From bae31c95ba3c67f4647e12f9f45390f3e24cdd96 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Thu, 1 Aug 2024 21:40:29 -0700
Subject: [PATCH 01/26] Initial setup for AWS Thicket Tutorial

---
 aws/cluster-autoscaler-autodiscover.yaml    | 180 +++++++++++
 aws/config-aws.yaml                         |  62 ++++
 aws/eksctl-config.yaml                      | 110 +++++++
 aws/eksctl-radiuss-2024.yaml                |  79 +++++
 aws/storageclass.yaml                       |   7 +
 docker/Dockerfile.hub                       |   9 +
 docker/Dockerfile.init                      |  13 +
 Dockerfile.local => docker/Dockerfile.spawn |  42 ++-
 {docker_scripts => docker}/entrypoint.sh    |   0
 docker/init-entrypoint.sh                   |  11 +
 docker/jupyter-launcher.yaml                | 131 ++++++++
 {docker_scripts => docker}/run_all.sh       |   0
 {docker_scripts => docker}/start.sh         |   0
 environment.yml                             | 113 +++++++
 gcp/config.yaml                             |  62 ++++
 thicket-logo.png                            | Bin 0 -> 122222 bytes
 tmp/requirements-cloud.txt                  | 339 ++++++++++++++++++++
 requirements.txt => tmp/requirements.txt    |   0
 18 files changed, 1149 insertions(+), 9 deletions(-)
 create mode 100644 aws/cluster-autoscaler-autodiscover.yaml
 create mode 100644 aws/config-aws.yaml
 create mode 100644 aws/eksctl-config.yaml
 create mode 100644 aws/eksctl-radiuss-2024.yaml
 create mode 100644 aws/storageclass.yaml
 create mode 100644 docker/Dockerfile.hub
 create mode 100644 docker/Dockerfile.init
 rename Dockerfile.local => docker/Dockerfile.spawn (51%)
 rename {docker_scripts => docker}/entrypoint.sh (100%)
 create mode 100644 docker/init-entrypoint.sh
 create mode 100644 docker/jupyter-launcher.yaml
 rename {docker_scripts => docker}/run_all.sh (100%)
 rename {docker_scripts => docker}/start.sh (100%)
 create mode 100644 environment.yml
 create mode 100644 gcp/config.yaml
 create mode 100644 thicket-logo.png
 create mode 100644 tmp/requirements-cloud.txt
 rename requirements.txt => tmp/requirements.txt (100%)

diff --git a/aws/cluster-autoscaler-autodiscover.yaml b/aws/cluster-autoscaler-autodiscover.yaml
new file mode 100644
index 00000000..27576f65
--- /dev/null
+++ b/aws/cluster-autoscaler-autodiscover.yaml
@@ -0,0 +1,180 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-addon: cluster-autoscaler.addons.k8s.io
+    k8s-app: cluster-autoscaler
+  name: cluster-autoscaler
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-autoscaler
+  labels:
+    k8s-addon: cluster-autoscaler.addons.k8s.io
+    k8s-app: cluster-autoscaler
+rules:
+  - apiGroups: [""]
+    resources: ["events", "endpoints"]
+    verbs: ["create", "patch"]
+  - apiGroups: [""]
+    resources: ["pods/eviction"]
+    verbs: ["create"]
+  - apiGroups: [""]
+    resources: ["pods/status"]
+    verbs: ["update"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    resourceNames: ["cluster-autoscaler"]
+    verbs: ["get", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["watch", "list", "get", "update"]
+  - apiGroups: [""]
+    resources:
+      - "namespaces"
+      - "pods"
+      - "services"
+      - "replicationcontrollers"
+      - "persistentvolumeclaims"
+      - "persistentvolumes"
+    verbs: ["watch", "list", "get"]
+  - apiGroups: ["extensions"]
+    resources: ["replicasets", "daemonsets"]
+    verbs: ["watch", "list", "get"]
+  - apiGroups: ["policy"]
+    resources: ["poddisruptionbudgets"]
+    verbs: ["watch", "list"]
+  - apiGroups: ["apps"]
+    resources: ["statefulsets", "replicasets", "daemonsets"]
+    verbs: ["watch", "list", "get"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses", "csinodes", "csidrivers", "csistoragecapacities"]
+    verbs: ["watch", "list", "get"]
+  - apiGroups: ["batch", "extensions"]
+    resources: ["jobs"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create"]
+  - apiGroups: ["coordination.k8s.io"]
+    resourceNames: ["cluster-autoscaler"]
+    resources: ["leases"]
+    verbs: ["get", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cluster-autoscaler
+  namespace: kube-system
+  labels:
+    k8s-addon: cluster-autoscaler.addons.k8s.io
+    k8s-app: cluster-autoscaler
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["create", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"]
+    verbs: ["delete", "get", "update", "watch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-autoscaler
+  labels:
+    k8s-addon: cluster-autoscaler.addons.k8s.io
+    k8s-app: cluster-autoscaler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-autoscaler
+subjects:
+  - kind: ServiceAccount
+    name: cluster-autoscaler
+    namespace: kube-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cluster-autoscaler
+  namespace: kube-system
+  labels:
+    k8s-addon: cluster-autoscaler.addons.k8s.io
+    k8s-app: cluster-autoscaler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cluster-autoscaler
+subjects:
+  - kind: ServiceAccount
+    name: cluster-autoscaler
+    namespace: kube-system
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cluster-autoscaler
+  namespace: kube-system
+  labels:
+    app: cluster-autoscaler
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cluster-autoscaler
+  template:
+    metadata:
+      labels:
+        app: cluster-autoscaler
+      annotations:
+        prometheus.io/scrape: 'true'
+        prometheus.io/port: '8085'
+    spec:
+      priorityClassName: system-cluster-critical
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        fsGroup: 65534
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: cluster-autoscaler
+      containers:
+        - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.2
+          name: cluster-autoscaler
+          resources:
+            limits:
+              cpu: 100m
+              memory: 600Mi
+            requests:
+              cpu: 100m
+              memory: 600Mi
+          command:
+            - ./cluster-autoscaler
+            - --v=4
+            - --stderrthreshold=info
+            - --cloud-provider=aws
+            - --skip-nodes-with-local-storage=false
+            - --expander=least-waste
+            - --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/jupyterhub
+          volumeMounts:
+            - name: ssl-certs
+              mountPath: /etc/ssl/certs/ca-certificates.crt # /etc/ssl/certs/ca-bundle.crt for Amazon Linux Worker Nodes
+              readOnly: true
+          imagePullPolicy: "Always"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+      volumes:
+        - name: ssl-certs
+          hostPath:
+            path: "/etc/ssl/certs/ca-bundle.crt"
\ No newline at end of file
diff --git a/aws/config-aws.yaml b/aws/config-aws.yaml
new file mode 100644
index 00000000..c5cb9594
--- /dev/null
+++ b/aws/config-aws.yaml
@@ -0,0 +1,62 @@
+# A few notes!
+# The hub -> authentic class defaults to "dummy"
+# We shouldn't need any image pull secrets assuming public
+# There is a note about the database being a sqlite pvc
+# (and a TODO for better solution for Kubernetes)
+
+# This is the concurrent spawn limit, likely should be increased (deafults to 64)
+hub:
+  concurrentSpawnLimit: 10
+  config:
+    DummyAuthenticator:
+      password: butter
+    JupyterHub:
+      admin_access: true
+      authenticator_class: dummy
+
+  # This is the image I built based off of jupyterhub/k8s-hub, 3.0.2 at time of writing this
+  image: 
+    name: ghcr.io/flux-framework/flux-jupyter-hub
+    tag: "riken-2024"
+    pullPolicy: Always
+
+# https://z2jh.jupyter.org/en/latest/administrator/optimization.html#scaling-up-in-time-user-placeholders
+scheduling:
+  podPriority:
+    enabled: true
+  userPlaceholder:
+    # Specify 3 dummy user pods will be used as placeholders
+    replicas: 3
+
+# This is the "spawn" image
+singleuser:
+  image:
+    name: ghcr.io/flux-framework/flux-jupyter-spawn
+    tag: "riken-2024"
+    pullPolicy: Always
+  cpu:
+    limit: 1
+  memory:
+    limit: '4G'
+  cmd: /entrypoint.sh
+
+  # This runs as the root user, who clones and changes ownership to uid 1000
+  initContainers:
+    - name: init-myservice
+      image: ghcr.io/flux-framework/flux-jupyter-init:riken-2024
+      command: ["/entrypoint.sh"]
+      volumeMounts:
+        - name: flux-tutorial
+          mountPath: /home/jovyan
+
+  # This is how we get the tutorial files added
+  storage:
+    type: none
+    # gitRepo volume is deprecated so we need another way
+    # https://kubernetes.io/docs/concepts/storage/volumes/#gitrepo
+    extraVolumes:
+      - name: flux-tutorial
+        emptyDir: {}
+    extraVolumeMounts:
+      - name: flux-tutorial
+        mountPath: /home/jovyan
\ No newline at end of file
diff --git a/aws/eksctl-config.yaml b/aws/eksctl-config.yaml
new file mode 100644
index 00000000..c5f0523e
--- /dev/null
+++ b/aws/eksctl-config.yaml
@@ -0,0 +1,110 @@
+# https://www.arhea.net/posts/2020-06-18-jupyterhub-amazon-eks
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+metadata:
+  name: jupyterhub
+  region: us-east-2
+
+iam:
+  withOIDC: true
+  serviceAccounts:
+    - metadata:
+        name: cluster-autoscaler
+        namespace: kube-system
+        labels:
+            aws-usage: "cluster-ops"
+            app.kubernetes.io/name: cluster-autoscaler
+
+      # https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md
+      attachPolicy:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Action:
+              - "autoscaling:DescribeAutoScalingGroups"
+              - "autoscaling:DescribeAutoScalingInstances"
+              - "autoscaling:DescribeLaunchConfigurations"
+              - "autoscaling:DescribeTags"
+              - "autoscaling:SetDesiredCapacity"
+              - "autoscaling:TerminateInstanceInAutoScalingGroup"
+              - "ec2:DescribeLaunchTemplateVersions"
+            Resource: '*'
+
+    - metadata:
+        name: ebs-csi-controller-sa
+        namespace: kube-system
+        labels:
+            aws-usage: "cluster-ops"
+            app.kubernetes.io/name: aws-ebs-csi-driver
+      attachPolicy:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Action:
+              - "ec2:AttachVolume"
+              - "ec2:CreateSnapshot"
+              - "ec2:CreateTags"
+              - "ec2:CreateVolume"
+              - "ec2:DeleteSnapshot"
+              - "ec2:DeleteTags"
+              - "ec2:DeleteVolume"
+              - "ec2:DescribeInstances"
+              - "ec2:DescribeSnapshots"
+              - "ec2:DescribeTags"
+              - "ec2:DescribeVolumes"
+              - "ec2:DetachVolume"
+            Resource: '*'
+
+availabilityZones: ["us-east-2a", "us-east-2b", "us-east-2c"]
+managedNodeGroups:
+  - name: ng-us-east-2a
+    iam:
+      withAddonPolicies:
+        autoScaler: true
+    instanceType: m5.large
+    volumeSize: 30
+    desiredCapacity: 1
+    minSize: 1
+    maxSize: 3
+    privateNetworking: true
+    availabilityZones:
+      - us-east-2a
+    # I didn't set this, but I know it's been an issue
+    # propagateASGTags: true
+    tags:
+      k8s.io/cluster-autoscaler/enabled: "true"
+      k8s.io/cluster-autoscaler/jupyterhub: "owned"
+
+  - name: ng-us-east-2b
+    iam:
+      withAddonPolicies:
+        autoScaler: true
+    instanceType: m5.large
+    volumeSize: 30
+    desiredCapacity: 1
+    minSize: 1
+    maxSize: 3 
+    privateNetworking: true
+    availabilityZones:
+      - us-east-2b
+    # propagateASGTags: true
+    tags:
+      k8s.io/cluster-autoscaler/enabled: "true"
+      k8s.io/cluster-autoscaler/jupyterhub: "owned"
+
+  - name: ng-us-east-2c
+    iam:
+      withAddonPolicies:
+        autoScaler: true
+    instanceType: m5.large
+    volumeSize: 30
+    desiredCapacity: 1
+    minSize: 1
+    maxSize: 3
+    privateNetworking: true
+    availabilityZones:
+      - us-east-2c
+    # propagateASGTags: true
+    tags:
+      k8s.io/cluster-autoscaler/enabled: "true"
+      k8s.io/cluster-autoscaler/jupyterhub: "owned"
\ No newline at end of file
diff --git a/aws/eksctl-radiuss-2024.yaml b/aws/eksctl-radiuss-2024.yaml
new file mode 100644
index 00000000..7f424951
--- /dev/null
+++ b/aws/eksctl-radiuss-2024.yaml
@@ -0,0 +1,79 @@
+# https://www.arhea.net/posts/2020-06-18-jupyterhub-amazon-eks
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+metadata:
+  name: jupyterhub
+  region: us-east-1
+
+iam:
+  withOIDC: true
+  serviceAccounts:
+    - metadata:
+        name: ebs-csi-controller-sa
+        namespace: kube-system
+        labels:
+            aws-usage: "cluster-ops"
+            app.kubernetes.io/name: aws-ebs-csi-driver
+      attachPolicy:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Action:
+              - "ec2:AttachVolume"
+              - "ec2:CreateSnapshot"
+              - "ec2:CreateTags"
+              - "ec2:CreateVolume"
+              - "ec2:DeleteSnapshot"
+              - "ec2:DeleteTags"
+              - "ec2:DeleteVolume"
+              - "ec2:DescribeInstances"
+              - "ec2:DescribeSnapshots"
+              - "ec2:DescribeTags"
+              - "ec2:DescribeVolumes"
+              - "ec2:DetachVolume"
+            Resource: '*'
+
+availabilityZones:
+  - us-east-1a
+  - us-east-1b
+  - us-east-1c
+
+managedNodeGroups:
+  - name: ng-us-east-1a
+    instanceType: m6a.8xlarge
+    volumeSize: 256
+    volumeType: gp3
+    volumeIOPS: 16000
+    volumeThroughput: 512
+    desiredCapacity: 1
+    minSize: 1
+    maxSize: 6
+    privateNetworking: true
+    availabilityZones:
+      - us-east-1a
+
+  - name: ng-us-east-1b
+    instanceType: m6a.8xlarge
+    volumeSize: 256
+    volumeType: gp3
+    volumeIOPS: 16000
+    volumeThroughput: 512
+    desiredCapacity: 1
+    minSize: 1
+    maxSize: 6
+    privateNetworking: true
+    availabilityZones:
+      - us-east-1b
+
+  - name: ng-us-east-1c
+    instanceType: m6a.8xlarge
+    volumeSize: 256
+    volumeType: gp3
+    volumeIOPS: 16000
+    volumeThroughput: 512
+    desiredCapacity: 1
+    minSize: 1
+    maxSize: 6
+    privateNetworking: true
+    availabilityZones:
+      - us-east-1c
diff --git a/aws/storageclass.yaml b/aws/storageclass.yaml
new file mode 100644
index 00000000..e03c1c8a
--- /dev/null
+++ b/aws/storageclass.yaml
@@ -0,0 +1,7 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: gp3
+provisioner: kubernetes.io/aws-ebs
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Delete
\ No newline at end of file
diff --git a/docker/Dockerfile.hub b/docker/Dockerfile.hub
new file mode 100644
index 00000000..4bf8192e
--- /dev/null
+++ b/docker/Dockerfile.hub
@@ -0,0 +1,9 @@
+ARG JUPYTERHUB_VERSION=3.0.2
+FROM jupyterhub/k8s-hub:$JUPYTERHUB_VERSION
+
+# Add template override directory and copy our example
+# Replace the default
+USER root
+# RUN mv /usr/local/share/jupyterhub/templates/login.html /usr/local/share/jupyterhub/templates/_login.html
+# COPY ./docker/login.html /usr/local/share/jupyterhub/templates/login.html
+USER jovyan
\ No newline at end of file
diff --git a/docker/Dockerfile.init b/docker/Dockerfile.init
new file mode 100644
index 00000000..06c1f211
--- /dev/null
+++ b/docker/Dockerfile.init
@@ -0,0 +1,13 @@
+FROM alpine/git
+
+ENV NB_USER=jovyan \
+    NB_UID=1000 \
+    HOME=/home/jovyan
+
+RUN adduser \
+    -D \
+    -g "Default user" \
+    -u ${NB_UID} \
+    -h ${HOME} \
+    ${NB_USER}
+COPY ./docker/init-entrypoint.sh /entrypoint.sh
\ No newline at end of file
diff --git a/Dockerfile.local b/docker/Dockerfile.spawn
similarity index 51%
rename from Dockerfile.local
rename to docker/Dockerfile.spawn
index 08858e7f..4e192511 100644
--- a/Dockerfile.local
+++ b/docker/Dockerfile.spawn
@@ -26,16 +26,33 @@ RUN conda install -y -c conda-forge \
     jupyterlab \
     ipython
 
-COPY ./requirements.txt ./requirements.txt
+# COPY ./requirements.txt ./requirements.txt
+# COPY ./docker/requirements-cloud.txt ./requirements-cloud.txt
+COPY ./environment.yml ./environment.yml
 
-RUN python3 -m pip install -r requirements.txt \
-    && python3 -m pip install papermill
+# RUN python3 -m pip install -r requirements.txt \
+#     && python3 -m pip install papermill
+
+# RUN conda install -y -c conda-forge --file requirements.txt
+# RUN conda install -y -c conda-forge --file requirements-cloud.txt
+# RUN python3 -m pip install papermill && \
+#     python3 -m pip install ipython==7.34.0 && \
+RUN conda env update -n base --file environment.yml
+RUN python3 -m IPython kernel install
+
+# RUN python3 -m pip install -r requirements-cloud.txt && \
+#     python3 -m pip install ipython==7.34.0 && \
+#     python3 -m IPython kernel install
+
+RUN python3 -m pip install jupyter_app_launcher && \
+    python3 -m pip install --upgrade jupyter-server && \
+    mkdir -p /usr/local/share/jupyter/lab/jupyter_app_launcher
+
+COPY ./docker/jupyter-launcher.yaml /usr/local/share/jupyter/lab/jupyter_app_launcher
 
 RUN chown -R ${NB_USER} "${HOME}"
 
-USER ${NB_USER}
 WORKDIR ${HOME}
-ENV PATH="${HOME}/.local/bin:${PATH}"
 
 COPY --chown=${NB_USER} ./notebooks/01_thicket_tutorial.ipynb ./notebooks/01_thicket_tutorial.ipynb
 COPY --chown=${NB_USER} ./notebooks/02_thicket_rajaperf_clustering.ipynb ./notebooks/02_thicket_rajaperf_clustering.ipynb
@@ -43,13 +60,20 @@ COPY --chown=${NB_USER} ./notebooks/03_extrap-with-metadata-aggregated.ipynb ./n
 COPY --chown=${NB_USER} ./notebooks/04_stats-functions.ipynb ./notebooks/04_stats-functions.ipynb
 COPY --chown=${NB_USER} ./notebooks/05_thicket_query_language.ipynb ./notebooks/05_thicket_query_language.ipynb
 COPY --chown=${NB_USER} ./data/ ./data/
-
-COPY ./docker_scripts/entrypoint.sh /entrypoint.sh
-COPY ./docker_scripts/start.sh /start.sh
-COPY ./docker_scripts/run_all.sh /run_all.sh
+COPY --chown=${NB_USER} ./thicket-logo.png ./thicket-logo.png
 
 ENV SHELL=/usr/bin/bash
 EXPOSE 8888
 ENTRYPOINT [ "tini", "--" ]
 
+COPY ./docker/entrypoint.sh /entrypoint.sh
+COPY ./docker/start.sh /start.sh
+COPY ./docker/run_all.sh /run_all.sh
+
+RUN mkdir -p $HOME/.local/share && \
+    chmod 777 $HOME/.local/share
+
+USER ${NB_USER}
+ENV PATH="${HOME}/.local/bin:${PATH}"
+
 CMD [ "jupyter", "notebook" ]
diff --git a/docker_scripts/entrypoint.sh b/docker/entrypoint.sh
similarity index 100%
rename from docker_scripts/entrypoint.sh
rename to docker/entrypoint.sh
diff --git a/docker/init-entrypoint.sh b/docker/init-entrypoint.sh
new file mode 100644
index 00000000..0c0f7847
--- /dev/null
+++ b/docker/init-entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Copy the notebook icon
+# This would be for the customized launcher, not working yet
+# wget https://flux-framework.org/assets/images/Flux-logo-mark-only-full-color.png
+# mv Flux-logo-mark-only-full-color.png /home/jovyan/flux-icon.png
+
+# We need to clone to the user home, and then change permissions to uid 1000
+# That uid is shared by jovyan here and the spawn container
+# git clone https://github.com/rse-ops/flux-radiuss-tutorial-2023 /home/jovyan/flux-tutorial
+chown -R 1000 /home/jovyan
\ No newline at end of file
diff --git a/docker/jupyter-launcher.yaml b/docker/jupyter-launcher.yaml
new file mode 100644
index 00000000..d2d7bdd0
--- /dev/null
+++ b/docker/jupyter-launcher.yaml
@@ -0,0 +1,131 @@
+- title: "Chapter 1: Thicket 101"
+  description: Intro to Thicket and basics
+  type: jupyterlab-commands
+  icon: ./thicket-logo.png
+  source:
+    - label: Thicket Tutorial
+      id: 'filebrowser:open-path'
+      args:
+        path: 01_thicket_tutorial.ipynb
+        icon: ./thicket-logo.png
+  catalog: Notebook
+- title: "Chapter 2: Clustering RAJAPerf"
+  description: Using Thicket to cluster data from the RAJA Performance Suite
+  type: jupyterlab-commands
+  icon: ./thicket-logo.png
+  source:
+    - label: Thicket Tutorial
+      id: 'filebrowser:open-path'
+      args:
+        path: 02_thicket_rajaperf_clustering.ipynb
+        icon: ./thicket-logo.png
+  catalog: Notebook
+- title: "Chapter 3: Modeling with Extra-P"
+  description: Modeling applications using Thicket and Extra-P
+  type: jupyterlab-commands
+  icon: ./thicket-logo.png
+  source:
+    - label: Thicket Tutorial
+      id: 'filebrowser:open-path'
+      args:
+        path: 03_extrap-with-metadata-aggregated.ipynb
+        icon: ./thicket-logo.png
+  catalog: Notebook
+- title: "Chapter 4: Stats and Visualization"
+  description: Using Thicket to calculate statistics and visualize performance across runs
+  type: jupyterlab-commands
+  icon: ./thicket-logo.png
+  source:
+    - label: Thicket Tutorial
+      id: 'filebrowser:open-path'
+      args:
+        path: 04_stats-functions.ipynb
+        icon: ./thicket-logo.png
+  catalog: Notebook
+- title: "Chapter 5: Call Graph Query Language"
+  description: Using Thicket's query language for advanced filtering
+  type: jupyterlab-commands
+  icon: ./thicket-logo.png
+  source:
+    - label: Thicket Tutorial
+      id: 'filebrowser:open-path'
+      args:
+        path: 05_thicket_query_language.ipynb
+        icon: ./thicket-logo.png
+  catalog: Notebook
+- title: "Chapter 6: Composing Datasets with Groupby-Aggregate"
+  description: Using Thicket's groupby-aggregate functionality to compose datasets 
+  type: jupyterlab-commands
+  icon: ./thicket-logo.png
+  source:
+    - label: Thicket Tutorial
+      id: 'filebrowser:open-path'
+      args:
+        path: 06_groupby_aggregate_of_multirun_data.ipynb
+        icon: ./thicket-logo.png
+  catalog: Notebook
+
+- title: Thicket ReadTheDocs
+  description: Documentation for Thicket
+  source: https://thicket.readthedocs.io/en/latest/
+  type: url
+  catalog: Thicket Resources
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+- title: Thicket Repository 
+  description: Repository for Thicket
+  source: https://github.com/llnl/thicket
+  type: url
+  catalog: Thicket Resources
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+- title: Hatchet Documentation 
+  description: Documentation for Hatchet 
+  source: https://llnl-hatchet.readthedocs.io/en/latest/
+  type: url
+  catalog: Thicket Resources
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+- title: Hatchet Repository 
+  description: Repository for Hatchet 
+  source: https://github.com/llnl/hatchet
+  type: url
+  catalog: Thicket Resources
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+
+- title: Thicket Paper 
+  description: HPDC'23 Paper on Thicket
+  source: https://doi.org/10.1145/3588195.3592989
+  type: url
+  catalog: Thicket Publications
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+- title: Hatchet Paper 
+  description: SC'19 Paper on Thicket
+  source: https://doi.org/10.1145/3295500.3356219
+  type: url
+  catalog: Thicket Publications
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+- title: Hatchet/Thicket Query Language Paper 
+  description: eScience'22 Paper on the Hatchet/Thicket Query Language
+  source: https://doi.org/10.1109/eScience55777.2022.00039
+  type: url
+  catalog: Thicket Publications
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+- title: Hatchet Interactive Visualization Paper
+  description: 2024 TVCG Paper on Hatchet's Interactive Visualizations
+  source: https://doi.org/10.1109/TVCG.2024.3354561
+  type: url
+  catalog: Thicket Publications
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+- title: Hatchet Improvements Paper
+  description: 2020 ProTools Workshop Paper at SC
+  source: https://doi.org/10.1109/HUSTProtools51951.2020.00013
+  type: url
+  catalog: Thicket Publications
+  args:
+      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
\ No newline at end of file
diff --git a/docker_scripts/run_all.sh b/docker/run_all.sh
similarity index 100%
rename from docker_scripts/run_all.sh
rename to docker/run_all.sh
diff --git a/docker_scripts/start.sh b/docker/start.sh
similarity index 100%
rename from docker_scripts/start.sh
rename to docker/start.sh
diff --git a/environment.yml b/environment.yml
new file mode 100644
index 00000000..d856517c
--- /dev/null
+++ b/environment.yml
@@ -0,0 +1,113 @@
+channels:
+  - conda-forge
+dependencies:
+  - pip
+  - psutil==5.9.5
+  - pip:
+    - llnl-thicket[extrap,plotting]==2024.1.0
+    - ipython==8.13.0
+    - scikit-learn
+    - alembic==1.11.3
+    - anyio==3.7.1
+    - argon2-cffi==23.1.0
+    - argon2-cffi-bindings==21.2.0
+    - arrow==1.2.3
+    - asttokens==2.2.1
+    - async-generator==1.10
+    - async-lru==2.0.4
+    - attrs==23.1.0
+    - babel==2.12.1
+    - backcall==0.2.0
+    - beautifulsoup4==4.12.2
+    - bleach==6.0.0
+    - certifi==2023.7.22
+    - certipy==0.1.3
+    - cffi==1.15.1
+    - charset-normalizer==3.2.0
+    - comm==0.1.4
+    - cryptography==41.0.3
+    - debugpy==1.6.7.post1
+    - decorator==5.1.1
+    - defusedxml==0.7.1
+    - executing==1.2.0
+    - fastjsonschema==2.18.0
+    - fqdn==1.5.1
+    - greenlet==2.0.2
+    - idna==3.4
+    - ipykernel==6.25.1
+    - isoduration==20.11.0
+    - jedi==0.19.0
+    - jinja2==3.1.2
+    - json5==0.9.14
+    - jsonpointer==2.4
+    - jsonschema[format-nongpl]==4.19.0
+    - jsonschema-specifications==2023.7.1
+    - jupyter-client==8.3.0
+    - jupyter-core==5.3.1
+    - jupyter-events==0.7.0
+    - jupyter-lsp==2.2.0
+    - jupyter-server==2.7.2
+    - jupyter-server-terminals==0.4.4
+    - jupyter-telemetry==0.1.0
+    - jupyterhub==4.0.2
+    - jupyterlab==4.0.5
+    - jupyterlab-pygments==0.2.2
+    - jupyterlab-server==2.24.0
+    - mako==1.2.4
+    - markupsafe==2.1.3
+    - matplotlib-inline==0.1.6
+    - mistune==3.0.1
+    - nbclassic==1.0.0
+    - nbclient==0.8.0
+    - nbconvert==7.7.4
+    - nbformat==5.9.2
+    - nbgitpuller==1.2.0
+    - nest-asyncio==1.5.7
+    - notebook-shim==0.2.3
+    - oauthlib==3.2.2
+    - overrides==7.4.0
+    - packaging==23.1
+    - pamela==1.1.0
+    - pandocfilters==1.5.0
+    - parso==0.8.3
+    - pexpect==4.8.0
+    - pickleshare==0.7.5
+    - platformdirs==3.10.0
+    - prometheus-client==0.17.1
+    - prompt-toolkit==3.0.39
+    - ptyprocess==0.7.0
+    - pure-eval==0.2.2
+    - pycparser==2.21
+    - pygments==2.16.1
+    - pyopenssl==23.2.0
+    - python-dateutil==2.8.2
+    - python-json-logger==2.0.7
+    - pyyaml==6.0.1
+    - pyzmq==25.1.1
+    - referencing==0.30.2
+    - requests==2.31.0
+    - rfc3339-validator==0.1.4
+    - rfc3986-validator==0.1.1
+    - rpds-py==0.9.2
+    - ruamel-yaml==0.17.32
+    - ruamel-yaml-clib==0.2.7
+    - send2trash==1.8.2
+    - six==1.16.0
+    - sniffio==1.3.0
+    - soupsieve==2.4.1
+    - sqlalchemy==2.0.20
+    - stack-data==0.6.2
+    - terminado==0.17.1
+    - tinycss2==1.2.1
+    - tornado==6.3.3
+    - traitlets==5.9.0
+    - typing-extensions==4.7.1
+    - uri-template==1.3.0
+    - urllib3==2.0.4
+    - wcwidth==0.2.6
+    - webcolors==1.13
+    - webencodings==0.5.1
+    - websocket-client==1.6.1
+    # - ipython==7.15.0
+    # - ipython-genutils==0.2.0
+    # - psutil==5.9.5
diff --git a/gcp/config.yaml b/gcp/config.yaml
new file mode 100644
index 00000000..edfbae4f
--- /dev/null
+++ b/gcp/config.yaml
@@ -0,0 +1,62 @@
+# A few notes!
