ay#c2u63D`RH^BvW~Lxk7%5YtU?rs@=&C5XNKo6RqQ;NS9Sd&n-@C?P#BrP^ zk0)L|AH)-@6eNu9A`%u`I;9(vM1(UVC`c=7NDB(CNg<k_^|0tU^Kjx%OOBJHitts< zindW|hv&zMrbipi7$^R)-BpF!O{I_fp%LY>=Yq3#Rdp<@WO*q+nVQB}p<M88Y2_v? zZN*+U$Zl<)_^TbnrT*lMALL;k@-EV-buKtLuZ0VZtc_a6*Z#%H{pD=4tCd4ffZYoY z)R!iB90YdsL+lT~HF62P_XVV-j-ZZ4o4<02y0Ozw6D<XE_jm3novIP-4*$uBaq09* zr9a99aVbe`D^wAuReE0s-W|xPo(k=cm@~{8IC*HxiZ1w@&ldEc-qh7@&mdu1hN>K! zmTNTB`-Dq3V8&Je8O;`2il7!kQHz74%4>nlZ%+Dy#DUJnhgXcoqY`5!QkNO1_m0&s z?S$vg&(0DR2ag$q*L!FW*$J=IKU<<Yj!o8`-k6fl+o_54%SI@fD|0-nLoNS7kd}5( zva*^3MwC!8p@;^@)TWIQg^2YPdLRs|2RJSa`|&BWd-d$(?R6giPR}CzTcU03V8Zvj z*UtM4+W2WL(5^3%m*Ue^y@U|U9O17bmDpZywp;QL#<97#*;~xuU0$Ath>O+F>9vxh z<)_cj^@2453KOR7iT;bgz6?MPF-{^c(Hf&sb-E09;7sGr!k%*Os?1DjVm4{gnH>m+ z^ZszFWszYjwLKTg@IBx3H6LDu(!@#t_b^B<Yea@RywH3N={{D0HsOcThf*efYQUS0 z0d#!VEHPRAX&sWGMZ^42)V&vp{q<OnPVCuYY2+p2!vwVA#Hiu9qd$Cs?Pw1h%xp<l z{R!f_eF1TvFyjit(-_ks6G_K%SyT*B3{f?zea3xsF}@j)j}aIsY9`5~N>BTIA`<n8 z%ihsm@lV6$=Mwr7DSps;649`+yA(zCHy3-1t5SPZl#Z~G!)uFw3Uwq&WD-!_qu-dl zB?jIi{T+=0FEf>Rhu26YRemmLCrC9CdwM_QxgXzNWIoQn;XutnQKE9ke?2vwTF0fD z<0*0RvGxwti?-2twcFP3?n)=A<usX3_i;+1o0Ef+nEQsb*J^(=@!8~+#n<LGu(NzP zG#}v_Q5&dU>n}bY?~E2({2}4sFg*O*m9E`0jg&t<g$1pIzZJN!Dc7|H$;eC^Qq^zH z@6AU#oRD9K!lOSG3tucsEP{{bqkb<9U>S4=*xk?{n}S2fp^X{UNbESemIG<;q;?&@ z*SMFev1+Mf1|FY@|G>`(eBU=B5$m%^DY1&w;cL50p>ixM;iCVV+An{^#9R;(a)D<) zI#s{3!Jiml4p>8uN~J|F`{AXVpkE^plJfr%`Y&ksvjTYehr^wLu`>Bk13vKX9v3x> z{{KmK|1!2O7i9ml68}v+VXW`d9-dZGP$DAn%@&5BFnAQPZzLMRm_jmzhb+-}2>%pm z#DV-%f}AS%O*OAv7;BF}Fipg9j}L8xvX7z((zwCsuP+UZM!{Qy{6aoQxeEEIAo3Yd z9=5+q7kcngI65n#E;*AphB|Q~iMWZIAi0!6;kHd4wU9=ykf1v3esNGO(8%AwT0|Pg zJ4j>HATeY}V-!f1$REZmis!mg0SBT%Ka6Q0V>HMUoh8kce#^rO)agYcGccl{vnl%o z$QSt(8K0PH{6AC+LFmoOf@v?$6n%NreFf5qP`@FKgiQ8CW%qtnk?sXG3X-?PMQ~^2 z_JfgtONL|v8G&!h!_>1BpdQ`ErlWLd>feF6HFk;PPzL=Zs#jCsiYx)LR+&-=;gkpy z+Rtr4x@(L>IhVH}O}4w*4`j%qSJeu*T^%d1A}4va<RDKfw*`WsMIY^MB~=4Ir7yVe zSwfMw{H3zC3ijas=5~_1E=s>NX(@+v4IGjz)Q;d`R~F``&n;RyNP)jUL}@)`N$MtY z+1RVaW^Nv!fV#s1yP_$s2}%i^QSEAFlpXNojF4taLR4OYve2i~7;7q9Esi}J=K>e@ z2gVAafGrsK(X$&8YwXSs4H5zqOTgfEm%dw-YAhG^CpT#=7+K#67-o$MQe<x{XWjxV z30+tK_!W!bvaFQ@lCEAGtD6lfw@8Br1Zitg06rs<6pj%JT$mz8m?ToY9&aN8oJXim z89WqLx3Kp%LHU)RN<x<^Hbcr3ZRHH4$5|gAZMP(NeSN(0A6dBTxl~X$5wvc>$KWGP zi@#abU`%-;dbEwDC<Ezw-gJLB#LGo=6mzDP&9HHRXvwavi7+@!?C}ZD8ekb?@^#?u zooZcy3(}<P8xUc#`rxd4XkqS}hIm7|j3RRe`el~z9p)qrqS8)p3i4Q4p$xg@SINyD zfgmySU_Qvxeu!Pcn&E^<jd7b)_X#hsL7f)M#pm5jbceYXBb}hui|R!Uy@2KtK-CUB zU7LSgADVWiEa?-R^|4kw4jNlEWoK|@fL8u}D`3c=fWoHVkbJuP`YUI?oBEB96e=Zv z#3WJBWy2~jM~Ea4Mb;n<4dk$zI}y-;prfBjb5dWfwW|f1+!Ya)1qpR~$w{yb!m5}T zwc%%$ive(BZkU>sBi=j<h8R!aA+3Lwhd^dXfri{d?s9R0Te`=<X-p%##u$nTLC$Vg zj-;30U<-%}$bk*ob(zo*hEjxbNk$;IHHrFwDE!Y;%rG2-L^9E_FM8kXb7p7u24g)G z()_ZKQFj!p><FjdB^G7wtC$b~$IH+A<V<RFNN?5u`pt>Dq-UK`wBAnM^JELjWgw&T zd142UEy`LyiFso+^BsjvLYOwD2v2ZdoMndUofT%9E#?Ej>JcMDwF`u{%$#>dsSUZG z;k)-a=@ce<7TK5QKX*}ZD=O8mi9SG$%b_|nE(fj&-fzXZ#J^8YDx~-02pSF4M{xC_ z+Rd5~JWr55VVFAO45z372DqKVw{vID{~=~1{n?0rJ@IubMrI9y0_ny-Y46y@VYE8# zXtyLi7sj&$Lp0PI!+(N`Y;R(@=K^OG)sPKjI=%DIsdZ@9FCs0sKx?kM|7F<=rGA<{ ztUQkm^{-ucWX-D}S?18lZH@!G!~93qE<|&|l$#=|T2O=8fXfeiIg-@%o@1g7sw3?` z>Y;T*h9gudc5wMr?8Dk?!gk@(40$z*J_fw6Xnj4G1W4V{?<PnN?IKHMCfgt9_>ExM zX{-)HkMK5-tl4~x@|8Hg6GHW-;7>z{SEU4Yd|LIq%ny=c*gWnoQdzO<!kcoL)?`)4 zR!DXcE>Y{<11{rB62t@aC}CAgS5!<jHZXdj5pAS(NF5CznbmVAq6QJl?0;6?YM{qR zn1e9{`*@5}mfl%IUp=@}XgA7!k#UP)xXnZ!-ldYQgyCs^cC&{U3t+kTOYj)NRCftx zU#A=Tv_Oic0#CqRg5EHUzoGi`b6?*K7~6Ybt@4i~theIqMZ(LabuC)$a4@LLV(^U$ zIe<nf7x;PJFfBS|hqk^S@dW;c&Cj~XchrUXEP#feZ2D<L+^$@LZeh7yUrs<{JT)MI zTJbBJMV`ukfzV7M7@<MXmoaQk!vQv_r+I!avVhZKs|E4oo_G+2D0<G`nk2FcMBA+r zL0fQv-oH_Uu{QXq(r>}x$p(2~8zX3{7W1T8ORyGSy9&`{dJ*2ZCrzBDBEV%L#;#4- z*hpl$7P4gC@8f4)6M$0+g7=b7n-2qp>dQGbDm4v0Z%=y7gkW_^=A7NB#gh)quEp>R zC<s$SW4s=DuupiuICU3QF_hXd`&kZ)AY3#;V->a$v@+ne07Z?-m~YTkJ0|tui&Sn? zbSAtqeO)Mi1<3{zByX?TsDw2%N|X|TKtOxAw>-!`<P+ufYh^IEqNW8<ebnQ+#ta{8 z_zo3(HdNSQsd$uVLG0X#c)6WzDf}p=zu``)B?MBGkrJSQ)~TsDgFan@juDx50c96r zD{i!PE)8K>3)C4xsmPfwjqr<Br(P8re2(5<i+8FVIi|Dm;$~`Irj)Ykv~}5-y5Uh2 z&UM=2)x8D|oMWwD>l5=!>6&f0l>;X=t!!#E$E`mt3szSqlv~Q9TV+#{sMwr2SKBhz zm#vr_O^VBAqfG78m~zHRwrx57XhjWQSZqtmz}C&S;cBR|Yhr7eXY>aw{;{laXZOs_ zCN0j;w6UyT9V6u;EB|4bSxtUu-`Fy)0-LdF<Dl8X8q$Aq&_<(DnO`1F)s$8N8{>>{ zSfjyVX<0CDP@}=lWxY?W60>aWsPAS36ESaDyUcSOMEbX4+Pc>=wONIXJkVJh7S7Cm zHNBZsv21)}xM8)8CbPI=+Oo;PhOFGukvTwte$LW5C=C{hz3aTXmFHM1Eyc1nz0KOD zEW}Y0FlZdgGL`2~X7N0T4@-uY{D7jy>X}XkloIEPMuiRfag9e95Zs{y7Xjvy#*|GH z*J=x@9j&RQbK02B#KBhE(xM)QG+-pG+URm0%Sw8fL2K;d%68Cj<Nbn@tY6yMwuVf! z?8F)v!EYDCM~<#x8zepZRqmw%6-BDWgPu{p0TZ+9CDtChDkK2wu2^YoklduopkYHB zhL&#nGOl&G5^j4Lo0eG{b>PbGO5ND(B%1o-?Fajd$5t6s%d+8iTtfo=`?@-ewu_!| z6SC$m{kpHmTUN&?NGGjAiB)%8INND-szwu1;`Hs)d5$Y~#+*`Px6hq8GS*2|rA&kW zAT$Su^oV<AEbo~+aCRNjTUas3WsDj(0lM4ia;jch0arOYSo0Inky6_XOwbFtwJ#`5 z7~D4d^)Z*wHo<s|)AvDc%D_vO{hdF!_ir7L^_MIpZiZ^!b&3cgZ4*3cS^5Q)%v#5W zqUZoTCe!cO2Z}FxPQ&Ub<!5|eT{5oU*aY}FSnkT{M?=xL>|_Z74Gx1=n|wjM#nrd5 z>%2Oan79KJ7?EEo(g#ezss{Q1DobY5=1D!_60&Yy8~K<W)(W`<YKQODJaynKKw7QF zAkAIWZ{ZsCNWMq9MTZj&Y(V7syMMv#b_e@+8E`^IrrV%i0;p=SLli08(uvbkT@ZR8 z@-HYAF^|92?c>G`OVY=(u8v@p#$7{HL2Zm!JyK=@4}dC6?u41tzi<#l6L%3V4cK(| zL8O;hs&md_*Fyge7E7Lu*bo0KE*t2+j*S9o?gmv!1?>ZyRQuUN%0|rFCZfm03T$#_ zc!eU2T;w<*D((h*hKwY!KsZT@3(7jQcg;S|igW;e#w4x@TNQSol!3#Y;Lj2*G&&Et z{Ib5>M+h|>$_$$jP1J(Q20lfjoQu_{bJn=(SL|e6J}M(erS{8;Fp?hS&`}fV!-fRb zz5x(l4r;kNx3vbwRtL@oSq<n16F~D|_-y^Gae?}MThR;*oYagAky|?Y^u~@=JAh~# z%*q-p{eUF0T4t<R7>%m>xK5m&Avf5Krj^m|zCySV=BgeHyAzHq-3B9b-fEz=bQ+<P zyT(=8lo?KwqYNPbx|@3p+K^EI{IgsR6bHa%(@!E*O=Yd7#@vCSq<M#V7G=wk@JJCY z2LYP71jUvHW9Q$>WvA@u3X1aTs*}nnj-W~RYa_KI`AQRR63$UIjmc%D+ar{vqoa{i zDk|z~9jzthwSk(jx0GdDR&)VbKO|2}+1qk+OUKkAl9bUcA*J#(s@uxj$}4%3sA$W| z`Zyy5%mG!k<rP&`np@j)gUfWZ6}6Qu1NS5Nt&P=<?P1Cd%IQ@Wx@$BctTXLll$uv& z{BIm;mAWmeJA#)~)s(e$6;*y}3?`{0p<(3Nw;)hcsp;4hN&%Mi-1ygqD^-@{=I8c_ zn<)QE#$=SPwz2*b$K34!dR0|jSze0ROI}`DUiQm^GPnHCt(>-|ily{Eq{WCujZnB{ zDL;=3*;omoq@K?2IE(Jeg8>nc;H{SvjonllkpX{)Ddh+<a9G(z&`r!A9V}O_PpnT1 zU7Z&dfGp3D9XwZjx95PE?OU24-AzCIZ4p2=2~$(Y18k8ZeKYv)WUngxw=_Y!n;<_{ z+m-$1dM@$tnJxI)@`iB{w-a7MC4OCo43T}%-Ng<g)@y(b&<mk)=@j?wlF;d%xwYfQ zq`2swJx$4T>!^6t>=sLR@9yWJaq&_^4~!OW61`<WF*53a>HgVshiv8m6A{Af^~G_) zC3w<UvOC2$*ZHLt38FoEG(9d&-Wn1nx|+sb56u0}s2HVVx{yaSwtoaX5G>2!;*@O9 zXi*duX2eR*lxCU6e1J-tvfP87#+7Pu;B)ZvfTSqxn!&~d@9u$tjR`#MZy{Cc`A@bw zp%Y`BSQ`TuDK@5%!biqS2{{Hl@lGRINjauXsm=uQ!p+@HusGqEL4vSXa62ndY&hU( zQ@}yoF8d#L*r3>WfYGy&S^5AWxORO&(N5J)1Y6`l*ku5N#(o7Dc5Z-!CSCSaTW$b$ z+_3CA0NAepg92UGtXoe+TkN3h9Z5bEapH1PcYZ`*cErEd-`uckM*y(n{0vcZhrqBw z{eV9!Hb}d+L9u!Kc451&p}MY_x0XQJUjPOXx~>Vf(1EZEBBLMxv9Y&?0I;P11}VGj zIku_+qhY)3fw!80?cNaW-mtcwShn1N|8W*Lx(aac(a%t+RUMJCU6oPDLy{5PZVxEh zpi2Rqy%GSMX4jtF2gi>H(ykC78oNsYnq37L7JRE2)y@hK8xA0v3}BG9YZ{7u<12E2 zXga{bA8J@Y3j;vW&|Njic1nQJqFvhn*jRvrG=5vSUDxzmZm4!=pxEGmgRfU_6kAU! zC&@#<b;49yB@n^b;{gT*yK1oQ%7L(9{CXkSD+zpQ+_7QjcL1<w0SC3ZYJS+217geg z?Q(Y6lWn=7+ns@6R{=)%`t5>zXU_*<z%tc&%&995lKloy3}wp<09zF}Is;%(`)k+g zmK&^H8zlP%2(~W(b`DT<RT?kED0X6?l&ZK1U^J+oA;ULODFCosTV}x6Y(UYT0E32p zhF^A^xnalQ0ND)y#c;ROAlNkk#K^XmAlb74u)zTa6}qkwww{v1ObVs3ktPc1A^Z$^ zw@Lu9QM;zW*loUY#BUD1#SXw8%|D92#SX(Rn)XV<c|amTy_+y*{2-AG9PQCH4b5%? zfUOBQ7~r>S-&KQV_l9cM2FKn3fZaQDS;%?(I72>^RcEJTnp99eqc<dHwK6x?N15wW z)QR_TpQFDYs+@WKyp?kaT_#Mu+OT=(SzJ{Wk%X^uf`nTRS##pOj`z!J(YyXNX5H2= zwnYdS7+A<Hu*4Z)E*^K0U{gLsKSPQ@46;8q&rmNnp#Ig%ZK5kyFc{eZZQ+9O9E=+T zEbh7zu(~85DXNySL%#%&PY*OG-%_t@{}de^a*jDS9v>w&yrcs2xI}Vg$`A9Xmkc@x zMgNXn2@;iJ&X*?|Z%#a4Mhy>li8c=fpR!P#0ILw`&v5{)k30pI@<>S#cNzyh7!c$< zEt-x9s1!2`3q%F&)Wi$;6@W}nHDmtQw$GpJ7GM~l@f5-HKl?_SgN>Ul)q%xI*X8{O z8FibKMyhYlSDOqssoWMFxw(V?TsC27fnBwuZx94@(-RNcXdGxZTBT`)D>33VMc&56 z9v-ZmKg4zLs&s=e20-Y6-Bsg&dvzeazayn}SEoCs5|E$p38i+wS(}s~i~sJUy5Cg? zoWsY_sAz<8b)xVC9*O?Y&#96k!BZY~z#=6YWH)|CGYOH5R_cQNh1;VRhi6eZ^|rKr zi4;UF*8rK^RS<CBl#Nirz#K<X4qbBt7Dwvl#n+F-kAxC?4P&=8ec{4xK7Qn7q#%Kg zLNY4cXlADd+NjqW+scpDgBFQ07u$Yv2vzB1HSJ>7pvfr?+U5zS>PKQ>-itq$G#abH zI>dGrK#B76j{*KC4M4Ywjp%FZqjMQ@WH<@npl)+;1N;SanVRTt9fO-^*vE(T6c9By zxTIi(W3X*|k1JQ0L4ge`H}JlyXm~Se4wG0(*pXiX0hL<0u|Iz$E_vjNrD$}QsQWHW zlJ7?%Dvlp=?Gb7dM!ft@gcKbXybAUP=bUpWOn!Br10YHosRZmH4n23vdbfZmNPceF zoBb7HWM~A$xqY4L@g69<<93~=#3X5rpZDV3hb-{dOodNd&1#TWegyqDKh;kacpU+5 z{6hY6CZl_;{9N6x5|GKe`|gQ}ab=6xpN;_7r&rqhe+N>QvzBH4=FQq%DuP3^Tye8% zTtMle6D7bgN)msaBVjxRid~r1WlTda6b-cph{MRi?ni9g1_2s>-CGD|pU+IhBFQwu z6eYcvCMxSzq(ao75wXKxD<Hj|A#jy$K~kUsBUIa?OVmru+pC7+X6~jo&S-HTKaTeT zi+AyEb{h|Ip=ycYJd|ts1J~CLc2xg^eiM906%uo>0ub=%l*rNv8t*FWc*X|fA{PM* zj26b#JTX!<NI3^TK~8Uif=hhl4Bs2l%?jTe%gia{mlM4lEWaZcz8$keb$<MM;O@n# zf1PWaM)g)tJ=WbeL~2n7Fa8F<Z;oh>8IT{+&T+JB3>YF@vJ%9LL`y{K^6!VHn9MGw zYucWWnjANw4ltikcsYWl%{VD!cxAr?5y{4;rau&Xo4Ip@zfnDxmba|bjx>)VFy-3( z^7y%}8pOGwRS1puZn^~^BKFRX%tE0(o`V@~Sgr_C=?aObVy@(bp2YG8;9wL!V1Nhb ztrmx5!YgIMGw3Btq9XxJMeUR+L^LG3gTa17oBs;z67-QT5X5Xqy+Dn15<}YPuz?vh zn@bFBZ*TufD2Omo(bQ0=Xulb=)bzncw@sHntSery1RhXCO1?e&cHT4t=DXg7-i7=i zd<$@U`}w(bND~e-HZweFB*W~XZiB5`b5&K7YJs0J0~<J(0X@gD08bkz;(E1qnNd9; zGbV>Xv;p^ut6p=!-ODq?FT*702zC0MRlb?uNdag;=qmup)n`R<AKS2-SEO4Kem8Ow zd!Q3x#P>l%qAZNrVr@_8n0<}|W{}+TlIYg>a^B_1`a-hM(Xig4tfVLgsm+mQBm`x_ z4|ic!Bq_<im;#hiunTwsE-_7m?b6YnAp=P?UO)zFskQv+VHn`lX$+j5v`qsl@*HCy zukX?WB_h<zAh2QU=Ou|Xg75(MEBtR%0NdtA(X9b&A++yP4GsHH(#lB2=E;dMlZLc% zX}1CLXxDsgF!PoH>!6#ZhN!UShXbX{5{Yoy->n_ZS;Wg=1PHELp`a#SGQ2aq^~3_I z1j<b6(-oLkWR|hz{Tah(4r;|sxHYigX16f`jd+i^#Pj@GpKP%E_&Hze2_jua^v3kY z<Uiy;{JguO;R*vZVQr4*A1oTE3qZl}&dzznDJqnIeZBe|`5qBNptmF@v6`hX{!Qlf z*XA=pct$XnlBB3eW(|ax>>wj23(2-=H54BfhX5^9i#DFn>Y#Q@p)O>MNQT7cfyf?f zeCKi9hQek@M#|A%q%6YF4H!+wR##&XTCt27(uf$$RirhRi1twDT8=2+2?-qF-<&(% zb}Qt3oGy=Co@~*^k#1MnOb*ALtble-hytub#vIAfk~^fZ%|Rr`_p;|GaPo|shUNqC zXy>i6xFH`8YyWZBG(f}vutO2PiD<3-a0?!G515t(ecz1X->`?AnfFQrS8(7J?wYr( zqpYC^v3cE7{00DzL6vK?p1L_MwJjR(z@f5)(^2OzwH!v!S}!5QcI(Q3i>*S&@cw@1 z0xqED&`WrQy0F~_!=qF^1VV#p)?hd2IQ`5DhAN?+fswh-+7wA2Ahw9egpam}q{3^& z<XeY6Plwrv5$n^`iL*TQZD1)-YefS}m0jy6;`@+X>kmqmeJ5IS+3Qzlje;1yBeY*P zMci?GH_Z%yh0gq{mO{2(nJs>vwR_2(X+zFuW=Pt;$PSW|ta=*Q`W4wg^cq>XB?<Df z2~&n86KxdAPb$+h7Lked3^gv^ls(P)C8vt*v>N)2tCbGD3dr8T()fJZL7@7G`Y|ro zN5|1zjApp%zEI6}MTu25pWW#)*FD%=GL#>98nt`H+#R3)gdmCwG!6)(!@9}wlJgjE z;OW~+anIV+U~fm*lpRZ~Os41|F0*9neWGaY3I4N~&P~HAR=0RO1ide0SHLK(ZrD)I ziIY6W&I{I5(%VD!?&f&_&5Qde)eCL-?%b$isZp^wcd}Co1@+V{u6+RHLy(h@#>D5k z@#ZW)4pVZo*nUM<BRyzo*GVd^qM)pukTy1%KhG|fHy*@yqoHKE7uk^H&LN^cP=A)W zR$jmFWiNX`&HIZmJPlca=6#EPvv&;oj-E(t23IsDSDWToAN_8N$h)(`!}XGDl83VF zN$#O0g*ChRGK}c)yw+#g)B8QE&iDE}7)P~{r<(KDujYBL4CZggYFcbFOMmRWP4Z1G z)+3MF=d6h5Egx4odzsJIX0@dEd%Qqh?Wsx4#UZK2{^yIAgJ?QjiFaa0S<h+JxJz$% z?}y=##SUHHlS8~<Ja>bpKYB;$=NUU2lkP5)by>ehAceeLHs;E3Q+<5<cp_YzH{5Qf zXF=U3KMux2aJ}|;pV=I%+^IflLg-}PytES*UR~;lcV9GJF)pkm%C5aXcXv?qeSOLw zm(n+3j~2A2TP=3edq#QRV`NTGBwg`ps6QX!vR!4pNjyE}9vFOn*&Nr?63yQ4N8IXI z9Uo)7zx+Oxll}a9cdaMFtr=VaP|VP?nw_~-D77H#`NXDGn|<}(2iN9@mqqW+-YQFz ziOK^!Y(MD`w3qN>eW1JPhrHt1&m4`1-C#W3)K{&`H?%u199($1vMtpc<5j6fEL%!s zUP~*NRWdLB^@fdLO{TyY4^PH7{XPX^0T7j<Uic40P$(=#T2;o#@=V?ClyGMq2gQzR zeoxO=BPg|Xw5hZG-s<)`BMlvz(!^RM)<Wbu;_f%Qm-aBYPW|-+r$=xx%;|MG54z`N zWf8J;Tx@DzhTV?jN83X@PhN+KrluA?7Z{g2n%A?m$><~BnZ)?H&p$-nQ`5~QQrCU1 zk4Eh;Lmvg|+7-U^oz9!5ba|#aRqq3CMLTIBkXX@lX5N_`>PU~{ZJ9Dq9iy*W3s(t& z=B1UwyGQM=M<;M?cT<;N+X0C!M%iE8W`NnSWj0yLcJCJ@T}B_*Yx8_G7x`B_<+$Ik zs|;+_pEq=8!CP5R4DqlJa5p~Qz~6+b8V`8&-HrDTM}6O(p4f!67p=3_-`G!dovcTu zwmaS6vQt|U-3jQDe90eA-bg_0Up<<o;Mjb;R5f3UK7wnJClU;#*2>#cWF$JHFBRxx z2R^W42VmcxlbNup%06z%B@DrV+QF(8o@74bjpBO9re*N(mTYSr8X8S*1Z;m$f6(Me z$B#Qat&NRQ;~L?Pn;0r@ywcUk9i?O!f7+T9WY~Ih)Tln!z5eCu4N1TZUS})*xEe2b z+-PfXTP(2Ec9#;>aq(Eo!r^n`LD}qWtG})|QZ2Ma^}T-a-h3yIcs~)nKaw8o)n%dc z;aR?tkbG;Z{R=fl#<zmhv9GlBe*2ktTIxv4+0t9GGy2f}!1Td;u8FnrG~p;G{Ca7# z>iH<}AbO#+mT)Vl+wMCRp|atz*O#S>eTv@l9)bhIM(5+~`o<LX_;GNL<+5=-R%3eD zq4~J`_PE*ca+os^mEGp?u9>m?b*9gh^6yT*DA=TAzS7K3iS`StMLJmT){6qHP9B#| z-jCuKUoWA(4ntdB<WX#H%@^UN$-2udg>+{V-yNc(=S7Rnwhe~YnbVFjXD8qGN2AmO zC<ZL&0I^oH*0iA6s81tWQ;bj9B(TD=rf8N8yJr3E!-DZwIxYvZ%h|sky^Yr_&7R@V z4%1bVZo7R6Cb&64WjEC=>dV|YX)KGGqm!1Iwk*HLHJ8}wtaVgeY&2{h{L7i8F5bpS z6;&4A++_~zDXQo6p9?iUY$iKJ4)(^p{@f3<tr9<G@`1{x=Vj8u4g2$>Z821%|A>6{ zB=M2lb)0$9iU*Pbq_AUwYfAD%Hv78W5~_X$B<1E#!^$10FKUd~938VcF@p;cfQ)cG zxOh>;n<#%jR2uy#o5k_^P$uSG+?msHpma{48TNMct4a1_@X9-7!*M@x4LN5Goz>0v zaJ-6{$J^@?Eq)&2FDjW6ay_r(0kekdqj%H5UD?I+`8$Kin_`Rz_L`!@ag*cW`oq*D z?eK9$q`S*OMxHI)T_7)u?@?M>h)?p<lXH`IEcUIv;u($9jM$<i)dNT6X7+u51f7vm zRf|>)lh<gT+AVF&LxCYy!kuFyX3kKn&+r0?<>(5M4aPEt$JK(|(v@=6q;`t?aZgzz z?{itkqOFX5_J?nOrm32u=E9)FQQ(GfxYBW8!jy<d)LryUAsaAc9+cqGOdRD;e|$m~ zeE%8H!f1Sa1A)RYd}{zu5PP7th_UvL%e80v$?+6!&&$L5tcH)yhKC8xtfYu>i(;@d zr{0suG#13V@HlH+ugS*eCC_9INrEL`-jFrf43|-7m_hLlL5DN3j<@OQSPF?&I<d`c z5#1G3mg;aDI;L#}{nFXUyBN$Bj0t7-_jFztUV_aavH_9CdM>3D*X%&W)sNRKO=wO7 z=c1H*9c?%2tS4a3UkwyL?Jw`~`dC}Zf^@?kJgU{&GWfc=N$U=$A`;2c{^CYgn6<tV zo6+~ylTWqfsPx*TIyzr^kwMpzP+rPY@4Kt(=IOAgR{<a{A{u-&ta7Y8d@VauIj_#* z0VOPEYmC<hOn%xHf(tsMrw8T)r;AaaKX=K5r3^USJS$Hm6?Ey&JaaIGkD(-Ee_i_g zrM5FUW{t+e9m(>A@79;uIZpFP?B|gii;x|3>)$L6n|}lYWR|qlaRTD@(e(-Vp@aXL zC;Ab)%-9-=XTf)hC#04k#6dzNvme#oKzjzjIUX8QC%R<5HP`7JkBdb$0UZ?WlyF#V zgX!V1(}!f*S}9xk&`2%@OM;geQJg|Wxy8Q*NWqT{AJ9$G2Y`{;+^ZiV!?2b6{MbMB zDY1FWpjw?^%c2Nc^;bwvjzw<L$r#J-RFykNZ)QJF!(HJ<@GlUk-IN!pk9p>VpSYod zY{ghDh}-5?i!Y>wPB=-?N<Q(BMg)%DCE9M-g!ZPB3CadkdW^ni=3;w<`626x)Kd|w zIH!>|i&BNOe6!=_2+g7D+vQwTX+iM8(|n%SzJdp7@Lt_h&tIG2VL!3E0TKL1%^@|D zbFzuC*mM0>n0ODO!fm03JujIyC`?&qFCf`RCR4G{9$MrJ;lwGksf7GnqGXx3M}em0 zI|;(;62SZYm&dh}s4T*PXJym3Bt0Ksj)dCnCi=!LPFBdX4Ha3KBaW2h>lmD#=wj^H z&HHv}HX;&$`I;Sgpr__4B#)2LqZ|H?<&qyi>>kiS<&ok(20*~31mJMtlbs94^@sV@ z1j%`fIbLe>DRd9k)LVJFDHsdxBI-oYUkO(~Tio;i08^qfph1RH)whqcg&pTc`+XoF z!vjPMfl`7>DnR=3(DLH)mOOFC-U#8N=K%PV=E9a_1Nh(hA|c^%hm1_Ce;RN{W>}t# zW#A+~mBu4M!BM?!@WRng0qW<KSfYwMwALQd2uQ$8DXjFk6>0}yH0!1W$ntp-%G<A$ z*NnWeo+4wBm$ps&^4OS3pw=_4#|w)tCFF9noAlA=sU~xB<!n7L*1sFBaK@Pte+Y)- z!!6FQS9#WbEX#+}>>QWLNVm3xT^Q*c!+hN*o*>i)ON?+yhKy9V$A+Bk8@tK^Tmt>t z^%#p*XnI|`79-BsI$Uhj7-m_8DeJuu^>><tz{tDl-cgZWn8R#tD8do+$nws$z8)Zp zu%H;*M=0lh|ILu>Rs&)BIcul{5O`LuMRm3^anvlv2gc013)zgUS|gPRUv_WMYLUtn zY&cpczzK>CwsdadoEmg-9C=+#g89frd$(x+J}8qdveQLEJE-GNW244k3z_b-m>Gbn z87}bFokZF~dJ9=hgrm5zfLWfsq9ebX6E<$?I9188p`-b<)BVQl*;<EV_PD+mIbk}A z?!*GN6IaePQF(?I^}ymo9(eGD&M9ydi^k+7+qSC30~w6RPK#$&y5n-bIZl@Yp)y(m zrU}R4N$Kku-U}8|G^N1(=xk}k`=|vJqgSeKvFPlxU0Ba$f*Z10Uye16TGY`l_N$j@ z)#C%?PA}@vG!rV~+V0Bjv|$bLEr;|LxN%C*elskT$y<h5Hqcz)bbHFhg)4vz_K#eM zb00B4<C`l2$g9s(u)zK|xk7YU05MpKD^=_pQ&E6keIZO(@gZyhp_^(5VAynD&jEk1 z&orDZU>868v#w{Y<rOwM3l+2e=0RZQhUlk+d$EJe=MifE3#gPkJZ5+aCM5jqwIh5! zCW8HsNEhr{(s$;Jl2)+;l2F_tZbT`BEqI)Gm$XAkW!#+!|A_l5qi6+~G&`~R)1P@G z{4=Gh7-+AwOh~ls&p!TGH#6ZADRD<|3#AL1QLcj5-XmJ9FL79h)C`dsCvv>vT#26S z;!m4Y)y0Sy3T+KMx7n#Xzm54B1og7>fBQ{Tk;vFMyNVtmviyyv@YT;<1YdEy|8aV~ zZ=95PwJ5+Mpg>)<UvsUJV{lKHy2y}^W}09uLfJp|_hkQZo2cQ*VJW>-={R<KO@5oM zwTL1U(Ui-G8`}n*r$tEFKAkJy_ZGrOsV8}SC05_kOT$SKi|nKv2I;c^kk{w9PMr~r z7`)0*kxIQqN-`_iYI(ir3896RVb-)ll)YgOhU;_;+3jjk2Sg*ZV=ueKLc}=tLiKMH z+q@F2=xUp_VTrW~2FrAMO1C_X9Z`BJrczbec%!QusLxgUVVafl<b{U!h{Xddx4r~8 zU}7SPEUo&U>bZ;(mrRpsFept7jpaBIh~&}JWfBNih)<jOp{*hj=Jm)~v~d|8-zQ&6 z9L}3Wk3{%Sk8{Pi(weNo743q4%KVZ$niy+eSVw)%veDzF{rf(`4W+?MkDTJaX$tFw zI(8(MPrYi=Zwy>1_Gem8pdUUxw<+$!$GgBs-5`6WLsyZopGTGc#dnul??{PqCfquN zhh5c1NrQKRt%?yO>(yv$H9K9uiJEb!^G;BXkj+F0KFUP!GB<bHP!G!oCBk6vO@Kr2 z3?^Pc4xj<O`5!?J5<f8yK5}jg{HosqG7j;7jDqyc_*EzFO8D;p>u>w@T&4gAp!a_$ zraNDuf~_UA5L&kbomF`VY0HcAUq6B9@xMW52EfQ+O(IM_R~L01R2OZPfRO+!-h5PW z4qP{j{ut?gC=(uY=P6}B4X_7bax%i+A4>ur&P}V88&{e5feVW-XX9G`3v$%f)vcXB z__B%Ii|{nTdY-)f@Ak_=N0L-N`|Jn<AqTsx_NGxL_x%ff9qQ?T`#yVb-pS<!(@mfJ zugn++>iz;}D<5;lSt!`{QiqRUYgkU*kMRoI5E<`ndd}U&Y=5vKBq4?!leIfq_-CO& zP(aql5gyJ8D{)h58BKcGR^wUcf;KLPVOgZgJu)jY%XTzz)0c9~M-C>(X7UmP$`ksc zYh1h1iWXaivo-g4gok2zh&*4)^BpP=?lptafms~QpICSgu$E*x&L4XY*|q8{Xa`!| z+>+-CIFTX3E`EVL?@vQIamvOvYGlzVO0cQ%VEE5VdL1Hz;#|6@VXTNaS1(JMh{|*< zFX@=}tsP{%h}j=Zg(tPoM1o#tnYk14<)aC!;kmq^YOc06xK675&>&4}rFd4|;0mWT z_UTtMiTpZlb}oa?#t1dR!u+RcNG;qpgp<BwILh4Hgg7@AE%g{2^xjKR+JsJHSvSrL ziS6I{b{#6mm%13f+nIbN7l4F?m>LZmw44~_&4(RcAwe{4<FW@oW1#cCVF|oK@9?z< zEk*721$idgNIsZMCOhRY=(1{0-`t^69Haz8mvJRk#R{1gw!uYzYNgqCPktXyCdA_f z%Oe>vgpyA<^z>Xzex$?z0epPw_e-$FsuW;fn`q=fXWY<9TT$t7I3m85TmQciIW#{a z5!pFL0PH@wV*!E_8p{F67O7nu)@e50k|bL)G)lK*IlH#|2=?d|yPEmw6F*aaj}G|y z6i^4VB_4j>S?%sNmDs)g8V50h$2DYN#RF|ckf)zLH%-CQl5UsFSz0Hbn$=L+;GttZ zX`A~&hIZzrH7!QiKk}}`%W!U=VHc2OqD~Mcno_S(Q{stzD=Ibaz5otQdQ%-Z{S#fG zSj{1`!WW(mLd-mn9lA4dw49){jCPop^S-XXFGGADCe+>|Jg0hT7r`4evYX~kG-B#6 z>JwMHa+O$n8LQU@YR|%NDU0RPvdF`Rq$TgSc9IU4bw&t}hhgpU4Ro3Yvs`Z*nYqMy z1Bo^3jqMTHPyouH$M_VW6PsfzHf$bi8Vrhi66e(iQI5tE<BjFZeWZlSbK;PZvMTT) zH3NXiks%><z~tq#hL2Ir-<6vTX7qft+}qF3SP0!ydSF^;<9X(!AJ$<{Rjw<tONA(1 zPBX*=e6G*}%@KGp@I584XwfA4h;~cehch|UKPLi-#Mz<<BZAq?)N82wl<%{cxAA@! z0c+}`ySS++Zjxswxo+AnwZK)s<X)gL-f=hA9KXD0n*hKHZcGXJ$hvKb0d`(;b04$- zD%M{<&cI7kpYNW<o5+>q--|0mKAE|Qfi@dI<aLuDL*>gpopuG`SeIW}!<_r2LPVwK zZ-|{{XxFqQ(1(WniKH~-vhdNY(3p|8f7oDyJ8-WOU}Cbnj73N=cSp#x=;4qrdS(%^ z9qP&`A@>X}bz51x;uqS5O^!4VYVj+3Ej9Sd5mW|JD)ioxe0hd7Y})o5sMdhoPMr+R zo+R@M!;=x0YM-C-7E$mQ_=ZN77}URP)?fc1^eq$PWA(>%ahw@sOf1Qk;7<y-(;I2p zjZOeP)kD{>*U8%$IXXEQ>s$W=Z4E47AX!-0@aggYftvXAn)odAY})wvOq%$NjI8*q z^sHYE2DYzmR)#Oc$gYXc%+CHTz@drH%JePD{58tR`i<DX<(L@15XZM7R;F*n{56B^ z8!@tcPv&6$hHMPql5F_Q4BxsK*%|+7{sURRApJk`9AA)$;oAWwrZ33M_C1w}`CH&0 z!%WOyJ}@%>Bf$ElkdcMuTY&Z3B0K#*@Y}V239x-d#LmF<pQ-HsIPkAPzDEA7@E?o+ zXkn)RihzlO<4X%O!#8C9Csd|?BK!w3e@DZ{gwMwOZIzkj+bRpkzrAGtj)>`><gv4V zk8pgOV*gGC69eP-=c~y;PtWol?6<lv{H^*w_$#n~ur~gGCyM>Qi25dn{(oHm*8A_i zFWdh{UwXdKe=q;%ynnU6i2kPdpE+Lyf7M^)ewAOu{?qrLIbZaCwZEwSC-(pJ{_ph{ z&;KF#pZbf^Z!W*n^H2MWm2bYjiTY;fKh%7UvHvqpkI(cq`bEHZ=KtyWcdq{{$^Shw z9A8fTdkHgsS@_@m`R-w4_@A--pQZk*mzCjLE&ca`|0>xS{%hp_6|vBB;IsTQ`zvRR zOkY}9*uQl$GJj|BUl$AOSLWIO#TFCuw<RW~f7$(y#Q&f5S5E%N>Sz5<!#^BzbJK~M zTR9m!(1}{<I~fZb8`>Hf(@7iKm^zt#eUaEX=>Oedz-M7*W~Jxlg@OFfubx}xnKzW4 zQvdu_+UwGz3Er>`tGc*LojX5kwFGMwOq|vaiC<UH3U&O<5D{$%fC}>X$@u6c;h=a+ za(_gmEQ7H4p%=u$=M0i0%dEW{{C{pLl&a9guV0R>t;0`MHN3xBc78lUJ06UswJ;ri z{g-BPVI%Gb;0GE9aE@e&)d4EoHFC@7Ad^rG8ct{ZR}TuH1@n}q4z+<c%{Ie@p{r0^ z&DVG#d_UXvcAO5l-W>p1J%uK%&TK6e?EpafqU&Xh14>orAwzQm7p&S2nt$b^rB0Iw zuRH(z=?r7c*fB0HK9Lu2kgnU~VNGPT%119fVd4>}E6@;%E@$4u<Z7@JRP7U^Yf30W zqe>^<r`Vpmkxk!sGJknglPuc(h#;{E{`5RT6K(vX;xpM0z!SH78#7s}!^+)?QY+|O zWyN=RW?8D^)n`D!@5&w^OPB@py7FT8xynV?;?E0IvopW`q;BcM)J@RnDVTT1))=7F z96eN-$3hNJa;xV{zFBh&pRV1@VzQa96t)!>1=&7(eE>@7R3mmWU^8y96ysPQCZJBL zv<(=7(~b*6s8DNC{3nanz_K%;DKZBj(qK;Db`36jOR|I?y?y#1Fk-5q_m1QApT6?H zA-mlC2K6!kaT<%je++on28EwN0aOE9U>|OIp8&l;@niTmRF5Ag{jM0a;&Y#ywh%PJ z|0X%$n*r<Yy;mJH^g8Kx8X#>0)c*i9lbEU}F5Wtz<E{g|Kr;HB1>`F1p3MdDQKi^e z1q?Rw+zILfS^m*F@FE9%m+;!r^@>aVMr!o@i9#Pu^HF3hF93?7^nWj&I-v_eO}u6q zOLF}oDNAyDR6(~*?UvbS0=`@SbbS@X{O|xzkNl|AQ^ao|Mm`V+7;2m0_e}x^AhF;N zi%SBiw>9l(>4@APOuykeac4dnW_&rI6VG)4%?fZnN1m1Bw{>CeKCj}$^bXi)LjJqv zlB>sGy3n3T%+Ir(o0qZj+kALK54IXW|MvSS#IJYEP*y-%jiL*IIwS!64>7$EDl$LJ zT(?^44{Lg?gD&o7?BpJYCD5E$!V8g@4aXo;>j@@?m(`iEr?use3V8i@G++16C0&E6 z&zR%!rTZGsg0&pg&Lr=)*FELKPuAv6@R^`fBBr7cEG$yFboM--x8|D7(lQJl$x>W* zf%(u8c@cMYbBXHa5_)<swO@R`N3m^dnO3^ViwS8AZn0cE<4Gq@g~Y4YDpK*wM$AXf z8d2m|*uQ{w;<Z_18gBRN(@~fAuy*S_zMcqGL;_}9TGz=LM}iIv>GvGY*A3qD;4qd{ zL=#8RSKsC993@VhtnoSO4<T#iX{e12`1IP<B)W+WCas!$;d1r$M9+zvwM=i*X&T$# z>a<@9{2XZVAgpzUylJ-yVv-G}kYRQm)G6a9RdVYM#Y*3c6lTHxU?hM8>hqXDazs3? zcS)PE7#ND30WDfIvYWCgrsNN%bPvS?ts(3e4e*ox$(txq`?bGKVb8HRHwLHb2@z{f z^x)Nk=yobUF1e1C=eOG2>G7QtEAz6yIAh-FK9OQZYh*B{?zj~&qaQ==sGe|i9HU(* ziFO}zJiR~Dyo!r`E>pqtnbMj@`r+tI5h}5l;gro%yjSCIu7x^xJ)|u|2uk%lWCA0Z zsB-1NtFeUNDj2Npt^bR#cYyIFXxqHc*tX3xw&#p(+qP}{jBVSV`HyYewyizSzVB|b zoA1jeo$AV6-FH%Vx;yF0Rlf_`lZ)L=E5CZkF7lPQnmN-LfX3|%l&i$us(`P|Z^G4J zPd!QN#OvHX!XS(>qr|<k5aF`k3RZ6itMlme8vpNORF?S{eFxKeVTHx!_PNc3JEgf{ ziaxVG(_=}3eMjRW<0OA+dKwPj10s?;Z%K-gD*#61rs`?WnnV5SbIw@;_-kUg%RxJs zHnypJiKMl4O3l00#i{?NJ6m<_F#<ykVg(}C7-3ij%OYJ)Bxgr*sVe*CY?CFkyd%9l z^!vO#n?Ka_ozRnCJ6ulAt|I%Ql9!u^Iu<n7>AO+4HtV<)!PRwH5lM@LvYVKREh{<q z8mcunkB7BkaTMCz*vg+-vf8NMLA7hZ`5n{70t*G+E7@hFrh&~Yh-35Qtcb+Y=@7MN z$qRGCGZbx+on<N3f%(d$rsOP8H?<Sv?49b%dcU79J3zP9u<+di@LnE?F)5RmB5DHS z^z}PV=iqCtOibsxP<-X>T$79Y!aJv9I%RtKTHPyi#^}k#HC;Me%2JER`UK^WziW(k z#Rh(2Ii<Y_86*8&OGl_Xi^m0ACx>fhQ<Y3z`J)TXww5;Ql=;ZdGWLe~(f!e@V}`5x zCf}MoTHIC+4~~8d6K%7hInY)q>9C)C6QVI~hAH^N2pj&oggXS`WN|tZogLBBXw$%a zGZXt{pHP>6ODMC0%zPknldoB#+$(RY8>7gdV5KIc<&jhq7h^u<Sy<}lfR<1Dx7t@z z&%px7SNp<oqn99%sUNy6iK86J`Kv}qRb@E6o1+ZM&GA0!$uX75t<k?_W~Hx70ZWwV zglyH^lQg-Oca!>(@(~@hXLTFQZOCV=i_%W;!c)c_rQl&%@%r&1Npjh7i0ERPqK9&{ z)zurGob~CHHa9rs-@d<ukA2&1S4Yl;o;D@@GPlH7y+cEq+>55m3%$m!R6L^*CL~z! zCnRndgYP@6GI%h3>|13`f=ic~Q|VeREwBdq|E%)<-NNJEW(p1EMNM~g7}>(EH(Yn} zxvKPX=k|Pc$sBN+>olPvV7*P+Z?bM>VH>Je-iy5<=33#X7;nG&Qk8yuD{#5MnJI_E zOvQ)PwXQkc`G}Em%;slIQv6BT`KMuc?mBjeF#RLtZhcUuaQ9hmpF1${l#Gf#9KUp} z^2oC{dP+yI#?dTAj8iIO*N<ZRDDd0g%*bd#H`bn&ws1gaZFSpuHYk;7_=qx<$zn+8 zx4fMFV0TvRlN&+OuXT;eUd$@K%FJH}XUIIjjUAjJW-8?4CMXi_nORG;l(dQkt^PdO z{Z?i?;5vVvQeg{<5+4&Hn4PZa1U0<k9~icu9zmbe!_(V3Z_B}lugR};JjbdZ%}4MP zi1&tJW@LT#9!q@4dq*&bBSe+{IJFk`mG0{HbDEB-c7(fkC-9!hwR2aqXipgM!&&$h zIN0NNNT|WDahT-EG9M+qhho{L2Z!N-B4D-a-4Gw}ZWU1rB$0;igCdC|4xk7N1Tv68 z5((Tw1&Ze~QxDrG?J>jp4c_Kr@eSQVz`ihj!VlCkd?F9fGkoF>h++AL?&&doq7H~* z`X=lRz!Dg?h3$!9sghn8x+4r^Vr>uFQw*>(X!qH34&cGo8oARBSYhf;+2af-Vd78N zBM$|P1nWB2jrDtllkMr0tJuMJdv2z4oxbf5cN}Y$eq>lJ_<rFOscDCp&mjxL(2F(c z*DrMI->ny)P1H&|z-BNL%$YnOPUU3o=kU6Hp`BSwWK~+ucl~CJgAC|Fb~4{so$Mv) z$3aB&*cJBGbEJ8AHR><rcyS2j?JxH+)e=8P-(ItlhQf<}f+V<fG7G5?OAm>w|03Tb z84Pjw1WJ6X_7SxzyH#)`T3)9jkNIdZF;nH26(t!F6zzkb)V_TE=0|usm=#`k6NphX zMaVaK0tEUimcSPrfh91n5O^NQY}0pZFz}FepNYB}nVLe9gdBRWpTJ1a{}WWpSnYno z)jIgbS+j(}Bg5m3O}%|gV}9n|Abk-SPN49ge9lXiTjZzK2O`{fRo8{X8G6~+i;BPN zSX!QLjd1)JZPX__Uv>}p54lLr)u39D!KAnu0zkNJcF6Y`MhHClhp;+KVB{>u9vvE( zAGg{1dca&tU=L{2G*25e4wr4R<_)x_5xswa{XE2IP`bZ*EvNmCO@e+1u_P*<3;f%P zpG{4}>_0AbVvG{@KDgX}7&o~Qkk7zSbD*pEvyxE~;PZQxV{)9?X$j8j*M-D#^Bo^~ z9#J!nQpGT7Ipy+2wlxOcU^b-5Wn@<Hr+ds|3<FMRT-gQ-J%j|~{$A{X!}9tz_}Y~Q z@N$|viHe?v%J%K78Qj_la@J@`eO9hOezW35b`-A5cecRq?}U4R96zP4xIlila(}P) zO<fRr;0@|r+b4747Q=f*3?MtFMdG~^hn39sLEtiMGE%2TQ#|eZQyBxlk03MQ^Oht; z|B)*vBoZe!DZ<qoj41*Z)vp=(WHANeG#RA|!b<a~OOW)IZA^{(=aY*J!npsyRWNeG zDjYRKPsoM4748mt>^aFl^htL-!)R4E<WGX7k7Al*UPOaS$xd$}o>SaJL#1vy_CkU7 zN~-}Vvd$$VVIE7g2pEw-lGO_Cs|)uH{R3U>+Cci_&Ih3~m_choKeioDt6s&HxUJ7( z(Zq#9A5Kn~MWx0}sWi~ZMC;A^Lp`$tR|{+=F(nOGbf1zmne+$xhCFDB&Zc9{K!$ZA z1l6fm2D;+DGF16U)kMui#iN3$VpFAtS}eJHT(P)zUinT%o|SA>+}MkEkv%pgajxiT zL3BdE&xifS;&0T~Q-kk#bP1iHEi8%JG24FoG9?Vo9i`RaO6eJMMu!BpjqVL!cnWAc zz~sxV-}gtKQ;=T$Drmrwk<1n!cev92PI>JL=Zc>og)#VV8A9Hdj*z3((dW8qdtQqP ztd;h*3`_GvM?}7>?r+1LG}{8Db6WAY;lZ#|@_&{R3fu^5XiXTEsr8=ea#&XWsK#se zzk3MRF^-CUft>b0aEvq@L0wS}wKYi9h)VfM+|cnhzbA#xJvG4V@j5G+j-K&V;r2;l zsY(OpF0p5a6pHdG9->PW;F*w#i=dsLjtwV)CI=WX^w|v186MIiSU8cRgh|YZ2}Hhe zInmw-=W#qJ?j;Y4M`7Ymh{Z@|gnh9*s2xe~jSuY)<%=lp&5iwvem77wa5hlQW3>~_ zBWYl0;Ao&|;8{dTM?}YviU2CerUhRK{046@c0ed*d#HCMcLNCh`y;y1I`?Q|Wh3EZ zzCxbDP6zG~ZeoW$hi-z>ad5m+5rVKjy1DI()N2tzxi5o13{bQo)I{7UG@b8gD3_)= zyfnJB{okO?!&-XofHrOzz77Zn=vI+S-SUkY`~fJ(&ntF8Qx0Rx^^U(4&AfhWIASdz zvPk2Qu3>Ce7J4v%_`@h>@ed5Rq|x-y^+a`1Hly27T=-ySn53J#uxkQUW+UG^+&5e% zMSIuL>+jJIw*p<afm-8F^nq!@ATPPN(}p4B`n)f>fkx6H#CGwstl(&RpPC%j^bd%h zfnpgTuD)jmWEfy<Lvl_@<`5j7A*=kY+T~{Xe@*sR*T>}{oy&)UF$i$eYl2che6vFC zQLeIZm(2(R`NBf1+U@)>Ivc$$_-X&e6gGRJJ=a3|aJ9~UZF%juO}oV>K$_QQtQt!0 zM)4gjqcyMA@$+N(Uw=F7!7lExwjtH^PxV`~zl2z+>TqV(I?NMS11au3rJ2{pK7`uv zZZIi!>B>fMdcRk-PNMI5d1~c$V~X%^+!OtMnY{>d#_{%{|GC=;b{H=r>;BS3eF6rJ zT^9-{R97aTrG{PaYQe3Y@*?;dVTNb}@i`bmE9Gv5{s;8@s(%@ybsyO6171o9JK+o> z#XQ6kWYUdMHM<AOIhgWVwv14@m~&jeUe)@T%!pX`_p^A2I7!Wc49QzZIHS9$t%!n# zx;aQ}bo@uX3>=abiwxCH?&{lS@m?(38xV~{Z}s!loXxUL3RN1me=lD{cuj40Wot$E zR*V!GMFs9Z=x+?9g!I%Mu<*dI2oj5u_~l|Td}qU_JZMHjrZq~?624JbIC{Xc&;y%- z@ddjBDZ8)UJim(=S34A(_}UHZE}ap<Fc@BzooH=g)PB9n{qa|90%Y_UnAie-H<|m3 z5^$l;FCpd?e|(I)ohn`7s_k(!W)AHUH*GI*No&y9hM_lb^OvR>oC$u^Jx5(JB4T9$ z0a%(mZL~9*VNM?u!eo)~%AV9|Osij;3Ba4_UN~39YzK95JJmI7PL5I$GiWZ|Y&lz? z3O8=7L#r8&?jjyFMwulJ=CyHC`u-7QZixe`6Cg!z5v%l_N2{(JUh6b!37({R@ZdiM zy}hq2Rzn|^(6{es@UYcArzc`Z?iL?EquukhCs!yYalAplsj?)_6(O84T7&dK7l|JZ zz~II6sR%ibY~}O)T@#IeEDn~{MrOSi9)H4-y<9_5_Dk;PrYL?vevDPwF$TPNsY>AI zHS0~x?GnY(SW}V23Pf~hv@EIzvl$A!Y^SXvUU=@y+|gMMLPwjvr}+l6^o+YZ%1hv| zV0q(xc>x2PJn@z&K~$Y8X6cSHM0C;S4g<N<oc$JC7eN_2Z~j*@_;M9lu)G&C_dO)z z1?aj^9`C<Koy2v7ukhaRjWIcOotvm&XGdD1i3@lf`wvxjB*^?1Dk|URQYyd-<7Jrc zdKgf={|u1XOm^U8RR?3|q2W|5PW+uHVe6>D)Ve5<Mb~j|x+(lY70?JEOI8|Bmlf{T zFlt@9Y725vMmPt_Gx97_66IPN7HK9@2Aap?{vvEi=o>2wN{WOVI|j-Terl|#cNyU; zdSBbWFc7Mi%~Q-bbf)Uz-?f8h@^ScQl%N!UU}w6$6CIh7^ueOJPtxweR~keulU3f= z;E23P^JS2*D;dj$Q&0|Hn%8*}SHx{T_qs4P<2yj0>1k*6ec~0;(XWBQ>mZ8Un(IId zQ(bl_x9^*a?-iv-(MAZyv^Sy{G%Wc?t}1ZYgryI(@L;(vz9wakV^kLRlh9$drS7yz z+;c%aYRH=14rZeoUn)PO5tDgF?;O5AJzZv%+VBmKBpD;rmD1$Gg>vr<ybQusFz}Cm z%sslCT8<A3o`HfhQJb{HwydoT>Dy7;1yIZ#4s)2wNHlsfv5=Yw#LrZ%oa0c;>f3Kn z^xcv*=&R?(Cxjz?-R!ez{mPo$csrXvg6Xfk-k$TBc_L-rrP$BVp`Ej{n`)5FR`NUh zx=_CycApQwc~ixN-AVk^Csc*IA%u@I(pueL?0CAiG3ZwLg|f6H?82&`BXgncQ0g)_ z#9DvvLWP&9T_X)=R=Rc7)S2zt>UO)xZ#{a*X?zcw?oH^_>q^6C1?vnl1Pm>z_Xp(g z6?gF{2y^KQ{`bkm{y}7_e)!y9iT>&A{_$47@AET^TwV8@bsPQ;s{xtLR$H{43o8%u z^$$}Pbe{|yw}thZM7bTmQ;ae<m~)$$3!hSDgSouzpfnhJ+c}w)ERF<R(WbyTOQ6iR z&#PGhVUue9sM;qgs@!UqlBkO7f{M<v^BNbfbGZ)Ej?YEDjsQ!9M}OaDjR2tJ3Oqg6 znkG;qbL#V%-_XCuVV1M|=U@Du$pd!yRszvi+mDxXH#^TlKiv2w61)nFUioa7PHJ~t zujF(&7hN7DM6A9MPCs15gLn}%Z+Vu?Pl*^O(^ymsi3G9N&}F4iXgq<`wk#Y95Y+D$ zm$)oYpVCH!tI?PDRBzVgXhR0;eMSfGQC&ieu_aE4QnM~)Nfz~kv7_aK;$6rs!4s1` zXZ6noKtLG3>dvkVu`iSSFI(4$g1L!wQPB#>!dD`wQ@P)(4crco6qU^1_#fd=4zCcb z*KS8J_(@Vqb39Ej*6g3|y%NT5Zv5QOp4k%CUx2XCc^^#AV%)aec%R-=%tQ4>xZ4OJ ze5o|xfcI!6%%iQ3fjX{N9ZK@VZImpUqR~XUT&!W7f?)X??X*@erJFgxDG;{NWm}+Q zStx!&#PdqG^W(h2ay-Kb-aLJBcJp<3n<~RxpQ;)aJJrj*{&RqMm~9#T2^KdAThjQk zCo2%yKMaw|bgJ5}>QbZt4{cjezgo1AoN>zlB*tyM_WH%E^e5l&eLtVj^Wq4sw7+C* z_&MGTPeWk8=U{a<hHN$*GSqhq2rD}7#Q4l?w^+Uq_&WT|4J^8{AKW>nzY^#8qo<L+ z{b9BOC)JpIXWO>k-!Ke05sQT9u_#!CZ7Le6TeEJYu8+Y7_BG@U7}0!6EF0~$(qg)P zUH~HzLx-)bdA{1Df>s#_)3fip4U8|HnMDAB>UO!$Wz++xVE3;<nhjCP;(CVl86wjF zyKK>en|lIhciQnMGOYss0q4!_@UE&0yIt@+Wi<xPy^+!%-~Wuar-py$q3LD0cL95P zYLw5Nl^;PeHNVcd0{o_47!_&#OjdMlY09}@vjMh1zTT%pg?DKzV604n)SHBF^Q0u~ zNS7P^yNhWpA*`yrX!3Gki%LLG7r1vZVp2T$vzfRd@bFfC#(krE;*GO9=8XD@A$*1! zBT9A$XBva0^_W?%whWfnE1|YR%0u*~0#x0-0VH6r!3g>M4sf+%KhpDZUlD&#JN?=! zKlX06e15*@64s<R63~1O9`y?7?_a*Y=RkVimW+5ulAiYQkuEVE1|a%^<B8*J8LNfN zfEes0mdPF|D6T>u?40o2y*|Vx3syJ-M2X^c4w0W*Lr&X0n%X%2TwPPNgTTh3%N^n0 z$z{Lbv9#SB*Ch?fz3_SX?N9*owAz~>KN0y|;$3qw`nv^K6(jL%d{R-l!rM%9!hzc) z42M%(w$!1Eut>SbvlZHlW`{(Y&pqNa3x(_1gLdGPs{(rBbg$lD931L6{9g`V(MwJ+ zJGvSI6s$cBTGqUa`{o^8e~QTIPHHN<Sl;7lZb-FRG}&Da8G^!4?NhD!bg;jkjsYVl zEG7apC9lzK0TV;)T!fn5abA#aVim^6oTCr-@3=V=Ek}VpO-cGCA8yU|;oLN~`noCf zoUHmk=@L5wTAo$#hI@C@2fGW}ZTvz3f1DnmHnRe@<stD5dbc0p^V(a8lF@|jfB!DP zIEsUW!_!ou!mYSHQ6tpgGz?dyu9O>I&~pJ6Nl0wn{g_C-oH_+^6+s6>$Css419IJg zOSo$bx89*gg^wq8;2pQ~gFFJCnlb&gdo+y3;b05u;W`>Vo-ZUsv?ovLCoa-XJYslF z=_a1UX!%M;f!PQawLFiw49#Q5W6V?xX&(+MJ8R=p@Wa6uJ&?22f2vKkIJRwPhhb^k z@&0bN!}bl0`><w$)8Z;DHHLCO4pW|NW-k^|=8-BgCXld}1(#658?llJe|Oxw2N;mg z{+4{7JEtG+;^hqZBWr75py}0FGIujYLpl10nx!$u3)ALA7j)JS>ut2WUsmq!Hx=|N zNr=@OhJ0Yio@z2+Vvkx~${V7O4EqJ1y2&+a_=}8+3RzwdlO%dcp`WF1aX(+!mDFnt zQ4*DgzO5q=S!G3aDmySZX}+z_;jjKUU74kI74;|^R8Z3jtHHo_`dg@NzMbFvZINUw zaz=axI5$}q24`uh67fMo^xIGprIvP!B@5a4@**u>TyWCA<**{s80Nw%+xeo72G~+^ ziOh{>rF;aH3FP-@m6HT*NR}6HPn+^ne^_e)E4#ZLQPNqfpUAH$kiKn0D|#;HNcyO6 zYZu)v>DbirJEplB-dbN@58uvZ4_n@ot~->6yBUm>Bvjkt(*=EnI?7DNxqHK4h(Hk$ zftrAQfb;n7^3%)JhK{<Tc9u+}q-5kMy}6My`B3iswieaUPGlLP)!Yt5kVvgz$Y$uE zh;x$_V!T)sNU@Jm{JN^TdcVhhc7Z18c0pXXx}rK0F4R%!wE$u;p=TDzJ!z-V$!q|m z_vjuXZH6N8el@GQOf6M6DWbkW(6!q3#D_RTI>GeGTY@_+pzNlT*t74`$M|Jh%J!s* zi*}DQMs;FGaK6wEvJYTl+?mGZ{&$YWy-o^8$6rBkSpLo@YXu1F^hhOPCBvr1-ms}+ z)Y&Z6stPdf-?={3zLoJPX=CA93=VcyeO*kT@EAIa7YUMd-8?s%oG|!yI|See8sIH) zF}~&54z;gDOC_U#{Qe+0-dsi85<He}d*1KuUxqP_8S{9EEWW5wf4-{7wAF1r$bc(q zay?r#5S(SV6n%@nV0M@JPQyCfEgC;XStx|jqKn>M3!f{dTAuh(E*o-#ZZ&pQ-EB93 zNgv-NstJ}51Md6fi68n=wdWp&HwKn0C!Qc*2V0f&z_0W2uq4J7XV>)*5=)>1IA7Lq zqphInw7wuisG=*&X?q(>zM9$DR<}=e?n~%g&#=oTz?M>jq$Oi1D2ByE0+*1GH)u+= zvL>=A=S5|Q&LElfT878pl?ru|zKPG8UHvRXu#Eu7eilV)+xsm=Zb_|FYtra3XG~~) zJx(Qt=s!N3QaIVBr~8$(GB|R_^f;T`+w+msNTv+S%Q^?j{sHg>(<=bUG?SO?-RTIz zIuwT@a(2?FJ$gZ23pyho6{4rSbpdeNu;v_$wVZ)GWFc)MpRFUWV`oeT+aDQ}CHGj4 zGzI?14d!#wLY+xAKW3M=?z|-hKzN55DTi*3P3^jgbaEAna3nQI212M&!2l;r9L$-j z=kb83O`zO+wmYFqV|B34x~1ia`xzaL-|o^qLFf3?R((xX!!f%70Qo2HI0QCteaVGF zFt&DB-DM2eWZWa{a)7(haVuY+50U)rg^JoXr(rTTnkr|m2nVIj8o}^2RyoOKsG|b> zaVUcMGvR?ZoNA1%ve&Me0Ku2%r_0STiI;@90#of4&wG7uWx?(shzlUxxZlOU6=ll! z>x`O_;+FE}<*bFqVerQiEM=(N+*yeEc4=G&2_V7Gs>YkhOpf?s?%QF%^vUnWV86^m zec4D_wuUS~g(7L+^<?HYuHboR9^ATwE%9u-7ED&fw{F@;KC4L@e>=@&?S*VcYRhf3 z0kES%NFGK?;d9cac=20DsFOy)&JrU2v@aCVvtxc7jlkg-HBcf`0vq3!_ib(}HVs#7 z`OFx@FGXZ<!#fr~v*1V)Lb}=K9>+;O>&&G_C_!29rK(70qwf0(xFJ17*qow_?JBt{ zjORfMS&k|m!$pvpxhWVRZHRoy{_V4n0`CZ@t2UTWQq%c5j7dDV<7)9;Lctl?`k58N zu(SP5)!}?Fw8g8v{WRm}wttuzSJm~rYJ;Ksx<#=O*QMC}IxR)F1}HlxGogQ|Ett0W z3pY@#T#9dvc9ve&s-%{lZZTRW`~^3Ol4eC6P;(>U6%Mww$75@$$1_Xjpc%%@igYIG z_*uytM`nfq2Wz_}fv&T-rkS9%qN<|8ds>0^az%+C#dl8|$3KNwjS=W^aI&O4ogr^| zykM4iqsK$!X(ajvdM;%_xh3d|ZY(aL%{g-*;s2qnG~Vc=US-{{+XCj}%zq10$iI%Y zH6(Z7mTj@`X4C&c-Pq_(pKA4P^$B?Aj=n8{@R&}JY3N(l){N|S)!(qbgIK*FDPp;G zlmN$kMu`#^UMKsG=|g`m_o0?F+Vh~(SZ=g~aW{}t+#P(llnMY)py)wnwOSrlBo$MA z*kB1MDutP@UaE728Ltjq<^HJ5=I{wyEQc2J8c{C!m^P(K2b$f<5UDT~r9E@q!dtBs zB4qtJ2zoN=A}L9kYc1&7{Jy}g>7BfXqB;|rhY3P6;wg6Vpoi^b**RiZb8K`JN~B0; zm%~pK@Ug3vpXMzXGv4`Q%m+-Yfq+eD{1uc14uYp^dsa+_G>EdpC*7UNyjeXK-7%`g z(%71QT1g7)SG-ejdE$R?ng}E)XZ*}7=<eqAq4%-9JAamc9aAc`_QH2k3i2aP3`SGk z`#2%IPxl>p7We5a-GkPj#)rm-CiYmGonf4k!N~jET)g9#T-5xdReb;LJohuVSWeDb zE+J#7n3%Cx^xxfu9uH6Xf1!n+s3I@D{~CLAA@u?Hc7Hp3m4+IGk`Exj_AqsokQVN& zns%iY$Hfq2X6XrGzsr?KvVKJ^C@#SNSJnkTeXhxQssEk+jGwoDXHa2uDd1iW$zRF< zH|Gn1>UZVcrJEC}L%Tx;gdD#f=ByYfh8l7y>#Cn%)^fk1t>-_FU%nT`EVh1;{xJ?4 z*?$ySj_ko#9>jnV51BC%ELvh4nVdm$xC6a@bJ~L$v!>X&O3Z4pe4R~Z2hBN=d^8=@ z|C~bp`6m5W@4o{vUrZMY7;27YS+aq54gdpxI#KG<7ktr7@Y_VntE~z1-^mMJ;d5i+ z8{H$A*-UvoL1&e-(?Fjr&zDxwu8r+Uj1UN?iJbn^reAW5o|uJ&Ny~75HQ4pN7k&Y# zh<@UFL5AcZMdSk(h0`D!^{KSsCm8g=C*suxz9WZ`L$%_Cekz6ypWWC+`vj%&&HrrU zrbXFIsN1lmG}gaB4<aouL|f1-um9!7sS%tu#&uweU4Z<Jb!5<EXG<3ALzd}6r0A5! zf<KvRl$-o&ZHO<|vl)W;dGlOT-0DCL?Uhs`dW-POW2h-1ITDP}bdb16LW^9clGG+0 z&C!tE<$@zVTmGr`7H72%6zWb({r>lE)=iezm$+hcGB{&GX@wKPNzRCyF5rPWhOf1; z77u~zb<jYdiEivk0{$V5qgC>QcdEuB*-fp;$kYaV&J&b-zxrJp2xjFi_Sk5BPlZ4{ z$p)3rsd+IZ3GGT&zgFNicDh7e14-rAp|)nv@Op%kG#4Wm(llA`Gu(7o9%MF_@3w@0 zBak!ge24nX?n<~bBmU&o?ibm2Yfsu~#xx>7uSsm<38|hp7ulELsV5K~^Tdf1*8|#K zZtj7S2wh+>LZ{+q6WVfy#};sYWx~(}Bgc@p$U2VY^GWpa<p$(4>rbP)Z^R8(4u6un zX>h7=I%jRR&pWg~-p%B)VNrQ}v)qA~@HlFH|LV>{g<J<zXy*QJp=i3i`cq%9t(4m# z?ks1dx0hbAOASo|EKA)?5=Bgj*hNGKM1R|Sz~f&fs6!h6(5!6ARQVG=cluqZ7WW8V zKGsnDVRn_QR8PUKoSJHF4V*49lRMxC|7mIS>+%`SR^b}6BW2p~-5u^-76EkY{!3Zf zn7;&!Ont^SXkL6MMom(WUd3%2lRD1sbS*<=rm{+!Qb;3G?zV;p?ulTc?;W~!(2Tt) z;j~ht%r0~y<eMbEuRCEBqrQHX#mHX1R28IAC-110#$AH85-J8ZG3;;zCD97)ts`a1 zyTZJQPV897RO3|VxN7C%4z~MShDDT(aEw)*jg+Z{>p^DT(I7EFPv^>0!8%$(MS;O( zH8cn4tdzlOKAJ|sCBg>J&&elo$&sz4Ynf_Mlf<S?9+Gk%#&B-@<+rC;_}8Uu8FuC} zpT-5`!aq^X&nI(V@_I}P?cMD4C)3u)#v$y`cdfz#Wer8}6z6UTY^CeWliYo*1wIwN zYz{OI&9klO@eC9-^CZYPRDi^nV@qBy1VA0+TV1w8RMRp<MkUHV-vaK~j+#2KS<~QT z&74E0odpk#o7w%dE>Phw9df#*bQc_g-LP|<y{!Cg?X50J7v@zpIc7^mxhPkh?tAu9 z9;<s<WAD@a?HQt@@#z7<VEZj(1d~D9o4SH0%#Psoa@FP3Ax&bwO|>|)(S+4={re7F zsW`Fb)xDu{!&0gd=h#6!`z+ptxDuS(Or3(!U@$mf9u3pj2{;95=x(F8KfEd91iiou zce<$+ZCyrR!FMHYN1(j@&gr-W3uBJak*vku)I!yWdNE7aQ@krX`*Vw$xkQpE_Ng=p z(^{9OGcmswc4D*OUFEXrrs&GG;OqKdXi_Uq{axwIUH?=<G~Gv1hIafw=X3}Ya1nPn zJ#y?Z=9%Rl-^d?y#71$>Y$N;Ry5FtEK7bfIhi@Pzf!y-tFX8*RCdJA%SsY~@^Y96y zp?dgmk=cEZtfPo5AXRrR_cy4H{55Cc&R_F?B{;K<awiBPxR|-`#C)mF(OGH&i%w&H zuuc@^opgW7;+qM#g?yu3rCEPA5K4U>N`Yt5ACqZTImOI{*)kxg_vL*bueJmVA~8=q zSSgudp3izCn7@X^+fS0k@0}-_y`VI;wn1pzq`p(eS!Sq+?gNUEJN=k7WbajS#zJjN zuJ0W5l_h&_ep~~0EKQ4GUr&qK{k{FPm<qD0kn9;De(7HU78S-O*b%Nfw=G;c%0X*R ze81W%q9d)`iEtQh&-ih2e&(W$`Gn43&>gCJ&o(Wyo?SR^zf3V|?y2T+$9QxFH}xYr z#rPpqjSR%ZZT`9W+I%N=Aou=Vedl$M`p&1ZLy_xm<CE*{_agE3)%`B}X0S~)<n`3u z08m?g8GqN+s6Kw$YVdAlIbD32c=y%Vq5rXak(!?Rj6ExqOMBC6a|$iyHdpU3+0SWz zSewS+wsV7b0~DXI3tuTc9k{vFXwVjj-<>phOa9QsAABy9V%NW|z<g~U_2{4ujwz4m zk{=+&d3`h8!7tn{TkVwAuSlA)z@1R>+ghB*br;%ad3IB3@rIz^>&-uqjJ#nO17N}b zzs30fQ-b~fR=NI@fB&DVR-M0nmIDm1p*OzJcpE|v856FM0dq{F23zVa{~&r~%rp%O zSwh>s4H#T$z2I*@{C8UK^E%x3P>(ne8%BY1iALJ}<LCyxV~Jd9yInF~YPQ^&Wlg<b zEu>l8*g=-qvp2+a5$qg1?F_pLXKJpaIpiGPx}IkrtiyI$@yN;*Hhp`PLAugi=~x07 zmy4WpKI^jmpPYOx;qs~9pE$$dVNxvUYqP-><wct2ImMbGhu>%1tkKUC_OASV;hi<- z9c?c!lSemOLTkwy_epq3gq(pCUA0u9Y31I&zaT#CDE@z{^&c7a|GQc&44h1C|63Ex z$->0U^nX_GpC;J*pC<S<z5V6dtI>_UR>pO$J5vVTARri2++W-_2NDSi(GVR)0y5wh znIW%?GHQGP4a_D=yt<${vgv$^d>`Dr&#<{5oOXFxEQFfxx8O%BpXQja+4Xhk;EZqc z&(BM(p5IPRr`hr3WO_QY*>o1Cn-DPKFY&(MFq;LlBa9N6_HulGXMG!~jfQ13p@m>@ z|H$TF+6Egcl|^C*Ic<1(9ytETkzl{k>3+W{gc9Uw0x?j-r0O;j9)&z{ta@Mi&dkR? zFTeR!*|-D25D>*)^g?SX9HZm%V@$N;O{i8gb}>E*()=L*xz_0Ds($MI@sNW6O#ya? zNolUpi02%+9D0uWtEagPs7T%*YXVLmV}7eK*ID*8pa1;ucfSF`RB1HyIH@?bUxhaw zrW)?qAAd%B3ETNW)E9;Ery^L@Z2t9op>$=kIq6&EWELn0VjG_;>!^0q`@FD+&(}5| zvI9$fvGNm^VMX@56O>xy_2R&<TQ&GQg`)`9ly$k25Ry0=9G>!+$r==q$w4==8n-pw z8U)C>Up5~S!hX>4TCL81-5HqG(tX^YAF8k*On=Ix0u=ITftn0gYTQeJW1Bq))q*0v z4we)<X20Yu_{+NZZ%ss$@W@M{pdU=?zz^7MHUrKbs3Dc1P=W2AkE)-78{8BaxH%_t z&W#W=1EBrx2-hih_0S^-1warZ-)gK+i`8>)th*P^a{1?|8~?n_=Y~Au$&!^_P!&h@ z8-!I_WE&D(G5iDe;JUjH*gp9^jkW5;ugrJ=)XC1^IZ~zi^!h3Os{fS<r4`-sR<JYM zcu~a5!)K!9*Rnr;h{;Y1>`$!!$M>XP#RkaDXX{KOL<*rP(f7uxGIGM-U{X>dD2Z1; zhz9PCn~jvc%)s5(mv~kv32{MWfD9qxR;dsw(HVQ<e_!}7`oHe^zq+?O5T8nQyBjJ0 zN#_RA@UW3W_&>9JvkUFa)s}l%{Q4U2kxuFX@upyLV52;^*d+#l(<xt^8+vqg|G1U6 z(WJe``SwV@g3+MI3T57M@)YGlBN+H1h#3^f!y{C9s|mtQw9gozu=dhMm$>}xuML2U zsK?~DGU~Y*tR3WQ?S=nlV7a?70Ps9>s|oU@%=E+G8&plYw}I3NxubjV^?S3l&_}g) z$GS}DQ`7e|e81R3>;Q4e{L;4EP@MhxS-Ae8`J-d=-eMx&--CaOKl*llV^!Y)bT!a3 z{!^QB=Z8b;{Hd}<@o$3v=Kehbj3H)rIfL<6n}$dv3`9<yh7*c(m$73qfEW{oOdec? z0jxv-Z*ia)(ce`a^!Ki18@Q_g`(wh~qe=|TSurk^o+eRs%JN}%@3$;)tRmu#9(-ax zddYxvbSKCxG>ie1cKI{HPxtp+>(AaoXhLih->Miu`TKQ$?3w?X@9S(ti9hFlIz;bF z3h9Rjaq5kqU4T;L$U7NGWfUf;LUCc9xfgyn9L<T4eTE%Xzs(OcdYs;0Q2Dsc5R)HB z@&K=*!iroERLP1yRH|fUDvcAylwErrGYv%MCpd4168{+R=H6p4X2r;50q5|Sext79 zVLbVFieA0-S;9~h7doAJ?#iaS#lYqJS!&XRNg^FhHiv<?#N8^RNJt^fy;uzH9s%EF zU_PKr+b&kju``qdZ%yNQGWxMeIa8&nC{0E*NVjwel1B_Gy6kzmNj$PvWY1?iiVk~h zd|S2398Z3(KwMpgIZZ5HQ<=?zp)@)R2GCD6!g1s)ODtI|&*d1be3hJ3sG>_Hcsyw? z{N6%s_eW8-@{uKZyJX(9h!_8oP-TO=f;6N_d`WUj1uy?Rg&MbJ!o2KJwFO5s)}Jm2 zNrFUCvcydUV=PNpInY#9?zG^am|6ZGXRktY>|T`-3YD(5!v&zoURd8TzIO*I8Y?eu zlIfNMybV3Hucncwm@PV|Os(mHZGof(w@K|1!-2YvjAWo2wZpQ*-P2sIu%`)P4PQxc zQmx2T%WJ}~H`r&B9Fqy&!qq0<>=Qp2nLkS|vBp~HpkEnQ9PlePz{f&YMyd?FbURS8 zDw}N2+F2-1fe6Q5GNL-Tnz{wxYR6h>p+Q6CX&2H;($oglO3q!>J88wUcWK?u?upz` zSuF2UxKfzJ*%h!%ZKj4DY^uAEO(vxgq$L`Aid@Y&<XWu0A3VnM*Zjs#i7Gi;p_%!E zRVqz*o5~z9a*;frG)7lj2}){Rif~ai&>9jbusi9kjU)=y$3#jztM^>PPh=FOTk(|M zAAOhiYi>7V**%6_?h}R~VNIf^+`ubP_0!kn)!vkNU2;<?$ss`#pWAUz1?l{$29a!1 z-bX&H!v;=zRP4!%$2!O^W|RQ|M$%r?sEVeKM-21O+wV_4ZPk%{0hte*6%@JVduOZr zT!NSK$lsb%?=OO=w0O-eMgbzM9}y?7s&3bmR@dPy(Q>Xu<P{s6uRO)7?xG%AS*r5n zn5>{-s`K4NRhID*UsF|c7AkLiUzQ4mnK*M7^JGi7cuUm!qXKno26vvFIwexilqbc; zhpl}>YLw5Q2^5HAhzK)i2TF#U!saI@L85^?HkRhqV5NO5O`b(|&mu`M(}S_e0Xb67 zvS5SW{L!)o$zlIzjLJw12u7}b=U)LDC!<KLr>BDX*tN<imQc;21$`d65|5#tXESFr zLcc4tkV8=-t~;0V7p<Z4YPd#&<4L-z$WSwOz_jsYNw_=0B~jJ3vE@rXKy*!Vb}sJN zS`IWj$o<EZb`&E}Ln7(u*LVu0$TQ8REH2UR_%^h6FiV0}Ta-aN9P6v=)%q(1tBb2r zR2l*Yq2;CISq&<b-tfAa{>a-LEkQSLq7&sUpCP+|t`oDUQVf&dm!phf#x;q&sz+t* z9@ooaRKg6m(T6)-)QK3=e)u<t$FUCQ!N5GlG~}!25XvP{%rQk`8>kpmt%Y@=Ksn11 zn+(o{7)>izl8~;lD!4vYkW588fyXB<fqh)aI}Wqy6K2u3+^(IdF?h)uy^!|aEunH! zV=~A^3BvLSRTvq%`j+?12@5qh&H`%`<_{WR&eGJ!Lf=t4bzAXRyGRDTU?Zq{qCs`D zGP(2_n-QWW+};(au47{xQCSg_WN|3|ftr@O<;pTgIf){_tXNlRO?><Ny;dVN=}I;| z94>FjReWV-CUl18h$XcYNA0`9aXWlGqQ%8#QAWiAaWz*6Yk)Fx)N2^Y{Eu#ua4Anl zbbhoL%Gd|&nnHSfI4k2>>N+R&X(_wN!?L8sOTdY_U(AipK0z{tz(7aO%`$oWLx+OZ zJ4lD@a{HHqQGxhQ@$xk^DI_Qg?`sG<6tnO!CbAt$JId3Tcib?nfo1o`%)-P9es3+O z7ycEr`N24p*8NIaHPEJ-l6ae4X}wFG5$$);um>YtLloB_acPU{<!}>ju0(r3zq$A$ z6sQg={9sBU=tWVA|6(9t@Z=v8Zc>q6ZB75Z#Mb1un2uG?^Vv6}W$cU)p8%Uop}7Kn zt=aW!lW7%$XZ!`e#CWkYebqwXSozT?wqWApB|>KS8zmM170tj5bWdw@wumc?y8a42 z45z%d3b!?jSn~?XAM}jUb7ZtI2pfE<bwL_iYumd*@+u-NacqKqkR6%^evOso*+5?z z<YH`zt#eg~6nQ8m^?y{|A<QR_Xrzxyg4~A5ou#TNZoNX^ln<jxE*E9iaQSm&8qKGm zLCGFLW~sV(+MLO(!flu~1!)h#ZB*sjXw@VA?mN__k=hvbAF8TKl6r%BTXht1?O*0M zIv&POTYuzMi&ibobdUcG#a>qI$lD%@)`cDSBHBCo+HwF~+uQdHrV!nNJM%Wo+<Kh- zalk2%sMu*P3HGm#LLG(rQMMd|A6z%)VQ7y?IH7dx0U45MbYkAPcZ4Il5yy^nRTzvq zVVJ`I3G7RSzXC^4StTQ;l5B^$Cp6m&ahRz)MjZ*Y(_ChTNY&Y=+k-Pkj^<~jb6Al} zi)BT%{d*;aW5!1;Q%Gurc*5OPZQ|Siv1UXly-Z(KSub?En&fF)h9hOBEbBk!|Ip;J zk))`}MAXZK{}UjfRN|{3O@zgUAGLJ#6HdS#_X{2UgCEl|fq>}+Q02=7g&^7w(9z+c z3Xfatvoe`oOh2J*yZt=~uumdkAlRG}!iCDL4mkqHE;j20w|!^i#k0yU?Nq7?c}bQl zw(C0xhd|<dN9Xg)^YeFkBwgSvF$sSm!WZTVbq7}vlG}Fz&SgK#)X(n;^B!axZ2zyZ zpt9ng5#=JgGCl9E{Ma{eM*vU~AfQ}aZ^WcKwmbw7x@h&tihAYV=I(7!EBX3x5X?<4 zYs|GDOk2nx=!f@hh^d)`;D$|W$)6fzS1O_{%VEcok;|*yF^ZRO=O*R*QgaXd&O{l0 zsTG>)aGWY2SS4gFpdC;qaE?}_8$h_vHmDO0O{|GkLR=smM+oqLg+?VD4|fUYdRN3O zjhHnu&<pA02?B`chDa~ID!fav`UUV69?vZ3mAyHobu#b^=0bID%G(aQ_VN)Q6Cb~= z(#@83IN4mAw<qHZZ?!W{iO~pU#d2Uc{4NN^FXG&Lv&DgLAc#Hv#W`>rkiid%aQa90 zGQ}s^+#gxW8--37I`O0E!&~{;rUxgA=5EWELh)bQ1xA(fTB8$(D&;LzD;P-zc#DcR zjIf*5E>hpm)Qv+WNAkQ$Y!})ZT1Z7K-xRDBrPYbi?7(hzX1#s1eD1~INxb^l+Z#|Y z;x_rI+q)(lW`hv7Cx_zu6L>}H4gys}(Wi*ql?D1mdP*vQ0X0tAmYbAE9VmQ_rHo6z zA#n={#U~k<O?pbw$AdgcCJ=!-fpiWfN2S<k$$CL&76$(SLy`YdFOOik7{qoXkZX^) zU=*&<OiGfNgkm)9SkF`H<*rf1V=1`j$io*_e_*f~I$#eRKLW=UZR(5(!5Iyr&Oj@a z73B_j2WyC`5VXlj`R`F~*3XDj5B*m-ynQU;80u*(Vd#kiV!j&a;o#{w7(TrC(y+U+ zz7Zkbd&D`a_o1k^YFR^v__La_D0CrFaDdrb6_-_T+KaF0_a`&+>BQ5cYe#asZ3k_R z9h_f4P39%!$8+bz!kEtP{@nej`)xeWq*R^~Z5&u>?2%EggkQ9W!Rng-7LCCU<O^Ry zzvq>U-yYA=cQ01H_&=1}&385Gp2X@GPSx9;?#slq*5=HSn6tW5F9uQCRig5;u35y# z90~P>r}Zk9>rQV&_w_|~;+9mFrI1(E-n}f%82XF!4(^Kxhi<Y{j@I=c<4eaxR%)k| zk+zXWZud1XY99efSYh2j)_IXG#`0s^$aIblE)m{6<dv&Up=*b0R*O8h;Kf`=vrrSf zO~!NyiVGE2;&k4^84H)Lm`k2il(5{m?=zW6hNy9Rs2Nr5Jh2JY2VY`4UqK-QT9R^2 z%JOstVe@!CTUj;*Rqph?XgHAGC#W4*UnZL6#qT6!KO143>~ho(D>R!elNg=gP5fTX z5Zht3)c0Y?h=vL{_-8aJdPKu5`^=yt4C^*p#9v;+DkjfN8>APn85Ok>n)~HHJgX3M zLexoD&5hUtMlY9Gib(R%DqPqi9jb5eAJiqOpXpiEHRoi0h8lVGshPsx+PsNNPKg!3 z0qc+!@^62L{RH_~viZxsxw?w62*kP6qV3G0=@C9i^ynu3%GHMPB-6{)s=c}Qzjkmr zRaSO5I;rGHLvg9(OiNo3&cyQ^j!h_eFa_ERA8{ri8S{*jCJ&tnqo*pF5UuShYh;mX znOJblBoLUj7v~<KyO76boj44;Pg0=p94C$*{FKb<?!6>lM+CHxKeMVvwRYgui?lyg zz;j297T2`=`TU^Oo9JqRPcf3lzHL#Xve~9Cw=(><PmsO-IAXhk&b*?=?$R=0qp~06 zC}L@Qx#G{uVF%+-&~ZnxUk#&+9<w?gjx}timE+wC3r6Gdn01XIn;K)LRRfPkHjJ`T zt<~kcfJj~gRf?NZA<$F{*uiTgtiurLQYeMzB|FEn!D$0d^tZp^y(*=t@G?t-w=t(x zf8kJu;;LKn9r*_w3U92Bv0InKpk-w%@Moo}TMf9^Q$fXQDGE@fYPBhJT=DmG55%f! z^=P$9cI7Y2<h@4AWG3&ot9i@%mJnKr^uJ}y*p(!6LiOVc>YM>8j@tYrmA_3~Jbkk6 z_-}sB-F3%g1^!;&kT*nC1y27eZL_?f@(g}|O%?oLs55jEG5dwFD)Cvw%qXgD-9un# zqHiU;Te0LoT@$5p$Fq#m=}fLXk07n_?Hg0A7^bpxW@kwww>RwYCLdex1awToND$#c zbR6<;tM)@Xr{?AIMdX&KP_kBKxg&)r+^fJUghu#U|G?j&kJTCbf*T^h%soJ4?nQ%p z;w<cxmBayb6)rA8<dzaQI5)9z^}^va1Yci41#J_=YOk{n%5I!f-3exLP^|a;CZWn4 z;c(!~U2PjdEdE8Y4d___yk3mo-=!{qJGPt6AIs66(WMU8mIOmgO$a4x*Dlbo4YS4{ zjTF-+dK<r+`JM0+(z9JpbS40)As;Tca4s%nM`Y&@7)#&Ft}Tba^&&qI(=@X1G(m52 zU82>ogtNh8EoA^ijVP9T8o1aP(fP>S#vZRBg;l#G?opTm**l9PXFe8}KE)-8(U|c$ zQbxf-ffy0UiF#1sHk`p~lpLrpbS+Y%J=?qfBaLw%WLn_GSpdcuQO(WfJAi31&0iB6 z{Gi^1^Ak2FBsDyhM<f-7JYW8Ah*crI5O#Fv8s*i%>VwWbRyR<t%O<n8OcSu8JiQx( z%>ex_0%_)9;#pAueBs1d_hxe50G8MRGXZ)&z-{-`u7L5nnA|h^gXqWT+b)C1hoX?G zjfC%&@AFp<v8i^sFxObjA=*7#b&=EA%bC`u+nd;{o|TrvQtALx8=Nm}E)otE5%Z`? zQBW0G<|y8wtz%M`@OJ4@Qx09eSsT19*^3eYI9J1)!Y{E-p-tt%SI=l?!Kdf^gGLi` z3zB&jf4T5+C&<geq}v`=cjyGPO9a%Al<HM{P{=g#;<i0tQxu=DbBv@2!ptM0ON6gC z>Wco*4z<>%A|F1wSY7z2Sj}+uUB?rFH*`kok>njLb?j(&;#$2X3C4axp+aVp%{yoJ zyVvYt<dyQgU4E5rlj0KHm*!KOqmt3WZqR=(gx=5H_O+e;BhSuh=NVwHC-;c(H`XiM z4G}PqT<}=^N;CYm9gF_LflEQYsKbUOOCBGk!0a?;*pN^qAhRv)nm|zAz%L4)m*Oim zoi}NEu55xYGBOX%g_k>F!L1Wfzm?q-1`zxix8Ni(+naCS+cd68w>nXESh3&W4Dky1 z;C(@Vp?V?XQ`qk9e8b%y`FI=q)b?fdqyNGG$(bePq3<eWG*7W$vn0;oHwb5u&??Q& zw^_Dbx?TcQSqWV5z{>R|g7}q)$vR%NTV6x8WuxC|ysADDuRmy~&Bzp*mpiksN!L>F zvZ$#Sri)V~NbS<x2<h+(-4y1|M{KevN}2W<a&fU`kjLx<X;ArL%058Y+tBZiTCtEj zg76kH3Z#|&@c()PQ|tX`KiOlw2A#Wq8Mx>QFiu!_G^l~E-Yxwk%}3(d<h{jgP0&V= zo3;Eku;Z*X8%s~*HA}ykD0t6_F@&)%H5(b(-nvJwF6akQdWUNl+Bxd&OSB39?^m%4 z0%5NllUzF=t44xiW=_OAyd(iX?~~-xt}0QxAIid>+2YvMa(Y(HfED)u?w0%oCFvW} zCpvRD7tJ&Qo(E`UKvW$|2Vn&==CgK8a914U@Qz}xv-$|y1L62$wvr`ZZX>GHi{L%L z(H47ob<UAav@<OR-;jcjdsgn&Tp;Q;S}#)fQsi`QaRHJBRT0t?@7MPmAf18Y9dQ#+ z2U1P=CioxCk4<D{KfH4fZxy<8EEI5|4+h8vM4EjV=7-{=SQe02gaaha=B|QXFq*T) zE^mqW;_7n^VLpfkf6z?@G@PX#+0C~w^1`}tjtw5Ypw-?Or|ps4AS2)D@^$90ZNX|@ zKqtfba9vP9oP|^SojHE-&qL2vJRRWwK3r+rzR1g-j;`5X|3J^jZz(`u{o$|2{+glv zl>8?DhFJ|X^W}ce)N!|c-W@YABUq&0o5O;>6noGtJIy~#62-}Pn<yu|E#+V^e^UZ& zaK_$4J%Z1RKbt#>2JY1RY<ko_BipAaUYJf6#G2nvO^c?xRp(vik!BbTqbIwbO>Ow) z2NJ<Q_<a-@*s&VvmiEhYwZ{6E-PK~z?v)A>>AlT*G1(IK9m>1h6qx9(bUHh*!RaQ2 zvm?v05<!c~9CrAG^9wXTm_7vg@IaC(8IouQ2X^===fh1uFIJH?RTf1qs?<JQX@5js zl}(1{g%12|3m9Bpm<CM>Bw!8<ev`bqs_zB9E;ZSNfOe7|6Hol8N<=jlM=R-D_b!5w zpGP#s(Nl4&^=D${9pLpyS+nO@lc`%>(+9a@VD*Ppl>cUW42MLxAa{ZjU|<xD4PuJ` z0EG@5ey!InJ>Y=W)G6;PKsYbQC&A;~vc@X(OSJc<B5PRV3N=nw<+C;`_(&HWa{4}2 zRH>I<bt+CnthD)b4=scV|3{;c30}eeGrMc0Y7Ml%kbbZPmUpQgpJDr(hwJ{OFb>^* zi}c}g4S--swGpv4_u^h@4=Ic(_`aB(S5MGm-04m<Wx{4wkaqK;PUFl*a!AvNMfE#P z9nLsSIxRyT@6hPb5jC+;-nHYB#get9G)U|nRBXO3e*20sQ)S<X^PibU9g&DCNWs{k zqUs9&;Tz+Tl=~EU$6DLky>?{Y3ieeK*VF!ExkhsA`(nvsNmY6***e*9%VP1FRD&k& z%4{X;{{Un_o4;2XueEH_?9gr(pR>P4U(vi`eBF}WFH*S}{RB*4A~G~UX7tavm&Q2# zIYvBYBFol>%uc=R@s26b6VQveZ{-H;lwj0jP^L0I*`VL%wwg?)2$6dltSLrgjL@0Q zNOU(?JArMu2}ff8kqd<cE9l~^5M$lj0NY&8-pY;^F1^`*8dF9#uT;snDoFE6XjW*Y zBG)zcXrwIB8Ht_^Q_1+V=t;;xv>{p$OBfKuKp^1gGN(nj{GO#|GoOt_cqxwoP?^8X z&kRPijVmh5$gri0RO8JV>Pr<fiVDYBMV~iEtC_vz_^zwMt11>BzyIZH?&y7F?b=5k zxnb?pW_q0P<ielK?e2@d*4Ni}_|Y9tk{|Tlb>=LFCW}8_v=QU*6KH6ELmM-Y6lP)F zhW?c&2tz_!kRS{(UGytO_B3$pd@SMD(XI4u9sd)a=s_b;PA?D>B}WXZb`5NwfUvK} zBhiyRqKJkWiGC<sRdaQ!=9;3KD{4#5V#b)TIMw>HO@fRkQeb1Hu(1RpVH`+>EaN^> zN;UvHnx}9lVw=MN3o+kUmN}kS*{N)XW<QBF;_;+JuaN~oPfU8I>oVK;{OqH6eo^Bd zuT`VbjvY6yxQPC(r~G*RU2o;D;;);u*8SMzBXe;LrFaKvQFAUj^t_jp^;XerPfgX# zHnRg|wW`F&vR)LCa-|6_c2F}JgUiKQUCtD2ahcc(T@kt;Win)DN^a4LF4K*o<iE@W z%0CME%)tC*EPc9=9bwu(p~+^W>V&f1Vx@_BPRd4GDxK|0V|8roFb>TehS5l8Bk_@} zYWwSEW2c(U$7WL}lP6CUCTjKz2Q~Y(&+49YYNwb2ruvj6ruiw?+OAE##dg5<PWC&F zv)QJD#wSy$%OL7Bnj_BaG^aCL=gj5^)nz+5vrCN72fL?Ri8Vs(PcS)w3D!-h$uQ`+ z8wMPAL;rC%HyAoIkK_Hsjy%~<*MkHiDUnUqC(1A$UryIip6;W$;3iwU)I-|*$!Ro( zQt^}6=|nGGcKTfNDXWdy116hNM)^~&7oTR1dvrnk$jW+$=oE*DE>ZI{d^yqLLDgZd zM@*d8k^nT5<}2~kvaK~cv|2NDMYy7#rPP#WR!?tQ{PbGKTZ>SoXi|CU9$zsU)VOhD z$KbiuXorqthdMnC4GllM_RC_LnfJq;XLjFx-HrE<-qg>3b^Ozd9{%|QO|C~DEiY|5 zbi>o{ELifLdqSzlUj6XV#ytlf+}t`EEwLf`E}wyx=qH~JxFw8PcA4$3-3f#p8NUe& zWSG}rwwNp~gJD>@%gMWjIfY?nui0eJB4Cq5b_gY{k68(0_vJGme>9&xU>lG3*J<%I zF6Q(z;xo4K;?w>@hRi++1apSD+Pu-sS6eT&Ugh9sW-JvKr_Ik;ZN4ULqdAmzi{nRT zgVAJ8;k5+kBg_!kKUvsM*h`+7jO{U*(s}zn`XFS{4q1=V2`HY~Hpnh)1MI>!;2N-X z&Xtx+RI;;kBn7pDI%x-V(hlgP?ewX4hmU|y^if>(Cr`5ezHKAz5mFM)I!^YH5{w)U z$;SShVcUoZxifBD{?n>?#hw2r{^tHW;M^&8j82QHt;I~O-@L+t#Np{gGYT+wL{>5* z!jOmen#>jh+RhV8Ef(i69;qjn4l`%j?ap-7qMWKl73LQ)qssRe6^_TOh}{mw8SFMt ztx8+mPbLhES(uik;LY(h^tivbWZmNrTwio?n$6f5*|>Pomb4zvhmWl}vSh*h8@Khn z|H@NQa+Ce;P0EdH?@zmzuDQPL#+z@Jo_Ka)c>dgbM!9}^`=P$Syvx21X7PzfcnCe9 zR=qn?6IX^UL8O}ESB5P?q?+P)hYg8dwk0uh?FE8rHZy}I&J=?yJ>6+z?$BuAd6(0i zLO^TB%R&uyR6;dv=BSuyGL@sg&pnOi$gFXUO?9XiHLcCQW=Lqr_SA<{51U>wz3$NI zQ|&3kv$<45x-B*JNQxybB{eO@Vn&OUQ`yvV%B~cel46n5NnDI4Ej&5StQFmsY-Ivj z=Zee4b>dc$7r(K!*;Q+^6R?YRYEM|3eVb%EK*oZFd=EKG!YNODoz=MqTiqbLYsL$X zc{NoB&1e(NEUw<98|4?!wZTBw)}t>F3XJ>Eqj9PQG8<gk%)Zu2T!{cqb7~6S419Xb z7Sq!$PF@X6oMwv+eO!2{g-^J)e1=6BjmJFPKtn|9OZB9CIJ7`WPt#)5;+y@`^t+ed z*z@R?OSfF`$nEsib5Bmc`Hn+Gx9YY}etC`r#n7!!Kd>`Ay)1+N=_h?xHT8Y^t7q>B zqo^<oEiDT@Tqby-fIf5H%k`MR;Tpx<8{VmO_NY-dk4qz5;If%rdJ}VIEUw+F#>IXM zh83#)SQ3{YBh*HVonwtGB;gWV9J^1|kebU)H!=2fb;NWvq)tB{{|*kW+3k6ny#T~x z>?c)0Gzmd8F+onLu{I;ry7>I84v8=299GGuWj)hXD^6EedVYP0$#5=`9~U5j><CO7 zn?Z(UOv#wyd)M?qfuJuS*TeN>Ex$^)(s-q5wfWl2TOmZY@EdjOjW?S%ns3W|!TL<9 z%>*txm~f_DqsRbd4zh6901I~|EPQW+tMj0q=*w+%A@~Py`v-9Q2b>3gr$v_VJXi== zL<_Y<$Q?a}_JrrKCxT6TBJj3%DjeY=bYXXHf+;t_l$!|Tb34-$;h~f+r_=Opqn}Nj z8uh5C0sANYC#T<G+r~Gms*Jt7#ZOBw<U~(~ol-Ws>#!u{vuvb<_r%GrVUl`!VkfBi z%9XGZV}Wke+$i<XI2;<=1?r)(nKd5OduxRAhh{vBFp1AMc1%0~NVsRfn$)!OXNXH1 zaG=QI6-(bec<93=%QoHC_vx#z_I-NCyp2mbHr%pc;pPcbw#{0<`_UWMJ<K_V?O43) zwG+D*+%;^()0+=O@oG7=^(j){aq~@c+cw?&WpvuM=??{O+_Rg#W6r@S)+8KP|Hb}e z>|DwDTe5F;(6!lX9durHyMrz<wWiQH80^t;DOD-dk)_k}AP%)!!8|ODxPZO(dp$Xx zQn$ffnv)}ydOR+;+;xTF^327#;^h(sdyBo7&QUi3y%uv_rQ&IPdq%yNil3IMR(#5u zsYd4r(A<n}$cj-FfF!