+# The hub -> authentic class defaults to "dummy"
+# We shouldn't need any image pull secrets assuming public
+# There is a note about the database being a sqlite pvc
+# (and a TODO for better solution for Kubernetes)
+
+# This is the concurrent spawn limit, likely should be increased (deafults to 64)
+hub:
+  concurrentSpawnLimit: 10
+  config:
+    DummyAuthenticator:
+      password: butter
+    JupyterHub:
+      admin_access: true
+      authenticator_class: dummy
+
+  # This is the image I built based off of jupyterhub/k8s-hub, 3.0.2 at time of writing this
+  image: 
+    name: ghcr.io/flux-framework/flux-jupyter-hub
+    tag: "riken-2024"
+    pullPolicy: Always
+
+# https://z2jh.jupyter.org/en/latest/administrator/optimization.html#scaling-up-in-time-user-placeholders
+scheduling:
+  podPriority:
+    enabled: true
+  userPlaceholder:
+    # Specify 3 dummy user pods will be used as placeholders
+    replicas: 3
+
+# This is the "spawn" image
+singleuser:
+  image:
+    name: ghcr.io/flux-framework/flux-jupyter-spawn
+    tag: "2023"
+    pullPolicy: Always
+  cpu:
+    limit: 1
+  memory:
+    limit: '4G'
+  cmd: /entrypoint.sh
+
+#  initContainers:
+#    - name: init-myservice
+#      image: alpine/git
+#      command: ["git", "clone", "https://github.com/rse-ops/flux-radiuss-tutorial-2023", "/home/jovyan/flux-tutorial"]
+#      volumeMounts:
+#        - name: flux-tutorial
+#          mountPath: /home/jovyan
+
+  # This is how we get the tutorial files added
+  storage:
+    type: none
+
+    # gitRepo volume is deprecated so we need another way
+    # https://kubernetes.io/docs/concepts/storage/volumes/#gitrepo
+    extraVolumes:
+      - name: flux-tutorial
+        emptyDir: {}
+    extraVolumeMounts:
+      - name: flux-tutorial
+        mountPath: /home/jovyan/
\ No newline at end of file
diff --git a/thicket-logo.png b/thicket-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..35e5c7b2dd0cce7918c94e548b25467abf6c1148
GIT binary patch
literal 122222
zcmeFaXH-;47cLBKBTbMfNePXDAXy~|2(73D6;P2ZNs%Zy=N1qnpopks0YS-0GBlu~
zD4-%42_iX4mUye35$ep$JNN$j*7sw6%v!9r>r~Z_&wlnkJvTMfly*?=q9h?9*`cC*
z{2U1hc_0bN_HN8}@X5=P8=)j5q<of&iW=66N{V(ic8=%mO)i-oy=-S{c24Qofy0NT
zNl5tbT{1R4r!2(()`Y>>_-(!5eo9BTb2o0>IcMzGK&T_UBfO8VkAL{cz@V3vuD6B+
zEw+ovyYvkK^Hg-~+K1`~wNypt&fN~j&v9WJ)I|6NOpJ{`kmN?ZKShZf=fvvs?BD&t
zki?XQlmm0wjx?u<dz{f&f^LB$`$-tq9J{hDtUeNb<q&@S+o|AeGMr6nITkzo=ziRT
z7bG*~*AtSHgZAC@#bQ*?3991qoqUg)oxS3D^5(U@VoB$i<Yw>BJMX+hedi7vE3S{`
z?Al>E_Sie7=5(eQf4Zo>RfOKk2YCDd?XeF@k$4k4&9-eDnt_j=aBmCnm)}-Xarj;G
z2{VmLtdIR&8NO{JQDjlIz+GOI1Co<A(^0u{<_w7d_!~n)8f-~|27i%)|8{}@NJvoe
zsNbKE2gYyv{rC26;y<SDdVH3I1V^HB{HUfo>G)S&$Nsh!&X1RZjW|qXtNV_6koe9<
zuMV@h<NTh#JDHRka)dW$iX{AJ<cyX;@&jy6Rh90YB5npb^n&4T7o!UFG}lbMpgTPl
z=TAb4LSyLu@ekYpdi~OX%xAj){gq#<SLx_5vh@GsA%8w!<18uO{seiN@c-QH*B3E?
zG28yvasGHxYN|i3=xIPR^S>VoUET2SU%+T;;;;svs;qARdBXo83Y5vvzkdNOAb_RI
z95yaE@o%yuA;o7q{reYCOiXkbZRhNcJ^$k<e+b4O*LL_{zd(Y&MTrR%l+n5R@A}1I
z$Jzf;@0<6<oghP3GjXK9{CC}A>0D|4*@AvQDgG%6)pv_VOaI?>3(Sc8-?#eDjQ%sD
z|9_bg!B4>2Xk&3>EiU)rGm(FdZVb#zq8mReuW!sNY`E=2CGQASuiVhz>3@so-~1UX
zjNe%ASyvL@QEKKao_LP`-{aaX3QXW_58X5W8f)+tXms_bJE{r)?vMQYuyi7WW)lCt
z<5PM%jM5>2AclVpCh?Cz+<p|<{O>#7IEllu*Qf4O{rBUWf^cGLsKxlNJ7RZ%l=Gj!
zh%&<eC$Qfx_Me4qy4HU#xd}G@i(#9g^uM70JBk07CAX6Gf3V_rE%P6&*o1@s!HUhO
z`5&zK4_0iViOoO$gB6<&@*k}D4_0jY#pWOX!HWN2#c#j({}5I%(Y<ZaB`f)e+T8Qk
zAMW}%?CQ&VOk1!Q7^((0zF|Vq!h1q1b#Dfe=Ek=Iemtvl>H2Ra{>p&@`@)7iisY<=
zqi);k2)8ngsmUT9i0gGD#ZOP|dx>}$;M$+uJ<3Wu6eT82H9zZmqV&sOS{zG}{<tM0
z=57S5j|(Ep6{5W>8WYFS-MnHVufM)Jz5{uy)Te-XyLG;q5%KZrK6|H6RC(_zQN1=X
z!ONCog)Wka1Cihb0F{^~ex@ApG2u39>;iLU#oE|tZ_0`Kv=uRq#yI)qQ=94k4;k=*
zo=BIn#Bs#OjbyuwWK9kmDfF-(<E(ydl*zEp@rD_p|I}OHuma&<$PtGv<IgrouU>Hd
zlvQ5h7HTpl<}+d4Nr5;Q?hD`qQ)^S)5sz~}74O?Z)2V-QW8{LYL&S8Px3?1FNIyWU
zq(3I64)L(w9r&NlY?C77cIlJ}J)CPxJyBG`o0;s7KkfnH?A`sy5xH;;#llw~W*$XO
zR@v|3F(}aICZ>A~vEe_j^Ff98$>nEpbr-tljXH?!h>2Rv@>>iM{tGj#w380QMc<Qv
z*wok$#o{MHHC5)@P2;g%A$W^ws*83r!v6Y$Ko9s{C7hcwLO5+%1be3fyDSMI@34sr
zuj}39oQkGH))2=<W7t)2SZ^NpVBX&h8u9-4H42+Jj@3`C1CeTPbH@`E7G)8S#%c%v
z^7Z+f1XjeyOX-A#y55z^rJB;m>XCheUQ;!di;9S^U^VuEm5-k#Anjr)AGel1KjLHH
zGj@I6YHeh#jTB)abkZ+@ceF9udn2CK_82#|EPrRxJg&RPF^A@^=vVcrTAIHICkJ?O
zZLEJkf=(u=p=ac1BZnqp#;r@kqx3|DhSFjt8bkiF_5cuUt%loa<gUeptL0qJ5??ng
zlp2~PRMhx;m<P4fBM;1v1?0NF*?z>Q56)xt&7<_?+*}R2z7AkNJbNEA)k=d<w?82P
z>=}IDl^wZf6rp+1R_BAOpVyGwd&P;Q;=+=NM~J|L83*yL%+6$m524C(%Jhe0_G=l1
zg_nQ@R=Z1gcCP<z<$17D{o=|#<Vq?7TU(~`9YKpfOP1bWs9u>XutOdy&L8LQ_j2Jh
z!lt~K+q(BHzkFGl77$lARd}+`LCj-$SQH@$x_>UH8p*88Gr}@vhoTl|id{c<y!V}W
z@RvLO^GPXA*WUhUMZNHHV@S4QDnv2s=aP3`BQh?>6GO<kP$dV%$J0-66G?0{H3saf
zd4bEiUQQpjam@{VD(8kpL5g|}jOca!>NUh^LWIOTqk|eI`m$O$j(j+_vfTIftE?RI
zqVAQzaM!f75bYD33R+}6!y{i+q)|$n!aS2fzJr7vsZB}{fT$dFk)o|-b|1c56MslX
zkFC?3rKe>@Nw#7e!mdg1d%!LC=(QmBBYYwgQPWe(O88O0*fKUg?81-G7#dT?i>32D
z^>z^<8jW4}38w(AmGH#Yyhj<;^M#Y2#xxKDz|gs$0y*_z*c8Hs<9DJwVuRn$_8W1m
z20E;j@78)h-=yS+_>MnrKM-j$`|YO)m+LLYr8#iD2?Zt)y5LdpL6X#E#iG{D7-4tV
zX-<%0y&j|^l!Q;DyxcxG+ABIhWn?$Dmi<UL)T+N1aU)!>I*^XS$WjR68mip(ULaYj
z{Jho*l4XbG&ugRSsL#+NmTFLfxV8UHJO*(R_cO-jb;tVkhYGSnE6QCYFij2~wq`!g
zbY#fv^&I$g@~&XhzucA3ypP(jp|w#ea?mL@*xuo@z?mbIh)a>8Hb7F?IA7z1*q1+o
z;Fv?%+T)e{VkFtLr0`eL91-k9Jl~&i7Km7Bz|9`9b}5`N;2~>c$Hq}JwqjJzTBo@e
zVX{1+EvRPG+W}_;oDgbu<X~3|dCr5~ld}ExJ-e08XB|T*6uScmXqQt9FZ{5ljHxj%
zkHuc){J8s5+Cro`g_5{PGHjYy3b2adQVS2f>KntOJA(->E?nB5qO7>c!#@`L+{m;g
zLl`>F1>CJUCZhqqGF=AY#H+^sjJN{D*jg7er+mI!)rdp(o&kmvb(|TY9RfGm^#IFZ
ziQr(l?`okEYz>Ne^o@C;ZXIPYNH8`+)Z*@&*WfL~UJ_ng9`f{mKMOLY(6YQZGH(2!
z0stf~0g;n5*zmsAtU!#zE5Fj@Q!XE_T?qVvUjmo=(WpTVn_%i4!otte3mzAJCIaWJ
zE=IV{9YuKYJ%Dxgazy9C7uJx#FU<R}cB>0EwGb0z*4MhZM0$id+yD`keW*(lZYkqc
zDZYDfjt(^!%Pd(+OR<y#d=~pR6i6e2rIVK~-UjQ_pWuWqUB;ePx;+$?xKReuqiSJQ
zh%Xj#KioCoh3Mc+Gx#76R6uS__>p}6*?m{N_kU)`$tHw;asC7^AepI%T%-dp?6F@f
zXBo^J-TutuVQ`0vwWzD>UwX{l40M=E-tR~^YKtOR71L<<lz4Ue>AH4RRM3X^l?e@`
z1|Y%%16ax@Zj%AuGu{T(sei&wv2Uj#KxgMI&WFOP!fG4@X8msaQ$!L^+LQe#tNKhv
zq-tqG>#pmyRXmS<C6LD)0JBz+muOzV)_`+F%{OViZSgqg<Mq(~Tz`uY>?^9=0B5{r
z-3i+QJ|BH0{Dg(%WRsO=(}a)PYQJjV_g$@G@H!0p836pmJ;~vmk1GLKv*1{4ii^v1
zQ+}cLNiT#0kl+<TR-)ydkVaf~TG4n_nkuF<__D-F+Pse?YEz@bm&r37VC}N&g5AE8
zN+Yu4ImV@R?L!3*{l*q&(qqP%K3AHwA>GFd%uG#1v^Kytjq8m=(XKhL<|}P<J@~#d
z;!bZnw#MVtDvrFK7T8e7PH8XnK-_0kL4968`TE89AIXflF4vKI#*AM8Fi6`_773vE
z@RMIJxeu$y%J187JD?wwHud#82MIEQ_yVh3nJ;jIuT0m5Av#gi(4gm<003YtAPZ*g
z_W8^Bmn;bHQ*=$4a7@AVn&DfTeOMJ54A&3#Wps)yIXaD5h$0@2%@zfrtm5)SB*IpG
zF_(2YMH(-1tagmp>yHIZOeB^g9_>$%2T^QAqd*<;xTXEsJLJs62O1l@R|UcVSZuOg
zEBVBS_zpIEFW52!JAo{SeOYv}az8G0tgTV$`_fxTZa0xJT+OW~|I1n`uvTQ}1XARN
zJByZEcDyg{<gUCi8+zA+^Vmev&rsoR*wsKe@)d&#bnCYeMVj4d<6@nlv8hZN-#0U(
zwG9)OSdV-#T<c~*d<)mR7X+Ko)St+*xop3^M>hqi9KFhodcTQkQ&bwgS4EuIJrn@9
zBdRS3MdP@Mr6aJnW0g75fk(}Ea(Z6ciQLcF9PAf!wgXuY$WeSz)8}rKq<u3lAVf^`
ztGg9oCkIN*0={Jwo)d%6r#z1sTfO4g^15Q>d?Fp^N_e(UY&HwR(&^fQ01RijwE%|z
zQj`Lj6<^d)Z;A9$O0812LG0Dc>;`V%R}FRubLiCuYRTf1NBB8`4}E>H>0|kBUsGD&
z5++t!DQ#UT1G5Pm#EJ2ZAh#*lS<oWxKV3)&O$)FbKi)fYO7?PWO&Q}USs2ma>VSA2
zq+}snWn3e^hx7VT^Rk*F&&t!<FSFT-dRp!sjzx+>7)!S<p1^@n2tg~}w_|(GCH$L0
zHDHDuQ_Yiz`(b%OAXaT^5rjpy!1J-f1JgM~?lqxheAp;B?F|3;U&cG-!PMt^YIF}$
zF0^>L#+rf0X#tBaG6sHAK?9}*SzkMmrH!Tm7(D$!Y8?t6eucTHls)jBMa5JNPwB>l
zaH44AMc(Lfig-kj^gai`v<glEjz2(N?J`t5Oa{8u@tvLuA5z|zbJda}?ilY0L^@ip
zsRS!R`VnFNgy;wJYjr*WL%N(+DH%RoZ`KiUG@h7-DQPa8LaYn?GbIK~Ke%Lr*3(`z
zIp}O{%eM^{AZ8~c9foB#_X&JQ^g1)3(E^)I>-+tQJjpiB`UK=TDZzdMr_Uk`Mmn2d
zT0tqrvbK$@xzDrS#GU;#4xwQZyc@8yo-=0Lh!X&ZYV6?FH&^FcI}(qZc$F7O`*uPD
zzR3+k0BqJU5>Nsl!PiiJ*mwJ589Vzze8|H2-U?ZowU+52bEH%F6XHOO^!xmS1F<FG
z)N+cCNi@#(yzI1>#&<kU3#3h%P)6(tN^thYRZVpWnc)K{?{JwXIL+FByd={$g-Tq}
zwJ_@0SPv40S7LF!k3qm;yMY7}(<Ox0M)j?gbM;5bMu)CyTXAW2Rl!oFOYz4^Hxxfd
zsDhjY<f~(qM`V^9IHt|;BNp_Nqp<_4xgi;dEvI=v)pvgynL*b1HDn!Jrn&GT(*pyM
zu5Vk~=|jfD5bNk}gFPRrJP(J}ue5VmlB-71&hZr``!X;7wGC5d<)Yzoog^ZvVy6|s
zVDfQfAW@(sCd!lvh0GrVKhT*KE;Uxg@`j`#$l^Dd8DJw%xm$2XC;TAmXk9c}m6rA8
z7H~gnynDM;g|p#m!%5_(e;Z*Yq@i?Q0&sh}ZAm~wrK0HheD%V@Cqu+7alOSrA;mWu
z5uZ+<@6GI{&3pF^7){;&uneiHHIKCD*UxXkvOtG`@F6cy8330o@nwKo9n^X?z|m+I
zAt6d`BE#IhvHcRlu^3nY)bvGJ#KBL?q5!ex`s=Q%H;iWYcP_}$Cb*6Y^ySu{I0B#S
z9~rU-8X!jor`dgF(0Z1nK;dl5Sv~BqkiuI53y}o>3Yh!N9R{WF^V~ym{ild!;sjG1
z(FT`pX&peg!#DttWm0;w2ml%VN1eFrz??NIW)WJgXm=XPnPC3mb%I_N{IaefDBkh;
zhMy=6qTL_b=hvK<hIexn!qRmgNc{@OW9$|DI}6Sy+KUGY;}`A{F8MJ4_E-pZ4xB#@
z44qRTKI%=uUG*}1emlU=^VRAVuVlB_-B&&w(v(H)20(Rp&{H2c5XGZVH7n24R0YLq
zQ<wok@zJqhkukUu7MU`@oYCXM5^Avb8<F`MaIB8)i`&CeBxmQv>HPhWraZivydX$5
z>G3@XTS1`$7Wk=U5-FXZ2Kj-Q^&Wt^HK%YSK@$dsZl!bZ)(8g{rT8M*7&ZUm8Lr=&
zFI`(#BC3fA-VRf?A9#KETNLafn)>lhvvi;eE{Hl^R65|z0i2ML`J)WH@H6nglp}s$
zp>u{6;bMmpDm)s}wF}5HE8S`wb6&WHmmrOc1z=;*+%{!cDB@_)4S7U8WGNnH9|=&H
zk?#nPP`nF#q$D5~HMa#BC>dfM@HXWX6pcZF&!e{&7Wh6=k9?k=_7@-vBJj8-9A9ux
zQBno5{$dI3#5`!85h&9l0N)E^0}j}*4c?oFKU*(TvEN#%s-elYxVgyf_H@2FDdOhw
zK=f4!){kLF1%;$Zflh$3M!ajs>1=CZNK!cLMF2!f@>&l=Ti>J<8cYL~Yox_u$7J`8
z8hbG^B!;^Qa4#cUz9gKsr+EN!rD>P(S{}B$hGNNNP_rM^gM1Ks0c`Xlyj2R?NQId7
z?6tXg+Do5p@Y?sV1^ap}W$pM&ugMI^A%Y|04eTz{rMQWFrWv^n0PgQIrpCPtAJeTt
z*!)>w^WVPAL$MlnAJtzAa-0HjJ3kh{J}9od`8i#B2a)hnAA(kp-s~3yE;nQ<lC~^g
zjuHL5Gc~T*RIdKr7?jxX4?vvSe?~tGIslL0^vAeB-}i?ug&!d`wDgwgkUPKp`B1V^
zUk*Yy5umcxHofx%whTfXz{vFqqSIG%QFj4<)1sTZW*rS{^a6;-+CJ6GkVRuX@P<yT
zoSxyJ2rLs4ixaMyKQT2RdKIS2NbtizmY+g35N|uVU&J=fYRJxy_qGOk=P?y6ckD<T
z*tH$f6B?tb0nlSrg4Ip<6zZsnv0yRZ=p#OJk)T1>DOU8OVD_7vB%(^fbpdo$G?d~A
z8*-UIn7K!4T%i%MELz`hpI3Z!&a`5AXy0E5TNDuqQlF)Q1WV_x()$u*x*y+?vuyTG
zN8w&J0O;$7o8EnA2mG}g0PnK@B#A&ko=9{{nvi%!5!v)9$(Q9K_HKtU=QnQjx?p?Y
zkcvG9Of^vP{6Sa*-3&$R-7YIVg<;+sQMgz;+e5w`%U4Sgdt&Lbfctf~KSwA_lv0Rg
z%zi#&g(w=(8uXc^I~kf+`0yvPj@Uzdq2VCE87#ft@?UfgNOmWB6Hx_~Pq@~eBe6g3
z9k4y#-8UQ&-of^(9JDTP9Iv*c2=w(L)`JYNbg&wv;ErV1Q^{bp`~hCy&!mK|Gc0BQ
zLaz#UhJxXR{P%!+9IpYiGqg~CuNX(Y;;hy5<BLnecp?p=0zj9a?*g(S{{}dP+QU*8
z;P}%kh3^;{yrsrMzA<Q8Q%eTmR@ji*i%_a%1YsK@3V_QxwI%{It5Z==r6f3wSv9CD
zc2tS};oUtOf35LvfL;K5Yndk8EXK1CU5ur$Q@J+}6?<w;_h=;)(ESMxz)x!D-JGFI
zV!ZVLE~gA=SZZ3y*@hCOAZ9=9smi&CtFVBuba-F`*SPoJgI&dsp-8%2PPXkffs;(6
z(z)6*V&VtJ73MZcQ7eGYn>y9v3rAIZ65<#DE6p=<>HCUFLfO$-)$@zCb!bocw77iW
zCKgI5FrR*o<?XDTP2AMziC#JsF##0oaD3AULB{caB6;kU@mKogPhX!^<ouk&0D5Kz
zOLB@`@{zUuE6|q-u{L}G2Nwb@-X<pKy^}V%EC-FC{rR!rpUxg_0W!N_OTl=nf?9IF
zyaJRNfV9zQr&<T~wN#Hm$${r_+m@l*Vda6LdLKFugS?wm#NOe2bA}hA!j6y@-&rfV
zeR~T96#m++A_H0^s}h2q=1<5WBLaEH9C=r^khm8(BC``=wYUtQ2j>jrIehXN+}%0H
ztn)#;Z}4g4L45Zq?8kC1>Y5cx3W2l8S&o0|SMlE?_B8<FxhZf?^#!UR{K|`ru_)L$
z&H{!daaW`%q<CdrV@ch>()UM!szvV+;t$aTETkT1+8+e3LmLvw<0RAFu!L1Xopd!=
zu2YWCd>i!htWsim4ep=iNAO!&fRZ;#{y_$>tJ@1Ac@SXbJt)sn;O`O^4p+xSkuxJq
zTf-FS;%0E7IP4a36h#cPD%Cx?pz@W}&K$}#5bZShq6ot(K0xM#2O=;j|8pWR28Fds
z+Ig)}RQM-3@!hdkW0pPQ{h)`}0k9=9Wuti#ei|33;$xdeHTeq(1G;>d$I`n_yg=~o
zH^KE7Im%u_^1PuK52)?nZs`!y3y;$Y-Y==83Jm|6Rn3T%oQI4RoK-DBuTgg_C6h*N
znde68&o`~a;Trl2>6*|fF-ZWIt6gd+f#xQ#$M6mHih%jslWy>CKV>>IF#|-Ij(H*s
z?Kv>eWX{lUQ1Dj1fCXYCk1IHT)u`tlC6Uf~?agF4Ux!#I0Twn#r@{2>4TIjvT&`#R
zC%#|gSCII_7dOJV3yQ}e9FBJcq{aIqT+L9y5*APJ-2K95gr}|eVHy^|vB36M3RhCA
zh327Xi<1C(ruk8#2z1ocFhc#p%hE%IUo$=`hg<OyQN&f==DaJA;ISH4fXzHkNrda|
z`;0({eWOun0pYv7U+=OtQV9IfpKf~5G8i^*2jY-SbkqyzX{o8WOHOIS%?Hyg+&WZM
zdcVE8P`$q%0lXe)1EkX3o_c5NQJ{_-%rgVUG{cx)=>?|Y!s~qr3Yk`3%P{AS6DJ1I
zlgS#8Vqb{Zd$a&do8=j`d`dYU4Aulb%eVl2p$^p3B4d}oKr9{Z9IEM)T$jXlmHG7c
zQ7XB)eF?4XT9s!x;JhCH3T(zet7HkeSJGah<Mw{*b>1GUkx~F!D^7fF$M&|uMFB71
zw<2w@br5rjJ%ayKBkpX=_1W5>Rs}<(bbKaO)lA!-K-L)l0PJ@z<iuHcKOXzO!)g2P
z%Dyuk>m0fSy8UX7OHUvx>m3G*5<_vMzZQ+JR?YtYEr36~F-ge2ha>o?*8>m|8R;IK
zVeZT9R*yd~jJT*bc*acq@e|O-JUkk*mixYBXq{&+TK!BhcHtp-0HkEB{Z0@s&bDzN
zW-Pd!r#Nf+jc;AUF`(Z66aap)?^D`7c-cRV@Z6^dX%JA{@8;6ZqV(~AaR4nt6Bz9I
z6G(wCk-u`~hxCe(qsY&kthp@h2PQ=DJm{B&cWk{Uc>cN}Gcax4eF-$sO0Z$B5TF2m
zZMd<ssC+o+r}NLoGu<%g@dqdXUG4R%z#3YKDdPdfG}SA^YdOLcc%k=-Yh4OAl>ef~
zokTs}ISS7JfcBkXhGPG1{lRAk?R+YPKH5-MU;h4ZM0BhTZsOs;0(Wv7v$TUWLAR7h
zXfCwX5oz%==s$&uV0o(uN-2S!XWJ2S-43qF_AGuoblCfJIt|)=%U+^44JA~1g#k#p
z1nQ|Cy+LFnb14Z>RpI`=2<Bmt^4I*1q1n_$TMm33)fcrV5mRRa;B);GX>|XWiM{Mr
zf2w_k!9D9&PHY%1f1d$`YtWOS1+}Sy{~#ayIDP>Q1#4nXly1IFf;U22#qzG+4yJ{_
z(pCVP6|GMf;5j|KIjX-;2pB@#)%klQ_zZ$Q7?JBFXNA{cvx&(q)_CIKR=goase?4%
z(xeYYOWcpf`<4`6lXoLqqY{^dqAsqt3FuOtu>&ztX2{|`u6``*u(uB$aKD&eX)*Ju
zn*eOF##~^bPihAroW9qYr@b{(Q20d(gV;jFmkr&8Z32+Kz(h<TP{mhGW`uV>!c`uj
zUi|8i!=-x$d-hk+V6}F<v{e#*^a7Zw?2gMg0$FfaHetadHI^fKnj(IlmO{M3wc4t9
z{iEI54Oj|jLy%A_$4wDU4tZWMHi1bDZckb0t3{s!nV_X_R9~v#<vaqPmji2Etg{}1
zWSzwSt7v?A-sWN>T3(pgT4$bZPFcJ}4t<FZJ3WO$nV2JRnX8a}D{J70drp6O2M1mp
zo$JE9%V;&=miV)bQ;?8oKpK}1%)JB&JM0d@lkv*MSgO4HY(*y*_t@+2CT7PMZB&^t
zkR-#R0p>5hXAR9t;e9B(3~X%OWSvSoeRg%a&6CY|J9W+<+Q@#o9Nq#q4T1p$z;&$s
z0F+skj~N#j1gB-i@OU=!;C-lw!Dz|h<y1|Z0<0MUP!(ma-jIMeEHI|GD@x40-~)||
zbS<}r2fo8HZRUto7_65Spq459Hn{5oHawtzePZG%=*qUm;Ia-=)2_XnbhS{2MXL-*
zfau<j1rVn~m<06y1Q?C`I@QKW!6QP9>>}|#kWew+Y5?&cR;YwBi$CsB$WVgEVeC;5
z3DJPF_-MUjG26Tp%2@umUBJr42h(8%E&Rf^U9YRWcD@|@0xGzSdcRBSdrz&&eT3!0
z1+t{yhx#l?pn%^uo+A#plJ7!e#?OMmfZ3jQPM-;w#jyg=DD8+5%;jdA<0m3+1O9#7
zDBksDF@u6r#PoVH2YySM_!j`Yr%9e&gN(*r48JldJ=d8Sz|n}uBngS_7OnnjreKCD
zhg=BPs|YSgoAVRVkUeJalAY&IFd-9Zlr<@@qw&%}P6~VnYu=Kl!sDhPdx_OZXuvxM
zn#oi&1Jj>%3gGTwi4$r8e&ceQ6@*m7!2ByY9+8#qJC7Sv+DUAa4Ve0XMhPSqQj`O@
zVgHjzD<~)M<8fo7#3GSF^C=oNLILP_p8|>?WJ|x-2OM_sur36SNbp=J-G@QTx>0~$
zQrg+pE$JzLkuwJs3?CII2iCb?Nj?W1RTT?75A#%2jGQ+~ILr(Tx-Zfm`Ycc74ADFP
zFoT2tPS%p<V&P4HjMr}u34ajb;w56GXe;_!44zEE{R0l?4+p8y5Tr&k0Tp5NXC`85
zTqfT&5=#P8zkr|tcU0Ad(gv93_!FO8jrTyAF%Eah2llPy+n7B^pxb0nyG2^D--4iA
zd^#!;OsbdH)#=5SV0Z+HXu7lX4J7w}nlQv#;@d&*-+C=+hqyX;1R&_U+?33O)i1)n
zD_sJ@|L|VKoTM2`Y8;rVxyq?CdV)CjD57S-Yfx9k5A}@j=Ri6=bzu7m$h<YQ@IUOC
z_3p0ZK1=~WJtB#!sS*d^Oc(kJ7>J?*f??6Hfgv^_9JiLgHrHZ=LaPd8`#iLdExlj)
zYVSFiAy5Kh;iBj^fiBHoN$5BJ_M&DcR3!-Qivd>mvBXiLvI+7+QdA=VRE;ORVLKx9
zpd=c3T}0?^s1nEV+huOQxbhkb+BoALa7G`hPB?a)rKIji1h`g7xAZARl7Lv8NX=EB
zFsl^=K>)~3a5-HYC|+S*h`k~g)EeWBbMeG+)=Y*FN7q}>d5jgnqP3z9I2+Pa&FR%l
zOFuf<h5t;EBuJ!pu4crE_#+03rcZ+aO8rU+atBP24EQ-FtSvrm;zG4xBSVPStrrl>
zVXO_dx~S4Y3nhyPy5a64*FUYLGn89g!@WSge=XBxFn10VnXs8GodA1LA)rx`5O}c!