$hiExUj>SNyk#BV)<>MI^sJc$mx?0BZk6sl#f*5r4@l`%SZ zf60SackZ<JW_|YjZwbt~sc~F3jT|M5a&3#JO_=x}lzj<&6y@FjJkQ+s>}2nIlike; z0TPaAY!(r$BA3cSkZ7!;sHj|0k6L3@z@ruITdTEItVi)GU;;$&)s*tFw(1{htp}~g zYw@fouToSXoA>uTGqc%L-?#mT?96XwXD74se1F&X_j`uM2fuU71^2GIEBNBxj~?p& z<;s~ScP}aZl&}axgABuW^4l4aG4M^~-b_w_m-@0INIhDX<%<1$h0J+!Ur~}=*b1C0 zh_L5r_alcLC4s{PRejq1>_KlQ*1Vl)c&DJa@E3z#isrdlRq(Pm#T9r@kPYuLygj0` zXIl{&CRjk+KlE9jD||_*08C6_C$(bKBJp(DY>lzbmln(2)>?L*^?UwVVZb_IsS@9b zig>oQSlwiOu6?e5ZpfU*>72o;ip+Bygn*JDijZ+}lAwu*VF)E-()2GaYJPYNvn<&c zAp6)fr}^Pia+2qzq`(UOcqxQSlJ;Q%BaF8r74WSVY%R?!64_H{bGx~>ICdR}xPF8R z>TGR5d`n~3X-Fg6mMQKQ@ik(Ph{Ye9ue=(j#vlSO_zgpF8;w}|_XE<}qx(DdQJn5y z!;fxk1V_4NbeOIklBcb0jkRl+v1`{F-dO{Dr*BeEo4zSIXMtls7R>MCOjZ)NL*l>; zed*YW<;30o??184lF-kNEoe(5i9wtMUld`uo|cXdnwSCZYfuZSVKZ!1hRxRsB8yx8 zi08lY=-}P=y^j9-u4&cr7JmETY3Qla33vgz<H_&-@MiF!cYvOM2w3(p38n$P>2P8I zutGgyb2x5VO|j;@nicZ(vT#B4GJdJNLcNZ^P8Di{G8?XKNCp!!_<#>8@czNqX_i8` zD9crLvZ0~Ao{1-tFhD6ta~UZNpDmR?8?NvO;h{sYpL|v+hVz0(T(HnT^j;xHe6U~> zUn>X%2!ceeRG`ok`~;T5>A4Z-%~hN?S3a**%;mK>Ij^RWvuOm(8abC1ZGvlbl_2T) zlBA+hQo|@F)0C`8yG+F)8WvE&WhoB#QPetu;P4g-<tn-wk6jop^AKI_gRpF$Nw;S> zxq|aEoR-21#uv<DJ4wGu)(Cln9r8Gf*b}nd0KwOmCAN(iC)H#ml%Vk#MTqBG03j{D zOhwdh;2M+}=VYDvnhd<>*i4Y`!1)c&uQ>1g8*ZJ~^P5{rKSsx0JL%-<(|&MI=`ZNw zGxJjx9CP|lZYe#^Z|{6^(U}jm)IQa7{^stn?5V!sc{5JBwEoC?QJZwpv{SDjS?GB~ z@AIp`lO#|xLD!aZ@P!GCoKTD2n-2<S5h=}#)6Zd+GAk23%=L+N%+L5o*$4F}**^Vu z`W|Lq;`4;huoJ#Sf^87$d=2q*>O{ThpBE@b7V{S+uCi~of5zTr{4Bl!J%Bg({%lk+ zekN-9ttba(>dhzW+Gw_$u4}VQP@q^<Qe$IDPPX#q$xNQG(9u-L8}yJj=plE|m0~EL zmJrxwx~Uf>iWDi5JZGW9{5E#c0feyx;oyE6JUGq^-XgqTV<TD~D=6gu>ozS*<6`~n zxV|NvtW|;V#1f5l#>ysfv+Kx00#{R=g)y<S;K4#-p7=8y@Y}@qbA3CHEB*G}{iRp$ z-iW5`{3~iY_L-KQKYsXc3om|e_5JT)JoeKgzd@J0^e&pa`R(UNt-t-3rB83$QTp(v zr-*;Q2YlE9(0dccWhV9Sb~=ToNRD>;tfa|Ep%Gd%l4<p{C`E3Jj8c?Rkf}<@3T2+d zbPrW3>LH@3gyr2<OL4P3%L&;)sjPonslM=(>Pt_llHZ_I?q=5rO&U99$`yqPY)q5{ ziI+Hu6C&Yg7z?TbHb7y8K+qqo3bI0s4P}sRz#=TgGbpI|GE5`k2OHq$TGSQW%vj&7 zYOa=rf}x-t@MF-iTxOh0?bL#1-Gjb*biwyKSFV_O<!vwCP}+>zZhLU-)EPfrGV}4$ z3;gy#;*{@{cJKOCsr2yK;~t+dcIt-@z4t{!l4R8vgC0EzdXz)IqT>~f`C|dxU5n0? zs*ufQvrNVg;T&Y$6zBnRlMoU@NrQ!OT}CKho6C+E(QL(tX3Hb07qe-WP2+TJH)gSu zlDN*Fj06aK=}1uLZ;-!&m-p17+JvV(32&4WW#via(+X0`%A-*FR*B@#Ib($K%&@u+ zIYT(ZqJv0WTRD4z@q=xLHfbZdD~#m{Tum$<jYs0FpyjPxAfL)hIWAw53+sst6Ev$b zaIn8BEy7kcpUa@Q3WMtR!6GSVGEA0*1#K*W!6oIIvco0A%yh-Jv4w0lV?c&aY%D?s ziQ30)TO!DIRh1E<s%x+#_!l2#i;4b@&-q4Za4;l}#-PH2D1Z`kpu`h>>?!!-TT6S^ zzgD`puNTe!%e@HQp5K`H&eltB*!kVeq%{cN_Wc9j!X1yH!MB&McoLoY+AC;9-}(Lj zF=lDcj5*iOT6^!V(w9AFPeeYz$OE9&)u7cXn&x<N9gq;L3bb-;QdZV0dlanj7^@PX ze*_ey3Mfb(6t)zlv?zkt{e(gQgwF~pb-a`h6bO|Zpw1Uj=iAkzBOR+A4pa{Zs)K`V zMK$fR`~w9AF6#eM_JT^aU2=Uyh0X^Zo!8PjO6#-rZhfiF9ordh>{?c)_scfGfm36< zgC;No9qo|MQA2<rq+%5q)q=i+Wf=rvmBeGJ#vQ{k6`?RP@T!6313U5IojV5we*54< zc){UmxOZ>{e4A%LIj@C#&Z60r?ZV#oXFUOn?u}qUn5?_u`d8%}&Ui8$%4?2cWI-q& zdc+wIdZ;UJEyATrm=ryFCmlzNAH6ND&U(}sXI)qCtZQ=4I+1kN;iywAY0$0KG{27D z$b-IvU%Hi9&un72W~RW*X5L~BFua|Ho$DBu9!`gz3A<zVu{UO)cw=^`U^&4$9kX9@ zuXI)z<tYp2KhXmbc~|GM<?VyzP?wZosEaJexxHXg=^(gw|Cya6YK8j@kt%;G!8Sgf z+P@@QJ+V!akEvD03lo$Rm3i!H_ElC~rM%9*4yK$~C+dRg_*=M}_(!;pBwpdrc<vRB zRB_)f$abccO_K$L2fbRGP4@P}w&bokvQE(TK(8Gn``;`~iNN2?<&Kl&NaQ%KAsjv) z!cb9GWJ%#!j!W~3pXXr<G)I7xMNkxm#~cC(0KOC!tBB$H@i7H+43F0HoA?3#ZJy&# zmdHMJjEK^Zf@~65u^+GQ{a-Z+OsJav{|!Mu^Sq^Y>;{tFG!Fa6!LDWdA<rQRczZih zllFG<0v#YZ4yl8{I^4*CAWBxd)D9U<7&4mJa7IIthSw%_I@}i7IMA#4$gMq42!SA2 zhObq!469Wpl41e$+<v~!#$f;eN(w%?8t!pZq>Ur5>R20q@6D}25QA+383NUAldAn~ zT*2Q)hGa_)#6Vj`uGC4+jFv6$YGg=K6@ya>0>{EoP%Y<1Xn6~`lol6jD1+cv^xd%& zzlOxYyYLT&n88B_K;i50tAoEjdMAGGqY~#}k!zrR1P@RwLM{dtmS?0i$uIG*wurc_ z{j4{5Y&n5o|Ls`k(AQ!e;hSQe_qv=Ahp>wb>qRE?Tb8X@0KU~rpi7@WPNIoB8AdSS z8(6GkwWJ2sF+3QA5&S#21IHLkhVG+oA2c2Wp42bvh@{!%ZQj&anL${RRfCaatf&I{ zeyT;jlM3HyD>+KF7}7}Ke)BKAZ+^6IL_Y%IOgjb!tUY@MNQtD;g$U#IC!|DbWCXfo z>5`*Mo-QSV_8KB#8m2>VK*AJbn5j_cQuK%niQM26t?}?kODlG(Nf$gs<;YMO32vrB zzBoA>73fKJ;38u)7A_WahW;T&@P><?mLUvm<H6>GGz0~ea=uJgg~fA}AXd1B!KUQL zF^OBHt=67{TdAF-on*50TuyH?=CfyTtMto_HM*o?UTV`P7_;zn_5`sY&CriGlsoZV z>>c7A(gyZdqF`gwFvjp03=x(zT_3|sAWGV)=BcQFFqR})QNfrShDFAy+wQTky&Z1= zw=(t#J}vd5v0F4*@kk_>DJsZCC0)?2QIWbGzP5o>I2QNA%0$d$1!9I_cXr5$E4CGx zw7JwmRzEIoOY_})4-cLMZ|L<Ae;u(7b{*_$4-XOmQ+@@uq7|F_x(I&TX%~(6FKX?l zyvv%aDeVHQv16Dry)yql84VnyH1rCChhCwy%JfYdyjNFgsPv&PHya9hleQ)6LoaX5 zv>8pAHoYIjiEYNXiB#M&3igh24NK?pWnExRz<&|z5-aG$p7UhN1U6kFhWvB97Gw;e z2@_EU!Uj}>e0QQOI%7;QG9I0U_#LI<#?pL#`;pIX`}XX+*`tT2anBza&%J#lP39m% zjQ<AzGGj0?<aoL1Q4{$szdsg=#W>F5{Ax&zaSw;K8qXSRC=`z2bfVy!RW&PAh|cHd z%k!+czO$+pgw6^Vqw``nhwj2wB+0UNQk4TEBECRH#24@)zOBVTJ}n~g>566<5i)h6 zuA=AaMN*O=x-61<8-cw@dKw7eMH0DDH4~#f36wBBBWQX?&@AT!W}eu<avzPG98?t< zp+b`)@p67WoMCsB+c;+Yb8`)3+Of^5O;c-CW+OB{XW5E=874E1BbgbE%O_e)%Q(i@ ziXpLP&OvL@gy+$;NBc@!pV?j7zTr8Pc=azRcEyLc{lC(y_z&n}^oyOP2mkt3Y5kVx z(1NE+UzB#ERut<+>W@qBIyp5r2sTw`!f3P;qb%}W<j2#k>HagUGyI&YB|$ZrP?+S{ zjAV}(kZ&wu_ZIEEv;&66;n9quM7b)-a?RYqf=%v|6ir7F{6@pNcgJ<_j_YN&qyI~{ z<3`<@8+Cu3zKT?OpJD!LnKLBraCn>*4YNrSwb{_XCv96|KprKbaAm?=j<X?WPGT6B zOvVRtIbFu}x6fE|d*>&m-<Q^+tDd^2>y)wAmu}>@8}_2D7w;$y4nD@BTdrAnT|g(S z#(fYYJ`N)gW~%WubObWCY9M<;d_n3w>EaY8)0QELE=9V`LUc#bOdE5Epm~Do33mU` zJH2+a71jrOt7}_*WIIvYYPoCEUBmmY^(OMp`*6JFuF3m_lR(HBC&y1tpQbL1UmRa9 zUv6As-k_{Cf2u!h_M0CV@0%9rPTFVseLmA?YO)=}nP^ZEY|_iahh;e!ibj&5r-ueA zn3w@42MdLmOf|(-IBc4RlpF!Bk)^qEewWM}KNq}SLBT@;P3$5x#S<u>+Lg{O&Guy3 zY;_oatqxa)SNPwBm+<wZ&V^SE2~B5uu_@sJD)YF=zOc*Y5Le)$45C-qXltgOJ5J*c zscsYGHCFyGZWdBdq=MOITF3b8V~AZx%cvJHAh3)^+I$du+VC<8@iq&BOshHtuX1$R z8GAyGkfgt$E{Q}KWP%ew)zrwicy=<!e<E8$!BABVI~oI`Ybd&D;VyF@zG>GBSN`Eo zGwSA^GIVg~+)L(-%1r++bl(kk%>3#7r7`^WS<hYZ^H&nN?99tb%h1^CZ<(ZugO{-_ z6R$XNG3n7;IP^aEcm7Yz7<MwPLiw0l&u+jl=PTr#C&PGI?g&OaAqv9e6g^I_VDGgG zS*?)c6>`jzA-WB_fWV%B9HCHGJcm7pTfwg6xLoacwk<w|JxM$zF*S8Uc3SOeY^S&| zF|Y2%Dx-!_OawexPsn*f-V<s)p@!nhIoJ_$o{;y1T9T7aBT}87&*Cgwo10*^)|`-= z+PolLteKlzqF$(9WSr+;6uv^eQoqu?+PW;eBDb2oNxf0O$^4;pL-xAd?fM<&9f719 zc#g{C?N~l4=j&0PVd|qcH*Rd6Sp=p>A9Y3S#u$#}g8HarZ4Tx5AYUdw`Q#`$nGCYj zRS|-y%VDy}s*833HSc%+#R{WxSwmO(Ogxc{Nh0JeSU|aKHS81kWNcKlKy>I<u=V?c z%qU9r(eT?sX*3&kqorsa5>P+dRM18x(^XZ+&n17DCn~LzEpjRF4NjIvl<wsU`ydaO z?&UmFkLrn=Hw-+to_rsw!u8Q{8L!x$@hm~ctH{GWLV24|1msh;X94VTJ<mR!7>dYP zm;URTu@7`>zvc4ho?oXVI%zeu2D=*fk;OrBr$EU`p^el)IwANYeVyJ9s@$L&AKQjv zXjCjXil<4@C^eX*-Y3X<l@U-^r$Z%)TgJIGZMK${;AxMP%en{rp&%Ec`Yb@?kYBh> zKkK=xFMZ^+*$a;?Etzw{`QQKSKkol(HNV|_{NYXawM{~=&+oZ%^^srvuJrj`=vC{I zAI>{|#R*f-uL+&qIPv~Pm;UD53tqU^xcNudo-wPX<)XS{x2(Es_llJtlFV!jL=oFb zbs2?dW+r$hSM&tI<CDaH$tMXOpCtYZJ_+nMkCOm4hCWhG?#C;7(@wE;n~+Ahne<p7 zv<0~g-UkJh+Ih(}@}GGb>pPycKk8Zcl9LOOGfG?Us!U!<ufH|8uj@Tx&z-noBpKAl zNCJ!Lh_TeZjw1nf#+MnN31ob@s+8bvD#dvH@y8E;PVSuy{(l<WI|YJ$a_{&i_f83( zQQ|;wjh!@t|2$llnGwNnB`^9}+1PoQ$3}Ss<e`ts_Ez#_NT2+={<M4E_q?4b>()Q8 zCn!;`<WCNBI|ESGV-P{8NXiQ~4}lboAr*#~B_3hE`HdH?H(vC$v@i~_L3(|%%{*#g z>e!sptc}sSwHu`y<#pPCc0g0p+H4JTSe3BbjwB;ZrJO-W2Q6g7rxjUFOT1r_cm{?Y z^L~tZ8UECVX$2C;MG{(sB}xp|wau1LkF-vLZG;LsF4VQ1h0(3}UW_r><4g0ic{~PE zz;*lpe}Ly94P4u+c5iUfz-6R6o4mrLj}-iSG_pV3(M}RQx4urw>rR^IA5P_-U`)ux z|N9BqMq~x)Go&b9?+qk<aP)*Z3+NmV^3*SyB0xCWS%I)hQ?ZqYJm2Gn2qlz3ElwiW zg7D<Q=Uzfrk4{yOLbp6SxD)cXS9_LTemPf9xycB_h^t84iN7GYdx|kVY{A%p+PV-i zDo|z)4VI5!M;zhd%^dFN;Dj=VQ~^8((4HM;Jpuln=g$o|g@;MA0-t7u>DPu{hCidb z?Ix~VXerh+d0)Mq54SNBz)DUCpTwN#JIOvVJfE58n{UqxTX#x#n%Ea66sSd)u8(Z7 zP&CpQXyseA6ZjLf>4DSv)3q}K=kn)j7X?=GE48ZvCLbWoiVfkDiRnG>aQL_ob%z9f zNtWYzEQo+U1$>UI8>XrGt86<E428pi{-O3>o(ZSPTC;s*U04v1<TS&RIYo>gAtuaA zQZf+s2LfSRljUT<2GRCurkS>Ue#`RNvL=NCyy>$v2E!%sY}hhQSq2!uHHB^4=VPR3 zC=|6O%V-XhhC4Qg3Baqs@MzA~G^rX#BK_#*%}&_b6^+aojD`mXqmjYz%&Ch`c&{9* zdISauQ{A~hUc1PQN;+fY3Sha$uy*Z&Mf)yKs$2lfO@O(tLMdz|3?A1}fgHToP|1Bz zO>hYlWB83;t-u$^Y!gJOw&h(;wR7Z8te|T)*a8?bgaeY>eL`ptM^~yGU8%BRRn>xO z5a~ie=$_J5zk4eiour`9M=#B)iH~~kx1~#Vl%B5@L;lk5`RzwLe)^NYXW2Igqot2O zzqyb7_2Fq;*DdKqCmy+<JafXe=o;>(7G33CgQ<Z~;n4I7hvpjDa<7vnl=TaZu=9sK z4dgg5<5jN3KU!h&4_8D*!`9#Q=y=Z&YyZL#Z!1djF)Vki+&}bwuN@+#g!c;u2wVgf zELq4TcMQ|&!)t|OLE!3OVduGesX=KrxW#C(uvmRl;CPN@1xb_zK^9n9(MZKTt*CxQ zQ3Y0zSrYUH$zC>%5twWwXsUp~eIm6VM+&l{$SelWVf5p0LDu9`3rdfIm439PpsT8u zX4q3_;ajQU-cpc3jr?9hS5T?5*IWnxj_dMqc&l#g%n)PVNL@Se>-()iXZ0TO>+K*@ z@)NMXW^`kt1ooV#eN#kQL%O9bSWMp(0$j!``lKXH*0}9pt=OT1PFpew`4COyWLhYI z7uP@Z=H>{=(S{#E@O2v>djhEfN!^qss)`Boi5*i<5;h89->|*+;bRA%{}^RvPd)xj z6n|%M8@`yGQJVI>@2yyeHXiLA{4rr0P9FMzi*w&%>X?aaHDw!`WL<8E=+TCHy`iB^ zpAeWBJEq~JhAzFU;X?g_hVC&p>8tC17Q8$9upX%MT3~AF96cgE6nUg>Yh*{=uE_4X zmjZ9pNhbtRk_6p85=z<jaF5-163@>fQYw@RH#Rl2wsCDuCvo3yDoUM==SdeduF}?M zzt_IfziRYNY&8&PHD_Bx<1+s6S@oCJ<NA2B(P7+b+-nRO{Jq9T<5Pn*c6e~#Ry62b zL4!p8Wb_Sk5q>gP$)HWghCo`9jl8RiMwn{amZD+A*-$@zq&MsYUW65BQk3K8hJWIZ z$3>?6U6`r0%D6bI)}L*i%|Iqn$sT`Mp`k}z;!7<u0)<^JlO>6Tn<jqj6eY79L1LEl zDv*BcEa7d){RH8!Bu)j1UU1fnO0)g=jDk^HAoDxY`7!y8dA^PCKqOy*^zju(*x`B4 z-eP_%dB311Yg)&&4Yc9)ZKy3oI`zrPLz2gkhjQWSW^Wc;v*(bT9baAW6`Qlq2)hNG z5;_Dd_`TTF?|wjV&ojCx7?hBqnkIxP6GJ=A1<K3`24!Vv6NNB#(s0?EOl)&9r^ZGL z!YMizalgl=G*Y&%@!fYx7P=1-E7;uU%<3wCc$t%zdNWfP%AwGi0L-%3Him6%)HI{M zpB+WWym+m`j-xWGhC`va-<gdfmb)Q3XyX~31wf`bk<5waRTJsI@vXH^f9|(1O|*i6 zfIk?j$+M(UH$a=6;UKpC+$S&G_|%CjzCHe;z2~ErscWyfBC#oa$(|e6J~G>qL)A~k zL*LnT>B4arU$FR>`NVZ|r#*VZ%xh=*4LzF8DVK~ou5(#<+0D}nXP-R!@&iY1IBpVp zqb_dM&1n91_ZhQ}`!3Pr)u6{IQVU}e*rs}X72-8B%a7-$@_a{XQwpb2)$x}2@$sdp zbt&PPs`g-e^pxN!(JrY=pKo>r&x~FuEzuX7mjo|~4y0b!_J;OG-l_UH^l{{GiMLZj zsYse{Hk<up_zttcpJLAD&*S$d{=pr#G%H|m0%l@yaFt3RZm6Usa+tUYR|IP1_Q*nY zF`V6_B1<i(-D;1@Io($()mb&{*4qww9OeP43#vDfS0$4y33ODN&J!r9E5YEoAoMvP z+*<UtFt$g|bGk>)Q%xh=pu;WYkdt*Md`60F4&woY)}i%i6FPvn6zV{;5Q|6}NR$?l zX$%RXUWlR_(VhWh6LcerZbYhQM6KwdL2}6`Oq-c#b0>-<Pn=ju5>ntUcRGgXzI_1x z!I26<5D&k!dD3wp%a#M6`;cN80os^vsGJa^jroG;Ov!F+^U}>4K=6c?aY-Don40QZ z)*q_qy&v_fzU7<0vvFCW^x1ztbrEizd)unV9=vSTWBm5Pf809j)<3K$eOh|u7wC>> z=HC3`^Lw6s5n`IzLm#mF!EZ$I*-o|)8am)bB8t}xE_;IM36>|2A*##<Ta9Z>WD@f^ zn_0@R3}?qxF&yVqWCTQs+-s5EYmv@V5iN4BMXL2LzWgkuq^w<C<H(E7=#({-ichJU z5<0Ewv`}|dcj#_>H~TaF0qcRNCg~C7LVN*xA%B^+RPWIr(zeK3l`WbU)K+VM!>mz# zmU*dpjmeq_+(02ehW3(l!)2{w)-!K22Ovc^O_dqG#yDI$ot!<K7<n)^i)Pl4sK2R> zF|^8fu);TdQa+5ys*Nd#R3IEL7>y43Sa9)-3hrG)6C5j?hFuhA1q!lnQ)opgv`&f# zJmVekpdE0HccvJ~?iNu>>=3bN(5jb0P9RdREPB(|M9oznacr!0SDEZ^U|7+hwA_6t zF`eHwsT1B^evowiF8A8qz;s$&`{0*yTmab4^7LfVLu!MEu(>crECjDMHNC1>?)R<e zAqA_;_*&^a@iLi30L->;PJH_7y`?Xfe|Y2Le@$(ST(e;9BM)4E;g8S_p>4ZS0x6Fn zeC@{jVizs>?Vn!R`2(<&(*U_|Io;y8idxF=DVWo9daHhd&X4zxkI%!WE2sKTi=U6r z<rm54_`Bl+sh9abSG^H=x9VO0r=h<`-lY~Xm`XK9i5Z<9B{o$YjkEgb;4yf-J{?ch zr}<Bc&r^!}`TD!U`@zHLpkbi^Yp9k9mQodc446vrIg^zUrm{SvBHV(Q9mDZDlk=G) ztg88qaLX3WoMr9tA<I|rb^CgJU{{H%IM&r?6Z7Sx5e%`jK7lBfk6K$F?TjOs@EHUX zKCeT-=XC=3c6e6@hIOSal_xuTGb0_8Z7tea(c|SweTpFO*y1zdZt*Q~NaP6mW{Iqr zq$*4U12O5SHbo>2&crB1WF*--yTVQqYLwEdWz$G^wo}#>>}C5t$4s`9*RY`^Rqxnl zmKaG0oLMj_2BWBsrBp@Jv6LMxb{j3PX2ug24?f;O8)>PjoU}A)(XMO$eA$IBU)Oy{ zbMIjKvCCFHxZ$eH?^}J(El2LZ7qK_ZnT(CY)3E)*AAa-f-WPTe-#i_Ba}sQ201y|X zhzq5dcmT4SF1|~it1e<M;xCmKsZxMMfAm&^P&k!Hi8xu-+OPA6{fDC5So@gB*!X07 zMs#v~j=eB)YW!^b;^^7&%Z1AWhw!1W#RQS5heET1-NB_nHW)Y8S?euqSzIixh|G5U z2+>u~iwzX$P+MSgeo_T?j5JFh_`e@Z(OV1^bO=c)L#jLFbov~Ck0@Ala#Fdrp>>mv z^k|B7o#pbaWW9}qohg(G?(hQQt;JwV*&htIRZE_qwz6U&+tBLa#e<n^rV5Qk(m+#& zP@F=@F=}xN9@=C{AT-j|b~Vz1+&<U`a5_ZUcCQ9cn)=+SrtO2voJXG6-ZTZ;j}<E< z80w;Wz#H&mTw#FOL$Z9%3KERzODx73W8o^+Qn)JDyeTni-W1Vmkw5FquI5HxOLNz< z3KQql^8I3lPK`sEJPj||Gq*Q=^5lo5Pm%wxe?|s6`hoJq4d>i4xEIgSCKYe|-ovOE zy1x&lAV$$pUFprzS5|uC_QmKYtEVh}h#>Iz(j4|9Kwy$-!1WY?-Kxs_o79~D6m_a! zkQ0$albZK8)wHP-{3ol^{6%rTx>!A|{3BqDu4$_MR?W9+PpMtkw7yB4keN{5(KJn+ zmYG_Adgk={3&e9W=hSyM^)&6R{UGy6&8M}#P*4c;<IR0_@hXw}P>cMRH{JARky`~x z6u!D(@$tB+Os$S<N-)rpYavfbsC+WQXBCstys4GhqLK@T_k@rYDulX2Jt3~Cpu+Gs zQTrC6_AOMlZy{>mLP7c-c^n6|Z{#R}Y&-TX<aBO<0H*kG1^N%We^V=lR+=csRHr<Q zraar1a$EmH#Z>kgbGP}HIb?Dvv%{PP(SrwA)3t%4izWrE86|)<tLfz2IJqKcF1JZ- zo*8LuTA3kcuW{xuW|z6uB&*W$QPW4Ue2C1F-set~-q+FYc9JXuKg%#E$TCb-oTo7& z+;Od%&c27cE(EITC@QO*e8&kG0sVkY0A+~G0H7I6Er1g{7BMuw#YgK$`O3MR=WSHS zO<8&M+OUCEZTicBOaA!7r>=Zx(O=d-{n1?yUH!cck6(HDhWXJsxpC(%n7HX?)c(eu z2;FjL&(RCN+<p0@Y{MT1o_XQ7&;FKFKh`h|OP(_5N56Nvzk^^x0wL0c`F4Tkj5%&R zJC)t8b97fA6lo1fKF#N6dBm7;Ui7PqHo{YC6{ylYuUV)qYB{;kGNE-yMguYmQa2ea z(8(Wlbm=GHkx7E?qtifW+8{^CaWZ9+=<|apqac&AAWcKa#1XoEXe;g1n;E1NxLYT* zZVDa<;-$g$!A-%TAQ!}b4@7<sD1HxL{+!cbZo%apAP=WagVMasaI~GpWwH(zLgf0~ zWJV%a#c*EFi<5FNn9>xOCOR_%C(aI6MsLd+y$17TjR!}f%A307q#K0rq7xMi!4PwX zpv90bnK8r=g6dkPkvw!JwpCRah2_nDc1+(Ap3Ho7(hsi%+Id!kuf|8=A_RPE`o2G~ z>etizF1u*<58ENp`0Vzs2Yx<y7QS!IRj2*v>cJggwblY4+DTVBBVxtrOIQB6hA=!& z6oknUm%cn&LB$Nqe1*(;a$gavUIyq1f+vU|lutTX5w{P^e1*(a)I&ITbXiXjJV6AZ z;!1~E-(i`rkhwB}G_fd8AmcnsUMH`YH^~F?Tk-)}WaN~*RPK@Qb$7ij56MbOhEzi2 zFe?k}j-dhf3=Kv0`-l;Efl~xA$1~i$+<I;kH^9Bk2?N{#4l`Vu+XGu1=VY*WE?0&c zN1?_k<PtbP?N@cUH7Yn2QjX-i3V|IrQ~GDXEvHWuBd}_$e3)3*^2&<$$e-9YPT>Wn zK=BlPk;18pJXs7NwYIOXkNf-X-A4jk{>WZXleOgkq9)z-EM-7?Nrls8#N}_Qfzq2> zj<CxChTsXjYu)2T!3j!*qOd?_P5pEJkig2`d`_poO7R5Q6IjBD(*CTu>~|Gx3+XCK zjUVW>YYA0;pbyqIPj_VKj>7e@N8mV~6DG<ha(qr0rOa2p%U-7JW&b9K4+*G7$cs6t zO_(Hi=(F@ru2YyVcFI?CSMYbq&k8SbuL%2u55+HpucUyjC_Kw@n6&oG5^Ttllye&T zS&qv&P5uhNgCiAFjwfX*Rb>>eADIQ2=O|HIEs?E2nr4ia(-gT5Lc8H^e$R@jnmf^2 z%`xS|9`@eF<vDUVhtN6(buhC)!vQvhvDA#w4r|7ld_fULh#N3lG&5yr0?kA;{l79N zo>%D^!2`~4qJO9HV%Z_mcmY{xxo8E6K&XvWVL5LK0GSIQT2i~z&eEk@^3$iwC?#Ld zVmYk)TEVO>Bh^;gZ6!A)+GHt_XeYh<Pb5eS|I7cw+n2{jQKgHXQ%l#<TUGB{I+fm& z4(X&jAp`<x5C{<VB|u16lpqNpLf8T*pdhlShzsaA<2vIqJ`@rbql`G0aU2z8uA^S( ziZH)H$GMt&ee)Q`JCe>l=Tvv6g3j;FKksF!`l`E@bH4h{cfS1`Q^@XUks4PupG4NK z0ogjiy8biAifRxAoH^#eyU&hEB=8^Y$dQ5Uj_PxfxmYj8kFs1~Aa8S^r`c?^WP>Bx zj=Au~Umx|Vr^A-{s!?+wScJs$nng6)8Nl#}6*D@O1*;CpTy8)L!XV_($bm2XInxeb z|19(5Hn!*5Yw+dFhQ6g#;pWT&G>+~>e7Blp1MT=e*Uh_#et^eb$4m34{s8B^jzenh z`aOPlvXLchkL3MS4^#7hDy!6ed4;-H%O9RehmovcW((QJ*^4YQ4Q;+*=|c8ac01e8 zG6*FiMXQr5z7v^b?WwBD#{oP8zQJ`22WHxD2WHv=%}lEjCt-hp$GlGy9n#;Qix<f< zK`@mW%mgtP#769F&Ja2J9?$CnqWbc(ukFrml0KwLN4f}-<Ad~S5-oQSST)Q{8Wepy z0LvP<K!ahQ2KH)Tj|MK#)PeA6V6O)DXkddTAjPPGO&Zv&fvp-bU(&!94J>P5t46TX z3V9X{ENft6HmaM?g?D2gWqOL<SQ%z6Gna)wI6qg|580~<<>Zy1;PNU0O$YrxogGW& z9MlCpZb>{Jh6ln=gsHI8=`n>5$WUg8CB;RoD8z?DEGafjA~Gq1hsi{yh&{zX>?y>1 zBj*B=2dpZmU`v-Prv?v%q-M?4#zt58fERknlf3ySdC8N!IDJLNPx2Dc&r7U%Ud&aA zFzPknXL@rUBQJW?2|%TSxrYRE>^Yca&$h;37@h|Z8#<{%fSEK+m~_GSm^AU_07q8h zyw;r^3RluLB6_OiZ&LYoD0~WT>ME)qtkkF`Z=%0w4B;)>5(4<Rj|3sCS*xaW)se!g zI4fO~L2EMDtPz_*_Ckx%o)b)SI{QBqEz+VSdJwCGI=vl<ttVFMIf2&s5qNB+PF0AK zI2txL4(%kE&Pl4;5J8rhA+;jylgXd8Z#YzV``bTxp)1%t>edIl=PjMQV>lCeXzHRH z=k>gFqAyDQc;%wu4?WX&h&r}u)AUF0@B1XD^?ZTGwF7=Zv~w#<>#Wps(kbbW^q;KX z&{wTG2FnKlM7Nz1JS?4eU2^ri7=^c)Yz_<3dZ5l>6pbc>X^`q;(u{mlUiI-cnnEt3 z>9~m2qbK@~p6EOJyuPC+{7xSrXAn0FalsIM2Oa-+*6ku@{V`Y7D1JRrsq_&2>8H9d zfAwJ9$Mubiy4CfB>t)v&7vrL-l--e|Jx7ij9XYwnK{)i)ZduMIlKr5{BVMQS$QqT0 z$@1efY0LF0)KsT*RU2ZdDnVC>8Z_vOxLU!2MD-!M>mAU896DJLd65%oofMIECNDIL zmMq!fl<PHEc<`nLqv$}yMY9${QfyAg&XZHtW2m8}-A}E*u=vU8lGt6cVnWBWOytl@ z<8GajysfW;y6cuzqYu8@_Zpg{#`b^7L=m+ZfgAQ?dO2YywE?Zz8&50=m;<$9$W6Ym zaH88#ubaR(>gMw|>)Lp}QW|a<?x=E&lNu}yj&ZJLwpo}dwOCplGhM6LRl-tfm1UJ< zscR#&3p&=gfS%3H78e*+(yeT(xY8gxeGDff4rv=?v$1Jx(zd+KMryQ$yu?1^CFI8C z3!`$x@|<<%<eYp2$R^^bWy7+`Is`bAHig2K<w(KgBu?RIF7M#R?uv_uQ<7*tY-~iZ zDMw_c9BrAhu8`4a3;=@($AXYLEP(ixfR7Lru_9)f7h&GG;4s>z(W5a}q(IJ9GEhv{ zkTrgT3J*3oW^3qbDM?xrZ$aW|%V7G-W&U6zHHiqB#m*9LWN#E0EankLbyP2_wrV}& zREy_wnq;7AwFn)tA8Ji9W1rdctAB@%Enn@snCX4x*zUWIb?w@HjIzS$y&E!r=sWk- z9ncSr@4oZyZ-4d9+o(&sGi^)}qACmU!w(4;T4#`kNF${NiK$awR;WUy*bpp8+LHxi z3T{;nDEx5eaPK7NB=3BFfuY&i>}}^)7}}&&&K2G>$_KU!t_z+I{FiN){g;$}#SvuU zQrup}441|;lcXl;bNyEZ8A&gjXon9wj&%;7Ne@i!K?LR25R^MlP`*ZY=)4FeF)c0@ zw~LHI$Vwq3CgS=!B*sT{Wsm=!)6ep$kE#<{#G}Mak|5VXYl=z@xHNJsDeK!vyBjTG z0DjmfoO1<B8dtD1$Q69`dRH(Be?fB<aRnFFSG(XKUvS<P9KUk;`(9w;29|3EJAr{o zHaUn{&!k5zN9Q|556RDB#1MmNB{zpT>^59!ITDp=4Z-YwX86J7cb{)xe{oCGeP!~` zHf;L&v+FvJX4=@(duPnp-+%b&%y;`H5AXYqe&*cScRqaQ?T-;(-30*kCZZY{k~*2` z5eX}l7#L(KnH!i{%ra&jqZ4Fa;02>q7L0)Ap`N^MAPTVqJmdq46<Vpl^>wQekS}Td zkF8;O8U5R|teF~gWE2mQN>qcGPNPjuwbY;eA%oauspZPr%Q%=5VHpQE5?ck3ezV&| zGBsP)!WQpIEH)r%L4S%Ks*x77l7f>Xks*ky?|N!fTit?%qsELGvC!scB2TWFF#OqQ zecj@<eZRxAe_j8V^ihPva>h^et$gL4yfo;>mW*mL3}Tug5!JvE4II|MAq^bVzyS?h zq=A*Zn6R~x3D^R|g-OELP-CDquvNHM*ctkn_2;F(q>X~p<8qcalz!x7z0@3vl9Et# zHS^6vv)HU}HZ&XC`F5dQY}dCN+Kt_j?x-23B!r5GhML6r`lXSjv30?9q3xju#K#N= zV~0u~Dt|_N-tctvnOIlkR}n`nC$0x_Krjb{azIQqv}Di0Krjb{azFu2wzv3en)qng zATk~$VrTSa1s?2_2)Ij$Yt&ump5|WUe#!m5TW59`x>vg|x|u@veQwHq8j+D5Q8@9M zrEU0h3FjY6@I0gdlpv{7(`9p15^owV3jkqRbHU02s=#OG7&VBC7}37S8Opv$TQMy% zzA}BG2YN#8wAEFa#Fr;A+j6_qE#@X}Qs>^S;49q<zRFE(FmB@7!rzV-RNhD}7zp$4 zYUDyC=zhn2HRnrU34S!bO-U|CjsW;JC2Fl%1iYGi>0ON_9@3VgXi4Sb<e4N@m)xGD zlGsHU0xnhlC&NckUjyR17{D#Wz)9RlB|FDD8kLZlutGEGh*=>n4=k+NNUc(mWt(+= zsDZ9&xzQZBm@^N#E3&@3mNiqfRmIRu67O9*H5VQhkFUWVJdM)Oi$f6NxW@My5*vo~ zY@B_Aclr7|PF0#qM~C=>tgSR6OBTs0(Yk<9@d6>nc_BLlZTvQLSY!%%K_F-}@WrAR z#-f6#i!)wOC>3D2Pp!H`HbmVhiSO9418Dd;wsE!$d;nGT13*}yk3<T})N;sWdbh`8 zFCa6#ozs-#kyF>#LXJkFWmHuquE}&=eh>P^DX7FjQ+Ld~XUo=2RpAHTd}P|_VI}v^ zy6tq6{Ia2=ZEL&3k?`(({ZM1uo439H2^{HLv9@*W$e=5noVa6ZeP^sNK4Htvu9?j< ztAoA*s~Ad+-rC&s_}mu}w+i+Dg(_hm0Zw=eu|X(<bbkGygp>i8)4)0nEaKWOkxH^A zMF;`g-4H;7QG_&bNJ88!BDsLpo238<K;sWg(AmWP0Ggl;u%F|{3F8)Xw{qLL0~`a8 zfcOOWGIxeM&*@0&cQyz73K<6+&iEmbMXD~I1+rP;e<w7JMNceFVB>FA0#!w9u7_#| zE;#h)vg^z{Xv*%*I#w=UsU^_}eYJSHmQyL|H=2}A?@`)8a=d9huFRB73oD^$G|DDX zAd|PK!z7SOCKFjvFYHtU6Xal3O0Gt;Oi(5jR4K_bx%S4Dr8{?a9Y1c3$NWz|E{$q^ zin?h(<W^?x+28lTlu{3#XYNGv%q6_47d)x@);!o*Z+BKwiq(M=e7{M%Ew;+I6^3}L z!vL)gJ({Lvgny874ALtd8X3)@(JLKcmlG?19->`3iC*cn5GQOt(A7!iXlGudblS4+ z*sKT5NsJawtWg><%KM%0j1xMidN7GNurlfS#zWoedBXFur{BZic&=<TeU2y$s^rjx zJ$!k=0WYGV2<L@M0wd%E2O%#wWSx5=ap{rhbK=G$+N3}nXu?$YAX8q}OZI)WQ57Oc zv|g<$JP<bHVI-5$Y{c0hxNaL#9T|fc7<t(Xu;N%!vI9wTagr~Fh+ifK30m*a5i+RD zh4HDeDN#fODH)A+2TAwC3&zxK{cz#a(<FVjUcP0<jC)6PKh`~A)wHS(>R?~jJr(sc zX5Du;RYSZa9_(R7R3K6}sgZk{oG?u)82I5-Fv^iP)&h;xzz;<KQPSYZJ}1iqk=H?8 zKFuqHM<1JrYqPybve(Hf7J`6WBjQ=xDAx!Mi?5Q$8wyQTU1$%pdl6gl1b<N_h@lOU z<b^=E5;)KX9sNFid#tPyC}?9g6oZ%$5o<t|I04j)jj)lL&(9N<!DUn%-zIDV8{tN( zliwt46nDej)Lrx*?rwgs@MCaTxL<q`JSCn6C%L2IZ@{m_--8duufZS1@4ywY6m>^* z0f!g^5wTjF2GXLyrY(+27LjpfZp93o<EF#HE+%&~rXvxM`3~cPls+KFNrV;hDaEn| zJq~BS5J$K{|L5Z8;vkVvhN~7io(~J6O%OytQ&d<@5@JOWh-$`<juQnMKsI53h5(;V zr_~jIp!ay1-Of@hg3^LQrC~t-AODKUx!2?FYw2t8xOy+QsNpU(dEbd#Gq_F(PF%=_ zQV;xSlhJVg8F|;*{4<hMV@*MLB(w4tm&1jw_}8ywZeb#QJ8xb+djoYhp-P-1a}rUd zh5h<9L|J)?#QOR#G_HGN)|-?qy_oYMuz4>lm8Va7kTW4q!BQ@zMmLaBBWMCYOam!3 z=7BRTnlt!;Gw`gCYu=zyq&6>?@}^@nDVEm;ndGw9m<{<eESlU+e&7sl;0#fd6366V zq$mY6XMCygapn`;WhJLv1yIjS*;7B$II#0@u5^+G2h)(rQB7XZWwq+xkwr8Zl0}Ol zSuv<zoar{HZsRlQ1cu}^ITmFa0t3>Apw5h_)o37vZw)e}7?F|1tl?aphh<#o{hajC zIq7$#ic;2#MW}B;esY*?u!JcVsY&tz`CggEog-TPrJO7JQZAV8o3v0^R4MriRL5)j zWMQb1(HR7*&MUYrECU#wUeKF(iv+B+jq~wdeSs+i!dwX-H&ucvZa6=}G?uQ{rMW45 zgZ>6{y*$aXz&z8kf?LYpZ0Xc(=GO7A=z7d2EPvH~C&ct}48)94Q_LK-By7V#wPhoJ z7k`*OWOx=nM?C<2K!U%g|C!-9IHBt?y~TW_`$YJX`O^F+%N5<<1)rW2t1ytQq*K#W zRPmVD@v>~iE1JxV1;{+dhdFcDgpCs>jy6I=*m$b{qjWW%#*BzNln@Jq5!$ReQ7=ct zxICMgDK^V1<*o8wS(HTv@e2Gp)E9Go24f<AC7~v)OPBGlDmtS-Z`wwa%tnqCM3L7U z45B2<NP=kSVu1xI0u$5AM6*fx7n$P~PPSO$EN5d`&V=4`*l4mDjV4|;o8uyHLzm-p z$1EoU6yz)nZ<Y-vBWa!m$pAdhahSDP%((K5XuB#IAugG?-AE&9el{&C(?qyh+=es2 zs5xn2nhaOV+hj_{M|z2ci-`k}M$GTo<M68W>N28KxTjocX>lQ?0R3Sm*y8%(RL3k= zl*#s=$aLgPQZ4?+F#d0Nxo}oK8O*2{6zaA9OGu%-gvS5*ZcuJkET^&yR*>wlhL<a6 z4P-m={pXKz<&b<{G^^p|lr|NT@4s}EQ`9dlgUfT{av<kVAe9R}5Y05_k8$PrF~`6# zsz-f%{)zd^o!ZOg{!3k=!YF_&;ibC5@lAhs!cqfD(LeTnTL&`MR9_|@p`^srU~T6g z{ov_=%nnv3$+x7VG;GMc+VgxJlY0J@$E!x3cq!BU>hr}Pqv_&Dm*uyqTlx;abB<c} z-S4Tb$FIGQrP`v*4EjIO%;BMaMXV=gS3a&P9|xavHRJ#@lS^o~46sjA?ptFHFyznA zn~!sVF$Z8_Gk2@}41h&ZtqfEk+RU_`_PNa#onB{6Tg-|+ZBWca*EhQpanA*h>zv0e z;T<tO5q9V8GW(zz3qu{gnwYK8{E|qgjcGGwR$}Fq65enI!QwEwEKz;b5H$`p3^i7n z9+CAiOUydKG2b%ZI^W)AX|uN3J9Qh3o$_YeX8SJVUU|P|zjcr8u=t$*HR)Bk$MzrM zpKO0M_DTP3>-YIBR+q_?Pla|^^*%3S9&6rdrp@krCsYHOC7<hDZ8jSuG}4h=;<j0> zVT))(2WA5r%3-}|)9XbmPX5#D@C|@Z@=*!j>pseNimE$qMi@!kPEoVd`Z`P6LM^hq zZlNrv;FuF;7y#qEBL0ftEUg&I4bu$tbVI*^LN8!USHg@iMAdbBm91!4BNX=Ga`#A_ z!R6On(v{0@ylz^r$0hX=2uUWr>iEX84X+If!K=yOEah4rjad^K53Ygn@Tyu%rvFPk z*hslYG8}CEpPi_#5d+mVCNvWsx7WzoLOb)ZPJl}{qM<OD<N?zB+_=7BT3qQin?;de zlgLY|ML(*>Tvn4r<gDz37tsm^w%JCM)=qHB5mujB^~($KKw<ok-I<l6L*-i=D>FAg zFU3OM73Kma*7wNz9a}e0E53W{r7`nok;=>PJhhyD2N7tws{7G!R@x-!-o=r*6j*PV z`>eW(1xVoa4v*1k0l3r>z}DPC9!T|A_0aORhaPHM{t)$E+k+3bAsF5JP4s}xXav$= z3#pDyVS$&$A?y;7^q(d%7eFBaKbLbR+poKgYT1o%2FiTq?6zrjZM*{Fhk2S&CDp9n zh1BUUNP#XqKCl^96Djd#HwgtpZTg&f0iI>|qBad7c4-p@X;2I4TJR3@$zO@!3lg~M z67DS64)dL@O4&cZ$h>gr628j{>H_?feHRFzgWN@e0ZR>y{yDsW0WE-2u&|3q>eMOf z>9m>Sc*qM?5IurkFV1}hCe(FGuVz=$#NoTO+1k%UmhrxV9#WVVxHLo45OR1K5Y&xC z$|LpSpl~_6NS_QFmTew&II)ttK$Xl;w%FQ7_Q|+?ZuG(3sC_>06ltHAW(+QBz3X%5 z=dNosBeKxrcF~;C<+gZws3pJ$3s1<#Xq^d~dZ<%K1zeK0$<XT?&K28U2gYJk6u1kX zUrwgSDY&`4*o4t{rRB2J*C%IFDpkI4+$H;H*#lI8V1Cwv<vngRdPEP#%P~<V{kfdX zEue%*I#hlA`fwZ~ZLY}f))m)5#Ty<!cFbt|p@RGFI&{y7Ay3Q-!aJx7H8qXD^%uv> zM<s5MR<~`KGrM6}$H-78=Ka(=)Lp3maqtr9zZ~QxYfzeEHal1tEk|d(hPuh3o);rL z8w%XfMV{3js?GyFxc?5+e|G^iKVdCaqI_}WB5)UbqOcgaOLIu*Rk6@_g`i<A#={k| z?pfj*_6N&EEi*#M1|_pzFG(z0jQW1Ez~gp190mCoDqT*JqWCEsvyfd)Y9IrT(*>&? z-&;73EO3AaUC}|C5+70DIAN~AZsHv?8fr%jt8?C0eA}i2ch=u9fA&uf?thSe(p>BC zPpwYYQt%d78xL2O4tKWCUNOD8(duX&+p>2xqL=<27>3Wm574M^ody*3UjR~HA(`u& zqby8F*k*xVV^LKRd@f^w{|UoKve&TQ|NAwp_wSFhO9rli;2&M{`M`5PrU#B6xQ72H zuHnJodU(w>(m!#H1pcc>Qm>J~GSI{<V5R~Nn1K@%f+$FUYETF2!89-zECM%!)nFso z2Hr~Fw0!0C*|VGHZQ44l_SSW=(#1<dlP4JXv1tbI=+~!&YD+_*(pq|+ud>`GNiN^i zNgLL#y>Z$2F}H6Xn!Kgm;+WY;>4uMLM8AQBO@2?)=Juwh_RaLNfM_ZyD~kk{fy8I$ zY7*zppCbjd5(()%Qu@(IL(n-4YX8Z3Frn_H_tf*RJNbL(BMjJrfvU<>GMe36vwLTD zpZlJ>?)dus_1|BA9KP=Ux#!WpE3d39e-Ll}ma0fqgfNt;PNJXxm8z&nQ8V$j&x1dp z?#!Rtcci>BnItE}xA1qFX1x6yKKVfm(GR0dIXcRGoJv((L<jH?0vhqnwxA6>olI2q zO+e5?<>i%>l07NIA>d1V*(a6dm1PLPoK*8ufhZ_*4z$A*y#mdbUQl=f6dQEKHt99Q zNJQX5TLw*&pZ3B;?`N3A@CtB>Tv<IdrO+fHoFlgQRI+*~Oii5jqs%$9fvLxAfh9`< zHgyZXI=XZv+>SPx?dz%+EgH6tY*AY>=h3q(==s18=BEoI_Mvu4lAOhyY_JrYj7G%D zH~@_Xh<<4#87=9y*le_n+hzhZ+ImUbu*;yA&<2_pQ!w#aZxVfwOiE~9QQiWpN%K_p zLl(2+a{L%C!J9dMz|%QCk(xVd{P=sO!H+U~1JmZ;`uL4a+g4AR4M$qq!o_1p%}Bdp zXXj6<4y@ifd3<UZpfew#md6p+>>!9n)r7Pih&)y7aM+4NC48~ZXDBW~_(N^(Dl1bW zucF3EK%tf#Wh9XJ6o++X*L>?uC3>aL@K(kl;&h~{60b*rT9<EORb{nJ?SYDLT647j z4#=;W*u4MQMKd;c&Rl%7vmzLa1yhMY#P?8LaiY8=eUK6p9j`}|%R7b?-`7z$v~uLy z2j5uc^d>5NE|)j6cUwVG?Wlks=T6}Yg-&K9up(YDAziw{0-G#wg#k7h;8GsWL4Q;$ zMX?<RoY3hkD(Fy<Kx*@gMvotyqSf#Ym}nt6Wr$W<)E|g5vGM9P0qn;aMOkxBc)QI( z)okk8G@`Dvt7Bu=#@f2hV;v71JaFj#gZDEd8}5B?=bi80+t6_D`*-eq@7{)Mqt5^O zt@H2y=GW(m9~m{bnW;u38a^q$EwGS6QW*8>F`Z64MVB0f1|&5Rl)}V&DbyD2GQiEp z#&&l+_F?sUdcx3_$V+8A>+u~Y06_m4^*siDnqD?B3^zOWI;g#N*lCBYGHjIL9uwST zf)jZ-fq{W&ELPC5R|iMvw&<v09n?X+zT}-Kd^Gw(v?ofhiSCF})1!-{)R-uYMTbSH zD717~t<xZcR$U-!u|y@ms|VpMO1*j%7}VuwY7$7jK=j*!N#dM}Jq!L2?R)WhX?dKY zpQ0j!%j!{dRV7}df{Tu#Q&~iFCYmdv|9ovxVdJBlSKl$t=B;TO^;i2TZru7OZfbq3 zy*f7M&ZfrolOh~-Y-s0}&DF^XqeewTqst4fSey1ODleP8Y2t+T#!1DI+GL3p<7Q-L zDV;&MsYNrzmR%#@u4=e*DBP2Tdn({fr5&YIV=1gJg>A*1#nikIY`4P>3tVb}b1ZPY z1@1AzJqEaphD*UZL}W@$N2Ewm$|4cA!{suMD(gTzz2kN>oMy(!=(IUeR|d<<;-I$3 zuN0W2atRhl1(G%HuS7)FW%Y}uEV|HuZ^0wJ7h5b4))3}e$UwsDDW(!w3c=&7MT@rF z5A@SHqKpz(BVJ31toFfGYv4RubsY6|dRcwAVb}4tB~Nuu)*tsA*pyy5eMm_|TiTNj z+eU9}8XBsbUD2`E+HIM>{^7X`9$7td=~DQxF}-lp_||7P-!OdT;f3x8?k$;qYyHT! z$#GHmiMys{+|W5A3h%z7Xwkik%BvRdp4sux5EbLg7@i3uY4`4Q!zTCLZYm}Xlc;JF z+#|x};wF)rD8flXlh7{E<2g8vhD{K9y=;fYqW8O9F1-&porVrQp!_bU-e7kc3{E?3 z_VrM&0uNo%W%l!?+?q!Tm2dVY5i>%JlL&DHg@k(!U`!3Z0>MBis$Hm-a8wxIec%L? zGGAXhk-1_&?RfZ>y)PWu`{KeE4p1NWor2#qXEL9Bl6mj_cTD^CynpD?WB1sozZ^lb zOe5krUiJ;(00B@2o=dM?S_bE!zmnDxYDEk-#o&q%Yzo1f0<hH&SNLGN3+}SRb#{1{ z6>hY`Ez&-T+HBlwq&metBDEXB4G`*q$=2cVP#sd_K!l1!_;RJgWGd|_#4AEM^nh{t zi;IH=ewhvWSz~VO^*U=X^UBgsOP(WtpLP%~7}>_C%RE+B<(Gftq8iqwWpgwSt(pJ* z!N-{^hqrzD<!i5h_3`_yd-k<1+r4k;wijN$?apVOquui|e>k0i;EjFnJDD54c=Gp` z9{;x~H|$ulboZ|2RonW!&)j+Eb1!b$_F{iOS+7@S&rmwVrvW-1fq3Cu_6(BpZ2isT zlkA%2=nOkK&aNztjveGUyW%f8c9G-kx~%Bf3-CP9-hY8z#eM*iNK)LAp0aNo+&m7p zjfJgg*qDaPhQqnV@a7nt6NB}BIJN*za>HT?f>Oo7K&2km*PA9Pk)ooJ5mS+p@;e-3 zy#5G1#?J@>k|hyi&LaH1q&oc(e5X=pdz05;yC@imL``&V=D>??lW~c7Ty9{>Hk+S@ zh~t^ic*ZqB(b#2IeP(v?vF1&Ww054pV{FaNe|!9uk4yYB?peKP|BWNeXKeEy`0f6m ze7IvMD_Fe!Ak?<)zKJ*8KEW56ar?XlKi@SY&@wDCwJthh)sL1m9aufh?M+B64=k?^ zHmslNTK&S>;p6Z9_+aMk<qxl(HfALCsln}b>&-Qjo62hzjty6~9$c8M48NMJ#~B5W zr&rw-flI@X3p>M9djK}NA?JpTE?Dn^5qX1rmrU<9!Yu~a#=~|FR?#p@!=V(s&kt`$ zMDK^qemKz&(G+cu07X(LMJX<H;5C}eVxdThz^@=AdxL&6?e()lo}e*)@ytQU8I5d$ z)9({B#2Ai5NYX2bv9Q?fMSdDvW?&JHwlGobYGuu1|FZVUzL#1S9r^Z=`@eW%&UdG| zNn4&@{={doYdh%m){kCY`sBum@V6UJZcVrU1_obw2AbYzZ~JBDs~79Hzqxz-FHXWq zUtJxs={V+YKLdbmM%eLzVd<g`!d(Kji-*G*=q0P90KZwU7-gN`L7OOGKooPfuC6zQ zxzm7TQ6y(60ml@l?5P|%Fpnk{9awV5^EXA$oZt%=Z$2<}(_8mXrzh=xr6W1_{?~85 zc9HG*I5l^4IQ`&XyRW^FZ4G|}wWboZr^oK9fEz1dtaMl@H75wi2VuPjj(0b@sd0$$ z2ymkSW6Usy@}?9JQDOkM6qNaWMMc^6#tfLm&yp4+K8oa_PkWOR7Wf7e_Yb$<neRt% z;Cp6Lyz!2?>kl^tQI~x4*X)`wWzX9A1$?x%bKjI(PVJm@27Nzo{o(n+ALwS`xYg5d zSUEYSc2|1>>iJ`cO7R*!J}@+0xKDta1z5#Evr$p>NS^Tn#fy6-n0Nys>HJ$zxg+Tf zlyhSaFS=9}%#KwVE-YJgAASq5H%<u3;?4J=w{T!O+jH&Y-92mZ^Ow`g-^YKLoSR1P z;s12g^YDAXeC*darxC={PCbW&I$BYL0|F&5f}i6>+K&rQ_MJt4h_3rCoRuz|ttdyc z4@O{76>7i;YX9ZSee1sXg6%o--BU-7FbhF;m953N$}HHGp8g#VzYyU`@nbY@M8I>r zf?doa&tDZFCq#vf!fxTDzzTu|24E7>BGR)(3MxRfp&I}LM=6Y;qc{%gD7*|6dDjRd zH4<u6-&r(w?v6{~jorAYIb4%+p#hk}hw<I~ZD%1FenmwPzjM5N4ZApVrO)!qUs4w# z=#!}{eFnCtZ!*>0H<?s#`4fE+NnLhO3|6KmRmbXMRCS;}Kn?Rx@KeKF6I>J$OXr!E zo2YsGa-Q;f?O|xMsj+%69u5`i>-5v~i}Z}%u2Xy#iF5d9ogQ_Auwe9;6V_7+3Gv}P zeHNiNiEXed*G1ZMswxHZLJ=<Z<)`S2&oLDTm$&|O<LJ@rf7*I_Dbt-9GyLW$rICrN z#@Dyk2NToVc2A!^<AHa#Y<us()cZTHHI^@V;HE`CUOlpQ<-<+O9%)VGvO&Hj?`B@Q zLVY2`=PwEz1w=87OCmy%3gcv5ioq3wI12KDPKRU%D5?YP4O{>%(Sk^VAQ~fHa-Bu* z0izs?{#kUVApPxyjMCi=Pk)@Lp}c*cBZ6EHuVxImC42h+f^>);G^duN-2!h7r)3Ca zMZP3|BQvrU@T^ZT=mA1o660-6-+M`{4wEv})y^!skoGx}wG{^~F^4O5gKtr5g6oDu zqQinROFzN$6^$F~8Ju#6)K@^&u|p882hx&W<ijjO>8ZGm<#pu!oIQt${M^~TbEF3( z4hl!x2H}olZ@h8r7r&q%-3R&1xBGBha%Lv|Ig%CQU~+oMT>;o`-fX7ko1w)5!o|hD zA^MOg79vqn@ln1KzfLcPd^V?O^s#0<Q>4%|QFm4&`Q#`eoYUEys&t&E2^^1;ANBO- z$yG<TG(Nbx?q%x-quVCMm{E_kx9y)D=r#_S+c0^>*url2jn8(D3(vfx#rs@Q!<P9E zEm&|v$74;@`o0h5?U-F$(Xx9E<^F#;{{KI|StLtkGx?D$HJQj#=!aRutU=P59UMt7 zG@GoV%}z5`W|;1<j?y6@%<62cZXyeZv5;dS%UYLNVbnU;N?9ph5IHEqFyL(H4q&qg zYs85n6&0Z%x)BSbXdiF4ilWtygdiP<6r^sJ$&QS(h>BG4{w%_nJAsEbVo1BO|5h@c zWzYT(dtU<A)Ri^<?t3o~2us)n0bkfP0Ro7Ch!S>`&9Jyv0|^j?1d|}5wJNT-RNGqX z(gm%xb*k32wJvR~IK`!E_tiR9JGNG9+p((}zjN<<2|;bA-~505&&=<`BgtLQJ^Q)$ zX6r<-CGa9KY659R6Qqmqk05(_BfRsK;h!fCM@c?R91{((-I-yhzB$V(wH!f5PL(uy z_)6WJSdqlt$HRc~tozxiw=58LlH~(}g5|NvQPxkux$!Sov2x(wmy*E_e_W=Lijzk4 z6-C5weGwHSjiLL-^o@}y{o*1i2`8Z?l%KpQ7Ojl!h^1p=!(?(dIM446lS^D}+nNbe zuVQzHSnEwrfD_1v<nX8Kg(DsQX<YJqxsmo$T{tueMH!QlF+L+SbK0}@)<o2G>{vj2 z-mNQF2aeB;j?NmBbRBsY*JcFv&1xKZo1!O4Q-@c@jha;!#ZFzcGQ1!wEzTois8X30 zD!zHTZ+vD{v?`9g-*EixZ`fI201?#m%={5yD5W1t2}Hx)QGpnZaYn<PQ6+;$K{Si- z^P?hGMs!5%h+q;T5EUVf;3Alah^XL*ey#{igNpD2kOc&L;?u4ySS0B_?ef=Ke9Y#L zx(<5^)V)zATM6eVTdc-*%+3lL{lGK2MW>eLSFS!iQ@h?&(&xqezm07l5BtJ-rSqQV zka6^bx<QqXf4XSN2agmhN6#D~dv9>#6E&7+8wM_&4VH{G*$$c%gC!5n3`=!GIZh~> zMr?%Clk=oKJp=qADKRIe#jbL(tDl?#&E4Zp$VbNEFaMFrQo7Z%25pCQE3;m*ere6z ze|_?*`{aq*M{BOKQ>~Y+7p)hppFNpW|5Srv&3*laUqfTVff5N-oEa?^OIS8jf)XT% zl1RaZ7>NYAJGn$sh=WAvEO&81A~}uC$W@N)W^~nNLs*naAX<oeu#3ZAR8Ric@SDwy z0g~~eTdnk4?9>kHi4N-~o38hPu4SO>!i9k-G7v3-jl9o7A9}GA>D*DdJ4$sefFnAK z(pl7uP``fuAs!K)p0Y?PgbT?G=?Gy%{3G!%H+gu5%4M>?Ucq4I@?Cv{X)4}v^M18E zEce(wMmouCs^)y0qhxkPrzFdgW$eB$t(O;_>lm$Ge|{xeUG<#G`jc*LZBlCe>WTZ; zSvS*e>$aA!{a}9EM~{!P9*j6Obn256>o*wEbo)2iq&u2OSDEQ8iFBc9k-M0Q6p7_D z&ALL28L$hnIKm9;^d@rT#n{PTv&l%Zm3bwxqxap~wSPZdvX6GX^&@C94ZXo*M{2;% zP(hh43@GUgD2XALb~y1NVkY=I9FclIgcO0E1%#d%nS-5SXX?tp6bKi-6a@jpm4PTo zQLbVamq=H}*Oh@&rYncHcbIBQ#EEDTg9zQbZJ}{kr<V{zlH!H^8UD@$*dz3b_fC_} zTIA8mb}kb2kqUbV1bZUnY}-b#3$9vgx9{6W$9`}1r~9t9&V<l+k{)Oc<*8+`mx!qT znO^+rB4<`GMurd}SRrN=uTSg_M8>q=^4w3Suv2fw^LRw@fX9#8kU4&hFKYEgqkU1K zFY@*Fj$|2Mmhom6Ngk8X(<G=)f~q7a7ewRk&Sw*M(Gn4Ag_Po1;7K=w_-Iz@DPo-& zzet)6aB_~s?+~V47+?Ico&k_EkXXnWNu9*-63I>gzdZ{6N$ne}3HE9qd!65)AOQTk ztH|F!AZZYOL0=TV-O0LjsdYQM9XTOy-@am65*mO4uQE%)wI08z1*!QDtmgXF4WU01 z^jtyoY{*Qh1m|$Zms*7giSg^jpmDLYuNXFnl1Qlwa&d8|ZQ5N%qbc-Enx>uc<!`3j zJTcOWEf9xzGfkW@fjrpQ0+(7O<<p&wd_sB>g7C^#ymISBcE>?_IJ=7(dvh~rV>2_B z+>L+3z6W0K11I`PnZw{jzmP*qf>FCa8tgsXn;zkY2D_mwF&ZRBDb6T|M#(f1MNom# zKrWC84D25s(GOpj2fIo_gMa6`oR8&q-I))iQyg~R^t#z^KUQA8`kmSH-+Q#IV$D0V zMlaJO(<wDeDk_)PrX|-bXXjO}|8V}i57$+US%0SG!N09j-(-gvJ9M=hjp>7oTP)+( z7&C;JE(4i+P=QodX7qHw#eVb*uO(izQv~HBg&l~GM_)J3NXmorpglb05{bKOpgpkn z2%>}oADNAC2m?OkijWWQoh@4p0~4ogwphR1zyIcvCD8@-s-M}Zv9JRiF<(2_T15|^ zFePoc+)JS87|;|zad0Y#_4UV}q>GT^n*px~{B{~Hm<bMc4eKM0<Q?75*SC+{+1Z7Y zOGt2XA;F16Q9fbXNKC{Ym*y?(ZQ_`4VzI*guAhGZ;(y63T*e-|_+Dhju;B?C_tU}J zj;0~ow#=Mz>pqm;zH(-}bq7irlrQ(PO4+GgVaw>Y4gPGxI#g1nEhX<i84i{b2$qsg z9mupyOGC}6Xh!^!c)E2!`v7`+Bx;X9^EjmAPz8q;_Cu{fXnG*3m7+>1T1q2#v3Ept zdIUu^D9|_sQc%&-=#|k-baX;SNJMb3ID$&x66l0<PpTi@UAi;wgTjKT5NQY<5~2uG z1Teva@Wvr5IKZ}X;IG&CH!twF<n~Lqv<c+3hO1t8-*ciU`~D%o@va<S4Do3@I*ze# zHke^9?Q>Em=0ykR&6s#!M{`zI%VzDI!}D_3U2N*uX<3=|!(;lEt}xd=JYGJe>8Tp+ zv(xifre95iU;p$-Sz=6tkFT<%dGzr6$0Vle9;|X3HeqOJkTSb}^k8NG0KXxnH5obP z^7y#XbJSSEunAx;kv(-tri(L*g!s<Nop27JaSp-fgHyNg%fUDqK|*9MS!eFE&SqX= z-ntpjyw!nmJOo-Q0UZ6Pv6+L$1nGn5QGRuP^io#@n{56rWRVCpi_iiVO=A%ppm-U} zq=GkuN^vmn6YNanoODl5M!p^_h>hjXOssHbVoO|PLnl9OoVj^QY9RBn$R~2x_^i6t zp<V~jxn#4kW`rV9tv61V(+}Tjl2?pS#RnyfomE7y#J|4?zA*`?_JqAh`Y42|V9zLV zC%-yHvylw#%g_u%yL(c|9f8{-Uka6B$3gQDG9jde12pZ);@_MFKcV>~4(EUjaydwj z0^QdaBpW(b)5uFH_<MDdV6V+bd3KUD;jh+=V<=hd<|-D^VqZ^`!%n@i0s`k>{la82 z-|(C$W-yj`C`CD?1MQJ$Q0AU!DUy1)yGh+VBHi75-Q6B>NAB)!?QW>v4Mn>lH_840 z6cd1g0+1vCJ?et+%?uq7=pqS_xI_j9_yz{J1g<A(uRwwZNKhY0eu2XSQD9IwupN#f z3G)<UgV8z`#jq$ih^2!;MnS>8LBVX$<3uWTSRO}cw2wxsXjDg|F*Hh{Q4Edfx}cVz zMM2D<psFA`C^E>yoeIR6QbHp)+v%#47ajPJpl+`uUWR<Wv|j_^;}vWr9OQ~eI%HDE zkvy8al!5TC(BdEIh>C`DxHHy)56-kh8T^h?K^s0!>DD*?V*Od_!NB&w!+P^Y>zS9I z^9^tUqCGuC7d|@S=I`Z-SSKIp9;_p#J~_?HvoQW<2c+U8_53KW^kIXg^z~blV#cVm zyp_{bG<k0rwmL1z5<@aWogzi7D~miLIcf()ASB$)09uCeAWq1T8w_vqddjV{6L6@J zp2cq-z!xz*-I!QbYmMG-P5I<{h|<el9`!5G&}8k0&eJQc56O$dL-JEmBR)|t0upLP zAJI|n4?)R^`gmh0<&VErnRTWa6+-OGi~>S}9LbYmblB~0>BaPS$k{y=Ro-4mx$K64 z;G)UN7}pfQ@F{(bai*?O)U9yJc^8H6TS#9Z9M>0<zHe=P!L~jbU|mRm2Yuf`UnK79 zFA@5}Zhu41qtC*M8AyG5KJM#l>l*-lv*~Nlmx(H%PqK$bl$4Oe&!tb&i$!np)Y8?2 zT35zKE$*EsI>2LwUcl@@+b~1lY%&utLm$D+GCXGZH%Ndr)Q#T;I+i}pdWuGfMmWvE zAdc+;2gC<lWfHYph}(}CJj5QadrtG5COzmC;{B!fmp*U!F7{pQcRS#6pT&I^2X^+I z+IMR3t34s~>3*NcQp2W(?+V`)=^W)A9T^=NbFBYrd7ENwY-ilLxO4Gy6FyAbo3t;P zN##<xwB3ISod3^-!E!s4{9$-9Jv9BrUg(8h_&*9~{uH>}3%&542SeB)p+i!8p%;3g z7kZ%=dZ8D3p%;3g7kc53Kt^^i{KvwGUg(AYYG}8^-!Tj=`+tUKhMpQWKGP4N9fK+y zK&~378luVpC?Ze+@I%)8tP|M<*(<US<OBe;1Dwhg0myS#5IB(geeSP$GxDzHPt4zx ze<A-uL3u%2!Fqu23;hdM6n-|maQGtt{}{1p#9xbKMYD^?1FZkIz^?zpaJcw%@!8_9 z0e-<y;vztw|2l{Q7}N{B&<nlL3;*drQPg1i6$*b|1%GHKh<rH;E+fj7)EM$v9uN9) zq0CS@^aDbfbr>U}`p~ZnWhWT_u~2rVwDvJ#N=g4HlwGJLA}68j?!k&y+P<F!x%;dV z%7_yAZV<{e<?MT2C^J-;@7qF|br>U}+<dPKWhctn&-R@!&QyYZjF{@<vtB5>P`Q52 zLfPG!_AA1ltz#Md(=Wj#q%4B6H26MJb|UQtQg$ZoGe}uX%1cPu1qcnLzZA;64EZuI zL%z(*kT0_iV|W?zWnPAS*_o;iUMG}!8S-UbhJ4xG!#DUQDZ4t*FTu3QrKIfU(C&fD za*mXxm^QhRlzpJ=EgwqCz7FI42#<W(-=RH_%q=73zGN*PXNbd?eh%dbGM<;`08(xs z<ycZC@)SGJFLqeV&7s}R#>*CpqY^14l|ZFHse-DfbnskE87Tw&S*TX3iL_)x%>-rq zsDXAp84(9PDyjj1qtwt=2lFkInbdUftb@_h;89CPx&stItr}W&R136}66^+8*S1a( zU~dK7&47mkyhgyOr)r>F1LY>@GuhYS?9?l%Bq&AMYblh1(4YYfO)!>&bv3XK#!*8} z5ylROT0OMl-e#cDZ08BfK~MN-_)U6hi7YrO3+mO-gIhI35<Pk3@fZb8IkHMK^wto5 zajh0`x4>KzX=#R0S|T|P+HLwM1e&mP^kkla$TpqK*O3uAsu9-2lGc((PN2v(mLu(E zXu<MpvTLxL58Q77D)cbZ3{p^$kvvB>E;NKDYyn!bBBpr?;jZ>yvYtCf4(_okwxK$Z zM*~@hqhesZo^W8a%dJ0EMPy~R^OFL2u?=)%DhA5_|Ju1L`Rldy{}x-n+YY+5ltV0` z1;!dc9$1gH0D6I^SR#8P(4!|Sl#rf!Xu;An6Wx>%OEQrjJ@KJ(c<kmK%PfIPqf$Ym zcUw5-yBTO{B3$zP))IOxM1Nz5j5*?stwg503@moN+D79xBe5<leN2;%(5EHingsnT zh@TtCI!%OXer}C`MJLoX1a}kRpb<t{NFSb6P3W-c^G@AZgc-c0nC@z+wez5`*Sl@w zZs|0Ux)$ctKwTl&3HC>RU4?y}J2~Jr)<Wb|Lp<kRGHVey)f1m;Al_s1^gCsb=QNN~ z42<vJ!&dK&ou}bnm93*E*zD6pY~N;YHru}!2e#GkrYqgS1~4Z)FBY<%EjF5n_p}oG z!QTaGAQ40Jo1F5tr|Dr;yyqK*N1iLbjAKxf5Q#9gHf`GQ;E_1q{hp2TQQIJBrW?D> zL-c}_O(Ztzi4R)@-QvB9ElboAZ*Cx5+N9jmsue^t8dBB@c5rt@yVDb5NMy%+4yNJ( zbR;6<HKvfbr6XF^KpU1&9gMK`#S1tm-Vr7H3*OruEzEX_*{J#7<e@(p_qpIZa1_~a za3OYUo(yfgo@`d5BRR7{$QRw#{d>90W|hC4&#>mo?4DzG*ctHp=B+>{tW`&B*&yg$ zL3lO^d4`WYI5KF6{CPdw?3lN!CLx0JE8sl9=M{t9QZ!U|KEE@b{Rz6TOGra_Hwrn& z7C*G4r5R+y`$+d5ha*|7L9m$^8;!rMTMFl~9vL09-QPh*T9RcNdc>K#dHfxGB>L*f zJlp7dM>oYC(ak3NJ7;65@$uA=ZyR0RyRB}o>CQwp9V$q?H<DFq?RA}lh2XfwYsd`P zx-%?Kbv2<yCuFK-yDlAL39rL=LE~oPB@K2OY<}I-mj1X@9Wy-7rDLY)Y17@3Xd!ZJ z{1^3T%LaHiXb>c$bD%&=9`Typa+wSxY8-Nh<#*ySANjR}16#%$+#`x>0HcvaoO|!D z`Td_Q%XG`fmdUzh<QP+W&N7o&!RxA8;QQV=SMwVhHQBj06Du_k?7SE8nb$F+|Em^Y z%Wnl#F6k|$@}M>fvZb1|6ha%`x2mD13TipfngcD-Frr-Ok0zQLMe<MqjH@I$j>n;f z#}cTIAu%qG;z%9WM!@(Iz=h}LQlrTlxqz*lj8qfc#n4&=&$+@lJR=)gDxr?c`6LSR z>y^MP{<Kgi<V2p*3TWr-9QLHDkgRB<tQcx)z+WKrssMK(!H4O`>*tYjiJi_ofl?Kb z5yp&hW&=e<q=s87;kgXPm6P>VglC@G62e0s^z*#r5(@CjaRRUWI4qwkp$F>-(^mx0 z&6SGCpny=*Ex&AdE(6Lj{(R`IAQ_?*X66u1%Zc=I1({)Pi%6}TD_&FCgc~eXEQ1^< z7sFq^U3O~n$kU>Bz}8cCqey@ED4su+@R&^`S4wKUHnK^rg6InODg<4s2_JW^I*M3g zE*YgF9GBZIB#&4xPrc1L`87%%DB;(`x^<+*X4Ty9_y~{1)?X=T`fj;ksjG-gFkR*L zm46F!+!iiTnUKO&)a$rnqrqrtZPIbsMpKi~q_OCYhB!{u(7>tnb@diAr`DNurfE8D z9Ov#{psP0NTDa0CouLBHDblnWn=M>}u})vZ)fk&vO?VE6(JPa<DEyS7;MAIirh2YG zW2iCKOo7(n#(D!+(5yA%l`87>X0E{zPp#3!W$CLM^fj6WPFNAf7-3P)Y-~2w=-{c= z(xNfxxMqV^XW}fFkHQMBNMEBfn04u#S*PQ4jnz7>R;T3}_*PD<GuN2(O_)KlhE`|M z=o`#&Dw7@-f)zBJ#iY^d8a1XVoU!(|rDJOx%+FNo>Y5ugCN8E}Ut=<2()w5FOlG`H zN}N(j1{GJ>F%iM#m^3YVLmgLITMN{2v7Fjitv7Hb`kH!UgT}1j$}|>}zDBR%$~A;X zGnbH-nrL5vGdDLiHRyr6TBE@d$Bi*IbB&r-t{M2WV2R>p&SK<hOgfE4r{J`Da}!8e z!D$RyuF0f_-WnL9gJ+GIYtoq-^%e`Dt8OLIw8_i@9Uyv>tx$_sP~c}Gb2~XrCZo2w z#-iY`t-xFbo?}}87;C8q&KxLffkpL(nucaAHY^+UMngj@7o+db>&{^~VE8?1c~xV1 znsjC?H>{@a1@Lq`u5==S7(J|F(KTY7n)I-$*4ScbFlw|trKjOV1ttdU7-1=RY_>Fk zscLnYO+2Pv*U;2cqToJ;R$(|+2p|Oc)a$GDKy#eCJ2tFZV?%?Hn1CQ^1y`*x1Fc4b z-JESoh^e<&ng++m>kM%%`YHM*omQ`jGn(q+aV;K3P81BkKd6_Og&7lu(cIfp@8w}{ z3nPl~h<C7<CmVq$EE?T3T?2R@5qD2t#-i-u&F=1HSUF~5{lGVfKnJtxOd61kR>9Sp zz%#*mYU(wnI^Y@07-R(+h3TBJ8a&c~g`y$R#AauIoC{2l#%wl%=V1HL8f%&xK_eR8 z>GcgDnHY?*2e(|g5Ki9dPbkvra6I7kaL;jEi{4U?n;pzeA($Jc-qziq2Rr50#<)y; zK!p{E6JZV&T%%E|uf@+gB9NwLV8~og92QVlH)H2D<3_<sfWvrT+^mBL4H&Sl1u5N= zRNmoXN#1D$NfRPk>Wz)R!y|TsW|IMk(Gdh%BZOT-%Vb@R#b#jLb_~X^)f2}X%$vBT z+Bi+;kQE^QVV5EFU?*$pwiKbuT(1GHs&zd)SL48_2`_K9fHC2~3(m_s`tJz<`&&US zS6-S|F-oP*<qFHWGIeQHVNPxi7p*FXdbENYRaj9_T3Nxt2(_xDVhmTB$Eixja3cy! zaui(d=rVO~c{x|A<_e3;iVAa~t*|7!s4}OpB%jNIc_pQgd<wx60ck}khZhu373P*> zWW~Aa>;kB&vI>g|E5<0eyuykSj580As<<+hx}q?<vPh-o$|}`mrRBM>d=8*3DJ;oT z!z#JOxg`~Guqw21xm8f%$_rFQMPw;eB~Y&>^ktWpjZqio7gTTsrA0Zp(3q7Al&P|c za`~lzsq7+EVX=bCQ5CE5bIGhyz@jF@1nNc=<dP;>PX+(8D+)_XFdNyWB^7F@Du7FM zg?;L%!tz`Nr&1S|V}azUO94F=C(I}%NMK$`E{_F^n(Ltv7=r7S<+<Io<m9S~09QGl z>^L|M_BBRwM#AS6138OSQ?1AyP8^e={uMbb+4{?c^Np6ANwmy5W+!uqc@_R%X7)2% zd%P0#XTAE=d)MB3*WP>A{_nqQ=U*@Fy>I{Tyl>~V*L&yQd*|MJ=iYngerGiAy?5_< z?{1S$@7;Uv-Fxrd`+wNoyTb`qLvn<zex96Ybv;hFx*lg(a*Aa`*#ve3o6lyzV;YRs zK;*;wbUt3yqaA1iLy`E2&$lM>E-;Kkc>g#>-HxVKQ}_Odgy$IiZf<RZp-w3KoB8rk z_zP2+8Vw3AyVca7;POqnDGIJgV=<^qnra1icOSl)<3|wuh^zsBAy2@wFTY&Kqsq3B zhn!pnEG$^~lRI*zJK93ppy>e`p#+K2#YrUhVCWzbrPMgN%AF94+EQr5c9bheDisbb z!5c&81XDu@l#)PeBtpcAc_;>@%mEqe`@u?|K2q;Kb+5mJo<F+dqdnu-uinzp)~8(A z#vWF-F<Uwq8qu^*5|H?Mhs)8FX<z;LCL#EBrMsP4Bm%lx2$@VJ>*PaMmM8cqy>LbB z<2p)XuGbstEJj0uROx{moqe3uI&GuTpiKx>2ICf2AHVLabca_O5@gDLxS#Rq)7@X8 zZ`8$>TQrSLTv@hC85-c8Fi4rEOi4&dPEAf23)NJIs&ekmKZP<kr7P~2_%N!{?1U&~ z1YZlOsMp|2){63SF1Ng7aCTCbGFF*4NEJIU0sciQ!+Cy!@5xU&|KfqN4TU+%7l|mQ z4S7<~?n<{IL_K~kW9X#P)si{){rK$?qcz)my=vs%waXIBA#OqMCw+b@ZU39p{KHI9 z@;@F=-SUP{dU99WVO_fXT321yvf2AizO?Cqhi{he_-5+Kd6n<J6z6e$!JI7VTHRX; zYQeAh`DH&RJ3T22JpW{cp|B|N%KisCWrJn6EtXkB)1J}&HEhw5J*|1p4_+$Vd(o@w z#`CvE#$A^^<>J3dd;fmzrP}j~4=!yy;s3Mj8dd&Y_J~L3A6eIt^K8_y^^<2w>x;%5 zx-oUz#jj6mrBlbJpI?5+W#LD;IbA1~b#1;dZ0R}_H>~#X?W~Q|o^9gwhwC~I-rVSa zVXd`=nfUOK{v$s=zkEbT#Q=?dn6!{)z>A)4LoOf@kun5C8sfqFv%VKXTR*(nHA&$W zxW>D2!w$ppQ%`Iq78DZB_EGxJ@eLpN^GE8uCfBQ(H>Ta#E#Gk@dAFys0uSiN7Ar?6 z3p?^Vau;R`uQ$|~8sZvldWx$tHpVwi(c{*5;pHB4yj_i0i$sZFlW{OaIoe4KZYdHu zBg7Udhbs$gbtS!Uh_FCQOUu0$(3yS*vqkBH>5XKu1qvt`@g45SU@M6kSTSXXr?v5u zgWUS#PY1|PjOZHXKH${e#3=`!xPJVYb=@rK)#TK%A8gq<ao-Pno*c0DrG2BfpZer9 z`^?%M1$+97*WGdw?|Jp?8`rBQetPE9ip{fq)PrMw-5Nb)!sQ%YlG(NEcJmk4^S|^M zHDr0+wAl|$-k!2@nm#10aNE)T@4Ymp@3`}I4~~E4{TG79t_`@4nZjlqYPa}Z35?uz z!(6C7d`{<6+rg~Ax%;_qU)gwc`A6qFJ@p^Y8$a+;)#V%Cl$!N(Zsi@D@w_$qJx#XT zBSCW~xF%#AcRqWy!+Yq-YPwUk<6YhHkwwcdy!LpNDLni7*3)g{O3S`pu9j|eZ5;Z@ z2W~^Z4Q^MqIUxvQUpWM^&ac{ko-w!VtJ@@qbvjB-0zvG7KP6PeD5H3%@8{UB)p6ze zI`U!<C>FmSoj_t)iZV4JAyEl1kdI~ERi))mp-<>%exv`NMx(_`_C*|VUa@XYtKZG2 zNjFW46~A78`mx2U^Im%T#KiXa!AWtU4^98|{w@95(B2s*f(|mr^S(a1_NN<c$oC6e zZ-*H+d|#JwG`i0hG5vmESE*{QT-fio?5fYY<j+!@Dvaq@w&l7g3lG1tLb=xM#I$2S znIH9Ud28u`Rd0wFa92a0Oa5-^>wmLQBbL1V=|f+?Ki#_g*KLy)XB>LD-}dUqUOhU0 z=gRHxzaW37;zshvZ%%#q@1eJ^Or3IKws@N5Z_<$k?|w&h6%;+~oczTY_gnWr-u3sf z7Z&{R{yNWo4{p9VKj85D$Day8Z`>+)*5~1*$7BVGKffNak=pf2`SE#%{^RCeOEt{- z$AK$8lCN#iXbwo^em>kp;&5Zn%SB>j_f*CqT%CBodj9E2X_s%;y*~c!t^?1%bi`+k zQjNR4ScpZN@|C#>?n()tS=i#zGIhd0Wg@PMeB_BqN@YT#ye3sSusT_%i5-|$Jur4) zVp3{sYSN&@SS=*KT1{eN^1#}f9wD&6p#7pu^iJDf0#Z`K_BK9uyqSLVw?p7PBb2ep zOrju|3)nGOF&Hqm---AkR+$p3OeG;u;}8NXm9STF2!Xl(bOBow{GBB%N;gcn4??$D zT1nmE&P*GPC@24ZpNx9FtSh{9<H+eBT>bghn}^<e?Ym$4R$VRc(&vlb>pXGg^P6kO zJvz}VHRd%@uFv1rwJttb`}`*dzNRa~U&;udu4>%=^LNzPRcn_7pLBWj%(~zl<(6ms z-`Jl&?g#n6rBAIGopPik_=T|J(l<YBlWs}=c6(UYiipi~m!69bzE~U5J~Zz3D5m(Z zVO~e#*L!xymsL%0+Ud8fE2QQnv)hIDXGD1pSe^T9;=G}&hmI<232(RVl)ka#3$fqG zqw=u{<I*Otes0s^DXU|Q-*s-kd?+{IWOd2hy%j<E53YHp@ijyAUw@A7*L9WKBH8)f zDapE3pHF^5KX1dJ4;ne^g7<D8+4tBW7i)&^;WfTnUR!wbTHE30D<iV|>@8R@ec_p3 z-hN_O;77jgmzF<OAF;STeajnjN}?`_Wkof&9)HBIIB9Ryq|y(DznuEu?YOf$CvM7~ za%}qPod>3@nAfn#^q0%e+<5A2(EDjOwZ|HViodvj-p*|YpWZ+7^y;cjGe)2A&aZx3 zcJ1bn&IHL%@k6!Gq!=fa4SOkPWod_G=_?P6{_%~vMVe2ZT+`XL?1VA@{A+QmuI~JC zhqCd?<ih8^T0O1nkhs&D{=;^2iqo#D(}C|E_+i!YMZw?CnT$$b>^s-I`<-!N!v>G; zb8hiBb)ALJ#(x^QG~>QAR|e)h6msw(w`pxduXTPHyMd)2EcoTxS^6}y5t4v2B!O#u z5^&Y{*AFDIKlsiK>_ieyU0oiIYJcQ=g%$<+GhmGgfy#g$jV^X$1v8ZMaWkSjZmNw& z2%ccN`dWRB#-ig?&6awjNpESz!Cjf69H>l6NK8&rra^E|Od!=HC9eMacF_MUzCX30 zVduF|3LYMC|CG4E^M^jaaCGg+@Um^E&h{yZ@cibjXWuH?W>IopUpv27@u*+ns=iqd zZ(lQB8TBzW<;$6euCzOQ{^Y@~`L_LJzY|Fji=O!YdR?&M=FCfrLoQz`d3wX)@bcr! zf6YDZa^}7l&g{ryH~zA@;gPxzVm{3)-?8w_7cqHp(OVamR;t}DGKw3MSFThV7X4$4 z@`+y`c>l58U&<bP;ODn}{vm#;yivU;cjZ$B)bRXTuju}@&pmeW9jCd&H~upJS+9Iw zm$s+oU#*;OMe9P!#0w~?GVkh3pM~cg=!~s+>V?qhs)Ux4>(8andt`%#-W%e+^X5<M zccD{ZBPwqHB0BOqC$Yu%=RqRRDn0EHN2Fxn$swNKb9afucZes;g8eO2N}XJUoZyFW z3#FX9hL6p2S1RW&pX2MXwQW*nRrF(DMEcwuaNf22(J>b{ZK&C#`P0p_P1?H6f5Y&O zXSNlYM_+gLiPI^|_@q#%ggn%d-Jx1I?2qq@?cF9=5r=Y;5GouJLV+?*nd6WUQvWx5 zV$4T2kM$4khw%?PJhtS>cqV7i*{}9&Yx(3<>&RlXGtM$~T%()M^QT^!xnf`3yWSg@ zHCFE%MV~0)e9G3Ioss$Zr~@yIUKe~m1TEZpVEXq<&s<4I-+cbc3Rh9r@`BI5E%!TH z`uxKeFD;+^-kigKU-i9H`~v2yhXzE1HQo5}=Edo2<J^C8{=Dg6pOPmYoZ@PFbl--w z$LnH`j`X-(J${(~nx)*Z&z*x3e>s^jd|E<=+$8C`+>~*9fveBC*IhLae*3|`fUirI z&OVwfzwhZ+zdkrik~Q<)a+B;E<?#d4b>qjO09Rj+w?Fn>^TUvrYe(;njlcBEf`unX zR(<(I)2fE8X+`h;*!t>U`pl^Ae{JLX{sWy_f~t>Ygf{kT`&ROX;=t+b-Cz82W!Byc zo1U{I?<+YvHQYODnq-K2+0?Ol*}eyN@7_^d*Y#A^?K!QoIZyg2Yro9$zAvcj$uQZO z?62fs9k^a_Qt|GGiF1mg1{6e09DBLy+UC#JK5=}o@zC68i<8$k(`2u%Z#x`a@#4<O z8SNXUY4#X4_-ualFZthk8*eR1Y}jQzH?nJ4__5kUPlPP;*3ucVFN|5S@1pFBy*rNA z?3rF6dRG-!wsqBxXQn^DyJK~8&_@q1@@Wo>Pkc^n=oq&w^3{%O^N-8k|2nkv*t%~D z|MnBo8QUeZ{->BTkB72d<G2|!gs~J#me5#+#&~9A8D$NbG-xUmlQI-(C`-)9Yb>u& zq0(5xRJK%OSB|xzl4Pxv!Vn_!5_%IYXQ*&`opavv$NBW<{XC!hS+DE<KELaCKlcNV z2SZ+?If;+aYF|Yf9G$xGGK{WS&2%Hw-nE{M;#WTdVf<7e4C?X&1tRh7-~QD9Sq6kg z{a=P+3;=vfNVUI{kV}dH&BcZu2GGWSgNDvR6AjEaf4O1_1OJsB;CXg{x$NNPT>iwY zkC-g#W|!CXFfsh*ipequ#SBv!b<dIgw%2d-=}ALy6(KCxhF7|t_tta?P3YZC<|}xB zeFBm|n|4GCQ(RB~mT*w%7&9H0HsXGuy*G7tksy-Ae4e-I7FB@xjK1&TL22m7;gfGL z1eG<K!}+UhTZ+xfiCy(5UjKaesV4H2z7u2Zv_(aqp6d-SSM9*;Op>TZhw;UkfgXP0 zCr*?soZ7H(b*6Ygb%Me8+`y*&V)A%9#1*Pf-x~dL+<`6*XWRMk=Rrk5kuuK>3(peY zMB7A2Pck(3y^i0aaZAggq1^BbrlXkGps<K}LGQQr%QWPBYrFG`+R7}fmutxGiZs!i z>){bi(-pjt=RP=3v=VC0CY-LURrFJKmO_+0Qbp(~Ct-K!w45rua7z}RlXrORko-|L z0(aRts$ZGdp=f1Ds4ulQQsSLxqdICnfe#!fite%qD4yYASKa`JId|7e7FWr1?zI}m zGDJt<xJs$pW~a<w*Rg!4eLllVy)_oe4dZuZ?YqOzjp1=XPJV3fm}3U>)2o8R{dI|< zL7b-?t6`j4jyNJaC-?|$D8?nwxkxkOnSGj5O#lM%jzeZ4;*fF1x;Ay}-_4@y1$H)c zW^L2-yY#_pCQ!ivDNa0iDaFu6E8;~#)ViK@>uGvHrA6kkr1rk2QD+y~$>FkdWCi>! z!E;4jvVO6H1Q-I_Ajq?O!9Uu@WAd+D{R@<rD;^&WeK0zH+Z_q0HG4GYKDrGay&2g5 z4Q}%VRGUnErd1^Fe=7QL^Ol>n++<x8CC-4BGX}GOxdY2EM*wUA>t&cT{d<`E56AZd zLNn$sUI7xC2!tj8q30JL5{efH4F`;VoDK|HtM%Vxma8|(mwRU(<U>9b(s5suyB`@a zUOWI8*t`LwAjh+lXMUN0`GUOjf>rm;+NE$?zTZt}w?*q6r69MG5IZs%nU&PHha!#Y z=<++VF;$4ZnoYWpY)TJqr@-Rt+?-KJ!x@%O8#(+-wb2{Fhg)j4ti5w|WX-!a92*lS zGtngJ*fu7%F)=2#ZB1-*V%zN4>^KwKw!S>)cevJjzW1MZb?wzx-KeU4b@g6**RHDj zKqu?^kbK^1Zc>V@O|&02r?zHo6}sK7OlL*P#iINO?}ufN=@huIPom~=tiOz!X{oj# zM3ZlS<IFg5EJ6-C>SXi-q5#KQ0YsBR_czk}7)y5r4eBB91p;R(<u!>l5V&|e&gJDw zj)*S-zs@%f<J!^#Q1SxxnLWdvR-lZk+(|hVnh7%r6Fh?<F>5RJb15$(>Ab*9?$r`g zCsZg_2Zh_i`h-@X=u|r(-zAOb&_J$4Dil+$eDap~4vRNF{9d%()BPavr8e@9*D|ql zkU?r3=X;HUHPbsE5535O7V{GC!ESDC+o~#d+$Q=+Jn0dc*nL-OdYbl_grYHrDWK_H zh%60>^SU^TeHU@la);(NC8dPlsl;h}j}K46xq8GKt)Ga`Cfz8^mpSuLhgTjCTlJ*~ zy&kH9b|BvTx{}udIk@zv*gp8ThKokM)_9>po6N=zvK)bC0y)nde&wB?Hc3k#3jzur zRw^86B*u4l=1hOre1CJj9DN3{UMU&E-ly<`T*g~nJ&`BR;xKEsGPPC~uHP7j(~eRs zh|Yk+{yMS8-zHXJBvQDNQ&Zo>TFquH!*@g}QGfd?Gg4Ack`Tj=?lllx+B9*<C;|Qj zrWG8<-)~yF`>Qrh3S>$}-1zkKQ_q3t7sSgvgE4QMb5+{LplK4|b!R-7S1Bpf1i^}- z?&t|+<@|@+TXeZ^ICc}BI~EsQ3;hX%@G7_`^Sn7tW!IHa7SzRsqsRWi7e!oZ)<WNm zWlzeX&X`Ah?sK`%^;{FNj9+4kE>F}XSCyZFBcC5ibY4xn5HfDF|CsW8E@+2{_!fYJ zSkVeY60>+YYC-7FmNdpDv|2*8M8B+rnnUZ7rlXHfaW>CQTUr&TtMZma{%baV)Ewds z1@$ad;au*q^1j}1LJi)`wBFb-ZLXa-@80>vC$s~1Qsg5exs3;Bd*SCEYwCd1(qQ87 zpJ)F^F=>U&u^YTVlit6W-38_W2u8gn+(h4J4?Dsho})E%M@FN_gD#UXyTKA+nFdJl zb*L4;FGVFnKe@W&BS#Z$T}(2yRN7l$j*z40;%>?C6BwFsD+`KZ|HZxvuc!V1>(XIt zJ{xOg(+Y0r51~JnIW9_J>IK4`AB4@$@@xx-`U6@s)EI(HP8l$^X<n?x4CCQGmkCM! z0d#-q=X=^Fq||i!V;3oQl2@yVNWL_M=I&PSHXi2x=HU)Fag@YE9f;DCz<wi3+cyd( zW9cUw!QH(d76{<?fsL`zFSE!woKLHISLV>4mIu*O$`$SYJYRje?_^BwcI9;criB`p z>>a4Csrum`hPDgoKOv=v)ux72*U-d^M<_(Gn4TqDf&kAHLUJWy_Jai*)tvvEwPP*k zYVAF<_qn7?etHB7pYG0{s8NYA4+`Y64G)j{^vovV{6T^_c6op!1K!&b9+$<3Rebh% zkaoGEPmWK=*^I=Ee%ZdpxcgJDV<k*s&e2J<n!qhVa2s-j*Dv*q3-qpw)pwzSI;PCg z3XTL`jV-l3?3)rOkUgoojrb2!V^_q=RgDD?P7?aVkrugeo*8%s;bNm-mCP>~e{nA5 z?S{aTkr9k-emOch7#mps8?-gFKt^C=XCY=J{x_&a%&0}o!N#aVOw6K1%*?_037ELF zh}qcK|NHSNWoG?1=|70$KM>1*%2?R7h}qdW{y9D^SU=0+U}pYAY@ZhYlCg1W5p%J! ze#+QC(SMfD$oL=lQ^WDE^8QW2{BQmo|JZ)oeCCKbSy=wV_Mh)hdrmejVwQiT|5$Kv z{!9Cb|5Y~^^S}9i+A*>GWBAWm>Ja~T8d(2}hJV}{|9?OK+2ntx=3fo}$LAl-fA{@Y z{@>~NZ<^0${kPnIdHiGfuiPg={|Afztogsl`n38F=|9wb=KjwleQN#}g8t?6Klxz$ z6#iSc;N@iyGq-Xwc3=>*GH@~$F*dUOWy~OBY-8$VM$F94!OxG3@E^U(EmJ3M%A%k6 z%isln@X(pT%&&}d`XHdo>JOAR;d*bd`~(#<l}N7LGoItR;LlAPU-v<2aapUy3x|Ts zq0M!Hg0R+!q098T5N8H+A()xebbU#)^b}ig!j8?8;6)2a$#ZPRIh2z<)lQB|O`$x! z>zxqQ6A~PH2PmytnJ@nEGP#+o$f}H+qSd{fVepjFP1fZKiw0|X2MjxP+_}cvBsip% z0n704x~XUq6HH$<yY*S2BA<(i>dJ|Bn=ey!F460`d@0i<pr;zfoJO5;j<}SQO4=+! zMTSmSO*fb<Uv^hjV<Z6CpYL}WhDNu+Y^}!zJWn}gxf;J_%)!_YZB;~6wfKOyjR%PQ zFaNfGddL5rRyI~nX4Ze_n2DH)m4%U+^MCSu>J6){GPLr}b8y<Lgq=)Xw@qKA{}Z!a zgQOf&)KKVWy*?zkbO7=|)pt=@37OWTwc9+&WL46169-Vl(Hl7vM=KRax(geJdcN0G zrmOgjzTx@Xd-v<b!zxbp4e!n5xTnef_;^~>7l|)%$T%3Pn32N_on=)PFk!+QXaHSp z#_d~Pd-LONiPP?6%D)^ohAuf7pCiaI654*6SgMXRI96k8=HIzbq)2W~RHd<bTxs2! z1!m5WB?Ooqdn#Hj`DbC#=`v-1IZu`8@H^hpcs^jP@gyGByVqM%m-~LL{~O~r^P5AT z9e?44XZZ0+!Zn-E^@=&C5w~_AMZ}SPak9EBlbwSvygy`ulHc5BuMV2eIt?;5=5aSu ztG?y>*^z_(`$QAM(anMCWM%8qrvDLHHZ$6tW`q8F-T<A8X6QR@!XD1tJgr3Pd@0|| z*T4BUi)2G2R+ki^B(p_wF$5ldEBTf+q20Q7@w=|!$<aJcmv+Max`^kJXa#8Bj)P~= z{*pWF{0W5R5IbcfX{@`?C>&bPvH^UfBW1Bzq0Cso7(fMjJMSKoH@6^hVc$6Kcfl>k z{q#**F#q+PZlS_FU2;(-M{z1yXU@HF24X2SOpe0+H%eLy@)n0>njAVEv;2llbR1uy zi1K*t!f*A<7Fz($n;c6L$V8c6wJEJRg}qtsM2|3sKkeuNWa7vw``*Z$el%y;i05mu z>fE>9<K6!8Vy~4^3L4qT^(9@s^_8ow1ntW?ZCtdPx`}h2JtPX8ufH(8_!OtfIF-MX zOjxs2!`!qvzlQ99D6EIv+UA|;=if=z>x}LO*7ah7UpWgK4SHIp90{!DKP%|9+ZbD& zWLXnukuN+Oy)BLzn0d%zMA<1Rncy~_+iLN&$<>m3@(HElv%*Dw4gLUp&CPjOol^CU zD9SwUOiX*8aehXkwxwb4;!g_ohJ%|FUk=|ncl}+IJ<8V*oQUSaXRNWFhXf)&{1)Ir zX`CtbRs$$jlN(6b>m#v?>Cjsj-cP$HxCwSGM0%q-{)o_^xMe$RmovX&uY9Y#&y7@E zpNpga;%n<J{iEn^H73GQN6Wdd?5J(w;YC!-Va3OUf^LI4`M&qc{?3Woygd5Jf9Gul zGSNqSe2QvK#kZq+!ZSaT%YU{nf~kAs<?Ol+X~lETHc7c?LnLc_qT4IvS?RcF<42Yp zTQsXR%bulgzNU3WPkw{RSE}sX$rZLaotJP6Q7qN)R=Nuk9hxG=N^|s4ADdjkg#@Pl z7>S2Gv~6XF5$+XDhr<n}<ff1|i<99i&y|}Ei_}FjmyelBxSzv6u$kG<V9?xWI}lbD zxud2u){uQoJv3NAY!uH}A3R0Pq<_3$#~%Ee;4Z#wZbZF&^xnQZ#kCTe`b%=syxqiD zM;u9|S9MCzdoxUct?