z7|Qv5A7$}%7~&{=v*X3bzT)s32KZ2ruN4G_+@ObPs>OS)u)Yb+q{-|umUxgvkfg3y
zpA_ih3C^;F?&1r0&yDInxZk*+%D~sb#lCK~)oUJ|Sy`%D<axdsj+4Y+h&u5)9lCP-
zeN_3Ny_3sy+5K|MTi|}+b&<)@HO)>$!vUBN_^mGtbVx7_1<;E$c;V(Ke&T9ko{Lsh
zLq7ce2tZVz%|CP*ZdNh<ns>hBcdn17;3W1U9u(-H-8X_7hIn5PdeGJH;!q?|7P9bm
zAcl8b1mK`t6=R1k*q%kead$B2wJLB|6k4Ku6yz<cwFUklt$AgvF24OTy^Iv?yM-)x
zLgVi(Fl9qRUO>14841sxk8K9Lh%plUPH?jQY5+uS?XyZ}-yF|~$H@>$RMw*1IGJs&
z@H+wuV2Q&1GALMKCGeek3Iz}6Pk{h5cH8jtnl;2{<Hf-O%Z7`sTYKCm&SL?_UAdc-
z1awT6GfW<Z4DK&T*M@8XgT`lv!(0y!nI7n)7Z~t?mJJ0cIL|vp5Y1w%EBa5D3EW*6
z;=)X)d@jCyI`rs$_OfSN(S!#yY}MSC^tMbV>;)nI2xWLe=bL9Tem*I}+2t3#^ZHzW
zSjLf+K;L=@5MGAI7zFbHNmh^+5JQf>&kVQ)piY(D7O)7MLB<{VpqH{G0*noD021&I
zpc|~LV=QSHI1z&?+tLCZHtZVMCTRZ{L>>b^-7V6VX@#+7H;RI)>*50Aq~RF!%p@=^
zp=R0Pxy8kX6%iJgb7DE3EU5q}=11imRRgBZJ>d8pKLa8}U8oLRb;(i8`J!=YMDiaS
zmP;6<udaXNQ-|{05&{lO4@$v30WJHWz`|X0B0UcjUVfA|8ww^~LnMfSKuujh#|(^&
z-i07j9I+Wcr=J)XM|_=uV3P|<kOPPTc1=C7YUGC%MC;-C@TKpoe$`aiU&9U?Kf8Cs
zrlScueg?0fk3uafQ0l!b47@6duC9z<0z1)ykx4NjmRR9QXQ<y6Ujk$?+Ms0)33XL?
z`eRfe7>FW5nrQ>$721<BQlX7fD-iZ20nrfr;@u(DyO3nTdmCUXt{}?>NDVi=L9Yh)
zvtIz?%banZhv-Zk7-Sh7tt2OQXWTFJ<|t4!{rJ{A<pUG-_(#B*4ydb7KnE<_4={6$
zXGD2%1K8m+vqfn*u7l5ia?8>+b$~qj`mA8d)9G!*mCN?oetXMIVlZPXna7$JNQXW2
z?$p7JjmSV@if*x9pPs8KSy9w%+qS1`6@K|TKY#den`3Lni!AXO9c`Df0>@9Wpx*M<
zCs@BOyxRpG6DL8&6PQ+PdlKqu5XjJKA?h{DpC`#CovBDsIaEo!iG@-Nm(0arn%9aS
z%WY6|LV_34=Q^{FM=3|ggd~w&F;F)4sPgD%x#kGJP8h)uMwj`;kqsU^j=`jtMRbk4
zdS8w<Wl=Ud<b8u@!5sf{3wWo-`3KsswS2h)xt%ilv*V|zG%w<ihP?^CzoscW&%wTL
z<ttQJffo}o${1~vh&!-vhLE*%PXxy6IoI0mqPuYsD=aYuBOY7~nkR59|H&YfD+vmy
zx)U3UeN-s444sZo$`@~P1KTa<#esnihH54q9z_UU#2>;pg<omYIV)0fNWzT~8%D`K
z85bCH#w_v3Zs;DVq2O*lEuT+ApDkq(I=-n{6gJ;p2*l#BQG^${pW1u#p;H2KkfA!+
zfH?sEY&R*dQR%0qha`9=un9b>l6ntpa+kSD6WRom&}<VlKX8#abNW`uKHH0Z!7cP)
zVJo8SGz01qX|iGkcCcy47pZJACwNs%2A-B)-|3J0jv6~9dync7Jc!~#548MV^$GlL
z<`fx^gB(5BOVRkuF=^V9aP7>G2j`<;uA+m^_g3Bbs!H+js`!aLbXkO!QD2K#$$m01
zr>%pat@Z*Nj7k=#hd%p!NP%`S<S20Ocx$|CDTk!iLP^Nptw;tgvMh|{?wVpk)Stx^
z{46oMlW}Ma5325@*DfeLXpoaq^vR?@Jq&#|ZHSwB!-yxr%aM7%<xxMA108%g5?rS8
zJIsyXGEwzc1Z^@VhIXA7L!rMhOUujc@ahb9*!$=RB-scSAhuNoL?!o};Ci3hwy;AC
z>=2gb?-b}XuoLFV<$;ASl3tA5R1X^ST{JtVB+5^No`UX%p>dP-skuf{lC6J#Ap)c}
z&m`^(Nv#{`bn+euu((Ooi1n$`jAh(pHVOjX9}fW`#GW04$Rhkxw3_-86Z8J~)ah>w
zSh^hCY(A5#RLoxXALj{QprB@mJ61Gv$^zOBW0TR&F|G@?b3mznW-%9p+xD-ilrb!J
z>G04uC3BmGNQtpYAH^%-cpjgwF}sC-zfbkxEspBg?P$zSzA!Cri^Ax=2GQAXx7J{G
z?gv6h%4~x_5($gtDl44uZmdpl!C_7DT6r9<g=G!LS9gj*<3th6KuL2mZ1C#`vb)KN
zrmImzXj%5{^BIQV5Gm>e&=5<40Gxl1Foq?KuoZ-0jsxhz&CNc~Ncav3Oa}<8`nLHn
zbhtpQN<UFvqUe_sbdzLx@{qyt<G}YxG`Y8)KsS6BSNfIazIb^~3l+YNEQChw*m4}=
z_iHaOf@^f#VuL4+H!$N<>_LN;V{yNd8Ga9$H%YSc#T@9t{HkCteq9InBLiIVaP>_W
zkgVD8!b6z2Pt))mzy)F~s8eNwsn0mTKCpW)JR<&vtHuLDNNe;{i`Q^G#Q|$WIRrta
zSiBDYt1v~MY0wEiTyHvIvc*KXQN#@<XX8~tOuV2cd<l9`FBjf5jbq_u==#rJ!~Fbu
z@gV92l=nX^rAG`#7E>x?hU)gSLf%-;(AIgF((+szAVctml;gH9PJcXQ=L2o|u^f2%
z;`KdHVE9N*I`DMGKNC=3$MhsS5Il+i1xQAg1$QF0q7mK?B%6(dY0%a^va`*>)q}Rc
z1zLmS1XuFlzXhl4Mlx5aiO*w)OTf#%7(*{PM4W#D4%Dpm!5vbMyJ&W)F!%U#U_4V~
zz+wA_dy^J9V6;k#VgoSXP_-qDaW>GOFQ1;xZ>}UAeoTT-C0lUy#`2Ex`M-nG@*}X@
zYvvF3&~BKc2j38pr7tBgrTIKBpRKQhh`bl5HKeEu0%SNgG|#2FY|1w{tRZRE(I1)R
zkGEEU-y;aLXVR{Jw6(!;5iA?yPe#HV#hfm|S|g4H2hTA&^MJ@s9~rgveLDUC|I4S@
zw5nJ!uLQGGE<2aqwj12?D*+;ksXB4!@>X!lp&Fl%sXVkW<o}a#IE65xa)_NPX2A)A
zWD|mb#6(XIz{A0H*sy&jYN1hPthWx(fpF-rN=7eQ@f^C&-{tj6#6H{H&3?R*be2zJ
zJ89MlGaa%^5YFx00}O!WtRu_{B-2ZG$?mV$p$;U$yOWhMzb;+4vem4Kw<3Ch{(=52
zFQ6+X^sPI5M?F*b2jZqFV~#Lky8|&Xcq$N~j7Z)IZ^;GoKnch2OwQVb2W`qc-S^;;
zc2C!qP&H41AfPv9mcO;&DT~H4iRBdV<K)S7(p~2>;&)P+&~5!Q#``?(*izJSTj*}_
zr%|p05tb5nf^cOhzS{baa#vqd8AHm!Xr2W796V(f4?QSfZ^GW$9z~o4PNthCjW{P1
zKuq?(BkuGLU}AP8KjG1n0s1g%kw!gM3Q`oeGR6yjV^f0+d|e>@{sAb}O&j(Of1ET{
z2V+)sd+nXw^<t}tOSjHYfyHvKlCjcmX%?#?kH7RTaz^+TJ^c-x-nL-PJ%&E#w~8<g
z4zSH=dc?i0ZNMu9GrWHYjA5EP;+$}B6?_fixkL%>aC2gYLb>9B-I+T#a34^rCu_@=
z2O+J?0IfIc3hsrpUhaP=Fwu{ag!l^!7pPPV*tbIi9t0K;cq&QyO`v<#@fio(|7>}6
z1M^C#S7QHQvlR4ZO*1i!H|Vi#F$`cZF(gziQHlga77z62)+E=`i?O6^2vIeFRr2Jo
z6}N<kd2pU!TjrQ~`z-wp-QMp-Y_oIq(0fXFN+M!6zDErs_Gw?1?vb0XZV!PD(Ex*V
z1f59hHCA}oGY&*nzmwl!CDri*dx~(-d2^fyQRPz^eg%z95o;22ChGR(8_>xDu_NDz
zIhKt~O;d!wKbI9QT+D&I8jY9kL$P~?QaUBC%=*%0;3FCbW&R>BIv}q%GHhF^5Xfts
zE@XW_36ZxglZ<fGrG{DCLqLP(V%{phEtx1)vhixcsSZ{)P)%xz-td@*Bn5^$K<SpF
zc5-V0){}I|`Q*k<5*#QGTrrXVFB?2b$(W&Oc#EOCp+&GhpMT2k+m=8Ci17Mx@<C|4
z!htIP2}8Am!nO~wxWmLtI9<F0Ut$9&VxzHId+Q;X2Rb0-M!Gv+Kk1K4N1fr)y6G}f
zzcovRGXwV!%+uVy)%eERlBz@&wf2ltJh%|wJYy1(n|ap(O1smA{(;$uZeawS#=`=J
z_m{)aPZ=!^_sEq<NI{1Ecc_C`CaS`@?@Sc#9q|_4cxvb!D?FBaTxBz&06p-cqqz-k
znjKU|eWGx`ddv3RnJvEr|LX&A{=&=Kw~`uG4X>5PH1w+e2?_ojmHSnJ`59Jr$Tn|+
z<EOwa<Yqbx?Msh<CUFL+t666pgp1m@0!3;(NP=W6^<i7__Z2^Oh@t;Q)FJ4hM2UaQ
z0ADS<)&T{kkGn}br#<`ASwQ8=VBvLj^zHk4NI7#vY`!??3DvFG0RQMy+r`g70FxMA
zf%WqI5l$e<5S<~Haw%I?>+l5h{ox33j;y44DBj?-QFXbluTwx=K0)yo!@?^l0v-M^
zFq<Ltero6=GOB#45K$t?K8SI*tn+^c$CV>YVRV!G3mc$4-wJ)SxNQ4^*rdJ1F#TEc
zL3$B%&+oig?&!!Q_+{gr0%BsozWKAk?>by&V6||!=4FgN39XqsO)wHZlGp;1*k3W?
zJb|Ts#2Wh=x=fM@EeI1C#l&lz+z<a>Fiudm{aI&RX39P)ofhp1??438+MkypiZ)&l
ze?35^bf)PM3EmX#t&_~EeRfOnbZ^yh$D|cb-GeU9uYuET`Gu9SdH$`>J~;2%vK{P4
zBI4paItC5(;wRDL)ng6n)<977tQv<(SalFPoB=yXsp8=s&Vgh8Dg)jEnYF#`(3FL;
z24?O!_-DQkGVm?*@m1V@70%YFpuGJFT%fK;^Ek9-hG{xPwIcQ@<kT8rgx+igBg&^t
zK(->lr%DM;&@d4`7UQmz{I^{a5~^$!EkHvN-$k~)Tynrx01MgBPa>!v+Yk4u$SB%^
zwCU2b(HLi5v7~4pZQosxw`i0B!~OBba|=)4u*B-0oh}IQFm9w-XNtoqA%Y3l0D|`6
z07|%(cmO14mVN;+0``@HdWWESPfUCZr1PDCd@#t*UV=XQzQ>rwP~^@vP~a0a7=1Jd
z8jk_HQuKAHkU<_AkHII<mrmcZX9_1FYLjmAmo_&wb_>u5BHcRhtju?;*g=^GiaWW%
zm%_3L*{#pKkDmCy?&8d1n0WU1<paO~!!8<M)||gK?x_b`7Zo_0A^#XOsERj0kH2~!
zbe0Z<cHGIzdA1y@qz1pb`46=!|4H1pKg|5?zK^UHXmgBtUK5;Dx`A6QHt4}~4bJ=H
z#jPX#p8#4djWB(~@l)|NO1OIA26_p~rrgRY{y2J&68|W}b;(YijJVxkl>)z$Sq|#q
z$(VxJO(|mNhR+e$sxP9f)cgT|V;Js;Bwnro8>PAitaa1i@T+7eYlCNL1@;i57Ui7~
zk27`3DQuhnPOS03CfqOK5zt{Z<I~5AWN{f3bZ;*Zf;InNcHuFakzxYVP2(u}r2Ajh
zK&`oXYEM2;0m)h)fjsMDGBD~tW#!+RWN?@aQhYoXsPLL`&=zjQVg2y;auVov{j3Fh
zkfL<KJ@Zm6;aHvpQh}FnrUJC@K`QZGcg18Rql?S0gVVePa9<ipi~SRGa2$tvMyGX@
zf^JyD*uq_mn#MyvSy8eO@<>om`xVb2`K`+=tfiNO?Ol%u1DTy7Sf4e#|7{c40YV`k
z-1k%UH|QzANRkB;i{CI3nKNDVn{s9|lO{MO{sW5!cBz!RU!L=jcpa7A&rDe-4xgoj
z#ZU!|jBFbfG|qsl042@9uZYu*ej}Qu6?R5V5R#H7k$JRsScA0_;m=Wh@rUJUf1Dc1
z@V4W%o$$G;fuyPUT41o?K}o%X_IlsFDmlelL}ns{>`la-$+pw*TW8Avxpi^5mBYRo
z<e&TLVy~sDKdu$!=O<>CIwp;Rq=t)U0oN(lXn{G~V#>D1k%B44AX@VGN~9`^AylIc
zOs8UI3~rzbp(3+F%q*V~!MP*-^sWa~iP$aU#LOv!RH5{-1WFZH1^oL~p1|3roi|DF
zYGh^GT?7VUW^x%2bzSN{Fpm(X(py*X>GXs+Ain`a5?Q`|po$-U_vr{=ttaX8Z8yCF
zXi(kwvW+x#DD@zV1`p7PGuHk@#5J1yE;vL~0%@<5qn5V{Hyk$H|9-~fHn3IvDg3=p
z31ZQ!LlEcgkGlZeBQ5vbn=KgbPf!Aq<Z=K%_K4@CaGx0Y%Sry8V26|a56O8w&j4LG
zd5rtSPi!9;x7a-Vi#;G?L_{1^gFcgIC^~px{nKIvkR;#)%NFL2>2hr?!F&f&i%xl_
z1AR1i8Y|q{!D=y=uD}8856e{KSrdF#j&XAz3>|onF3`T9<-G-jI6yA~cb~fA;DI;9
zD1U^Jm3<ecKT^rFB`yS7i46+|OF3_uZd%lFL9sRG1Nl!fEQWffZW@)_rWjVX;x^Ex
z49afgQo95g=S=IPQZmF=Op94Aj%;NR+yqd9b>*vln`sshgxw1!?rW{1D;u{)6}z&i
z49=I#kKufQDQBYO1MdqCX$RDA6f=C@pjiy9^o-+z%zpYRFjBkS#akN?icwkjzgCSz
z><dy4QEx1-4R}pyQ11J@jpjJeJD@PFrOF1Q`}oJ-_t%7HPg_ak>raTS**wqoMQ_oO
z;I;KYdm+KAv6})ernJeL3cfq=b@4z`?!!Zk<t8zL(_{g6jo2tg9>;>28_e7>0u9KP
z!Qb6R9Ua*fSA5I`?Os-QH<;MTv~2ZP@J}e+hmxLAS?g^+`ZeWgg%vNi>0m?VA<62h
z*xZL)a-Q>co)1&dXR`9=6~Rmi2-spW^6XN_Xs^U^)@Dmr{y3|i<-4)uHmRgA2Up5H
zAOo%My9afkyoIutZDm1k!f(!4w*Bqg=%O3fk-?~L%;~Ok)df<YJ-O)$39rs%NtC;9
zKfSRieLc@7nd$K7I(Fineyckdq-b-et*nhbhj+dIGsdgfdvd&$*{#gPC-Za;ty))!
zferan5SX#_(|YGun~X1+Nu?8?sqW?Ua5`mA#g^yUI{?Mq)-T@rVE~+tXE~c|VTJd@
zzBDISNfSY>-j2JcxSz965aU1sG2_o%pWCKAG(ofeajd1oP+8EqX!C?1og0AQ<8(-P
z^P@dX7KOkP{L;N$7A#fX4@gBBmDkeFG7(K&J2P}>w<htWnP_^}U7VQ6th=!uuOdCD
zghaj9wrN}XSq6oOJB&l2AfDJEX(;R3Y^BoW5TYIz*cZ92p24@XyxZNPGSk*9iyx~y
zxk#h0j^4BLQIW^t=f~rB9zA=i$LeMEhuPWCOVXX@dI@_ozV!X;lb_=bdE_n6$EC46
zS*x0Ka6eS;n&9>IK`7x>#;KoZ2I3n>LzvU2J?|b4<}D0nzTfj$iJXt+mQ<YP=yXCF
z)!E{$hC66&GE{G9EN#77PlzP@e0loEr;$jzrSE*Rewl$y;e&jk%P;v!&Apg^6>iUQ
zC5mkq?hxMnuv88&V=1S(ugYO}rA5@UbY)YzU|a%(#v?nnKJZq=o*5S@D`}hTrA<%^
ziF&6S%;FcYqA0s@g%QY@T6^D{T!|JU@-w1WZroov8a<PRaal~9Gw2<(OiRROZRk;0
z4$#1_wXp!yR`DpjbaRtE%*u`E$+`N`2V)cCuTL4D{1Dao#qRXQcft>Gz+9KG_C5y>
zE4UMWR&mMAtV(^ISaH3Q*dJCKoWdgiCZWF<YW$@p03YAM()?ia;WLcVGIA7CSMnmB
z*+_JnERUG_2GEbBp`>^ND@Xf-K^@6B-EqHuVo%1ESmEogr9Suc6-tNd=UybT$)EoL
z?)9g`;AcUMYjpdu^*`vsFQN`LK0KBdF;PD%PMC?x$S(C!&Lc;)+8R=B3vm50@2|&#
ze#)TX6aQ$SySt56(5~<hxxx|4p!TG$e5kL3w*$>Hzs|QDo343}l6{;rC^@J;)7&o7
zzBQ1AQcO&Y?(^qNqWga56?3(ezGK8$FBmOtj(+AhRdMa4URA&J^Y5?$_KpD?F<Sg_
ze)9r1$PAMQV)N{1)|G58c}S%TPp;0Ei{4@^a#*o)s5-F^hn2zaK5uybmd>2B`7~&X
zwI=j%)lYjrM}UshQXt{4+HI?w5<W;VZp-og$*UNZ?(7CnHPdGl$2;EY#@!Psvt;B~
zCRnSkXHR@*z5aOU>lDqpSZ;D_RG;zGa82PlgkO8vfg?I;$Zbu88Ot1&m2R{aJ*?#J
zV7s?5%rs`N{m7^VD+ibS5FaNodYGf`ephxh8<ss(`u3|`_`yc<(pr|{dDBIn2s!q8
z`vU@7ou*fUSZ?;Ij;PJI?*WzC66tnKZ}9Mx_2hu6g@nFGFw+zxUf(UkeJ$`+AutO%
z<?t%SngBLEs~KM6RKO#z;?-m>b6@ZIuWHJIUT~C>HUdPsH%sVd4m&O+wz6kKD(!qj
zVokW%#*o#k-15iE-^;DbN0dd;m@j(0Ef=$RJw&I+zPt6lb2v1WJ=I_T-Jm@&>?l<K
z#H#}p`dn)j{%wSSzI)hX6BKjzn=6}enQAw+f{gIcck6>MZt6$Y^oA+8Smj1PI~s3?
zda>jCDL-d>2IgnCS2VtOo@?K`)(Ewz2t%lD-k)8s_Cgky-#KwiRX29PCYBi0yc_xC
zclWe%Q&Wpq*UN(Dx(KnH?5%sH!&)kS|A_y?IEtjo6}|fJVE8kun8mk}`K{pQ53qq>
ztp@a3nfvukt{arErNwu%E1e$LeRO&%++Y_N@b%lu;gm7(`yFL`-0bzHQT%umdYq<#
z#l>z#OsKs3gVgZhPcOqMxdc^`Y2oO>MRb<&zD+g*(1LmyT8}m^CG+K}OYRBQt`uEJ
z%F>Z7KI|ePzALApy9`t+S|E0OrS$Eph^(BwVk8or|1B7Hz`rq|^i)D+dQ>Anua}p!
zJanxFzK~UNJ2Nh!ugczMM%8&%(gcMrVF9*Cqn#D%#-$v%h}tb!%DtAQt*tk5>A>?P
zgeUqDqjlc&=42x-302>8MQ6#nU??x{<*6c#+0LGeg5ni`)cSJ1cflu%!z06{<a}Xd
zX@J5VFOla<_q5jSq4MJ|Tq<r3HL|-FG-G1H&$WyP4+MQ{)Exi$O7(LeFu1ytk(Y(3
z18@;&TR*9@$$bw!(?^P{Mt)Y6SA4$3Wp}@h3x)*ipijPVdXq`Hq1XF;SiCGocPgrC
z{Py?snumEbw{`sc?j_jwzs&t~qV1MSd?xBr<n@|@-I1d*<*^NEpi|pE^!~`itc`hA
zcpaA|86B)VWGm;muvj?H<*1Z3K|zmfH+JS{6Q%;AD$?@=waTY9uX#0;NJ|4|^_zn(
z2Ty+LQ}HF0z4Jh8{n19^V(n39>C;eIGYr^Sd-X>yo6|oUC-F6F{Qy#ZT1+TkcjAqX
zZF{Zx>R4Av)PuX67CY(nz%M#m@r%uWo!`~)V)49cn%xJ!%Fbn<^2fSVBRU3~ZUJVS
z!stTQ*o@bIXMr1J&*Fq5o*Fon+_s!F+o-c@`MF<AT#nWD>siT?25TEz^b7-Q<w1tb
z({~1#L`J3a-c9BEYV|Dn$Axeoc~Z6IgjiP)@!H}@2Y;8MH#Cib>8F>q3)GJ{Io%1R
zS=QFe6Q?7iK2Fhw(g@<wP$Y^&_e;Rn#A#dCBXP!uk9$OFq7KikNRX=#Iif!}UNHN{
zZ7|S$$aORBe?T><vm7cEerl4|Op~Q5`E1W%d*~y}_F+KxEzi{$#-U&E*w;SpFBWQD
z8Qnc$aBP4fDQ49-=EsTz%c-MV4;JjbcyBZ_=H6zFetBn`VGr%t`%*T2mR6y!Ic23T
zItJwTPI9udW6t-SIWFVXv=0Zmp^Q?ZK|cf&S&EyF7}2+>`c`IEbgtKNto{7tIJ4qn
zS3A|ZK0LPBV2`H;?t*Bk4g=`o^*mj>-Bl#A`FWGWR}c5ZrhSuqIP4zMEc%~9u8;kK
z&ukcG)?t6%xV>ouxL#B6AQmUbO#{T8L2I!T)&P`gX`YvpyZiHjk{PBYuf-na3L>!<
z&y3m@a5w1|p+N6La$LA_nn4nibe(5%#L<^hb+Q$?C2U(yIs#zQSWd{5%_hG+DRFRV
z&``*zw_&~e;EMPDq)RRXg7%AErGc|dOm}fd(6&8s$_;E>>9v=a#cykQs@ctyrj56r
zz9|^^;A_LumYj)X<HY=-%^&i>)1V)+ND4Zfoa$aU>n>IJsp><QCp})a$Efn{)k$s~
z_8`8Lwp`M=^t+vTOHEa`L!k+!U1f0zON(Y7f0r(pBK*@f1_1C9>3PDsNsi-4Q4^OJ
zKX<*4K<!~+betS;w2;()jSdwb9bU38I^e?lxjhQJqBcZv=i)9J#zK*}#l4{yHG1cg
z*akQF{pRn|Ha$Kg5R_W|<7my+OXoSD8CaY9dGL2}4c?cYu#s>T_0f3-2L7g(8%KGv
z74DRdZ*;F5Z6D6fy7z;AIGOM@Sn62fr(v_mf-&p$&<K0SuJjLOu7xx;Gu2vVZ>-}t
zFM*x`O}Ylfv(%gReU2(g_Ue$}BZG_X1<atkdFrZuLDiY=a^{n7uD_790ZsLI61+IA
z_f&8c+3^s*@1Lqv0QlA_rbxLU{ke`CihqAQx{h&QR&&^7QAS6z+|{7RL#Hn6c70yk
z$!eiY65$y{9fF%e@0&Wa<gXmr)kK7X*KRh?mG$R4-q^}6;HQ%rs&mrwJ${3OJxt1t
zk_PStdhP9^AQ7&8O{@#4ytB>ENK!AT?V!lr1N6hs32U{k<Zjz4N?pPp7<P~EJ8snZ
zEJE=!<sRs;2Z(act{ePabKlUx3R8J_p6iqH4!`v<%h!+P2j!r`{HGs%Vjfd^>-ZBq
zxcGyp$jp%IW8sm4hq@2aI4@fk2<jyLUmvX5J3O7l%*)*x=}L5-q%@rm`BMtHhq769
z&r)bA5+-{mTP%Gn`E1h1U0IUQ8BLUXEP3fSorMHn0&;e%Pf-2uejTW?Y#i5Z(;nO8
zWK_+Mj+pMaayE8<SCJ3z9V52=jsADQlte5AH8oA3EN$judS!{r7u&*`xjfHRHC4eI
zNfF1P2t7)ij9X-q{7r0v<Vx<PWb(tsrBQO#x!qNgrutk^qt&XjyxG!vX>DPh7&REy
zh_6MtaT(GAe0OBBK>jO0B-hI)mZPt3xVj!;=VLknZ$J#FL(LLWe;OR_6>6$cGQD=N
z*H6n~;kBbhftBQQzbmaPqLcDv-21<HxgKE{E+qtT`LObg?GcXxbji~Wb8<hK#r*qk
zKRA^JD!BaE93aG%69Y*>?3GQ9G7JOIbYQbvXF(nq8KJRzrfn^i<$K1$-U2JFly9`W
z%=?iG|IVwmdTHR(y0c+`A<Men8P}%R7UO+f>Lw%eC#98rYfFB+JU|o|Kn0yCX#M-g
z?eI6quEaK5FMe)Mj^4N=5gjYuDF1y-1YP0feMo%!u8YS%J|O<TLFATNFGpP0f04t<
z6?45+<ycXOwxf{aBVWBxr+Z^X@`IZ|{crPB50s64JfxB~n&(x+tMWu6UVgClQF?Q|
zCWf5RBZx7W1kXTaP<nuKpRJ+556t@``Eza8K&99fFmCE>X?8Ea8ulFy03^qXUTp4m
zL&rGtiuvx?!Ux1q*H`t<Lt#c|JDyyj<G>^Q8AenDW45gH%KeEc&LB6ZvG#46NoFyE
zcQh|kP;XKae<RO_%L#R$b}K)-@%6}rmh9<`%zQJ$#_ad4Z>sB`3;uazN)Q1l0BXv#
zK~25i&u11f=9|oPQc`PF-z;fz%-nY~JQ)E5wVr!7?sq!IXe!6Yu#>Q!-#-vhsIRI&
zxU{;u-s4I!^mhMF@Gg?~MwWiUCwoKphe7RnomAGhWp$ru<<^fo)gIJz?3=259`XCP
z0H`-7OncKnL@^rpvH5@2z`wu<5hF=V;tOi2NQVkft4Mp1FqN>eaP4Xd^V@^3_tW6d
zQQWz+BdC<t?t#_m3%gF+R9e53T2Ne05QN-R1`tB6mJ;>9fBb~*IWDc4(n(bNY1G<a
zouQ6TA;;IU+fSxx6?#Mj@<FS1?riUh-&dM#0p06wbJ6eZBx}^rN(a2H4y~9TPKr>1
zooG+5=+lz)q|KKj_ArAO%nW86pYD9*Q}O-GShUvq;Fo6m`8V!rp8~mY00q<}2K06B
zEe*&^KOuNH%Xd&WdLX>%)?Uj2L}&p~u+@yW{x??$&ODpXX1GzjYh+xp?NoQZuhiI?
zv9eeag;ntgZGHy~9Y3D1xbcKKz?Ixw?`Gk<;0!=O9xBLCOw6BA*2BNrLTK?cK+Y~Y
zC!BucVNlh@@dT)cMA1_PiY?YUTEu!b$%OJ%Wt3{yMBL1gJ9hJ^KQ4~!`pNAzYf6R7
za<{Bp{X9RP_APwnwzH<aSyeE!?6IN3N?6twRja85yfgQdIe`9uS`433%Dbon>raa8
zT(Q@GD)jsI%Qx~>(JFNEMyI6cpqF{4*FxV-_Hx^KUH+jSUS)YsdST3ErnH$n)6|do
z(eGF6;yF?42Vd06JOM+BzaEWM#kWVgzVX#r5<lP@&GYu+SE@GNuJQy7n5>@mb(`*w
zTH`#)yQ2R7_)2zj&#6c)><@gJs{Gv@TV}@y0INFAd-L^ijUD)!qzC<_hs}q4buygE
zn?B?v)AlSEQsGY~(sOP&rrgFnVZeU0!*i|s$b$aIf){JVxZmK<a~6di5$s;{0czp>
ze6{lS7XmXLZC?LxEj`Dbk33!u?-)~;V=?+=<LaFASDEoqZkg9X)tf8c3>bTPsyiV&
zf>($d4T`A`$S%u{cz*Tb?qsf_Cq6j_ts{>&jU2}Vbb3!H-|}}h24JMn2|Rw5S-kz@
zJm67>)?Qs=LvwC;N+}A0d5YmeLgGdg;B&es-{#T)Ae|?k<`b2_M@8>3Y$`8M>&IS<
z*0D+b7Pl#>osOT!kJd=Hn!%3lNW1B9Dyq|6WjjC527>oRHI;flM|`p$>YE>>E;_#V
zqJ9@eRGP0}bRmx=#YFzWn-F}s0776|iQ}8!6eTDVye=uEi%y)BS-E{izk1bFjiva#
z?yrGE{0v5J*-Rj5$iGyE(W0=^M6Y@_&BAj3)!KvJ5pQWX%}$k=(!RYuu=)E!_(qTv
zgnicImE;-P+NCk4vZNF|KS;HsMT~Y+ou?g_{O~M=3EvGkcX>_#V~4M%NQ_)Pu>Yn|
z`_GBj-pNS|h4;2zQPEHZhH_5i_R-CfHJUFzdcZ?qNI`PNbbr2H#;o7)rw}w}iYyKJ
zxb!%tz8<}do&GL0<ZEtX2k3|K_X9#_60P$p@)<v?@<Nd3uR}qAvCfY+d-C1+;^|)d
z4IWUlm$ubUF25kOCEuIweV38dO(gi{w2f!F3qaxS=tq9`Q@7DZ!LATmbwQcsZd(21
z``uAnW3};K;N+7#PW*Owx?w!d)3pc8Ez^3wP-n^7FxZj8SHFBZHT00jQqu&e``T*h
zhrz^9*8d^wz2mX|zyI;NqO7t>31ya9Dx0f?QmAC_j6?|8;mS-zydtv7%*f8lh>*-k
z_R8LSuitrcUGjPV@%#Q+w|ZWW=XsvT8TWHP=MV}`uNw<%ZK;G3$WoSmeuYr;-Lv)L
z)AoJIw@B3~OSJ-5z4B6s>U!)cG{_~Qxp|RJbp0w_!|T2}BY!qm=M}rLut-}kpyU#F
zIy>^K=L@$_>nLPwFIN&@JjL5E`nOhGDLv*s|MFfgwx9%tq<HIJ6IrfHNk`kFd76zQ
zMx<-*6Z)}DZvE8#V6L7XXGdo6W_67U(AGsnar`(vfyBl@*$EZfWt-Qf1*^Uwd$T}A
zE)~^QA7~-ODzppw8FKtgMajM6--`;FP!HX<Wc`^pe16o*W^tjZT=eP<#)sP4Orooc
zrVGao5d3$uw@)rmN6#eT_O-+sWzE>)lkIQmOh*q32P^bG$~hQhszb8Zp3tif;<r>0
z#YMDC@-!It0h6)?pKD6in75$MhVx7g2e`M%b2q!L=h{Eq*x|fGfl5-+v(%M6aPuVE
z-9fhgn}*FXQzg!Kiaa-y%=h7R3RgfzL`ix+SZf2&Q6s-Ot!4^bCCB(D!RAg8a!#2t
zf)aP$5a`j`Zj6WX2@X8*mBnw;NO5AfO0?eEoOe!k3*vuQU-=IQMt{QF7*t3c<l9?@
zg~>#L(<~jmIX-c%sE)&b>ag1LobdE)14I1JJ^A!((;8wsPGBUxBsM9!uWq@;q0?9_
zU(GHv_VIODnGi)jyGd7LA)|kVYxx)eINs#z?tN}Oq#Nbtt@EGtO;h`Z0f!C_vsn?6
ziIZa34w#@Y)q9)>NuCfvjL722qub0A|7A2kc3-f;a7tj@i~j_Wre2yS=AgiR+5;FA
zd|P5P^&U|&$^jEHTz!+S!g?8VeML&!dH9E&=k_D3<s11Tvs=;cyYPR3*55`6m}(K`
zOtr>F;!oEu*b8<_R5dER=Ou`#>dlL>+J|wYL%@nve-*C4@jbj0dbOuH0O#|vS}K=y
z5I<YiCHlZagmjS6DZ;|Zh{0bM=mkt-BCXANC4i5{7<T8+(b|e+(lpNf+Gh~-fm6ma
z{_{A_zC#1ZsG*Tjzt=&cu(jD=M(?)oUu7cw3pL=G&0_X>0#>Lv(^5&-A1$(fzVX7Q
zU^2O6gR%P7$w>UF+3~E8RW-!1xt1){dqfr{L(s_m+#X<l*o-qJ7j;eXc>U3$R<_k=
zZ&Jbtuk?ZTAzJQA11)AuN$7`B<P4iV3V(*~=7@Ak9D_Pb^kokFIhpyBfPLqVn126P
zH1od+v<u4j|5$7{2*29rD=R#Dy3N^ul$b2*>_kr=_B>qLuk~MQZP`5%R1d|<R%I2G
z0S44^R#$~k)0}2m|8)y`vgLR-{$%5?-!QE`s=&0DAghD$_je#goy62;7pCQ9wA>+h
z!pi|L8Qqf2YaZL2jv_YyptM5AXA8zTE5L!#Kxhl+entE;H|%EuWa?+DYNjlnVgM0)
zftqLd#i#%JP=M+Md>=Oz_B}^VOa9JoY@_g%;NY`*t>WTpPKDo3PxwmO&P5j7J^4-)
z^AW%C-Y;m>XwGx_c{2R{vnJiOPdzDJD@Om~3m;JW^PfNBTs80+(&nr=0pql3{W;l1
zV8S)+QTsq7qu~5T!x9oZZY~W%{1JQrLyzBh;ny-lSIv1{(GQ9}Pdrm%);yAIP$zH3
zQVtc)|JmaRmz0Cz^9~K{sT2l<-(L02A(J<Vc;d<kFX3%=!^`nopQrGhHfnkLrl@Z)
z&E%B?4mhhFI^<jL-1{b#C?<81zh0qx<=nk161VG3toNKA8Al+TKSZ%i85i2UArh?r
z;!IqeX-5Wt&bolhiA6_!UD23fLa2rPkn0`uoi$(I%HBXpQjK;^NVfJoQ*@LFa&&ku
zvHMSOZt1@pV8^&Pb?E=uF$4m4FtRb12$tvy5C80%<baVX?j$@aLRa8Pg(-2ypZHq8
zr0@uwYjRIY+l<BIOUt@9@n45=x$n_BMi5%5!!>f;Y4P&OAVg<?5Ix^3$|wirxz4WB
z*Q}bOlO=~&QQ=v(EFqf#Md2fuDm}xQ@7#u#h9APf8HCY?8yF?tkwrO(Na+}9!fy!f
z`wfJZD1)xui$pSrFUq~|do~xBowSV_6%L~pSeNiW;R9)foX3YZ-%iwgr-CelN$A4L
z(~SOZFb2PL)=oz@*PVR)rl6z~;N{oWQ&0Et>>56S%;R+d8^ltwf85dDs(*0vN9V-?
zVk`TApefBUxVh8#9v(-^q9fxU0Rh*&#KzCeLq<umz>CbRscrZsMaEe|6%RwSDyDxj
zi-=xdnRu_g<2#@Y^y~a38@M-kP9Z2He$?#i&35+9`GV&n1>}%U)Ng-~5~0Xl9x*sx
zAli8MqyQxo?8WG9K-;bal0MM06Q6j(=uwV%+U&E^+FPk_{Ub*Am8Bcx!0I@S?G3L4
zxMbp$zL|fJ$!5n*m1-q9TA9m<kB=E@N0CQtBz8Wzq*R}<&OI{|-=U*tmC#d`pts$m
zStgTX$}Uwkd;I23GZfa=M@2&XyZL)>SOY{*Wv+oUrgg{SF7RxRbxcA-u6)IZ2d1}k
zrsdp>1u8fNOb@X&$RT8fnXW*!P5P_)>)pz2M*;PHd&)WdNYTt=ZlN>%S#|d>;sBBZ
zm;k_gg7@*W<)ttohBBwSe8<kkyJ(cIrc?)Rch>U0lg2wkCT;VF^q76p$EH}*oQ`i(
zy|T^rHqNRS>;a6N7XH0=Qx9O|@HXBq5_*~8B#-A!-P$8WR89Q8-1>~Y5=zb3L5H>N
z?8KO+_TQmFKD%vI@Lez^wq(#aT4(IrB7s5ZHdQd~mr@Al01d0T(>pmKDR}E#%)SU=
z;Tq^C<JcOGxOtsR`^f!EG|o$Q8Lvdzo(_#^_RjL!08sgyo}A#fMsJmwP2hIQ3ZqQ?
zcqf?Z+jF6l=W@`hbmhWt9ejOoUG?&a7ZFbVoQJawx7gAO(;1<%bnEiDG9fu_=VcBk
zvPeuzF^tRaBnI2Fwa3)*!hu>Y5dYcj{e7kWP%GI?jdz-v^B38xKbC>xBr%Gm!nr+Q
zlxc#<msQoBaVEhFzcJHQqnZ5O`a{;3VTSyC+LgZePY}=4r%tinNJuK_ADGZq8ipR8
zcpY)O6zd04+G}mP&kh^M>{;+^@|oAyp9D2t$616y8flxuW}m0tI`~U2zbUDDbG=N8
zNyCv}RG5lk%c=lL_YzVOB)9bK%h@&Aw33k8!i8_)C_7@p!Y{d$joxSX?Ce2QAwsK+
z{ZfQ`I5}~QVPk$Gdm3LM5}qdt%uu{uDPYej{n08<C}kjxx5m!L*FfO6WtQlCD8an`
zh(qPAbtS7!h1;J-O6hQe)S^m3zo|7vui*@U!VPUZ9e#k+6!mi}>?EPB!P6+VsNPF&
z+rr$ON%Ss_fJjtOHkIv6Y88-i)T{HT#Xg0^ESMK`@#LSJB_@;Rj7w&Jdw(C4VGp$Q
zPEMn}K~#X}_9RC<Pp2Q97(YJ=)omR!wW|_-&0+TDV(LYggQPgl6DVkE+v@Q-MzXkR
zghOk-r&716O}G53MuM8J@<Oo}U+FO6z8e8JBxYs3`#23;xZm3~VJ}^+nxDu$14wB$
zyL`YeffK$n133k(biO)dBdKWBbM}vH(~4aa9!)nDJKXs^(zwY#(N$aKuPDE-1!Ke=
zOe61qi@1^nq#sbM%ac$%6aKs~t}y-U$;*n?<Ci{(*A5N+e(S$Ae1<HuWM%M;`LgHx
z^OSlK4*C4H#?K`z9gbEr^Q~K`v`x=(dA`BnT#u2e#rWVQAskBTj8CJP;tq)a*0HP8
zdEiJ3+`^SYNQe8iCMoKq?){fY6eBWt<nW0Hr<{5!x=gdn02*~&|8hXc#u3`uyK7Ac
z=pP8;LYRZ7NTlp*`ggBu97B&ZGWRWNB?(=p_{fEVfaJ88Tx)Y-2_P}%%YD96hhCzi
zUH}<GohWem^8@pNO~$#7h2tJ9FGmvnz;#rgPD%LtkFfK<5%w9HcXGFG#NX6WD#SC;
zvh5d6rM^=ymwoL5@13WKEHeWV);|nYQWtE-)bHuGKH$Y<1>91-TfPrGl7>5f=2<z8
zes=wwe^K75LB;#`&(yb~T`A4fhqKb6`vJo&X0!BWBf&f-=q!>T2UIk%LR;qY&#bYE
zs&rD-w<anUbh7zh#IFYv$KsR(xHeD&*+Thv?%Bc&;+i7mTR$1UWFBeA_>BSr5X((M
z!)wFo(mm{ieF*Usz^SMOU`+hztt`I%)+tP%zPE?5;wi~Bx)wIS^RZRESsC8@lGVF#
zk8V_X<ASlBcwG=s#_PiCf^l6?49T*}f*=Db;{HLet;xNv^lk;J>1_ObL~_6O`D=dh
zM{f&^+E8(CA2bqi?z{E>(^n1gdWhkx4^J%3CnFC|8wgwt-LQGaYYvqfosBtZ#D2@`
zV!nOA%#;<I1>3p}o@$?3(oqiW;hH|+%SDUH%DAPfvtQ^0h|m?vahK=%xwL|3#}&Ix
zrG(dW<GN%swgA8ZQ+g%y3Gf;Md!}fpG?Y<;WGj8c9XhsF3G}X?S~<S{Q8f9Mf7}$F
z?3t2(;P+lbL+>k)iB`<)9%&b$z8ZCXQqG>%0%#QQ)FiQ&0X|L$*f2R18{kvHM=-z%
z{Azl@);W8k-dyic?mjx|{8<nWgu-7xLGk)wb}cUFYEXl-ciWHS#)!zPVNxJSPyc&o
zyq#x;mTl<T0WFuRnHfK8LPPnc7$TIPa{=Yy!-bm-qpGoQk86JV-f&iJa9Yc*fV%NQ
z-#(Gs5v{!9+DGdqC%)bBi(+uhEM<~izclA#m_v7<tPMd=k;EGt<ynG-2fcII>3oaf
z!_R_lAnd&*mcyA14~l$A)gCwz;!r3id0{wiBlpXLIG>itK2u~hli&EQSuM{|Qgq(&
zY?j*1a2cf*IA}PLuVggBBI0<3&Y$nH%%5)t#*NO>s>Sfp>;!kTDw}A^*L|1KADPCm
zk01^vRz|gsjqr-nR}_$Z`X(prza9{(bKIDFl)F7(@S5EHOoPM@BzW?^(wcw^(ehUa
zOXyEUDA*qM=uUC@$=OBp7*}U!G6&3cCE4R23M))wtJP>RoX~H5;<t?Ul;0q9A^tJG
z_dK+gRHEyc>$NR~amr#-ODfyB@o@U+a>_9vMbrRywcf3EK^-$0Gj~fBvrh||NDoe5
z82GTqZiX03@gAG)RBS-d8=h^cCUK$19(fWheBxKDR%&N{$RpZEr)De}MUS#^&LwZ0
zcLgU=!&a;WR9gsi?}{Ky#5W{2S!wq9dsE2i3aEeM<{&|c*n#jCQ)BeM%VGTDwhV;N
zKDF;%ogu$fVTP!m&udaclN37477+=_<x+@z*F?O$mz>fZsJhR7)B4q1?cD0nA$2<C
z`@YZczpZKT8EkmZ8qtmZb=GN5F%YQ{lv^Vf4i^*U6C`8c%;}&DEs$Y`M4Rn-)am}m
zF~b$@WTE7#akY)NxQuT6pTmQb+ZlSY8<oQ0$BPxOs<O4-fGGj%{INNtNKMKI1tbDD
zPRd(T1_MpWa;P$9*S>FlfzQVZ+q+DK_`kFhD>sZZ{lA|52_ZZx+YZ)NNe6GgZ;Eir
zU#WHIoOyzP)Dauj%N+vwuIQI|44W40kn9FMy53Cpb75LjBq>w1@RX72oASKI!b>f<
z(eF{FU<011-JQp!O$%u4saOFvhZ6NR9$=J}t<A~mS8By!dZ3uu`PDM^_O%N%C@m_4
z5;7(Bb+$Zm{aY|TSS0sJ-%Z}0UiQ1hG1MxW07+(J{&neFAq^qnk+>El%n07=V*!os
znd84|JKRJl-`P1Ii{mF1xi7Lk#a`Ub>R99>Rn0c@FeAF~d;>>E+AWEQ1;^HfOHDU=
zjZws@iq}*>>{m~O22FG6$-ls>MpTPva-i0j7H~|6lspzhb(EH&DZtmgK%(_oTVV{r
z4I%`)Hti}@)T7Pz-Q-#IZw8*hlVL;MRRWka)I`L+&*1z|^9caf&co6Hyp7rQ7be?i
zt6_wVzENT=I|@R%b0j3~cB_Q1%w%?4YKEc8YlLa{JTENv(`9m^7;4qVTl*g!4$WaU
z|9TCe6x&o!!yHlg$p+l3(I)8pD1`r3CW25`tJ;YG4q!e_vy}opiO5TR+kb}`+i$SR
z4mXhC|M~P7RL9A6ohMJ(fd*l%h-q;ap65&Iil1zBo0%EujVE1?Kx^S6n8reNc+u+*
ziQ(~#p?33+QxeMrro;(jD$mDItL+OMg`ux{>N*Te+LioHA-3%e#q6A6guVTcj;e4w
zL@&J!+O`YM6lPsA-v03=Hgcx!v(?OY9zJY}`AwN`CswS;M-<TIL9*qYd-e=EUxje#
zF4N2%%;I2pT3-Hg?RqD=R}^DY72<is!J0qZuxa$+vQsWOj|SajR>(Rb)fqm)i)0L2
zG5^`obath<`cExbk^ea3uV~WNCir6q9mXD18f*=-hAohJc9UwWGreE)WwSchKcPk1
z4hU@iUTuoZ*IO0mu3sMzC~(VcH3}>)0TWXS#%&A3>@{-f{EHhrw%$$ko0{D3lx=Y#
zVhWf6<LodtT<!aZmiB6`L2H+2jYOK)UBcv|4#JM{^}Drs302+s4&1jp^A!|qpAy25
zDl11pz{TgUF6WOv#4N^!r=@=!tEfCzG_Ih{Z+9$~T793`d7u@;k(_lI7pVe+oLx;M
zeEY=cUs}FNB`C$ltwAuIS5D!DropfmcN0Rf=ibO~p3TCsjTYJF&TUo<P};QC-c;^|
zTLg|Qy{S2Vf{wVOgH!44>Xa006%$9GT|LN@2vPws>(ngUCR8tYdiM5nf!X3CjyIw_
zQ9zk4eNtb1`|qoH$Q3$5#zJN;uHDuKY@2Jna4qB&GGJv_(&E5A+uBdle2GqKgM#d&
z=&arkB_=Vy{H|NasI8xI&x{0%oEE#^dLya@C9yU9d06xCg29}_v!(KT9zmgGD;emu
zuv<0}|0vf4j?mGvVl3>m2goXG>)3Nc%~6s|d+Y`Q{lqCx0siqDZm)TUAO}EFf5i5z
zbDED&H6t9zol*)=4;CG=KN>3y>BPTPZ}jHbX9cu?Y_t{nIuaKjoS_yJGxBJ0{wxW!