<^T!c1d&5fVc4g3W=~uh8NMW5~F(O0No@-8q_tcl{n+p)MBq zfngVdi)saC;fH6PES&ancE6>~F7+D35|k6(_+sv+wZ|B99doRH6q$eagnDejp%~36 z*x3lrszQ@TXuUuXxKylJRa)3m*|A~7xe>+e=DeC?f16{z0)LeLahv@earpy_h41R+ zeN|kmh#(hb1;;6jP;AeGNhfa&QajR#-xnLpbp{|lCRZda;~1wd|1I*iz4H2Ni2_fc zj0edDS5d&m10LP4?}-2KQx_Xd`!9IEVSCL|)T4KKAbQ6Inl8TNx+xKObXWGCMDiX) z`k%J{?)I`HlX+YGSNOk`@;{)!U;{KJDiRd4-*`fz`3KRO5jiqs5%><7oDz9Aoq*yP z-^WPj|LXmpE&KN}d0HD!U-PxT)WyE_6v58;f5ay~E<b)#Ecg&4uZ4|Px{ggl|5Gs+ z#$3vPTx7r+A8tk)MZu6IglNWPUGQR#c=n~U(ck>1IUmTQ_)hjDhn>?}V+GDM2()i? zG44ulNAFtYkbTfG?QTCP9V$aNxDoY3g~C_?8#xbT#+jELU4ntu7=IjD;;*LYiKpoJ zW!~|}Tz#M-yrSrs{{n&46Ml*v@q~n`x%^4+Gvo2b?8C|3knh>a^--j}xYzS?@yRaE zOtGba&P(m<s`x8M)1VP8xgy&H*%Jrw*lz$BulzAaTw^Sx`(0dzs8Y}9Yk^+5=N<Q2 z@#3-Po%b`xbMrI!8xqJ)89a?LdYcM*iaeoBf9|H#ujmhSeK5IUuxvqibY3|w!{~qt zllWZtQ=Tp@TKPcmwxNAmi>?($dq2iD-c`kt5pzbb%ocfsT|~BF!7$nYCb<vm%Joi| zuP~B1-6PHr>$CGtx|n=HY$sQ;yJ5HHUT&zE`?9n!{-Sc8Ro@t2(dGx@-$SmelANW; z4P4YjP6H92d_CWeBWv!M_d8}~b(1GndA^cVJk9x!A$2zQ(Zx!gjuM-#fTx@Ng>2{j z%;kEM1(m5(e(U4Jkv(I6+oOJXz|K$<fuqOOVV)u>BI5Op7}CQo3Xk<+Y)_yA49a27 zTD`d1;&|j_m0WaUKc`j&8#Qw;I-v>sQF?9#gt|d6DCg%EhjE)&)bV#vl@uqn78mua zTnj=B!;Y&O?m*^H%5CoMIEIu*OTmGeq=6$!;UB)bOlbPzk3FxH`k#p@kGUMX?W39R z-XVlWX39lzH6(G_(O)M65|^Lkx=ZY^9}!c=ZD>n|#XE{hhI!R>Wq-xcT7*XiL<U^D zI@6h<>x9A!o9Q6JaG3w99bJ9CiwqdG_;^Iu6YApQ>m0vS%tjj{N<Kj4FyuNIW(SE* z7FFm(;c%>)i3Rhtt*Gj74IC`eD3&TRm|1CG#5lgRw_d-ksd*&_&@VpLYd=BzG$Zze zQ{Z>{UuLja(VOmo|Jc!axhK3RMe^unwt|(AS{}&n3-T(2w-!d6>ArPZPL4?DV}*qG z6%LC5$)y{h#!{^6>@QOPnxs!k*iGU>ramycLr`z?Qh~<mxd7BFzaq0_^3^du54ys1 z#a-N<q+zj?nMhYvm^<wq+_WS;zh-;E$s5;HL(6v7DR$LCWTldZ{^>uMa-qAVXcMyo z=ghpu8&5lADT6A1!nk==QN*g)o1!01Idi~fRoiuhG^SM#vxU90UIxugnQzRdJS(PI zg$i(?q5|r3XVm#X7bP|7Mn02H&!<N|@^~TD<9p>)3GySxH?FIJtA*cOSuOt9QY5Mc z8&CDI(8}eQEROAh0{VXbj<D=k__cJ|5?SDtM;gNI-78mydyY=~ecs+acADi{Y=l-v zZQ`4;JcG39OA`5Vpf$7UBVDE8@+RjBdDoO=#$cgwU>g^r#kCgOWlQe9K4jp`icK;3 z5Q&@7T+Q$hmz41lo<{4XIh;|;uCk2%vv~*Tpv*q0l`)ie$Ggtfp(5%)i+4s<Tj`u7 z+r=(9kuYWZ6<_X&ieQ=g&z=DacH7x;?bo9?v1c=fIrwE!>Q%t%{F26+h(}1~=smds zoa4Hv@w@#wbBb@sY7+hGGHLn9kC~%FEO(9a;H7iz;3WEvO@wbW8CqXWSlQiqqYx3O zO;88h%$%@PIoimdLsp^&<u5Cns$(CbiwzaExgq|rex2Dx$4O*$?}x@1^X9P<nM9QG z2A4H+$08j~=O&$M?hC{5+nO&>=Qi%8!eE|-BBK>^e?dW242-j6#usZV`x(1cPnnZj zW)kJi-lbS%Pl`GjqB=o7c~vq?{z!XjxjCy7SV%WqJCd0dgaeP4W+h7oyM$qWufdC! zZ8lM6AW=vIHYJxB^`!xzsS(@>&qRTHZZb2CxmA0?NFocDY$YgpWXX9fJZ4<0=5Hr( z-twS<+OgL~Hxu+Yhy@Un=%bZMi{c7;ko2$Doa|OLuKz|ex_d4(l3M<V?X&e&%x8iP zi4G;=UcAjh>@i=Pv_L@p*>RbO{B0}siR9;|!I*4wZEtWCF3q60OOK^&%J-}ZI=aHH z+my4H(b?MMBCtJv-=J>{9FBu#iQlLc!5<`ig;fi!VBNjzY}~{YRq+-I5q^`1zQc+9 zh7%JE`;i~5ZCj!e+^TlOO!jw)`|Iedv5mX(MkcdS=gKSVDBBWI@(9yJ+O^oSanw~6 z|KNULBVk&tt`gLW7>4(0EooRr(iL&Ac>bO${V!EjPWNb;e$D+9(Sj^Kwxt`{G&UHL zvmTlFwON+Din#aR*>JyYOY=QO`Gzvlbkzo<IFwETq3vul1Q6&(t=JNK5O4{8VU09x zdh(@HNAQ2|OJoH>EizkW)y;?%*!_B`#1l<&Yqx)+bkpW4s}r>eQ0&2#ujSCb=l!}9 zP4}mD&t~!ZRxPAcxa)2AmGlLLR)yM<cV;W+^gPa(YsQl8Z&Vbv<tmn22kk<>6=!24 z^^+Rd7`*8?hpE4pYMU5`xzQR7V&FIN_Dh%<W-`0!nOd*eta;-)%yi!Mr7<~8i3Vyi zJ&@R?*y@)g^d3xsaj}nzorL-razua~?)c$|DV&q&d1ES#>B?JUYFgQEFOo^I;t94T z0E5_G96FYpgm?;ck$_2-_UBWm+y;`23lwdI8Ld^K_*~iOW)1YkZq5NeJ=sDqa94<U znZUQt%~Uk49ztAMaa&rx*@!J5i^X2fS#?ys$L)OT(P5`VX_>N^bE`nf<RNrtfVIAE zFe#ejx8AuR?{i&L(PrIuPow<u8QY50ADCi~GM^F5B_DM+T~rr_NpEG`1FD#gvGZC7 z4~Na}A#fHPkpB*97;e_wO~j^@iMb2rXl@Nk^s^0eaKo}0B4&p-hf>vBC_(G0UPtY+ z5;_+WP$B(@lS%si1t)Si7TO(tcwyX`Ll$|8bDyc}puM$b;CFbk?B&x?Imw_$yy2hK z>c%mlqSKDg!A9kmMEd#&#ty=9>h_AWTg$?(%^jv=oRKn@J7CLK-a#I+magb7>p4%e zZ~`L_B>`QO=gY7a#}$@DVU)9FVqXcam6zT5b;xc=AC6($zzv9Qcpu1D?nk!Eoy{R& zOaM_&sA<AI_#LDa_*+RC%sJRP)VLEi34HhuZ=tZ2ghW&o$OwNLaF$X2kPe<Nim}Q( zzLp~4xKXek+2{w<_R;9bQkj+gUjb?~wNhb8QWXk@t>|Nk8fE?Hfa4^MihdFRHg&CF z*pt+_vSAf^qf};Lf11>|qG1zyePU{<NEG_KlnND-aF`T;Ix)4XpA}F<%_JH&B9%y^ zSQI25#*&y?5TqWa1R$qo5(+~H4AL;kh1E($DsDRg!jo_-MdHx&6LCvL{-8rk?b5^* z_rn1~Xtoqd)WZy<GK=~Z03no28eu|GyOc}{Vc=4?>UlZn-bsh~BDMezs<=uKd4LCH zTw#z_*twLGa$Y&QPU5f%iE!AYR7>Jvfk+#=8~|U+Nrgl<3`J@wNkTQR6P-$`L7C)d z7#RRPNkV}{H;fZtCDl)jmLH@VW(LSh{H;Rr13m(MODc%UK&`hRs4A!^NFgBLM+2q3 zNLZiLYeoNe01EXL1HeaVJ4foZq#qn`PjiI|@KM<I1av8HYXQ0x4Rg>vlO8q0x@oSG z(DkUVg3)tmt~dbv%G=6-_p*KpsZ+&mBLKhBwlLs5uOC*bqq^Tys-wK0N2;T;UrVZ^ zwEvq_M^(S2R7Y7qjnt{ywlP3gX<HPatFY}3$X4F|3HS`9ZVt#++Mbf)E$zpUI#t@X z2M{W6D*^}=w+#R;)V0E4CV(cIt622a#HF%+YygB5E7g|zwh(|&VcQ45PE#ux_LA75 z9_E?Yq7~Mj*rFW9lh~pYwwl<Y8Wtt>H?My}>Tf~+C(7-=lhQ8kZ<Nx`@1K{_F6>W| z(*Dz*lh~piHkR0;5+<Fvl-oZbrClJBkB&oa?~i_xq*2_j37D%DFENTy7$W==&G&=A zGl=^h&iNGWc!~7?q9{@Rk>wl2{Q>9vj&}S?I`<@AaucI)K=fx);QyuKzgpBlI%h6k z0*Y2BCio-A^CQb8i2DrAc?Ipbf%LjbVx}UC=#X>VpT#lP2>no7E(_z36L$_+TA#K6 z#Vr=7=4gQhk}ATI8G|(M6B>gsch4=9kxo74vSlj9W}2^cG$6KyG6M&B6}fBwqF1H^ z{q#qH&Sgp4XPhueA7Evf{!XOQS87p2U4$o-B!eXbN-MJOEX_>sWlby1ER7r)a)JSo zkuxY$fkcYnWdJfeX@g8r#$WrKxRseehkl)KD*dd~`b5ZIM^tcYZ~_q^?m<FNGVU^@ zoVJ{cH;j7@odz<+Ovroj!l^KhcS15;GLUI7jCTk6Z>i4?iTpC1X&&}9Rz=y`)v(Ig z2^pn4${a;iGCG`2<jOEZr{lYZ$NhgmX_?wnJ#%qXQKgUxSyXJX+}Ly3RDf7+l(}fC zv@A)Puu~cRaMSP|-fzmZJVvP%GBcSt1DGS2J?_{=c11OUFIU8lx!&-@{RQ>PJBj)v zfg*??wEW+k<E1%iC`<&q9lrL*6h*$wZ^KT+u}TOlL=tIm&#=Wl`p?-%Jd-cU${UPl zMk{0PdMs~QS$a&~Be&3?1MOYg%;!ku9Eam-nH<Kmt&W&9e#3)M8DE2Ezaww@Yr^7n zV-JeybEN52f0qP7Tc*yDNsd%qQ;(=4Rr+fLkc~^%_$@jpLWaRE?jSAO=%8L^iji;P z788`yx|@*c5nzr3+R1#t1?8W51sxd_Wy$cQrnm08$no_zM48iok_8>;DZfZ$BUu<; zv+xbyf`Q&X!ws`Dt>H)v`p}*4Q9dxPO}M)<t&KRrg3e@`nbt-d;*PLUTv)_g!;Zuz z+x?F`icV6i_7E2BjxCDHQ>%76XgEi6Qt1ym#!~5x+k(s?K?B;?Byw!bI>S!jAdezv z{{pG$6~S4g=_i>3=y;QWNn>t`*j;EgsQ4PZh<Zp#NI}a~HOD(uZCd~+Tu_P4j7wc_ zup!YLUYQSMSR{(y7G2KpOY@6F8N|ea{!PoSc9CXLed^?|^u9Y2mWl1;iQQv1nR)HH zaB~=CfHE}5smT2AQR&}0Dw%{<&>ntUr0uQ|cVGrjnC<Q!WuXj48aZPU6gpq-mA{C4 zsJ*`kSLYB6`V?doJlQ>1)}&~7niwp)J^dHa%&!Bi@mazC{cO1bg4-SnKEzj63cAF# z;H)HH^x(cu?i!35f5rYi^rDkFSo+7mg?ai*QI9_-7aI)I9@Ms201V8wS1!1Ji-Usi z<jK$+$Cni7<34~V?DnrA59saPmGRF>)$^X01a+x@@hd*NFv>zwDWWpDvKX;kw2~<~ z&d_N;6NoD{A)hmq+u?H(E{cpxkxJ1$_^OJ66p$Txj$S_lMao3VQ0kYIe)s``y>`#w zq(%`gIgK)FO5}EY+-anK9b+&{u)QQp3Tv&h>1-+#hP$SrDJNNUzZw_HkQ$Fq2tO1) z)I0Qs{N)?QBN`{zY3K(L5Ow&4@aV$N*5B68`|<+1OKg23?j7L~{So4k*CctzmZ_c~ z2RsMD7n<MS7WL6+lXO$K-~-|v%#Fwm)osxud56H#c4&38xuP+eqcSa;!*B7AUVR%u zHAFR7d)x=J7sJm3Zrvas@MrhKg9=mb?8ZrZUZbotw-xTOE6n3}ysK=eY%pHBb~|r; zHzYS!k3TzchulMbGZFYa`8Yf-U=u)>M<R%(@3u78O+Xy5bTENS{W*srNJSd_2k}Y= zt7y%$CCtV_dm=jqJ5)OkI~+Sx71SYu%~k(Zg#)$A&!znM&4L?9-WYbIx5&Sp`3!YJ zH5Pkak?q**u<QVK(3cc*?f6&p5%?#cQJ^w+;)j1mBgeUN(?@r#)~Zd}WmX?>PGWFH zJ9Z+kJF>I6P2E@BS1mWJd~4Jc`Fsqb*X?w;E1D;&xbF`Yt-7wdtoqx~+y1wGuH6cx zbRlO=Ffq5_5#o_zRrZj6jB$dqc=B>GP~;J($KWxK7<FuYH|fFWQQJJ(Zl;`-ay+=m zHurQQBmC;@dCXdd5jR2C-ZZz&gB`$Eeq7Pi8@&Fs4xO>@c`%WA!iRyJnZPo};|Zd@ z7|*n@ohY)fRh>k#HI@r@^_Wz-XpmLzRCXBcOyEfJ9CPqmXHoD`k}F+oFP-CID(>eo zP!4m|p47O|cpTcr^pxLFIVH$q8P#eqPjvky_oo>ws~DvTWfG-LmR;Wpwjt=$P=uj< zsB7pwYfZ$Z+dD-kCPvn|z+%mCHKN1*Y~c0Yw7I*XlQ832Dtuq^C|MPE^*qUisQINS zi>e1yr8V_KstLf8a7VV>yvtM=40Ev0@^Ef@J0EvCN*gJQUMm?*R=K%KRvYcKg&7cp zT%e_3QZC_uc^rfAwBu`nzRgVSjKiU2_M>)#*{4oVdvhw4vN}87!FLJT=Q>&bo(<k! zGVO{5{$1or7$D|x7J{6}p0||4K7%vOVI%WRQSH<=c4ddjDPk^&#Q5Ai;uxpZI~zo4 zBmdXc-eY#BN!?1*s^WK)b=W*_t(liqB&k?JN;2*m2FO$2pkm%&ez$O-jKZ_xa`@dj zj8IP#_uJm@*^XAlojg`~6&u|@6lLPoy?VEf5vLRz%bjjt=|R|^k)}5!lEOUFoTRH? zbsKQapHyuNM&8N?2LwSlJ=in{+j`Y^AMIfRZQvhog90Ng9ilurWsNs}j{c5*Fq>BT z$TeRzpevw0pN0I5flB)D3aGR&*x-o%&_FMJLPnet=t+o4sC}?{|DQmaT$mD=GCw>) zfC9J-Y!SG!KNav-E<Pos7Z49f21HDR!0?9`gl8ngg^h$B1S^Id0Gj2(;X+43A^1ZO z6AeR(f%So-#v&p?%0Y%e2>bN_iHTux;gG<dA>aJE1c`DvrV)o>JRtb|Xo1L1ux;Qv z{`7+6vEWWH+JY3s1a=T8xumf$PGF~k)YF6#;49!Gg6OeuWMEf<`1+8B{<uH{5lBTr zvM=Boes;u2jF3fJbS=kzFmQe)nm~$Zuu%UTe_^1|rXElpDBw@z4+-?y{JbgwAAqjF zW*`TUU!UQU?b3CVW>b0-ano_r7HA4A2I~3C`|$yXfa1VVpq?M9--G{ypR2#CU$cL+ zABX?vMaX~APu*YLZw)vGlm<os5rH>AM_@gW1qcEv19SW-{3-l&fIC1VU_Ou(*awu; zhn+^Uf+d7#0@w1V69hAZcm)OmA%Sl|6MYQ3|GKtN*umQI*nP93sX=RjZozATZ$WDT zZy{_!X~AxRY5CfM(1P9q@rYr^Wrt@+Wd~ma-h$f#X9h(NMGv+BdE(co!q*|B|AtuM z>wm{k^A5ex4SdGY_<%Uk``?9%u==Q9mLQ?-!Tk9I|KGy@XvjVELKkoaN8<&;QcwR3 zvBKNGk)h^O_)gS``jMiwOtj|r;gByHp-C`aP$-i_?yIwJl1HkJ|Bykmb0niFg8Zl{ z{_POKBa=TD&xvr(xgqX6&vQgxe){Hi^5W4tb)$iFY{HRBb3@J`QE<+o#&{#H-Ot2P zhGq&&0+5<H#7ozdY%6!^?YJ9`y&AV);}*_(tl7A@^%lzc*WpXGc7Ybma6=Oz_d>~) z_v3^(A+N&&yph6>J=V0MX_c~Esaw7G>}CAO@t-Qvj^^2M>7gAzTShl9(xa7Bdp7X6 z)hzhwz>dwB=0WIQbbh*+G9w+qVr|*U+m?8A#aIpTYBR^1&ZS#FgEO(jJn(8lCI=I^ zLMPc04ev9>4?vo{jdxDqI*;Y0h%seiZNKRU9lL_)`AXOAw2zs+bmV+{y;|a{^2(1i z$0NQS4q|jH;=Z38nY2MWitXz_Ptk?Mx5iAfG(-{R!XAA$qAh2%;3cupHu-8q>3d*> z<>97Vj(zh;$H%Q{IqkaKJg6_9(&KAW{#80)hf+E_G#)=VCor<^IVi3L$y?vMLOio= z^zehp_C)cCt@>-sH?62~WHG5Sj7|!WI!IQ-zj>QlT(xX9_vf17;lg`HO!Aspfo(C* zp&V~SJ91$vpR3S@?1R4bhIob<OIP&KLiiJS+lHHik3}As^`A<&c+?pe3-;IU<i%uP z>1iU)<7FY9BZKkSAu}A8bc(A&-k9D8x9OL}t)1J1Thjt#DmgykDZ@|?f8BzVLoAQ4 zrE7zCTm`y?i$};F;u?Q+^Q-OnWUA8z@^QaL$9(WGO>)e#rr&qBwr82`t4QTV(Frut zT0cn=iL!`Np~PlfB{t0tJofWnXh?45N`UmJ;+mRXOXR^_`Chx+@8ecAy8tXM6Qa*2 zOM6ZT#X_thgR^Y!jW!#kzXqrPX)qDitMS)2bbP%;eefcr6qAhD=p<7Zma`SB%F2#9 zt1qF}(>vkmqA``NTi@)sr}$oHw$_$I1y*nbC_QtA-!Btl_-nnpd2AG1Hsse|3tSo6 zDVXNlIzQ*XwKpx^FZQv|9ox6oby4K8FXji^mWakCYP%lWJe*rS*l_f=c;3-t*dN)$ zpc^$@UiLGp7iVjJ(5FE@-=DF_oNO?F=BdP3yxw4t@QWVKK#CxYB-2!K&=23Y0|)QF zTa4CGG_Fc|jze=xB9^H?Ph!zGjLbr;w|67|@PT^oE*aOX;4irCM2fdp0^}}2hYA6J z;sGt%EAtUabNj7O0mdQx*B*RF$|)7kLn%J1;l#g_&y8`|6PVZwf0+usAHE-nCKzH^ z6_r3~Y1aXG`RUs%-xK>z;<<-$3F6~97q*yi<<!T7Kwlm6uG;H-<950NxtqOO*;dHq zT-jhnO&rHuwepEShaQ413#5_^64cA>qu8smt4M@ROhv<(vUJk$Uh?zvl(`FANh(Q} zF=c0(%+7=scdFF2+h|s>2y)oJuUp<L+1S{;<_aw@D;Ezoe#3;tTU>0ame<}`?+o&^ zxIDXXS>+=@W9ByUwLVF$+$ks#6z^+6gGOZ_<>DH5Gt{|t;uCXq9v#PLRJb&<z&W1< z$=+cbjM;HAqm#(op!)h05vFY($0noE(30raHC@ckEc3AqHYj<~X7kc56B^C-<&*Zu zl1_<hkjm`ide%{W!7`e0mbRJ;>7!xF;J`?O+IJRrP)2!Ej;^Gbk2AzD!f(=WuicJE zkBYz`1$^wSf!Nqa0$<5cuM^_)>V9p}{^XR#o{SH!|Fu<-_4q~h^L|Z8*+h@Gn2r+u z-A39fwi4!}1+cQo&@3XkU`2Q`SfZn-sbZ1x*6A7Q%Kon9E7@&=Hjk+*)%xNPg~cNA zOa84N_nP0f?dLGoCSkuOeeUqwy3YL~Ns#Q|lBOjMe2OAOBV1r`f~5*B*`kbL<Veyw zRlTovH@G*5X+hHA%4trtJ3D<0i$Yzlm&qJGI@4YiF(R6Gx=O3rg~ahHN!2@kt*`wd zM``+Qcxx{6dd9!_njFbYfZb^KC!ie_<!aA3T(o#1ow33*K0o5<FMV{yES8Z+a`bpu z%&CAuHhG==#m3gK%3`d2r~v-yw`0zDkijO@)5}Z}-9}p81VQZvuIEHD3Tr<BzNo7m zW{>9{Wk7da{vk?q-V0MDgUd2zoa|8|RUHI8hAe8t`CN`iShg%$Ld{c0tNf2&H+IYG zJ_w`>iP^KXb<J}{6u;ObDk>Y{F<vs#MIY!I-$*@1e4WZfWs&|W+rV?_U>Nmkp5Yrv z_GF2iGf9RKuyJWR9H-~8)dOZ&yp3nlaTo|#u8tQcC%Ni7rfrx`$fXkjMN=)oJLJ|S zgiGDWbt6XDNw*QmF-V~1Ri$ks^mgakl=Z7O+2;4x%|tR&S5KKA7G8#-LBHvjbr2T# zYAyEiO;M-DCy^pfC_nVz9q9GKTk+*l+7?nr%v+C0geIq;xCAiJnUvtKaEpR4BNco5 z9DJ0hW6Uh<M3e(>nAtcPlmkiApKGwi(Qs!D1!clIfBs@mbEhvu^HQE@FTF3qMKZcw zSV={%r^PE_gFW~r&vw>QioI@OsKb3Ud2!Bt9mQ11eExJ@6mR{uztMc&Q>6MZk33t| zeK4Jc;Rcaq|B|vevF!4Gn6neY#_OLJkbP1<eM9RZc;8OdC~cSR1b<&9U8AlO(0Po0 zs+wX#H;I83w<%+n=U6(?yIsrvD_kdSdtN3k4R1mBeJ7)_0I`JX^l&Aktp;UnlHG+- z%MN*TIl&z2ciBLs^n&8*$~rELrDQ77ml9;2rqd$%jIWu3D-77#G<@e!rPa)$nslMn zv5@%_4H|SNEcD{NBEV~b3U5TOZ}Y7O9jq+zVzZHAF*7gbBTZIg$*=J_;W>45L$z5; z-}~Xi&UlCYFeJXhQN=*bCMyw2Z_?AP&RRFG@h7j6$r<J%p4vjvSs&Fsq^#R$9aft+ z182j3Tok6niYz-$M*dp1r;Pdb<}>TYdN9tl@$k`g@!@?C3Gw>15PGN_K9lXR#HW62 zocf311bxIZpyqS8qYf=r9(QuRAq0A}pBvq;;H}uhG~ond*M=ghx_Q(Lib*LYqtYsS z00{RiRyW4#P;eIR@8KvO;0yw2_|Cx1T(Rp%yzi<cSZKN)N-&EsTLU-DZC``@4Ewtb zCxiX8V-Z@h$8$y?2N?CE4>>0^U*)LG4E#l&r<YmszR9rnUDB5yqBo?x598uS!E`9f z|1fX^c2sx1vO7l%#yA^RQ{8X5WRRH=p*NtyKif(U^^h{E!yESb@!<@-%{bk*QR1<c zDlz|))`to_h!Us)7+zJxx-pB8EYlOPfu(LkEG;NClmxo=ylgh$U3(f{5P9%!#6oE4 z$754+vRPEzj+C9mr#p#AJTp#yeHeA*g<3$G{k=Ii{Cg+uXnD#SZVU`5KwCd58$0|L zlWF<yT!_;<3?B61ZNY|IA(rb-Zhci3K1KDP_wFXEHkQLVSWr@kB!}v^?Ddm>>+DZt z*7AMd2m9w-9Z*pS)6blbOJwuJf044q%|Gz-xL!WBd-4*#F6iS@`Wd@7b1`s}X6N?H zdVgf)>%DKnYGwXGFjWvG?jmITO49^wvF%js-Txlrg02jREJYtw!8fEvVN&f~0s+4r z(F^#lgrlB3GKt7ux>?OYX9-e(4<m>b0VVB+)V%mC;W>#t8W#N4&}wSr7(KzTqYHg> zIF;T;zu*=s<LxP@s^Vp<68u-f;%D$Tmo-{|<}Knz;eB^tV$NZVnz<~`lh!y!m{X)K z5`Y@l@;r*{3}}P`aH_mwNtlGt(kmh&y^ZwRF?i|Fv|x?QGU=~cFA0!F-Yhzwo)aTA zHr~5wtCLDj2FDy;et+%U;*JIhA<q0~>VeA()C5DKIP;^1=ZHQAw120cpP%l!R@`WV zFg|64OiqD<puEHc-aT%|#ahHrB*Y5Kfsb|@63rS?NYCN*eiw!Mg@#IJkN2ByTXOhY z9PtsZ<rUW{cpTtbQpxsCqe3?#d-!1o7{*D~J*?8|@@Ux?kG)ad6LXl=^?L^<L3$Tk zvG%Q3QEVs{^Y^&lq<|XlN98Ev0j;Y}CRz7hrPE<!-cZ>g*rhYL<xp2}s`T8ix)MY2 z9P&GmAOD8GVRMOLGjXk_GaDN`<$chv0Nc%8sHq-OJ4p!LUZeGWCY>lMDXv_BU|eD5 z0K={yqgP}FfrG}#WR0RiMd6gBac09N^;N_Q4CeA;QkRlzHZ|PHvXf?%za}m&s~s?) zdcyf7uhW*P4^k<PZ{XY_ikTECwurgI_(LabO<w4TduBY*6}MeWr<zO%2|6AbM8)6M zu5%}Kx7u%ao{vt7wn;a>eb0t|C4l0L_J4&DsU!mb)n1EmYDsAmY_3|?fMB8t%~BbV zrdB8=9JdUOidhOvvfSqg!+YY-y9U|3V)z5ksfu+X7)+SofM8DwBAsM<Rzkk7Tz+)Z zfu_SpR}49MsA2kAP%J5y;9C6X?c*#tw9ya<UfDJqrbQF#x*l7}xy;R_de>N8vA&K& zPPBgg7-jvGPV(2!57+ZxP>Vvms+vQWTW?(ed3wQ@OI*$pVhK#Q%B@tD7{KaJW}8Hf zd^=K}ga0g|^s`Y=rO+s>!K|k~tO1O<M})Jdm27DNT6S&V<`S9JUTCv5oBTMpGso_` z{Oc=x=(D*ZzkC`LZ-hPD)TUwuJXE`cCc|UKWl=+RUp>TMq1-@m*&hk|mVpKONz%$p zHjp!?sW8F9z!C?DU#hiBm^nLt4*v`zf}?pWI^_+eTWogG{{-7&bkG#*R0G<`kCo^l zpW@od1Gobgm>N$8z$CGhd<xkWg!O`lLAy>5@73~^=^0jyCqlWuqDI&}VKR!_`oe0n zIL>jUo6fz=tgRecWDBSQ3hpBL*IDLgTZ-1xaJ%0JPlgg6t1K^ICF2Dslb);ySuki( z-7^-*GSr$E06YulczB&gc`Lh@VID&06Mh@*!i4hH>OXgmn?&loy-*`l$^G8-AZ}r6 zc@+B-XJaej6wYrLfB5`T_LI{BGpBl#%bkera#v}f5QOu_33~{}^@SOI<UC^{o!qC| z<f)Zd3g1M*{0)Vm(JkV2Yxcc2fHbK(-j%c|+-)Ve8k?yz3F~iOi3$&px7(9Td=0_S z28pNCuHmH2UZ6qipA=L`Bt|SCLgq!tM5k{q2wBqrw*eN;ltGQ~-_t4x3iW3{{4fbI zZ(}Z^&aX%!M><3FYXmGOQ=?k+aC>xJIE+luSm$KB>Uhp7lK?>W&B8hl&i&bQ&lw*= z1lDrdl{cjDi<psw1-N3w$32Vu+VZ^pN$K0K65`Sb-!;44^y9L-P;yDnxB{@S#=zen zJjAu^r@ENdB-U<*Th}i~HfC1Ff~B;)lrcNTyxhtmumCp&w0?j9Z%I{Ox#iU{qb@;j z#vt|3k4BHWhFwTQ5sFl%N7ymm<FO=my6&bg3JM}rAtrTpm|?8!$wB+^q#02rtf5rv zI$L)Gf5oUj=&!)dozxy7Rc$cRKIo$m(YhIEnV|@K?GZ~G6W!OqBa-`R;Qk8F8V>Iu zU$u}MV(K@1iQN6@!ezi$-l*q^!W{W}hcl@_=Yb)uSRv`VC0eEm8_gzGOwf-_sImA_ zNTPvDGjuOVm7RF1NN=b?eA%!-colf_{M*Lg4BDSVX}>hGYs%has=__gBvc72LYO3m zXM1+p5jc^mEcec~2PURV*sz&*F&1H+h@gSbd=D_LHuL+bd7r1S9P!E~d>tp4JKh_g z@N|n?h|y;wKP*x6C>NfPrz<YOeDd?UzF%N_b=AtQi?w*-O>(TZVDPXhp5ZVGDJ<dZ zX8Za0$>zn2H$jJY;B|RYwKZk7Sp3u%vZ5icpff01Yq~FI`duETw-3(FGRr5gGS_@2 zp61ZUr(AY+(E=$7$BoW28~F~(%O}hNePkO6J@Z7R(;`(GW+dHPa`#mkx=9~7$#zQt zDYjkSc~VFmA%=aWn|c-Voz@#%X_~4w*3N8E54<m{A=w46@(c2}<N+NNf<7#p@b@y+ z;r9(H-<C(u?;cZx>Gqml9jlI;UKJ|J#YTNW*e8DXj(vNs!+k1r3w~z-N}TitGthaY zl{;2A+u3rcTk!OoCSOLI&@Nt1EKYv6l|grG;nrhd#}zpoBFE(LAR<Z>^EM&Yi3=h- z)zwr+yXjRKZQczTPwW3YGn0gIX<R{bPjy~Em0=qhx;Q-Pz6rw5!MAd@07o;vjhifW z+L*{!y$XASJWDv+gGrx{{g}b9gZXRtfuqaqv^aH6w7UjwN~!OHP{D9&z4CrIw;*mB zzaE<cGXeqR6X_B4gV10(R-k?+i3>3P-W$JQQFt?mx9C1`|D#ZxYTQxmsKY9Are$(0 z{Y;vM=T8z1&+dS~r|)YaqC`}0=f{rS6zb@rx17&mkF|JJDT&v^+vza1s8Oe@fa}YW z_o^0smk!4Zsse|dml$IgwUzguI!G9knP<`N-{x5#FqW(r-%Ro@KoKoaX~{}yLM51_ zlfDUxO#9x;jKYvK1=4~~Ocsn{;WMC=bw5Yq@yP5yzzvyqZZDqvP%LA+SKN2&FE6Ep z#MWYIsD16@CZS;yACX&Gd7GPQuf7Iuu<6TtsJ~r-<3E<Zva&>hnVPtq+|iGp&1T|2 z@i_Mg7;V%x)F`DUOHOB|^sxCH2SiqB{@_1CEiYdB?J86BTKQ;`9+<Fs_!?LN*B2cO z{rOgyIj$T2<>rR=;>&~_<9%ZV^Uvg0Ng#%wQ3^x1Y?mychPCOND1P-KS<gXRjROc` zCUb%9GfJ`<uv`t6qp8`d9?X+dtzCKkGi0eD6HvI9L|pR%u9G4khOTCy<8NIhb`ux< z;yLXhf>LvN68nz`C@2$p*8HH%0P{FoOI$kRva$8ptQJ>kZ_q7{m}Qg5hxYXMuI2rM zU|@P929|4w(*|%jkYR1X8`MS~5#1s0bX8G24sv-TU9|Fc@(i2^_w;|xmBNc*5U{>t zG$}5bT7TH~=ka;p{5^kw;az3}jvTIUZv{DP{W}n~d%4f!5d$%`(}5j{Am~2)OF(>c zP~H|sQoXju6{&hiRH3_FX+T6{;P&??=>>#_lV(PDhEZ4lZ19O#d>_P!kL=n<fH-h; zC1Tc%X+w#V{6n+<iS<1PVdxm?>N}$_4YryC3evdD&{SS4*jg`qZg-Vt03LOuD55yn zpb|d#6GMZ8NS~fA7BGw5;`}?wQUZ`}MnpugJImvV;MH>TeNW?U`;BjKx&q3(-lSN` zUU3jDeO_W1($WPxoQ^vD5b)}2Z>8tRZhP*!pymeD2g_Mxt{A{_@fbVfCZ;b2G1R$D z^hcGK<8~@eUAZJo&@g6>5C>_2`m4hO)$J|;jH4!23CyEk?AN@U8!Ne<XlGDTJF;u^ z*=59Kijh+*z1T}|{?`9MLzSYR>dxTA301_#lR6STrq(R=%6~*qP#D2RXyhE;9$~08 z9Nt1%MNWS`QztfzW?z1dXQ8wZBFUfd{k9=r&q~DvRFCzuL+>r@u2H9?-thZ?$^>lv z)U?ICeag7eTrit1<<ES?iVaYiPJ*lSV;YCR;2_Lz!YMOSP!IWukj+Q0yo!Tpbc^83 zw5{Gjbx|LLGlc9Iw$6B|usem&*XD*p+JebvX5wFMJy;b=np$0_CJs(UU)(4ptgWs? zP_fw44Mn@esB8^N$R3U~g{`K}(@>R6RX(dZL_Nh|<k<~M(bFwap{rIdJw5L`R$(tU zNk)5f3Edd~^2DI@$Dw?+0&o+97P)+3_c$&i67Q`FF8R3)qFaC?6!qU#{4LS)W#22C zXh{9SkwBbo1>TqZTq5ie`gsh2do}L6cl{oLPDs|-aN{^%gw!qJbel34@DD1#ymosv zJ@Zh-;J>;EqVp_;cZC}aLf?_${gj03C{_23>#?laJ?lcWRmh*@rrqlqdJi^eiNdxy z{aFH5$=x@tP!Z@Ofcr)#U?Z>}X7#J|?oe$shY!$jZ__FDJw1PVHVaLq4@T3;_=yPL zo;9A@oH6zuJ^e0}7!5+TO;<l-a}$1P6rl|_-t5TfqZOgCqt?Bw>cek2YBAR`1Lr7x z&zEqEPQ%|k?XX%Y^4G&5kTmC|c0(8OkfOw&uRo3^BILAtZfdIH@paSR7zsSu@$b=E zsP1;A+$Dm@fvp4Y^*r?DYiK)g6yS1r8AGi)=epj8JRwS6opnTw(S12YuGDEK^5;c1 zJN59>N7X+m$EuPOfb0kbgV}&lAs5*InYGk)|1@nOC=4!#(3%zz@|(9?sOug%jPF)2 zt6T0QQzi-%BY}o-^?tjBtQSW-Cn4DiQHbf@TXDJ+Q4eLac|p~)CMa?I;)^ffWX=1b zP%32>B3+eDFm8p#n*NI1RrFmZYidWIUlRD;1hYDqwBp9uOQs|gby{2#jexn;sQ09@ z@_ufEcm>mwc9-w~o$*EDjm05yU!(l84XNt3_?^6b@y9Q0mYBTI$c0#S?0p3H-)lDY zNxLMwI~9%NX9yb3yFpai?PWfm2Je29T-EIdE1L4cO_QoR*qhZeOukJED1}6=-A2y6 z-<g3(l9h@di=){sECNc2L-LT>5*zobjM7_o{wq#TACBC=H$qknqhAxEIbS<L{$sWn zIN(yDHSJifPH6iHanBN+GmyRvU@Q=%Yz2*_(Kp#PvR2>hw0o(#HE7UDF3n(|bP|)n zW^(VW$v$V65la7Qg5knC;bh3)C$aMVfo%}Pis|PqMwOBkrbDOXBT*RHveb6=ezm)A z1vzB~2T>#D?YxoPbZnKtu+VH^A?$1XHW-*TT6@k-`m8%<Mzb;$KjW07GT&_g3VEmI z<!*5;7(I2k@mL?#;>E6{*sWD<5Tjn%F-{s;rz@Z3fu(WF=qtb>(}hZl0_`*;1NdsA z)6LxTOfhclZ2YQG{1^ll0xF>M!7}BRWH3?l#^4ttZ9+9Kxo^%9YbHfoH*s#5pG|5f zMfEzz=M9+mr_3k7LqVnnHwOrkU{~aGY)=_=zyV>=%8f|`VpKbLr2L9*ALOe8xSG9& zc*iGrw8!t?47f@o#;@zEK6jb^Y4?L-3#aC9!=W#~MQfN>``ci(&D!guHlknkF4AwS z5?4p+#!?DkxX;KA2HxwK=ZAr*qr-h1&+oP1P4}ZKx_UmLSmA1leJM^^Fp1Bf?VgxD zsLpsCCHE#JL8x8Nv^ju`xDvF=SI-_b3OzyWlw0;&30>$e7Bp}Ha1t_aHFJ-HOAh({ zjVg<88&ORPKj{NOHm%o3Z@4$sEdZ=m!4lqs7aVfHEvb@EEZVDQpE<Wu0H<5dW)4pu zx!)Ml$hPeje8R7`*`PUZC6B#or>1E|lfKrkJ7J;G-ep7q8^OK@x;Gh{tjfH}p@|&| zQ9FW_V4)d-#i8FISbRIlh=o(_b0cvV8mz%#ECeG%B^5-YW3)`ZJ8omUWY0h*N%{9^ zUTJ%!)+r)K2*p<-7!L8*b-&@*52@F*UlZUlJZ2`t4_5-Q6>x=yWM-<=yy9MVl6`5( zk`k_0?Yk}OU{hZkaJq}}mBmsBB+Ajuo(&M*FOXg^6GOsG#>0{@G&ED}$S~wCdm}GH zdC5?c2B9Kv#7VU8tb#DS>kX;mocj~(i=n{$7-Pd}c*E5ttjz<JxNBSRXh&(!VQA1& zI!h@5nH^&y=`>zlzh#S`@^wGNrEKB3y!T9If2;3(0L{nuzRORSfnG=ZvkIL^Hp9>` zDyKgF^ikollI6lZnx5Ui8epr9BgF@GhkRhp&wy2q3v4-UXXw*Kv2)WsVa6g?;H*a; z2fu}<GzH!+0=c#>B7y)&gY<L<8A)b0v^tD|kL{&;z$aluN*~n*KlFVcXyRBj&IZHj zbFjgToC92CvO~Ihi_(bxZU{)Y)<9#iC_-N{y<4uwv;N;ouux=O*uKH@AWUP2CBf4* zH!g9Pcmbi>2iswk*CKj7^^S-+%d<QDP}IdfYEM4en#CJCrV=0UkLCun2r*gQNrM`c zn8p%INxEZhlL$@a&>XX?Qe%I85O&Wygxb{N=gBVaXz=Ok>D8AxfWwksOMO9wp_<ZS z3p}fK=)=TjIIR@=MpATdl}>$1%Z;(hnxyowOy=ipo$gSG?7^dJ>njxU2CW#%j)%C- zj&S>P$6dM#Z+As6$)H=Q<JS=K3K3Hwqw3e*&$&^$e}PF>3auF)AwMP)6iG6WvA+(> zt)DqOM^>Un-EZ(}uGKztpYxiPYh_t%Fe?nzW+wlC07*c$zhYcn6Wi*ye12`@n_udg z>GEB(X4PD~#BnsuaT_}O%KEmg%I+R4>#JYW-~v&N<sBx6#~Jd7RqJkFd&XYfS<yG% z)dO_&7|_u#G<&d0tQ|Xr>e0aK=mL%E3Pz*4qS2^I9sZ4^-nf9jpLSVeaF<ui4|m2v zEym#bNsLDu<_KL{i&=Gz4FO66=z!)_WYE>eXH($tm}VG-9H0n$s<@84DETSZX{B8R zHcV?}rKtwC1wm<82}(fP_Ebq^idwG>QHqx<aAiiY*%00OMRNMVsn|eYUz9bwtQNPK z1{o1Z@62rZP$pBp^^23`Pg?6I(*BNgZ?xxNcgOlB2mZ#sXYTG3A}tj+vPwOR)if7q z|D``xG>7=rhkvlI_s~qcxw0#fe{6iRZTdDCg*N~h`^lHE2JFX(Be>C8rn39wcj~T_ zH|OEjh84Dxy}fiB+2yyC?PY{MZHOCjqvH)<T4%`k!V5StFAkD_s)OrvT0;gFkLhFD zVaU>AIrLWC{BuTKUQTm9#~ZTJfe3pzEsKM7<ey~N$w}CW7WQ&n)($Il4b_xa-jGNu z<cwZYQuY%X#?dykKECDA*@jhn9=j$s+S4FuX~JwUMcdZ3?7t(Bo@z@?bjCQi>)}5O z4#D6k^O)1Oo!EEJa|c>^XHYVVk~!)Nlm|{fIeB<}EF255qDPS`{Tt0K*gotmsts=6 zJbFF+EzR1dQOv!7pFa_eZnivwpT}6hZ1rj9=2&j7zq4heg{aM@vqVd_CEMTmW@0AO z52l#bZ5YPfWH4*YI-uOhK?G13Aab2aWvzH>O3l<@ktFfkvuDo<%BqWhE|!z$`b{mq z76QxiS%M=`?=zim%Ao%Z=mwlzyaVY#LIw9gIEFWgbtaWnW8gielzdO|%%!O<k}tD( zA`(%_FtxJytxJ?-vqvJTx=1T^OaB8y8*Up4YC+B~`7DgRw!g09wq6z$21HgLGPO@O zyTa8-SBA3GXiC-9y3R_ZE2!Dlp-H6Kw0!?+Yn5oX)NT9n&Whf~pn+^08ff44g)Ns} zW%bZP^ekZ--qaIbzwXi(3umZ*A_!k&rlNDW)+jiIsLvbrDLM`z9b0*anRAr65gP9P z@3*8F#@$`jb<^594Wl<2RLi1I0u1cOevL3Nu{wPX#DFi7w(WhEh+?xC2M}Pxwh{8F z-8S%At$T(T1r)drK*G0rR<GGL;LL66@2nW9AZlCFtwcp@MQdZtn}P8RaB=j>fng!5 z$)a?y6bDdgDi+WR0RL{{cYFyX%23anoH=<@zp27kL13+XE5HTneZ1yP8T3B@Z*WRh z?|_oXr6_<mxk}CLQ>cEiOb5se4kG?Z#u9M3LXwfr-@Q!#!T6&7_ucg|^pCG&%#NVs z07S@W%0G?IaXKgTl_X=(;(yH>mSdoKUHp?^;NoleXLJTFNiupZC-M2G^JRin!G-2I z%^Y^S@)W~7wtwdc34xJm8i9L;&!_dt_T&h7?YBfWKxb;(-#IoiM%2!vXNa+xv6;=2 zZwwyHY=)Mry=gcp<&5na;8m!T)x+I6whxtU03Z^jus}-<%Hsw}{#=58@$5PNjDYaq zG>!Sj2yBL*0U$vAADnzc26wm#-NGP)d$dbA8Qi5B-Uh_H>S4A!Cxcs|3J^d>VkthL zk0`2@uv%4}!kUAv1O}8^8dNuB7P-eq#tzYBv(#LBXng#$W3ksE_YnBkoBHfwx0Thf zG|3p<(S)miI_=$WGE-Uuv)@tORZ-qm<M7sMHH4Wnlr<NfN5RpTh6Mng5o?T`clE@& z=EiDjChl6di4mM)*q`_A*{s!RHAczo4H^u3rflfut@sE2Fv!K3!M4dJmpjo{**uys znjNLkQ9^{JG?)PBG}EvibRCGrk85tgB3KIhA>yRI&Q@ISN<k)?g8MyEa4%8{a+nmP zG$|NDFf6V_>bM%9<7$A8tL!wc2Ix4XJ%IH0=~Gb`WvqmRMH&ROmO5b^Mt&rRNKfao z-RuhMN$Uy?CD?LamIjTm?YxW{!*T&4Jxi*-rOXmo`eHI(^btt2P2}T@;I_c0e)=D~ zcKW`_^2FAMHjf-mGZr6YKH6_}f3~L+@EpK<Rt4JAeNjh&=IkGy7(RS#>)vPX?(gj; z^o3n?mwExi*?KVDb7&SYp6)sz-6<g5#{lDxVfENsNV=8r#?HpMMpA?vQS`$t-(sK& z?)0jH(p4U1LEIlOjq@jaV&9Ar@S%&7kVDo}DnX)D9)$kZqfdqWQ&8T4K-G`#q#mS* z=PCRZ3a2P{{ME>y^wxF8-A2Nweak(pmZ}!_)GJi;wU|PP(DN)v0YR$jNAhP-ACdU0 zfOi_Dw`9!78wnF>bZg&|-3k+eBp<Q;sp2~5RV@ho9c@IqV93X!j!VbAeY;1~GXrss z(bFUWd{^Vdp7h+eZ)$1V^ThP^k6c&%E%Mg=?HfCS1VKatL$^%SSe;hJ=r9{Z6Q_4b zV#k4n1ACvktGDOoudEjj9j(dEHo<6EcKHM12#AJl*ymBj#KuE{iHN03<?*fpe|M<_ z-=zZA1%G(5wz6#D@+)aGFW}iSU9Pd;8OhaV{8>JO0$>92pV*n?y9$R)!i@-Np;4EU z!Iia<oUC4pLRq5oidEE77gb!cSoBNE8Y*#w0&az|dMjLI^?u_^tX``zn_hwiBnbqj zJ9r-Q?K?u58wNvNVVFdlM7vR=)oZ2XXv<c`b6osWA;6GU#a&Eo`rJf?!NiF!=mp9E zZ)gFMn#FEWc7M%RR$9Yx$Qo0+jl1EmwU1h@sckSa=&_!Tly1-Njg)2=%tkC*1}FNw zxxxOLmRwJ!J{!*P*}bJn4H8r#w>gtUd@*@0p)BXXW$4pNZ(C4zP8s$$=*`KX$DWp) zT<BA?cWJhRMEYS#4^4kON!wK(aFry9ZUGJgCP}^JtQk5EfuXdtHd$L|?^shKJf(z! zr<N<Ga`MQOvpHE|H<CCb_?_^(iowi4bnCs7<=?l#q^f;YZ?yYhPsjS^m69sz1(F2H zbJUMDT~(XcO&wWRK`{)YV|ASF?`2>}-|Rlkt(X~m0(%GP`{>cRC!n5B9^AZn@S16O zG$+n=#`KUJXb1g+bKrFlTOizNU&E0*4?dB3Ja=E;?&*WMBbm=+cV@52^kzHtx)@b! zglcLT)_{-GwIJml&pG-L5L8dEAR?ixJtkGghzLRoy(?QS)C~&$Co=avo|EC7jvUO% z%kR}<L}8(2xE9_nt(V~q9pgC}+!CQgjSmW366zZCGR5LW04z(Btsfgxfvds`uIrT0 z3oG;Eg6bpPD4%v-XoOI40jSuF6k2)&NGV510qJ)VVXwD8%7`#QN7&N=?AZYJ%ufTS zKnbR&3)suc%TXB4?CP)Tvg&|;&>2{(zuY<4hM!%A3?jH?>YfP&N7^fJw6%y#ty1dJ zQZFjVY#42tz7m;NqI4bX-K3>}(-Hk1;Gwqdo>cub^*li17VHSZVt;>dJPiGB4QGS! z^Q{e<gJvw1tYLE-`o}XPxz4_jEuKqdDzfe@hn%qrDd>^UB+o!dCDF2}iX-<1HYdZj zog+CJwob)!a<RR%h>y-f{3<BwQ)xM{c$#`13f>0<-~N)~Dqi}S>N;8m&c?c}fK!qh z-tT6i06($dw=AAhbwJY~0^EQ-j&zVrHo<KI=jS(gz1`3W9KWHu34ELy?(d!z9Xw>| z)*XYJ`=Yt={-*BSaHc(5opGqS;iAunY2nLBWyuh#M0vVu9(1t-_2HCZC*#qa47vfS zgj~{*)LH80m*jpcWdEPo-K&KKnpU)6VQj_RA1URNdinkbhOW6S8*qF`#{WrOyHZS0 z^~R=w?L4AXeda&^`RSuG(0lJ5AMY5Rgb{rDk?DHm#XGo;Y4F+|gSASJ@4(*OM>7xR z?(CbH+?_j+xjs9U9nRRDscc!c7O3X5b5Q8(&uI$I8<xwj=DM$R+}@*^J0Hx+u=4}E zbMn&eov?r4t>GOs{W)1v^w#Q4N__Ql*ZlX(K>uz&IzZ%CaLN4-3|@0^D8QPP0;yCp zP}^}^4*&#w&<Rn3>ZVWSmXA`>N^bZg6p(;F)@eVjKZfk!1M(EWl!&cU_8A`Q#hxK< z#B`Vs_<?n!euyS(V{O%FW;oZ@@2|==nlz1>NY;Uj|Ln_ru7HtqiPzped+z5D5w_7x z+i*?>*Ed$>WK+7(0$TZ5=gYCgk{x2jT!H)uid#}|wZgrK<SDH!>h(nJI-Nc0@kVW0 z^M`1me`k-aD(uqH6aiErILq9<Ed=9qP(O1=U=I<uyUd~0I?688eV9Cz=*enzdR`Lz zZiZ!me|AZVL^basi5|p`BRgHQrur5r$N8$MDjCqKxl_6-@Jjiht39}}8pXZt_S7vI zlSb3MH#gnCF|$55&{yqG<+?M;Y(dz?xCb2T%LS1as&GF?cB#1BbO>~n27OKM&B?I0 zf%Q2V_Sc=t$;BR*L_*Ne`SM5B$%m+iS|KK0sWZ*HT6?L^>_}(Gs`9)3o(=g5CRE`- zp|TICv^oS-sv&d+#_Wi=dRu`?ogZ1HS2GvG6+v`mjprX$ZD>38D6*kR)rRVTbKV{d zZl6v-9ZQ+6j#|skX{hGR=G^N3L`N=@Y0d&4O&xQLD84tLs#i!R6%D@(TrIGx7olEV zN^_vv%<9cK8T63p$jPt|2khjy40=(#Yoef1(9hMis_rmRxbdg9I!DKj5lcnbt=EtQ zMeAs-qr&H@_Lx466@GAW<KFQa&`7K2dEV^e8LdvN9vC3oK9)`9A69Mh0qg~2lZOs% zx_>jYzg<C~t2v;nQSe8iW(+FI|G=hIn^q<E&Fxx~eCYnny}8@^HjnMf?K5fiWoEPM zvqM1Er<+G=GL?(@j_M1cfvT!|xxh@J_Dbj}>hrdHb2998-!9}Im42IH#~@b1t{s)7 znT_f;p{=g0P|a1;B&@gz_mi0Nl_q=108LM-3OkS<4UFIbdPJrNp<pXlpg=MJ3MPBN z>8bXbK8AIx0dhGaURhbo7qgiHP)ueM1Paa204WXRnvZSj3fIz{0~~oydAfMMrzhT# zc@{s9t;MWF1f#JqU|aEBab|&#PYH4GS{qs*#?o%bruA!^b2I&!wYg21)!B|rWtI+e z-YhqO^%Zt%6bnj4VufhcyNPopFqvu2$)KA}Yjg6I9Z8El6{<~3w;?O*8^x>^|5V(W z9EECv>l#wfAq8!4UE?WyH>YDow0dHq^Y;{#NwAE*wxQPc_Zf6URAtbbJ@D+se_CNZ zL%ZU_$;YSCDtmSVAMhylD`hvyJ%oJnfz6v+ceOzdor%S4WvB|)Dz`rT4AAl2m>x1| z+pV@%@XF|*ddsk}Z02sg=H7wZ`+T{Z`gdiv=hpYN#WT6FOjoucTb2=uX;Cp;cXq0& z(ISfms$R;Ym96Jdwd<RFIT?1oetS-a-H&B*@{$`U=~6LzcYern*(avRD~IwDdcF*7 zteX{s&P6z&Xb#}O#T7VwWRASd11P+_A!;*`1zwJ?g-dJzidLP`2%tE}=~rH2`$ScX zCB6UvX*oY%5vdBo$ZrClvF87?_AOv;TveKNt5hnLs-&vYqx62irIyrEKh<ux)ONdD z{kGe7?8I){33doZw!72L0~`W*K$6L11_wJP0}PW{c3^jhNt`&gNyrTItzpT4v%n-7 z0wEK=nT0?`0}Q()JR<MCx2hy{yW2@%-0qfCs=8J8oO91T=bm%^OWc5UMj#LwHKI9Y zvnzt86<et*KRIfxm&YQ?f`+R~YldCZhJL=O0qm2bWox|#&(;<&@cGWBqrA*V{(W6y z>T`d<$i=>|>kk;0IBi_fw*L&r<}C{5K!x49wKE?GaF}jS?#t%~58-u*TlRJ$Li$E4 zgEvA#UO%?Cx~o1l+8G(Fk5+r9+9=u@d`+?{ixQByl4>OfZydcI5*W2IwX0r3?TilA zYi%t#myfb{L-5~!T+#om4IWAvJoZ0u@IZzo+nie0f8yv^Wf4(XsrZ@huW^jw6WAWE zOrT{5{y-!`bRRgtkM8UukfxPIeg;`Q_Px`UYFBk&K+e{^V-o~lm#calFf1zOaJj6^ zmXMDZ5F0I8iQehGxB+*q*@8D)uc0<%zFxzvI8_EJ&19Bm0j|QD_MnZ%oVN`zgM*g^ zX~qss#76x*Ls5DIZLp!3PFGL>4;fI_Nzh{W5h~fY2tV$v$}z8<fhXx$(Vxo8WBV&U zDz`=$M<IWE)aOMFz2ikSa%`N}BFDb4XlC`X$)y?6tZ+sDV>rq_PJ9#Vr=cPD42pd{ znb^JCR5K$F)jjL}z+GsFrA>!SZupb<Fj2@PK2WVymzE0G*SC+&RIByA(Yrk6M7>ZA zP1&aILEa0aCAAe>E^1j>Icm!axP0j-s<yoS`g#qu-3KQ++<GBVuPN;__h8S4X=c6^ zTP~|s_ojQ79_ng5es`?b|Ckj6kXfVqEB-6lv?x}W81chFxh%8?PDIC05HDgv^1<pE zn-6~h<pUK9q83oT0c{a~gyq8q<wLLA)y~i>kJY(Vg=NQ{`FnPx%x3j4yZ|45&)PDC zs@Qv=e|sPGbz+E^A@%|pYiPSAJBIQE#tc0C6BMmrYOJe#{?eN$uv%6#1mNqdXVF(> zW){A!m;?)$n)T>}PO6JxP&`}2QP{6kOz=&%i}84vuB;A4ZY$j=bh{JXVrNi<m+ef) zDja-`37rhpKk+?&>uYxVzJBT_gVl6!!%O`WyIu;;s>QEm1@P-dB@CJAx`;xy4k(2P znM8sI#fusEKcoG@rWbCPpZH#lx7)YARzr;sQa`Do=KD9iRO_Dz?s};foYhKY%SxiF z__bzG5(<cBamN#S=!wY=yvW#c)cR1)N^hT*xgtBDhX%Ui&E!{9m>*9h%#`|xy3Z=y z5%Cu1KQhzz9*@N_-23{*g}Ge!`~Pb3(8Jeth@nETkT1pp(eB-MOr^#GK$N6L<G_69 zSl)49SD~7BY~8!%C&84Hz5C|L14AC_Xe1Ebk)OGBYlly^<ouBwX(U7IuU<E_u)Pqg zT-_ZS>hE&7raIQ|i^t|SOn-1&mNkSLzu5iWVE=gX>gxl2)wlKxlu3gtn@ZY;H~Kn< za9#<Nk55zoK&*$B&pkN$Ui5E9+JrEhiBXiLU`qOkx&HCu&}P3bGK_Z1%1%IEmwGZX z<$Rr1*rr4bvG4rD3s^_s>>*Rzm05J@nOb%tf-bJGwa66he7#1iOi|*0ihmqi&F}45 zR<cYwnnV2Ze38D|BelYNw)WZ#Xe|RR^p3x8q;l<sU}|D)ETN^4q{cRlrL+j~Wl1El zLl5uk;4F5NAli5o$FsVu?)3+z4x~y^VfwB|uUmTRt}!XLE_H}i3R~F58#t|`yy?#U zgO=3B0-8%7hF0ZY(2GQo_zc$C<!+E}K?SNQ4Q&{LDyATuZykOPCG~J9&xAu6Cmc>T z;m~(RqJp5_{AnECIhUP?jy3~2a0G$83iPHVCgTj9C(^Dgj^nVk=IM$tYI&P*&B_IR z>Mxe9sNXiC%!yV;%S0ag`1mzf4yUxIA8Qd3lKAMQ-+(Q2p0E=k;`0jTU1T<LBtpq* z2K_R08Y_N%bp?uzf?D%5xkz{k`&!U*D%tIjlxK|rgi?z(=sV*Q$1x3GtY_3b8#TvC zf$Vgllb)<8XF<|^Ez`ML*|rs#he%UE6#<4;(#G1cZXknxo7AE1W)xa5pmQLdD#2ex zZlHtq<+kc^@a7q#`hZ&XxcVTgSC3zI>$W>WVWlW2wrGC17moi^km}>acH&w^O20%* zkPDA*PVPpVB46bnf^@>#00*Zys14pT<d2Mu@7;>1cJ*{_ytGmqyjX-z5r!>pDTL>L zC@SC>T(f~`)WX>sY9dlvRVjR}n9&+~JH2pOc~@VH7;QYE+ul?6ci-^mHx%~F790#o z>S&{$O>NpgQr^AZAKo-N5x@GDF~2sW+cF#Sp3?e}gk}Q1^>xU{bY|VUG&zF)qECv_ zkZh7*wwWalR2mMfG_H&FMx}Mv-#blqX|#XqUk3JWj7q6;CwWvm)|3G4mmn{_(D(${ z5BU=%I*CVduJCLTAyeaYdieSuNVa2IS{Z_@MnWD#tjq9(dR`kkq$2xGm`KD@qsv7U zb7&moAU~c+2F7j3EL4~YM}xveoI9nA2s9qfz-y8@JS5-+v<=&ND&M}AQTRnK0}+## z*W4`|C|mrM{bRwblhpx=VHthI5z70`nmuOKC@t(iwk=~Ynk0(}!L`!1Y;~OaAD0gx z0${prfg>oYR1lu#QCH8xp2nATPnA%FOoP8#-jR3EjkkI9D?hP1L)->uh;HHuY@6}r zUXUt)Ld6263+FF=3$v@BrV|zrKY9F$(+LYtlL;bB@G4h%bpqj4cJnHic{FLb<!qKf zOjafjIn2??aqnnz$qO%YU4YX?Uc`BF#aA`mHxI{b``J$Q^mh!ape!*_x3!j-?p~># zz&3-Lcg>nm-t}SA>Wf0Hsblqp98GsZirR@SP2|)g7&&!yq}0}!z&dtR)3Gh2)Y0Eh z(YBsdc`Eu_(9YTn{Fu)k3xd$aIMZ>AI+nnYV+(U&^m0sL1)Z=Bd-$hKJHhXl;ak7I zsGyEw{80=&ip>SIf^}{)!hG92bUC!M((Gjr&`*Omp}`^o{o|7pQJm#HJTWwy?H|uh zx!R<q9oxF3B9}tXPz8WPRtMgv&~thc86Ib9lM}<ZHFIrwbDB7*cmY>3Mb@%S>}oZj zDsc3-6cYt%?T(RLX$fbDpfwq}V`Hv#v}v&*zy#SRGE;v#-hcH-r<mO`ITqb<^LU_T zyF^MWY?sTAwC2-Ww$Hlr!^y%(+6s-DDb4<aTrU#mG1mo!>*$Ya3a;er8mQ8!XwA=| z3~$9EM81_`AY$7Pet%9i3bB=E%ub|T(Q%Dk$g65vg&Iz$$|28b#W3V*ZPzFvinry* za`LZj8a4@iYWi(V!)3&TMBIlgLsW<M3Zx>!rFa(8(OXV|qy?lT5I2E158?(8XFwXm z-TBp2cfU$hzp6a_YA&{4C8{4eH~zd47;UKf&xS~9L)qRoR2yhRbhSN28WEo7If0m7 zfb4Xk-GPOP$az4jS+l4%O(m;Vq^1A?;(rP-1~^j_CJ-<N+02T4C%_ogD+5bkyz$6? zJ=|Mb`s*e5+V?k}p@Xx~l?i#u2WP7XM}px09RAYBCO6!E=0^BB0bg$$zw^3M_uf0F zC+@tq)V=3UM7@U_C#V-7^-!hcX{}N+)N52_&8W(nQPYD)l|Dx7hS-%NNn9?8aZi<c z$yKW)$Hmz-t0b>nBnhv4yCTU|#BS{($p`l&M}{lWHu<yJJr*W4HN7Q^@_GNp-i3=K zM-w9-+&FY~pBwz-<}cqhCWgBsjUi2I>wcoSb{|L&rR-C8KYG)qJN6G+p>Nmtv#mP^ z_ur<BaPsrGR#?f2T<8IDK_zJm?p!6Upwe7Gq_wmGav~ZNZb<Q1h0RRF1$%JZK1HZ% z7EjBWmM?cYgHJTpT4y>{4Z0$8eYLTQiKZt%PwH8N!QqSAU7bAxk(DDgHat-BnL<$? zucH8Uo$QxbmNnRNQ+;necKKMnt9K+JPzIxsH6t{kEtl%#bC4$EKvZm+{A77@cJjlM zk51BUkh{N9p?2{o9Y&?4))i2^7=jnPTnQ++yBKj7DLoZ-7p4EBQR{gM{0hTt8<Ba# zSFp(gKgMBuW&Tl~<a0mhGrlfumi9>t5~aZFejj1rPROq*!rBDZRbh4K5twNktZthp zSc&!Jeo&K)uh$4kl!6jvrc`L%?_*ru30i(l6XPbRE~>lueQ<Tj=eqXXIn%jgQ>Sdy zA>7<d`Ktc(NYRt1Y~H@5l1R-Rn~PQlQg()-aI8MuJDyKhQubtJZu{0s0+=_|pp-aV zwrIc#4Ny<eV~O;};@!zWI5TwBV9&MV9lXUZ@`5ZP^gY=nTO*y`L{BmpP7iJ)6mHUo z=p)2~#4i<0pnmW&ae&wjX+BIWfLG5%Q`Tc2MUKRP;1UiE9~ia@f_3<SZu$;l`dBqk zziG68_rcN0*XK6R?VDSeqjGb(xgA~4#t%;Hcx`n0qe9(Py$@OBtfEodOVdQO7+AuA zpyw}GlvO~Bl723}g1~zefQ0U2)tdtKnsTGLNywQwaV|IqIfL(Yu<O|xyxZuG*J|*7 zE}>p?RoVNnq0g%NczKOlMpEpN_JZM6E78c6{IXw>zisu5Yb;IEhe#d62a-6F;6El< z5H9csUAYaZ<i<{S#AiT01{>~~XlL@3MI^iV{X?#dMRs)VzH8guZQIg6LMX#p@Iqaj zmSl<J1Z{b`y;7|(nyO5AgZ@>dW8liNHE`{wxL)t9#y1?<vaCF=wLp!~Qhr7r(tVK_ zAnwEZGet;|tf~{Ts;<bYx+1I2>{(T>W^rK3VanDcRiCNus1{n`jQT~SIJ?v;wTl;U z**I*vUW4a4Dh^Y<=BP4-_V7f;EnX}yLms^>{ICYs$U_D(n94au_g8$kD?Iy<<_`QA zMPnhg`^FqmugyTS^zu-ELhCCm;$s@=eoNm<>?cm(`Fn17xVXOyb>21OjTebx82*@c z&g`%5*`x1@&(wET`%q-fSe@>e@>b=#eoUQ^QH%$LULa*IsF9tEYW6)2=?H2QJ7?;( zomHh3Q%z|`FV}1OF>Q86p&Zl_(rL?sFzRyb8gbPtmw0MKrUoL_L*wC%s7?xp;4+;! z!t$&Vcl!rzx@u(F$htNUsB^6{DjZU=aBCD@wFlrr(wa;{xQmc0)X(TV83$h=2!bJF z<e#HW;_&g8p+pZWnFNpLhehOBX8it)fV3n}^<;*tVy3>Xr;1h^o`_AeN`d7?sQW-3 zr-h;wGt3baJhdlNudS=}RAV+=Q;E;VHI+CU7v~SP??>>?sr&`MtQAf-^6!w69{2A~ zy?c78Qv7Y*cj46WS1Mi1kS>pBW_IEnTGIxT7yb}EnQg>Ob-222U9j3&C96BlnR-vv zf(B}AdUx9ZN3wijUI|rRKw;%({jy3rm(mPT6{{piReN@t5g{QNEh-tA-OGkQ5@``t zNUj!}lrO81T#ceFP*G_$J)!%yK~kc`Wq)J1jo>832>#^iBnN+|EhgbAW{dg9y<^R& z^DbXVG#gc_w=qMqNhXtNEp`B)!J{`Wt*&pFeNf;03Gp1})OANUB2MkOBY^@#8*bVl zx)ICb@jK&NHuS`0Io`8j3r*ax=h)$6hi@>}?;X3NdbGMR;oeif0ijgr9^W~QQe2-L zoNm@+D*P)d5evvUq>+^Qy)E3Vang+&zSmf<HJiR+PrY_Sb>|pn<<99r)c)C;dIJTM zAftqv%PKhTJE`hiedxU70oBI-W@MV#r=wXtW5+S#fY7W9wS<(Yb4MFD87Y)lMLG;( z=xt>KJddK)vEi`k?JG;y7_{$jEVl~}R;xH9t!hO5R;&@vC>oI_HI1krh9m!=vc~y% zU}zRA!h^+w=7aO|2hEgc24x6sD4;dC$77zYXx?$`pRP^~RSVTjCfMKEPxj9eo_egR zLn^?onu@9dC@XV4(wta^u<+pBq4wjZ{IynFM8DV%)j@x3mWX-kwOG}z!&<<uS%NJc z(9Ae__uPL63K<+|XR#DmL*uqsOm6f!aCQ+wD$ciwO-rdzxivCKuEfN(HF|pr3gqJn zgh4=kxw)DZD0c%cfxNN=^2!nhw5o{L9TOs6U<AKDtN6D8)shRSmK=P26MMwy%@cUz zNYzCSsD57nS3+5{;|Y#-jYrP|x&=g_z^$q-+4F4+j-CpuUSN*mg3}iKzzQ7TCi=jN zuu*R-YD9gSvH0u`pQN9D2rpY{p&&=T+BtM=6JraYKoHwp&AMg#%;0<PyN(PuV?6(N zcJId6&h6w)t%w^S!k2zS9fMTt045dl_|lsd2U`3M;C(1!0pM5O_<^ia!>+#CT1&$C z)uO&iXsgmb_@+++aS0?ukfcF42@k9fgJ>9p(A#ndL_;8mj|M?B2oeIgIRrwebe@&$ z)ld-n%ka}{6&4!VA%uB=J|TXEQ2RW*Fq9k*aqe+$N`q{}v?nt2c-1ST{0C_5OW_XM z2_xfqk_Z8j#y8^NjhbyJ*lrm(+*IYvG&ihji}Y(Kc7BpN21tr*T*P>P{-n#SYdoi; z(auQ@U&PAl8anE?q|qAkIQ$YreOAXBdFFTj4dMIg3}z#>gSW60lzS5XVc&A|JozJp zSw|W;#Fw5+zoGAjeAxsF3SY)9eWkJ<5}_ZZ$)x&0A9{`DKs*HEK@bmsxF5uQAmIf` z9Y|4NU>#UD0M=!}U<VL`b}%if0c!MGF+%YdgRlirP!FTm3Xhh9&|zVC9G{2CUKVG? zBjSfeomjERRk3S4Ha_t24$y(V>p&|TqE)WGx8s%$auYo2n8Nns3y9|P7s};}kmd?! z^2(Y8fp;cpu1aE-RD8qZf*26dt#rI{p9;Rw<_<vNn^@pY;vKymBnd@Tr`!f|>;(kk zlG%&y1nti~^Ge~7zR5Zbi%<b>T!o8mZ|S>rbmI-m<VgAhX%|mDLz0hDCU?poNWf2x zUqjsn?Ne_U8lEqa<o_aB3mkI+i-G(n61+&V){xujL!4%8LW|Gj11$U2Qj6<?jbS;+ zbjAdk&a#l{C~*s_zPFs(C(>Yq5|Dx;a}r8Gp7@+10R>0}38AAP&6YztZCwsH;aE6} zkpG;(p=vK#J0t@Zjg&NsE1_!!3D6$_y&T|zXz3pDnd1tbsqqLW`NpN@@_eZ*S%3oO zK_FJ4fuoEa$SJP<^kwjmHVyu9Rq)3)=*Nu)Ya-x}*g4&I|4GN$!(LxZ0xWPg-Y@`b zBIt|QjJk{8(ix?I#}~7ZY~$A*W-Cuq2q*DC<5LKtmFBHxa1MOlY&Gd9y^(302D5s! z;~Qra8hemlYn-5N!x7g-g?b)Hi5{erJRs!(P8{lTg1EWYOeR?1M$2>qZs6)iWOaeS zxXWlAH%{tiiAgoYg!a_QDCz{M6$Ja%ev%qELZk>$3MKliafGhj-GoTBDkV}jhU~gk zUnshR5~;t96{*JG8N{gHAGWbH0Mwg$DID}hC4J*bQKEU98I*JuBemP^G}DwpFuj!{ zU$k;GniJ8A`Uv?|vO;@^EHOa*F}7$J`@nf{)foci$essRSA0V3WH9Kl9}nh0XReYX zb2+2uWOA|Z6UL*|l8UB-FkR{r#-VOcnu-NuCu{KHoc(x>$cee1=O~_n*C#zEYsp1p z-zRFg4HZ;J#cgcuYY|=(v$3`G)DGE5Ry_WYJ2pSiG1(hPPS!SVGX=WhvB9k0V6vFk z?O#7KUvhtJF1aplDRy*}qvXHvJZI{RrR0usI=3k+M?7h-$zqoxUaQUT^z}~XKf=pF zIgyAaAgyYUR-e&Zi8#?m?8dY*20EVxJ5VqO{82?BtO29B<FW9f>yUY=>ok2-3mue7 zDm*tP3OXy?@mNhckM25MgJ)`ig3=0Lk(D#MA`Ofhzp^V~0`fBm*~weXWu2a|D4S`$ z=(gG1B3-<?t8z`h`%g@PVl+0IPmZM`#ehh?F}k=pW0WJ#LEeOt$|x_5@R{MC#<SU2 ze)GYR*ho(>)%#2?8|dB$#{-fQC+#9Si8*!GoY;BTW5H-Y<qLmOSfn2ANPe0*+P>2= z-Xf<W`|PJ`J|X<cny}bGJzVQxlAo?IN0)7mgZBw)a<pyPSg)`Z_n35&IwpM0x{v)) zX7Yw1TP7KIaC!<2UdEU#hsLHRCo;ovj$xqx*=@3zjLy(Q56mu2M)jN|8O;_mXR{b} zA;-RJ_wDjUSP50*Rbj6_sF&a<?@{*dc${_hJPme2Lq7}dtB6wIkc*{~kI9S0Pw{QC zUQ%$HHEyDl<m6*Dd66%Es>ZhqbgA4zc6etXQBa6K=n6@)pwC}BxM5ex9UR_UF3cqv z0drJ;Z*nXdg}xW>FUF(eIr3i>4i4uF`PugkjxNn+;&G6p4LS<W7<6N6E*I?H7>SPd zgfcy7ypO>?ABN*SM&yXwa5hN}`V9A+@ko*<eje<oI0%pRgxSpIjt3D0lQZ>TaFIRf zJgV)uv#7$&Yb!g51_876L=9e}%fVr;10D)q7fd}^3obg@lQrkjWji6a?_1NvYm)8D zgrJ4iL>_iq8^<lF4TX5Q7&00S=5VIa7d&|~G4cM9QRpVzquVqR>5f`S9pQE*)~97o z;H_@2%gnR%gC|E9XVS^hJ-yQCq$AnwN48Ov{04YR?<IPPtMDqV#X^|n^I&I1O2@;7 zhdK|3Psyj!N4!hsBiOsID=GiKC|*!f#ciF2hiaXN)8SLKv<!chGqIcA9t>@+9LlRz z!1T7Vz`;|bPEYAG4&)2n#G6grEqb%ZW{1q4;h=t+aTF$sj)I+~N%|kn79(lmJ!xOR z)9Z6K%8>Os#DDPjPM_D=+c($aHn0Yhji87$c!N9u$Lt_6MeHJeq{KV6fDs}|Sil^S zfyUw1bA=52iFwwa2U{O!h-swEJj6C|RV5kIohThiZaGo0Z?=>6>Tw~*P`z-{=lNje zc<*9x2iS4E5(Gg6b!y<M!JCP4X1>0t$Ov>@>o3mNODb6B^DiSzMg^qthZqyNQYh(8 z)Zh*5TTavny9jT=^VQ=ue3w`8U3x3WYv?{uq=LXiwcW^x&1@C>3*IUter-NeYNDuI zIs3WyvgBv@%UquPtk<ib$O9&J(qaw`UDXrlw-`<F;3slZ-QLLfk;&@y!~TwhHyClt zuJF)~E^pp`mgAlo=<}pJrh#s6#$(F$<nM_%Cr2^^5kdETmu$^AbJe2T#2X!=#YyT( zd%QoK+}Q1t<2}LTu-}w-N7gyyQYK&R^5|*jXFK~OU&7YeE&8I3gML4$^CaX*P;dtE z-b~~-$lKwJr0V6<Nekkjm*Ai{3xronI?Sgti{V3#C3;CqsV%i{6#>u4m`~T5=V*Df z?XwV^ed1Tnqa|-=M32o1C!D_iNHs+(vyWbzg>u()4s0pP<i9qhwZA%+&o)kKpWEl3 zbTT@$wFEWQwQ!u0^lxzvZAFn@8GH|Rj(}Z6un_JuE^z_(>y_5-9VoTceYWPR;ICkJ z+|MDouwM4;eQh~=|Bn{jcI}DnZh<z1J9D9Mt~1nnX40uQ=t&a(IhXePQ|W-8ATNCv zya9OljA5uvCshv^eDCoTPoQbU0sUh4*|=}P_Aq@j(x3P_FDMTh?>LX_##+4MTcB+Z z*Jv!)>f^RTtG!C(t#|bY2ZSYC?Ui#fd_K;gX9c?yi!y@8iaNuG^Z8IDmk*K8cFy$r z^$f#XMX!URscebtzN|NjG+hg&shhYO^<|hN3gCXUa}gxC3_JEDv=WWrJlekq<<Kp7 z4@sI_sbZz<V1zSc+s|mrvTK?))GFfC*UGYEtg=jA%UHa!?3GyhJ1b@CjLv9r<3tG7 z{JC#%hBo2KHvVxH!3w{mH|i<WV}s4|SmSkzp!AsdCG2rqZt{*ZM)45tm6n@)Na?|< zQuND}&((U4*1gq{O8pehyQ9QmJW_ijaI$?oHz*-N@e-qO=Cv8kr-v7Vr%Q{2y{Y0t zYRS<?T{S~3|HBgej|l7-hU0d4u@pRATYkZc9JDKp;+3C~L@5bSa<eM)r?6vKn!0;} z8<Tp$ZMAy@rq~nS&>ZHjNW@XxQyAaw^mOI(&ViYNZSA4H@-yk=;lB-CxxTzN?&6~B z=lWGiJO-)Nq3(YZm0EhuOnA+YB^INO;DSaVB_|ANHB1_F!u(jR?Toezuq#lb)qAAT zjv<CxVOM+mBV$R82(C!TRovILZmzIQn~kF`ow%$^xHC|bZGtw}Bd|ACXmzRkF519- zXfGmYWwJ)sL&9R@lZv;{w(p|gdI%cLbmWtod+_#&R=wmSso5K=vkT+l#MDhQ6NkrR z4+ydKx%B#^4ZY56r{37OFqchC9U9wsWJ^bC^3Zs4tjF)|9_vVtcKi0Ar>%iE$<M&2 zMPANz${Kg45s}}Hy&M~1M=p-BGat~=o(1uyrlW(3Uh3_Rj;we&ty9~59dvekk5(o{ zHF<HluT$Q$-rbQ-Iy3>K&9WGFcU?Q!@^z}&<Y+S5g?yc{#n}vN_1PM4(P*C@J+!0h zXm~;v6*}{?@5jDQru&&}PVsf1?167%k9ZX4sE6HzfDB{aZM=|J3=4Muf_<r#&-9B6 z3fi<OVZ2aleg6)!m=u9iHhu-)hVBh*;GhB*pgkeCk1c099<iE3G6U`L??_HFL+feI zne;Wjuw3HC0!fEKXV9C`ejXdhuYx-4MOnci{Sr|E+nx+|1Uq=wd9c0WBlz_3R|`Kc zkcHj{T_rlUXgvNE>01&h$q&*;+jkY3U%stSC00luuPIxj#(E#D;cF%1ahyN|^@T*s z52`#?09x_pLi4NV3-v;WUbj5ruKInDBK2tb>Ym`bT!7b8G@~>6lD)C)P<m**oC=n< z6#ZQZH%G&7XuTZG2a3@6o+ziOTQVE6PEHVbhuvi5Y0)Bt6W)-+k*xG21~W3tn~d-q ziKk7XDdqM@oN^5B3mbv-dX#>IC@NmT6GSACKwKBC0v9-vIOXC_S&w8MW|UES5tnmc z_{CRWz+SFBaKxH8RdZP@R_;{IdW6Y5tU9?k5kte6!Vb<#`+u2_fZSbl3_Pkg%KnhB zZ`%yVas0Gi_5SXMpSb&jX?I+&)6*m+%1$`#>vrz}ab*90h&IqV9sKhl>>d1jp(yA$ z3zq4xlDE?~Xr(CokFpWP&GjLDDn(c-wcuC?KGt+{o6zdY7B}h%eDJY0_qI8qFZXWS zf)Mhu7zBB{D`Ih&=*|OO>$VhRJ+v5YE>YiC3RP2@vTeGvMXWr*lwKLK`o`DC#`9TF z(>}vK1;}qg|Hein)V+x;A!z#Dd&U|vgy7tIO@(8Ep^(YFU|J#;lt}`(@@^;cTbp|m zHNRJ;2o=5rnjhM#FZ9iqFZz-Jn@2EEx~C|kE$sD1>_+Nonr20>P4-&!)Pp2-FKG}x zv<+GsykKgW4XE<kz!|`Q@DgvJN!**gRx5afG3Y7Sj}G#i)c=J2*ht)pbNqv$f}GFW zvamB1E@ZQ;vl*E6>uqJU7AG;b-i7>n8|6tZc$T!DDVr8Hw<*F~6KVStX}eMjE3a$c zy>Mlx6KnUs?JadX6iJ5CeU36%LvByV&XR`#d4OVV=#$Mz{iTj#B)84sl^F5^BzZGn zM3>#}GV7_2kmQZPASq<x1alji4)A>AQ!S#IMXpISo(GR80$|WL<~j8f8ofzqFKmZ2 z%o9t>{2B&l2qzJR^A($O!XLuH@#n!GpOLvdXFLziLGLIS;Zh3`j`l4`O)~<M@vCh@ z()3!fP1}Bc+u}8l)hR5Y?&sazXHCRavN=?vmSM=vG!TPsr{8KIZ~YL(Lfh6I6!l;H zFM1#Z-7cSGppGt42Ek)@2Lw|8S@Lz3XLKYS&foY3RC73c7w`>(2_Dol^fP~}L#sTD ziTy1a4ba=a9#SBrtYjfe_Usb|gVAvw-1lTi4zjZCJh;EY8)ff;ofQ_?8>yRB(`osZ zU5b`Bww>i{E={XjTlV!)t(Ez<U72R6OxocSfNuI_2AKVBC$!vkC&-VHddcT>`UOCf zf{D`^OvclsEZBG*$?#m`CK5cr7~zoOtRk{M2<jZJo#Y6fNNW4NE}qe|6hd8n<)UJi zpJAyAMp1RYa<R2qtT;tri&mQ0cvN>$Eu?CkMs4eYV3Pjm^0sfmZSP;v_Wm{6p6n>~ zr!%GgOyfy9)|W~3^~1I=5F{{O`W1MY-UH2~6cNL@ZFI~tEh4a`A0RNovvjP2KO?8~ z2hX(|b5y)pNVeR(1J6JY$Zq#q7zr5c5w9m=H<(#hG7v~PS=N~f1d=Wm+@xiBQ%~_0 zp4LM}^V?D=<KZ|@CKSrLIL?(tl&xQ?gGY6H@e}qd<3uL+6G6gGmd<iw8b0s)2>7t# z1<eXQiw;&iXa_nsI=;+->t5@jPeKpWE_*~hko4B5*AuofEGtKS-nfHh9dWNODzl&m z?Lk1nKjbA|G}1ID@V^WC5>AeDCVal6%V=~Zp<JgMuYe`uRl-B~u$Jc>UP62xRmwlX zRp5K5=iC?7U^t_01>I+DKFSibhNSywlhtLF97dq~DCdm2T~P=3r-ANV*7Y0`JQO|y z){l6C$cqa?Iz4^q4e$VU64z)Hl^q3b=gDK|jQ)sgiWZ<0UMye4Ng9Ym=vYO-q6iPK zVxvnd>GJ^MU@(a|m<%EguKY{|gB^%_9l>xGy=LD^hLi)4oo=3YXCY-y!KXY7DZ>#d z<r($oFMZ`K52m3sPZ8(=Gk=fB#8#*&{BX)vSS?XLoF5v@q2EJe`P?S>i!^DPx(O`N zw?cY*RC<rWwp4PDY3+b_No_hF=*nlE&oMlXR<gkQVRz7?*IR-p*CtJU2j24qQcvw7 z=HWAd#*Zl@{kKp~9k^#AP2iMH^u~#kpB(C~)v`S13p$g{XLp4xIz2hBGg<w1SJ0xP ze_;{~I>ux*>5rKN7T(x~cdQ9q>L#Diz3?vD{|d#y_MJgVM}eP1MdgL}k|_GWqwNOu z$eNtR8xO+KhuYr+&X75BJptz!W#<!ytLq57S3S}$I<8(rdzCd;!4;0+jgE5`sj<fb z|AD_Wm{=P8I^hq*<9@y5hIHCQj=**=k_>etwB0@qCG~#ldh*Zco7#1bCq5=ZmX$AJ z;iNqk{2A$-i^XL+NAn<89FgthU3$@Bu{Z_2!)OaRoFN+v8uu(a))}WhrYRlpzqNOb z!t!Gx)aN>axb*LIfSw?>5jPOG5g#IIIN!!NzSQl%)pZRc97Yw_Gt;S*P(qvij7;zU zH(^wZHsHD&Joh%wpFtO#tKlm~N(v6Z$h5Hk-)h2WGti)w+*lFXMUHCP+BRk9*CDE> zWqvEipskA6jTO5GzvzGs7vgDQM@p;4&Qb6LQ1e&bJDx1X#Ps}wH|)G)dnUf^uKDoh z9lJVgK_}0M0hb)GvDQ$*pZ)*DeFvBv)s=3At`1e*6*}jfd%Al%&h+$zny87IoJV1# znUO}casVNr0Kz1Z1@<~T*fqw00igtKzy_PK@!FOb`_t~){@}A&yx7lvdb`Hh*w~tR z_f~gLkPsHT-tRG@tLxUi)m7)7`=4;{Ikz!tBS|GC#t6CHs4nLRGr={pyBq6vuJ24) zP#<Fp+uAl(n>3M@SgI|m-Q#MSX$-7h#ha3w){lDPjREES+vs4$#x=ub>5<N6SMAQ> zgtuj5O?Jb?cswvVHtaVwcl89^q(TOSDx)w|<~FVMyUVR|OsY2+tPCloUDXk1RY0c= z)OK&cF;ittODNFH^KMHjpf`o9FZq*0buP{l(1j;AOh)W=bv%A+vHwI1qN7L$vJTma z>?%e7HEiBWh{&3nUV}LzN_T!8t3XIZjcJh~B#2(*Njo`Yw-1qcdVL<N;?;=9Q`4|H zV%};XdZnwz|G?~;nufd3u9}U(P26h=n=sd1fc*{n5Bf=k<!`JI7{Tc>39iTq+7)+V z#{ZB5_gV#Sb~d+awk9U*{$5kuw7G6BRJh?)ctNYxrPIrKK`eo8h5{>ymRJG%NLEM} zIpIcK#b|>$WM!h`H~07LZFgH+b`3UsX2R+wfaasKsio;~|D=lI<YE*P$=y0tpk}nm zyKc*_%E<>e#8DTN?M=fmV60|>f!d&Emn}P*?L3x9t{d$3gtK<V{6C|ia9?+)*V#~0 zVQ9#81>N-{sZe)kSD@|I7T;`z3jh#-Nol#Y|9D+Z43+8iDg!H%Q8H^q)SmRHV}pCJ zqY78J(&?xy4{ME4r&{YzUwWaeHEoUi{aqbhep5Ua!@g7Ob4gyj0DAiv@-Xsg<hO;` zr<o%MhD8Ij10B~hyYpD|g~<m9vR2e_?@L$+nFSg~=*+ESlVC{xnU^z@v$rzLt+SJ& z4%18MuaPj4M5Vl5y^WZ80N-|?mOLUF_JO~#JKx*(>E7#KMrFttQjf|3Ohhk61x65d z4h5a3%diE<d0|a0;D$_*C*W7E#2Ba4$vpT8OHRFwzx+qG-T7V){LI+(c~o{LH#Sh8 zN9Ct-0}zCx0*@^HmXTfbz!#Asi3t<5qGF5;<O;m7W28u{EOODx71eO!spRRXSXwuP zu3(x)&mDBOqJ+A7@<3hL%=W$6it#%4_%k0qa^tr?yR*%uF=-WQy<RP*R4#`hw*J0v zzIXpCX!(Vm{`Q%gkw<xx&!mz<9}p@M$t<CirT2$>w*2P$#sjkh)sA4x+63S3AHRRo z*x^3Ur5%Cp-R(VJSXFbw?ky2_ZP<wZn=05COSOj8Rf)u!RiQtBR^(W<eWcwLpPC%? zrf&bzYumqsq9?}_Bl~W<r@3RM-X)W8N{*JQGoyQ(CtrHv-py6p-<ZGf^}}zz^!eKI zO0k#_$#qJVk(0ro@vg?UR&AiBdqZXY>~NcH@PF0U?j5fTcTHWQA=re<0&Au=r}Xh` z6LyO|6ExZqygh!P#geIQMg34?UAJ&iloBOY?&97e?Bd=c?BcFH%}fAmUwevJcjYeb z+Os)k0tTyUPv^k(Yu?2@Rej*4LpQ&$uL2&A=J!>cc6Z*;-?h8j@9w<5ziUsoA5(38 z{WD{I55B%P2agZDet7uPJNWAB9vB{ecqceM2t7&*A7WyWA6R77f|jA9@|f`q!pW&T z+Hl4^4oro*x=ZJwcMXc_GjiSxubj;Zm!OMfQL!yJRwQC^ftM;gMejT&CN*}Q)~=yG zgsY_C_OEDAB<J)>gH0(h$OLVRBJt4^lt^LKa|QrFuV4g*LcJSmDjR^cbqAntEwZOz z4Qa92=Mx_Ahh*~Dv9pxjo-yUo3@@wXw757j!Gh6UbxOPjfw66HmX{N-`h3AmhT08i z5fPeDxl$W3Y;-yYTIpeQ8l17^1Vk3zt+dlNe5=bgWfd>tv_#m3`woI+WS24uEiDzv z7zL_XHI`86V;zawsrGV8OaXhCkaF4KT@8cB#-qlj-6OxjVp4`AT9qax;9RR-V>hT| zzph^2)9mo^5u@E_7qez9tz{Lg+o|_;Zf{9$nBCX%imb3hMeqDPz8}zM47s;Jp9I#% zD|!a~Jq`Yz9)AN4_i3Mf0ijhjsv3P|9@X<?$6#c^=_EQP^m){9ikK{fWJWJ$*g_zn z;7%<p?N(+4nmsSH?hu+Qa)ZvuLQc2=+^5|DSa-4*e;ExGBQUR)KStQhesQ%_spO;R zsj=et{_L)&wm0t{u9Qm%9D3cTWZ(AYhK)_mvi|*@H_92Ah>$YWj)vJbpE1>w%5G?n zlVX`fgo&h@?BLeAvD?SO_S*5Px^4Z@L%nxxuGZRYltN?Gstk<S;k7$!hZ5<LI;Vs+ zYJe~jyXr>Mfwr{G6>t%(Ny}(CTJ3S^A_IF{YG(T?<rop~+a~N;jNo}d^>U;EnHI*5 zC6>pUgv34BJl6cYkDqrsCFwkhoGyc8)|`?|mNdqt6=+adkU9BzKuk#)tb8_CHX(u4 zPv<0)i>l(%5~P)(juk7DbX_*ng6Gw-{sT|#2=p|?RHR5Om&*LL{i(_0V`0o#-#Jvi z^~9JjnR|Tq{zm|*Kvusu_)j_;C;9rd)n-H0cthvi==b}de&qN}HOZ<}789ILV^wU& zp~oi}i&jxJbG&!x^VheG{lhzZj-1Rz%e$wO*~vzaV8OR8T*P0$91oiXJZu*5P*=c1 z-ACe~u7roWPlSi~>#^K3hmJlu6)4~O%%LMsP6wXT*Ua{|Z?3oKtA(Q#Q|5|zxb@o* z55IG0<kQ>hs<u2hQapmO^en)dM??W6QpjcURV08Jd4{uc6!=5*Dy3^Yz~xbO30>X- z&{zuW6SmP-DS1#u4C^d`iSe!Tmjg+{@exod#4zEHh)IRy(u71#iN!L76s1?-rc$re z1FQ7cQd&kd!6;C`xGE)(W!P^70M&7NjuO9G0?@x4lyOFg62Kb6KM#7PsxV&$QS`d! zqb~4=r1IGQvy?U}2ISA22~M!7W%yZGjIkU%LB$}fc`gU4ic>3KbNOyGD>2i1#Xi<c zkokE+1|Ty<YZwVmGICVkJ{DsqH`Z+Ih${$6Mv&UNvE6l}w~m$>n)Zxc#FAjdUk;ab zlRYi&t}(mcA?3^}qeJU<8T=i&hKlJeMW{rPO#mq$05ljWA!Q6}=M}5_y{mce>eXHz zr%icm3qZ;&m*uo+0V&)1%NFc*qHRKZ%}6P<Zc7)Cvfo~|kP~h|Xs-n+)Bi=Fe4uvE zQ`gn+9I0ZYVw_gUQvKVT8m5|@q5l0{2LQb!Vv3gS6ksyho2r`ZjFWJcF-}P6s)5~& zW4Dh3m>kPCZtn>n8@X>&g~n=SXthP-Hrc#3XYF7jJ-P&vPJXl^(3-Y60Z1|?EvHk; zX}8<71d@_u?{yFh`T$BkE}&#nL3*!5$;PuDl}Zm`kCz2`KxavCIaESAvqkB>2$yF; zi=fa%p0o3iwxH2U#1yt^EJ*K<1kL4Z9Ic`&pyY9NdGCQI0ctix)lx9-q-3zJH#T|K zNEwzou|D_Us4u?dv0c44P4GVMq_bgtUHwGXY^WS-@U}PBpx+<(N&z?3YKIyOOew2m z+7Ewe!d9N$bi8lqbNgBXU0d(``xbzk<<ah`Wc7wd52dw2YHb3@`R3)wSs@^2g@By& zX=VmMBYldPy%ITTfSfZBIcdOTv)7KCZ)Sjq-TK8`s%pnmJK*tI|EdjDP1B7|->MB+ zc*OKae{f%C{ju*IKl+1vJNaYZKe6Wv>-|+*9-aWlKz7T+FjdRKhv=IkAJ8PL7BxxL z8Hb=r)}Jv?6PuwX`E9r+6ZYb1IaDO;fg%a7Kt=M~SJ5L&>uu0CNwpo=sT%1oSdAPg z1Elm%luBn(>TR4vFD*Fjr1<)yB&M+FI2|V!eNG}POv`}hn*jJ162*~fWP1t!CYQ9x zn@d_`^7({T9GQVCWa^Z7Q$dByTwR4s^0Hi^1ymq`Q4iV_6v)g+E07f*uRv<SLrN9W zOSjV+g_t0fiXSzNB-FZaV<a(97m~pM0HE1$>D7~|p_}>w#`-<uUq;_laxI)uDHDUS zsIeM!iXS#@AM12Dvt@dd(+GESRj4@yYqe;~I;Jwosoi%B|AP<EWEAk5N5I2dN_bd# z1s?LewgiZO0$}(K#IhOfp9&oK@kq!Uict6`2!rnkFgQbK|5Renl^BTrw=vLDmHX^u z#oD$Q1N1*RMFkty)KraDTkTD=ExVw=6p;#PE;(H1R0SKNiIL_oOvV5S%2oh^uD-rE zU`=&~tJgQU(O~PozA&pZ!Vq?~-C(d9jL`;vusLE7(+0KDKoiFD=77B-pf@^=1Z_|; z8dkwr&1zTUhT8aGW0=H=V8f_@f&Ulp1e}*dS_%>Br))sts?H)Ti`3;YHLnb4G{&mm zM;hLByCsns;|G%2tD+yT1$84;zt6cF-pvWsCB_eOlG&@^p7`p@;xgPTr19ybeT}mZ zP6b!j`e?Bj6G=!y=FN1KcWiC<VA{%tHqYpheqZ_e`_{K?@2~c7Pg*lQ@nl!huwmL- zQ=P;zb+_HJcO)feS&C$o3XPE#DL6&N`Xj3pT8@nL?P+Pfc|*olJ-qYw^oHB|T(0cu z(3%;N(E=Lv02*}z8bKd%ZE4mg4Uo@{X?U63^Z_^H`Qv4v$ICg>2RUwr@ci*3@J@79 zyz355oY>O5ZJ@@>1;$TYxB33Dz%#~lZ@R80sx+l~E9!b99Hu<*-TS&7b!+!OICStI z@9S>A>$`XEesp7`HuumlIEHI-4}tM>H^7uKfO!$5yQD2DU$AmOQKVGLJjy@snhtQk zFQN#vqUX-TwEEDHR`D)agC}#Kj+p!XB5o`*s26p`#8q|0GD1d)FTF@mFd;fc{Olc0 zBNqXSTZ&2vT4_}3txEAL5^%L%X<#H0#-LOhSPAxrn`J0t({Wm$M|}|&;c$_q<S)A= ztYKjRnFeo_1brdK-;lwXj|~7NA^;`C_zz`Bv9D^u^*E5}Lj{?h$YaXWG*Xkt5T5om z{5vpaD&H-e(Z5^Z<dVsAAyeRCm9ydB1%s#Z-CWs>ME`Dyfv?@v5nXQT)Utu*>rQM4 zv}L`l3=>lTOe;EKy}Mdns5)8K9$a_0%Mo64&t&_KfeI)6gel#Vs$3n@sG=Q}E!(k7 z!(BJ;8H&qjR$;KH4GbY?6;+c*n&psl2X?o#9i7a$>c+Ppi){p)>#1Jt54R=Eu9EkM za3E^LkF*y!SA#_X=i0F7X@oT9QSvkcckLuk5kp1(oqIc4klOGnklOtOybh%H&{d_j z=1K=p-J!4Dbnx81%9=wjAHE43PY1jAw2$1-?g;ek?ijwI!+{-r=>4bH4L$k6-+$(V zlk0|_`ruLdecwHr?YiS@JB!DX2Z+!Cxt%ERumj_GnU166l(~->gcHN(h1~?8W-F(7 zp-`9|{+l>{<T6pq2@026bxOhUgA+Iklj@ZGK7g{d$bpi?9$%8!M_!<~%1l9MM+BkW z4~4e>lz3pd(7xPyd7;n<itb2JboUFQ+YdzdzzWg*QKpRQ8r(n7mZ>bce?A<Ut>DZR zy~(Qetx*!ZGl7X^T-DIF+O>DDiD*|H+j<_0LUX2FX;#T3tW~SF>U0W}oOs}d4WUq1 zmDA}17L7$i>o}VAxQ(fa8=Gqn-uLXze~~GRxxeuJfJ)13n&cHSd~BIbLkTv`@1QL1 z2NnrcWXo%{X{drt^E*M9_d}b8T4db6wLIUS+4+^7^*e?$oRq*7G?nbx)>3l)>@V3g z+ZSCwlkEvbQJ$+(!`th}?^tsEpj&$H+>}*Y?X*H|)w+ODbD8IdkvRF03h4Q91{`oH zn?k2#ln%EkI<RL|&1`Rm!ie}l!SnNf@I0V6^!yA8a}G2#V%{&~--DRe4@?o+Dap_Z z5e`vL32K$4-_JSu_XP0khenGG7%fBBWVHN`d3vxH`=5UF_@-)#)hI1SjfoWto}MpH zux9A#xvNj`^nCH1-G`qmczUWQ8{JEu9zY2d5<)3~5{Ao?M0!d|BEvAi*~4I6>%-`> z^p7x?sv71pP}^a&y&ish2@6BPUr0S=FQ%rl7jv-MiwO<D@mFvifg48mU}0WH+Chi# z2oBRK@-omON_LYNBE;G=LV8vVrk;g4>%bQhA;V>+0ycY=VKa;h&cKZiU@$QI_L}AS zJ3~Tr>{6ylQwh91e+|4rXNi_!w+Medy7jrEH-330RGxe8$N_MCjy8p=yUGW*)M%~s z)2)?*HGaJeyYrzxoSGbd@`FcDd>|a3p8V{-!3smq@t1S=fA2_@yK(KVTal923Sf8y zl?%P#c3V-m1$CQImkD(nQMUnwfxtR6AoPwB#zvP5J4wI}DMt}Vd?ZlJ_7y0SJW$Lb z5h#*8Pz=5f<bi~st$Nr<Pr*-$gAw+OkQU*>8E{VyCKqId^HTY%@D@Va1Q}@YD2H-T zMXEdF>I<-WR8oR%s3jFs8JrKzg%Uz)<j}VS+9RQ*nEEv(6{_xB4%|Wv@3Dm7AEiY7 z%^hy|j~^ln4mTDGE|CZoNhtB3?}ZMxqQ6a$Uf&h^L=i}%AuAfNz$^wlB)$$3pGUQD zG-z450`1h=h1hm1yeQ@hJ(775JB&~T5>hZ{0R^+sUbFavxh#tku*k)Tke%RvUKn2H z*!%PFY({BL^(1R1+hTGFB`h4&XGgEg7KGuawx7omA1@63PN~wWVYDo*al7<_Fg$SY z$z6glgdRSCNDn}1h^{I~!!bZ;GbHpF8j}K2#vts(1Zu}1wPSfK#gkB6uGXv2E*@s% z@PaB{nEGK+f=by^=1ZZa3AQv9hXW9=;d4Ur0Yu0O5731!vOQfKNi^(k73e%V3loB8 zVG@eYXciTQMR9oWBrN;{LRv^!AY`4m5GrNP6l69`3k}6~39?|AMi!;;Pb$KfvV{D9 z@k|1fL{&AoonP*mM0bteJ5!;t*l58uX|{WS6d#ONjPT2(_-KV6&foY2*CYefCKce6 z$iUvB6qlrWt`n^Ci}>S3DgH}ggsK7&G)SNUA-71-i+V}433iMfvQHCWA4Q3CEH}o` zOsp+78^c2}6tGYkFGFbBj_g37#QFJ|f~@)ZS(qL*3;6^z%|h%`!sdIkXgb@Hoyp?v zESk+@A)bzUP!Io}-7ZPLAA|~ow5UK7EvGea3khE4K%YZL062-4267?Kh>2(HK&^nj zP@rK11=T{js9JoiS@m(w&~(Wc8tSbtQ_G+)l=9c~C9c62+Ho9vap37k?%JHCSf$ct z)Ea4mQ8I7_$yT17Io^MTCp4Aa(Buh2i?bD*!+uKq5|fAsfTEuRB`)lH=w9L%phR3O z>A-%7Z4&B8iY4`+)u>P+EtWKal4C*%T`U>K4`KU7KL#ZnED>~=0QOU?Q}DSi#yy=8 z;+{^!xTn{c{jS%DgIB~oy_RG46Ry{C;8IEKd;W^275k~L@1~)_13g}UFFbbp9yCUq z%HqvIm8rZb6mJSCU!FLzC6n6p(7LgQwp67zJv80Fz0u-p-CPfjW^e0eAqr%n9Nmkx zmFDb$#fCn6RxsG|sOpUQ2I4?*&c0x@73b_#XLG`(#W{Q8<9w}qrAiYF=8!x@D@g() zWRe$g3ZSmqpb+IHG6IZFnFQO@Bf&^GL8>5$?WhPtagl@oPuQ`L#x?<(rVAGFR{=%e zKNog{fsL8R8hBEs`>}t&Joy@aBU0SkwP2wMv{m?ZKhA;6c=ELzsGu+H*-8kj5SM#V zuR5iq#Wu<5`5?tn1TIyOe;2QDl6=;a4cmcDCdS3eV7Ap?x31Qvhzz%FL08L}do5NG zu=QE3ilZJbU(KiW(Q36;EoOAA)}%COXnW=Au&a4+bJMgCpI;BSW)!^P>XPR)jQ)sM zw6wWfD%~wD?n<0C<k8>pMuct;@>*kS@Z=lTpIb4jl_>v4{eJB?iwp&0!!L$1AK^JQ zwOfNHbBL9-Vp<$Dt1tgXu6{qE{pKRW6*CoNK5F(TeK|y@7pdi4!e_X{8jg*Ix_7rk zJ1gwaaw6qod%Q8w*{6@SmbXetiAW?NCC&XK)iv(Am;<Op7*5E`vaR0QH8qyiUH;~z zSyMSuZI^SLgkp3`ty!t&sw*r}J1eGvlvc~d4cSOqrBmrG3Z+6O*Qsf9a#g5xip6kC zjEC7>04<LJT0$hAD$Nn0&k6p~Ecn7}eGG5ou>~IGpM_KEua@oCzam+r;KemNS9nNO zPX5`#bo#5gvi%bMD>=!*6)@;o^o^#kW?e<_<pGPw<hEqb_6}=B#6gKg7$p}Q0+k+M z)EjZu8%|hSCaX=Jwr#Bg+j!%BnA($adr~fjb|k%_&YzUetRJj*0~tq>a)xqhDLLuk zhvG6$A$8RcCo0yj3RG^qy{dk!(xCMv%#Nf>r2|wMUU&!FkJcax#DpXZt5FeJq9LCZ zDWB0JaKAP*nh@5{@|1{tHYd{SmCxk#aJ3lw?JHL8YPl6>*nV0uuc8=*0==l9mw!hk z7NgN(uvq3lgkOv%6L^-&h2LV+*uzU0$t%@}m1GU5;Usg|=0aU3iJL)p>;(VN=r=BW zqll3wbIf7FbutGoUh8ZWHtlS=uC;A*gU!)&U0e5cyzw~eNPApK2di?Woc@GOfv)O0 zG#ZZ#-_+A~a4eY~zp<@yxXNO#?5}JZPid^#elR{`3m>AlU=IL{tSn*VNuCry@-ODY z#L*Q92~;ltk$=ev7e01P(;`0JBIQgPm5CGZQG|+R;+I4+g@)A_7=nWf-7pw)`^VK1 zT&CtgIVswPVknA<2#Al>z<4$SdZv+q5<Xsd9^zvd0;Gs%WvmX>o%A18*pg`SBz^?a zHZBl%nJWt-<;fhVgeOntK%GUT^n4PeG%CpXjdBKnyqKbH^~9};bi|qR8G#ffaDw)w z>Ro`cCN9ucu@1G+ij>&^kW$5Hl#J{~S29v&@Wojb9PFH0&8n4hQ@knQsB7#B_XtQC z2E4<9ckM;)FCpa_UeVg+Zmn{+wz{iu80-1Zyd9CJQUSIcEq|)f7C-|}*ce7_vk{Gl zZE95gl_Gm7p&=4wFYW~Ygo%+WXPm%Y8q1%`*#b}GN_QaCUn#L*;Rd1QGjq!`7+k5_ zrdJYgNwWpW$@*JoYMpgS4<nYzq~>6C&=s>WN?&bRgM=&uz1FX4Pi8F1fJH0<@QUID z=}tF#EBh);Dp$hluL)?s8g5ToWHiSbj3y<+(X7G2>D)#I%!<XRC{ZHpin1z3Bv;WC zBbSmYPGJbucr5XNMJh7-g?u?KKw~?gaS(9UjDVnqP#%5yEFza9sXY1>Ugxk?p;eEY z%><<I6JCL+Pb`jE2%?u^sJZI#9H{Ose<J4v1bkv~3@@pYmy>R#CV55Fx82ry!-zQ< zG|LI8T&8zL?cw^M3bS{W)$}KH&ieIrjq7U6$5~s*Yz$f$%HX$J8_~7x$EK?!lw85l zb^}R~)?~9!skWqAgOUC^PpD^4rlLKn=IkM(DPU1>P<yPzZosAq3()b@fH=2-k{EUr zy@fD<5>2tB8oLcM3U#!_k}zn+3MIN?i3^n2g%S%aLC}Scg*WkSL<-TAP(`)yYH3Ho zSI@#Uky7yG955E8LbwJBSMG*Z1Z_wb6UUVz(wqdXHmkKJ3YX%?2wG#(XiRckDwWA3 zKzUKg37M1<;}Tj;LCtvKO=1Ul0v~uc7CaL;;uOsND)OTT!I3~F7XFQJig;lrtp<#` zY2@yLR*RrtL`Z}}zx2F@1b_CvdJ_E-Qj1K0@>V1WKD9^^{UXoVhac;je5`Rc^O!06 z80(n<Z&EjR@d6OGg`8P$!~a*r92&cZAIo($Hcmd4Yn(M@9?O|Lp6Fvap{*V?4zVzg z7AqvuBCa3+@mEB`UlSSVxENAUXHftO_J|pc1yECgNiMzYXqay7n9AxM4O5M68*7aB zC>>=+d&Eq0*09+Xw#e~Sj>f6R&W+W2J2<vYRh#bPKov*WOtZE!iz{rFV?YVQC321w zX<#szSkB4**s!V98*H1YZrI%F^S5uVOE>#zZCPVktRcYZBm6weZ(d$u6Q6GOG0Q5z zF}oJ6#J_;I3G%(R5P<{4JM}V3A|iwXpDTs@DG?>O8-bYTpuh53B|ZKH9dk*}Xw@9{ zzEZvXJC6HpHox2HoF9g{Jv~k*K<jB_EuI%S5F6qUBFvR$R*Xc?3$bix!3i%0KWhZ% zi}^zrWh08h73b-+RtNVU%ZtRM_%HuKu`t$yrm$Nt9ab<>OeA9|TumylTF#`V@cBIi zN?UYhr$$boHE2pqX<ZhhMS+RucN0E@MP`sO(YR<eB0(5L2cF7@M3D-l4q1hCBg4o# zWD~L-xgI%;b_!a_ww}$ofn4Pc2dfYIckC(KV_!ezo|3k9$~zIhNz}xaC)LT^!97!* zP03_a=hU8qIf;2>LT_&0wQu#lh8qvH9Exw*mfmI@TWejb>>JV!VO6!_S~3`+Bl`|* zTRT)6iPR3Q-F9f7#5=RW=>>#|p67~5w2Qg@KmG%SEtH?61sq<L|F!4iy+U7o!bcQ3 z*5ynk6LDYhs45<H#bfEZ<g)Y2kC$JUXjh(lF1vr}_wWnl$z=Hn`0+s^mWa9GxA}@V z`0trSESA9f;O8YHEWmDAtb6I%@?<>jMq|lj41FD5oS%T7AHdot;5YnX@KFxV=KnR3 zi2V$lpq~a`hTz=}fDiO*@o4H&EBN+Md3h4E7c0$6z?WaaW<N=mCnMksKw>j?9=kyN zZ%iybgFvZs5B3K32=NPWeon~2J%)V?d!G1DBvIUz0MUD4HbPd>9a|UsSqwMDOtFAt zPMOC(btW(;Eu?HHY{G&@FBTFLs+gE9_DBp@6lyCSb2(W5oHQ_(lNM7qtZ>zdCClv? ztxhZCY;byg-sP#oDunDg*z;1kBv{u|w))6;BDv<~)%AOVtc<2)M#?x)9qp-d?3lJx zL_Km=BctT_fZZaO=yY6S>cMpzK9|clU9?kex3Ut}?rGi9eAlOB3RXhOwFO%I5c{n_ zix-g6`G|0y7ie=2pj|!j3xIruOb>(t<_(amWr&)XQz$smoIa1;dWsYBJQO@&7v|VY z0!`!!VlD^j=tXn6QZ0R5-HMET%aT<Hp`={V>ZvEW`QI+E3I)4h^?9vEBRa*A#1j_V z&$SMVbN<J)N=0L@+0+*B%wyOb_7?G<;F(`6zQcJ`FZB1zi|<rV{2H9UQat}B{Aa|k z!1=4f`Q6|he<hrMqj>#$*dc)i-x6rh0{Ekf_z$GHkZb9yNHscg&K+~d6vjMy8?QhV zOoB=1GN-DIL;y00u9(7RapxpJltTQ`MZp*lss}Qsa>WMc2;E{Lo5gLBmNNhOAX-Bn z5uysA+Ur{iI};eE#5XY02?nZRRl&CDZ1oy5t(4(9$|$F7zH&>pRp(8Z+^t!+r(rB@ zN=4ihDb>n#l)5&YPU(Dcv%9^@gP+Na*4Rv}lxDSDBPWrt44F+DeO9BK^QJn|$)2=X z%BV<Et8StR%98RLy*2~5mTm{M69L-w3AB4%pye>2-Lpbpd`CEUV&4-*iC=>Ae?*{c zEsjmZiFlAEAzy`i&SjCyl@`D-XOxSX6o4&ov0(qX=W>@-(3ffmTm|%$LgrteW2FWM zC?mlW*bfMlvg-9fT8bLx->t@^oLR58Q7D0um<*VTS}R9l12aFs{y?)b3?(GuGp7it z7{jHU0((mWgd`>+#h;!3Cj>7c31US;NM#}4#u+2xO?(|4MkvIF-T`#GG5{qsLK(et zZ^Y4fT<V!);FBljq`Q_JOVF<bbT%+>I3XxeX^ea4a!4H2;-CrRnajaO=cEaMCcCb1 zDhbZw(&$-c_TYkrq$%VeT>OeXqH@KnSC##UF&OE5>zW!nZS))Lm45xp3R9VDc%9vE zR78~Sw14v<Ysjg>Pq}O3UZX;#$G)ytnGzjQb0XxTp!W&QXq<Za_m#Hb{MXDO3-dN@ z3BX=0q6(q}dO$-#r&XbMf(|#Lqi1A>IR&JEaZbFe=&J><4z(7A0pJCEPqA?>C*HNv z6S4gL1ijM532*b;<jjN9PtYb4eRk&F^|5<QRU=K~<MqQ?t7y~A-%ZECV}DJrN=@B8 zQL(Yrf9Y*!^JW3p1e`<4idLA>2XT#+*;R<lIQNDZ^?Jp{=k%4HQ|Ku)`qm=AabED8 zh!=DcsJ-;?zNLpRc2emb9E%87+#buJDRmd<93f(R1ZI?)zn%f_gWgKW2)OK<nE%O# zLdFj8@gZ6USQ3XWURqLkHwmL-87(9Ewp6aCSv@U&SHkK9xhCKu(7}Wl=`&_CqtByb zrx8B`<(oW75Tt(2>5P(d83<eIx#(hA){8>WED&y`B@qm$?9|WYK=lkcmxB$?Mb&e; z=u$S;kTP?{P9nt+#Z)O5tD}(0r?}BWaV7(M3ua`JIx{^LRTI3^Q$L=zRvVutNgND3 zloB(vSmCbB)>tR*+nCC1x_>0xT^nS@!~ms~i*#mPuzgduaZ{_Crt?lGqyB&FeG7b3 z*O})z_v-zy<@XElwZYhcu?^;7i~-3nY%sQCn^(xgvMk#ISyCh!OiP2p5XPiTL$aAB zZL%4X&Gg+)k|u51v>8(<Nq(W3wwbo<G&^<Mon+f4Et_sy(h_I>=bU>b*%(5*?e6q9 zx*tgA`JM0ke~)vnC0|?lw{fRm%*fBoO*gIc-Mi<O2lh2Matjufi5-pY4v5U9+TGTT zxZ84Ie^MXQ$9(ZCT7!5}U($2l)Gv9_e1oGXD{}#R$isrntRja&nt~EC`?<RG8?B^z z8g?I2D1J8hgpoc=cjLUA3)iA&?cBAn=C}BwXnfjE;Yh-N_@CHFI1Be4^>;t>Xb$%S z<}DvdFEXVUWkU$P{s-?yVEqi$JASAN!sXz*9$8QNxg5(2o}s&*Tv%gaZ)D+W=DJmR zR(U}MD=mm5p2f(X288sq((&d>F68RDM$UNtPaLiIbAJ{lJ?l`!a9&m|d(?|~EZ~pW zqkOW8(u_Z&X1KB=H_c36rPS!i&tcDTT9DP6rxZ90FUqeNGjj?uw^*`lX6dI;4j1rt zzWX(qJ-<q4(4l-L-v0f<9I(iE_bthuS(t9n+cNCzyP#sf$2~XyncfrD+GpsFCpT1N zKTEeGmDj;A=~V@#EcOeMALUd1=E{FoA-G~p^5c6%wh~V}DrZlR&A3wc1#({P;#CQE zlKz(&d-dYXqWt{y?>H7^QFbp@n4O)UW?Ya_mtB;TZG9wtUSUB7Hl*~z97kcgQMzo) zu<DH&#rbq%eskrj8!D#vXb)<ZF68GJ(h9PszcUX9$mO+7#q@Jp2I2XcpK!=LvP8vT zk%4(-2APk<U?CZc&KeB1g=cfvsm+#rwtG`M+ZnJAV@%G%vwm&VjI$lXV7A`6<h*@* z+2(<kK2sWdQfj)fFyk{tHLlIo1s|EeY<X^H$Ku-3Ox?R1JuT(azlxjlLP54JZE@X} z)n&E$#_7vBWvgIK^~8Y_M7{Rh61w~8{0u|p+4%|aaX)wVT^3_c8|G)8_0LZddF34P z#<LU8$vrr(=)a}UU?G;F|0nk2R%9lfRL0H)`cI_ir5oQJi%a=o<m2>=e8i%I{lzHt z1jHVY%%6g4AqtRQMso3LC5xpyS*H17(OLDWhuUWNtk(6kzUXZHDTho{^}b=&UuW5v z)FORBTH1NrW|zOC(%_hvlZm{Lw`~35^7Tvd^cjU&+4Is&@~_)MUFBt4f^GEYnqy2i ztlGA!uyAF^O8R2lS=e7M5N9^hK(;Xro+WD`*-}VWv(PHfI;bH5Y~s>iWlX*{D4_|G zL(=2HwC6z8#vcw=8-F5{e4}j5nxC7qAj>M9l#WQ2%=vkF#i)E+N7EM+6wG%R=*Q)| zB|{qGB|qIDJtTir)~7GXE1Ykqvh<qS!hYIsG1KX3Nh?bi*fCGinT_v0FV(T%LSY}F zzWYt7fj!w#HaXIOK;q)x+TxG0DcZfehMjdXX}NT>F2p}^;lJG@z4S$Yx_;ra(o4io z^wM|9re!Q9-uL5_o0ZMC-OwFqDK2ikt*1NKQvAW3N>^pAYjJvRWh36p(xh+Q`e1NF zo&O<E|AWDXx_uAryXkQE!WBFAx9&OIy=cXb1I$`$=^Cj{=SL#Td&-_yBwK|bG8bfJ zbuE)5{$nThb#?yuYH_2<zGamw)!D7nt(NpO>leP9>#*2fG8Gn-<bKp@r=EiB?1I7^ zsei<lU7VL=yd7r(%e(bCShb9<leX#(kZMx=MTcCP#Zf4gmnSdI4hYGs&-lQD)wRd< ziVr-bt@gC(f{d)R?8jEOF3H%kb>W5;3(YykG;>A$<_cH;rsC|{8(aT|eyE80^NVtd z7c9*D`_(%(uP<7+HK!m4=RTV;CnvphUB|NW&KvhN9fy>QX^GUX3zK%z@Z^eyN-kt` zX(8U7S^o6W;?nBUTT6qb`qEN;L%Kd&GvRkQa_soGY#mD%@n=@CpQpt?#$CKndlci0 zuh}ftG|Sb#W+SyP@7=#;$>zE;qeY)-Dy?l@e#^k#v0iJ2!`i*HrFNd9boJuJjkSwR zRx`9+Qs1^@`~wA*o61&nt(h<7*X?mGvS(!*P1*C7XXR&gyEb=b73OE<mai=>Twa=; zTacSsn3sz?yX>@KcX`w5MJ7pCQrp6OwSbmMJK(EJa0;k-GQS9?xR;*x7ZvHts$CYY zY?<^5(UYts-xWE1ou>6-uJlzuNtpR*?2ZLDoD8q%%FeV|t;T}#wToSQ))z?&y-jTc z^#!Gy{ad#OoQ3;odRfz&Drb3yqikc<x*Mf8Iv+XOmktH;3$rX%OHH?LU3SSL=dRUj zJzJO6k9?%5eyC&lf|`vbi`Fm8Q<z>G$v+@@?By}2AO=-s(xnSfW}&Lg_ldZjc;7%Q zFIs<VQ{$fc!ou}8H#go~UpS1Lp|YiGitU+;)|M?>Q*4#&U3c8HvU>L&y<JDx`;pxp zdm9&2w0Y_~eC&MyzIF@ws$`VCh{K{MY<bT}KX@`J7Qe?lY7=6y?0sU<Xf;jWW477M zCm+bP8?B!*<Ymv#JY=#?<z!@L=Va1%c33m>voj4NI-SY%?vt4;19XwEOL_7rsUqc1 zrAv7wnPSxv>B5s{sZvxVRfJ`=EGEmcuQMd`a;NvDrCT$OSFS5f+puv#ZN+?3hQVqq ztyy2Prh9dPW7(Ga{d7a_>q{Mlh4a#nFW=m-BDZ=&Moz|(jBK+ZGs9L?<6KnYY~Qsm z%q9J-lq>HeO{DfoXCY2gFMY{hSg5bAU-}%EvYs0-TYBk9WYlMv1#6dak&_(q8ezC* z?kMEX{*`jeS_U?juCHEzy*=GHZ&`g==MB5u&E|Bw#nrmYKCe<KUb_sPCaAZtrlDkT zXxpZqo9Th7t!w66(=%}J$}4kZIU3ijcctfMJDS$zE}rMe%*jm8&CD_xvNEhYyBc?; zNv2)wdlTgIQVINX30X&~pD0?J2)pOhsJkGd?n!@ILQip)x~{NG{{65uQb|G6_$^Ca z8EF=i*^pCGRlKI7CQq8bV@<;iD{|(qzj0&hO>1&IHl?m|@#>Pa`mHrvrE=G?(N??3 z2&ZzGET)Raoi!On3s$#RR`qUNRI}qiUCnl9SwY3Bq77~Qcht#y2Xt?d0%9W>PuQeq zrE}22CQT9+U^%NxR_2HwaO!@VZZ<F8+3#I-{LzApLOES2${_T;PwD?g=g_}}^H16n z1}o5b!fzm4S@F}r686Jo`TwNh`u(@(&C|b?GjD$03Y_-d`>OG7smAy=k%@^tfRSxy za!F1}tF-^!yNquS@jdz<1yTRiNUE2<n;^MMrPr?{okw3Wi#~Ww`d)$z_Zu6pgI-Q1 z)9D16SF7~$+++z|lYVwJvIeYgB*@mF(x<N^yU~8XMrkHa8)i`(rw7v>OkV)HHHlt# z3?$Ly+>}wl>1jckyOQXWg0l2;k|*nT8f8ypzc!n4p1B(3?#;_dP<~#)!onKRj|3Gx zd?n4Roxf~BxOkP~D5)>`>6KLa>Xo$c^9w(}=v>)9ES@U=ke~|hk{U)!JC@y~QKdCb zk1$$Zeg)mM{HChPsu!x~fxgM8#*v^E))ik!rj^^SLYEoU9uu@`G(oE$611jDrFYiq zub_MChSnWf_mSCDA6}m`C;hnLCmL<IW5aLeri~{ynKwl@{n8n9{?zro#-_%<ZM@tx z*7TWXSM#Tu-)lJx`bp~tT7R~=ck`FqcDMaY`=<X7G}``Pic<6^pf{3fORGvT&?{S} z8EvftIj>2ft*7F2e(U%CG}KYP&Dcr1TK+HTzjeLcedi6%B>Gm*vYrQe3wvKlP~YCZ z7q;hbe{{$8Bzk>k<Id0Te0t~C6SS*&*JHc>_wJ)NZb+hU>^XK*_s!N@lqCA)Ex)~$ z+-klxGl_~gE#mZ{TVL+q)c<b@a)&s5iP1p%z%2v+>^YX8LHl6tVDVtZ;EE)wAN=6^ z(uu(n-u@)|tV+L5(SHOQcD^sQ4R;T}JpBFPe;uhAsRKDVwT*O->;m<3`pw9+&j3nG zQHoNOq7<d*KP`=d-toP&cgx<d?fu%m&7i}a&iLE>FA5s11|1%q3b<30q7<blMJY;A zivFT0n4%P=C`BnsQHoNOqCXLRIq+7nCHTz*g;u-|eK7RQZT8#lNTQ!J3Y$4CPEm?d zl%f=+C`BnsQHoNOq7<blMSlRTO;L*e^Ai8PvgJ}KUS(F49K1#5&xcCmHJLxpC{6dc zT9(No-E(SLmo!FC@^wE^%Z8+OBiXO}omw`LrTW{|vY9BxBWl?qor;gQk{!lJ)v}E& zHC|H7_B4Y@lQWHM!5H=T*QqJDLM>Bb%&Sq$5;5k-)Ur(S^Z!~c>ypOki7o%{)UqL| z-ALBwe^xD<NKS6GS~e3${%dO4Lc8PRtz=pLZ`87l<P?;sWxG)>SfiHHNEyb+gzDIz zFw4}3)Uv=?lm*VBEN~WOUD6nVvnU&q+6B&{EN~WOfwL$JoJCpSEXo3BQMRY$E9=y< z!1>ceAuCA@SwZSh+D3fDL&79TBKSW<qG)SEDNI8A)r}S(N&!-Z9vAV06w-sXVKRcg z2(NkZ?#1Z+cpbz@J845{04-i}03*7<%?loV<RC98qywA}g6|k#(T~zFmqfw;AjTZT zTx|^{E^`g3MQL%oww6@#_1)kQ!dM0Cy0H%9;UW9fv0G3ZK`ZMWgM5*=K7DBSaUJ|u zm1l_KppZt?2hhV>-5iCPIto5PRa1qpGKO9c*H=UL0Op2y%NRxta?}*GkMOo_q#ZIb zbbNeXfaAKJ&-d~XUNVX`8OnqFRZ%6<#wxr$!fon<ESmKada(W|r0`*81Sm9dZG2o4 zUtAA2{*PjYkWlF3=4&Xbt$pCgxVkZp@j8gw0hFTL4iV@#fU=*<6y{hkeSLTxR*@21 zqg*GkW`Jwt;gSaUDiLm{c5am+v@m}h;|NALU$1HlAJ<7>5#e4D0av%`ugqd0wOw0f z6ny*~pO7kL04<|@RlzgDkxEFwRt#}nL~Ll-3fcYKYnUgDsGiHD8pT*Q){pX9fZJO0 zYk`?qMc6T*>J{YJ4)Bo)iIX*AsEzY^LhF5~SMk_Qwq`l!Hp)31<T#9}QJRdm=6wOx zlbQa)E@AEsnvZ(9t(oVB;@Suqht)9=)IOkck3tJ!q5W|yxw((92pFBAmzH@vki^Z` z_o(Yv@$53pZN+-7%vbeSXuU)A9L@9BfXhl`j;niml&?9+J&~=lFK&ZGWL}vkhgH80 z#YZ#G6&4R*yqEjV|C@YkNoCx>n2g&2Nj#*2N7)j!Um=^hR|L6aQ4q^l^`sg!$gyQJ zN3ZanD%IzzQ9j6hXqbBuv&})Yx*@y3SmP>q`ne2Df*~%g$a8|%Ts|7%ejehw3ly|@ z%&NQj8Y0si<VXu-qH$|$qqV%?QFAwo@=A^Y8y8Z&A~{coIIaOTKL{>fweD7PvX^HR zAJ<SwH^Al4tUTLdQFVs!pYRneLvbA{uPYOXU15-88dY~65uak+%J@37H4s_!0LRJ0 z<7qC;4yc;?c%=DxOo_<95_>jB>?{=+zhs67&&^%P@W*1C93NtLSJeGE$}Q)au}{v{ zAh9dXmTP^I4=_!HF5<MH<;rmU<T1$i-T==d?yG7le9t|@t3*Bss;@#TQ6A&*BJ$H9 z-^YAvZV`OgNI%d1SNBno#RIBk65O>2@g<!qMtHvSsW`K&Zs+;ZtLmVgFf^2BdUYkY zjGLDSiFUr4o#$ppLdC4S;N^Mx06$Uqxb>M;-DqP74P%7XSFQ5Abyn_NqDF5bTO>{c znlyjN?sT2IfiiCvj}DE8GC%Ikd(kHBq<M`vo%q#VB;noH+Tk>>y!tN3EY}^6oJi7H zMA%z+fmdBiWbA-y_e!pFSlxZJbA>n;4Xbw6{8;!^NIma}6@vWS?dE!Fp5i8nU4C{x z`!m=gj*y${&T#XoxqeWMRgZes4scnM_e>u@jYqg|sxn^PwkY?`+~;BKB}o_!Cfy+< z$HR5=BZ<2jZS>sPt#Vd&)3BdC+t2R`e6#e{<Vu{u5>b=bi8LEl67BAc-Gym&Z<2?E z`2Clk``bv;4lAS{;IeqtooXy@%j8@lY*?*YJi?>IAD2Ok>zTfE{ir7I@IuSvoo1#_ zCy+S6aUA_4?WpYrWBl$?AmdGvV35DEH50h(#RyN*-Vwb<J{FmOkZYjrc=a=~xHygN z=jFLh-2uKwXuC}E{h78;%#~AS&Wi9{A#63E>OJ?K>%NLb!*T5++)D$TyNIGI?|lDQ z5773vHqyd-yGSc)JF#2#@RoM8DafKd=-Gi<Gg_O`QjQV5YJWMm)K0z+wPD<LzQ+k3 zJ$UUzeK*f>twiB<R@;j4o#4ghwvb(XjTUh0<s*AI?`>%9z<Y~2j?HL7%XZXRc{9&~ zV!ckx688}8>YgYh?L)f~*Knp(?R-T|vTdmKfPb6X>jLj~&X38@)^FwI&bXYds-!NC z5#!8wHbJ5eUSqA>@!pMby?lKa*I7v0$#rN&ztE+HOTbpHQgs#M7(P4H9%dsZUk50m zm5XE0#-&N%*M#?ONY40gMsFYAA-XWLnQPk1(Q8pLW7>A`T0$#fsV1%sLzQ9BjPf@8 z-yFxThrbG0dXl)!#BL|=PmB`!xzyJtj$9Y732QX*S|7I+>#bC6*~9giz3NWxi7kAT zi)-8)_mEcZy+V4;JH;AZNs@^5m~E3~(Y#u@MvMq9TK{&{(pTcbP<L@mm|VT_m9NGb zvH59bWzC8@Wt-0v4n~4QQKcyu4h6&Rs4p0(Qe1w&(&HN*iAIzjZ^Rqk?;WhNw|NJ` z-UCWk$Q$T881gC|?t{UxsNxR}`#g##7&;hcGZe<TrdC<Z-quzsJ#K$!L}_yeJVDPs zv~CHG1eCV1!3bNYZ^Rc-{K<TVf?=i6H{kbq+<rw}5o3Z_REY$~!XB@}#692+dzG=k zpf{{UN4(0m_CBS<=kW$2-t|hv>s7p?1Kz<w@1Wurt;(P`;tBggOg+BFpf~FF`6E?L zZoh9J>|<-VmC+y=VjXuN0xn_SkTT>R_4yAf2Yk^HB{DV;^?Q|Y5bOE^!w?EXqux=> z3=9H*aKIamR4MIIWytG}j)lDuCG3S3z9`o4L@JfYs2jL?+#!_Nl+iJN)E5HFz}Toa zjFAy<lrxAZp>Pn^VA6uS-yb}ni~wB4HyUz#qKYq|L>bnQ3{#+E0BZ$@lmXu`XDk+q zddH)f?Azz9QdBj|Bg&{da8U7#!K6ZN244UmhuzR6?29l&z3x$EEX0-p$6>TYd>_E@ zXb=kRXDYcB7+_Sa#hk}8;toSFZ@8+*J3QuhhvR-#uPt5A{9*MDK*UV2rfOyF4Ctd_ z_n>#w9p1<E;3kcG<}eTsv1U&Y>IZz@NL9y}r@|ds0xK$;!@*#5BpMAx>Z_{<gPus$ zs5Y|-6RM*JL&4#&J2Y~z+C2b2V?#00Kjv{qhJpbAj!}ulB4eSD-v`HGeO1ct;201) zsEomdqRd%YGXuf{(?-3O%AhY2f&&YKhQdDddN9O`cQ?%F4UhVwQLr00$hFek5m3Qz zf?=&N#8#-hQg`^l;Fu>`$=q>2=2o&f+5)i8ff1i)BuTOZSkxEr_{ZS;3F(6YcuIwD zi3p3N;oxvBX+;#l*J1ZaH0<*Thtw9}eyH(U&k?BbVHLy#OC@0zIfKCi0e{dvI1@d$ zfC`=kbznYL7>kCG1qQuLO*Ur4>krLD6nP20D~2<J_;{R*_y&AYmY?i>5P2xbqJ@d9 zLS3m0xFe7?7>H*I%?K5$FL(o02YmZ{A@88iT@?%uSF>6*M&7FClqE1PcMBc^jLqCh zaIWO_U3EkU8}SN*d2bLpF=!A=ek3*y_slfOpq!B??e=bFoCpsd=nV+Gm<7iMGJ}=M zP#8&%g$M$17&<eIffX!@=}K?_$u7V^aq~p2`Pubr!31(gB0-PO&HMv#hLjbEx<x+q z`GHIY<2XZGrB}_=uPosb4f1R#>@epzo@ZHelDk!^?#86oy8S-*saTuw3X7czEASv< z8dkDg?i*t7UJgiT3<^a?c))`7z!(eO2y0Zm1R7RD@rakD=wQevGU`=D6#<VWMbM~7 zb0H3l1V^u-BMXDEZ~(%1IfKC<awwN&uh$dR94z6-aQ;Cb54?Ke;z(ory-6ExAQ)vK zBa*pK4P)UcYFA{0?FR$i8IkKwQZ&q#k3`{2KA0%J^IQu67H@4WN^e(d-%eLgi_+e! zboX@aXm4(5R?1zysFznNJKOu(y0-Tz7}4YE?Axt$wJNU8-OASX&gM#`Wmk7kOK-2z z)uXg;>+Wc8L0fxgQ^)q^_Rh^pBj$B>VP9`YB!X#Qm%<iQS+%$HGG^OadYal$bv3qk zwD;|<R9f5nIvLMaFm);2uAaX3rtKZB9;JJGPj^>u3zlyN+s^jR)*h_VvaO}F4_j_0 z+LV?Zs3^T{u8t1AlxsVr@8R+_b#?FVY2Vz|r?ho-G`FC!u?3R38arCVQc$X?!_~g6 zQfYQ=b8T+nv%0{ghYwSw+u7E_o3Ne>|C;*RyE>T~O<kRRJ*ZYf%bvdY)Sd0UEtQI^ zr@fZ}(%RDn_6$zU=;BN;ud_vPVNfeGEP^4dzP-04Axm?Ms{_1x+2rKGRrb`!0;!J$ z{s3%K9}E2XJ{GX>|EZ4#{xUxr5Y|h5JdpZ$AocM;>f?dg**x_T!OV{cG;~rQ6Qn*S zNPSH3AMRrU#HRRN147=*C&$QKm!y6ppU?{S{eJ$<{%c)2U5m{|F-EGn-tl%j8!y*g z@A&j|HeTnv-ti6x8?SG>-tie3Y`mfSddFvFVLaXm`wayhAFspz2L74>m@`Qs$wwla zM^=%=fWI7usU~~KMkLi{q|z301ZKIL+(I5g`u;Rpzl213hDziDO(#F44swwelHbz> z)I=+27VV}Ay^$`bH`99RqnoLp?w~>Hp<^^e_tOv357A@vIK79SpbyiN^wad?^eOr@ zodmr^Pt)(ybM$rkJbg>vLf@0OOE!6@lr8U)ise00ne3OA%VBAQe81ErKOk+D-;j36 zZ%SVImr_{%m2_BsTRI{CR{EHHNqSU%NBXR8o%EE>C7sr_NH4<Xugt_j`oSNF!(G7P ze&FyJaCic(&jE**fWs7U_yuryhZa&DaL5D>^MS)M;7|t~T7g3^a2Nm%A>eR3a5xSe z?!)Wf0f)~4hc5$%ZvcmX0uKKI9R3YB{DwX+QF)7$1{~%Aheg1l8aS*54jX{OHsH_; z9QFVQA8^<Y9R3P8oCFU46*znbI6MU$o&ydq0Ehnp9A1Oo7iZ$2e?AF^Jm63U9BP4s z3pjKEhns=JKHzW=IQ%tmco;Z*j{SW%;P3))_&#v>pTObwG@Tl$gXRK<QsA%xIBWn8 z9l&7^aM%kR#(~3e;P3!&_#|-nDsVW5mhS?G9|MOsfx|oWX~{?@r7U_{DyHY8mB3*m zaM%VMZUPQo;BXso7zYk_0Ehnq96kmd9t93h0Ed4B4&MR}KLidx0}j8HFUeGXN4DzL z$vHZgT%~J~*CM7}GjTARl5i*h4i&&*EpTWB4%>kPJCsI%!x7+c4{-PlaQF&vcmX{> z01mGKhqtLj(||)Ea9E1hHNc@2IP?IA0pM^OaJU0F+zlK~0f)zd!z6Hc1vvZ&IQ#-Q z{EnWK4D{ntCU8)ILnUyi0}fk(!%pBZ1RVAQhr__(!@%KQ;P4=D_&jj<B5?Q`aQFdm zcnvtbE&oc^$#2V9@^9r*;7|n|>VZQmaJUsXi~xt|OdM>7l5i*j4$FYUdf>1XIP3uq z`+&nS;P6r4@Co2>8aTWP9Nqv9m&pjVkti((4voN}3pn%xhf&~gJ8<|gaCitfd=5B# z9XOl^4*v=qenrP5LibBK^g~i9JuX$#6VfK&&;cBF1BVgdFa{is0Ehd5!(+hVDd6x; z;P5hV_#trk32^uYaF~|wht3bkcKHo?sr;r~FaJ{B0vv7x4ts&a2Y|yd;BYT+co;Z* z1vq>IIJ`U)2gjBq9OeUuD&VjcIE(;?gTUb~;P6S{@C<Nx5jea?c2b$#LbJ&rEdvf~ zfI}~E2my!Nfx}7Q@Gx+A95_4&9KH=4eheIbO?{G{`lUh|gssP<jlf|$aPR<!+knFn z;BXQ+JPaJZ035ys99{tqKL-w%pjnQ*T`re*$}8ku@+NtY+$#I!ZaFLu0S7;D*bf~3 z7C3wYID8p6yZ{{jJ8<|paQKb<j!x38)1~QLx@Ec+-70Jkjci{v8S&5IsHkW@bmWLh zPff<DlP51uOiWy46+>tuhHD~ZGEkH0;>1y0=+U9)Vl0M#u^E*ZA6C~Ki#>F-xz0qX zNf%QuHcYRUFPco$WI1!@?{R(XV|>opvyVM?-+d=e@J0FZ>KsG=$(U1doa{I0iOFzD z5f`6xR9xdGD=}G*Do2$q&Mo|J@+dJSX3$fE@uF#bVq%<Yg;ggQTZ4`o^dTlih_{>A z5DenuLlc)`v2l}*m~=JHi%xc7kijs1@??K3Bp?B&$6sJmgnC4%WRc%9$qG@$o8*$m zVkb{co;r1M1`Y-jHCVp%;&EJjNx@599T$@df=>tt3^Fz7ro==DZV1IDYaCNX9Wm;J zd^LO~8~wnDK~D_&iHYuRMKPF(!8{S0h;2tkD+P%@^mI>{62qWgLN*eU5t_2o88c97 zkYns%5u><d)?s2DRy{H6O(us!VRK_Kgn>>sCCf1FsZ*y+Mi`~0t*xf##ECFB7uSgE zgi8M@j?E>t2W%8)yb>~*)M0GSxXCf4<7-YjojMujm{OcmqTmF&CSo!V+;`td?vf>~ zvYzM-m&heO)H1~S^ZR4haA~-Wk-29q2KW5ay0n>^tfynAV~>LF12OckaBbrs;o7!q zxVBkO&Bj==ZySVf^A1zoxmid5$&0K*N6c{Uxx8Crb`|&5CEVMrqh`3b>fdHc&2dov zPzPt>`1s^32j>y!oZG_<*YI#d!ov-khbK#SZ5KCR)5Xoq#mz=)HZvC=xR?7lESm6f zR1!YUdo&*x71hVpIn2lP60vX}cj{$g(M@8>DYXPLnc?Pcaxb|LTalGy#}>t!h>q!Y zi6r~G*-Xqh)MSGg5H50<Tg_~sW)s8t5<KY=libwM$YE$~;Cfs-dW2o*V}`#J6AquK zUE*BWNH*^yM~-0L3{$g_2CZ_*Y@ue`B(6uCk2vq;bOK~HQM2XrBahs3{P>-B{uLLB z3#2hHvMq)~V>S}AaoV9?eBmSFYOXU|soBl~;Vv~4R>W8+81>Z1pdE*ESPax+0@G*C zg8kWNSeMwoCPKVRr_)7GpzB1`XrM;Z_|c=6W3fXP9kJ-+@!-Trqwx^4XAA?zXYf3F zRH(1UM9e0?XHEnK!os4b78XDgEG|w?SSYn5z=|2o)M)!6InOhLATEf?TNCQ2SXOO6 z`wW|@qeeAIc$vj`zr!)bVp*?=Uc(vi`OuKz!Xf}6V6+gUwb|M1TpDAPfm4p?MrU{T zge7SxJl;Yji<Z=&D6+7GNOZ=Glp3K73z(Qhsib3l(2w=m4a90-f0#KbYN$>>rPEQ1 z;Uq4LiCQdm&CS>v?mBwxplWtCaCl7(9OaVQ$9XvuHQ^uzb>6s11dmlGf=5TJ`YDXR zsFwO2Qx*%cSlu|kv+x-t=9tBq=`3}Y#B@etFisOPt!Ik!0J4~g1p$-@p~DCwp7xB? zV&>k;Lgg}3!@SWYz;SKlT3tSJ2fxtEeC4thH<!6H?R|MTRbTrz2_+?C$`}$N=bU{; zW5zNIm6X{rWu}PIU`(Z?WJ;!ld{HumkVrC>gj9woq@q$8s&{RD`#yE{y59GFp6hyl z?>`S0XYG66YpwfpueJ7Pt$VG_-3FN^_K%f;1HSC9+CQx%_XrkQms#dDs`aV&ojLD6 zAv!7=^v#;%V`zH>YkaiyZK-&Za9-PUm4|A>>gjl%ld_^FtJJ=%nsN8A+m|h}<7V3i z*_?36iB<Jy3fSD~-!BVW=#p}SE_=Ppy+KeG&mXp@YY)6_Ep_aT=W27BzwJx!Hs7>$ z>q_}eSDr{seYc2f3=n!<IW~M*@<xHh4fnYHA{q3<wVgLUblynL>$Zwgj(2{f>)yO_ zgj&fPSQvQD_nk%li@p16oba;KTg*df-i-%oHX>0v-FGSNq^9VTx=FnO6Bemzp3(T` zm({r!c9U=Iyt~#&e)!a+YglyG`d0-44yC<5<&C*ZM^1^vYN)!jx{=JT?G7SwDPLPY z!|Jt>y?xxKZX&_pp7x*!?ZAnUu2D;s4?O$7^SoTmAOAfuo+;3;e319e8UFabw7WUd z!>bD>A1A9NsV5!DAGT<`Ul#8v@A%y9R#(8?yOqXG#>b40OFL}U*t#X~t_ADY7x})d ziIz8;?$(vAJ3*4giKOnBjCl|dV!XMITfS#_wMD%YZPZ68bs@d^C7<q%wRvsw5;2~M zE|-&hACK1X6wd8@(r;BH>b|=ma~GH7lMTl&tOfs&_K9SaGhW?K+euNu#__<cs)1jf zTs)bjH0hkg=iJj~dkCHQ_zTI8ZW9g~(~`9(SKTR4xU*@0o5PQC>ENKj4<Ad`Rp4g~ z8y|_@5IvV(KVB_mk@s@%Qmx$6$}GISq+J$NVWj<u)q>y7g^_5cGHI@;+WuUpla~XX z!;4SoPwqV08e=c?-VotQ*?tcEH^4B<j<8;5Ck>Ah(-fnnzDV8{!N7*gmV%VHNWFJP zOW0R(T&v8P&z?}}s#Xi-d(wS<oAG1rmUDNjjZy}z&NLZB(?cW@@}93gL*MRv-J_J} zn!-qGw8+N5V@=WuF*^4x^!a;6QXhJh@T8DVXU9nxZ*th=@GU;-df0WNR_9FegHiw2 z?U!l}y=zTEUT^Mib(N9MuvAYn%nZHB#~a&7q=oItyPy3gVA9Yd*~cW+dFDa&ex-*v zg{JB8#_MOzr$TKmy-;79EFaq^C5TJfl;WkIZ_@uLw+&D7c7M?r>AlNl%66)@)A##A zA8*HHs-v>w%j&DripHTKAC`=%j0ukk#k)wGnB-gevA(QsTd5TvZ~pS*BhJW=FUh>u zlLj7`>`fgQ5x%HgcB1!Dp2EwULpO(7@g2)MPGo%4dfl_vvh<q0O09Hlq*yH1B}C9m zJ@DP=w*$PTdwQ#P*(x^__So=W{kFc{Blp;s2Nh4aK7JpXnKWJ1*M5n`on_?#7WskB zfq^4=wly9FKX8Tz-gS<=P4u0g+|ZtS-QaOyN~)C9=2ERMY1X#pTHB0<lWz#+J#P)} zxK!&iJsk1zbw?g={N|F=$z8UWf@@wq;~WlLH9ZsbmwoibsC6EChl^@jf{NpZBV<oY zR<#MLKS(dXB<S**T}!h{sa>DGLcaGcZ<YU-)w=t(eBAPixZt?+%Ltb`?rUBCJ)zC7 zUKU6DXZ8g+yXLO1wRasm<@v61HhrDLMX8W;<;*fQh8t9+5>KrcN}1tQy~E^`x4Wb2 zZKiU=wnwMf!rGj}QgFh%-$-?DuNle|eL}e8a`CzT+s~)93skk&ZF`<A_Pts29?~a1 zY^-C*(&n5eRGU6K5K=wVNeg0o(o!^TLKIxb>8ctiQ{PZ>V&$!H5p^T6;8dYCYbD!o zjoB&SIWceVpK|)?Bh8kj9b)(N6322{SCvRMY#;V99{1rRmMqviN9`N&NOAK2bnl$n z%lx_{Zk=L+J0I-e-u|M#rLZ_8-OM*)E6WA_uKMCyv%bld?_L(!S4Y;!lz5-t1p<Yx zg99fkKltRAkwc}~UnlyVbxL!Y7xveDbx;(MN^(hZ8$O$-O?V)D&M?oyNg(5#6gPox z{4o8jx0t?H`TMFb^DotULQ_9h?|WPGq^c))V8FX3<Z|G*BQD<KOwS*&EV#5V*SeMM zaL{L+GQ4;;dm(Nj?(+SNyTyA|%$Hhf*9FV36W8HcZdzy0slB>R-~`W><Gc|U!!@`o zb&oQOS6mCnU#6YsPL;WnQ9jepUi6o(BzNd0$*okTGV9apT{#A?>R%QbAX+=RZHvp3 zDMN6hDi=;(r7%xL3ovmhwna3g;{<j2ET%O~bC*88T;J$oFvQL@8(Svcz2#_~0%=Hk znG~C|LwF-o$g(BN+33!1-b@aUkGvi|ab=0jvWUBa4qEIXT#6<k@<`n_84Y{aBPmT0 zbQa5HGd`T(I)WY7aIvqKRNuqpz4Pz})}sd%X*-vkWs|yoZrE%%Qy^WY)L`kI{2$zH z&CJ9M(bF1ZW8*>&2bl^z<ND0+H>R9@k>QbjC*L7EWXlfWjT@xoWMyTgu87MX8(l&z zdmlYr9_V!Qk`&8e#$?r2LH(u2US^zMT`bJnpp|i!K)m<;+NFopL>^v+_9xBDY>q_8 zOkBHYaMy0@#}*6ktmdLMYLdHlB;_?b@10h?F<u&~Y$P+=6&gEc!q(lD<eVd<WIa0^ zc-5mS)zvQK!Y)VGZodfA>9a9~xw=O4QD!rauUTJNN$7a5AQCJ>hwg7#^1>`@f8vwQ zjmcZPVogq!26ambn+jdkyf~-5=h7>S%(2>?t<nOjL8>@=_fsE6uGGW{`_8A8iXAci znrCK<yO-IY$@4TV+&iN1;T>TCl{a5B!!x5dH;JBzS20O8fB*Gq*UQ;Ad)qSNvM0}) zD~<~bWh_VptJo^!>>NPa%*E9z^Kf0M?l(==PE=Oq&GnYnUu0!t|CY<dwSjeO_%gdC zQRh!A(TGYP-}g2A+Nmb9+kF>5*%UI*ck}4#-J)w53NH&jy7_#hmdDJMjC>0CkEK?1 zR;63$Cxb{E><p>LSTk5$nb%diSIWid4}5f=JoM~{UekvI{_D@j95UJWfxj<F_l~@m zk%a4oJA<-EY3G&(7)nUszH7R&Bp;pQT6<JSbm4`Do!#JjC7-ETF@<?%!Q;30E+a6_ zWa&}wE3R6;(NZsY!$`N;vAIgU!){ll+I5S*&S_;m(mAe#Kfa6W!H{X;^EW#~xZRH0 zyqDhny^p)l`7ZOhj$84a6Wk^n*q`^@xFh%C(D$0)&A|a0-Dgai72Z}An(ugb1{smk zHxe`zOWkf`P<%!C(8%@+NA>(-Gj^Cu)@d!2*`{o)xHVdmL!DK-w8W$TnhWQouS&K< zl$4muHKb|oo*aGU)Y^e+xpCw8=iDPUCGV{)Opj$BRweq{f9+hGqH58kr!5fXl7Fx? zx1@3EwRX@MeY2WChp~qFRi}ra=<2MHUUj0RThD4ZwdNMvQs?xt18dB)23l*bh3_~t z>rtw<?uo>Kxt#i`&;-_oh$1G@<*fD|2iBY_ZEq@w3?J|C@~XFd^KQFV81BHF81o97 zqapp{yASmAD;KY;q<U^39pg1<c5d{_NRkqdXdGsmTHUW(a#>>V%bBq+HKN~bCw}mp z&UAe5Q?~k^OE_Csp}&~*mlFaDa~a|!C7sfo^as+qBS&*_9~;w)HX2w?b?#Yj&AETd zxO=wjQ^&q#Iin@HMh7~o=^OjVqI0q~31_0ESgRsVgxq|+2ETS#((FZ(4PgacF8ipi zISAt!KjEL6D)A;*4|e&N>b;e6*}W#ID5h5Z#llmrO#c4)iQz*>I?F4H=v%Ys?+56z z>IqLf1-4%>ePO$Psx`>y(A2}}yOh?H75ARsYCpU5YfTQp^nD1|xM|O3ae>Q9hPQn` z_}vpad7?yY9+BC-na@af(sSZ{tNrmZ@7y(xJUZrmkA1JTrOuuen$f*9ly)e=-oPv^ zV^ir0!A}cZL=M)iBO~NzKHP)OQAwqG>B?yw1FXBOzul8a6TXnvAK+d#@itfCFSq(^ z=E(2~)n%(s7UnX`)e=q%9+iyN7GzG9VY2gGa=`3pFW#4Z&wBj0ql2acb-V0(+3m|y z&(@r$K6xk*#k<D;<~+;N{E(+6<GiX3w*8xA?}t8k>3&sRezsO?(3`vEL4V*1Rt<mV zw}LkvI*%^@yie=v>LpSUOnC~+Za!x{Ce2h~)yH~F?nqxf7vF-I^;c%6rHy#gG3h02 zTS9$ZsG@8U;^UT)t;sXW)K4E)9=DM%^isL?qk8(=#cw$$bwxJ2Yj^Ca5@_n_Qi%8b zyltAylV@k+vUF<?En!u6dxIg>-HCRbPo-tofR_BZM~-W&^x{JZf)|dR)4cUL#63Zb z^=|v<-4uheF~ZK`Kr_{Kb><hMYd5*PkA5xBp-gFMppG~5Np7rmW9xDIz}eB*Hc%k& zkW#9<^I_V1yBpW0H>8Yl4dslOY?p0{cyOgT$!)3M-9y(h-OpT-$RN4$7S~znSLN)j z;dz^I=grLR(nIfVx4d}gc+0;0)Y`|Jv-yLG!5>sCNA1TgofI^7)f_q1zHMD#o8R(| z_@JTsxwn%a+Y*%Xc(Mna+>#%;>aUZmx;SNYMLJdgQ~Bc#Hl5Fh#@o&fd^soWthD)F z67qC+PPVGW#gOE1qkgZKA2wKtJlvDBb;ic^#f4kNvMPJ&{yO*H+IPn1Ta|zH`66?9 zpMS(YS_9{|M{hoJsg7*RF^=4Ip_~7i^0ZXrC;jMyYf7J9w<)_a6ZV(oCl_woyry1J z*4zhD%ktpLG5?vXZR(}UI(@6?S4$71zW-n*w2#l&s$kAyd60aC``$}N%f~8A9?coO za;z+p`VcuDfB0~zSiDk};6*L#jNtMwQL{VMOPnsM+Zn5``}QPnN0#LXe-EusQgwwx z%bKK#&F5GLM-!~r!#}JpUNK>t5NU5RI4iz<b(mD~O`|0;dz4(RD@?j9>|egGg!QV- zBkgyI1`m#Z?mQge)4A^Y{Lz{tGE&d+J3Bd9%Y5TMZuD9geDK)d^5nvkStl?3b(!Vb z@!HEJ7tfru#W6o)*4x6lx^eif4zt_pXTH4(+xf(!f4o>XS2U%%v7^R4V4G^(kL;AG z+t=q`@_LT53D42bM2+vK$quL~gyvhnVlRG|v@z5x)$m%}O<VkRl{St+(eR44)QZ~G zT86VpOX5Cn&Plmqa2}D{Hyg&AH8^)-+%>1t?fLO)=~Y?n6-9C;+d^V3K3T{~e5mEC zwDk+FpV#lsCERd{*|j6_b#QjtiS>O_dwtqS>zSucS<yJ14y!)DY^B<e5FA{(rbN@s zal}5ze8c*!BAI!wDx#t~rrjq-5T``v?-!$oRo#i%UsI!X;?uo5Ii(MuD_JeKW&d^O zaIMm^9nI9M$7$P`g?ca1<ak46I|L4#JW=ib&HvTPF~<W6FWVHg71|2M#J<{a#BRfH zsSKlPGYKy|jd)#aZOt>7a)Rd=(_2NJbj@?2ua{cMWGr10e#O(#-*U-nfi?Qzw8@cA zXJt($_|`aII>Jdme<<jKe%f>X{v*#+rY-8}0SA*SBj`_WzY>ea-&u9^J6YD1Nt|m` zZd6XY<;S=E)5awGK$a!vy}6H1Z`L$rw_qN%4i}&KQE+1UmyDawCkFO%g*h5sSl92s zx+_62t!B3X^%J#s3%k{Z$-rli!Z^+6D!ywkhzzMsEPNEb_b##iR={rj+<3$KsHQge zO|6LFy~Ommo_%2n9W(OHTLxl#?qx+Q4L`m&u=e4qHy5Ohjqg>ead`&E-#o=fTXDIj zx#Rx3n$K>B2{P7+3&?auph%6^6IRN3lMk0v#vd4Kdb08P-zyjyf7E`x<qR(}cssz6 z#8P}?iP~5!&AYFyM5fghY59DoYE9th_BUzDUDBI<veWHvzvHu-*1jCa)xRgbgxp-; z!gFhlj@CovZSkL{2d%e$bYCAguIM6JwbIb#Ms@tNB7=Qj4s&=_=!*HB@|IPPH{o2{ z>@%4mU&6lPyT~o;;?F0{W*%RRFfW%b+&jZto7I0HH7r?~>2T-Ng71nQ8<KBLOz4YT zjTLTe>$EHD^suV))s355rnQx<yywiLf;x}4>@!~Vx0(0mk}0)HS5G&lj+;H)7QFK{ zbJ4uLN@%mHH%sq2!nBb}Q~9;MbjJ@%JiLQn*~hFa%&W=z{4~0;a^Nf3z0)`CWyZ^I z@;Nf@A&CX1jYD6R<2}sF<&@ugv90BukzMx2)+Aq^Q|_;JqiL6*B*BPjmo@d)8>U-J zRXV!QR`ET&|3tl`;0x~MUrld1OxcSBKjp2u7)wd>Z_GP${ZI;@XTnYvrTLF+w_}_h ztVrpsRK3gR!4x#Sn#m+!lAYgF>XX-Y=7k=dxcr>hF$ZBL4`r!=0pI4!+{^;mD`kbn zH`f@g<Jlu207iH4-Q!W;l9cV1zB_vC8S~uU@v0&<i&J;#ENMMc7D^6Z61-DNMrGc; z4ooTStUbUk+jz9IA}}Z7)IrNfZ<%M9<}O+IE8V!EHAg$ocI~Ttq)M;aM8Ko%#$RGQ zPCqDV-x|CXIqj9cbdQ`(!m{&GXLnX_qdhx#{+R0%yd9fMvylS9T0iqgwpC?QaQY6x zceWGNk4CS90LYnlVG}hyW}kah-!_KD_`Q{hNE5krQwgtW`2Cq&g=v^~a<$qTUdzi; zRX54&?KB!Q9a~bwhCe3HZ8_Z(cdSw8%E=)`lV?=!${$zub{~9`Bv`X7a#SU*A$~bQ zb2RgnC&_QXrz3yp#tw=c&lTe@&Ji4;k4ZJn((T<6Z{3bGjlH0^+&C=EZ7ue$Uh<_{ zfAt%@2lX=Fj-KXM_vl(3Ayp|+yJ9vOS(y*tzn_2CPd9d$=N{`GfgZfgY59~f-_37a zJgod8|0-`Cp$)xHi?obUd7U^_mP0gMSzr@!s@pnh$TM=C+qL)a-y;u`6WX&<M>}(~ zYO@ZR(Qo86ZX7A?Aij1Da}Vw}L$dlzgPt9aWi#CyY#&fhxax4Y;*oE)ENSwt!;j1- zH`#3Qk>$Bx&zp~>^g3#gDcTY?iPmNA%SJ{I*N#2BBcv#JWSd!$+hl>C;ikL;du%h# zMcaOG>F5^U>928W=HUn@P4!`Peal#lWZx|@Gr2bw{?EIDZNF^2JTTO*b5_~qh}IGH z`yb1F@87<(!qsjW!I|%_>!v(|<(X4kZNBl!zK;z$6uzpic)5O{TXev^S26w9O=u2x znNE88NvddeKj^;S9rO5Wt?1m*&=tW7V+G0@CsvBPhc$RUd=_U-bXhjWa;wVKc>4Xr zXFpsAxRyOwFVhjT%z*XIxueA=mBXYs+3(z8o)vpupB|8Tgx{I_fbf#{t&I&&Hukpn z@9ORAV4>dZV&Yuw*mRwsadUmRQTy^)fAXGL|Nhy8`t*@`Ro=(;8^v}eUKkHNme}Rz zWdC&EOFOn97nV@t$)vIKs*VRvjK|1c4Gz1{lPv5J&N{kt&!M#7@FUkQUe?&(Ld?Cu zS5U#(M=CzKCdW!yTPjuQYQ8sNOG3~MaKg-YG<}%Xkk+!Yd^yd*{&p+n#{7zTFFdQX z-kFZ4>J|wrIfg9jQ|0uhR-BpdY+PwR>K%I}zs5{cJE3xHp?f!#cF{I%plxqMY{cWn zE(rxXVL{7rAtt}B`IceF;pq(~g&*=b(i+o-_+w%MUOXm>aP0m>&@)swSP>h#V4c$G z_+T<+-J@Lg+*j=MQFDsTs)xElxrqitu^(}%d2@9oN)kawyEnXT8WMCdDH>i^o1mrL zEFq&_By1y^^)lM4;K?ji;7H`dlb_G)`_?^P9~yOBU|)k{oPyy2p1ioMuuaz<1RPwe z;&_I`JmiH{zpSApk8SKZEjEeE64w@XyH0p|f)K`xoqA@dMaHG$U*1NCHET{>Rk?Pa zdE1e+iEj;?@*=XWCM?D?<W*PSF3WG#Ja}P?^E7+S>@02l`bpdF_}%(FkExpK&PC*k zZr3ZZ9rNsX`BuFg_O5-NpLh9F=WFx6-U{^+6;XOEVSas;yu?k#Q?YX)z1HUsC)4w< z^{jSpN?UW2{hq*$?4$YTY^$CgZoDO{sMIxCkym(2KWn(5mC3*&_g25Ik8#&wF0P)a z$lHP+R)5=SsglW4Ct28#ZYnN6J0M*+puTEh)=!F3aDho};B+Ei?1uhtuUH=sUkz_E zW2)Nc#vFTjjYP5dO;0J=HMW+a17f<WErA1)>xVz9G%T~LeZxa2khM#FAl5S9@2Pa^ zN40;jXrRpNBQqW^FNri*9vO08D$0R3t1{&aRqlUqoShb~>L6pb$8(GPnJac2vRoEO znfqD3tn=By&Lhok$AyX2+mz!IG+qxo%39i}%C>H8)X9jk@;{+(;eX_;YZ2+O@JYe_ zHg|My3s&~+KH!TlY#uzd%XB&4_VVq!{L38=_+}|^5UAEEblc8NUGH9am5{3roGIJ5 zqvh~+rpoGUfzpk+QEpv^uO3#=O2!RCh|Bl;$A!#|=9TKIMRkX<5A}3=-`Esh%->U! zF>Y*XRr0Jhcg+^C8J4AeiLkS2BzB*_HMdu9Y`)E%g(Y#tDvrnZhd%qnsnu#|_B3nI z#P8!NuON<Ht}d5k%Rln_C2aS4$*iDZP}ZxWa%#=qG@tLOl2QU(S*#~NdnCPzIHIun z$G4O+YqHzQ&i7=!PaTv<)8dbp)=9{ZJ_&PNUO-)C@U`S?ypCL(ZnM*yk7XVHm#@xD z?h9~ksTNr<Xx1*~FWCHwQ@)9_J;)O2_7>$YyuY!fuE(o}K)t^3*~!gJ`W|QdiQqJk zLsJJ+H(%ToSnsMk78j6Vb3$?zaf9MUIpeN_t+JDEr-fd8vXW>sZ?$=%5*j(sDUmX& zP++x9QZMPR_ixt_ufMI<n{qoh*p>G}Fl8^hfsKT~z0X1-vAYj@dv4`h^4OiM%XXDK zHIOs8O1+ZeD|zABmC`RkALh?6w*=ajv#Edk{Ix|SU{yl1tNy(4TWbN{H`N!S`|ie7 z+|m!|RgpF@zSI5Iue|h5SKp?ND2{v=wy0)f`&M>7)_IkEwo~`DTQ{AfMDhxq60ww3 zEjTPmX1ZnZu(f>BR`BG7Q2wi&vs@NjSB+M3(7l}e1N`Xro{LFu2ltg6Br-)DC%%~6 zBaYi6PQp>F#l?|5;sgR&oJ6643p@pgi9~S{f`BUmagR6|PeN1FJ>o<v6;(%5B$_xG z!GkLz&?k@xAVnqsIRS^JXdoAn3{q6IG(1`f4U`0OffODGY9>-qAs&a8PegO$@#H<? zR2rI{KtgL+w1z;zg8~R7Q1GHTR8R-FM3tyOpGZRuBG5n*!J$$FL8TPbFoXz_KXnlz zFo=MlWg}!zAOS(`K*)<GEoLL5D1ItXfIBEO+OMqCMFSSyL<4vJE^x6%B3cR&MT5{5 zU4ciF2wET!L4hwCN+d4&iy%%}^dpgk)`}p&87Lwu3H3e+HH}Ilfh3vww>zmM)aajg zC@4VcqC-&+AUHHhBY^72)J5mvP)CB+{QU>0;Bk1==EYXV<4`C+jR0v-_)qWQaVW0E zw6*x}U4{Cuu7Y+C+~41z1hm$Fu5qZ5s7a{ZsFlClu$cap6SsJUB19#i#>F2r4Z7a1 zPKS0kw4?p%V&E=X?qUuC`WtjCGzT8-$)FU_5kX%<I}x}7{by17=Wo!J(6&JP(9cg$ zGw3d8KUus64UcvSP!<X81ixAz+ynju`2ad14Q*qzaetNoEJFS8PdonZHyX(B_Yk8H ze)rR#R*@ISBEa+a=bv|fU6DwOXn*^S-XTy>AENhurpS0a@Y~NH^genA0euX}{%BJQ zdUMe>6%|E`gFbXcBYJ?nlYM}_qWOM@090UUWT<FJ_i_nv6-Nj-vYOgTj$cm^74;w= zd&hnB0C5Mpi<_6K#QUmR32`?kRf%0BBb<?s7TwitTd*J9JlNR6F?gRN%}GLCO(jSv z$kWFYR3jeb>EY$C6r?I)@8s=3R|08NtSBMAs1mSGRRY<JSD@hV5^5YOeooFxX4<-c zX98EM60QLOK1zy;fq{XW1Ch<%elCi58jYriBPbFG3P3}_|DacZeUO5ezvQnHwCVni zer`SiZr)zvXo>a?-unYoB_zcEF4yO`a=rXFFB-Pl(c4oI+)%`CMikM4Kw8Pv&)aFg zBi&EU$j#Bu+uz$c;7*~qsdpgV&(zz^3%zjm_7nf-CV04zRM0~Hl~F|zHQ+ac{s#G* z1Ztv_<3GrK_WOA(;&yUWq<hdk>0SZ;z)Jk0l}?UI0d4^vbhSm-X?O(uOnA7VP?bFF zy<Ai!f)t$S&i4B~0wmP_WxKekAKf1mWsiF4r<ERVYCjW;#VG!(XpnLQloH_W_p@|! zy6>-Q)GS=RJ?;HLX>RoWehlR->Y?TQllwpP2Ix!wxZ{ro3$phCuD~t20w^hI{WR0U z+uP&cYBR>XD*p)R+V%l-H3E)+DB$r52+jhJS3+n?B=RO4UI~X&QDo3u%xUE9<mP<v z|0d^en*V860R|Wu{qNo5>G{h;Mn+27-j4gxPNb);wtv5ylM+prf}`LNf&zg+K@^B+ zil#xvE0FMbgo+SIM1-ih2=mXpC{Q5L^YRa{_j08FC#C(C7Xn`Vf8dMbf1nQW|5oyE zdHKKY`mekGEf4%#%Kz<M|8>{D<$-@o`M<sE-*eYb+6Oa!F!TIp$)NVHB?pLRs7eHa z1qD2?0hV(ATG@ctG<`hm4}$591v(=Z5AfShM;9`njGti;3c4)&V;y8^Mt4>;cMGP2 zwJ1Sx*B)`aI8hudtrg9@y#v4nPTWjU&&$~x#4&!RwfCqX1a!ItCQS%|fDni{bguOK zR7vgstN|*}b@K?I`zh*rfZ3%s-O<~L{%ie(2g}Xh*Iz-Yq@IJRMs%j8>G{^0u)EC! z`h7x^mD}|T9$E>6F3THdHW<Xo=&dv0$;+0P&9l(IBEP<mZG*v$aLw)E$vhk8bI-mz z9QwLl?Blo8O8@qQ9iP9yTON_Aeo=ALT$QT~pJUQ?mv~$^pPJV>xnzfnhSSMD&F6c0 zwfv)!4$3-*`j&_{$WQD`$k8a=U3OpId)48(kj|I{XF3bj!S8eOj)e!w&z+x3lpHhi zo*pdCD(fq4oE&%m97~?>o&V1L>gXAbsO01ZNh2@B|K@R8lc@1&%E6k}S@Tz#H!3Tn zbTz-G%NDor8B!ty60;+vE3e9051j9FZ*flYi#KF_a&2#SL9d6O)03~^QU#mbp3F~5 zdz?yaQ#<cN6AP(W5RX@Cv=DO5S0s`Saoi#GBwMxBuMyv?yd){d*wH+&An)G9Y3byq z`=%>CC*8E@%0BO=)O%CV@ljRMDeb9C{OzAk^LVK?+!S+H`ub#9U@O<D0(0)>NR_U> zi}+_7#0(K@bGs||-PvComXGIDnfO&~)#w$h8Ok!L^JxpG3@HQ&y})H?uU`75EynAL z%cz~~c_wb~r}CS*W-Z@~B*bVu9NT%rq^aC&HAfx4sbFEarVqcA26qKpVI<Gwd+UUA zL&h?!8)h%|$zK5f^<rI1U8$*n+!hXt2su-3vkV@KNOx0_!mu|(Y`M(kb!|S9&zA1b zSoJvE%2dcJqCZ_UTf?zJWI~I@b=m238Zk_|lkeS8fleMJ%}o_2OXfulMA8p`I?iQs z+IFgHy$B(FrIY5q3ihX(%0VJZS{pxqQ8Q3YR}MH<c$W2f`o?GMhlgy&SZgx4o^gFk zS65+T8C);8l<UrxAil`D2ArViu?!rKZk;2JQ#8s$aFyero*=79oof(BQ-fvDx~BT2 zL2PMZE<-v&qBciQ;P|EM`4Tyc>I|j`hG9K+O07qC4Q;hc;J~jRXGu7|RXK5cV!dXo z-FoNZPWfeNQ)dRXmU*=fhAuCovA?>blE`H+$ZN?Y)}U#*^rStje3Xg3tbEvovn+4y zMGB607qh8_b=WH$Vz#Z9?qw1hGU(;pW2fv9QDiT4Xod2iQ19}A`pvy8RYUAwML*Zu zY~G98A$s)N0-icrTh}qgD;%!nBj`6IC>&usM4>LJZ4jH<C>&KgNK8G>>%-HoC7ODy z#Ans_$RpJAc2-rKKkl$rEW0?UzEk|K%#_SxiJZ(#j$3*{I)*wzI<h)!IubfK@ad`} zv4gMqs?3$Ko7=LFdp%NrXu)mBS}zrsd0HYyA};fYM2<w9L?TEnUQ2{!p3Xc!tjB+a zPlWfI`6Wv|rKZ~0v)i_BpH4rS7?T)tC?+Sy4E#P6V+VfL#b|@iB#ou!+WJck|8meu zUM<E`!;j}TKapG1eAPAIH9tCU?62IS<1uEI)8BLg%$J%kH5@VAeO;p<mg~4(OiauP zL%yAFk0r+3k;|2-6wq1ooG%09j{x7Nc}aY;eE!*UjgcTeASEaF2z)2YO>DA~cL1pv z@eg_HA9}{-3Jyru0CoQxxkaw|%l=ySS9IR8zqXxezS?~ChGWRs>H(G-{+aIPUYD1{ zm$_ZJ?N7%ZE~9>5JHxLauohHM!_O^17wF?Z27c=aD1dK%{-2*S{4*eh-mes}&D0Lp zIb4c6z!_S(;*5R_w_cK?S%0EFiy?n4QRnI0O8G~H<uui<)FjXLIV1eJ*I#1qdd9bX z7A|>tvv0ho?k>wWt&AVc8O5u!po9_RM|WPy0U~7-1bqDb!s7|zWD*I)_|RLwgdom{ zeu;biBg3Q7PX-wRLgtJzG6|CxA(25m@z1;<Bn_f@f69ndGT<Br84ZuAgM<T-QU*N` zxkvt#fe<gA!jKmY`w|&!0WuPZrT$SKkkJ78KV^6vna1D)JRVO&K&%q|`sFL&P!R0L z$N+C*WFQ)jl~J)WGJ?%Z0g+F}dTD6H^iNw5Jhoo2U%=o$5b7W^`W}xb;t>p95<<b$ zL84$~6i^AHEmRT};};r*#Mnjz93CPAjl@tM0gvDr>mcB1Xq5O5AAorZ#ufsBhDOx? z)C0jD5XNSZ(a>qrpE42wTQ7->l~F)Elrb-rjKkCcx*AqS#WVH;1P3Bi4CSHGYK$I& zfIX2vZAK6<Yh#oV5p+M{4{Qk79>B=RAO^;$N1<TG3_`_2WZ1EVP^svA^3Qr{2-u7G zQ%1y*Fk^v2MJSB+QK)1pV_pi4glP{djzVVae^fB28T$(r4<0ZKwonNabU)^In+Z4& z8DuCA$jFRint&rwz%!O1FBvmd2{;M??Ab8rQNhELQAQ&(K3@np8W?aGJqlyr0D3e6 zgYQup*c<w@UOWi+GTMU2k;sfVz=MOr(8mdQ0vV6V3;f5>Za@#yhk%TR@gE*^d`w>O zIAz2Oo?(n_PQZiqVDulJgn71u0SzARj6NVEIEH5|&?C_>c*!&>qfY@_5->icF78DC z(TDI<u%XOYFO>rJ>=@buj2TS500v|K!_$EG8S~P>-ZDmpVA~wH9^(TVnToNGM#c0s zuqOrfK>xHEJjcNfBBKn!GujLW4cKL5)LYzbMTNh3l|aBz8QTcl20aine*x45k%1jt zhItOyeuv1wzA8qK3Xy@s0E~KIuNEr<JCqnb?3@b^+8nC~!2$MWv3d|3V9a3kAUFsR z9AG~flNZbd{*VDOA~8NY(e^-hU>Wfu5FB8}iPeMP0COL#9s~#IyBIz2e8$Qk?E&`D zv3d|3V7`mhgWv#j3#=Xl2N8k;j2TQ`aMl1TgWv!hh1G-L0P`!X9s~z?c4GA)IKcA- zs|UdW_!pxG=ABp>1P9<UtR4ghm~&zEAUMDY1gste2YBXS^uUn<tPFw!%pI|M5FB8g zg4KiI0P}3D9s~!N17r0dIKX@yqX(Y%SQ!Kdn44ksAULQH9DpmZc_BE!IuEM{!2wRd zVDtc|U}X>-GzbnbKgH&S;GjWp&>%Pf*J8`V;vfLFW7GpI3Xw6`44%c9ITv^q17?Nf z#o_>q2#6jQ2Vh``9s~#Acnl8oqz(fwfaxAY#()jQ0pW83dLj!`9s~zi&tUZ+IKZ40 zqX*%00s(>poOr_Kh2Q{lZ>$~!2bjZQ^&mLF922Vt!2#iO0+@GV@-lKf>U#*E6Civ} zfbcm1th=#wKyV-s91uPS+YQ+Ah!7kQJ|}=REXEcHpA$fQ2&)IdL4@Fd@Hqj(=jho% zOdTW$4hWwU!1@TA7t*i5xjw8O1P54`Vf7&GfgXNk9B&Xl2a7+59%Ot#_?$q7;DGQs zfegU`;dAuVCDvvL4hWxvL%7(y5I#rOp_n=#d=6&I5IqPE5Z}O-2f+bi1sFXDpA#T_ zP5`l7Y+eWsu&%}GL2y9$oPeHBW$Z5yJ|}?K4Mq>b=L86!6F@u`n-_uu!sj5+0Lcq! z4+x(VAbd^$r>7ZhK_GmN#uTu6SR4orivxl1IeMlSTOJk%8WY6oVfz&VVv!g<2%jSm zJ_o^ONL~mI2%jSmK1bubSX&@Cz+M7Y4}t^2=Lm$)!PYjmJjnVS?0-Y_AngI+b96rd zV>5)$5y<)+1bDG|A$*QN_<Zq%G{d+=AbgIV`o`D?;d2mKhUh`s1H$KM{1j6MgwGKO zpCb@HNB5(!<w0;j*5@Gd4ap0^0pW85!siHt&k+cpBM?4EAnS7k!slpg7=stW=Llqd zjzIVvf$%v9s$%N^abQfn5IzSln?Up+?E&F)1j6U&z7@7!$T)}aIRfEx1j6SCgwGKO zpQCYaj4hD$Il5ng)q~)G@HqnEbFj;TEf2!y;OsI)57Hix^*Q=J3&v&$pM#woh#sUp zAbgI#S%Rqp!siHNeU3o*9D(pT0$HCU5I#p^;aFR+IKXR97(F6{&xttf_y7mXA$hUw z0d~D0df4_LLin5rS)YRwTG;X+d`^V$IT6C=U{e@U9s~!3&xsH|CqmZeL<pY~A?tJS z;vLo&2%i%ne2%^s#n|RV2%i%n@pdAF&xsH|Cqnp~2;p-ggwMg|EY?28wKy90L0@k| zzkcnLfF#(Mgye<vD+r&1m-rxgvEzdX;d3H{&xsH|Cqnp~2;p-ggwKhP^*Is3=R^pf zgSQf~*dTmPgzz~L!skQ?pMzH&|EvSF5e4)~OdCP?oCx7_B81P05I$dgIhA2vM}+V> z5yIz02%i%nd`^V$IoM$R6EE8TAbd`Q@Hr8}=R`=noe1G`^gTw*_+{j7)c1_%H&FW^ zd`^V$IT6C=L<pY~A@O$f{Y#8}5I!eD_?!sgb0UP#iIDX<5yI!-U=_p`$T)}aIT5lx zCqnof-NVJ;h449%k-I?~Q5pBU(KdqcIT6C=L<pawZ`opP!L|np!sjFipOYYbPJ-|` z39>#XF~-(WyrBOvJ`d3Mm>F$G&!J#t5F8Lb2WPUec_DmGg77&BvOXt4_#8cBgRu|7 z=OhT9lNh-h_yrtP!1@Kk=OhT9lNh-hEe|~)kAD5ejp)107@Hw{PGaP4aG(Rncs2?Y zO@i<_3Bu<j2%nQ6>vM3B5o;fW&(RZ`7#t8j2M6{bdXRnv;d2s%&q)wICqeieJu`-} z55ngp2%nQ6d`^P!ISIn&BnY3AAbd`O@Hq*>=YUeNI2bv8v6C^(MbZ8OICSyWul@&Q z;GiXg44lkkJa-6!&v?w4A__RngvpDi0c?NPK_$>YzhaOf=$_3VG7!94{2K$P@Rxl+ zhK_SaJ<K^Ra8eSS%3{!?qQr`kk-@X`&+@3?U@oIA;2a*~JQkr6(Rc(yUNFV{%?AN~ z_HG_@zm*)|&HlgNV?q9(zr6DE?G$^zfS<>y5%4!Fh@_Pq8#d^e=&t1Wb;cUElH>o2 jb&BA{_5<KAQlLgDqA&QE2Y7-@)NhQ2gR{5fUxxoLR^oWS literal 0 HcmV?d00001 From 59414b112f9d44def87a0d66012a8031ffe029d4 Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Wed, 6 Dec 2023 09:45:51 -0500 Subject: [PATCH 38/58] Update 2023-11-29-FLEDGE-call-minutes.md Add link to slides --- meetings/2023-11-29-FLEDGE-call-minutes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meetings/2023-11-29-FLEDGE-call-minutes.md b/meetings/2023-11-29-FLEDGE-call-minutes.md index caabe9ee8..f74da115c 100644 --- a/meetings/2023-11-29-FLEDGE-call-minutes.md +++ b/meetings/2023-11-29-FLEDGE-call-minutes.md @@ -70,7 +70,7 @@ If you want to participate in the call, please make sure you join the WICG: http * Fabian Höring: - * Slides presented (forthcoming in https://github.com/WICG/turtledove/pull/936) + * Slides presented: https://github.com/WICG/turtledove/blob/main/meetings/2023-11-29-FLEDGE-call-minutes-slides-ab-testing.pdf * Why do we need AB testing? * Increase performance of PA * Measure technical changes - when we roll out stuff on 1% of users and make sure we don’t break anything From 820763e161fb3accdf69b728be502551472ff538 Mon Sep 17 00:00:00 2001 From: Isaac Foster <isaac.z.foster@gmail.com> Date: Fri, 8 Dec 2023 07:02:03 -0700 Subject: [PATCH 39/58] prevWins Clarity (#852) * prevWins Clarity Clarify prevWins example values. --------- Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com> --- FLEDGE.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/FLEDGE.md b/FLEDGE.md index f4071104a..b2a7ef8ce 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -694,7 +694,9 @@ The arguments to `generateBid()` are: 'joinCount': 3, 'recency': 3600000, 'bidCount': 17, - 'prevWins': [[time1,ad1],[time2,ad2],...], + 'prevWinsMs': [[timeDeltaMs1,ad1],[timeDeltaMs2,ad2],...] /* List of this interest group's previous wins. */ + /* Each element is milliseconds since win and the entry from the interest group's 'ads' list + corresponding to the ad that won though with only the 'renderURL' and 'metadata' fields. */ 'wasmHelper': ... /* a WebAssembly.Module object based on interest group's biddingWasmHelperURL */ 'dataVersion': 1, /* Data-Version value from the trusted bidding signals server's response(s) */ } From b82112099702ce7804a9eff552e0943c47f77d14 Mon Sep 17 00:00:00 2001 From: caraitto <caraitto@chromium.org> Date: Fri, 8 Dec 2023 11:00:26 -0500 Subject: [PATCH 40/58] Duplicate adSlot detection and handling (#903) --- spec.bs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/spec.bs b/spec.bs index de966e23e..b7924e2cd 100644 --- a/spec.bs +++ b/spec.bs @@ -3910,9 +3910,14 @@ To <dfn>handle ad auction signals header value</dfn> given a [=byte sequence=] | 1. Let |parsedSignals| be the result of [=parsing JSON bytes to an Infra value=], given |adAuctionSignals|. 1. If |parsedSignals| is failure or not a [=list=], return. + 1. Let |headerAdSlots| be a new [=ordered set=]. 1. [=list/For each=] |signal| of |parsedSignals|: 1. If |signal| is not an [=ordered map=], [=iteration/continue=]. 1. If |signal|["`adSlot`"] doesn't exist, [=iteration/continue=]. + 1. If |headerAdSlots| [=set/contains=] |signal|["`adSlot`"], [=iteration/continue=]. Optionally, + [=report a warning to the console=] with a diagnostic error message indicating that a + duplicate [:Ad-Auction-Signals:] `adSlot` dictionary was ignored. + 1. [=set/Append=] |signal|["`adSlot`"] to |headerAdSlots|. 1. Let |signalsKey| be a new [=direct from seller signals key=], with its [=direct from seller signals key/seller=] set to |requestOrigin| and its [=direct from seller signals key/ad slot=] set to |signal|["`adSlot`"]. From f0fc9606cfadb6ccf8566a6f55a865cbcb1f2a3c Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Tue, 12 Dec 2023 11:46:55 -0500 Subject: [PATCH 41/58] Create 2023-12-06-FLEDGE-call-minutes.md --- meetings/2023-12-06-FLEDGE-call-minutes.md | 232 +++++++++++++++++++++ 1 file changed, 232 insertions(+) create mode 100644 meetings/2023-12-06-FLEDGE-call-minutes.md diff --git a/meetings/2023-12-06-FLEDGE-call-minutes.md b/meetings/2023-12-06-FLEDGE-call-minutes.md new file mode 100644 index 000000000..e79b88ced --- /dev/null +++ b/meetings/2023-12-06-FLEDGE-call-minutes.md @@ -0,0 +1,232 @@ +# Protected Audience WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 5pm Paris time = 4pm UTC (during winter) + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Dec 6, 2023 + + +## Attendees: please sign yourself in! + + + +1. Michael Kleber (Google Privacy Sandbox) +2. Brian May (dstillery) +3. Itay sharfi (Google Privacy Sandbox) +4. Tim Hsieh (Google Ad Manager) +5. Lixing Dong (Google Ad Manager) +6. Russ Hamilton (Google Privacy Sandbox) +7. Orr Bernstein (Google Privacy Sandbox) +8. Paul Jensen (Google Privacy Sandbox) +9. Matt Menke (Google Chrome) +10. Nick Llerandi (Triplelift) +11. Kevin Lee (Google Privacy Sandbox) +12. Youssef Bourouphael (Google Privacy Sandbox) +13. Joel Meyer (OpenX) +14. Laurentiu Badea (OpenX) +15. Brian Schmidt (OpenX) +16. Isaac Foster (MSFT Ads) +17. Roni Gordon (Index Exchange) +18. David Dabbs (Epsilon) +19. Harshad Mane (PubMatic) +20. Sid Sahoo (Google Privacy Sandbox) +21. Caleb Raitto (Google Chrome) +22. Garrett McGrath (Magnite) +23. Abishai Gray (Google Chrome) +24. Marco Lugo (NextRoll) +25. Tamara Yaeger (BidSwitch) +26. Phil Lee (Google Privacy Sandbox) +27. Matt Davies (Bidswitch) +28. Stan Belov (Google Ads) +29. Jeff Wieland (Magnite) +30. David Tam (Relay42) + + +## Note taker: Isaac Foster + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + + +* Isaac: + * Sec-cookie-label for no label: https://github.com/GoogleChromeLabs/privacy-sandbox-dev-support/issues/153 + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussi loop on and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 +* Roni Gordon + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Tim Hsieh + * Seller Rendering Server (for native and video) - https://github.com/WICG/turtledove/issues/265 +* Itay sharfi + * New WICG to focus on trusted servers. Starting Dec 13 + * See: https://github.com/WICG/protected-auction-services-discussion/issues/27 +* Harshad Mane + * https://github.com/WICG/turtledove/issues/937 Need of a debug tool in Chrome for Protected Audience like Professor Prebid Chrome Extension developed by Prebid community +* David Dabbs + * Non-official chrome [testing labels](https://developers.google.com/privacy-sandbox/setup/web/chrome-facilitated-testing) seen in the wild (e.g. “preperiod”). Are these somehow related to this Chrome code (thanks to Przemysław Iwańczak for this src reference)**:** \ +https://github.com/chromium/chromium/blob/c0fcffe3bbcf87e4946dae228bd62d740568a429/components/safe\_browsing/core/browser/user\_population.cc#L91 \ +`bool is_preperiod = group.find("Preperiod") != std::string::npos;` + + +# Notes + +Isaac = note taker + +MK: Itay, new WICG for trusted servers + +https://github.com/WICG/protected-auction-services-discussion/issues + + +## New WICG meeting to focus on trusted servers. Starting Dec 13 + +Itay: Hi! Starting the WICG group for TEE based, December 13th at 9 AM PST/Noon EST, github and other things are there. + +Cross Talk: verify TZ, it’s the hour right after this one but bi-weekly currently + +DD: new WICG meeting, does that mean new repo and such + +Itay: yes + +DD: cool, I’ll start watching + +MK: calendar invite, good question, hmm…twixy, need to get chairs to do that, problematic from admin perspective + +BMay: Charlie (Harrison) did something kewl (for ARA), ask him about that. + +MK: would be great I’ll ask. + +Phillip Lee: I’m working on this new group, I’ll be sending out stuff, copying as much process as possible from here. + +MK: issue of where this will all be, let’s put a pointer into issue 88 (main this thing issue) so these folks can easily follow. + +Full logistics details, added after the fact: https://github.com/WICG/protected-auction-services-discussion/issues/27 + +MK: let’s move on, Tim, issue 265 + + +## Tim Hsieh: Seller Rendering Server (for native and video) - https://github.com/WICG/turtledove/issues/265 + +Tim (TH): Currently Protected Audience API supports HTML ads. The question is how do we support native and videos? Challenge is that the publisher or the seller needs to provide additional code within the rendering frame. One proposal is to use a Seller Rendering Server. The renderUrl consists of both Seller Rendering Server as the base URL and buyer ad asset server URL as a query parameter. During rendering, the browser calls the Seller Rendering Server. Seller Rendering Server calls buyers ad asset server to fetch ad assets. Seller Rendering Server could construct the final ad asset. This could be done today if the buyer constructs the renderUrl by combining Seller Rendering Server with Buyer Ad Asset Server. The request to Chrome is have Chrome combine the renderUrl. + +MK: Should have done this with Shivani around. I will give some initial reactions to the question of “how can we get the buyer and seller involved in the rendering process instead of just the buyer”. Need right privacy properties, key part of way PAA works is stuff inside of rendered creative shouldn’t know users identity, not even on the page being rendered, that needs preservation, so how can we let the seller influence it with the browser still being sure the “seller contribution to the rendering” doesn’t include user info. + +TH: yes makes sense, seller contribution shouldn’t contain user ID or some identifier, what I’m trying to understand is what the concern is if the seller can provide arbitrary code? + +MK: yes we have K-Anon protection, that is relatively weak, we’d actually like to provide the user with stronger protection in the future than we have today, today with rendering in iframes we do allow a join, which does allow an over time profile-building, fingerprinting risk, etc…FencedFrame approach will rid us of that issue…Event Level Reporting is the other vector of leaks for joins, that is only available to parties who attested, we’d need to extend the attestation to FencedFrames and really any provider of a pixel in the thing rendered, we’d increase the number of parties involved and attesting, what happens if one party is not attested, etc. So, for all those reasons, do want to solve the “cooperation issue” for rendering, but need to do so w/o letting arbitrary info flow from “more private” to “less private” via rendering. + +TH: I need to digest. + +Isaac Foster: Need to reread proposal, but is the only thing you're aksing for being able to send the buyer's renderURL to the seller's rendering server, or are you asking for more freedom of information than that, like info from seller context? + +TH: There are two proposals. In one, as the seller we provide a seller render URL, and the buyer provides their own, and Chrome combines the two into a single render URL that must be k-anon. + +Isaac: So today in Native there are more degrees of freedom, but in Video we have a video asset win, achieves k-anonymity, then the seller has an endpoint specific to that creative? or seller-endpoint/asset=buyer\_render\_server.html that then decorates it? or unique per asset? + +TH: Seller would be providing seller.ssp.com/render\_video and buyer provides buyer.com/video1, and chrome combines the two into one URL. URL provided by the seller should be common across all videos. + +Isaac: Seller auction config has a single render URL, Chrome would recognize that it's not just doing k-anon on each buyer URL but rather on the concatenation of the two strings, and then the SSP would be able to download and decorate, and get no new information outside the buyer URL? + +TH: I don't think there would be any macros. Buyer provides one URL per ad, combination by Chrome. + +Harshad: Seller would create a template of overall layout — so would the seller need different code for every publisher? + +TH: If the ad slot is native, then the URL to Seller Rendering Server would contain a template ID. + +MK: I just heard two different things. In response to Isaac I heard “seller has one renderURL for all of native one for video”, but in response to Harshad I heard “different per publisher site”, which is way different from a K-anon perspective…just to be clear, passing the K-anon threshold on every pub site that it has to render on seems way worse K-wise. + +TH: When I was responding to Isaac, I was responding to the video. In the video case, there’d be only one (or a small number) of Seller Rendering Server URLs for videos. In the native case, there could be one for each template. I agree that it would be harder clear K threshold. + +MK: native is the more interesting one here, K may not be the right tool here given the per-pub needs. The essence of what we need is some way to know that the seller contribution is not user specific but site specific. + +BMay: K requirement + seller side component will, by design, be a detriment to any small sellers. We should exclude sell side K components. + +Roni: what about the cases where the seller isn’t rendering, for instance video (out stream?).