zFdkLyEx$p3@k;eBV$qFJ>*FVu3^kSm&ZsN&KF#3o0-OiHTib9*m+-vF-Z|&Z6=lef
zr|-peWC@-wHpj;H@vnY70GNlGut5C=z6d9fhe!aZ4}1Qjg%00C>Tp?EWZZ=>e|&&3
z44@#=7VzxPkFIHaU~72}8NE7;xeE4G?y73rJ}cQPg9Lj4v$!pENU7=e!b!7plKE?e
z@2%J9MT7-MH9Rj(jTTf2lmT7J*YMF}eX`@nP28j;)@QB+Ww-W-5t$AD_p@F%zP22{
z@h4BBnR;h+IPUhhg7QC9dpeIJK|5a4UK+f2&pK_>w_xKP+6I*ZTm%WVU9{@(;UlGi
zT5o3;tvD2W`-;sx-<)R@{qa#0x^?i16*C)*nlR{45?Ri#`>>2Ka3YQo-jz6QLP+JO
zJj?TZr47y63u%-!TS*{kDxCTfwAr;~dPY6(^M7XCv^jWzCm2o<kvfHOeUnZUa6@9y
zFS+*%F(;q0;x~?+9JOoS_mLyP9y_1=>wvq_-;qkh)efFGugHUik!uT?dc$E!#)zwR
z+L+XAd5Xtm9#PV-6<6BppF>)gx%%f}YGc<o9+Vh`H0ReEw&4f+HS}CBZ@%0ON1UAl
zKVq}PkMy=$itFOVK-*4Qk>0X8!&VDBucw+#>Ja%Y64W*U6w6Kk6KA%5xhOZc#9~h5
znPGqL-=m#30jkVulu@1C|CN(n+-6jcYT@cCz)Eng(D^<uu((ASV@R0u<W9Z*K?V^S
zL0YLRTkJ^AeYy)XHFldxjQx3q&}jIFJP}&V!m`o-|3iWBC3xHBaX!JqHErIu@FKzD
zHowotEyIIJ4-tZcka14h^U#LxDS9odrwZyaXNtpBh@qNoWRTtz=YYxjE2Fx)|IDs%
z<|BmLI9MFICu|<Uv+rxeZ3q4yKy**moEGN8`S?cU3fs9JF|yC~J5Md8FOOM2w{IkY
z(o~|zLFQEV5})}b<Mh{TI6wf}G7IqRZhGTvT0%m}SixjkVUgCaUni|K@Bo!5E7eMR
z79y)PeEz~^z<eAsQXe+hE#k*9sFMN_TFLp$^LO7m897hiAu2!)B=%_|K+$C%27!1I
zF;bjH0^~DX6Dz{6f%lVXM))Q{Bz<_04#!)@GFL|SvL7SzgTp$gP4Y*Os)5R^HQALr
z+^N1^9HN=D!bMWdgQ`p4Kd$b7YqtuD+M|mGtsUZt6Dvo*Y69b0aqgh|p#7ahxlB4}
z7V=|RSc}oxG-VXcqpslbRoFRu&3tTwY4&<UCJ&(_Pug1r7Zr`pt&JlLxM+{eOBRYX
z`K)`BDuDi;GH`S}FF3#~f^?7q*qIE+te;Dt_Ir@GJ|mfH_3WabyzX@tgdq$NnaD@F
zVS#2WLqQAuh5%Z;*BymosCEANtET{TR2FU-VAcLQ*NnA+7)&7qC~{1nO1dZ0Y0)a(
z=UP(dyPaxEN7ql^4wrS#nX>wvYoS!u&v^JIvy&_@aud<QyWbX1NK>(u5XMyw$T(mO
zhk0I0<p}N@xD&+0+6`}KiR6;0Un!tb1}1{qxPwL|Ig^_jP%MBdc$X~K9}4Py<^W0(
zca6vS;WxIV)ILa6V@z84%!L|#N@AqHSAcVYu|O21`zAt>6Mx+@z7$4(iJ69PF@yN_
zc9Fu;X+;A^YeFT1Pix{0;BSu}I@HZJVs*OF;%igA!sU_QwVQ>M(wwDV-)l^3c-rq_
zG#ueB#S6D`SPtX3XJ88lRxU!-pZg2tFG8!c2&fv=Bls#)ree7^Rg;nQJ}KKA0js1h
ze&cY}z^3t~2%V?*)xvrR)<x>Xd1aLcMDd2UlnIU8_Z>eBj{o#?feO|lkQ3Wp<NI5l
z+WOltlK1S>kfu<vtwC8(Negeb+o$jw!v{w5nm*UzHR5$lSW59(#SKk45romNqO~PD
z7jX<&4kY4MQ7je230;g#P*{-A%<w;wiG$fZ7G#30BC-*w#(-q$PBco}&J55HpoWQV
zcU%5h$m656<r90+CwMa}k3iu{@8+A+H)Hpm*AWqSN*>+bd27BZ69J7)_u&21P;`Fu
z=E8To7Q5t*vPe@;0BZmSy33ByyFb&f1)NPuvG>)peMZuhCOoJI<kB`-_3Xt;Ku^KO
zAG5#*tIQcPz)nd42rI%Y_hK>K=)|3ZL{xm`9W%}0EL)=sE1r>N!&G<P<r8!|TOnix
z)!@+uD~8M}&t%m*h8as#8ipFgF>iGnz0dFY4ooiizkXG-OsxL{yv?rY`0T`;!k;L!
zxR$SW;Z3M+pgtf>g|nf24`_j>APw8lA1oRz=x>aACU@7GEyS9IQ;bMPy;bnODN)nA
zrzo(9?yBJD#mj2DZV6m>xUVZTOzy<-&G?N1sqvAk=xYq)g3wh36%<i(hM;F&vorBk
zFmOS^^V5PO5Pbq$SlIa%IyF333Al>7N!AObR`Dot%s6xu1<3uaGMg(7YO-SIdtzg5
z<D$B(0e~|nq)`jc>7N}hnS|`4`DFjIciuu)r}+@8DH<|y=IYlw0!quJ?E$1J<?AE~
z-)aI$`D;WoWpWR58WG_l1Y)oRTJL`P;{N=YD47>3o^J~uAL~va3?sKKW}dEDE~?>~
z={EyVs3l3Nx)N%BuGhLLMyxJ%OvdP5$rpi;@GmN9`b$||9I5I9N4lf933}!_2c0)H
z{?FrU#B&bCgmN1GjwCW+VKhnOoWB3oq(`oEhq6%nM>**y@s4wKbS|8mAF0Gs>^8ai
zaq*C5q&q>4;Oh@$N-z{)*V5<%xX;s{xHpW6iTxk|o_J?(8{vWUn@-t7MRk{{V8tlq
zHb%Iy5?S!!SK3PWXLVp4@{8*=pMAeB!{zVP@R<1%OaI=NO(=$&wAs>1vim~_fg`4^
zhPc3$S!1hR*1>F@10c%Z)=q_C%K0)2KvXE4xTnQRmMd;2)ESl`B3gY97<i;m$y5n_
zd@U*qB|aeE9($e-7ruOkkD6z(H<W_IujKDeOwWT*lA+Zf%EH$&+kT!^?bLBvvHK~M
z@kR_kLQq1u$vcu>pbVG<A?=T^N7bN4g-VTX?CTaN1h+R{SY&`5Idc76!>s^)@WW@q
z3yoSddRJyHa&2U*E*mZBIWb3H>x1IwQVehSf)<mQz{=R->=tRv3ufp>i)R=2y7w)X
ze}I@EhB3>6z6?LA6W8vLkOq=*r>$?meF80tU4rG??2Q1w$|PRI!7?(2D>|QHefJH^
zR={IE?{)_N#35fKf4E_Nx1-f_y|S;i#vaM+@s?~(RrbPctz8Px|MdL<CLt>qkP+nE
zE=Jc?Ds{PU$cVE>m{}zF0VCpES&1yuxh(yUNOTiD>@U-2&^4;OylDcE;AG?L`VxYH
z(|pUitTEIE|NPz}sLbc#{7`I{6oLt{(1o$NYv7IX%<u@Yi*z*)jA=4)vpTMhJpyEy
zBetYrM%#8}x+9iet?fv5W}jm-(o8VO?5`MP$DbJ_$9ETJ$nb7KEUcc-dLGA#KwD$7
z+@?yiy1upHXD9!M&d@P~#?V*~^*`S(BefL?n`&Xv{;_+#zqaqVUxb>XdhgqocXhwA
z5|YuXIu)KooCS`Daouezi4c$}*=^v4@XB*z@@T7X=1J&tCuKjD?C?bf1GlPnjI+6Y
z*{05gzBKjX=OI$HcojT;ZVrB?e@qk$L+Zx<erXBrmLHF00n1uDv&PHF#Z_f-95*6?
z2^rk5Zw$zS91v&(V_2;;@N_BDTzQMBw`U>uo^RrkirL9w5BXY<#9fU>Sb#&L_uM5-
z67c58m7znT(VPFD6}Cqxzs6#<*!dN}uU=ZcC*4y5i2fZWv3^U)$4#1e^ok&7y=EVg
zmc#%B6(7%zW%jZ2Aq@4Ubc14tTQrRDRBM5Lkf$Cxdz=7ADng6HWm*;V#wqAXQVC%9
z0c0Ix<HxOJp$^SoA7C-c&FJ;x;ZX#9yEws7>zXlrKB9Ft+~{a%d@bL5`ft5w$dXD5
z+I-D(o$1FH_9l?Y%YZOcd6I5olgo6%8c_|OCqIW|dYLf`zT-Jf#z;H72?}%%Aj2H!
zP)@vv3S3Tgf2mgIR+qsvN|(rfYslb3Qyd#=S|*PDt>HdJM26<otA=7{SCM@xfu09t
zt!`gPJMQ#4qbz{}2F=ym3^NZ5FrM2*r-1LvpVN|7yjxtUk~M>}s+1@D={p1k1mAgp
zj7q%}Ky-1R%n{1+!&9}`?ro6yP{=8Ia^B)kk>qg8!7kK^{;f_%L32XiuloBc?~Pjw
zG3&b&g>{5fEU_+nR-#A2sVFqb@V6cDZHfCBHnaP)IBnlVCTRqJ-P>;}M3BsF>Y1{*
zNq>g$3J`;Vj1=bZuIXO4gB7?}hAMEcg%n8tJgIX)P5s~SDG&9qo*e)vn@U-${mz#2
zkS6!A!9AQG`k&18G4ssws%dq0h~G<?6AhHcBLzeA{v<lP?1YJ#?M$1Vt|uou$`U-s
zGW7FuzCSf#XJ;SmoZBoe*__`jwCSRXSGEXjb}%e(v(T;1&`UqS<YJems3=YLE@ab$
z<#OJ6SF4Nj#)GpqHf7%jl$}l~CdAW9yg#b)!HS5L^`LWH9Ns57tO+mi$ER}h3_H+;
z%jnjqXH0UO2E&w|VFq*5fIt{ErZYs*)5ZJQv+aFT-a>5PH+;6ZiqhbEQ_^mEH*V-*
z@mL(}B4DPyfT<^j2@9Ut<>B>=1OM8nONluMXvJ?F#<3JvppF`XFSPw0dOXfOB*hft
z*DT0P-?CkbJTiJIF7`Hl#Fn{)&+E0&9!`slzaHC$3yDK3@9>74G>EF4+4t5pV&;fe
z;*`5P>99S@U;qnN7watVjgu1-gqIBCUshVKd9)^aw<S`u_}Qh-RoyS+{ig)!F-e*C
z`?iz>JeusP9PTJ~wsr|~*-?4OF^OOXR@?vQ7dQxl1#Bd-h6~(~NmglfkJ1@m%~oh<
zwVkd0NOz~p^7+yay&<ENrM7F1f_fN3309$i7|kZ2qFueP{!7vYjxyw|cC3o%(!aA?
z5W$oA&2S^>A!!*(ZI+jKe4UHQ3Px%n6N<}&Pj;P}NT?@L4+$aB5-nV8d*~=Aig~|m
zP@3Y<;vwKdvAi)<t|};;_E+-d{YN80g!EI4o_g*laL~I8bU#zMRfh;fV{ync)Cr6N
zrQ;Gx%*greY2P^)(Fdq3e))zE>rXU~pPHw(Ft1urvt5cF7F~`G-3VFx>3wpuL5Tex
z1|I7iCmHIfgH@AQ+L<Rs3umdYY*(^C^jujs<6qsMxynbV1;wo>%cDHD!z9FoXc)G~
zrzFfa3z$%(3_S$=E%8JbLM@K=4_Z3M1#v!<6fuEkhw8=dJM}6aoI04FdGFNHL0RhW
zG8MF9MroH0psJGBV)#r>s`pl#nR-@zn*DaN@#;AgGjsOL!20^9ENV4oU^;Bw_T?V^
zd*=qzDu1?9=j~YTf2$A%*rS-jBLB_6Iz(8r{e@mNWeNR6Fa+&`N-^Mszo2?J@~Ki(
zSePPW!<=`~`ci9TNwnFtTa^($Km|iiDkPI%B<`=LTgrB#s%~8hQuSLuL56Kol9xS*
z-)AvYn}ChEen4R0SNeC{_s2&X9?Sw>cVRmuR8pgtjz5)IF3u;1fukR7TZ2nhzCT(?
zyifLJkq00IMn#%04idlUU^E8-S51n$-rzn7*&z}N+?#_6sla+Hf5EToabBqhK9F)X
ztWFP?*S|U>5RD;woULlR)O3jI8jbDTW+C5Yap8fx|7ALC^Kuw=`{WCvs=O~%{oJRR
za|EE6>`FM&G8BY?e5cqGQblF7<{tjBq`gtLRlQ3lz1;SF{xdVS&WVkOCtsH=G{2mg
z8CNSC{W?&{<{V-A%z&VSfb95fCY3xkm2Z0_Rwnslh-e0?IIyDe!mrWu7F@k5r@^#3
zU1fQ#N#~M`;HgR{)teK>%-K$|zH4FDhKl{K>M~uQ;1R?yHK^D<oNB2fy8Q1Z-9rw1
z=FVYk?)d#&T6%`D<iq4DS{pW0mCrgf5rt%(Qj6vfA108nb!7gM=E*QUk;2(mSJw8y
zFWTpjvTYtf5PsEyRu9?ar7_KQnYn=yO7L^o(7c>ho{Y!owGTF0fyuW6ZQsZ%d96??
z1T6faKqREOBh@k#I6du2&i}x&c3mK%r!&|lx|@VoY(9%ugq?gPtRzfjIkJBiHzh5K
z4@Fe!e$ySZhg;JqtF&Gi|ND?)njq$kd9D_znO1UqqvC|`ZCO80sh;ka;iq#}rk$RO
zvGBV+DFleX^3rd=_l1!o(A6o<39n2WK>ftz-<fIP%+^jgLY0>SlU>E=Mr!pNNnR6F
z8}Zk*=d3LJho86-J2sys@RRd7*6mLt&M7}GdSPYMZ&}>IhqRtnP&mO;z&Ryi`vVkU
zNVs}cN)J&!#?5W@&vSWUKJ<MLCt2W0TY1bpG0m{(^pPK$KyLNwt+o!E=8q7K2e?*L
zNR<UnQ=jA2IkD2u8_|8NNs0Z4DSO4?A*XRJ${v%-<N5Ch2hISKjx6Bq{<olpw=gyJ
z!EOTB;om%qu*{_}S}0}nk1XlPTZA|#Ov{scYP7E<r*xs_x;rzy>7(d}%zfj|J*TFa
zZndu?{0IANmBwEuFGIHn3ugxlXJ;$!+v0hjjbc)-`FeaWh(_Ow5f)CCLd@_g0Yu+3
ze}iKkg_CS~v){l)>UZ^)68bs==F-$qWh%YzXw-MH;uX8}@6iHQs6ldR#V;yW^Ed1$
z46vjySlCTe`YTqwWcSOU-{1%6n`mw7Sew7G)H7+OfK4LQ)|W{Wsek)_%$qmAT+^L@
zA*MU2V{%}@c4e+@a_sOs9lev)1*calVX&+?idV!>S6VSY9akeDpprvh$+Z<ae+HYm
z>q61(vq!~Ke%*r~D1T^`kbqE%SF5=C7A|g^j*gNpm;Fdcohr;{lWEz~w>D2TdCkt}
zU-IjU7z=0DKB=(xs_D;K=w8PjI|fxL<qIAvTRNKdGNz9Z>D6d1pM=-HD#p(5Htlp?
z?Sq%c$)7cgpUkI!E%qJz7*og#j5~+$;Ui!Npz@+J%BC{A&kk^b9nc*td$ju@pt8r6
zN&9rpUEB(jSC{D)NaqetDZ&~ygeNs0Hj^gqQ!%W#RNc+%rdQRzsujFz7)iMNldS@i
zZ6EGU`r`-!txTWOxwv<3Bt7fekc|07{JvxcA4uD!1;JY<Z!=SZ3YOB!nZ^E6`2D0a
zUxL!KJN#vPR8MbU^X1pa#y2CTL{WH$sifiGDi-Y%w-kt5FprO7PuzK0wX!~fn^$?g
zN~(Jx+5L6y$D^NOKB?Q!1$<tw<_k&FL_RZ6?Xag!u<@3!3djb-<-zV>(<t|UA6p`@
z@OPk88Y>QI`~X9Gp5iv|i}pH{9Iw$A-j6Ou65TY?({t42a@_3dx)|!6;d?}@heXLR
z{-e+HhNxkY8yo`GB#9%AC|6<@&K?%d-hH3*G$^@`=y7ao8w5&VP-VcvQC;g@j11T3
z;lA|#)`cQRYZ0(EV0CW$`uO}Q1%p;jW$`$jVZu7dDN;)=MeHa!Q$sPba=|iUuuCF}
zAD20wg#a&}Byo?)#)|?(ROh)-eDHmG85gt%s_H_pWq52f*c%_8*KY9=os3^U{7_vP
z>k!egxOKWPGK*b6`PpN6kPXq9v<(A(7S6tZr}yBEViMh;KaL#_2&WGN`)jB*a)Vmg
zF^_!7dc!4L(rHR8pTXd>+FGt!^=#EIe=5XEnxss7LSOK%mApVbW7Bop?h-Bu9Z`i(
zX?*Sot}4(-tvp^s(yiJdmvc9ToXOw2<W(f?eIxcI$z2!f+De!Idb?_Qxoo8MQA?%B
zjBClO?Rw`-#*1Ii$kSs2i>IwkThsO~CW#XIif!&*dl3}#>^_IKeS2e|)v8YhNy5?h
zNd@}HANN(-&QIOWedZiD(@(#2Al{Izw5(FVQ_SbyQgKEa^%nuEuv;ObuCK3ZPtgjP
zTz~WE3iiD2h=sSZC&5x?6B0}2I=Jf<k{(->KcK@D3&SOPFJR(IEV}-StFM|WFywdk
zn|6KA)eRqLQ9TwEBj);-8}ovYh4U{9zxzLDS4JsM#t=~$f%VUzh>WSj&Kj?G6w$9_
zYDh=gv^(u6kNGp}bD}Hl6D_Y;QhSOhrbOQrjyznKV4g8`5`(Il^AG_eIg>mdW}xDz
zfC}|#$_gwh^8H*C6TR_JIhGbha;LYe8jSdK<@g6ybS0iWnY2@h=_NI>u)c;@coB}y
zygojm2OT2(hPfi+Emn&p3+aX;3%-q6oRuOwUW81{Q+^uQJVU92hrRJxh`o)|#CC_4
z@Zp8}D%!3(>L1q_hcU9^P_`WFo9t9&G!!08E*bc3i|C-CjnwwmRB%h#L@nnpk%dDu
zV}5TN1WlJL6D=Wzc~R17R{fz%<t$iWY_#iN3}$9)Z=N*Nz~*(q9iKq*4)iLX=4KJa
zn78aF79Pa6zK&~Dq(1Sf`Eegu-z2hIQ|H4vlV^k9U$XFQIgL4pcTA+ZfSq&jpT5sQ
zyiwPq?zd;dZeAH(WK7y|-GkJRev9z0JLhmcIYCE%>f}+mBBcYHm2=gG;Qg9kI(M(x
zkfJP$t%EEDn$nJ(_oU$PKxf>O&Cq>~W67bJw7~Q_7UEWYUFY)WdNO(>&5QTIhhSCh
zzH)oPks6bXqdXALz3=;3GthhV?N|5o**7yQ1rDr!x`JgrUBXDaqi0i|CL!5z>E7JT
zdvzVO2Fs*wBe(?<Xh!%9&!dEJ=x;+3IwNcF1!J+jzNILplmJF2@hw;1)2X;WgbCvc
z+z3=Dy?Nf&v2?C&Q@xtkNpoWO;xLRjCBqD`-SpGtkiI~I?N;`ZL|+jMRUpPv43Ec^
zY|QJ+s2$@!xW?xHqU2|(VrzG++y~Y>opyXDKZ9a&f8X(>qbZO28Chl!qDOj$fHY+t
zD_Z*p#J)nQA~$sY<x5U*>{XR<?A$nnhqKJVRn+c<Xg`dN40$;^INv5m+Gw1t$1S!#
z>vWuM@!8jwELQ%-O@Y>=(0)Ry`%EgAg;lQX(-l7#v#3?UajYl+yVz=}yO25Qb<j;V
z>MC&X*L4=VtliI?(B#MzNOddF(q!yD;PHFD#`hCPzpSgnXfslhyA^%*2^kZg9*kT+
zrD?6$@XsR+Fhe%um#MkuIUt-U{rTeWT}YO!Z-5^mWap;_!^^_24-xgZljrUd_iQZi
zvDDxFvdGq8@};!XETX^beP}cxm0GWcA%3_X>#2VNSptEyogBxm(SXBG1($n8(+XoA
z6R}8W7QfFSaXir$o_~S7In&BaBA3RrGcWY8hSig=tCpAO883f)rB;G>j=Lc*XH1VZ
z{MM1PIDRtvJY+Dh-W-X>*4fT+z;^*U_0qZHA^rqFU?`#r^=0#-!eel@;q~#YoNZn(
zGL+0pvBC65OWJmwMY4;82y{k(Y{tiZs;!0*EP7^WoUpUVXtY}H5^fd%{0vOQw5-}m
zBNXmMIsGO{-I9;G#hlkq8GZUJk<xRAl>viX`zMKGItCOy;K@Y<w6iW4sYOHRt5wny
z;u(2}8GF`5@JH&K^slh_02qiW6VIcWr##T9GN?SludBwF=uiEz98dju>iOz|;=3@0
zR1+`eXy(4E;v}twx-*z6ib-PLmdr=0@4*9K*M`Y*5KqzQUG%`!l@sE?zFe9=huxE|
z?S-1O?wD`z7)doo*%4-iRymJX+dWenbqaVfnn}bPztNmyQ~F)u8F9CYW*A%_k`MD?
zci|&8)7Z|wdiyLfT;~_oFO`AUV6Z;CfUT7($ZCUrNgG^j1929W{7v#r%XzN6iMI5b
zLF{4n$tIzN|IBD910S9Sk=xS(CW}m5*mbD4*wdO+R186TM=PFS1Kb0c3?v<6y^os|
z``=ZBGru})KoWFD<?u}=R!ktB&)IBhOa5$CZqfD8D}w|`f(@b4SeKmc_ALV>Ui6Y=
zvI{cLXx#T@pC9bG)g;i2%$x>IhZvx=(_T<`=Jqcy-h&^cIMTZ9mij8Z4H@I!teu1^
zYzOIQi0n?c=UP0uAZqKFN%rt;2UAdwsk>f9lrJolfsFihY2$dUEs6%W>VruN>>_<S
zZZVO9TGU-Lk6`Cy1rceGp803=1)0|5I7=h@?$xZT^%SxOqU`*UPYMa4JDYFV?qlHx
zp-}V<yd9v&TjXDQY6TEX)8cRJbapuS`(njw{ke4ME)9gRs|VQDFrcoS*k5-*DfN!K
zr&h4D;$)S{@OpE|WSFiu?~`*XPx{TbR~q~2(JtskynwgXG(#;(wC}ujFZ@B&HRO|8
zpsaA8^jhyq0y&IxQ1sQle#Hf?g{sOVt$jT9YAP@g{HcVGPtf}KW9mrHjhi1Yv_8#f
zudqydqK8hpiHaq+U0lB<y``nS7f(yeMRoS1HCZ;`I$yP!FiOR0-LT+>oif1%eIaSI
zmRP_e=FQKSpVDVQ3mYFj=6KTSU?m0vOT_*ws_y=DRlbe?(FWdOh<_D3Zz^{Gvs^I<
z4iga@v}d^j^tow=F7IG#1YtDN-YSdz6{8xO%V!~)V`r;e6LqkSZ<gHgqn-%*6}DkF
z7UxaD-q1i8!+~Tc{>df(asg=w)df#UrC?KRa$*GKX`i(Ij=BoFwHPr5(bSr%Q%j7m
zF<WB7ml2r9Eb6ky)46EFoU-3<U+P$CtceHew{&njM+Aw#LBRr4^xUwKMc~_ip7a!G
zj1_%07O)4XB<K0@AWbvL6NPDnWP)<qI;Kc06uJE7xfl^>A-{Uw<+gs6G7(1;$BUv{
zQ&TgC<^M+5fW3xMm=sdlun8@OJB_cHA>i$yf2q7H1lOdd39zRJ5ft$M^)3e@M~KG{
zpgsgZlxSh~xHvvGMisBG+s;CA50)D`YSSoQr=_0T(~s+z<ey;l%3btW8TL$jNiUdo
z*OQNNrd>fBT2)}e<@KGz17h*B)Vg(QL!$I@Zpq|&OR2Aj(h)O`eww(?KAw=m|I7`3
ze7X2b7A1hJiF9EJ5GcVC;Fs(wZ~nPHzIQG!X0)B^a5x?f-yy!g1H|EIT9kpPHRku=
zY5jMs8xxgBbo9O}P4L`b+e*`uEZkP?wzR$CQX+&>91uEEj;jKo{ZK_IO9VsayK-<r
zpGoTusm;nZSc*)74TZ1p10LW(<EoaUi(EcUuJuD<(89v;{(144_S#YN<?6q$dCmMZ
z*VG)d$>HwX3zeti5nN~UPyX?++4n~Pk2+So&)}2(zIh1?RV!%p>RoQ)jX0&gDEi6|
zeFDWR3^zXl^9ayKh~}<6iMechjV^2E&dUhPuq!Li1=;`~-bjrgZ5N25B)rZtQ`%F=
z{PT-EHk#%Fr<W<;%(iR9<c*+1UoApkag>DkHQIiMrw_sK!U><;*iW34eZMk0+$nQ6
zdsTCt3Rda`dFa&*(a1mrNX5?_t9=J^S>9m_EoWO3NN_9M<r&}&<_3OBV}BC`7}e&G
z6aV{92R`xP!6kn;y&(~O*DT23>kWpH{^==?^x0p3Nz(asgzT)-5C>aUaq~*<GJiN2
zk7Sf(xJqf&EwO+0tQ+i^gMcNr$_DnVAoygT`LrN{H!wk*x0(BCrkS%HzmmPY7Zh>%
zh1`74W;uW}Z;b<2ZPYOg!;!r1ikS~E(r#eTG?6wW9eo|n)TxC%7S(^?{bC!>9>;zX
z8O(s^cyRIiQ(>{`UkDW*^ww$xRovms0Z5!0v@yO}y=T(rwXa)hadFG?>iJ09G>6|R
zx1KW_pwi()@#u^(50%pAe}%C3)(i4J!LbEmY$L!3K*Y1cDt{Xxy2ohZtJYfEu67<}
zEzA$M+4%88`gD-d7LumwT1<RB-EQ-;q$-*=dCmT1fFE+hd$pGZxr)!rtcadm$JygZ
z$e^~uUf1LPyiNVc+Tcj>+H-eg=KLCstw4{8g;P(!{PRN*!m~SW_I*?Q(!jcf?qe=d
zSa($vt{9U8^y0KR#q;rJMyU>CJ`k`7D2K3$QrU-Nvp-fO`+GV^g54<vbKenL!x(ZZ
zEHXEOKtXQjoyHo2UY7_+h)KtP5LdNZ+uZc$qI)u~0Wn-`x10s?1!V~lhGQ)BO)S~s
zxHnAZAueWV!Gx>WiT7TbQEiXhTb$pWqTh5s;DRPXLGWJ&nHLea(ciVnq`oCr<GgF?
zg_r53B#PcR6h9b&W#_y=yihz%b$%yi4KC*ORIF~Fzb5O7-2#lEAcQD^L&XC-8iPct
z7m_k4PV6QX31KCjsRq(<Z+{y~SQ`+wG(Ju#u#VUqzLL;vF_l&DfqIK0)0H^#%pn%}
z6EL>Y-Y{rJ(&*pFJB$uuGDQyICfpNoHzWv%WV$L5i%Gh|)IxO>#4tL>&x_Svc}5<k
zS{aNx%`T>NO4{@TQ+Hf*D>J~7n6K<LGWl@HV_f{2?j1@m+1|lvPPhvxBY$c5cJD7b
ziV?1w)9)~>;$COovE3ij5JfX0s@cqVXJC0ZXK`_P*}@@WnlDmKeTXGeRH7r(wL0wT
zLw3NLqh0H``s$*O|FibNaC9xx0qo9cq!A{Qx_c{|20=X0Oft~nv{{#_V3RR%CiDyV
z#8Rc6?kdslb*(O>vcf+d?|q7^xQz%p$sds1xec+a3X@6|d*0~xz1(%i4h~(vzJkr5
zAfz9yH4qfvEj;06P)SF`k4a5fxiLPsWWRmeH@2x&DCIXe-73=M`ql5BtMOD*tlw?d
zT4wTE&OzaAb4P;!WZ4X#;KG^a>)=|*S=AD-8SFCZ=9`L4*MemW7U*InMj9rX@g;PZ
zd6q}%5U6%^xsBQceoy4~9Y5#xbg^Kfuj8WjedfhZqfd`P(2XueZPj(BhRtImg?C^^
zAO8HJjJ0r|@dH8*SNR-5Tw4Yeqz)!Q=C?|g8G8sIqKf<7?rBiLCRx_++_jljmh>5!
zeQUc|c?%F6B!J%}m@r{*^L^XpB>U_b_Pa8j01-X9$1T76K2fv>`H$NFvVa{(n?w^f
z5lQ)L08y?liagg$Q6#S4n(tlste`2ex{Op;LT{<1U&>fXoF8$&=BMe!J^h!JkK~}U
z4WmcCIQG035ZynkR)N+1fiwO!e9{Id5CFj6vm~h}cz%S<Timp(fX1}DFjO`9J|LB4
z>^b+0dE-3V!wtcdbWQZWv*1xgl~K(sFYD~Jy~7g77v^*sxM?l0Ho)Ncz|RzZ)GuO|
zdJ0Xo1+Km<9yddYSOJ-pHa|durMXi++-R<YIN02(x9!_qR*f_~4=xxu*?ih>Z{sB9
zFO({21q39qDnxRHNu{Wn|A)r`NO#^4e|0ov(^m~HsaYH~-%dJtNI<}0{#NdK`68y{
zWjZq9Q`6qs+~*T5Kjs5bGM7mnxqbp&1GZu-uLpuYV_1pBK4801cU{V0cRcL;Wb)^_
zUtBbyQfj0@DCczC(O^1ryHn0s@K<)`h5;x2)F~<292bBeGSDJ!?yHNZNw4BIWMXuY
z^YZgbVp~f|t{{PYxzhV<BPzk5kp$lW4FCM%)9CEXpg_*L=?v6?%r_P7>(5L%FtI|P
zfOXoiZZMyv$L**SsA*yRKE<R5JE1ga3;cKKyWl=<+`fZNsG!5!`&&vJqyNwF8`13Y
znwZJO=Q4ld-xXDE=br?<b1+T+W2a|6H=(WOjN&Bj=+kbQ=-pZfyWvt2g<9-4fC9j!
zNBnhr&DXL3N?M$y#xB=t@IzmSHu`4q3yQFw2QXClH59U>mPqsn+7@xrab-a9T|~&l
zswlgg|Axxi*y;r$I3vk}-bvzWNzzLPg|W{iLaH1;vW`>jYPf$+NyVJ0;LO*uuWgG`
z$TkQdt^030l#%L<$#r=4alAsZQgZFw8Jn&v<)rG*b10XrU!P-$oq>=ezoc&H3Sca}
zYka=A;gqnj`GxuCPGM}?;C*i9&qVLXxQbkY>+IS==Jsb9={~u~i*ap-aq)|Z3k7u_
zIAc8e*6@f_(9=E&j?X0>w8rJ9!rtJZQx7J<d-1F^u&%D0LfYVPD(@tXvApCp7jzaf
zH(Ccq%CxUE9ov|q-9hbwFN+9WVqkb~xej@fc@a9Jv0~~^-zsA}bmL;eknS<hwY$v2
zn$NI&GBS?OaO9_!u+(tJrT|mzRqADnv6}+$=Mh-|#SJb$V{h)dTfb$w-FPSx$xwaP
zydBT}#y<k=+{G7i6A;v*w@_95wZWQZLp|vXyO;YQ3ZHuBNlw(u^H^iZ#E1!Ge5JXX
z&cXPk5ZPT<^0NbOoBZ^Wd8Nh~SohuxGtDO4r8L6BiJ%tzv~O5^<tu_~O7B!qndDh8
zHl}M__k?}00MhXc2&(-lqp%$W+PSEz#$+i^Z=SN+7u^t(a5jXrQi*QQB>&W&j(mm`
zP{MmEAP5+7wEpHf9H~2f7Ai!cryRY@V4)JA?ZuW<(1%NW;Y1l0-XQoN<l2KPZ3ULl
zUz5dv^Ug(U>o|#BJXuRDo?W1X84ZE{+Nu;e*#bK=HkR$yHA=y$PKE3ZgQViXaJYXM
zAN&msiHF*?IMx6;ge`XxNwCgGS}n?{lOSo@y3th80l8Z@kWj<MRP|>0T%=^g#yW5k
z)>n*YGV9>_Y@?tg>Nzk=jKrc;cePh16^Dls70Epfz|ZX@c^Gwk@h!G6;})DI!m9wK
zJ&rNm^F6ANlF9rfB;S8FoX04lHN_bs>52WepDk~m-JvBQg{n15X>YEo+t!F9@jmCj
z;rv+t+quIxYW<#KRdW?A_po6KJJv5~qk{Z7m9IkR4Wl*ySPo~*$dPC>liEi473G~`
zi?1mA@rYY=b<1h{s1QHEhy=d*`n4LsR;5y7T6NybBgqOt7blclR(4bfrm>2=KcZtc
z%+WaFe#ZqJg4ex~ryAEs<CMIEA(1YZMw?B!RgKP;`sE}Xx*hb=X+GFEGhr2B3X8+a
z@kviu{7fqH6-NQR&H;$KPNO@PlkDa%Dp!NVx)&g*OoJWwZ*>x4>H0TQO&znWtc(t8
zMqyys^fAx%MU?Lkc@V65dWm=Ox|UBr<?d@U5rNU>XylUK{bO$ypa4~VSL1JdWkW}e
zpbQA(-+xd|p^>a~JjHOm`I3-Vge5GnQiJbh(5*3svl;Rn2YXzI-yU<tHVVv<A(OGI
zEQOF#1jj2N0KOjNsSZdcsK^73`WJy?XS@_(izy7J0Lm&1gHdFqe~K%f+e0us6;eaE
zs|M&cd@fpzC6W^o7(sl%O8QCEf4fsEzq90~;W-OT_>x#u(INF)0|&5Qu@r(8YT3^X
zSRIms|GoL?r5GN;f7i5U2PL8HdhmGiT}4GiRlU!>y^~r(prBf^U2ra3^BYz#f&uf=
zLJd5`K2a4+l*0$7&SXXTk1%YS2qRheiH!C}+^bUqf0JsVUE-CPbTk-CNO3(KDs?I?
zmWO{J>$ef({2h!R{k5QSYy$d~R@tdwbt{_|k;;1){pjkT^vAveD*9!YlvBdIJ<uko
zBI55sPiL{lavM&v&D__66~!Qa0Nowq=`Wm&@dpUW5&*->Gy+0b{z32LhMoEQAv%U|
z5VQ)uB8?+0hw+pTc4g`D+fcpYlQ6{ITULrz^$ud+{9&^o4t)sP;pD`Y<HHl#uh2`V
z&xI4di|~*yD5)chX$6B7i6(Eeu~jxI@Rqq=D(BgDMZ-ji$-cplx`1hhr674kEY%up
z^^{-8f82**gn|G*479}}<4ycumW+vP^H$?20{n`6W%LKgI*G#>AbQ^sQzO+(zg%c&
z`x&&hGVpaoxQgaP7j#xD+ovHLP50n2Md6)e>t*}p&8i@XeS#8vW{vYg*wJ|$1?Y^6
z>KWI=kXZcznescWq^rkuIiOpx`Pj6kYT{Rx(F?axcs%4l4kM{bJc7%A(YN6-=k?W+
zcb>|mdoa_LS+=NwP(dC^1%V2u$amp1^<C{}I-I}#xbACy??f2gn}o`!VhI65T+D#b
z8qB7AunE@4m6AqtF>N83B76_1KJU|2ystmd_Wzts#B!Ga4;m+dh`%1a+>KNBL>_SF
zizKhGSBbzgJoaN?Y#)+CBm|VS7lhX(*Gj&<N+EL)A80M5f7+c6O2IT3aBN!I#!q-J
zjwy<dXf=dj<<f>wiGubPY1`94ZE|##o*jM-Zu6wI2v=d-IdJx=1K=VBWEe1gpcB3K
zF?Ea|bRM=v(~7@M$3hPYiD1Vb@Z*M8^cK1>I&|L$C<k4RN2B#bf$K~k)y>|4I9Da2
z(i=Ztro(rRD9L|eZvRddYpaM5WPOE-j%hbc;qyYzJzT2rF4#VD-U=3}mQzC|WP<CZ
zvwY{l6DptZp<Gb<OQ-Pn`Qyj}RUV3&Q+;RX*0E9cIfw$4&L`<&AKgtnVM6a_5WTon
zh}@-w(2|dIVGm@CbpD<{RLJ*<j|_GhLXSy;=VqN{Bd#2ZIgVr+KQfN*TITPlsSQ6M
zE3uQkgyl804UeBOcsyeE|A+>v4_vbQCU@_{qd6j6q^hZS*(I?}H+o2c#y3e3d#)D*
zwwIN!Q0N?og(+<E5~d!|j9b&*VjhO7Hp}UJL}oa4;||j~FtG`Z+{!z*hAbQ8`g@cX
zc}Y0=7xaY!BZr5@?N_{!+V81@GVA#yjWp(WV!0E=z;SV;<$W0*3O>VD0T2=5(=or{
z^4w={#!6M53RBx$NS6Fj^*^iQ07=jhB?DWFk@3=ni7QR#cbJFJ{PFH84d+4B8={LR
zxdr?sLmhT`f0$N8Al13Hy8^k6V#n|E`b!O4K*@=%Or2Dm3hB<fG&E5uI~Kk%u!QT0
z+}z7b!UAvFch7PVMGe)>&$chzcOx-fn$|I{gF7~e3l+5D%i7dd(FT*t1Kty7-1sAW
z5amwMs<|BgL7wnD4i2IO+1ysXghLM0AY}09N-5JJy|xYFf$3$bnKjc>LHbUXhf*I&
zL9p1j(lFOgeJ3@IfJ{(I+jx_SMW76ualqXN-|^YPx_mdefzCjuRs^ADx{MhVP)m2`
z>i!QF$mDz6V{3-p#`v_z5DuFr-xz$kz&`A4J_L$JN-$!zYvH2ap@LrV7-+)2Xp9Ly
z)qKWciv4(sB4;v>iIUjuS@=J_lo;-6NoQSM><U78Zg`=`gZHtV6_`Bt<<F7|d^uPy
z6zyscufJV9LJ@hd1O|wGXnPd<JJbMV2{2#Jsh|HSfNOv{P1V<`fCvzKiGeiNy0uN7
z?5w#r2^2g?@PlZ%R^OjCi+!(|u5J}O&k2<{9-6fLhVskeSQng#uta=Cy|FB7LDsYa
zJF<XXIO9AK%Z)<oj_pGaYc`qA3y9P=Kw7}RQ%7|{8{v;t)}|FZD74R>#C8AnUVyi%
zc5}q~f&XN+J0^M?2Wuc_la}jUNhANlbuygc5es(;@1&bzJckM5hLTYXd1QO!fWKt&
zWUra)KkhaR-6fo`+6{@xGF@VwAJ#cJrxzHkSz6LSor`?t)JNewDl7qg<`aa-@oY;w
z+J6wmN;~sVwu<u63c_MbYqWcvrXPL8z$Xr=0Q{lhrag716dzn#9;)i0A!0;#?o1+L
zJ}zbc-8CO@55{WEVan1D4C4YljEm6*K!Ys10-KDp%O@Ki+f7+1DIbIVi5Uo@X&RSk
zVvUbYm^lav4r8Bsi;zWPU`O|u+<;tt9M<#ps*ZYBU4h6(ohk3Uf!T1v-@8Ou%kK36
zQq4a#uXcU1f<lSKFX}tVpvEIA;9x|uYS$*(pph@&?IoC_@sL>UD;!=>N!z9@<JWL$
zD;CfDPZK=wKccQVpr0#Q9xV`QaQRcMT~?%C(=9rj|58kar``8Zm$VQJhdz#H{ROdm
znOM8$gZMlHjhY?Vz`U@6_fFqGncKTdx&SB-P?}go-%Kl>q6Tw%tU8>*QL>~qHuBpn
zc4>zEW6*?q@%6n}1K5PBmE=UqBHe?Rz@mMmQFe%DqF=-}zc~Z<#6+2Aje?btl8G#^
zr2CH!G-I51=Th9gTTB%2Bxwq6aLgc2GS?E=DoCQ^jjV6gAcm5wYn!Zw<qex&n7l4+
z8kd3GPo&#aQG|Y~;M;EqQQ#kfpb^HLy%6>8@w^ma)&@s=D?TVH<`rIm;rDieFm~;{
zk$Hs)W;ByErtnG6S>58p-*?Mvi4aVymnVDgG6b%l>#ck*O$n4r;9&L&l|~M}T)QSf
zeEt8U>%HTte*4GqoG4MKjFeR(86}c3Ps1n~Wn~maR%Nebop)P83E3i%l|uH2R1y-B
z?5u-~viI+Kz0OPN{(OJ`+>hS3bFTBeo_k-Bo^K%9AbE$M-0S@k_oxJr7Jpu6K1$)R
z5=)YYiehx{DB2dji;y4Lx1Ect-jZn=swgMsr_+Dc%Gn^M;i2|_V#k7WvNkg)s|z~i
z6w9)M<y(fS<I_;K15|{Nbt#1zm&Y$EzVs*>2)iTF^8?=SP@zg@a9Y=c4{OC}0U6^@
zguKCBMYeSi#@U*#X;F}w1a#+ubIDu0s(M|!gdKwq8fhfcLObV8=ltcd3m%Q#fd3Qm
znxfbhc+P?I(^XaY0ir@fV@Uaeh*UB<9%F{Rm+#NR!#qA`Xn+SHr~W<F86IXBp4k5$
zcPFXoL;#KC@#Xj8Au2BFiOr9<2OYbSZl`!8@H4Nk;fKC;k2zr=-vfScnkT(6ln-eM
z3K5S35l=KRQ(lyWhde@uOwr$<4)m2(R%!Y|WR9GklgQg3+geztp5e`2DjRqRFLepz
z043gRHg%;?0u~3X4R#u2_;?BmLPF_9nS-HsYR#68c2p^fUv>&+%EtJpoM3&R@Y_3l
zTkHQe)>qSV3^&yL{DnP}tOnUOrnV-TgHV{Gr8yu~-ce2W19Kp!eZ9j~<*#?~;<n-u
zqR7ec!#G;ZX&8jrJ%Zn&(B6GVdM7Z{<F~KNB$y1|l|vhyJb*ByRCNdk`vF+>dl8%_
zI7;$1Ssc)R;#p4~II|WY<}o8dQuA>c+cl*Ui4HL&3O$61s%KX!cN;SF;OXU<{Rn{L
zL8Lz{;rgyoK@8Y|*kJ;htc3uXqhDDQpzhfN?=MEYxrdll7Inqix|46!aed&xtuV78
zkfURr81zgcrtPq&s+rDf`LGfGOPTs%g<5!|`G@a6m_?-zR>N}$t4NE~Eso!#!!vNT
z_&*uDah{I%VO;5OI6Txf7{$vmB+)VRhSJqFzP&?Qk=sHIw^?*Tz)0Wfw`{?DBS^1!
z_q5~%AwHs(IeOshC7!FSz3+UQI$!o0wZLBUJ+`J5<hI%fywQSL2f$8$zC6wtV?c^4
zbIZOhh5Ra%GYycH8C|OSw&w<{2K=0O&C~JnRW{h*yFkw|=T|Eqh4(*_N+B)4wuf&G
z?(mHZ8sD;galsE>TXKe-3z6T}#oqJsP^gYm$wL`S<q{WP(sTqKjx$4`m1Dea9|z77
zE>!Yg$E|zU6R3Z%jtVzT|K8j8tH<yym@a<f3i6xz2)uEQSp~j#W=3=?{yj!26~!r1
zFEdi8%29mbGMZmmZxb_W>6!=E+EELgfR8=h2`4<_k-*Cp%tzn^CQH#}UN9n=Ww1Qt
z&cmGF&xOR_!cE{-4XfLlf~VcsvPxrsdaDey8*CIk>MHP43ZFt2+XT&Ov^p6$Q_6w&
zQ~h2KUhLCSH%`{vnOVM_r_ruk?-BgG5JbL57ji<a<Mfxscs+=*tMX_be%P0d>5mMg
z{PZDcmP3_}>HqxpU&!^_{|jm##>Q0b5^MPDG4V&eVW5lt+gU1#vk-7pRy&2GjK5lN
zG!m1?EN(`s)-d|<HiHMjbA{yAw-HMnAzeyj0Y5f5KmqDgNNL=mdDv%+d8jcir0!c`
z@GeN3x})NAYREerdG+%-RylNIvp6G`=d#}%SH?F%8SgRGUyrZ8h8Oev_qU!ngm?$0
zfm5&fjV1^-d^h2D&HB9?sPvn~cFeM<%?-c$EAZE<t92@IyfF}h?JBACAT-g^Dap7f
z6#jjRbS3qg&iJ+Ud*Ozk<3MHk8#64YbN`3y?|XAw=AE)%4_sf(CVFk$JtXPp6&PbQ
zIGiKc&kTO%QKr$eCbZ-{eD+!l(s0!`w3mbHa|F+)6)O7j@Z+aCY>Q!m@c^nGagu=k
zFz|E+!&o%IsfKA-v)U4exE3&YFL+}YE{JZMM%Q;n<!}I7Lo)2sro|gi#iYAmi#=zC
z`NpH0Y{&WoI-Ky`h)*GajgWf226qT#Xy%mz6VP7M#MqMFF!N73`(7MB8MX0j!zb9U
zNGhOqZ~TBkhr#g`RF)q7C44CRgH}vaCbQYIlC8UlF~13B4|F8U?G0L6e0*1t+^L20
zqyKis{RDlPA^CMRMN<SkfyF@8=}xMk>tbdJFpl$Ped0jRRcQEgoxC{lTM!!Rf3sL*
z!Efst+TeHALBCyL6++>`4+`L(v6)2zGuokfc^{=MMy~c-jj9#kmGfDGNb<&b|0D&9
zd>RYDSC5`=#G8!*f{7UyE6AC`S&-2#fP^1isdi;igpNqukL^U`Ed*;h&cF4df4c?(
z!oBk+9pb)%`@+JiA(L{>zKSXBoSMQhl#Yh(#XpZTd_b*|+jLWL-F|4@^aK7~7OeoS
zB~^KuReW}<_3c)XjH2Wq?OG_)t|tXI+`088O`QTT&uWmb^%@em7un7G*(z%cdy11O
zF$Z=^L$UdQAlF5i&Y>&ZYrGWS1=>8=#1jxn%;=v}bk5VqTRwh+j8tnH7~%L!0_~s{
zq-g?%c29anE_W``sWh9~)yaN0^wZxG>X>_HyD))A4FA&|6hZTlZy%<b0{pypT#)ip
zuqfZuq44295Md1#s`f)k50BeXq&Wu&-Bn#ormz=<+_pPn?wpCFKWtb0H%tJ@hd+LS
zC`0Y&scjSxDU=n+g`cR{Jl)>8t1_IwhUqnO0VsdM^o1Aj{?da{8w#o@e>o<Mf_ZpD
z@eWPW##!rxEkEzlHGGH{py(%@>CkwB{=@IM%wT^aRzOi_&sBnSS@yWgjDrAS<)Kf(
zPl|Y*IJxo=jnh=+Zy)jx*Qc{gsGt8^w#Ojc1uU?KdgT#J2RAAQZ+jhNVC<s8P#JkR
zZn@NiNz*KRzCYXwxzK=s4=OQ{x=OPE9+87^4O{~?$NaI;4tQ|w^m}96amCRPPy|<*
zeWs6Vl;4{Ydm0{i0-Q{@OMac_1z+&sf2qcgVE5#cR{Lx%8cm^{E1_Dy6KXt6(Sf)M
zI8W#6JDvPVbYTKA-Vz8QHs^ZM3UbBmA)&EbW83qa`c-EW%Rl*@!YNTmJI#{CCh{I<
z?wgyS6SwQ+lT8=EH`O{~Y}5R(?4oLSn_u7B5D6D}35K|jMp269Pp5AT9o$>{L+lm`
z37!%vT4#s9`R|_rL&GCZm2px$uBzaC`TVE5PJjzj0&kqB)P3QeQi`1lVj0a2`}j=9
z7~>fp2C9r3T^}+8Aj_>@B3w70Qa5~jpZt|mLmPP@wa;Gq(unE@1?df-chl7NC{P;4
zVwp#IRUcWh!7H%rbdN8FZMVLqnjMx350FHhXADF2C3jE+_xJYgph%N8qz%)o%<#oV
zJ2s~K8tlBw3e7~h>riy+s8N$D&l%5~p54_{)30oW>P6h}&d0pt?BOyY3i4so!lI65
z?@xAV3PUorWR2`V_HdREd|$17{~(0Jky+`J>zMAGDsj2LC1Z~n_C*a<&<0k$+FFzw
zZ>4e>QVO&Jw=p0N!Ul)8YR`oZsjNFK4u3w#Cn`0NP^Zap4yO$tD`0EWuH`)oBqo>!
z!|X2cBf%{E+4``f4rWe$-YN9px@_LEZK}@F@i-f$#Ue4$ySPDX|I1QJ6#kMHR9NuI
zd(g-)Lo+Gse?Wa$YxZG=))omsD9N9?#eH_;ZAlD7Z{l6h0xA)I)>=!6-`Mqu$(a+l
z9()0)kYt9}pSy)-Jvlh*#Ub+rU%R6T8WVF+5q7jt>e@$-g|blnj<Rvf!`h7(QBy-V
zAM}$TPe#{emK_qmMpRzJBMHc9HUu;|=>5cn;sgp7OP{ifQII`)7(4`SVN{qQhM_0-
zEDt24uBZ7#u4dAOpFbwjk+1kS&G%0e6jL-<_#c(IcYw!~h_K46Z@=52ZxTljZcu`@
zaAHS__xrjCmS1>FlK`s6>WQ0!$BTr#<gWLB>GUZ0X`&SnGwTXdNcNf1OSD1{yltOO
z>lDP5Tha~yH|V4frPUr{+q4BrY%9j5VfrcJU={;|$Vg;Z{4F@uR^Qm&eSF;D&q~;M
zl+(U4upZB8D^v6Hzb9fUW(~o|mp#U;{^<`7#q=;fB99x%u3aLwc+D#G=T-0&8)RDe
z0)J4TcmR19r7%}WHwNUEEJpQxG4qQ!vKA5p9K(&87RNWEE7|H8U-(#+V6Iw#>#~oi
zyj@+uj`9ic_faD%`7b%l@UMXTL}<0$I$?I;{v`<sQkiUdN4=;7_~|4~0(737cdS=W
zNKh_Vrk8MsjRc=s)Dt`&+g@*#WxQKbmjK7U+L+F4cOcF3wV;xvl@(h1%uNjyKKX)Q
z%TJ$Z*aPt&?)p56>og{Qk)B>LxD}Bf5j!+9xpthoTR>Jt1aw$OrgzXCwM(wJH~;7?