(Adding link to Index’s PBJS docs re: [outstrream video](https://docs.prebid.org/dev-docs/bidders/ix.html#indexs-outstream-video-player) after discussion for reference with publisher’s rendering capabilities) + +MK: yes agree need to figure that out, multi SSP stuff + +Roni: native is different, video has lots of flexibility + +Paul Jensen: agree with separating out native and video, very different needs. Fenced Frame read only mode does allow for some of what native wants, believe the way it works is it loads stuff from network related to creative, and then the FF shifts into read only mode where it can read info but no more network requests are allowed. + +MK: oh yeah I like that, but concern that something “font loading” won’t work. + +Paul/MK Cross Talk: might work, well maybe, eh I worry and don’t feel safe + +PJ: not sure exactly how this works + +MK: something something shared storage, could extend that. + +Stan Belov: what’s the risk you’re seeing exactly? + +MK: fingerprinting risk; + +SB: isn’t seller attested? + +MK: yes, but once information is in the rendering URL, it's not just the seller that sees it, it's every server involved in rendering in any way, even a single pixel inside the creative. + +SB: isn’t that true for buyers too? + +MK: only matters if you’re combining info across contexts. + +Matt Menke: if auction config had a seller URL, could load that seller URL in the FF, after network access cut off pull down the buyer URL, then you don’t have access to x-site and network at same time. + +MK: interesting, need to chew. + +PJ: yeah this gets tricky, think fonts, lots of stuff to load. + +MK: jah interesting, must to think. + +Lixing, work with Matt/Tim: what Matt proposed is an option…some sub-optimalities there + +TH: two options proposed, one is seller rendering server, one is more client side, maybe seller provides generateHTML option, would that client side solution allow the mixing? + +MK: my read is it would allow that… + +TH: I will think more + +BMay: clarify, are there two URLs and network calls, one from sell one from buy? + +MK: yes + +BMay: so back channel with timestamps. + +MK: for sure. + +Cross Talk: timing attacks are hard to deal with, maybe we just don’t allow it + +BMay: Preloading assets is very expensive, suggesting that limiting ourselves to a single call as much as possible would be best. + +Isaac: Regarding rendering and fonts and native, two questions. (1) Where does variation show up in Native? Is it just based on top-level site and styling variation? can it be limited to some kind of browser signal where the browser has more control over what gets passed through? (2) On fonts, I wonder if the user agent having a bit of advertising layer on top of what it already does could pre-fetch some sorts of common things needed for rendering + +MK: I haven’t thought through the full set of risks. Needs more thought. Needs more design work on the privacy side and coordination side between multiple SSPs. . + +Tims issue, 265, been around a while, let’s keep working on this there, needs more design, two solutions are presented in a lot of detail, might need to take a step back from those implementation and think at a larger scope, security, data flows, etc, but it’s a good place to start and ideate. + +MK: 5 minutes left + +Isaac: The Chrome label for no-group. Is this the right place to talk about that? Namely https://github.com/GoogleChromeLabs/privacy-sandbox-dev-support/issues/153 + +MK: Right people not in the room. Initial set of population labels did not include a none-of-the-above. Maybe can be added later. + +PJ: I talked to Josh about this and will push him to answer on bug issue. + +MK: See you Dec 13th. + +BM: End of year meetings? + +MK: Will we meet Dec 20th? We should not meet on 27th. Tentatively will meet Dec 20th. Note that protected server meeting will happen after this meeting next week, the 13th. From 4ff3bb3a37ffb8009e22df119d407400138cac24 Mon Sep 17 00:00:00 2001 From: caraitto <caraitto@chromium.org> Date: Tue, 12 Dec 2023 14:24:11 -0500 Subject: [PATCH 42/58] [Spec] Fix build (#949) Bikeshed was updated recently to add new warnings around HTML & escape sequences -- use backtick blocks to put the problematic strings in <code> tags so that no escaping is necessary. Also, fix wrapping of touched lines (should be 100 columns). --- spec.bs | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/spec.bs b/spec.bs index b7924e2cd..25180d82f 100644 --- a/spec.bs +++ b/spec.bs @@ -2028,27 +2028,28 @@ To <dfn>build trusted bidding signals url</dfn> given a [=URL=] |signalsUrl|, an |experimentGroupId|, and an [=origin=] |topLevelOrigin|: 1. Let |queryParamsList| be a new empty [=list=]. - Note: These steps create a [=url/query=] of the form "`&<name>=<values in comma-delimited list>`". E.g., - "`hostname=publisher1.com&keys=key1,key2&interestGroupNames=ad+platform,name2&experimentGroupId=1234`". - <br><br>These steps don't use the [=urlencoded serializer|application/x-www-form-urlencoded serializer=] - to construct the query string because it repeats a key if it has multiple values instead of a - comma-demilited list (e.g., "keys=key1&keys=key2", instead of "keys=key1,key2"), and it also - uses a different percent encode set from the Chrome implementation. + Note: These steps create a [=url/query=] of the form "`&<name>=<values in comma-delimited list>`". + E.g., "`hostname=publisher1.com&keys=key1,key2&interestGroupNames=ad+platform,name2&experimentGroupId=1234`". + <br><br>These steps don't use the [=urlencoded serializer|application/x-www-form-urlencoded + serializer=] to construct the query string because it repeats a key if it has multiple values + instead of a comma-demilited list (e.g., "`keys=key1&keys=key2`", instead of + "`keys=key1,key2`"), and it also uses a different percent encode set from the Chrome + implementation. 1. [=list/Append=] "hostname=" to |queryParamsList|. 1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] the [=serialization of an origin|serialized=] |topLevelOrigin| using [=component percent-encode set=] to |queryParamsList|. 1. If |keys| is not [=set/is empty|empty=]: - 1. [=list/Append=] "&keys=" to |queryParamsList|. + 1. [=list/Append=] "`&keys=`" to |queryParamsList|. 1. [=list/Extend=] |queryParamsList| with the result of [=encode trusted signals keys=] with |keys|. 1. If |igNames| is not [=set/is empty|empty=]: - 1. [=list/Append=] "&interestGroupNames=" to |queryParamsList|. + 1. [=list/Append=] "`&interestGroupNames=`" to |queryParamsList|. 1. [=list/Extend=] |queryParamsList| with the result of [=encode trusted signals keys=] with |igNames|. 1. If |experimentGroupId| is not null: - 1. [=list/Append=] "&experimentGroupId=" to |queryParamsList|. + 1. [=list/Append=] "`&experimentGroupId=`" to |queryParamsList|. 1. [=list/Append=] [=serialize an integer|serialized=] |experimentGroupId| to |queryParamsList|. 1. Let |fullSignalsUrl| be |signalsUrl|. 1. Set |fullSignalsUrl|'s [=url/query=] to the result of [=string/concatenating=] |queryParamsList|. @@ -2069,15 +2070,15 @@ Note: When trusted scoring signals fetches are not batched, |renderURLs|'s [=lis 1. [=list/Append=] the result of [=string/UTF-8 percent-encoding=] |topLevelOrigin| using [=component percent-encode set=] to |queryParamsList|. 1. If |renderURLs| is not [=set/is empty|empty=]: - 1. [=list/Append=] "&renderURLs=" to |queryParamsList|. + 1. [=list/Append=] "`&renderURLs=`" to |queryParamsList|. 1. [=list/Extend=] |queryParamsList| with the result of [=encode trusted signals keys=] with |renderURLs|. 1. If |adComponentRenderURLs| is not [=set/is empty|empty=]: - 1. [=list/Append=] "&adComponentRenderURLs=" to |queryParamsList|. + 1. [=list/Append=] "`&adComponentRenderURLs=`" to |queryParamsList|. 1. [=list/Extend=] |queryParamsList| with the result of [=encode trusted signals keys=] with |adComponentRenderURLs|. 1. If |experimentGroupId| is not null: - 1. [=list/Append=] "&experimentGroupId=" to |queryParamsList|. + 1. [=list/Append=] "`&experimentGroupId=`" to |queryParamsList|. 1. [=list/Append=] [=serialize an integer|serialized=] |experimentGroupId| to |queryParamsList|. 1. Set |signalsUrl|'s [=url/query=] to the result of [=string/concatenating=] |queryParamsList|. 1. return |signalsUrl|. From 3e316ad2b26baacba89de21b970dac549fab0863 Mon Sep 17 00:00:00 2001 From: Ryan Lu <146882973+ryanluz@users.noreply.github.com> Date: Tue, 12 Dec 2023 14:34:18 -0800 Subject: [PATCH 43/58] Fix typos in Additional Bids explainer (#950) * Update auctionNonce to be in UUIDv4 format. * Update bracket in signedAdditionalBid to reflect that value of "signatures" key is an array of maps. --- FLEDGE.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/FLEDGE.md b/FLEDGE.md index b2a7ef8ce..8fef830ce 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -1012,7 +1012,7 @@ const additionalBid = { ] }, - "auctionNonce": "12345678-90ab-cdef-fedcba09876543210", + "auctionNonce": "12345678-90ab-cdef-fedc-ba0987654321", "seller": "https://www.example-ssp.com", "topLevelSeller": "https://www.another-ssp.com" } @@ -1119,7 +1119,7 @@ To ensure a consistent binary payload is signed, the buyer first needs to string const signedAdditionalBid = { // "bid" is the result of JSON.stringify(additionalBid) "bid": "{\"interestGroup\":{\"name\":\"campaign123\"...},...}" - "signatures": { + "signatures": [ { "key": "9TCI6ZvHsCqMvhGN0+zv67Vx3/l9Z+//mq3hY4atV14=", "signature": "SdEnASmeyDTjEkag+hczHtJ7wGN9f2P2E...==" @@ -1128,7 +1128,7 @@ const signedAdditionalBid = { "key": "eTQOmfYCmLL2gqraPJX6YjryU6hW6yHEwmdsXeNL2qA=", "signature": "kSz0go9iax9KNBuMTLjWoUHQvcxnus8I5...==" }, - } + ] } ``` From b7336d0361f8b618b17b5ad100a8a537017f01e6 Mon Sep 17 00:00:00 2001 From: Paul Jensen <JensenPaul@users.noreply.github.com> Date: Thu, 14 Dec 2023 14:58:45 -0500 Subject: [PATCH 44/58] [Spec] add requestedSize to auction config (#942) Co-authored-by: Dominic Farolino <domfarolino@gmail.com> --- spec.bs | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/spec.bs b/spec.bs index 25180d82f..858519b9b 100644 --- a/spec.bs +++ b/spec.bs @@ -704,6 +704,7 @@ dictionary AuctionAdConfig { USVString trustedScoringSignalsURL; sequence<USVString> interestGroupBuyers; Promise<any> auctionSignals; + record<DOMString, DOMString> requestedSize; Promise<any> sellerSignals; Promise<DOMString> directFromSellerSignalsHeaderAdSlot; unsigned long long sellerTimeout; @@ -1085,6 +1086,24 @@ To <dfn>validate and convert auction ad config</dfn> given an {{AuctionAdConfig} * To parse the value |result|, set |auctionConfig|'s [=auction config/auction signals=] to the result of [=serializing a JavaScript value to a JSON string=]. * To handle an error, set |auctionConfig|'s [=auction config/auction signals=] to failure. +1. If |config|["{{AuctionAdConfig/requestedSize}}"] [=map/exists=]: + 1. Let |requestedSize| be |config|["{{AuctionAdConfig/requestedSize}}"] + 1. If |requestedSize|["height"] does not [=map/exist=], throw a {{TypeError}}. + + 1. If |requestedSize|["width"] does not [=map/exist=], throw a {{TypeError}}. + + 1. Let |width| and |widthUnit| be the dimension and dimension unit that results from running + [=parse an AdRender dimension value=] with |requestedSize|["width"], respectively. + 1. If |width| is null, throw a {{TypeError}}. + + 1. Let |height| and |heightUnit| be the dimension and dimension unit that results from running + [=parse an AdRender dimension value=] with |requestedSize|["height"], respectively. + 1. If |height| is null, throw a {{TypeError}}. + + 1. Let |adSize| be a new [=ad size=]. + 1. Set |adSize|'s [=ad size/width=] to |width|, [=ad size/width units=] to |widthUnit|, + [=ad size/height=] to |height|, [=ad size/height units=] to |heightUnit|. + 1. Set |auctionConfig|'s [=auction config/requested size=] to |adSize|. 1. If |config|["{{AuctionAdConfig/sellerSignals}}"] [=map/exists=]: 1. Set |auctionConfig|'s [=auction config/seller signals=] to |config|["{{AuctionAdConfig/sellerSignals}}"]. @@ -4315,6 +4334,9 @@ An auction config is a [=struct=] with the following items: : <dfn>auction signals</dfn> :: Null, a [=string=], a {{Promise}}, or failure. Opaque JSON data passed to both sellers' and buyers' [=script runners=]. +: <dfn>requested size</dfn> +:: Null or an [=ad size=], initially null. + The size of the frame for the ad being selected by the auction. : <dfn>seller signals</dfn> :: Null, a [=string=], a {{Promise}}, or failure. Opaque JSON data passed to the seller's [=script runner=]. From d6cd564eb5b1d382ab52a5dbf62ce32594e7a7bf Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Tue, 19 Dec 2023 11:01:31 -0500 Subject: [PATCH 45/58] Create 2023-12-13-FLEDGE-call-minutes.md --- meetings/2023-12-13-FLEDGE-call-minutes.md | 269 +++++++++++++++++++++ 1 file changed, 269 insertions(+) create mode 100644 meetings/2023-12-13-FLEDGE-call-minutes.md diff --git a/meetings/2023-12-13-FLEDGE-call-minutes.md b/meetings/2023-12-13-FLEDGE-call-minutes.md new file mode 100644 index 000000000..a07a19cc6 --- /dev/null +++ b/meetings/2023-12-13-FLEDGE-call-minutes.md @@ -0,0 +1,269 @@ +# Protected Audience WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 5pm Paris time = 4pm UTC (during winter) + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Dec 13, 2023 + +To be added to a Google Calendar invitation for this meeting, join the Google Group https://groups.google.com/a/chromium.org/g/protected-audience-api-meetings/ + + +## Attendees: please sign yourself in! + + + +1. Michael Kleber (Google Privacy Sandbox) +2. Shankar Venkataraman (Jivox) +3. Brian May (dstillery) +4. Amit Gupta (Jivox) +5. Taranjit Singh (Jivox) +6. Antoine Niek (Optable) +7. Xavier Capaldi (Optable) +8. Roni Gordon (Index Exchange) +9. David Dabbs (Epsilon) +10. Harshad Mane (PubMatic) +11. Phil Lee (Google Privacy Sandbox) +12. Orr Bernstein (Google Privacy Sandbox) +13. Garrett McGrath (Magnite) +14. Caleb Raitto (Google Chrome) +15. Paul Jensen (Google Chrome) +16. Shankar Venkataraman (Jivox) +17. Isaac Foster (MSFT Ads) +18. Alex Cone (Google Privacy Sandbox) +19. Tim Hsieh (Google Ad Manager) +20. Stan Belov (Google Ad Manager) +21. David Tam (Relay42) +22. Fabian Höring (Criteo) +23. Youssef Bourouphael (Google Privacy Sandbox) +24. Sid Sahoo (Google Chrome) +25. Matt Menke (Google Chrome) +26. Alonso Velasquez (Google Chrome) +27. Jonasz Pamuła (RTB House) +28. Zach Edwards (Victory Medium) +29. Miguel Morales (Tech Lab) +30. Jacob Goldman (Google Ad Manager) +31. Matt Davies (Bidswitch (Criteo)) +32. Andrew Pascoe (NextRoll) +33. Abishai Gray (Google Chrome) +34. Shivani Sharma (Google Chrome) +35. Daniel Rojas (Google Chrome) + + +## Note taker: Orr Bernstein + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + + +* [General Announcement] Jeroune + * The Google Privacy Sandbox team will be hosting our next series of webinars on the Protected Audience API. This set of webinars will focus on reporting and how you can measure data related to a Protected Audience auction. The first **Americas friendly session** is happening on** Jan. 16th 3-4 pm ET**. A second **EMEA friendly session** is happening **Jan. 18th 12-1 pm GMT**. A third **Japanese language session** will be held on **Jan 30th 9-11 am JST**. To join, please register below: + * AMER-friendly: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-webinar-3-reporting-amer) + * EMEA-friendly: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-webinar-3-reporting-emea) + * Japanese language: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-office-hour-3) +* Isaac: + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * <span style="text-decoration:underline;">Persistent Opt Outs, Maybe CHOPS - https://github.com/WICG/turtledove/issues/915</span> + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussion and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 +* Harshad Mane + * https://github.com/WICG/turtledove/issues/937 Need of a debug tool in Chrome for Protected Audience like Professor Prebid Chrome Extension developed by Prebid community +* David Dabbs + * Non-official chrome [testing labels](https://developers.google.com/privacy-sandbox/setup/web/chrome-facilitated-testing) seen in the wild (e.g. “preperiod”). Are these somehow related to this Chrome code (thanks to Przemysław Iwańczak for this src reference)**:** \ +https://github.com/chromium/chromium/blob/c0fcffe3bbcf87e4946dae228bd62d740568a429/components/safe\_browsing/core/browser/user\_population.cc#L91 \ +`bool is_preperiod = group.find("Preperiod") != std::string::npos;` +* Shankar Venkataraman + * Interest group ownership construct missing for Third Party Ad servers whitelisted by Advertiser ([#924](https://github.com/WICG/turtledove/issues/924)). We will discuss and explain the model that we would like supported in the context of Protected Audiences. +* Xavier Capaldi + * Status on support for multi-level frequency capping (using prevWinsMs beyond a single interest group) https://github.com/WICG/turtledove/issues/138 +* Tim Hsieh + * Follow up discussion on Native support for FLEDGE https://github.com/WICG/turtledove/issues/265#issuecomment-1823582905. + * We would like to propose an alternative option using web bundle that could potentially address both signal mixing and k-anonymity issue +* Itay + * Announcement: first Protected Auction Services meeting in an hour + * + * https://github.com/WICG/protected-auction-services-discussion +* Jonasz (RTB House) + * 3pc deprecation timeline: https://github.com/WICG/turtledove/issues/717#issuecomment-1847118918 +* Roni Gordon + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Matt Davies (Bidswitch) + * Origin / Traffic shaping -<span style="text-decoration:underline;"> https://github.com/WICG/turtledove/issues/951</span> + + +# Notes + +## https://github.com/WICG/turtledove/issues/937 Need of a debug tool in Chrome for Protected Audience like Professor Prebid Chrome Extension developed by Prebid community + + + +* Harshad Mane + * This issue is about having debugging in Chrome like what’s available in Professor Prebid + * Professor Prebid is a Chrome extension developed by the community that helps to show which bidders are configured for which ad slots + * Already, all of the configuration that goes into the auction can be seen here. + * Would like to have something similar for Protected Audience as well. + * Someone who’s debugging would need to know what’s going on. + * For Professor Prebid, it uses information accessible to anyone. However, Protected Audience is a closed system. +* Michael Kleber + * Is your goal to have a separate extension, or integrating into the existing Professor Prebid extension? +* Harshad + * Would like to see a new extension. There’s a lot of complexity already in the Professor Prebid extension. +* Kleber + * Some tradeoffs. Professor Prebid already has a lot of the detail of how auctions work. +* David Dabbs + * There’s a middle ground available. +* Paul Jensen + * There’s a page that has information on Protected audience debugging on the web using DevTools: https://developers.google.com/privacy-sandbox/relevance/protected-audience-api/troubleshoot +* Harshad + * The problem I’ve seen is that it’s not obvious from these tools which ad slot the auction is happening. +* Paul + * That’s true. We could extend the information in DevTools to show more information about which slot and auction everything is associated with. The information in DevTools is likely accessible to an extension. +* Kleber + * Is your goal to have DevTools extended to satisfy more of these needs, or to support a community-driven solution? +* Harshad + * Would prefer a community-driven solution. +* Paul + * One way we can support this is to improve the information we show via DevTools, for example, we could show more information about the call to runAdAuction. +* Kleber + * One thing we can do is to Identify what we should add as information exposed in DevTools to support a community-driven solution. +* Harshad + * Is there any concern from Chrome on showing more information in DevTools? +* Kleber + * The Chrome philosophy is that as much as possible should be seen in DevTools. You should always be able to see what’s going on in your own machine. +* Harshad + * Is there someone on Chrome team that can help us to proceed? +* Paul + * We’ll find someone who knows the intersection of DevTools and Chrome Extensions. +* Brian May + * Was going to suggest that, if Chrome could put together an extension that showed what’s happening in the auction, then someone in the Prebid community could use it as a reference implementation +* David + * I heard some targeted set of things Chrome can do - low hanging fruit - e.g. key things in the timeline +* Paul + * Yes, adding runAdAuction calls to the timeline, attributing other events to the different auctions. + +## Non-official chrome [testing labels](https://developers.google.com/privacy-sandbox/setup/web/chrome-facilitated-testing) seen in the wild (e.g. “preperiod”). Are these somehow related to this Chrome code (thanks to Przemysław Iwańczak for this src reference): +https://github.com/chromium/chromium/blob/c0fcffe3bbcf87e4946dae228bd62d740568a429/components/safe\_browsing/core/browser/user\_population.cc#L91 +<code>bool is_preperiod = group.find("Preperiod") != std::string::npos;</code></strong> + + + +* David Dabbs + * Is this something that it’s possible to be produced by Chrome? We’re receiving these on our DSP platform from some upstream partner. Trying to determine the provenance. +* Sid Sahoo + * This is produced by Chrome. It’s for the experiment that’s coming up for Q1/Q2, selection of the population needs to be random. When we say it’s 5% of traffic, it’s not an exact science as well. It’s adjusted, you then see if you’re overshooting/undershooting, and adjusted to get closer to 5%. +* David + * So, anything that’s labeled with preperiod, are those going to be in the actual groups? Or is just checking that your dice rolling is correct. +* Sid + * Not necessarily. Some of these may be in different groups. +* David + * So, it’s helpful to add warnings to the documentation warning people not to rely on these. +* Kleber + * Yes, we should add this to the experimentation guide. You should treat these undocumented labels the same as you would any other unlabelled traffic. +* Brian + * Will Chrome publish something about how it’s picking these populations? +* Kleber + * The populations that are being used in the Chrome-facilitated testing are using the standard Chrome randomly assigned testing infrastructure. Every browser has a random seed between 1 and 4000 on it. This 4000 buckets is the way Finch trials work in general. Trying to find good buckets to use to make sure that we’re not using ones that are imbalanced in terms of size. It’s the same infra we use for all of our A/B tests. +* Shankar + * Is the trial, when you do this kind of sampling, do you need the advertiser to participate in these trials? +* Kleber + * When Chrome creates the random sample, it’s before any of these other things happen. When Chrome creates the label, it’s just 1.5% of all the browsers in the world. The API is available for everybody; 1.5% will have this label attached to them. People are welcome to test on whatever traffic they want. Advertisers are welcome to use the PAAPI to create audiences on any traffic they want. These labels indicate a population that’s a good sample to test on. Having a small slice of traffic labeled might make your testing useless e.g. if your audience is particularly small. +* Shankar +* Kleber + * There are a few slices of traffic that GAM has said that they will always run Protected Audience auctions - the mode B slices and one of the five mode A slices. +* Sid Sahoo (in chat) + * https://support.google.com/admanager/answer/13178817 +* Kleber + * This shows which slices of traffic GAM is going to use PAAPI always. In other traffic, GAM does what everyone else is doing, potentially using the PAAPI, but not necessarily. +* Roni (in chat) + * ah, I remember my question -- there is a "fake" prefix that is also sent from "forcing" labels via experiment flags -- that, too, isn't documented +* Roni + * There are other labels there too from the experimental flags, which add a "fake" prefix. Can the documentation be exhaustive? +* David Dabbs (in chat) + * Sid Sahoo I will ask this question in the chat: are the label experiments listed as "client variations?" +* Kleber + * Any labels that you see that are not listed, don’t rely on them. You can go digging through source code. But like Sid said, we should definitely update the documentation to make some progress in that direction. + +## Status on support for multi-level frequency capping (using prevWinsMs beyond a single interest group) https://github.com/WICG/turtledove/issues/138 + + + +* Xavier Capaldi + * Reference a discussion in the thread from 2021, we need a frequency capping that’s beyond a single interest group. If we have IGs scoped to campaigns, we can’t frequency cap. Has there been more research on this? +* Kleber + * Are you talking about a person joined into multiple IGs, which were joined from the same site? Or joined from two different sites and want to frequency cap across those? +* Xavier + * Two different sites. +* Kleber + * You’re right that’s not possible right now. Making that possible is not in line with how we’re envisioning privacy within the PAAPI. Every IG should have information coming only from information coming from a single site. If its bidding behavior is affected by information about a different site, then a clever person could use prevWins from other IGs to build a cross-site profile, and learn about all the websites you’ve been on. It’s true that we don’t completely lock down information sharing, e.g. the presence of prevWins at all does some accumulation of information, so it’s not rock solid right now. But this would create more cross-site information at IG auction time. + * However, there is a concept of negative targeting, this is a feature we just added to the Protected Audience API recently, after some discussion in this forum. It’s a way for user behavior on one site to filter out contextually-targeted ads on another site. There’s an open issue (filed by Critero, I believe?) that’s asking about the possibility of using negative targeting for bids that came from IGs joined from a different site. +* Alonso (in chat) + * https://github.com/WICG/turtledove/issues/896 +* Kleber + * Might gesture in the direction of what you’re alluding to. If this would be helpful to you, please chime in on the issue. +* Alonso + * https://github.com/WICG/turtledove/issues/319 (negative targeting against contextual ads) is already implemented. https://github.com/WICG/turtledove/issues/896 is the the idea to use negative targeting against positive IGs. +* Xavier + * I’ll take a look at them, thank you. + +## Announcement: first Protected Auction Services meeting in an hour + +**Protected Auction Services discussion - notes** + +**https://github.com/WICG/protected-auction-services-discussion** + +* Itay Sharfi + * In 15 minutes, we are starting, for the first time, the meeting about trusted servers. If you’re interested, add your topic to the agenda and you’re welcome to join. Phil and I are both organizing the meeting for now. +* Kleber + * I hope people will join that meeting. I have a conflict, but Paul will be joining. + +## Follow up discussion on Native support for FLEDGE https://github.com/WICG/turtledove/issues/265#issuecomment-1823582905. + +**We would like to propose an alternative option using web bundle that could potentially address both signal mixing and k-anonymity issue** + +* Tim Hsieh + * The idea is that the seller will provide a generateHTML function. As part of the HTTP response header, they can provide the WebBundle that contains any asset as referenced from the HTML. + * The buyer will provide a native asset as JSON in the header. They can provide the WebBundle that contains any asset as referenced from the HTML. + * No network access from the rendering frame. Hopefully, fewer requests that contain both contextual information from seller and rendering information from the buyer. + * Extension of the second proposal. Going to flesh it out. An overview of that idea. +* Kleber + * Let me set the stage by comparing this to what we talked about last week. + * Your goal is that it should be possible for buyer and seller to combine inside the creative. + * The reason we were nervous about this last week is that it’s an opportunity to exfiltrate combined information to the network. Ads rendered in the way you're proposing would involve information from IG and information from surrounding publisher page to combine. + * The thing that you're proposing which makes it OK to combine these is that the FenceFrame has relinquished its access to the network. The problem we got stuck on last week was the resources needed for rendering — for example, what if there’s a font that’s needed, and it’s not yet available? + * Your new answer, which we didn't think of last week, is that all of those resources could be made available in a WebBundle. Since that web bundle is provided along with the ad/IG, we can load it before information from the publisher page and the IG combine, before we need to give up network access. +* Shivani (the primary engineer who’s been thinking about rendering in FencedFrames) + * What happens before FencedFrame renders - considering the input part, the buyer needs to provide some information back to the publisher. Anything that’s returned back from runAdAuction needs to be opaque. Need to make sure that we’re still satisfying that guarantee. +* Tim + * That’s correct. The native asset will be provided as an argument for generateHTML. It’ll be running inside Chrome, in a worklet that has no network access. +* Shivani + * In terms of a FencedFrame that doesn’t have network access, what happens when navigation needs to happen from that ad, and reporting? +* Tim + * Good point. For reporting, FencedFrameReporting API. For top-frame navigation, we need some way for buyer or seller to declare, here’s the set of URLs to which we can be navigating to. Haven’t thought through that yet. +* Shivani + * Might need to consider pre-declared navigation URL. With reporting, it would be possible to exfiltrate the combined information of seller and buyer. Would need aggregate reporting. +* Shankar + * This is the protocol currently in place for video ads. The seller renders the creatives. In the context of Fenced Frames, it will be an allowlisted set of URLs that you’ll be able to tie back to the origin. The buyer wins the auction, sends the dummy asset, and the seller renders it. +* Kleber + * Just to recap from last week, the fundamental issue is that if the seller-provider information is universal - not based on the publisher page or the URL - easily accommodated today. Do the combination in advance. Lots of ways that combination can happen. But if the information provided by the SSP is provided at the moment of the auction, if the information about the user is flowing into the rendering frame, it’s on the other side of the privacy guarantee we’re trying to provide. Either that information about the user does not combine, or that if it does combine, that it can’t be exfiltrated. +* Shivani + * Have a capability coming up that’s in the Fenced Frame repositories, either that the FencedFrame is created with no network access, or that it starts with network access, and then it renounces network access and in exchange can access information from SharedStorage. +* Kleber + * What Tim is suggesting is that the FencedFrame relinquishes its network access, and in exchange can access a WebBundle +* Roni + * Also needs to work in an iframe, and we have the same problem today. Video XML in iframes before 2026. +* Kleber + * What we’re talking about is easy to do today if you have code on the publisher page and can postMessage into the iframe, but if you don’t have code on the publisher page (like you are a component-seller SSP), then this is still an open issue. From d512d45556d6cb92f2687e9164b6da1a88600cad Mon Sep 17 00:00:00 2001 From: "Orr Bernstein (Google Chrome)" <orrb@google.com> Date: Wed, 20 Dec 2023 17:26:09 -0500 Subject: [PATCH 46/58] Add iframe support for adAuctionHeaders to spec. (#918) * Add iframe support for adAuctionHeaders to spec. This support is provided by a new adAuctionHeaders attribute on the iframe element that will have the same functional behavior as the adAuctionHeaders fetch flag, in that it will trigger the user agent to send the Sec-Ad-Auction-Fetch request header, and to remove `Ad-Auction-Signals` and `Ad-Auction-Additional-Bid` response headers, providing their values to the Protected Audience auction. * Add iframe support for adAuctionHeaders to spec. This support is provided by a new `adAuctionHeaders` attribute on the iframe element that will have the same functional behavior as the `adAuctionHeaders` fetch flag, in that it will trigger the user agent to send the `Sec-Ad-Auction-Fetch` request header, and to remove `Ad-Auction-Signals` and `Ad-Auction-Additional-Bid` response headers, providing their values to the Protected Audience auction. This is a continuation of https://github.com/WICG/turtledove/pull/883, which needed to be closed due to an merge conflict on rebase. * Remove inadvertently added spec.bs.bak. * Replace long URL links for "iframe navigation" with spec links. * Integrating feedback from domfarolino. Changing the adauctionheaders content attribute to be all-lowercase, adjusting the language intended to describe the response returned from the fetch call, and using the dfn autolink for `reflects`. * Add Ad-Auction-Additional-Bid to the headers removed The section for `Sec-Ad-Auction-Fetch` currently says that the `Ad-Auction-Signals` response header will be removed from the response and will instead only be used in Protected Audiences auctions. This change adds `Ad-Auction-Additional-Bid`, which is treated the same way. * Adding a missing comma. --- spec.bs | 108 +++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 88 insertions(+), 20 deletions(-) diff --git a/spec.bs b/spec.bs index 858519b9b..c44478e77 100644 --- a/spec.bs +++ b/spec.bs @@ -1125,11 +1125,26 @@ To <dfn>validate and convert auction ad config</dfn> given an {{AuctionAdConfig} 1. [=Handle an input promise in configuration=] given |auctionConfig| and |config|["{{AuctionAdConfig/additionalBids}}"]: - Note: The JavaScript code calling {{Navigator/runAdAuction()}} is responsible for not resolving - |config|["{{AuctionAdConfig/additionalBids}}"] until an associated [=request=] whose - [=request/initiator type=] is `"fetch"` and the {{RequestInit/adAuctionHeaders}} option set to - `true` returns a response, or alternatively, not calling {{Navigator/runAdAuction()}} until the - [=request=] returns a response. + Note: The JavaScript code calling {{Navigator/runAdAuction()}} is responsible for *not* + resolving |config|["{{AuctionAdConfig/additionalBids}}"] until additional bids have been + retrieved from one or more [:Ad-Auction-Additional-Bid:] headers, as resolving this Promise + early would cause a race condition in which additional bids might not be included in the + auction. There are two ways that additional bids can be retrieved. The first is for the + JavaScript code to issue a [=request=] whose [=request/initiator type=] is `"fetch"` and whose + {{RequestInit/adAuctionHeaders}} option is set to `true`. The JavaScript code has to resolve + |config|["{{AuctionAdConfig/additionalBids}}"] after the corresponding call to + {{WindowOrWorkerGlobalScope/fetch()}} has resolved to a [=response=]. + The JavaScript code can also choose to wait to call {{Navigator/runAdAuction()}} until after + the corresponding call to {{WindowOrWorkerGlobalScope/fetch()}} has resolved to a response, + and can then immediately resolve |config|["{{AuctionAdConfig/additionalBids}}"]. + + The second way that additional bids can be retrieved is by issuing an + <a spec="html" lt="navigate an iframe or frame">iframe navigation</a> + request with the <{iframe/adauctionheaders}> <a spec=html>content attribute</a> set to `true`. + In this case, the JavaScript code is retrieved as part of the iframe navigation response, + at which point the JavaScript code in the iframe makes the call to + {{Navigator/runAdAuction()}}, and |config|["{{AuctionAdConfig/additionalBids}}"] can be + immediately resolved. * To parse the value |result|: 1. Set |auctionConfig|'s [=auction config/expects additional bids=] to false. @@ -1138,13 +1153,30 @@ To <dfn>validate and convert auction ad config</dfn> given an {{AuctionAdConfig} 1. If |config|["{{AuctionAdConfig/directFromSellerSignalsHeaderAdSlot}}"] [=map/exists=]: 1. [=Handle an input promise in configuration=] given |auctionConfig| and |config|["{{AuctionAdConfig/directFromSellerSignalsHeaderAdSlot}}"]: - - Note: The JavaScript code calling {{Navigator/runAdAuction()}} is responsible for resolving - |config|["{{AuctionAdConfig/directFromSellerSignalsHeaderAdSlot}}"] only when the {{Promise}} - returned from an associated [=request=], whose [=request/initiator type=] is `"fetch"` and the - {{RequestInit/adAuctionHeaders}} option set to `true`, resolves or rejects. Otherwise, there - will be a race condition that the worklet can run without the direct from seller signals that - it needs. See [[#fetch-patch-for-auction-headers]] for details. + + Note: The JavaScript code calling {{Navigator/runAdAuction()}} is responsible for *not* + resolving |config|["{{AuctionAdConfig/directFromSellerSignalsHeaderAdSlot}}"] + until direct from seller signals have been retrieved from one or more [:Ad-Auction-Signals:] + headers, as resolving this Promise early would cause a race condition in which the worklet + might run without the direct from seller signals that it needs. There are two ways that + direct from seller signals can be retrieved. The first is for the JavaScript code to issue a + [=request=] whose [=request/initiator type=] is `"fetch"` and whose + {{RequestInit/adAuctionHeaders}} option is set to `true`. The JavaScript code has to resolve + |config|["{{AuctionAdConfig/directFromSellerSignalsHeaderAdSlot}}"] after the corresponding + call to {{WindowOrWorkerGlobalScope/fetch()}} has resolved to a [=response=]. The JavaScript + code can also choose to wait to call {{Navigator/runAdAuction()}} until after the + corresponding call to {{WindowOrWorkerGlobalScope/fetch()}} has resolved to a [=response=], + and can then immediately resolve + |config|["{{AuctionAdConfig/directFromSellerSignalsHeaderAdSlot}}"]. The second way that + direct from seller signals can be retrieved is by issuing an + <a spec="html" lt="navigate an iframe or frame">iframe navigation</a> + request with the <{iframe/adauctionheaders}> <a spec=html>content attribute</a> set to `true`. + In this case, the JavaScript code is retrieved as part of the iframe navigation response, + at which point the JavaScript code in the iframe makes the call to + {{Navigator/runAdAuction()}}, and + |config|["{{AuctionAdConfig/directFromSellerSignalsHeaderAdSlot}}"] can be can be specified + directly without a Promise. + * To parse the value |result|: 1. Set |auctionConfig|'s [=auction config/direct from seller signals header ad slot=] to |result|. @@ -3772,7 +3804,10 @@ Any {{Document}} in a [=traversable navigable=] may run a Protected Audience auc derived from JSON from an [:Ad-Auction-Signals:] header, or [=additional bids=] derived from an [:Ad-Auction-Additional-Bid:] header, captured by a {{WindowOrWorkerGlobalScope/fetch()}} call (using the {{RequestInit/adAuctionHeaders}} option) initiated by any *other* {{Document}} in the -*same* [=traversable navigable=]. +*same* [=traversable navigable=], or from an +<a spec="html" lt="navigate an iframe or frame">iframe navigation</a> +request (using the <{iframe/adauctionheaders}> +<a spec=html>content attribute</a> on the <{iframe}> element). <div algorithm="fetch per traversable navigable structures patch"> Modify [[FETCH]]'s [[FETCH#infrastructure]] to add a new section called "Per Traversable Navigable @@ -3783,7 +3818,10 @@ headers</dfn>, which is a [=map=] whose [=map/keys=] are [=direct from seller si whose [=map/values=] are [=direct from seller signals=]. NOTE: This is only captured during a [=request=] whose [=request/initiator type=] is `"fetch"`, made -with the {{RequestInit/adAuctionHeaders}} option set to `true`, as described in the +with the {{RequestInit/adAuctionHeaders}} option set to `true`, or during an +<a spec="html" lt="navigate an iframe or frame">iframe navigation</a> +request with the <{iframe/adauctionheaders}> +<a spec=html>content attribute</a> set to `true`, as described in the [:Ad-Auction-Signals:] header description. Each [=traversable navigable=] has a <dfn for="traversable navigable">captured ad auction additional @@ -3791,12 +3829,14 @@ bids headers</dfn>, which is a [=map=] whose [=map/keys=] are [=auction nonces=] [=map/values=] are [=strings=]. NOTE: This is only captured during a [=request=] whose [=request/initiator type=] is `"fetch"`, made -with the {{RequestInit/adAuctionHeaders}} option set to `true`, as described in the -[:Ad-Auction-Additional-Bid:] header description. +with the {{RequestInit/adAuctionHeaders}} option set to `true`, or during an +<a spec="html" lt="navigate an iframe or frame">iframe navigation</a> +request with the <{iframe/adauctionheaders}> <a spec=html>content attribute</a> +set to `true`, as described in the [:Ad-Auction-Additional-Bid:] header description. </div> <div algorithm="fetch capture adAuctionHeaders boolean patch"> -Modify the definition of a [=request=]: +Modify the definition of a [=request=]: A [=request=] has an associated boolean <dfn for=request>capture-ad-auction-headers</dfn>. Unless stated otherwise it is false. @@ -3822,6 +3862,30 @@ step "Set [=this=]'s [=Request/request=] to |request|": </div> +<div algorithm="iframe navigation capture adAuctionHeaders attribute patch"> +Modify the <{iframe}> element to add a +<dfn element-attr for="iframe">adauctionheaders</dfn> <a spec=html>content attribute</a>. +The IDL attribute {{HTMLIFrameElement/adAuctionHeaders}} [=reflects=] +the <{iframe/adauctionheaders}> <a spec=html>content attribute</a>. + +<pre class=idl> +partial interface HTMLIFrameElement { + [CEReactions] attribute boolean adAuctionHeaders; +}; +</pre> +</div> + +<div algorithm="iframe navigation patch"> +The following step will be added to the +<a spec="html">create navigation params by fetching</a> steps +after step "Let |request| be a new [=Request/request=], with ...": + +1. If <var ignore>navigable</var>'s [=navigable/container=] is an <{iframe}> element, + and if it has a <{iframe/adauctionheaders}> <a spec=html>content attribute</a>, + then set |request|'s [=request/capture-ad-auction-headers=] to true. + +</div> + <div algorithm="fetch Sec-Ad-Auction-Fetch patch"> The following step will be added to the [=HTTP-network-or-cache fetch=] algorithm, before step "Modify |httpRequest|'s [=request/header list=] per HTTP. ...": @@ -3841,9 +3905,13 @@ request header</h3> The \`<dfn http-header><code>Sec-Ad-Auction-Fetch</code></dfn>\` request header is an optional [=structured header=] with of type [=structured header/boolean=]. [:Sec-Ad-Auction-Fetch:] will only be set on a [=request=] whose [=request/initiator type=] is `"fetch"`, made with the -{{RequestInit/adAuctionHeaders}} option set to `true`. If [:Sec-Ad-Auction-Fetch:] is equal to `?1`, -the user agent will remove any [:Ad-Auction-Signals:] from the returned [=response=] -- the -[:Ad-Auction-Signals:] value will instead only be used in Protected Audiences auctions. +{{RequestInit/adAuctionHeaders}} option set to `true`, or on an +<a spec="html" lt="navigate an iframe or frame">iframe navigation</a> +request with the <{iframe/adauctionheaders}> <a spec=html>content attribute</a> +set to `true`. If [:Sec-Ad-Auction-Fetch:] is equal to `?1`, +the user agent will remove any [:Ad-Auction-Signals:] or [:Ad-Auction-Additional-Bid:] from the +returned [=response=] -- the [:Ad-Auction-Signals:] or [:Ad-Auction-Additional-Bid:] value will +instead only be used in Protected Audiences auctions. <h3 id=ad-auction-signals-header>The \`<a http-header><code>Ad-Auction-Signals</code></a>\` HTTP response header</h3> From 916fb562d91382b495814935bfa63e4573055329 Mon Sep 17 00:00:00 2001 From: "Orr Bernstein (Google Chrome)" <orrb@google.com> Date: Thu, 21 Dec 2023 08:25:13 -0500 Subject: [PATCH 47/58] Add iframe support for adAuctionHeaders to explainer. (#887) * Remove `reportAdditionalBidResult` for additional bids. In the most recent version of the additional bids/negative targeting design, additional bids are transported via HTTP response headers, so that sellers don't have a risk for which they'd need a differently named reporting function to acknowledge that risk. The text in the explainer correctly noted the risk to buyers, and the differently named reporting function for buyers, `reportAdditionalBidWin`, remains. * Add iframe support for adAuctionHeaders to explainer. This support is provided by a new `adAucitonsHeader` on the iframe attribute that will have the same functional behavior as the `adAuctionHeaders` fetch flag, in that it will trigger the user agent to send the `Sec-Ad-Auction-Fetch` request header, and to remove `Ad-Auction-Signals` and `Ad-Auction-Additional-Bid` response headers, providing their values to the Protected Audience auction. * Add timing and B&A response blobs for iframe adAuctionHeaders. Add a few sentences to clarify when Promises should be resolved when using both fetch and iframe mechanisms for adAuctionHeaders. Also added a paragraph to the B&A explainer noting the potential use of iframe navigation to retrieve response blobs. * Clarify difference between additional bids and directFromSellerSignals. * Adjust wording for iframe support for Ad-Auction-Result headers. This is a slight adjustment in wording on the B&A explainer for clarity. * Clarify guidance on response headers received before runAdAuction. Specifically, we clarify here that the `directFromSellerSignals` should be provided as a non-Promise in that scenario, versus as a Promise that's immediately resolved. * Inline the guidance for adAuctionHeaders fetch flag/iframe attribute. For additional bids, this document previously pointed to the directFromSellerSignals section for details on how to use the `adAuctionHeaders` fetch flag or iframe attribute to use response header interception. To reduce confusion (at the cost of some repetition), this version copies some of that guidance into the additional bids section. * Update B&A response blob URL on iframe to match that of fetch request. * Removing extraneous line left behind from a copy/paste error * Replace the term 'parameter' with 'field' for auction config fields --- FLEDGE.md | 42 ++++++++++++++++++----- FLEDGE_browser_bidding_and_auction_API.md | 5 +++ 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/FLEDGE.md b/FLEDGE.md index 8fef830ce..6f285d559 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -527,15 +527,25 @@ For the JSON response, only the `https` scheme is supported -- the `uuid-in-pack #### 2.5.2 Using Response Headers -An alternative way to pass DirectFromSellerSignals without subresource bundles is via the `Ad-Auction-Signals` response header of some `fetch()` request, together with the `directFromSellerSignalsHeaderAdSlot` parameter on `navigator.runAdAuction()`. +An alternative way to pass DirectFromSellerSignals without subresource bundles is via the `Ad-Auction-Signals` response header of some `fetch()` request or `iframe` navigation, together with the `directFromSellerSignalsHeaderAdSlot` field on `navigator.runAdAuction()`. -With this method, a [`fetch()`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API) call is made by some script on the page (this call may be made in a subframe), with an extra option, `{adAuctionHeaders: true}`: +To pass DirectFromSellerSignals using a [`fetch()`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API) call made by some script on the page (including in a subframe), specify an extra option, `{adAuctionHeaders: true}`: ```javascript let fetchResponse = await fetch("https://seller.com/signals", {adAuctionHeaders: true}); ``` -The browser will make the request it would without `{adAuctionHeaders: true}`, with the exception that the request will also include a request header, `Sec-Ad-Auction-Fetch: ?1`. This header indicates to the server that any `Ad-Auction-Signals` response header from the server will only be loaded in auctions via `directFromSellerSignalsHeaderAdSlot` (this is analogous to the guarantees of `Ad-Auction-Only` and `Sec-Fetch-Dest: webbundle` from the [subresource bundle version](#251-using-subresource-bundles) -- scripts on the page cannot set the `Sec-Ad-Auction-Fetch: ?1` request header without using the `{adAuctionHeaders: true}` option). +The script must resolve the `directFromSellerSignalsHeaderAdSlot` Promise only after the response for this call has been received. If the script chooses to call `runAdAuction()` after this response is received, `directFromSellerSignalsHeaderAdSlot` can be specified directly without a Promise. + +To pass DirectFromSellerSignals using an [`iframe`](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe) navigation, specify the `adAuctionHeaders` attribute on the `iframe` element: + +```html +<iframe src="https://seller.com/signals" adAuctionHeaders></iframe> +``` + +If script that invokes `runAdAuction()` is part of the response to that iframe navigation, `directFromSellerSignalsHeaderAdSlot` can be specified directly without a Promise because `runAdAuction()` cannot be called until after the response - with its DirectFromSellerSignals headers - has been received. + +The browser will make the request for either the `fetch()` or the `iframe` navigation that it otherwise would, with the exception that the request will also include a request header, `Sec-Ad-Auction-Fetch: ?1`. This header indicates to the server that any `Ad-Auction-Signals` response header from the server will only be loaded in auctions via `directFromSellerSignalsHeaderAdSlot` (this is analogous to the guarantees of `Ad-Auction-Only` and `Sec-Fetch-Dest: webbundle` from the [subresource bundle version](#251-using-subresource-bundles) -- scripts on the page cannot set the `Sec-Ad-Auction-Fetch: ?1` request header without using the `{adAuctionHeaders: true}` option). The value of the `Ad-Auction-Signals` header must be JSON formatted, with the following schema: @@ -560,7 +570,7 @@ When invoking `navigator.runAdAuction()`, `directFromSellerSignalsHeaderAdSlot` The JSON will be parsed by the browser, and passed via the same `directFromSellerSignals` worklet functions parameter as in [the subresource bundle](#251-using-subresource-bundles) version of DirectFromSellerSignals, with `sellerSignals` only being delivered to the seller, `perBuyerSignals` only being delivered to the buyer for each buyer origin key, and `auctionSignals` being delivered to all parties. Since the top-level JSON value is an array, multiple `adSlot` responses may be set for a given `Ad-Auction-Signals` header. In the dictionary with the `adSlot`, the `sellerSignals`, `auctionSignals`, and `perBuyerSignals` fields are optional -- they will be passed as null if not specified. -Since both `directFromSellerSignals` and `directFromSellerSignalsHeaderAdSlot` (the parameters on `navigator.runAdAuction()`) set the same `directFromSellerSignals` parameter on the worklet functions, it is not valid to use both `directFromSellerSignals` and `directFromSellerSignalsHeaderAdSlot` in the same auction. However, component auctions in the same top-level auction / the top-level itself do not all need to use the same type of DirectFromSellerSignals (and it's also valid if only some component auctions / the top-level use DirectFromSellerSignals). +Since both `directFromSellerSignals` and `directFromSellerSignalsHeaderAdSlot` (the fields on `navigator.runAdAuction()`) set the same `directFromSellerSignals` parameter on the worklet functions, it is not valid to use both `directFromSellerSignals` and `directFromSellerSignalsHeaderAdSlot` in the same auction. However, component auctions in the same top-level auction / the top-level itself do not all need to use the same type of DirectFromSellerSignals (and it's also valid if only some component auctions / the top-level use DirectFromSellerSignals). Failure to find a matching `adSlot` results in the fields of the `directFromSellerSignals` object passed to worklet functions being set to null, similar to the [subresource bundle version](#251-using-subresource-bundles). @@ -1026,7 +1036,7 @@ Each additional bid may provide a value for **at most** one of the `negativeInte The `auctionNonce`, `seller`, and `topLevelSeller` fields are used to prevent replay of this additional bid. The `auctionNonce` is described below in section [6.1 Auction Nonce](#61-auction-nonce). The `seller` and `topLevelSeller` fields echo those present in the `browserSignals` argument to `generateBid()` as described in section [3.2 On-Device Bidding](#32-on-device-bidding). In `generateBid()`, these are meant to ensure that the buyer acknowledges and accepts that their bid can participate in an auction with those parties. Additional bids don't have a corresponding call to `generateBid()`, and so the `seller` and `topLevelSeller` fields in an additional bid are intended to allow for the same acknowledgement as those in `browserSignals`. -Additional bids are not provided through the auction config passed to `runAdAuction()`, but rather through the response headers of a Fetch request, as described below in section [6.3 HTTP Response Headers](#63-http-response-headers). However, the auction config still has an `additionalBids` field, which is a Promise with no value, used only to signal to the auction that the additional bids have arrived and are ready to be accepted in the auction. For each additional bid, its owner must be included in interestGroupBuyers for that additional bid to participate in the auction. +Additional bids are not provided through the auction config passed to `runAdAuction()`, but rather through the response headers of a Fetch request or `iframe` navigation, as described below in section [6.3 HTTP Response Headers](#63-http-response-headers). However, the auction config still has an `additionalBids` field, which is a Promise with no value, used only to signal to the auction that the additional bids have arrived and are ready to be accepted in the auction. For each additional bid, its owner must be included in interestGroupBuyers for that additional bid to participate in the auction. ``` navigator.runAdAuction({ @@ -1138,20 +1148,34 @@ Note that the key fields are used by the browser both to verify the signature, a The browser ensures, using TLS, the authenticity and integrity of information provided to the auction through calls made directly to an ad tech's servers. This guarantee is not provided for data passed in `runAdAuction()`. To account for this, additional bids use the same HTTP response header interception mechanism that's already in use for the [Bidding & Auction response blob](FLEDGE_browser_bidding_and_auction_API.md#step-3-get-response-blobs-to-browser) and `directFromSellerSignals`. -To use HTTP response headers to convey the additional bids, the request to fetch them will first need to specify the `adAuctionHeaders` fetch flag. +Servers return additional bids to the browser using the `Ad-Auction-Additional-Bid` response header of some `fetch()` request or `iframe` navigation, together with the `additionalBids` field on `navigator.runAdAuction()`. This uses the same syntax as that used to convey `directFromSellerSignals` [using response headers](#252-using-response-headers). + +To request additional bids using a [`fetch()`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API) call made by some script on the page (including in a subframe), specify an extra option, `{adAuctionHeaders: true}`: +```javascript +let fetchResponse = await fetch("https://...", {adAuctionHeaders: true}); ``` -fetch("https://...", {adAuctionHeaders: true}); + +The script must resolve the `additionalBids` Promise only after the response for this call has been received. If the script chooses to call `runAdAuction()` after this response is received, the `additionalBids` Promise may be immediately resolved. + +To request additional bids using an [`iframe`](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe) navigation, specify the `adAuctionHeaders` attribute on the `iframe` element: + +```html +<iframe src="https://..." adAuctionHeaders></iframe> ``` -This signals to the browser that it should look for one or more additional bids encoded as HTTP response headers from this Fetch. Each instance of the `Ad-Auction-Additional-Bid` response header will correspond to a single additional bid. The response may include more than one additional bid by specifying multiple instances of the `Ad-Auction-Additional-Bid` response header. The structure of each instance of the `Ad-Auction-Additional-Bid` header must be as follows: +If script that invokes `runAdAuction()` is part of the response to that iframe navigation, the `adAuctionHeaders` Promise may be immediately resolved from within the iframe because `runAdAuction()` cannot be called until after the response - with its additional bid headers - has been received. + +The browser will make the request for either the Fetch or the `iframe` navigation that it otherwise would, with the exception that the request will also include a request header, `Sec-Ad-Auction-Fetch: ?1`. This header indicates to the server that each `Ad-Auction-Additional-Bid` response header from the server will be decoded as an additional bid and loaded into the auction. Each instance of the `Ad-Auction-Additional-Bid` response header will correspond to a single additional bid. The response may include more than one additional bid by specifying multiple instances of the `Ad-Auction-Additional-Bid` response header. The structure of each instance of the `Ad-Auction-Additional-Bid` header must be as follows: ``` Ad-Auction-Additional-Bid: <auction nonce>:<base64-encoding of the signed additional bid> ``` -These HTTP response headers are intercepted by the browser and diverted to participate in the auction without passing through the JavaScript context. When all of the additional bids for an auction have been received this way, the seller should resolve the `additionalBids` Promise passed into the auctionConfig that was described in section [6. Additional Bids](#6-additional-bids). The browser will use this as the signal that it's ready to accept the bids provided by the `Ad-Auction-Additional-Bid` response headers into the auction. +The browser uses the auction nonce prefix from each response header to associate each additional bid to its corresponding auction. For single-seller auctions, this maps to a particular call to `runAdAuction()`, whereas for multi-seller auctions, this maps to a particular component auction. + +All `Ad-Auction-Additional-Bid` response headers are intercepted by the browser and diverted to participate in the auction without passing through the JavaScript context. When all of the additional bids for an auction have been received this way, the seller should resolve the `additionalBids` Promise passed as described above. The browser will use this as the signal that it has all of the additional bids intended for this auction. #### 6.4 Reporting Additional Bid Wins diff --git a/FLEDGE_browser_bidding_and_auction_API.md b/FLEDGE_browser_bidding_and_auction_API.md index a3990ee99..19878a956 100644 --- a/FLEDGE_browser_bidding_and_auction_API.md +++ b/FLEDGE_browser_bidding_and_auction_API.md @@ -51,6 +51,11 @@ fetch('https://www.example-ssp.com/auction', { <b>adAuctionHeaders: true</b>, </pre> Note that `adAuctionHeaders` only works with HTTPS requests. +Response blobs can also be retrieved using an `iframe` navigation by specifying the `adAuctionHeaders` attribute on the iframe element. As with the Fetch flag, the `adAuctionHeaders` iframe attribute prepares the browser to look for `Ad-Auction-Result` HTTP response headers: +```html +<iframe src="https://www.example-ssp.com/auction" adAuctionHeaders></iframe> +``` + For each response blob sent back to the browser, the seller’s server attaches a response header containing the base64url encoded (RFC 4648 section 5) SHA-256 hash of the response blob: ``` From c124b0d1e16e9991c0bdb5213467bed3d84202cb Mon Sep 17 00:00:00 2001 From: "Orr Bernstein (Google Chrome)" <orrb@google.com> Date: Thu, 21 Dec 2023 18:29:53 -0500 Subject: [PATCH 48/58] Replace inaccurate link for 'request' in iframe navigation patch. (#964) --- spec.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index c44478e77..5c825f5cb 100644 --- a/spec.bs +++ b/spec.bs @@ -3878,7 +3878,7 @@ partial interface HTMLIFrameElement { <div algorithm="iframe navigation patch"> The following step will be added to the <a spec="html">create navigation params by fetching</a> steps -after step "Let |request| be a new [=Request/request=], with ...": +after step "Let |request| be a new [=request=], with ...": 1. If <var ignore>navigable</var>'s [=navigable/container=] is an <{iframe}> element, and if it has a <{iframe/adauctionheaders}> <a spec=html>content attribute</a>, From fce8dcf81be69bed90ecf39706f583eef0fa65a6 Mon Sep 17 00:00:00 2001 From: David Dabbs <david.dabbs@epsilon.com> Date: Fri, 22 Dec 2023 15:09:31 -0600 Subject: [PATCH 49/58] Update FLEDGE_extended_PA_reporting.md (typo) (#955) Fixing this typo provides an opportunity to ask about the status of `sellerCapabilities`. Will it be added to the spec as an updateable IG attribute, contribute to IG size estimation, &c? --- FLEDGE_extended_PA_reporting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FLEDGE_extended_PA_reporting.md b/FLEDGE_extended_PA_reporting.md index 8507673fc..13d32a0f8 100644 --- a/FLEDGE_extended_PA_reporting.md +++ b/FLEDGE_extended_PA_reporting.md @@ -297,7 +297,7 @@ const auctionConfig = { The seller is able to measure the following for each buyer, assuming permission is granted via the indicated `sellerCapabilities` for that seller: * `interestGroupCount`: The number of the interest groups which could participate in the auction -(i.e. the number of intererest groups on the machine for this buyer -- note the count *isn't* limited by the auction config's `perBuyerGroupLimits`). This requires the `interest-group-counts` `sellerCapabilities` permission. +(i.e. the number of interest groups on the machine for this buyer -- note the count *isn't* limited by the auction config's `perBuyerGroupLimits`). This requires the `interest-group-counts` `sellerCapabilities` permission. * `bidCount`: The number of valid bids generated by this buyer. This requires the `interest-group-counts` `sellerCapabilities` permission. * `totalGenerateBidLatency`: The sum of execution time for all generateBids() in milliseconds. This requires the `latency-stats` `sellerCapabilities` permission. * `totalSignalsFetchLatency`: The total time spent fetching trusted buyer signals in milliseconds. If the interest group didn't fetch any trusted signals, then 0 milliseconds is reported. This requires the `latency-stats` `sellerCapabilities` permission. From 9b7bdba33365ac904221d94b775c456996c4fd95 Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Tue, 2 Jan 2024 15:28:01 -0500 Subject: [PATCH 50/58] Create 2023-12-20-FLEDGE-call-minutes.md --- meetings/2023-12-20-FLEDGE-call-minutes.md | 239 +++++++++++++++++++++ 1 file changed, 239 insertions(+) create mode 100644 meetings/2023-12-20-FLEDGE-call-minutes.md diff --git a/meetings/2023-12-20-FLEDGE-call-minutes.md b/meetings/2023-12-20-FLEDGE-call-minutes.md new file mode 100644 index 000000000..b7dae4792 --- /dev/null +++ b/meetings/2023-12-20-FLEDGE-call-minutes.md @@ -0,0 +1,239 @@ + +# Protected Audience WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 5pm Paris time = 4pm UTC (during winter) + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Dec 20, 2023 + +To be added to a Google Calendar invitation for this meeting, join the Google Group https://groups.google.com/a/chromium.org/g/protected-audience-api-meetings/ + + +## Attendees: please sign yourself in! + + + +1. Paul Jensen (Google Chrome) +2. Brian May (dstillery) +3. Wojciech Biały (Wirtualna Polska Media) +4. Amit Gupta (Jivox) +5. Shankar Venkataraman (Jivox) +6. Roni Gordon (Index Exchange) +7. Szymon Gajda (Wirtualna Polska Media) +8. Isaac Foster (MSFT Ads (there in 5)) +9. Laurentiu Badea (OpenX) +10. Youssef Bourouphael (Google Chrome) +11. Orr Bernstein (Google Privacy Sandbox) +12. Harshad Mane (PubMatic) +13. Sid Sahoo (Google Chrome) +14. Owen Ridolfi (Mediaocean) +15. Antoine Niek (Optable) +16. Caleb Raitto (Google Chrome) +17. David Dabbs (Epsilon) +18. Ricardo Bentin (Media.net) +19. McLeod Sims (Media.net) +20. Brian Schmidt (OpenX) +21. Fabian Höring (Criteo) +22. Chris Nachmias (Mediaocean) +23. Tamara Yaeger (BidSwitch) +24. Anthony Yam (Mediaocean/Flashtalking) +25. Jonasz Pamuła (RTB House) +26. Jeroune Rhodes (Google Privacy Sandbox) +27. Drew Schoentrup (Big Crunch) +28. Maciek Zdanowicz (RTB House) +29. Nick Llerandi (Triplelift) +30. David Tam (Relay42) +31. Becky Hatley (Mediaocean/Flashtalking) +32. Stan Belov (Google Ads) +33. Abishai Gray (Google Chrome) +34. Matt Davies (Criteo | Bidswitch) +35. Alex Peckham (Mediaocean/Flashtalking) + + +## Note taker: &lt;please volunteer> + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + + +* [General Announcement] Jeroune + * The Google Privacy Sandbox team will be hosting our next series of webinars on the Protected Audience API. This set of webinars will focus on reporting and how you can measure data related to a Protected Audience auction. The first **Americas friendly session** is happening on** Jan. 16th 3-4 pm ET**. A second **EMEA friendly session** is happening **Jan. 18th 12-1 pm GMT**. A third **Japanese language session** will be held on **Jan 30th 9-11 am JST**. To join, please register below: + * AMER-friendly: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-webinar-3-reporting-amer) + * EMEA-friendly: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-webinar-3-reporting-emea) + * Japanese language: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-office-hour-3) +* Isaac: + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * <span style="text-decoration:underline;">Persistent Opt Outs, Maybe CHOPS - https://github.com/WICG/turtledove/issues/915</span> + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussion and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 +* Shankar Venkataraman + * Interest group ownership construct missing for Third Party Ad servers whitelisted by Advertiser ([#924](https://github.com/WICG/turtledove/issues/924)). We will discuss and explain the model that we would like supported in the context of Protected Audiences. +* Jonasz (RTB House) + * 3pc deprecation timeline: https://github.com/WICG/turtledove/issues/717#issuecomment-1847118918 +* Roni Gordon + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Matt Davies (Bidswitch) + * Origin / Traffic shaping -<span style="text-decoration:underline;"> https://github.com/WICG/turtledove/issues/951</span> + + +# Notes + +Paul filling in for Michael. + +Paul (Chrome): Jeroune has announcement + +Jeroune (Sandbox): Sandbox team hosting webinars on PA on reporting and measuring data, including auction, user engagement, attribution data from conversion. Links will be posted. Next sesh is Jan 16th, EMEA Jan 18th, Japan Jan 30th. + +Paul: Isaac’s issues + +## Persistent Opt Outs, Maybe CHOPS - https://github.com/WICG/turtledove/issues/915 + +Isaac (MSFT): Potential k anonymity issue between creative URL and reporting, but today we have a need (legal type) to provide privacy center. Xandr has one, MSFT has one too, but we’re not merged yet. A user will be able to go to our privacy ctr and wish to opt out of all Xandr-based advertising. We do get couple diff flavors of that, the idea is to not show ads from our platform. How we do that today is to opt out their cookie, and we will in some cases record it to expand to graph-type deal. I think that’s a challenge in partitioned world. We can opt out of ads in our privacy ctr, but not every website they go to, can’t get it shipped across partitions. Interesting challenge. Someone mentioned GPC but if there’s someone who can explain I didn’t quite get it. If there was a way for browser to expose API for enumerated list of flags to be sent to domain. In case of opt-out it could be helpful. + +Shankar (): TCF consent string will tell us if we can sell ads or not to specific user. + +Isaac: How would the TCF string be shared across partitions? + + +Shankar (Jivox): Should come in w ad call after auction is won from publisher. Ultimately user is sitting on pub site. Then coming to Xandr site… + +Isaac: We’re talking about diff cases. In case of user vising NYtimes. Com… popup asks what to do w cookies. I say reject everything. I’m referring to case where someone goes to Xandr privacy ctr and asks to not see ads from our platform on on any partition. + +Shankar: That model is gone, as long as pub is sending right consent and they’re not targeting someone who has not given consent, why bother? + + +David D (Epsilon): In today’s world we have to have all these industry user portals or our own way to opt out because there isn’t a global BRS (big red switch). In this new mechanism there is a way for user to control this and not worry about individual companies they can turn off ads targeting. To point of wanting control, to Shankar’s point, if in jurisdiction where there is site-based consent, you can get that signal, and if you buy into whole GPC thing that will be available to you in browser signals. Not sure something will exist as global buyer-seller. + +Shankar: Even if on site level, like happens in Germany, I would say right model is to have something for browser to….. at point of selling ad, it’s the only way to secure. + +Roni (Index): There’s always a way to have global 3P cookie opt-out (https://optout.networkadvertising.org/). I hear question whether we need such a facility if not based on cookie. If you read through the lines it’s interest based advertising. The question for Chrome is if we can’t put it in 3P cookie, where to put it? + +Paul: Chrome does offer ways to turn off targeting mechanisms. In settings you can turn off PA or other parts of Sandbox. Any sort of middle ground with less-global, this is a space that ppl tried to explore a few times and failed a few times. They devolve into fingerprint mechanism that we haven’t thought about when creating solution, having to go w more global solution in the end. I don’t know if there is a great middle ground. + +Shankar: What is proposed is that pub stuffs consent into \_\_\_ storage which is available for all white listed advertisers and DSPs. At this point everybody can read if the consent is there. + +Brian (Distillery): I was going to suggest this as formal project, anyone is subject to receiving an opt-out request. Other parties in chain may or may not have access to add origin. We should look thru use cases to see who will get opted out of, rather than trying to quickly come up w solution. + +David D: Tracking of opt-out becoming fingerprinting vector, is it at all on the PA horizon to … every ad will be in a fenced frame. Is it on the horizon for browser to say it knows that PA ad is being rendered in this frame, have an affordance to some kind of transparency to the user. We know boatload of who was participating, including who won the auction. If there isn’t a concept of some opp to provide transparency for these frames facilitated to browser, then there’s not much to discuss. + +Paul: This is something we thought a bit about, haven’t chosen UI direction yet. In general browser knows evtg, including origin and interest group. Problem is some things are harder to communicate to user. The user was on an origin in last 30 days, so they probably have some familiarity of that origin. The opt-out Isaac was talking about, per adtech, user may not have familiarity w owner of interest group. Very hard thing for browser to convey to user. + +David D: They don’t today but we try to make it possible to understand that triangular thingy on top of ad. + +Isaac: I just want to make sure I’m being clear, the thing I care about is, looking at our privacy center, we don’t mention cookies anywhere. It’s referring not to cookies, it’s referring to sales / sharing of data. If the solution I called out is a terrible one it’s fine, the problem I’m more interested in – today our lawyers told us we must have way for user to have control over how data is processed / stored / shared. The way we have done that has relied on cross-partition, which is going away. Not a Jan 4th emergency, but could be real problem. To Brian’s point, may need to take elsewhere. Hypothetically if 3P cookies became partitioned everywhere always, and no opp to have them across anywhere, it would be interesting to see whether to exempt that. + +Harshad (PubMatic): Maybe can be made available in PA whether user has opted out. + +Paul: This is the middle ground that devolved into fingerprinting. We can uniquely identify people that way. + +Brian: This question is multi-dimensional. If you give users a list, they will opt out of all. The next level down is opting out of specific advertiser. How do I opt out of that? You don’t. You opt out of all. My point is we have to contend w data subject rights at some level w/in context of PAAPI and PSB. We’re going to have to deal w how to comm to user why they’re seeing what they’re seeing. I’ve been working w IAB group on how that gets communicated, but how does that slot into PAAPI universe? I don’t think we need to start a new group, but we need to focus on data rights. If we determine not to take on directly, still need to figure out how to support those who are. + +Paul: maybe we should encourage people to offer any solutions they have in Isaac’s issue. + +Brian: I suggest we make Isaac’s a part of larger data subject rights issue. + +Harshad: If only specific ad tech player knows about opt out, can there still be case of finger printing? + +Paul: Only if adtechs are not sharing lists they’re receiving. + +David D: Isaac, what did lawyers have to say about Safari cookies being in the dustbin? We should put this in as something to discuss, but unlike ad targeting, there is “big red switch” not on a granular level. It affords us some time to do someone more granular. In Maslow’s hierarchy of needs we need to focus on getting nose off tarmac to deliver on guarantees we have before all cookies are gone. + +Isaac: I did put a semi-answer, I can ask lawyers for their real legal opinion. + +Brian: Just want to add last note about doing opt-outs too quickly, damage of massive ppl opting out of system is difficult to recover from. Suggest to move into territory slowly. + +Paul: Shankar do you want to talk about interest group ownership? + +## Interest group ownership construct missing for Third Party Ad servers whitelisted by Advertiser ([#924](https://github.com/WICG/turtledove/issues/924)) + +Shankar: The way we operate in 3P cookie world is DSP wins, on PSB PA at point of registry, supposed to give not only bid logic but creative. This is done by DSP, usually creative comes much later. Even in current world people transfer then creative runs. Creative is ready probably weeks after \_\_\_ has been put in place. IN actual execution of model, no way for advertiser to have 2 diff DSPs. Unless I gave creative URLs to advertiser, they could have multi campaigns running on same interest group. Why is it that creative + +Paul: We built interest group creative system to be able to add creatives later. Meant to address problem of not having creatives. The other part is, interest groups are fairly flexible. We don’t dictate that the advertiser has to be owner of interest group. Almost anyone can create interest group and use them to bid. We also don’t require ad creative URL is same origin as anyone else. Whether it’s the DSP or advertiser that owns interest group, they can still delegate rendering of ad to third party entirely. + +Shankar: The second part is when the bid is won, will the ad get context of who won the bid? Bid logic is gained by somebody else. There are 2 providers in the ecosystem. How will URL know which interest group won (?) For every interest group, + +Paul: Any info that’s needed at ad rendering time can be put into URL. + +Shankar: We have macros that get passed to DSP. + +Paul: Not really any restriction on k anonymity. Pretty free-form. Could be specifying to ad server to render ad #4 for campaign #5. + +Shankar: For example, on e Commerce site, they have category and subcategory. I can create an interest group at product level and sub level… 4 interest groups for 1 visit. Do we have to find out bid logic for each interest group, ad calls, lots of data. + +Paul: We had a k anonymity restriction, but we dropped that designed a long time ago. You can create 1 interest group that has 4 diff ads. Then add or remove ads that target that. If you want you can put in as much 1P info from joining side. You can write user journey in interest group. Then if you want to start ad campaign you can push down to that interest group. + +The way k anonymity bootstraps itself, the hope is that people don’t have to keep fine tuning which ads are shows ot how many ppl. If your ads are broadly targeted it should fall into place and browser will worry about what to show. + +Shankar: I’ll update the ticket based on issue. + +Amit (Jivox): I think what Paul is suggesting, the only issue is adding multi ads in same interest group means we are targeting same user. Literally 1:1 is gone so we are saying our cohort is now based on interest group, which is same for category, sub category, and individual product. It has to be multi interest groups in that case? + +Paul: You can have 1 broad interest group, in there there is user bidding signals, where you can put your info including user flow. You don’t have to split across interest groups. + +Shankar: We have party that provides bid logic is different from party that \_\_\_\_ + +Paul: With k anonymity restriction we’re avoiding microtargeting. + +Shankar: I should be still be able to show the right ad based on product, but if I not + +Amit: What we are leaning towards is ad tech cohort to resolve this issue. We cannot use the same ad tag to target multi cohorts itself. + +Paul: What is an ad tag? + +Amit: The render URL, hits ad server directly. Bidding logic belongs to DSP. + +Shankar; Unless we do another round of bid logic to resolve. + +Paul: Is problem that you want more info at bid time or ad serving time? + +Shankar: Ad serving. We need to know which interest group won the bid and parameters around that. + +Paul: Anything you want can be put into ad created URL. + +Harshad: Shankar, why not putting two interest groups? + + +Shankar: That’s exactly what we have to do. For example, suppose red color sofa. Interest groups are created for furniture. + +Paul: You may want to break up your ad tags like that, not interest groups. Say user saw red sofa, say update time you send that person 3 ads, then at ad serving time you get the URL that says they are interested. + +David T (Relay42): We work w a lot of eCommerce companies w huge product catalogs. We’ve always been able to do that using campaign manager w Google studio. Google studio manages prod catalog, we provide prod ID to render specific asset w/in the HTML creative. To do this currently you have to create loads of interest groups. The question is how ot create one interest group where the users are placed in that group that actually see the right product. If you have to create loads of interest groups, it’s just not feasible. + +Shankar: Possibly feasible but not sure how it would work. We are trying to replicate what we are doing today, let us go back to spec to review. The other problem is that most eComm ads are in sequence. Multiple products show in sequence. + +Brain: This is going towards day of reckoning for PAAPI. In legacy model of advertising, big servers figure out what to bid for each user with. PAAPI will take all that intelligence and ship it down to browser or auction server. If you take all the intelligence serving ads across internet, the space will be overused very quickly. Paul said a couple times that you can put as much data as you want in the interest group. We need to be careful because there are limits on a browser. We need to figure out constraints. + +Paul: You don’t have to store all that info in browser, you can assign an identifier and put that in the interest group. Different from today’s model + +David T: You mentioned that ad components, are they URLs? Can those URLs feed into JPEG image or just HTML? + +Paul: Haven’t thought of it, guess they could be either one? + +David T: If it’s a bunch of assets, pics of diff products, how does the ad itself know what to pick? + +Shankar: We thought about to actually at point of sending HTML, could be JPEG. If you want to send JPEGS to browser, need to register worklet as part of interest group, worklet decides what to render. + +Paul: It could just be an HTML wrapper, at bidding time is when the products would be selected. + +Shankar: Unless you hard code it into URL. + +Paul: You might have overall fenced from that is carousel ad, and individual components would be some kind of headphones. + +Shankar: Our problem is with millions of URLs. + +Brian: Propose for Shankar to create formal discussion w slides From 7aa5bfbbc356de09474ae204207862c45c6cf7c1 Mon Sep 17 00:00:00 2001 From: Taran <151514051+singht-jivox@users.noreply.github.com> Date: Fri, 5 Jan 2024 02:50:41 +0530 Subject: [PATCH 51/58] Added Jivox in Fledge Tester list as we are in advanced stage testing of Protected Audience APIs (#969) --- fledge-tester-list.md | 1 + 1 file changed, 1 insertion(+) diff --git a/fledge-tester-list.md b/fledge-tester-list.md index 432ea7de2..944a9c697 100644 --- a/fledge-tester-list.md +++ b/fledge-tester-list.md @@ -70,6 +70,7 @@ The usefulness of this page depends on testers sharing information and updates. | Magnite | SSP | January 2024 | | privacysandbox@magnite.com | | Globo | DSP & SSP | Testing | | adtech-delivery@g.globo | | Mediavine | DSP & SSP | 2023-2024 | | privacysandbox@mediavine.com | +| Jivox | Ad Server (DCO) | Testing in progress | | jvx-google-privacy-sandbox-team@jivox.com | ## Table - Publishers and Advertisers Interested in Testing or Early Adoption Companies who may be interested in participating in tests and early adoption opportunities provided by ad tech companies. From 15ce1a3f404b820b878964b03ef38fa9c33e1994 Mon Sep 17 00:00:00 2001 From: Paul Jensen <JensenPaul@users.noreply.github.com> Date: Fri, 5 Jan 2024 09:38:21 -0500 Subject: [PATCH 52/58] Spec: Allow updating to frozen-context executionMode (#953) --- spec.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec.bs b/spec.bs index 5c825f5cb..91f1d725f 100644 --- a/spec.bs +++ b/spec.bs @@ -3638,7 +3638,7 @@ The <dfn for=Navigator method>updateAdInterestGroups()</dfn> method steps are: <dt>"`executionMode`" <dd> - 1. If |value| is "`compatibility`" or "`group-by-origin`", + 1. If |value| is "`compatibility`", "`frozen-context`", or "`group-by-origin`", set |ig|'s [=interest group/execution mode=] to |value|. 