z@Y+xI{hkyt<#F{(zlY396RZ_<^Rqqhsz1x>maSVbN|cva!tc~=J%<B%5lyFFTXP?G
zh-fzlJ2;?x0hC(eR@Wp{Q6DH*>=B?eEOb07c?-)&)$Nw8#v>HBb+6m+j{mMBU8xDC
z6M0sX;*Np?a7OdW>B9%L)$Svh3%%ceDM%Q_^Mi@rz-2TK1t`{rDZiwi#bxBZ=Y~7c
zkokmi=+>tFDGl}1%tM-S^{AaeZqws&&Msa?EUf_)u!l~k5NR((yl>f&`dQjZTZ|*t
zQ-6}HS|w4=Z;+~!$Sr~A)p<t!y+^hzDNo}shH20M9t2HKt;e{W#~uQwW1dvB@avzb
zf#R^&Ei~&z=Nsxz9bBJkn&3mw(>ks#8R=R5-W>aiH!&CNcxBMuI6VBQ-uO6dSeX5+
zbl>WHU>+25WZYQG|0#v4Qo&p?`8<Jo2iuly-0Mub;vNXW4`JMv_z=(#^lCRNhC+Bu
z@5)nFHJ{Q4?@(5V))Y81B7WHT3O9HC+Djz}3}_|yX1P;+@g@GiqQFZy;BKHfnF3VF
zS}OVP?&+h5tt{y{xCN!2^@o}n_)Pp^JE%{-DP30RTfvYue2AmC84xaOM*U)0kXQxy
zy-Y2Wa9~^Ge*G*{$E`l!0kb6ukU?0ef6GOoc1#O=x2HO~7U!fTmd8b6Z!qeLF^SSk
ztge3)rj??Ot99NEvpR8}He9L4Bd+tHqru&xorF4Zy3#bn3Z~nQS*=);`ZJ%OiS~=r
zLHE@ud01<%@JCot`3jY1G4%1+?y#Ns&b$tR^npmM-G_elQ8*<`C5aP?3?ir~X%(of
z6auFDH3jg>Ezd^f;U6y=tgsM}=OQ$&Dt;8P+Oq*Q9r^ip^KVeWbYo`8w`q&VkGDz}
zR$ii9+?&{sj6?JhDog`W5$*!f%$h7hkf4h(K^vmDg?8X|$oc*jOMEg0@(eo|8!iR*
z4ZZ$TzWzT+P0xZushvmxec7mN7Aq+C%p}xIi0&`d(gbL|N-(OzO%r|LCKpfdhN=@{
zv<{y>*n9&23b^b2!-PL&wS>O>Yr}D(w;EXf5*h*wdG48h3q?)zVQ=D9fW9(Znito8
z)wGYdyRUhRc6UA988iKOlc`S?6d&0mcO*Q6FN~fmS>HLud=9@W3k2+G8e%soKF9^O
z(Joa=@4<%?@VOMzIU8NI*=z^Yqb#?pL%O`r(H+lYKZ100PD-da4hPgRp#1}UGmls8
z3<$I>Cu2NKul{&LT_@k1GBmE51vPBa%e%Frha?zqox!7V2!!@yycQ9=3eP#x1GRmw
z@5GCL6s|g^=1nvsn8leXHoKJBf02ybj1d2%1cp%9JbPC!Up^FFK0?+6zr5VW$G>>1
zckw&J^^7&BGES{!Il1J1=y<!<J@|<n=d*{uY2!?)1?D{`>?#Xo)ccN3$M^fsElk)@
z#p2Z_(QOh!O^eM}I3(uen?ezEwrM54Bb)m2{v^_k;Op~;nDH@GXfYJCNf1T0gLr~)
z-=u~~?XFmsnP1ON36%{<TXIvi^DX`f5@M{7$61-^N+Dr4K{rkHrhcDZDV7+7IScCp
zR&I}XXPJI=J`oTG9yrv2(Aa!^&^j&*SAfeCs3swn`X9v``bFpK=<^2FHr@A|qGN)N
zIz3teIkP8HXTr^{F!uH#?GwQwDm|TYXNqzFyl4+ek4LI6aZcDph+615f*2}~aQ{|c
z!!sc%*Gu;mFO4c@Vi+5talh@V-iZ$lYa9m3(eZ1eLNZtvXHwHP-3z;zkQAS0u>gJ_
zIAmdxYL>92g)5V#52+MLaW{n*9gUd8a@_DWn4tU5mXZxYXT<P|UTgM0goP_lcYi)f
z7x222R^T%mKg*gU-o%^KW;Qbnr(k0Z-uQG7>ZmxIqc6`Bbj|q7U}eV4>WzpbK07{#
z-ggrd$`a_h>&`(p{=jHeDP-WBfJyI)?mHChmcJD@^R&zmxaSCjieg*~chM#dLf6W`
z^L>Cafg`MaTSbrJGu}ztQHPcl^$yflhtLMXNLR{M@@?5}8yJ7}m+DcA0UfGwkV@gh
zkEh4>_yp4PZYM(Xpf!K0B9{W5Ycv!F@L%3n$Bscy`c9upcv~S3WkYDrqt%PZ{GecG
ze|{(Uoku(J`qt|5K8S_iLpEj)1kptS@7Cf}45djs8_mEQmnC-F_$T~-0*}0RnA&|g
zKQl}jAQvbuneMiLwm@Mo9^~6&X38Cs0n_3K<tVH}{ZR<TR88T!AGdiw09wTu6MO>7
zkKg&>PJ!W(QOVf#%IKpT(VgLdf4h=no)Q{uj70iBY(TY*^357Igw@o#V<}_tANO`h
zAN?E0LMj;QfcH6YEIiWc=#>RG=~*>Q$OyzB$RB>WeBhq=7C@Od#KP|80#^ykEBDAJ
zfKWpGD4&g>xXApt(2fsA#Rk>b9n7H|#jFmNrM%+qAFvIKp@$w?(Y1$pe3uvff4=E$
zq?}K*$M<Y$sFAu4l}Zjj<}<ARi9AMy%}~@;*mgRz%Tl7b_T3&^AobJTwlI|)R%N;T
zzK6ycxJK!-cO^La_EXP)2)q@00REHdNPax6-lM^o*5G@w-DqW{Kz2zLM9)3dh%GS4
zTS0PNgnFRnioPH7h~U}1`{H+apqNCUOFYcFYd2kKdBx2Kkjk*8lJsZY>&10XqacFv
z?7Y@dK*H9m%$OW9YoHyi@ND3ojt@V!ehCV#5IrQzrTaM+To@vF+5zk_lTD`01Faq(
zv3Un>>a=RLn|I-16zPJkc@UY)&KED$xR1K{JxM5Cg#q&)a5T%wqyY3E#?yof2i87V
zv{bXy*xbqZj`lz4rL)uk^%lbt|BUO~o;Cbu_>}KCCxQ9`Yx+ZtU$2(tmV|FWrC@Zp
zNAcGh^JA0?cEg!`>M@<@`Ve}z6`Y|*y+OHoY%rLn|LL&e{v?Ab*=@qHj`Ts$BuM?~
zL>298e>0XFb3_L^VEJm=mf!Oo;ycPb@?jhbo_$hV^J`!#=(Cj`gGmm1Ef&3MsRCZC
z*jX6i^R(;FLX)qj7IoCpm8LJXN2^c#Hc^M+obFR(#0EXAh(#A=YI1QN-3@PyY_e`C
z(yxA_Yg=D&y4ImsxX52PH+Qzm=+a30HJn@5gR3Hw^Mn<l#=As`@B((9-tX$2^Qib;
z8|>#<v+ogGoJm~gJ5KrO^)yBaAiE%DIR~F#&i-D`?hE83#@rxe4;wj@S&)7Q3$wH)
zddcuktD48Bnst>;4G=aoYG6kbcO!o!^uTo#=#yf>>ys#LW*dxNU-P9lI-t9#tNMCV
z%Uu0-xM>n3P7EV1f5er=Bh8NLvP(T2t~5#>ZqLbeoek2Gdc{A5Ij`V(<}Z+PP<ww$
z2%}5KG2_MT_<&EeayA)`<5vY|hVmCm{N-jWVd9x2NauRX*6x*61sT^P(ZtlTouLL(
z?vesWdaL)acsQSgrmrV$x&7a9kKkYY+%4%`w1bTdSD)O9kK6mSqUSm^DT+FH2!<3n
zq5xfx?s1TQM9Lq~)jQn!PKkjt-LnnAcW*mgn^1Q7fd2X6?4G)OXePuo*DNT%;mvr~
z8Q!|MXB1p|QU0^O)NG1=(TI(~0VyNfLfAC0n^d{zo2->i!}w1827MGy8O(WnCUEg-
z`i>iBYK=G5ia`HmMO7naZh_H7L7x9qQ`D#@Uo)0{Y)(zvFU;A>qRGGZs?Hhyl&uh~
zZlbDWX4_S3e=5Ro3$z#XY#tQ|?d<zWPUnKryPsA(6{;Ezk>M}!j-e7`VEpSdhbT4Q
z2-^7x2Nxr=!0RHMvIY0ddS@LU=ZWnrpdyC?Q}Q9EJpKE-!d72ok)ak>!E5Tyy~Q(c
zaXR|u=fvzht`GKoy@TESmr+A1Fv@4Nc3{c5nqtRx5n$E-d6TQzyEdpOO}z~ocr#U0
z5M_03>vC}g9m)aw+h_KO{ygcF4@j^pB6srt%;<B&W3C%9JU{X1e>GhJ+5UNQMk`E7
zcIzpdpR#xLYV;=_5*S=|-9VCmQ4f1wjdQ*3V{xodn8hRbVxhxkXM6G2_+%9sRo0i=
z+(?^AFcotCQfl#DV0USmB_o@o&08aK&#8*T`n8W)6^3*5%j=L3rOQ|z7dr951PG%G
z(}StD!PB+ox$wyQsNSX#ETASf0&34{9->TLyF>GWeV>=XqN}<8$iw)!_W7)@U3v`M
zS|zV)uhU5_uWSXFbE)0eZm}+!Ju5gno|yf0vUK3bBn*|}iuo*3%*!Qm$SY75V9Vs^
z_e}-+4ToOt*gWj!H(GLQD@BhZDroSN@{K+PTjm699pq6_h`#CCl)JlG(7;?9k8u7m
zmZNux`3($vy^Ll|z2v2VyZpZ!_o0PuFs`%a(pxMbq;NXzqaz*fB9qTw_-J2ScH(Oc
z9L+TaFYlf4%(&_n0u38T3Bl+jV1eh*4Zs-k?_8x}efE@J&G7JCVSL=&v%$GzFq-nr
zVF!g{kUBZN?#v!H*ZvbG&&e5aUNi1|J0&e)#u{CSGz@wtKO2qZ!0`t+Ld@Jb!QKCf
zK~B}GpIo=Kskmr~tT-7-#w+L8cb?F}IMAD_n6l%C!vIFVju;0A=hGI;Ir3Hr>s@Sm
zDBZ!fJ4R>y8*JU{mCu%aseK;k`T7m$1lzH;Pv-u=kUFElfi!f^ob3VM`~JbwcOLr5
zRmI2FY$_ONc^cW0vaHGSP=`}>1ytz)_Kss{r~|fBnLRt-PyS?4b7i`-E4*(w8xN{6
zNUdmPMqL)4>=e5f?>%{ce0di@tomAe_iwZ|i=T$`XZnk9O`{EUfV3m5<rpz?*L{*V
zVyIGl?XulKN-EnC=E+}#iUe?HM=b*kSwO*n6go#383RVvqtz2(@%VZmS5G?EvKiNo
zhG0G1b06?xUn#ju{2f2pYB*W5`<0`kCtC~57Q%CvZl0V2__hfQ<Q8f!nWBv_%xk^S
zPqrZmhxo`{X-Uj3t*lmU##Pt99+eul77=<}*gy;PmAZeaD0?BYEi(G`N=SFvE(v)x
z)~L^oM7=sEID1*<xK~BhpYz6mrJ|>PQA$$>H^Pe?bTHxP(2(xvDAxjPTGr6?++C`U
z(rSUAgp4z7OOAuYNu$UQ@p~iZMFJW@cNYe-yzZ5jv{~k@8ejykw)bEaF?w~B@4dIZ
zTl~;;VGf9^rs-m-a3_{t$2b{2!lO%C>tDrC%~DXOcMcfq{-u`=W0P;%YMWZyaA{3|
z0On80qk8kVCK)t5P(3Fw<`L{y9Wnj%IvRxIjf)Zq_J4iuFR4t0MCJBv9roN8er1>b
zk}}Uoe60LH0i1p>x@yznhqv1>Mzlpf^7=d36o6BRzkha|x32h73)=+CIF9tpac$$?
zaQxIaoVrMWh%+=??j9KqWeL%;V;{RkgMH+-HKP{*@||p*v+=MC0=fCB5Ahh@sO5Om
ziwZU$2zHToI5x@6rvi&-<ZX`TM~;OxG~L!o<SKG^%h%{y?scSCz|GS?DpD8K9CeHc
z;JY2Ms5kJ44DUVeP`rN1Y<Ry(Ei}LZ$jSzgyvB+S09QQPL$K$V3}8iW17r_MCz^FL
zMwA(`t6`@?^QrCJn=DbMi#swVCFWleUulicezE0xIsQxe$eEFrPqII^<<<CAP{vF&
zn894enj+^GjEXHm$R@kATG1{z0(f~c<U@#h)y@y+^i~}IYV-8(&>*i@bqhH?JA_#l
ze%(2uTqL>78tR~S<RxBG`i3KfYh;!Rwq#siI(|DoZt1~?;dU3U>RYf-;HT7QJavvC
zFLWK!o022dreBM0$+HT41g2BUYR!EvotwKXbM6pj&A+_uf-@az;D;wq1tY*C$xuBG
zsW}-NVFQy?oS)!RA5L`83oV)|%pK2H&=;Kj+3_$uzj<hKndeA}0BW3CG1j~WZv*Kh
zvz%KjvTswm`OUnae7O!yzXUMf!p%R%%8!)bIi;N~O9P5m*BJhIz-k9>SwuxuD-0N^
zjr>L(G?43uMrV!%zEv10s_6<AF2UPt^)<tLKFyi-llztiQ>CNCKYoDSt*#xnpZYpV
z;FWVECfi7+&ZCghf|T|IFKNdfmWA3?(l+PhjMi0DwJqxi8!DRfSl${HWIkWsUj|D*
z)rWTXR>Gjy=rhfn*B5z5$<5M`qSgMZgsD%nDeFvM9slV(Fl05VN!qcO#ltPLLbc7t
zXu8_{`&%r1b_em<@ccb2ysD;!O@e3<q4^~1SSsMSvJyfPm}t7}%xQs~9Gu}u_0+@i
zc^hGEtmY;4qkZ(u9>^GZF1)u=ww_(K9NVE$l8&M*y=Vqt-<)%rj0+R!-)5DmWUo-Z
zh}872l-xQx_bKma5R2y*Qo++8G4MsCZgiWC=tfeyRpD1Pn4C8t5nV-^B8(M_xD0dc
zX%xRD%()=v@x1tP;Z;7^D9s0JJ(qXVB58IbWOEzRLt^GxV@z;0i$Ep#AZw$cPqk$p
zH$pGzAH!qDEIe4A9#kbfR6cU<%A?a@+?wKtlD%51((FY3G8d0%x_5B~<4IS`)evLA
zVwQsOoE=;NE#tCF?zwl4ic_W{R*uhs^AB^w%+N7+>h@HVou1TehRkXYS9s&vw&C)1
z()vieZ3r=f5NR-5DtXp%@#RIK0AZH1uNyMe?iF0i-N?W=kl=EalA?$OtLe9=hk!*E
z8H8)ix6jWEeQj!uceCjy|NJsB-9Gi|k|ExPf)Q+7q+?{jqt40Wf*x2OPGkGAsg}Jx
z5uNT*43uh52@i5|$%n8u2*K?dU*lg?|1bcDTv=)aHUSQXn)Yj8)kg~PiB^P+$j~?0
z!&OheM%|KQ5f}rs#_4%xuuM8L)C^Bj;`C#X-QiG8f<{~bqHo>h7bCY}sqmPbV5^*p
zl6l}Om?(;R%onjC4ez5zEHJ)%wELRS%=q!f3CoK{VAo;*#Zvi|6rII%AH3!L&sky8
z1U#i(qp@Q@I|Q$QM&u87f$eCrDhIb2EH_60q-1TLtJb4c`DSaU2EJDQ(mn&{6%49K
zpTB0Z^wS#mL7Cy^r=IEspqoKX`1=oMWx7P|W?{}qPes^aWfV>dkV|3x%cRh)Hqz@6
zGhuro2-${7!*Xjn`EAh@%h0g{l<GaxpD2?_Izf+iVl6e>^O?XH)&a}Hv2<}2S7*WS
zcUgFk9pYx9E@WQ9Ia^rjSFP2)0*Zw>Joy^Dx7Ihlhe8|TKM?A`>tH%C!2<rQ*vQg3
zDYq=KU(DMB0?pTj^BLaI+Jg7Oz`1V;>P5xecH>RA&y|DkmBg29#V2`}qOXZ7XI^Y~
zKo?h8WnV)Cr@K^n#d<Q7QXyL7(&&IS0OxyQ)52;oDSRsd0@#QkIecz|<gnq;py95w
zdo+6DW7U<STR5Uxc3M*cm3`1X_x{n9m#DG;UXuNLhxIp4t0*OSz1fv<qj;wO@a%?5
zcz*(XViie+CTf8^@*`x&23ukfaA@VjmYq>8!uV+~p_=&qp`{&uT1FEc1nqYfK|uQx
zX5U4I+72$B{GS8qY0&P#wARN(qYm8b`I*YVuH1YW{x<M2MXmF&0-er?iKroMc5tKX
zSfABFxy#4m!SNigyJB|aZx;mOiU+6w6txKB)NC{B^W=j8n^Js|_jXC%$FaE{cxa!g
zo-f8jJD`$W1{;Cm>cHEY-CZmt%>oW!sAt)7V+GQOkZIo=-NvA)%P$Ahg;Iol;A`p&
z=jzGiTDDNUkqe;j{I*wKK#?H?Uft}6@4H2~Ea^*0EiBPew&;ERVsi$i#1RgWL=<49
zEdS#CIhcs)r+fQaYh16e``NGVUOP&-nV1Li(;zM^N4d6gaEZ^t3^CYGZA$(YIPs(8
zaOwU7NfPL<_?dE>T<2R0!PT0D=H)LN(KHR4{N87EXO0^jx84e&NBq+`NtBm{P!^SP
zrgZ!;fH%Qvo;;3+@qs37NRlRtXD8LRM2~lA&AwWJ1}3S>WB#`R5l0?8C>dG0wtfFL
zyR=xRFvs(rA{;K(JFq@o$TEQ2se35@0%9&e#r49t^l7*2ib^HG0q530wxP4hpYh8T
ztxJF5h7HT^W6`%G-)BzGh~2B)J_$S;&M&E6<Fw+`>22CU8A6zS1s?b{cAC~soneuD
zBHeLZiDPwf?oz{jc*AzQWXOVoUkoWEMuOx>)eUJzbNQd6f)Z3J3SK92>vQkQ<c8vu
zOA>^94%X-fL{X!5&Soeb$iK2Rfm)c;gO2xR2yDrkA6%N>aWi;7o|Hld6L$p6bIvs{
zb#3?crS@EEw*iiL_qsLruKRFEbyYXT3(z<PeCxxna|YdXG`ob}h+JLB4Cn4qX_tP{
z`j~;SxTtArMr}DQ4hMH!hb7lGw}r$5xt(2u!b;jz6h@wXJr}f9U+)`3g=!CeumT(`
zXr_G<9c;TJ9Uj7d=ykb|{*2VDdx+<h+`=zU<*40%dbQ!)7%vi95H;a4HEUB6%0>su
z^+?zhcfs`4UkjH|gCksNWpx5_ZDYlH!~MJg;x+*A8q<>OuFWQBf#TZB<^6vt_k(r1
zSDvwy{5V=TBZm&$fZTz1AJ4(8V*Wf)37xu%^l;sDvv$QMvmErT&yld!2v!89*VkRt
z5B4iMnV4O}Etkt~mZm=8{4nmX;s!a-@tm{Dnd;fFm7VsCVBWR*+~`)rw!&au^r0AG
z5aNp!k1#a@nF$z^+gZ82Id3yav5Q(Ohjwy9smsz-NGrzxKDLB0h1$A$MJcb4#p0ra
zS??<|sUag6-aYxwQ`uT<nR`JQ>h2D|0LgH~z2&;w&U^LUQ4Aq??d4qH-+9xqxdYyl
zIC)!XN&cEkTkE?AJ?o@*TD=qr3Hkl?oZGWr5#45wwzQ<@i;K}uw3af3D_$#$JStZ;
zeCt8AW}V))bq~*2uVN2Xj}m`xx?{}jt;4<sCf>2z@?LURx3gemz;r{Va);N_sKRUq
zqol$9u6|W*t#R_#hWmAk_hs_J#nI<tiU_PX2Aj9>Vq&(BS}Ib_&DG|juXwY^$KLPO
zZodbu@;4I9mlBrd#R{k1OqBSXz?1ku28*<kRDbJdUQ3Jjdev-iiEn0+<??h2oXJqy
z*0sDvMB^wGeW}D{pY7;tCDVj^j8O@K43!7+yvgL+s%mKy>)|9adCV5Go=BeoC!UCz
z{T`HD_`$*;#XFH)A;aBfpw^(;M`7B})Nr6GIrb37Y)0@7)=t^Qrn)y>MV!Z!{DmZ^
z3)G9JMLi~p<=E$AVc|8#J?P+ZnxeTe^Zqz>`IrZXiCW{Pi4Fg`Io0J-l3x1{m;7hD
zInROtV=p$>@i8kYDVZnxNC4-$(KQjXeM?J&jtjjl-nu{W;tPhq*{~q_g=v;M>j|;3
zCK}1%)yd&C6mt{f2!O`Be4fS_ZLh7PZA-p`%Y8*}IC0h6b``_oeIZ3lgOYYM+J6uH
z%tI=kUufR%QWd=`&OlI5N-Z<5zaVc0*D@#AM(-w%Gf-;o<20;p?L!XsKl43yv@yiS
z@iMp9PycTAuVZU>pEtW5{rBoj%I%9@(ed)0Gu!WCfSv*<{TcjC?j=#|&NE@-!>%7Y
z_9!9t{zaI}zuljGd+^sy1H)5}j+e)Zmj)aAzdO~|zD!E`L;gpCwqpx}{Y&$GA@K~w
zU%OaYINPHJddCEhS5gi=!J5uvXg}qPc@eXOF?o@A>jV|vGek#64)Xn}wD^&wNhia@
zL4V<779K5=PfE0qJgJziq2-uK4tHx%CC^<`vT>fKWLKE^jiJ;37CTIlg6R`VAG;tg
zBH!fhlF)vH`k2yf(V{)S8(gCA_<5#wuEm%M$=_=_ty8tpp4$bbl$I0}`ZPTBGV<1W
zJaG}vqtO15ARJm>&5kvsjMH$<`+EiSxC`C!^J`$?<Q#mC@B9PZrUz6Wn^4hmlxx-v
z3gNPO+RC=}h3AA3_EQ><ydk*$elZ=f(CF)uuVby_?)~MU!y*o&I|H8|RQY?`kDHlT
zA`{Hvz#N98*^cUr!}&uLPb!NI5I4t48J~^VrQzX{E>a9!bH)TH5Ve8=+j#_~jG~Vz
z^kvANy*ku%FEgv?np<`|rv8XSG{UrvMfhtS*Qvj{sjsm~8D8&JQ3NayXL3qG>Af3H
zet=iQhU!%9%q*{<RP@l*puUluLkqAA3uE1XRD=U{UaPhKsN?7%sTt>cetsE%A@k?U
zYX!ZD3p4;u|AR!bOj?L`s<qk+>(jVOd`K-!8&WS~0u`=Rq@t4FKg_<jwIuAjNClVb
zSRj*a<o!gF{-AmlDQw*xpXx>?fa>zzWW&~{=UP*6-!Pu`4AY)?d^M#9$vPpNtL^Nw
zeZ1(T(e|ZA;MIxTZ?S(7#gup#6p8zNKzNPw<Btuh144!24Y-&xBQbUSc#tBdqvM@p
znb{7?Cbs}dU88^`y(D}d1dt>TNV@8_Lr}_pFi|_%YumLGu38e<G*n3nT(9Otn-e<5
z*pw6)sOIMAb+LOaf=P%+O6seoqhm^f)gN^<!340pU<Bef`JK+q(_6^C*%ue_;|#_~
zqT&FOc$~|5^j}-FJ1Slz!%iO8`Z|ti#7M%xNN3a={)mm45U@dXF<kI<mzL+Ze9OYR
z{Hv`L864OHtUb&rhB<#^dJgVLcq1w0OX34yryMij@C>a#X-nft#NFdWEk~}#<4HP_
zsq!;UR~~MH6}w0)Xl_jBkzp}o!z|iynxuSdfBzOI>E|ZhGoX4TG&lVtDJ7Swfe##t
zmtK@R+W%}XpSkfqc|ONw%*|<YK1Jy2^+4f9=9^rmC|n4^PpJ2`+8MmhzD_28O9Rj*
zwD5WaAT$qwc6BN)HY9uOEV1V$O;UM>QepTvoQBoNinUN?sDQWTTYK7Eemh#$YXQ0p
zO^*FTL{Se!#803I?Cz)JeapXFm>0T?Eu;w2A}Me6k?DU9aXgJz8r*Ls3>18Q2!uvf
zn<AkA^J726Qq_opirQ(5XAN70@#KON3y5!HHRY+oahl!{;rO)M*DozuGjVb@@Ay}Q
zyIBxV>LP_g{#fHCnK3fNp%|h~X-~QVe9mxQ3#$>>(_Xe2jt@#OICLU86jLWwESw7=
z#U7lx8hp!|4jPb=_`P9aiF_}i+c01@Iq(eIf&x7oaiE-}oXa00wu#w0+Tj)TKtLJL
zb2+1EemHQvJe&JHtM(s+dlS>)dd8o#Ki>86q>l^W){U}$HdM86MDfyNj9~o0qE`l9
z=R$lI!$Z2?5Sdx@O7rub4OyGumUD9OKP&Ynvg2oJvXf;ay`rM_+7uU7*4(6($?58y
zJfeRQ9cU2*;OS&Fn}Yag_<28$w|8@Ldm0<3e$RI)pG^KW6oC&gKyQ^1;?OQntxSb-
znH<f;yf%Xm?S>B5=a>`EVl^&BCg4;;@KH<>r3ejEYiv?S)cP)@ZQ28L4A%Nr689m)
z&9PQ{Ba5tZe2NF7dx)*x2625rX(kakls@dT55OmIJf?Z*+0A?vz70)h*3yp0#d+y*
zj{2PKqP^qC^=Fn3#3UE-{X^B`h@zG{ZEi*3I$q6Ty?kdW9SDX3#)qemaP7sy+Dw{Y
zt}Dod)D@)+!ZP`s><CDuh-+CJ9j~n&8vOILCG~(XNVvKSoNO1V-EcEH__R~qvKS%1
zg)`51Jw_EavZK^<{bQLDM-gSY|5fp#Q6<@4i^3kW<+s5-OQ8o=G5Vm{0&9T7Tfvqw
zOIokSvP))kXPB(bjH*!Qq5_?a$Eb|9%dzG#UL*t|{|dnt)fjG;g|3je$ZqlzxH)6F
zR?A_=Ym$Y!lEsuTxg-V5P)*+IG^|wVK?>{&94Gg&Y~8>NEYhe|TWc3A_{XL2-NPg3
z=9qE5nu!G#=ZC&W&yW<e<$bE%hIIt*KMr>d%(L8s2y&+5*WToQ^61kJ_ARqlL0Q)X
zvfC5`tF*vQE`S{2Lo^ilu3~<Vl!4Z`f>ckjPV2m<{m<Q<zojkLpfe2Myru<lH~8@W
zBOT<?gR(PDsT&>k-F*Y+t<Cq%*L57vv9JCk^IMd_Z#-yK7Rf8<b}-?gzm(L$<NjU`
z?&#Pv-bY@JDsW!QjXhx~A4A8MSfu&B_0>&DyE~ot{J02~AC4YVVqC6KA|uEIifFs9
zxz8ORxuajcaW<%qHdKvLyj)Qskgtq~E@#m_KogBj6sen^k5r@wFX#OMy?<HwI#80)
z`R+F%L8&7zeYe6nj3ZZ1<oH^%^8p}XyFsaidPty7Q)b@u(Yn(E&Uxj&jj;KbiBmST
zy+1=iDVp^cK1l#h&Qm~|a+S*^ko?BD4aKr&U89l`N-3Jwm=!dw`IF%=gx=3=-#qLB
zg1KxyTZAHeatrwbf9(l$vnP@>_%~iVrl2GctQ(id?pfrbSwPV-pN^FLH!56z7OV5k
z5*UYNcx#U!1Fp*UkLoB<L4HZwI;3a67TP;$x;r`GN1O!mjb@gg#gyeNJXMizIn+eI
zRfGlUS=WE`>~~-+sdi~l9CFR41@jLTJyK)eg>b_MxY1kKj|xZ3yrN!8Cr|II`ndmd
zNNw$~uU`lFHct}q4XF^l2mvTBc3xNlJb%row`!>R)u8$tr<W?wtFGQzghDSFBew?!