1. Otherwise, jump to the step labeled <i><a href=#abort-update>Abort update</a></i>. @@ -4241,7 +4241,7 @@ An interest group is a [=struct=] with the following [=struct/items=]: :: Null or an [=ordered map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are {{double}}. Overrides the {{AuctionAdConfig}}'s corresponding priority signals. : <dfn>execution mode</dfn> -:: "`compatibility`" or "`group-by-origin`". +:: "`compatibility`", "`frozen-context`", or "`group-by-origin`". TODO: Define spec for these execution modes, link to it from here and explain these modes. : <dfn>bidding url</dfn> :: Null or a [=URL=]. The URL to fetch the buyer's JavaScript from. From cf1c166494994cc17da1912b49a1bc83f4e6d845 Mon Sep 17 00:00:00 2001 From: Matt Menke <mmenke@google.com> Date: Fri, 5 Jan 2024 14:57:24 -0500 Subject: [PATCH 53/58] Add optional slot-size parameters to trustedBiddingSignalsURL requests (#928) * Add optional slot-size parameters to trustedBiddingSignalsURL requests This is a slightly modified version of the proposal in issue 869 * Update FLEDGE.md Typo * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md Switch to component auction. * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md * Update FLEDGE.md --- FLEDGE.md | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/FLEDGE.md b/FLEDGE.md index 6f285d559..3a4bf9887 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -121,6 +121,7 @@ const myGroup = { 'executionMode': ..., 'trustedBiddingSignalsURL': ..., 'trustedBiddingSignalsKeys': ['key1', 'key2'], + 'trustedBiddingSignalsSlotSizeMode' : 'slot-size', 'userBiddingSignals': {...}, 'ads': [{renderUrl: shoesAd1, sizeGroup: 'group1', ...}, {renderUrl: shoesAd2, sizeGroup: 'group2', ...}, @@ -130,10 +131,10 @@ const myGroup = { {renderUrl: gymShoes, sizeGroup; 'group2', ...}, {renderUrl: gymTrainers1, sizeGroup: 'size4', ...}, {renderUrl: gymTrainers2, sizeGroup: 'size4', ...}], - 'adSizes': {'size1': {width: width1, height: height1}, - 'size2': {width: width2, height: height2}, - 'size3': {width: width3, height: height3}, - 'size4': {width: width4, height: height4}}, + 'adSizes': {'size1': {width: '100', height: '100'}, + 'size2': {width: '100', height: '200'}, + 'size3': {width: '75', height: '25'}, + 'size4': {width: '100', height: '25'}}, 'sizeGroups:' {'group1': ['size1', 'size2', 'size3'], 'group2': ['size3', 'size4']}, 'auctionServerRequestFlags': ['omit-ads'], @@ -313,7 +314,8 @@ const myAuctionConfig = { 'trustedScoringSignalsURL': ..., 'interestGroupBuyers': ['https://www.example-dsp.com', 'https://buyer2.com', ...], 'auctionSignals': {...}, - 'requestedSize': {width: 100, height: 200}, + 'requestedSize': {width: '100', height: '200'}, + 'allSlotsRequestedSizes': [{width: '100', height: '200'}, {width: '200', height: '300'}, ...], 'directFromSellerSignals': 'https://www.example-ssp.com/...', 'sellerSignals': {...}, 'sellerTimeout': 100, @@ -371,6 +373,8 @@ This will cause the browser to execute the appropriate bidding and auction logic The optional `requestedSize` field recommends a frame size for the auction, which will be available to bidders in browser signals. This size should be specified in the same format as the sizes in the `adSizes` field of `joinAdInterestGroup`. For convenience, the returned fenced frame config will automatically populate a `<fencedframe>`'s `width` and `height` attributes with the `requestedSize` when loaded, though the element's size attributes can still be modified if you want to change the element's container size. Bidders inside the auction may pick a different content size for the ad, and that resulting size will be visually scaled to fit inside the element's container size. +`allSlotsRequestedSizes` may optionally be used to specify the size of all ad slots on the page, to be passed to each interest group's `trustedBuyerSignalsURL`, for interest groups that request it. All sizes in the list must be distinct. + The optional `directFromSellerSignals` field can also be used to pass signals to the auction, similar to `sellerSignals`, `perBuyerSignals`, and `auctionSignals`. The difference is that `directFromSellerSignals` are trusted to come from the seller because the content loads from a [subresource bundle](https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md) loaded from a seller's origin, ensuring the authenticity and integrity of the signals. For more details, see [2.5 directFromSellerSignals](#25-additional-trusted-signals-directfromsellersignals). In some cases, multiple SSPs may want to participate in an auction, with the winners of separate auctions being passed up to another auction, run by another SSP. To facilitate these "component auctions", `componentAuctions` can optionally contain additional auction configurations for each seller's "component auction". The winning bid of each of these "component auctions" will be passed to the "top-level" auction. How bids are scored in this case is further described in [2.4 Scoring Bids in Component Auctions](#24-scoring-bids-in-component-auctions). The `AuctionConfig` of component auctions may not have their own `componentAuctions`. When `componentAuctions` is non-empty, `interestGroupBuyers` must be empty. That is, for any particular Protected Audience auction, either there is a single seller and no component auctions, or else all bids come from component auctions and the top-level auction can only choose among the component auctions' winners. @@ -599,11 +603,11 @@ Buyers have three basic jobs in the on-device ad auction: #### 3.1 Fetching Real-Time Data from a Trusted Server -Buyers may want to make on-device decisions that take into account real-time data (for example, the remaining budget of an ad campaign). This need can be met using the interest group's `trustedBiddingSignalsURL` and `trustedBiddingSignalsKeys` fields. Once a seller initiates an on-device auction on a publisher page, the browser checks each participating interest group for these fields, and makes an uncredentialed (cookieless) HTTP fetch to a URL of the form: +Buyers may want to make on-device decisions that take into account real-time data (for example, the remaining budget of an ad campaign). This need can be met using the interest group's `trustedBiddingSignalsURL`, `trustedBiddingSignalsKeys`, and, optionally, `trustedBiddingSignalsSlotSizeMode` fields. Once a seller initiates an on-device auction on a publisher page, the browser checks each participating interest group for these fields, and makes an uncredentialed (cookieless) HTTP fetch to a URL of the form: - https://www.kv-server.example/getvalues?hostname=publisher.com&keys=key1,key2&interestGroupNames=name1,name2&experimentGroupId=12345 + https://www.kv-server.example/getvalues?hostname=publisher.com&keys=key1,key2&interestGroupNames=name1,name2&experimentGroupId=12345&slotSize=100,200 -The base URL `https://www.kv-server.example/getvalues` comes from the interest group's `trustedBiddingSignalsURL`, the hostname of the top-level webpage where the ad will appear `publisher.com` is provided by the browser, `experimentGroupId` comes from `perBuyerExperimentGroupIds` if provided, `keys` is a list of `trustedBiddingSignalsKeys` strings, and `interestGroupNames` is a list of the names of the interest groups that data is being fetched for. The requests may be coalesced (for efficiency) across any number of interest groups that share a `trustedBiddingSignalsURL` (which means they also share an owner). +The base URL `https://www.kv-server.example/getvalues` comes from the interest group's `trustedBiddingSignalsURL`, the hostname of the top-level webpage where the ad will appear `publisher.com` is provided by the browser, `experimentGroupId` comes from `perBuyerExperimentGroupIds` if provided, `keys` is a list of `trustedBiddingSignalsKeys` strings, and `interestGroupNames` is a list of the names of the interest groups that data is being fetched for. `trustedBiddingSignalsSlotSizeMode` is one of `none` (which is the default), `slot-size`, and `all-slots-requested-sizes`. In the second case, `&slotSize=<width>,<height>` is appended to the URL, where width and height are the normalized width and height from the `requestedSize` of the (component) auction's AuctionConfig. "Normalized" means units are always appended, and trailing zeros are removed, so {width: "62.50sw", height: "10.0"} becomes "62.5sw,10px". In the `all-slots-requested-sizes` case, `&allSlotsRequestedSizes=<width1>,<height1>,<width2>,<height2>,...` is appended, where all sizes are taken from the (component) auction's `allSlotsRequestedSizes` value. If the corresponding value is not present in the auction configuration, no value is appended. The requests may be coalesced (for efficiency) across any number of interest groups that share a `trustedBiddingSignalsURL` and `trustedBiddingSignalsSlotSizeMode` (which means they also share an owner). The response from the server should be a JSON object of the form: From 827a1c25477e0f76e7c783b021cc09080b7affcc Mon Sep 17 00:00:00 2001 From: Xiaochen Zhou <xiaochenzh@google.com> Date: Mon, 8 Jan 2024 09:31:33 -0500 Subject: [PATCH 54/58] Supporting leaveAdInterestGroup from ad component frames from M120 (#879) * Enable leaveAdInterestGroup from ad component frames from M120 * Add more comments. * Fixed typos. * Link to ad component definition * Fixed typo. --- FLEDGE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FLEDGE.md b/FLEDGE.md index 3a4bf9887..4181b3753 100644 --- a/FLEDGE.md +++ b/FLEDGE.md @@ -147,7 +147,7 @@ The browser will only allow the `joinAdInterestGroup()` operation with the permi The returned `joinPromise` is resolved if the group is successfully joined, and rejected with an error if the join operation fails. The error message and the resolution time must _not_ depend on what interest groups a user is in, or any cross-origin browser state, apart from the results of the .well-known fetch, to avoid leaking any data across sites. -There is a complementary API `navigator.leaveAdInterestGroup(myGroup)` which looks only at `myGroup.name` and `myGroup.owner`. As with join calls, `leaveAdInterestGroup()` also returns a promise. As a special case to support in-ad UIs, invoking `navigator.leaveAdInterestGroup()` from inside an ad that is being targeted at a particular interest group will cause the browser to leave that group, irrespective of permission policies. Note that calling `navigator.leaveAdInterestGroup()` without arguments isn't supported inside a component ad frame. +There is a complementary API `navigator.leaveAdInterestGroup(myGroup)` which looks only at `myGroup.name` and `myGroup.owner`. As with join calls, `leaveAdInterestGroup()` also returns a promise. As a special case to support in-ad UIs, invoking `navigator.leaveAdInterestGroup()` from inside an ad that is being targeted at a particular interest group will cause the browser to leave that group, irrespective of permission policies. Note that calling `navigator.leaveAdInterestGroup()` without arguments inside a [component ad](https://github.com/WICG/turtledove/blob/main/FLEDGE.md#34-ads-composed-of-multiple-pieces) frame isn't supported until Chrome M120. Starting from Chrome M120, calling `navigator.leaveAdInterestGroup()` without arguments inside a component ad frame is supported. The ad component frame is required to be same-origin with the interest group owner for the leave to succeed, same as calling `leaveAdInterestGroup()` without arguments in a non-ad-component frame. There is a related API `navigator.clearOriginJoinedAdInterestGroups(owner, [<groupNamesToKeep>])` that leaves all interest groups owned by `owner` that were joined on the current top-level frame's origin, and also returns a Promise. The `[<groupNamesToKeep>]` argument is an optional list of interest group names that will not be left, and if not present, it will act as if an empty array was passed. This method has no effect on joined interest groups owned by `owner` that were most recently joined on different top-level origins. From 1817f29e63c33cf2da85af51e9f618278b96b9ff Mon Sep 17 00:00:00 2001 From: Michael Kleber <kleber@google.com> Date: Mon, 8 Jan 2024 14:44:42 -0500 Subject: [PATCH 55/58] Create 2024-01-03-FLEDGE-call-minutes.md --- meetings/2024-01-03-FLEDGE-call-minutes.md | 578 +++++++++++++++++++++ 1 file changed, 578 insertions(+) create mode 100644 meetings/2024-01-03-FLEDGE-call-minutes.md diff --git a/meetings/2024-01-03-FLEDGE-call-minutes.md b/meetings/2024-01-03-FLEDGE-call-minutes.md new file mode 100644 index 000000000..db8e18553 --- /dev/null +++ b/meetings/2024-01-03-FLEDGE-call-minutes.md @@ -0,0 +1,578 @@ +# Protected Audience WICG Calls: Agenda & Notes + +Calls take place on most Wednesdays, at 11am US Eastern time; check [#88](https://github.com/WICG/turtledove/issues/88) for exceptions. + +That's 8am California = 5pm Paris time = 4pm UTC (during winter) + +This notes doc will be editable during the meeting — if you can only comment, hit reload + +Notes from past calls are all on GitHub [in this directory](https://github.com/WICG/turtledove/tree/main/meetings). + + +# Next video-call meeting: Wednesday Jan 3, 2024 + +To be added to a Google Calendar invitation for this meeting, join the Google Group https://groups.google.com/a/chromium.org/g/protected-audience-api-meetings/ + + +## Attendees: please sign yourself in! + + + +1. Michael Kleber (Google Privacy Sandbox) +2. Brian May (dstillery) +3. Shankar Venkataraman (Jivox) +4. Taranjit Singh(Jivox) +5. Kevin Lee (Google Privacy Sandbox) +6. Ricardo Bentin (Media.net) +7. Sven May (Google Privacy Sandbox) +8. Paul Jensen (Google Privacy Sandbox) +9. Amit Gupta (Jivox) +10. Sid Sahoo (Google Chrome) +11. Andrew Pascoe (NextRoll) +12. Matt Menke (Google Chrome) +13. Harshad Mane (PubMatic) +14. David Dabbs (Epsilon) +15. Joshua Prismon (Index Exchange) +16. Zach Edwards (Victory Medium) +17. Abishai Gray (Google Privacy Sandbox) +18. Orr Bernstein (Google Privacy Sandbox) +19. Jonasz Pamuła (RTB House) +20. Matt Davies (Bidswitch | Criteo) +21. Don Marti (Raptive) +22. Becky Hatley (Flashtalking) +23. Isaac Foster (MSFT Ads) +24. Timothy Taylor (Flashtalking) +25. Kenneth Kharma (OpenX) +26. Christopher Nachmias (Mediaocean / Flashtalking) +27. Jeroune Rhodes (Google Privacy Sandbox) +28. Laszlo Szoboszlai (Audigent) +29. Daniel Rojas (Google Chrome) +30. Jacob Goldman (Google Ad Manager) +31. Leeron Israel (Google Privacy Sandbox / Chrome) +32. Rotem Dar (eyeo) +33. Nick Llerandi (Triplelift) +34. Alex Cone (Google Privacy Sandbox) +35. Alex Peckham (Flashtalking) + + +## Note taker: Orr Bernstein + + +# Agenda + + +## Process reminder: Join WICG + +If you want to participate in the call, please make sure you join the WICG: https://www.w3.org/community/wicg/ + + +## Suggest agenda items here: + + + +* Isaac: + * Buyer/Seller Reporting Questions: https://github.com/WICG/turtledove/issues/682#issuecomment-1710965068 + * Multi Tag Support via “Mixed Ranking”: (really, this + multi tag + bit leak discussion and how we can be creative) https://github.com/WICG/turtledove/issues/846 + * Optional decouple bidding/reporting function urls to allow smaller k tuple: https://github.com/WICG/turtledove/issues/679#issuecomment-1703973736 +* Jonasz (RTB House) + * 3pc deprecation timeline: https://github.com/WICG/turtledove/issues/717#issuecomment-1847118918 +* Roni Gordon + * Sensitive signals - https://github.com/WICG/turtledove/issues/824 +* Matt Davies (Bidswitch) + * Origin / Traffic shaping -<span style="text-decoration:underline;"> https://github.com/WICG/turtledove/issues/951</span> + * (Update: can remove from agenda, this has been addressed by conversation in the GitHub issue) +* Jeroune Rhodes (Google) + * **Join Privacy Sandbox Developer Webinar: Protected Audience API Reporting** + * The Google Privacy Sandbox team will be hosting our next series of webinars on the Protected Audience API. This set of webinars will focus on reporting and how you can measure data related to a Protected Audience auction. The first **Americas friendly session** is happening on** Jan. 16th 3-4 pm ET**. A second **EMEA friendly session** is happening **Jan. 18th 12-1 pm GMT**. A third **Japanese language session** will be held on **Jan 30th 9-11 am JST**. + * To join, please register below: + * AMER-friendly: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-webinar-3-reporting-amer) + * EMEA-friendly: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-webinar-3-reporting-emea) + * Japanese language: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-office-hour-3) +* <span style="text-decoration:underline;">Shankar Venkataraman / Taranjit Singh / Amit Gupta (Jivox)</span> + * <span style="text-decoration:underline;">Ad servers & IGs - https://github.com/WICG/turtledove/issues/924</span> + * <span style="text-decoration:underline;">https://github.com/GoogleChromeLabs/privacy-sandbox-dev-support/issues/201</span> + * <span style="text-decoration:underline;">We will review this deck - </span> + + +# Notes + + +## 3pc deprecation timeline: https://github.com/WICG/turtledove/issues/717#issuecomment-1847118918 + + + +* Jonasz (RTB House) + * Can we get more guidance on the timeline for 3pc deprecation? + * We have a lot of coordination, monitoring, adjustments to perform before phase out. + * Start a discussion, get some clarity, thoughts of others on how this could look. Bump from 1% to 10% would be a great step in Q3 or Q4 +* Michael Kleber + * The actual answer to the question, at what time will be first be able to perform deprecation and removal of 3pc is not entirely in our own hands. Oversight of the UK’s Competition Market Authority. Testing that will be happening over the next five months, hope that many of you will be participating. After testing period, Chrome may say that they would like to remove 3pc. CMA might say yes, they might say you have to wait 60 days, or other answers. We cannot predict what is going to happen. + * When we start ramping things up, there’s a few things I can say. Not specifically about removal of 3pc, but generally on the rollout of potentially dangerous features on the web. There’s no chance that we’ll go from 1% to 100% directly. 10%, 25%, 50%, 100%, like Jonasz suggested, is the kind of thing we have done in the past. Ramping to something like 10% and holding there and watching and waiting to see any reports of breakage is consistent with the way we do things. + * The question about exactly when things are going to happen even aside from the CMA, we know that ads folks don’t like things to change in Q4, especially before Thanksgiving and between Thanksgiving and Christmas, we’ll try to be sensitive to those kinds of considerations as we choose the times at which things change. +* Jonasz + * Understand that further phaseout is conditional on CMA approval + * But we’d like to know what’s being considered if CMA agrees. + * When it comes to stages, it’s good to hear that that sounds good to you as well. But how long do stages last? If it’s a couple of weeks, that’s not very helpful. If it’s months, that seems more reasonable. + * There was a blogpost that announced the 1% on January 4th. But in that blogpost, it says that this is an important milestone on the path to full deprecation of 3pc in 2024. Is Google’s plan to do the full phaseout in 2024? The lack of clarity really paralyzes the whole effort. +* Michael + * Anything that involves what the CMA is going to do and how quickly is going to do it is a difficult conversation. I understand that further clarity would be helpful, we’ll try to say everything we can, but won’t be able to say everything you want to. +* Brian May + * The first CMA "60 days" pause is mandatory, not optional + * Is the goal of the Google team to try to identify benchmarks that would guide the deprecation? +* Michael + * Have not heard anything that’s based on a metrics-style feedback loop. We’ll have some timeline for when we plan to ramp up, and if something surprising happens, like if we learn about a large unexpected pocket of web breakage, we’ll reevaluate and potentially delay the ramp up. But I don’t know of any other example where that kind of closed loop thing has happened, wouldn’t expect it here either. +* Isaac Foster + * The thing that’s tricky for me to understand is, I would assume that you guys could potentially say, we’re not going from 1% to 100%. We’re going to express that timeline. There’s something about the agency being all on the CMA that I’m not understanding. Why can’t we just say, hey, let’s go with Jonasz’s proposal or something like that. +* Michael + * I have no desire to speak for the CMA, and wouldn’t want to even if I could. I have no idea what they may say about things in the future. +* Isaac + * It’s being presented as if all of the agency is on the CMA, and that doesn’t sound quite right to me. Is that the case? +* Michael + * The CMA is very interested in taking input from a large number of parties, and a large number of parties have strongly held opinions about the right way to do everything involving third-party cookie deprecation. So we will try to listen to what everybody says about the timing and be responsive to all of their needs. Whether it’s Chrome or the CMA or some combination thereof, the goal in general is to hear everybody’s needs and figure out some path between them all. Nobody is making a unilateral decision. +* Shankar Venkataraman + * When we do the rampup, my question is, how do we get the advertisers involved? Every advertiser has campaigns running. How do they build up their interest groups for that test campaign? If we have a timeline, we can provide our customers with guidance. +* Michael + * We understand that clarity will encourage everybody else in the industry that hasn’t yet taken the steps to start to do things. For example, as Jonas pointed out, when we go to 10%, when 10% of the traffic is without 3pc, that’s a very good time for those who haven’t yet taken the steps to start doing so. +* David Dabbs + * Very clear that it’s completely the CMA’s call, the timeline, in their recently quarterly notice to you all. The question here is, is the way you conduct the deprecation, can you say that? Are they calling the shots, approving or disapproving? +* Michael + * The only thing I can say is, the CMA is a regulator that is welcome to have authority over any part of the process they want to have authority over. If they want the timeline to be up to them, it’s entirely their choice for them to do so. +* Jonasz + * It seems that we haven’t learned much after today. Is there anything we can do to unblock this? It seems the decision really involves the CMA. My thinking is that being vocal about this - get this message to the CMA. +* Michael + * What I can tell you is that the CMA is surely aware of this discussion. They are paying attention. Whatever happens on GitHub they are very aware of. Further discussion on GitHub repository is good. Linking to the blog post from the GitHub issue may bring stuff to their attention if they don't already know. Direct feedback straight to the regulator in any fashion you choose. +* Harshad Mane + * Will Chrome take a couple of months to declare after the CMA decision? +* Michael + * We’ll all know that when it happens. +* David + * If you are going to write a letter or make a case to the CMA, they have a pretty stringent timeline. If you don’t get it to them by a certain time, they don’t look at it until the next quarter. So if you’re going to make a case, you should do it soon. +* Michael + * True that as a government regulator they have a clear process when they are in public comment, but they are always listening. +* Brian May + * Just to clarify for myself - we have until the end of June for the testing period, then the mandatory 60 day holdout period, which puts us at the end of August and the beginning of Q3, and the Q3 advertising period. If we go out another month, that puts us right at the door of Q4. Is it reasonable to assume that there will be a pause, or should we expect some possibility that in spite of code freezes and Q4 we might have additional deprecations. +* Michael + * As I said before, we (Chrome) understand that late Q4 is a bad time to do things that everybody wants to be in code freeze for the last six weeks of the year. Feel free to raise that feedback on GitHub and via all of the usual channels. +* Brian + * Is what I said about timeline correct? +* Michael + * What I can say is that [privacysandbox.com/timeline](privacysandbox.com/timeline) - middle of Q3 to middle of Q4 is what’s highlighted there as 3rd party cookie phaseout. + + +## Join Privacy Sandbox Developer Webinar: Protected Audience API Reporting + + + +* The Google Privacy Sandbox team will be hosting our next series of webinars on the Protected Audience API. This set of webinars will focus on reporting and how you can measure data related to a Protected Audience auction. The first **Americas friendly session** is happening on** Jan. 16th 3-4 pm ET**. A second **EMEA friendly session** is happening **Jan. 18th 12-1 pm GMT**. A third **Japanese language session** will be held on **Jan 30th 9-11 am JST**. +* To join, please register below: + * AMER-friendly: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-webinar-3-reporting-amer) + * EMEA-friendly: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-webinar-3-reporting-emea) + * Japanese language: [Register Here](https://rsvp.withgoogle.com/events/protected-audience-office-hour-3) +* Jeroune Rhodes (Google) + * Raising awareness about this. +* Michael + * This webinar is about the reporting aspects of the Protected Audience API at a variety of times in an attempt to be friendly to people from around the world. + + +## Retargeting - Adserver / advertiser perspective (Shankar Venkataraman, Jivox) + + + +* <span style="text-decoration:underline;">Ad servers & IGs - https://github.com/WICG/turtledove/issues/924</span> +* <span style="text-decoration:underline;">https://github.com/GoogleChromeLabs/privacy-sandbox-dev-support/issues/201</span> +* <span style="text-decoration:underline;">We will review this deck - </span> +* <span style="text-decoration:underline;">Shankar Venkataraman / Taranjit Singh / Amit Gupta (Jivox)</span> +* Shankar Venkataraman + * (presenting https://docs.google.com/presentation/d/1DhgWHIQ29rNik5JQ-k6mVxVqIkMyAYYcmg0HPLrfZus/edit#slide=id.p) + * Retargeting as it exists in the 3pc world + * User A and user B go to Advertiser TopShoes.com website.User A browses "boots" and user B browses "trainers”. + * The advertiser creates a retargeting pool against this behavior. The pool granularity could be “shoes” or “shoes.boots” or “shoes.trainers”. The campaign strategy decides which granularity to use when ad is served. + * The DSP usually combines these pools into a macro pool (to maximize reach), but the ad servers keep the granular pools. The ad server can use the granular pools across multiple DSPs. + * An ad is served to the user when visiting a publisher site like news-site.com. The creative served will have different product images (and corresponding offers / price etc) based on the pool to which the user belongs to. i.e. User A sees Boots and User B sees trainers. + * First question - are these namespaced to the advertiser domain? + * Advertiser works with multiple DSPs + * If each DSP is going to register multiple IGs, then the number of tags just multiplies + * What happens when advertiser stops + * Currently, interest groups are owned by the DSPs. + * Seems to be a problem for anybody who’s operating as an ad server +* Harshad + * Wanted to answer that right now in Protected Audience auctions, DSPs are invited to participate. IGs have to be owned by DSPs because advertisers are not directly invited into the auction. +* Shankar + * The audience is actually owned by the advertiser. If they put a promotion on their site by putting a new category, it’s almost impossible for a DSP to keep up with all this stuff. +* Harshad + * In the current cookie world, . +* Shankar + * The InterestGroup is not determined by the DSP. The advertiser tells the DSP that it wants to retarget to this audience. +* Harshad + * Maybe the advertiser will need to inform the DSP to generate interest groups based on a certain action. +* Shankar + * But that’s not the way it works. On an ecommerce site, there’s something called new &lt;content?>. Could we make it easier for advertisers? They’re dependent on each of the DSPs to change the interest groups. Worst case, if the DSP of the advertiser changes, the DSP still owns the interest group. They could use the same interest group to target the competitor. +* Michael + * Let me answer the question you ask about granularity of targeting, e.g. shoes vs boots vs trainers. I would like to be clear that a single interest group can do all of those things. You do not need to think of this as putting a person into three different interest groups in order to signify three different details of what the person showed interest in. It’s not a boolean. Instead you could put a person into a single interest group that’s related to the advertiser site that they were visiting, inside the interest group, the user bidding signals could have a list of all of the subcategories of shoes and how much the person seems to be interested in each of those categories. And all future ads or ad campaigns that buy using that interest group can customize their targeting. An interest group is a much richer object, and it has the ability to hold a lot of information and can serve many different ad campaigns based on that. +* Shankar + * We couldn’t figure that out from the API spec. +* Michael + * Happy to talk about this here, happy to talk about this on the GitHub issue. Don’t feel like you need to put a user into a lot of interest groups in order to advertise on a lot of facets of the user behavior. + * The second question is about namespacing and multiple DSPs. You’re correct that the way we designed the PA API, every interest group is owned by a single DSP. The DSP also has bidding logic. If an advertiser wants to have three different DSPs, exactly as Harshad was just saying, there would be three different joinAdInterestGroup calls on their page, from all three different DSPs, so the user can end up in all of their interest groups, each out representing a single DSP’s ability to bid on behalf of that advertiser. +* Shankar + * Impression control - if I want to hit the user only once per day, but there are three DSPs running. +* Michael + * How does that work today? If you have three DSPs each independently making buying decisions, and each doesn’t know the buying decisions of the other ones. +* Shankar + * Right now, it’s messed up too, I was hoping you could solve it. +* Michael + * We have not tried to solve exactly the question that you’re asking about. But it’s not implausible that we could do so. Right now, everything is scoped at the DSP level. Any kind of cross-DSP rate limiting in the auction would be new work. +* Shankar + * Why I was pushing for one interest group per advertiser is because of the corollary. If you own the shared storage domain at that point, then you … +* Michael + * Right now, the way things would work, you could only do the control at the advertiser level across different DSPs in a post-auction sort of way. Shared storage is available, and when it goes to show the creative, it could check shared storage, and if it’s already shown the ad, it could show a different ad. This works well for a goal like "creative rotation": An ad could look in different ways depending on what’s already been shown that day, using the Shared Storage and selectURL functionality. That is available today and would work across DSPs. + * Within the auction, information is at an interest group-by-interest group level, and cannot be shared across interest groups, and thus cannot be shared across DSPs either. But if we have multiple layers of ownership, an advertiser layer and a DSP layer, that is a feature we could add. It could be compatible with how Privacy Sandbox works because you’re asking for interest groups to be either in or not in the auction based on information on the device. It’s not a feature we’ve already built. We’ve already built negative targeting based on interest groups for contextually targeted ads. The thing you're asking for is related, because it’s negative targeting of interest groups based on other interest groups. +* Taranjit Singh + * To cover Shankar’s point, we already discussed that we could use negative targeting, But not sure if the spec itself explains it. When a regular interest group wins an auction, there’s no mapping in terms of that based on the bidding signal or user input signal. +* Michael + * This is getting at a change that happened over course of discussion of the PA API. Each ad in the IG can carry a BuyerAndSellerReportingID that might help with this. + * The interest group name could be very coarse. The user data in that IG could be everything that IG knows about what I’ve done on that site. It’s possible to push ads into that IG based on the full set of information about my behavior on 1 site. When those ads are rendered, they can’t have that identifier, because none of those ads would then have met the kAnon threshold. You could have all of the ads and all of the ad campaigns playing together in a single interest group and then part of that reporting structure, and those all could be targeted based on different facets of my behavior on a single site. +* Anthony Yam + * DSP is also the ad server, kind of critical for us, when you’re saying that ads can be added at creation and update time, the tech partner knows what the ads are, not the DSP. Back to the comment before, can only the actual creative partner use shared storage? +* Michael + * Already over time, so can’t discuss in detail. Already an issue that was opened by the index exchange folks that is about allowing things to load from different domains so that it’s possible for an IG to talk directly to an ad server of a DSP to get a creative. But the metadata for the creative has to be enough to know how to do things at auction time instead of post auction render time. + +## Here are the in-call sidebar chat comments… + +Don Marti + +11:11 AM + +https://manifold.markets/DonMarti7bd2/will-google-chrome-support-thirdpar + + \ +Harshad Mane + +11:13 AM + +This year :) + + \ +David Dabbs + +11:13 AM + +And an epic election cycle! + + \ +Kevin Lee + +11:17 AM + +jonasz, would you be able to link that article you just mentioned? + + \ +Jonasz Pamuła + +11:17 AM + +Sure:[ https://blog.google/products/chrome/privacy-sandbox-tracking-protection/](https://blog.google/products/chrome/privacy-sandbox-tracking-protection/) + + \ +Kevin Lee + +11:17 AM + +thank you! + + \ +Jonasz Pamuła + +11:17 AM + +" We'll roll this out to 1% of Chrome users globally, a key milestone in our Privacy Sandbox initiative to phase out third-party cookies for everyone in the second half of 2024" + + \ +David Dabbs + +11:22 AM + +We are all empowered to write "amicus brief" memos to the CMA making suggestions about how the rampdown is conducted. + + \ +Warren Fernandes + +11:25 AM + +Is there a resource available that details which privacy sandbox APIs require enrolment? + + \ +David Dabbs + +11:25 AM + +Yes. The ensollment GH repo. + + \ +Sid Sahoo + +11:25 AM + +https://goo.gle/privacy-sandbox-enroll + + \ +Warren Fernandes + +11:25 AM + +Thanks + +David Dabbs + +11:25 AM + +https://github.com/privacysandbox/attestation/ + + \ +Brian May + +11:29 AM + +Perhaps an open letter from industry participants? + + \ +Harshad Mane + +11:29 AM + ++1 + + \ +Joshua Prismon + +11:29 AM + +Will need to drop for a moment. Be back in 5 minutes. + + \ +David Dabbs + +11:32 AM + +Can and will be used against you... + + \ +Warren Fernandes + +11:33 AM + +Wrt the enrollment mentions of "site" could this apply to SSP domains that span across websites? + +i.e. can a single domain enroll and use the APIs across websites? + + \ +Isaac Foster + +11:34 AM + +the domain that would be checked is the on of the IG owner or auction runner + +so fairly sure the answer to your question is yes + + \ +Owen Ridolfi + +11:34 AM + +IG stands for? + + \ +Warren Fernandes + +11:34 AM + +Perfect, thanks Isaac + + \ +Isaac Foster + +11:34 AM + +interest group + +the owner of the IG is, presumably, the DSP, generally not the advertiser themselves + +(it can be ofc) + + \ +David Dabbs + +11:35 AM + +"Third-Party Cookie Phaseout" sung to the tune of "Tenth Avenue Freeze out" + + \ +Jonasz Pamuła + +11:35 AM + +If you like, please add your thoughts about timeline & the importance of knowing it early in[ https://github.com/WICG/turtledove/issues/717](https://github.com/WICG/turtledove/issues/717) to strengthen the message + +Brian May + +11:36 AM + +Thanks Jonasz. + +Isaac Foster + +11:39 AM + +sorry ntd for internal fledge meeting + +thank you all + +Warren Fernandes + +11:42 AM + +BTW is there any guidance on the role GAM plays in the FLEDGE process + +Sid Sahoo + +11:47 AM + +https://github.com/google/ads-privacy/tree/master/proposals/fledge-multiple-seller-testing + +Warren Fernandes + +11:49 AM + +Thanks + +B. McLeod Sims + +11:49 AM + +is there a link to the spec explaining that? + +Sid Sahoo + +11:49 AM + +That = GAM's role? + +B. McLeod Sims + +11:49 AM + +sorry the IG being able to have non boolean behavior + +Sid Sahoo + +11:51 AM + +https://github.com/WICG/turtledove/blob/main/FLEDGE.md#11-joining-interest-groups + +Owen Ridolfi + +11:52 AM + +the ad server would control it. + +Paul Jensen + +11:52 AM + +@B. McLeod Sims: The IG contains a userBiddingSignals field that can contain arbitrary information. This information is available at bidding (i.e. generateBid() time). This is described in the Explainer link that Sid provided, and is also in our spec. + +B. McLeod Sims + +11:53 AM + +cool, i missed that bit, thank you for the explanation + +David Dabbs + +11:54 AM + +renderURLs do not need to be same-origin with the bidding DSP(s), right? + +Paul Jensen + +11:54 AM + +Right + +David Dabbs + +11:54 AM + +Different "creative expression. of that ad. + +David Dabbs + +11:56 AM + +Tweak of negative targeting + +Harshad Mane + +11:57 AM + +is there a way to create an IG under advertiser-1-domain and delegate it to dsp-1-domain to participate in auction? + +Sid Sahoo + +11:58 AM + +https://github.com/WICG/turtledove/blob/main/FLEDGE.md#13-permission-delegation + +David Dabbs + +11:59 AM + +@Harshad the bidding logic URL should be same-origin with the IG owner. I suppose an advertiser could use an origin they control and delegate control to specific PAAPI-oriented subdomains. + +Sid Sahoo + +11:59 AM + +When you delegate permission, the IG is owned by advertiser-1-domain + +Yes @David, and the bidding script needs hosted on this domain as well + +Matt Davies + +12:00 PM + +Isn't there a minimum amount of users that can be targeting within an interest group? + +\*targeted + +David Dabbs + +12:00 PM + +Oh, Harshad you were asking about making the joinAdInterestGroup() call on the advertiser's property but the IG owner is dsp.example. Yes this is possible with the correct permissions files, &c. in place. See the explainer. + +Party over, oops, outta time. + +Sid Sahoo + +12:01 PM + +@Matt: There is a k-anon requirement, not at the IG level; here are more details:[ https://developers.google.com/privacy-sandbox/relevance/protected-audience-api/k-anonymity?hl=en](https://developers.google.com/privacy-sandbox/relevance/protected-audience-api/k-anonymity?hl=en) + +Matt Davies + +12:01 PM + +Thanks + +Harshad Mane + +12:02 PM + +Thank you for inputs Sid, David and Matt... I will check it offline + +Shankar Venkataraman + +12:04 PM + +https://docs.google.com/presentation/d/1DhgWHIQ29rNik5JQ-k6mVxVqIkMyAYYcmg0HPLrfZus/edit?usp=drivesdk From f01c6b7075b4cd04aa854bba7b61fb9b92676a66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20SAISSY?= <remy.saissy@gmail.com> Date: Tue, 9 Jan 2024 16:56:10 +0100 Subject: [PATCH 56/58] Update Teads market testing timeframe (#975) --- fledge-tester-list.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fledge-tester-list.md b/fledge-tester-list.md index 944a9c697..b8b3da60c 100644 --- a/fledge-tester-list.md +++ b/fledge-tester-list.md @@ -44,8 +44,8 @@ The usefulness of this page depends on testers sharing information and updates. | --------------- | --------------- | ---------------------- | ------------------------------------- | ------------------ | | Criteo | DSP | Started in 2022, long term commitment | [An update on FLEDGE testing](https://medium.com/criteo-engineering/an-update-on-fledge-chrome-testing-d0046430a3ec)| privacy-sandbox-testing@criteo.com | | Criteo | SSP | November 2023 | | privacy-sandbox-testing@criteo.com | -| Teads | DSP | January 2024 | | privacysandbox@teads.com | -| Teads | SSP | January 2024 | | privacysandbox@teads.com | +| Teads | DSP | March 15th 2024 - May 15th 2024 | | privacysandbox@teads.com | +| Teads | SSP | March 15th 2024 - May 15th 2024 | | privacysandbox@teads.com | | NextRoll | DSP | 2024-01-30 | coming soon | privacysandbox@nextroll.com | | OpenX | SSP | Limited testing in progress | | joel.meyer@openx.com | | RTB House | DSP | Continuous testing ongoing; long term commitment. | https://blog.rtbhouse.com/whitepaper-deep-insights-from-early-fledge-experiments/ | privacysandbox@rtbhouse.com | From 88c9800e18eb6a6a7872a4ce8a938cd684c7e9c8 Mon Sep 17 00:00:00 2001 From: wojciech-bialy-wpm <67895844+wojciech-bialy-wpm@users.noreply.github.com> Date: Tue, 9 Jan 2024 17:25:42 +0100 Subject: [PATCH 57/58] [WPM] add Wirtualna Polska Media to to tester list (#976) --- fledge-tester-list.md | 1 + 1 file changed, 1 insertion(+) diff --git a/fledge-tester-list.md b/fledge-tester-list.md index b8b3da60c..eeccb5ba7 100644 --- a/fledge-tester-list.md +++ b/fledge-tester-list.md @@ -71,6 +71,7 @@ The usefulness of this page depends on testers sharing information and updates. | Globo | DSP & SSP | Testing | | adtech-delivery@g.globo | | Mediavine | DSP & SSP | 2023-2024 | | privacysandbox@mediavine.com | | Jivox | Ad Server (DCO) | Testing in progress | | jvx-google-privacy-sandbox-team@jivox.com | +| Wirtualna Polska Media | Publisher & SSP | Running Protected Audience API tests since July 2023 | https://github.com/grupawp/PAapi | privacysandbox@grupawp.pl | ## Table - Publishers and Advertisers Interested in Testing or Early Adoption Companies who may be interested in participating in tests and early adoption opportunities provided by ad tech companies. From 2a80ffe96e90de9e30314703d59fab61ba0b634e Mon Sep 17 00:00:00 2001 From: qingxinwu <6334674+qingxinwu@users.noreply.github.com> Date: Tue, 9 Jan 2024 11:27:22 -0500 Subject: [PATCH 58/58] Make <dfn>s on the structs, instead of on the headers (#881) * work in progress. * Define structs on the struct not on headers. * fix merge mistakes. * address comments. * reword "https origin". --------- Co-authored-by: Qingxin Wu <qingxinwu@google.com> --- spec.bs | 859 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 422 insertions(+), 437 deletions(-) diff --git a/spec.bs b/spec.bs index 91f1d725f..738742cff 100644 --- a/spec.bs +++ b/spec.bs @@ -96,6 +96,8 @@ spec:infra; type:dfn; text:user agent margin: 1em 0; } +dl { padding-left: 1em; } + /* domintro from https://resources.whatwg.org/standard.css */ .domintro { position: relative; @@ -4212,102 +4214,101 @@ dictionary DirectFromSellerSignalsForSeller { }; -