zbX+Vl4LdG6j$asX&KC)}6Iw(jZ&A`-w%b?OK=qGsBHMk%GN^T@k^XyMl#1=42k)l%
zwi)7(Sn8zm;+bd}PD8CaF$Nv5{b~Q${wv6be9?uF6MQB&@A%@(s~5F`FJ0cD@x9X^
zc_H5qb%9V5pAdxZg<D>8DE<r&S~CEi?UKN~5&jc-WS#=tM5W#HsqWHu)0V6ZX*=8n
z`Al$lS#MMhgw!H6Z-G25*5N&DvTLvVvjLJX2_na4IdeobK&o#r6Zs*0x^1w&zw+KT
zKJ_=>Fvp4q@Ixa}i8knJ<dxVkHrBz=e}A3m;{U@Lwa5d;apz<O%lLX-P;z*0@{6z7
z7JyZx7J$crJ{eag)yH?q7L4>8+uR<bIi?hCBR(J$8>htL0OPHQKZ!A|m`7uTJQ{xO
zR(KV<p=yjmumB|c*5@ZM;P#GoH)c8Jc%8fs+ao}e#Iq05)Yh83Jhbc^eU?I8sJ{o%
zDo{|qAUh%{oJ^4jo&>O55qVaqT0k`Fm?lFwdNF7Xq&JT#8J*bwg$f}0VNaQZ0f?Ls
zL|KN25ua(NSx0&OHcqvy6XQkzCx*gNVG?g`k!&3!DNX5~&Vq#+qP`$p=O5jYR&*S<
zRr6a87BjUG$*K{_zIP}2d!3tb3FMdj)&gJFSPj^gu=sB~!a)Vh@he%{wMC|>4%>~l
zfd26DS?OGTW=40D+Kuj}DWoe|D?fWR{&}7FUJN7>fV6f08zuyjDd}c@gG;AlxQv2B
zB@dVbR_&FFi1dZ#oT7r4_UwMEL!PH<vo5P_ysrPVTv7K|Espb}fO7_I2@1~BvmG8s
z$?7K@HWmhcG<mr}=D6cHkyRS~6)Esk7FTwbp_>0{ZC0JCt&JT@(rrCiY-{uUY#`-%
z<Hup%>Ykc$&f5XbOm*YM>eB;m2Xj2`Glsn+lX*V0SN`KdY9t|^irkENN+c*+)=<5n
zYJvh5lZf%*gZf&s=)PonaI+GE62kY>p4`bJ<+h_pe3#c!<BPhiK?n26=0B;s&kUp~
zxtyrQ8voc>2S)=fM}~&Uh7{|h=%otH(xJfu^eQz^G2m|gT^bT(9Xgquv6P^(1O2W@
z_?}5xpHuOgX>ME@{0p4ukY60hwj2(VU#lpo3h}Q+{$Q#w_+6<B&b*JYN9k_RPg8GE
zOX5KcemQ06=|s;JChFzTcZbxh#7%C*_!#~+A>Gi5bi?bc-}6g36-B9ql4#bkds8}3
zgo+NbEtzLxW`~Wpk(2?d2VuMKu4D`i7mP7>BE|?8k{@X`EpEzhYNG@eu@LSk9Z$k$
z&^<^E?XSOl9Xq>~x)iwn{R7~yzji?5Kft`q*-hY+YBz)s7+Wrnq+$S)K$chU3j%&7
zHq)S}a=N1K%@r^1?l3QTsoCgz&)uS%_(9Le=05rJGV~@)$2>$jMlfNqYO+Cf3Mb-r
zAmWiz8z@8+mTgm(-pgRY^npLU>Dugk#opwmf$Y?DGWoSri#vtGNUyN~(+&lg+Mc}W
zwk{Q_wKfOmv1o5IxZY8#YMvuCGO8F;*Z=hPRB-#x(aofjC@wVqCoTlv8r^UscEb#U
zw87fvc{4bk_#qgOc^-p?55Vo#Xyq&{zIN<7(HZdl^6fv)RJ{VobCDVZz2?ck^+*G~
zb87E(cSYiBxfD_O<r8dz&M}TDsj%B6JA3tF$0g@YAGU)e>ijE-dh{rEM&!G!%_XeS
z>TXmxf(2Sc<4vF%0`a2XEW!U;d%v5b?UCyxT8MIX|5$L1wQ$1KJg`vy$w?vfGP73?
zX-jtDeq9bw?|qO17vjWm8b1dAx<DgcOQy#tv3JJ)AM0zzhm2eSMl>UU=7v$LuMNei
z>H=SrOSk$e!t-Y~S67?zvq^3A;^3KZs_b29T}m=hWV4wK<X5MslR7E<S917o+$Z6H
zD|IEpVpV`;mY{9;wT`CUq-#jj0Eyb-KX&fZk&fG5?%};@GY&?Xg^6T~QxoqtChmyi
zZZl%<(}K5Zkg#@dj+Mlw1AIk9moRt9Bzoi+VIxo;<=B`w7v7bsBZ$$5A5teJlGWvw
z(w}Z;6W2LaTb`NpYjtXr)(dM5$|F*wQ(%Yv1$$j7togI(pt6d;qy<yrO~BN*1OI5L
z00ZQroTt$3Y)sy6ug>8w<XuwOD4+gba8@R4s8+#GZ&B}f6KUQRNfsuABA4*ZKO!f(
z0TJ#I3URfa#7O4;2TnT$7Ev58-yM+ZW2Q{p5@C^?hh(bkwZqqmspy#3NB>dihG485
zDxM(?koqxjot9DOMGD#CKs>k<Dq;0LBHQEQE^e+ix(VdcH?#di`dFZv(!HYRQ;wb@
zvPNy58D;9!R<H=KS;y^Vk#5{ZcGM+ITYnY|L#wo@JDisoS~AwdW@+M-U=}CFL9hX^
zieEk+Pw;dcZ!eC@^u;6zbMVEG{H~r86a0Sv^HoRf`<q-x17H01d8LII;R<raZ|w=^
zh4TqCZ#U6g5DZd4$&<m5cF%`J)015*6GSH=z;e4#>OkKz*LXqd&~U_D9vf}_VPlhv
z?=^oqS=`u%q?ZZU?B@QDq9B4AYe_xjRhfk^jcz~LvYJFs11XvJ#VO}pec5g!ja3kY
zl@}10btu!Lp6lat4tSUGOpgYMrk#&t;5piK5(a74oQhTnNx%U$onwA$rme224$t$`
zp)_2O^S&m%HuS|8zu&QO&9&wkczNgJMmR4)7u0%AQkZ&2`MY!a{jCMKIEAb`!&G$g
z!ytt&(?gwZ-<##09*)_9)J^I?DH>x#(#Rt08txurd@tL2m5ug}PtmIPDp@R#M_LPv
zTHoR)vY``|-(yv_&uruf$I}y;@%M?AAPXka{QpR3A_3|P(Vp{Gkf@Ts0V;8O0LN(+
zP-F|{h2hf_S?$;XNM!4G#dvX+pw5*NU$$VfmD-1ytfXWE+Q%Y_Or}+kpa>Tgp$ill
zSNm|RxPpSw)2^&d)PR@c4OR0LrEePr7IqA;ycd=Hsy*&DKPI?=P)-K{y3Jmn&vXMZ
z;0q{UTt1GM4vyP+`9_(7g1>jqXMH-3pWN}~ZT~;##YIybFpXD8QiuOBj<8%mkz9G>
zo!42d@oDGkl#r4*IA+mP^F`E_4M5s~oj_W(R#8^O-X~*x?mFMLtO~nu(1acm2I0e>
z?t+^c@NL<j_#g-xlJNz~nkH2%5=)yex10?E=2?;HB(c*9w-^k2tW|Ycqw9Pevh+X!
z)qf)VgX$2TUKI-*VPioyb7GV0Z(|8gE{;ZQ<1!qV1wvtX@4yyn1mG@;1Ll6Nn8d!3
zv<~D<-CMGw9^~wPF4c?WJ*F@hfwIg;>})rjs=a>pr-(sJ-p1L^)}B|p&W|HD3s3;r
zWz|tYQURGab(QCXogKfoS*|gM6Qj4YUsD2OZe!%{QH18eFvAZE>zG(PUe@Hi@bN*)
zpO1Ea(pFYmat1do&0t#EzmAFnlwew3OHS2&{K3D0a39kzI{)aGbD#q}`8F;YovQuy
zOz^8xOmlud=*-hlYJ?FS0Er&>Ez9EiVI;uk2xBf$4VQ?DM|n^YLOAiCSPCSna4p!F
z4DDPwLZ$kFy2-De%g2a1z%k-BBs6FU$An*!?w|SXT)5`qerhqu0QnvLCkq~fJg+_v
zirt)Gw$1R8ox6ZW?jNHpmtI9as$N(Lj&}H+c@p;eUHX4WedK4eU26{-s(i(3p`fHB
zkhIJi%8*Jbav@>Hvr)Zc=8JQZ^(>xJKT+~u`V?lV3Rus0ybgLDHBz+L%19lyN29Qv
zd+F8paZ9x;p0RNWibF>bHo((5ip=Px6v}bB#%-!g6Ic8mKnBM6BVavY{jfcJFfo}p
z@u<60J&Gail9#VgG_e0cgO#b8A!ek6MldC$??tL=Q~i9YFnoz3;|M5VHblGN=*v$d
zQ&(@L*58G)M?EVYp6|SXAfp#xqyXcKs5~^6^mI16f)>~$02u`53v3AD1sbWywz@Yi
zA%pT7ygLJqBg&<$pd6_eb9PKHqq*m(vH2xb5)w8^SHx0=P2i}S$7w$Xh<a$}UysTR
zjc^5t8}sr7{GXx>$r+Sjb)7lbPD5=Gbz|V8B(61>6(?Q;Bc7c-Wro(v6=Cid7I>~j
zQrNzF<-NjCI^M{JaxY=hz;^F}^Q*8{j7(j))wOFjy?|mez08c01Se<2XW%G=oXIQj
zKYya>7|3WrrAZ6C0fV4QW>;4)K5a&tZ-|C5kwB>CCYKBp*BfD3D->{25p32$-HYC&
z6w-d`fA?7aBFN8o<)eaPU+gv!K`DK$LVj8fPL70uCpc7^CA+GfCtFhh@8E)U4{MB2
z6DYzPYH^!PzWZm#)&4Ub7q!My*VNcLYeKD8`kHQ9HgQ6OIAQCJ>GSWqK<9bLN}~PA
z<1|Uq&)E7rynM4)lMVxx);{+wR(C|Y5;tUFyAhs@D0p%w35w;p9W23ui=oY6yNja2
z_W={l66jq*PG{G}V=oCYj_gS&9J=msF6$aI36eDJzV<$tON=b-eb6eA356I_eh0*N
zdJinUprGt5LRo`N29z?u=b0)$>^5m}9Z<$b>*ywVvZb)_ao$-;HN%qq<0?j;b9S?_
zQ%e+g8L0glvDXv>oDH65FRd2iTH$ePZ>-som=DaAo!o8)ZJns>psunLT(cuY$8jcQ
zUXC47Zq&lJQKlCGha~1jDgf7%)FJ~eSz}$=v6Nnkuf9N2STRV`NpD+#78>x=6`W~T
zNiM!3VQ1BQjOQMbJ<xf7)1(){hE>-|VoZ7^ow%2_vW&1{_{DQ1!`^TXm4Gw+6T*H*
zPq(k#{h`}Pw#fQJGW~D)0&^l>ASVK#F(fr481#c9;jqiX45^7xKRCwa;5-`kF{4k}
zYm;z4DAG**%THQUCUEiYtxWsGEMknRj4^6B)D`@0uL*0vC=Nu1)E#|k8`|b=@xc3F
z468)5R@wgv4+V~*EQZ`&$YLZ}U87FAz2>X#>t^xu;)qoDkkIAKJcEhid}<w5Nd>B`
z<Q}tas2szZ>EoBS7)|kMfpHyCup=dmd8$Jj9~WoTM^%KOR(O5nW0hA)!c&6Zc|Q+1
z*Ug{h9&N6(6R+ZfV{|5KycVR+=I>)O(E5|ex{rd)OSdo`nXM8t%hd@9fuXR>CX@xc
z39MxB%~2DUq<au*xKe>1%O+J@eAi*Pxed6fK8+V-Vxkak#uXs_q^sR51gTg1Brbl6
zK5>AnNoHr80mGAuh<#53A+c5mIRjLZVd@^a2+sJQ>TErvogItL0ol!y?WJj)vl&lM
zh?20YhY7*$atkHIF_B~KYy8r=xDSG00w8+rg~<~ueU`_C;Ig>OQW)8pUZx=bVbX0n
zO8xC5kgDouvL51`y|(U-54l>6K;(#PPzaT{GK3mH?tnTsV8~88h{$J~?)8YZFB*Gv
zfOHF04lGPmQLQ7Wq{~Q06XmanJm=t2DbH8x>?Y*9oA1TQMJ-5Dl7BHR{V*HN?Qcaj
zxF`1|P$pGtU#+_5gk!o3ffRuht<y?(=On5F$vI$ZpMUg3$MopaCEGX2?F(2xYZxya
zbEt4XT6SN+J36{(Kay{hH}Z1~#vhRD)OB)Y2>(eD&f;>xWQtEz87i)q`bRrlKdVdv
zLcED@fadhp*gg^H9WRV58*eV1y}Gwq-J2K#@=5%3Zud&Bqz+|eYxFUZSQo(xPV<+t
zYn2Hub66(?9jflTuEu6#uTulr<E<O(-dw-@lQ#fWZBkZNcS-YzgV-U*XPzuZ8UyiI
zKk33)bFB$$To%v(dqPqbH-$SI?o2PtiUxao&hbtow8QggC@76sbDJi%6g`Caq0vDc
z%mt7o9%-|>!<3uah7u<N-ps2<Z7TXyfr17BRAD*ZDy9P`uHP=|)z`$N1T#t`3zDGJ
zY}=56df!@zG#UQWx&=qU=RcslI`>OVQa0zDG@hwY{N69?XpEvnk{JYv){5NN+EEWu
zRaWG<yJa{iU2#+*q+c1`1A}Ne7W60k+#9=O>CsedV{~<TFG-K~Q@dVR`9(^NKnzZ+
z_D(`0PG)=^*Jo3@&xVw21NO8L=3ju!;nV+?A78OYSL7`yc6l^Ecfdb2iCS^v83V}2
zM~^I9i<oCX&`aO9ltJ#PB$05bCW)~>KQ0P|=>H)N_20?_=^daZr}@>qFAH8G&jP!u
z`&&JC5slXntg9bW<*9&5;JFU!a(&_n_^0uALaVi8)lzr<^@O2eH|lCgWOzh<a-CC9
z^6%>vMks^NM<Y3WjVa%g#vFi|RxMddn;q#DsD+SL`8bq&Hv)8;eQ%PA0XYPfr1V|_
zqVtIO6WAf%L|-^%%lkU*V+yExLvn*njq7w7c_{|Z5ahXMvibvN(-VJKvJLO41<^J`
zQnYQy3P;1(9TaC*^I7L-D4Z!!Gd=+Mt2xW7b`A&FT(l9uw2*n?C{09T*Jis$n@h(s
zi?8j^r^<nmjy}3OesUpZDQwVrRo=T3zn%sVlc)Fj>DX9x(sU59ikj6^U#;PO4HmNr
zXaa|YdWc)WhsSBu{G|Ik7g)AJjD$RLLkD2~rRnCCJyE^_5SkxL-_8g@&CW+<w4XHK
zF<;Sz$<dkhN*!MiE=2DF{*RAGAS29<yHy-DuFQMXy-O6}!h654FJ$d4S~#e^oQMXh
zuSh3dBs?H6j-);v=%mKnv`5H|DTrdHxF1Tl-}ghMaX$zL5kR~gxKcA40{_q2$JzNq
z!7>frwK{1O<0jBqvD)iiSW$rxVhDR6MBuh0BoCpqGI_-VX`ezr<O`5~0YUxy4v>Xw
zYp<gX#Yi@(?U8AZgYpvO+u%QB7IQ;%TwEWHZK6~c*1%cp8bM%MiPoqgR;yJ3S`K13
zka;g$8Qj|z0dI_5;rCF`!sJ5K1Kg|G+8Uv{;&cR+cgZmjfL%Wv&{&QcN_`%3l5TA>
zY|)0jrUu}?d~;l_&dezrP>%IV1IzvoO%D^)xl`f?&eKp3hIDPjId)`jX9@YuYx|qJ
zoPegxf?#3O>{eQjH6WW@KgIgbovIC_lZr06Op`>N0;yGVX<A*ZfBpe@RQ_*!jDbBq
zoikoch<_x*Av34Ag^IKfB-4MLOSL6L&ZOmS%#Y7N$ouw2A8U@+wSC$zGl0iFvP=)v
zx+QVxQw%LT+_aJ$cnYo!Z4Vbr_NL0U#)3q3Vxn+HLCL6ih4GJRAdGm}@-Fnhf1!UR
z;L`7fL~_uOVNU}*Gp$c3yv@Rzbek2km>M^L>2`cKMI!{RyGJ{!#hIaqd<-!$Z!(!&
zJU<kk^WSo1JC$v^le_&{?xn@ctP6^uPDGNpNKJGp<6QcQT<0ioF3`BYO7-&hMRTzp
zq=`1p`fWnez;zaPQ1U@>g+|KM0|6@<#*KpBx=-!D9*w5_Jd5n!ip1RGC*F+T#NWDD
zQZj_4D^Ebxz9LlZLuN&fPK!}gYpDkFy(du9-pJw>PK=g9>XHhhu6vm*5&?*ucPo;N
zE2>XPf}}j!Pjh=Z^D?o)GT4g*+tVxy5YM~OLRPE$x|6Kid1h*RS_qZ3Ayi&&4Y3GB
zny?iW`gAT5oS0l+7KJ2@z(XR)=z4%EY|O@<D+AvedP*&A<^sTcY+yxcM#H}bmvjJy
zZH*Txo`A+K(#<x_(uSiOFnyDV%5!d$<?yg6L^mjZ#j@)X2+a(TzspVduebJ@73EB&
zAVNaIHz1In?-3B}#wbD2r%}K~gH3F4s90fSY`1t->YF^`qW@Em2frH>yA$f@F$h{$
zf6BPC4V*q}oW{W1jW2d7B0ry!u5$Fc30D$97P0yAiYxIWP0*-~Ur859`*`M*?RCuQ
z8$b%mQ+6M$HU%BZwe%`1348o}2p!XC^EX%^J;P!JJ&Lv0_^+faT6bPH`Gz7pq(xIv
zl$9484y8#xS`IFbgk8mHL84kFuw?gtvm?Yntn30N0?IC%6Z1=cbsitF(NA{beuiE`
zfTAY&#Etfw!6&9B-7a#7zj1(_mvk9PnB@wWEsO_6d~8_67fRes@b}VFX((f$(8(X@
zG&^3ZjM3>^yX?tgkrZ%<V|oyw+E%SlBC1#hG_axAyl+IfXLlOBT2W5xs3z54yAX7N
z@_M8NGRX%Vn>b)O$qC~pQ;xRT%_3Hx*1-1d0^sB`nk!KK5M@LL+ZMcJRd>CQbZ65D
zT}8S;9koYB9k#upJ_%$)Q7^CRNcs$HD0l>~dL7nxD>zmEctbF3r$x8Cvf`E}ut@I`
z#k|KHgQEH1?#@ly(4Le1I$-=v3@%-OM~MW|ZC|h@bai%YGJrq5g4o?JZbcSJfKuHZ
znu;PYLtRNno4`kpWyzN2DBe{Qv<XCcF#00H;X#5XBFmY(3D*lbK^^IW2G8dTT;!K>
zJAD{i;R9RRuv@k+G~WZjekGlZIYSx{s^yv}+FFIleFk`?GILy8P&R3n(BOie@8%JO
zXk?rx=-1R;Kd$y_Y?~4>MhlCyc2QjSFrLw$r$%;nwwCdqEa!l)Xk-HBW1G=>{QU|j
z7Xt;%0~e)w|6j30JeF?RP2tYZJ4tOvOZ%VP<_W7m?ErgsGyvr{51{=r7Qx<(@2Un8
znwUOp|LpI#*mogmNA~4FdPwpX&$<3SB8W0ufQBs8QSm|n$NX`K&TO6*MqcMvtuRE8
zMF3<!^v&Rf^ZlyE`EF9v{W^8eF3Q2GGp29)?eJu!UX?~}B;V4!kx{~+WbgMwS5b-u
z&J{rn_o5a**N(7|a6@;iq{wEZ42}cqs|*CcgzfaoP_g&mu{JeP^&#@3xG8-F(>kF>
zzXWkOBPZzuC<#a~etFY&Dloyq8Z1a+7Qm*T{k{YAeO}4p@RJb+Yq!8Ef9S#kZq-=9
ztx{Og5^}Ln+2jALMH*=KkD3?!mGpc;0t)s6s6@0VD|Q6pC}E!2tT$B>5~wFo>HQB+
zaJX6V7#I2j;D9iYMyTsRws5q$Y{Jpq@yobn7&p-03Uv$xU)d)BAv2GyqiY0|>21oi
zsvf}mBS;!GUbGhkFaFN9`9Zhb8~e$y<Mz_xfvU4(<}b*KcYOR<wf!Mx2mkJQ-gC;M
zrFCqh6|S?rX=s}mJW+qW@43U5%F36ZKaAG{woGEq+WL^mlq?7ULARN#q~PV8oPH`~
zU&~x}^i!+D?}1ZEb~LQqDHDray<SJy=lqv<0Vutjz)F$tP`MR(V!*s4Z|NPoN*q8v
zyZ{UoKck&F?C3}vw*&c%MB`^jPyZ_R^=Yecp$Y;fyIE5E=D6FWYaEM%#BtE9^(YpK
z%sVd(RdU4`A0Iin@yOk&mN|DfeGmY@hC%nQGj6Pd4*M`N!u4!MTIH%wGHkpbq>h?@
z6_$7Q`PI}*1?x8Rh-v~qi}$$L0a67tJUTpD<~qO-c@u8{iD}CvB~YDfl(M8$Ko!|%
zzt;Rh0SK>Ne1!BVO4dUsp;c>vDoSN$FvC4nJQ_jc1`!(8wt;=nscwA=Yei9;-q#h?
zVB@U_w%xj?YPTiBKh`Cmgajf?VPre}FoV%j5<3)lqBa&(0t25TCBQS=ue0aO)F4Lr
zH|I;TM2yFan@8HGnYph6onKF$LZVml2<)2ry6>pWqOtC0!8aH4EELP@p`hi}3csTp
zsYdmw#bVI7b=sh36&O`rHzR6Tff(UgYGvpGXrqBH1(fbj7Wx~jKzNM$EJ7sM!1tVB
z0S>;Q4g2K#e<@1INl{_>a!u6wNn;v<{0BY_kCIe5GFk^8pb36i1hh^q_umuuAY*Sj
zcdAxigknLcJ&|)TpZX~u?a0uC4hb1Pix6mbCT4AMw{JnmlTwhXzq&%z??BZ}t0Dsx
zEzq}~km!gm`7y6w^g|Fe1C?9?g1`9x=z8yf8od91Tvu^Zw96<iMT?4}p>at=Xj5nk
zWi%*C`@T>_37JhLMN|~+y7W?JLll*UXrZBK*YEi}xA1y@f1iJPzuxMed(QJb=i@n!
z^eCthMn1(zB&Mw(uoHN1&^m6B*jS&;IT~>Ny6_i7c`@j)A;#4tgVQ0J9G@&;lHDwL
z9Pihsj;stDZD1Lg3-J7(bWhaIw`j(G=^y<LDV&te!9<SDEOn?yI+``sZTRm9aQKOM
zaJ^ws+BP89-L{nd@$t4B2jRJcDnYMK>E?Zh^I*`x3XqffHzkqq<Vcm!ptHSSu80TV
zUpwS`R;dkdgnG4mS*NA}{in