Interest group

+

Interest group

-An interest group is a [=struct=] with the following [=struct/items=]: +An interest group is a [=struct=] with the following [=struct/items=]:
-: expiry -:: A [=moment=] at which the browser will forget about this interest group. -: owner -:: An [=origin=]. Frames that join interest groups owned by [=interest group/owner=] must either be - served from [=interest group/owner=], or another origin delegated by [=interest group/owner=] (See - [=checking interest group permissions=] for details). The [=origin/scheme=] must be "`https`". -: name -:: A [=string=]. The ([=interest group/owner=], [=interest group/name=]) tuple is a key that - uniquely defines each interest group. -: priority -:: A {{double}}, initially 0.0. Used to select which interest groups participate in an auction - when the number of interest groups are limited by {{AuctionAdConfig/perBuyerGroupLimits}}. - See [=applying interest groups limits to prioritized list=]. -: enable bidding signals prioritization -:: A [=boolean=], initially false. Being true if the interest group's priority should be - calculated using vectors from bidding signals fetch. -: priority vector -:: Null or an [=ordered map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are - {{double}}. Its dot product with the {{AuctionAdConfig/perBuyerPrioritySignals}} will be used - in place of [=interest group/priority=], if set. -: priority signals overrides -:: Null or an [=ordered map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are - {{double}}. Overrides the {{AuctionAdConfig}}'s corresponding priority signals. -: execution mode -:: "`compatibility`", "`frozen-context`", or "`group-by-origin`". - TODO: Define spec for these execution modes, link to it from here and explain these modes. -: bidding url -:: Null or a [=URL=]. The URL to fetch the buyer's JavaScript from. -

- When non-null, the [=interest group/bidding url=]'s [=origin=] will always be [=same origin=] - with [=interest group/owner=]. -

-: bidding wasm helper url -:: Null or a [=URL=]. Lets the bidder provide computationally-expensive subroutines in WebAssembly, - in addition to JavaScript, to be driven from the JavaScript function provided by - [=interest group/bidding url=]. -

- When non-null, the [=interest group/bidding wasm helper url=]'s [=origin=] will always be - [=same origin=] with [=interest group/owner=]. -

-: update url -:: Null or a [=URL=]. Provides a mechanism for the group's owner to periodically update the - attributes of the interest group. See [[#interest-group-updates]]. Must be null if - [=interest group/additional bid key=] is not null. -

- When non-null, the [=interest group/update url=]'s [=origin=] will always be [=same origin=] - with [=interest group/owner=]. -

-: trusted bidding signals url -:: Null or a [=URL=]. Provide a mechanism for making real-time data available for use at bidding - time. See [=building trusted bidding signals url=]. -

- When non-null, the [=interest group/trusted bidding signals url=]'s [=origin=] will always be - [=same origin=] with [=interest group/owner=]. -

-: trusted bidding signals keys -:: Null or a [=list=] of [=string=]. See [=building trusted bidding signals url=]. -: user bidding signals -:: Null or a [=string=]. Additional metadata that the owner can use during on-device bidding. -: ads -:: Null or a [=list=] of [=interest group ad=]. Contains various ads that the interest group might - show. Must be null if [=interest group/additional bid key=] is not null. -: ad components -:: Null or a [=list=] of [=interest group ad=]. Contains various ad components (or "products") that - can be used to construct ads composed of multiple pieces — a top-level ad template "container" - which includes some slots that can be filled in with specific "products". -: additional bid key -:: Null or a [=byte sequence=] of length 32. Must be null if [=interest group/ads=] or - [=interest group/update url=] is not null. The Ed25519 public key (a 256-bit EdDSA public key) - used to guarantee that this [=interest group=], if used by an additional bid for a negative - targeting, can only be used by its [=interest group/owner=]. -: joining origin -:: An [=origin=]. The top level page origin from where the interest group was joined. -: join counts -:: A [=list=] containing [=tuples=] of the day and per day join count. The day - is calculated based on UTC time. The join count is a count of the number of - times {{Navigator/joinAdInterestGroup()}} was called for this interest group on the - corresponding day. -: join time -:: A [=moment=] at which the browser joined this interest group, updated upon each join and - re-join. -: bid counts -:: A [=list=] containing [=tuples=] of the day and per day bid count. The day - is calculated based on UTC time. The bid count is a count of the number of - times the bid calculated during {{Navigator/runAdAuction()}} was greater than 0. -: previous wins -:: A [=list=] of [=previous wins=]. -: next update after -:: A [=moment=] at which the browser will permit updating this interest group. See - [[#interest-group-updates]]. - + : expiry + :: A [=moment=] at which the browser will forget about this interest group. + : owner + :: An [=origin=]. Frames that join interest groups owned by [=interest group/owner=] must either be + served from [=interest group/owner=], or another origin delegated by [=interest group/owner=] (See + [=checking interest group permissions=] for details). The [=origin/scheme=] must be "`https`". + : name + :: A [=string=]. The ([=interest group/owner=], [=interest group/name=]) tuple is a key that + uniquely defines each interest group. + : priority + :: A {{double}}, initially 0.0. Used to select which interest groups participate in an auction + when the number of interest groups are limited by {{AuctionAdConfig/perBuyerGroupLimits}}. + See [=applying interest groups limits to prioritized list=]. + : enable bidding signals prioritization + :: A [=boolean=], initially false. Being true if the interest group's priority should be + calculated using vectors from bidding signals fetch. + : priority vector + :: Null or an [=ordered map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are + {{double}}. Its dot product with the {{AuctionAdConfig/perBuyerPrioritySignals}} will be used + in place of [=interest group/priority=], if set. + : priority signals overrides + :: Null or an [=ordered map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are + {{double}}. Overrides the {{AuctionAdConfig}}'s corresponding priority signals. + : execution mode + :: "`compatibility`", "`frozen-context`", or "`group-by-origin`". + TODO: Define spec for these execution modes, link to it from here and explain these modes. + : bidding url + :: Null or a [=URL=]. The URL to fetch the buyer's JavaScript from. +

+ When non-null, the [=interest group/bidding url=]'s [=origin=] will always be [=same origin=] + with [=interest group/owner=]. +

+ : bidding wasm helper url + :: Null or a [=URL=]. Lets the bidder provide computationally-expensive subroutines in WebAssembly, + in addition to JavaScript, to be driven from the JavaScript function provided by + [=interest group/bidding url=]. +

+ When non-null, the [=interest group/bidding wasm helper url=]'s [=origin=] will always be + [=same origin=] with [=interest group/owner=]. +

+ : update url + :: Null or a [=URL=]. Provides a mechanism for the group's owner to periodically update the + attributes of the interest group. See [[#interest-group-updates]]. Must be null if + [=interest group/additional bid key=] is not null. +

+ When non-null, the [=interest group/update url=]'s [=origin=] will always be [=same origin=] + with [=interest group/owner=]. +

+ : trusted bidding signals url + :: Null or a [=URL=]. Provide a mechanism for making real-time data available for use at bidding + time. See [=building trusted bidding signals url=]. +

+ When non-null, the [=interest group/trusted bidding signals url=]'s [=origin=] will always be + [=same origin=] with [=interest group/owner=]. +

+ : trusted bidding signals keys + :: Null or a [=list=] of [=string=]. See [=building trusted bidding signals url=]. + : user bidding signals + :: Null or a [=string=]. Additional metadata that the owner can use during on-device bidding. + : ads + :: Null or a [=list=] of [=interest group ad=]. Contains various ads that the interest group might + show. Must be null if [=interest group/additional bid key=] is not null. + : ad components + :: Null or a [=list=] of [=interest group ad=]. Contains various ad components (or "products") that + can be used to construct ads composed of multiple pieces — a top-level ad template "container" + which includes some slots that can be filled in with specific "products". + : additional bid key + :: Null or a [=byte sequence=] of length 32. Must be null if [=interest group/ads=] or + [=interest group/update url=] is not null. The Ed25519 public key (a 256-bit EdDSA public key) + used to guarantee that this [=interest group=], if used by an additional bid for a negative + targeting, can only be used by its [=interest group/owner=]. + : joining origin + :: An [=origin=]. The top level page origin from where the interest group was joined. + : join counts + :: A [=list=] containing [=tuples=] of the day and per day join count. The day + is calculated based on UTC time. The join count is a count of the number of + times {{Navigator/joinAdInterestGroup()}} was called for this interest group on the + corresponding day. + : join time + :: A [=moment=] at which the browser joined this interest group, updated upon each join and + re-join. + : bid counts + :: A [=list=] containing [=tuples=] of the day and per day bid count. The day + is calculated based on UTC time. The bid count is a count of the number of + times the bid calculated during {{Navigator/runAdAuction()}} was greater than 0. + : previous wins + :: A [=list=] of [=previous wins=]. + : next update after + :: A [=moment=] at which the browser will permit updating this interest group. See + [interest group updates](#interest-group-updates).
A regular interest group is an [=interest group=] whose @@ -4316,32 +4317,39 @@ A regular interest group is an [=interest group=] whose A negative interest group is an [=interest group=] whose [=interest group/additional bid key=] is not null. -

Interest group ad

- -An interest group ad is a [=struct=] with the following [=struct/items=]: +An interest group ad is a [=struct=] with the following [=struct/items=]:
-: render url -:: A [=URL=]. If this ad wins the auction, this URL (or a [=urn uuid=] that maps to this URL) will - be returned by {{Navigator/runAdAuction()}}. This URL is intended to be loaded into an ad - <{iframe}> (or a <{fencedframe}>). -: metadata -:: Null or a [=string=]. Extra arbitary information about this ad, passed to `generateBid()`. -: buyer reporting ID -:: Null or a [=string=]. Will be passed in place of interest group name to [=report win=], subject - to [=k-anonymity=] checks. Only meaningful in [=interest group/ads=], but ignored in - [=interest group/ad components=]. -: buyer and seller reporting ID -:: Null or a [=string=]. Will be passed in place of interest group name or - [=interest group ad/buyer reporting ID=] to [=report win=] and [=report result=], subject to - [=k-anonymity=] checks. Only meaningful in [=interest group/ads=], but ignored in - [=interest group/ad components=]. -: allowed reporting origins -:: Null or a [=list=] of [=origins=]. A list of up to 10 reporting origins that can receive reports - with registered macros. All origins must be HTTPS origins and - enrolled. Only meaningful in - [=interest group/ads=], but ignored in [=interest group/ad components=]. + : render url + :: A [=URL=]. If this ad wins the auction, this URL (or a [=urn uuid=] that maps to this URL) will + be returned by {{Navigator/runAdAuction()}}. This URL is intended to be loaded into an ad + <{iframe}> (or a <{fencedframe}>). + : metadata + :: Null or a [=string=]. Extra arbitary information about this ad, passed to `generateBid()`. + : buyer reporting ID + :: Null or a [=string=]. Will be passed in place of interest group name to [=report win=], subject + to [=k-anonymity=] checks. Only meaningful in [=interest group/ads=], but ignored in + [=interest group/ad components=]. + : buyer and seller reporting ID + :: Null or a [=string=]. Will be passed in place of interest group name or + [=interest group ad/buyer reporting ID=] to [=report win=] and [=report result=], subject to + [=k-anonymity=] checks. Only meaningful in [=interest group/ads=], but ignored in + [=interest group/ad components=]. + : allowed reporting origins + :: Null or a [=list=] of [=origins=]. A list of up to 10 reporting origins that can receive reports + with registered macros. Each origin's [=origin/scheme=] must be "`https`" and each origin must be + enrolled. Only meaningful in + [=interest group/ads=], but ignored in [=interest group/ad components=]. +
+ +A previous win is the [=interest group=]'s auction win history, to allow on-device +frequency capping. +
+ : time + :: A [=moment=]. Approximate time the [=interest group=] won an auction. + : ad json + :: A [=string=]. A JSON serialized object corresponding to the ad that won the auction.

Currency tag

@@ -4372,319 +4380,296 @@ value is used to denote that the currency is unspecified. 1. Return false. -

Auction config

+

Auction config

-An auction config is a [=struct=] with the following items: +An auction config is a [=struct=] with the following items:
-: seller -:: An [=origin=]. - The origin of the seller running the ad auction. The [=origin/scheme=] must be "https". -: decision logic url -:: A [=URL=]. - The URL to fetch the seller's JavaScript from. -

- The [=auction config/decision logic url=]'s [=origin=] will always be [=same origin=] with - [=auction config/seller=]. -

-: trusted scoring signals url -:: Null or a [=URL=]. - Provide a mechanism for making real-time data (information about a specific [=ad creative=]) available - for use at scoring time, e.g. the results of some ad scanning system. -

- When non-null, the [=auction config/trusted scoring signals url=]'s [=origin=] will always be - [=same origin=] with [=auction config/seller=]. -

-: interest group buyers -:: Null or a [=list=] of [=origins=]. - Owners of interest groups allowed to participate in the auction. Each [=origin's=] [=origin/scheme=] - must be "https". -: auction signals -:: Null, a [=string=], a {{Promise}}, or failure. - Opaque JSON data passed to both sellers' and buyers' [=script runners=]. -: requested size -:: Null or an [=ad size=], initially null. - The size of the frame for the ad being selected by the auction. -: seller signals -:: Null, a [=string=], a {{Promise}}, or failure. - Opaque JSON data passed to the seller's [=script runner=]. -: seller timeout -:: A [=duration=] in milliseconds, initially 50 milliseconds. - Restricts the runtime of the seller's `scoreAd()` script. If scoring does not complete before - the timeout, the bid being scored is not considered further. -: per buyer signals -:: Null, a {{Promise}}, failure, or an [=ordered map=] whose [=map/keys=] are [=origins=] and - whose [=map/values=] are [=strings=]. - [=map/Keys=] are buyers and must be valid HTTPS origins. [=map/Values=] are opaque JSON data - passed to corresponding buyer's [=script runner=]. -: per buyer timeouts -:: Null, a {{Promise}}, failure, or an [=ordered map=] whose [=map/keys=] are [=origins=] and - whose [=map/values=] are [=durations=] in milliseconds. - [=map/Keys=] are buyers and must be valid HTTPS origins. [=map/Values=] restrict the runtime of - corresponding buyer's `generateBid()` script. If the timeout expires, only the bid submitted - via `setBid()` is considered. -: all buyers timeout -:: A [=duration=] in milliseconds, initially 50 milliseconds. - Restricts the `generateBid()` script's runtime for all buyers without a timeout specified in - [=auction config/per buyer timeouts=]. If the timeout expires, only the bid submitted via - `setBid()` is considered. -: per buyer cumulative timeouts -:: Null, a {{Promise}}, failure, or an [=ordered map=] whose [=map/keys=] are [=origins=] and - whose [=map/values=] are [=durations=] in milliseconds. - [=map/Keys=] are buyers and must be valid HTTPS [=origins=]. [=map/Values=] are collective - timeouts for all interest groups of the buyer represented by the [=map/key=]. Includes the time of - loading scripts and signals, and running the `generateBid()` functions. Once the timer expires, - the affected buyer's interest groups may no longer generate any bids. All bids generated before - the timeout will continue to participate in the auction. - Implementations should attempt, on a best-effort basis, to generate bids for each buyer in - priority order, so lower priority [=interest groups=] are the ones more likely to be timed out. If - {{Promise}}s are passed in to the [=auction config=] for fields that support them, - [=wait until configuration input promises resolve=] before starting the timer. - -: all buyers cumulative timeout -:: Null or a [=duration=] in milliseconds, initially null. - Restricts a buyer's cumulative timeout for all buyers without one specified in - [=auction config/per buyer cumulative timeouts=]. -: per buyer group limits -:: Null or an [=ordered map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are - {{unsigned short}}s. - [=map/Keys=] are buyers and must be valid HTTPS origins. [=map/Values=] restrict the number of - bidding interest groups for a particular buyer that can participate in an auction. -: all buyers group limit -:: An {{unsigned short}}, initially 65535. - Limit on the number of bidding interest groups for all buyers without a limit specified in - [=auction config/per buyer group limits=]. -: per buyer priority signals -:: Null or an [=ordered map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are - [=ordered maps=], whose [=map/keys=] are [=strings=] and whose [=map/values=] are {{double}}. - Per-buyer sparse vector whose dot product with [=interest group/priority vector=] is used to - calculate interest group priorities. No signal's key starts with "browserSignals.", which is - reserved for values coming from the browser. -: all buyers priority signals -:: Null or an [=ordered map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are - {{double}}. - Merged with [=auction config/per buyer priority signals=] before calculating per-interest group - priorities. In the case both have entries with the same key, the entry in - `per_buyer_priority_signals` takes precedence. No signals key start with "browserSignals.", which - is reserved for values coming from the browser. -: component auctions -:: A [=list=] of [=auction config=]s. - Nested auctions whose results will also participate in a top level auction. Only the top level - [=auction config=] can have component auctions. -: seller experiment group id -:: Null or an {{unsigned short}}, initially null. - Optional identifier for an experiment group to support coordinated experiments with the seller's - trusted server. -: per buyer experiment group ids -:: An [=ordered map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are - {{unsigned short}}s. - [=map/Keys=] are buyers and must be valid HTTPS origins. [=map/Values=] are identifiers for - experiment groups, to support coordinated experiments with buyers' trusted servers. -: all buyer experiment group id -:: Null or an {{unsigned short}}, initially null. - Optional identifier for an experiment group to support coordinated experiments with buyers' - trusted servers for buyers without a specified experiment group. -: pending promise count -:: An integer, initially 0. The number of things that are pending that are needed to score - everything. It includes waiting for {{Promise}}s [=auction config/auction signals=], - [=auction config/per buyer signals=], [=auction config/per buyer currencies=], - [=auction config/per buyer timeouts=], [=auction config/direct from seller signals header ad slot=], - [=auction config/seller signals=], or {{AuctionAdConfig/additionalBids}} whose {{Promise}}s are not - yet resolved. -: config idl -:: {{AuctionAdConfig}}. -: resolve to config -:: A [=boolean=] or a {{Promise}}, initially false. - Whether the ad should be returned as a {{FencedFrameConfig}}, or otherwise as a [=urn uuid=]. -: seller currency -:: A [=currency tag=]. Specifies the currency bids returned by `scoreAd()` are expected to use, and - which reporting for this auction will agree on. -: per buyer currencies -:: A {{Promise}} or failure or an [=ordered map=] whose [=map/keys=] are [=origins=] and whose - [=map/values=] are [=currency tags=]. Specifies the currency bids returned by `generateBid()` or - `scoreAd()` in component auctions are expected to use. The initial value is an empty map. -: all buyers currency -:: A [=currency tag=]. Specifies the currency bids returned by `generateBid()` or `scoreAd()` in - component auctions are expected to use if [=auction config/per buyer currencies=] does not specify - a particular value. -: direct from seller signals header ad slot -:: Null, a [=string=], a {{Promise}}, or failure. Initially null. -: auction nonce -:: Null or a [=version 4 UUID=], initially null. - A unique identifier associated with this and only this invocation of - {{Window/navigator}}.{{Navigator/runAdAuction()}}. For - multi-seller auctions, this ID is uniquely associated with all {{AuctionAdConfig/componentAuctions}}. - This must come from a prior call to {{Window/navigator}}.{{Navigator/createAuctionNonce()}}. This - is only required for auctions that provide additional bids, and each of those additional bids must - use the same auction nonce to ensure that each of those additional bids was intended for this and - only this auction. -: expects additional bids -:: A [=boolean=] or failure, initially false. - Specifies whether some bids will be provided as signed exchanges. Sets to failure if the - {{AuctionAdConfig/additionalBids}} {{Promise}} is [=rejected=]. - + : seller + :: An [=origin=]. + The origin of the seller running the ad auction. The [=origin/scheme=] must be "`https`". + : decision logic url + :: A [=URL=]. + The URL to fetch the seller's JavaScript from. +

+ The [=auction config/decision logic url=]'s [=origin=] will always be [=same origin=] with + [=auction config/seller=]. +

+ : trusted scoring signals url + :: Null or a [=URL=]. + Provide a mechanism for making real-time data (information about a specific [=ad creative=]) + available for use at [=evaluate a scoring script|scoring=] time, e.g. the results of some ad + scanning system. +

+ When non-null, the [=auction config/trusted scoring signals url=]'s [=origin=] will always be + [=same origin=] with [=auction config/seller=]. +

+ : interest group buyers + :: Null or a [=list=] of [=origins=]. + Owners of interest groups allowed to participate in the auction. Each [=origin's=] + [=origin/scheme=] must be "`https`". + : auction signals + :: Null, a [=string=], a {{Promise}}, or failure. + Opaque JSON data passed to both sellers' and buyers' [=script runners=]. + : requested size + :: Null or an [=ad size=], initially null. + The size of the frame for the ad being selected by the auction. + : seller signals + :: Null, a [=string=], a {{Promise}}, or failure. + Opaque JSON data passed to the seller's [=script runner=]. + : seller timeout + :: A [=duration=] in milliseconds, initially 50 milliseconds. + Restricts the runtime of the seller's `scoreAd()` script. If scoring does not complete before + the timeout, the bid being scored is not considered further. + : per buyer signals + :: Null, a {{Promise}}, failure, or an [=ordered map=] whose [=map/keys=] are [=origins=] and + whose [=map/values=] are [=strings=]. + [=map/Keys=] are buyers whose [=origin/schemes=] must be "`https`". [=map/Values=] are + opaque JSON data passed to corresponding buyer's [=script runner=]. + : per buyer timeouts + :: Null, a {{Promise}}, failure, or an [=ordered map=] whose [=map/keys=] are [=origins=] and + whose [=map/values=] are [=durations=] in milliseconds. + [=map/Keys=] are buyers whose [=origin/schemes=] must be "`https`". [=map/Values=] restrict the + runtime of corresponding buyer's `generateBid()` script. If the timeout expires, only the bid + submitted via `setBid()` is considered. + : all buyers timeout + :: A [=duration=] in milliseconds, initially 50 milliseconds. + Restricts the `generateBid()` script's runtime for all buyers without a timeout specified in + [=auction config/per buyer timeouts=]. If the timeout expires, only the bid submitted via + `setBid()` is considered. + : per buyer cumulative timeouts + :: Null, a {{Promise}}, failure, or an [=ordered map=] whose [=map/keys=] are [=origins=] and + whose [=map/values=] are [=durations=] in milliseconds. + [=map/Keys=] are buyers whose [=origin/schemes=] must be "`https`". [=map/Values=] are collective + timeouts for all interest groups of the buyer represented by the [=map/key=]. Includes the time of + loading scripts and signals, and running the `generateBid()` functions. Once the timer expires, + the affected buyer's interest groups may no longer generate any bids. All bids generated before + the timeout will continue to participate in the auction. + Implementations should attempt, on a best-effort basis, to generate bids for each buyer in + priority order, so lower priority [=interest groups=] are the ones more likely to be timed out. If + {{Promise}}s are passed in to the [=auction config=] for fields that support them, + [=wait until configuration input promises resolve=] before starting the timer. + : all buyers cumulative timeout + :: Null or a [=duration=] in milliseconds, initially null. + Restricts a buyer's cumulative timeout for all buyers without one specified in + [=auction config/per buyer cumulative timeouts=]. + : per buyer group limits + :: Null or an [=ordered map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are + {{unsigned short}}s. + [=map/Keys=] are buyers whose [=origin/schemes=] must be "`https`". [=map/Values=] restrict the + number of bidding interest groups for a particular buyer that can participate in an auction. + : all buyers group limit + :: An {{unsigned short}}, initially 65535. + Limit on the number of bidding interest groups for all buyers without a limit specified in + [=auction config/per buyer group limits=]. + : per buyer priority signals + :: Null or an [=ordered map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are + [=ordered maps=], whose [=map/keys=] are [=strings=] and whose [=map/values=] are {{double}}. + Per-buyer sparse vector whose dot product with [=interest group/priority vector=] is used to + calculate interest group priorities. No signal's key starts with "browserSignals.", which is + reserved for values coming from the browser. + : all buyers priority signals + :: Null or an [=ordered map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are + {{double}}. + Merged with [=auction config/per buyer priority signals=] before calculating per-interest group + priorities. In the case both have entries with the same key, the entry in + `per_buyer_priority_signals` takes precedence. No signals key start with "browserSignals.", which + is reserved for values coming from the browser. + : component auctions + :: A [=list=] of [=auction config=]s. + Nested auctions whose results will also participate in a top level auction. Only the top level + [=auction config=] can have component auctions. + : seller experiment group id + :: Null or an {{unsigned short}}, initially null. + Optional identifier for an experiment group to support coordinated experiments with the seller's + trusted server. + : per buyer experiment group ids + :: An [=ordered map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are + {{unsigned short}}s. + [=map/Keys=] are buyers whose [=origin/schemes=] must be "`https`". [=map/Values=] are + identifiers for experiment groups, to support coordinated experiments with buyers' trusted servers. + : all buyer experiment group id + :: Null or an {{unsigned short}}, initially null. + Optional identifier for an experiment group to support coordinated experiments with buyers' + trusted servers for buyers without a specified experiment group. + : pending promise count + :: An integer, initially 0. The number of things that are pending that are needed to score + everything. It includes waiting for {{Promise}}s [=auction config/auction signals=], + [=auction config/per buyer signals=], [=auction config/per buyer currencies=], + [=auction config/per buyer timeouts=], [=auction config/direct from seller signals header ad slot=], + [=auction config/seller signals=], or {{AuctionAdConfig/additionalBids}} whose {{Promise}}s are + not yet resolved. + : config idl + :: {{AuctionAdConfig}}. + : resolve to config + :: A [=boolean=] or a {{Promise}}, initially false. + Whether the ad should be returned as a {{FencedFrameConfig}}, or otherwise as a [=urn uuid=]. + : seller currency + :: A [=currency tag=]. Specifies the currency bids returned by `scoreAd()` are expected to use, and + which reporting for this auction will agree on. + : per buyer currencies + :: A {{Promise}} or failure or an [=ordered map=] whose [=map/keys=] are [=origins=] and whose + [=map/values=] are [=currency tags=]. Specifies the currency bids returned by `generateBid()` or + `scoreAd()` in component auctions are expected to use. The initial value is an empty map. + : all buyers currency + :: A [=currency tag=]. Specifies the currency bids returned by `generateBid()` or `scoreAd()` in + component auctions are expected to use if [=auction config/per buyer currencies=] does not + specify a particular value. + : direct from seller signals header ad slot + :: Null, a [=string=], a {{Promise}}, or failure. Initially null. + : auction nonce + :: Null or a [=version 4 UUID=], initially null. + A unique identifier associated with this and only this invocation of + {{Window/navigator}}.{{Navigator/runAdAuction()}}. For multi-seller auctions, this ID is + uniquely associated with all {{AuctionAdConfig/componentAuctions}}. + This must come from a prior call to {{Window/navigator}}.{{Navigator/createAuctionNonce()}}. + This is only required for auctions that provide [=additional bids=], and each of those + [=additional bids=] must use the same auction nonce to ensure that each of them was intended for + this and only this auction. + : expects additional bids + :: A [=boolean=] or failure, initially false. + Specifies whether some bids will be provided as signed exchanges. Sets to failure if the + {{AuctionAdConfig/additionalBids}} {{Promise}} is [=rejected=].
-To wait until configuration input promises resolve given an [=auction config=] |auctionConfig|: -1. Wait until |auctionConfig|'s [=auction config/pending promise count=] is 0. -1. [=Assert=] |auctionConfig|'s [=auction config/auction signals=], [=auction config/seller signals=], - [=auction config/per buyer signals=], [=auction config/per buyer currencies=], - [=auction config/per buyer timeouts=], [=auction config/per buyer cumulative timeouts=], and - [=auction config/direct from seller signals header ad slot=] are not {{Promise}}s, and - [=auction config/expects additional bids=] is false. -1. If |auctionConfig|'s [=auction config/auction signals=], [=auction config/seller signals=], - [=auction config/per buyer signals=], [=auction config/per buyer currencies=], - [=auction config/per buyer timeouts=], [=auction config/per buyer cumulative timeouts=], or - [=auction config/direct from seller signals header ad slot=] is failure, return failure. -1. Return. +To wait until configuration input promises resolve given an [=auction config=] +|auctionConfig|: + 1. Wait until |auctionConfig|'s [=auction config/pending promise count=] is 0. + 1. [=Assert=] |auctionConfig|'s [=auction config/auction signals=], [=auction config/seller signals=], + [=auction config/per buyer signals=], [=auction config/per buyer currencies=], + [=auction config/per buyer timeouts=], [=auction config/per buyer cumulative timeouts=], and + [=auction config/direct from seller signals header ad slot=] are not {{Promise}}s, and + [=auction config/expects additional bids=] is false. + 1. If |auctionConfig|'s [=auction config/auction signals=], [=auction config/seller signals=], + [=auction config/per buyer signals=], [=auction config/per buyer currencies=], + [=auction config/per buyer timeouts=], [=auction config/per buyer cumulative timeouts=], or + [=auction config/direct from seller signals header ad slot=] is failure, return failure. + 1. Return.
To recursively wait until configuration input promises resolve given an [=auction config=] |auctionConfig|: -1. [=list/For each=] |componentAuctionConfig| in |auctionConfig|'s [=auction config/component auctions=]: - 1. If the result of [=waiting until configuration input promises resolve=] given |componentAuctionConfig| is - failure, return failure. -1. Return the result of [=waiting until configuration input promises resolve=] given |auctionConfig|. + 1. [=list/For each=] |componentAuctionConfig| in |auctionConfig|'s + [=auction config/component auctions=]: + 1. If the result of [=waiting until configuration input promises resolve=] given + |componentAuctionConfig| is failure, return failure. + 1. Return the result of [=waiting until configuration input promises resolve=] given |auctionConfig|.
To handle an input promise in configuration given an [=auction config=] |auctionConfig|, a {{Promise}} |p|, and two sequences of steps, covering the parsing of the value and error-handling: -1. Increment |auctionConfig|'s [=auction config/pending promise count=]. -1. Let |resolvedAndTypeChecked| be the promise representing performing the following steps - [=upon fulfillment=] of |p| with |result|: - 1. Execute the steps to be run for parsing of the value given |result|. - 1. If no exception was [=exception/thrown=] in the previous step, then decrement |auctionConfig|'s - [=auction config/pending promise count=]. -1. [=Upon rejection=] of |resolvedAndTypeChecked|: - 1. Execute the steps for error-handling. - 1. Decrement |auctionConfig|'s [=auction config/pending promise count=]. + 1. Increment |auctionConfig|'s [=auction config/pending promise count=]. + 1. Let |resolvedAndTypeChecked| be the promise representing performing the following steps + [=upon fulfillment=] of |p| with |result|: + 1. Execute the steps to be run for parsing of the value given |result|. + 1. If no exception was [=exception/thrown=] in the previous step, then decrement + |auctionConfig|'s [=auction config/pending promise count=]. + 1. [=Upon rejection=] of |resolvedAndTypeChecked|: + 1. Execute the steps for error-handling. + 1. Decrement |auctionConfig|'s [=auction config/pending promise count=].
- To look up per-buyer currency given an [=auction config=] |auctionConfig|, and an [=origin=] |buyer|: +To look up per-buyer currency given an [=auction config=] |auctionConfig|, and an +[=origin=] |buyer|: 1. Let |perBuyerCurrency| be |auctionConfig|'s [=auction config/all buyers currency=] - 1. Assert: |auctionConfig|'s [=auction config/per buyer currencies=] is an [=ordered map=]. + 1. [=Assert=] that |auctionConfig|'s [=auction config/per buyer currencies=] is an [=ordered map=]. 1. If |auctionConfig|'s [=auction config/per buyer currencies=][|buyer|] [=map/exists=], then set |perBuyerCurrency| to |auctionConfig|'s [=auction config/per buyer currencies=][|buyer|]. 1. Return |perBuyerCurrency|
-

Per buyer bid generator

+

Bid generator

-A per buyer bid generator is an [=ordered map=] whose [=map/keys=] are [=URLs=] representing -[=interest group/trusted bidding signals urls=], and whose [=map/values=] are +A per buyer bid generator is an [=ordered map=] whose [=map/keys=] are [=URLs=] +representing [=interest group/trusted bidding signals urls=], and whose [=map/values=] are [=per signals url bid generators=]. -

Per signals url bid generator

- -A per signals url bid generator is an [=ordered map=] whose [=map/keys=] are [=origins=] +A per signals url bid generator is an [=ordered map=] whose [=map/keys=] are [=origins=] representing [=interest group/joining origins=], and whose [=map/values=] are [=lists=] of [=interest groups=]. +

Generated bid

-

Previous win

- -The [=interest group=]'s auction win history, to allow on-device frequency capping. - - -
-: time -:: A [=moment=]. Approximate time the [=interest group=] won an auction. -: ad json -:: A [=string=]. A JSON serialized object corresponding to the ad that won the auction. +A generated bid is a bid that needs to be scored by the seller. The bid is either the +result of [=evaluating a bidding script=], or an [=additional bid=] provided by the +[:Ad-Auction-Additional-Bid:] response headers. +
+ : bid + :: A [=bid with currency=]. If the [=bid with currency/value=] is zero or negative, then this + [=interest group=] will not participate in the auction. + : bid in seller currency + :: A {{double}} or null. An equivalent of the original bid in seller's currency. This is either + the original bid if the currency already matched, or a conversion provided by `scoreAd()`. + : ad + :: A [=string=]. JSON string to be passed to the scoring function. + + Issue: TODO: Check whether [=generated bid/ad descriptor=] can be moved to + [=generated bid/bid ad=] to avoid duplication + (WICG/turtledove#868). + : ad descriptor + :: An [=ad descriptor=]. Render URL and size of the bid's ad. + : ad component descriptors + :: Null or a [=list=] of [=ad descriptors=]. Ad components associated with bid, if any. May have at + most 20 [=list/items=]. Must be null if the interest group making this bid has a null + [=interest group/ad components=] field. + : ad cost + :: Null or a {{double}}. Advertiser click or conversion cost passed from `generateBid()` to + `reportWin()`. Negative values will be ignored and not passed. Will be + [=round a value|stochastically rounded=] when passed. + : modeling signals + :: Null or an {{unsigned short}}. A 0-4095 integer (12-bits) passed to `reportWin()`, with noising. + : interest group + :: An [=interest group=], whose `generateBid()` invocation generated this bid, or specified by the + additional bid. + : bid ad + :: The [=interest group ad=] within [=generated bid/interest group=] to display. + : modified bid + :: Null or a [=bid with currency=]. Being null for top level auction. + The bid value a component auction's `scoreAd()` script returns. + : bid duration + :: A [=duration=] in milliseconds. How long it took to run `generateBid()`. + : provided as additional bid + :: A [=boolean=], initially false.
-

Bid with currency

-Numeric value of a bid and the currency it is in. +A bid with currency is a numeric value of a bid and the currency it is in.
-: value -:: A {{double}}. The value of the bid. -: currency -:: A [=currency tag=]. The currency the bid is in. - -
- -

Generated bid

- -A bid that needs to be scored by the seller. The bid is either the output of running a Protected -Audience `generateBid()` script, or an additional bid provided by the [:Ad-Auction-Additional-Bid:] -response headers. - -
-: bid -:: A [=bid with currency=]. If the [=bid with currency/value=] is zero or negative, then this - [=interest group=] will not participate in the auction. -: bid in seller currency -:: A {{double}} or null. An equivalent of the original bid in seller's currency. This is either the - original bid if the currency already matched, or a conversion provided by `scoreAd()`. -: ad -:: A [=string=]. JSON string to be passed to the scoring function. - - Issue: TODO: Check whether [=generated bid/ad descriptor=] can be moved to - [=generated bid/bid ad=] to avoid duplication - (WICG/turtledove#868). -: ad descriptor -:: An [=ad descriptor=]. Render URL and size of the bid's ad. -: ad component descriptors -:: Null or a [=list=] of [=ad descriptors=]. Ad components associated with bid, if any. May have at - most 20 [=list/items=]. Must be null if the interest group making this bid has a null - [=interest group/ad components=] field. -: ad cost -:: Null or a {{double}}. Advertiser click or conversion cost passed from `generateBid()` to - `reportWin()`. Negative values will be ignored and not passed. Will be - [=round a value|stochastically rounded=] when passed. -: modeling signals -:: Null or an {{unsigned short}}. A 0-4095 integer (12-bits) passed to `reportWin()`, with noising. -: interest group -:: An [=interest group=], whose `generateBid()` invocation generated this bid, or specified by the - additional bid. -: bid ad -:: The [=interest group ad=] within [=generated bid/interest group=] to display. -: modified bid -:: Null or a [=bid with currency=]. Being null for top level auction. - The bid value a component auction's `scoreAd()` script returns. -: bid duration -:: A [=duration=] in milliseconds. How long it took to run `generateBid()`. -: provided as additional bid -:: A [=boolean=], initially false. - + : value + :: A {{double}}. The value of the bid. + : currency + :: A [=currency tag=]. The currency the bid is in.
-

Ad descriptor

- -The render URL and size of an ad. +An ad descriptor is the render URL and size of an ad.
-: url -:: A [=URL=], which will be rendered to display the [=ad creative=] if this bid wins the auction. -: size -:: Null or an [=ad size=], initially null. - + : url + :: A [=URL=], which will be rendered to display the [=ad creative=] if this bid wins the auction. + : size + :: Null or an [=ad size=], initially null.
-

Ad size

- -Width and height of an ad. +An ad size is the width and height of an ad.
-: width -:: A {{double}}. -: width units -:: A [=string=]. Can only be one of "px" (pixel), "sh" (screen height), and "sw" (screen width). -: height -:: A {{double}}. -: height units -:: A [=string=]. Can only be one of "px" (pixel), "sh" (screen height), and "sw" (screen width). - + : width + :: A {{double}}. + : width units + :: A [=string=]. Can only be one of "px" (pixel), "sh" (screen height), and "sw" (screen width). + : height + :: A {{double}}. + : height units + :: A [=string=]. Can only be one of "px" (pixel), "sh" (screen height), and "sw" (screen width).

Direct from seller signals

@@ -4710,11 +4695,11 @@ A direct from seller signals is a [=struct=] with the following [=str Opaque JSON data passed to the seller's [=script runner=]. : per buyer signals :: A [=map=] whose [=map/keys=] are [=origins=] and whose [=map/values=] are [=strings=]. - [=map/Keys=] are buyers and must be valid HTTPS origins. [=map/Values=] are opaque JSON data - passed to corresponding buyer's [=script runner=]. + [=map/Keys=] are buyers whose [=origin/scheme=] must be "`https`". [=map/Values=] are opaque + JSON data passed to corresponding buyer's [=script runner=].
-

Score ad output

+

Score ad output

The output of running a Protected Audience `scoreAd()` script, is represented using the following type: 
@@ -4753,8 +4738,8 @@ TODO: This also has an ad field, which should behave similar to the way {{ScoreA
 affects [=generated bid/modified bid=], and then affecting the adMetadata parameter to scoreAd.
 
 

-
 To process scoreAd output given an [=ECMAScript/Completion Record=] |result|:
+
   1. If |result| is an an [=ECMAScript/abrupt completion=], return failure.
   1. If |result|.\[[Value]] is a [=Number=]:
     1. Let |checkedScore| be the result of [=converted to an IDL value|converting=]
@@ -4772,62 +4757,62 @@ To process scoreAd output given an [=ECMAScript/Completion Record=] |
   1. Return |resultIDL|.
 

 
-
Leading bid info

+
Leading bid info

 
-Information of the auction's leading bid so far when ranking scored bids.
+A leading bid info is the information of the auction's leading bid so far when ranking
+scored bids.
 
 

-: top score
-:: A {{double}}, initially 0.0. The highest score so far.
-: top bids count
-:: An integer, initially 0. The number of bids with the same `top score`.
-: at most one top bid owner
-:: A [=boolean=], initially true. Whether all bids of `top score` are from the same interest
-  group owner.
-: leading bid
-:: Null or a [=generated bid=]. The leading bid of the auction so far.
-: auction config
-:: An [=auction config=]. The auction config of the auction which generated this
-  [=leading bid info/leading bid=].
-: second highest score
-:: A {{double}}, initially 0.0. The second highest score so far. If more than one bids tie with
-  `top score`, this will be set to `top score`.
-: highest scoring other bids count
-:: An integer, initially 0. The number of bids with the same `second highest score`.
-: highest scoring other bid
-:: Null or a [=generated bid=]. The second highest scoring other bid.
-: highest scoring other bid owner
-:: Null or an [=origin=], initially null. The interest group owner that made bids with the
-  `second highest score`. Set to null if there are more than one owners made bids with the
-  `second highest score`.
-: top level seller
-:: Null or a [=string=]. The seller in the top level auction.  Only set for component auctions, null
-  otherwise.
-: top level seller signals
-:: Null or a [=string=]. Signals from the seller in the top level auction, produced as the output
-  of the top-level seller's `reportResult()` method.  Only set for component auctions,
-  null otherwise.
-: component seller
-:: Null or a [=string=]. Seller in component auction which generated this
-  [=leading bid info/leading bid=]. Only set the top level auction when component auctions are
-  present, null otherwise.
-: bidding data version
-:: Null or an {{unsigned long}}.
-  Data-Version value from the trusted bidding signals server's response(s). Will only be not null if
-  the Data-Version header was provided and had a consistent value for all of the trusted bidding
-  signals server responses used to construct the trustedBiddingSignals.
-: scoring data version
-:: Null or an {{unsigned long}}.
-  Data-Version value from the trusted scoring signals server's response. Will only be not null if
-  the Data-Version header was provided in the response headers from the trusted scoring signals
-  server.
-: buyer reporting result
-:: Null or a [=reporting result=], initially null.
-: seller reporting result
-:: Null or a [=reporting result=], initially null.
-: component seller reporting result
-:: Null or a [=reporting result=], initially null.
-
+  : top score
+  :: A {{double}}, initially 0.0. The highest score so far.
+  : top bids count
+  :: An integer, initially 0. The number of bids with the same `top score`.
+  : at most one top bid owner
+  :: A [=boolean=], initially true. Whether all bids of `top score` are from the same interest
+    group owner.
+  : leading bid
+  :: Null or a [=generated bid=]. The leading bid of the auction so far.
+  : auction config
+  :: An [=auction config=]. The auction config of the auction which generated this
+    [=leading bid info/leading bid=].
+  : second highest score
+  :: A {{double}}, initially 0.0. The second highest score so far. If more than one bids tie with
+    `top score`, this will be set to `top score`.
+  : highest scoring other bids count
+  :: An integer, initially 0. The number of bids with the same `second highest score`.
+  : highest scoring other bid
+  :: Null or a [=generated bid=]. The second highest scoring other bid.
+  : highest scoring other bid owner
+  :: Null or an [=origin=], initially null. The interest group owner that made bids with the
+    `second highest score`. Set to null if there are more than one owners made bids with the
+    `second highest score`.
+  : top level seller
+  :: Null or a [=string=]. The seller in the top level auction.  Only set for component auctions,
+    null otherwise.
+  : top level seller signals
+  :: Null or a [=string=]. Signals from the seller in the top level auction, produced as the output
+    of the top-level seller's `reportResult()` method.  Only set for component auctions,
+    null otherwise.
+  : component seller
+  :: Null or a [=string=]. Seller in component auction which generated this
+    [=leading bid info/leading bid=]. Only set the top level auction when component auctions are
+    present, null otherwise.
+  : bidding data version
+  :: Null or an {{unsigned long}}.
+    Data-Version value from the trusted bidding signals server's response(s). Will only be not null
+    if the [:Data-Version:] header was provided and had a consistent value for all of the trusted
+    bidding signals server responses used to construct the trustedBiddingSignals.
+  : scoring data version
+  :: Null or an {{unsigned long}}.
+    Data-Version value from the trusted scoring signals server's response. Will only be not null if
+    the [:Data-Version:] header was provided in the response headers from the trusted scoring
+    signals server.
+  : buyer reporting result
+  :: Null or a [=reporting result=], initially null.
+  : seller reporting result
+  :: Null or a [=reporting result=], initially null.
+  : component seller reporting result
+  :: Null or a [=reporting result=], initially null.
 

 
 A reporting result is a [=struct=] with the following [=struct/items=]: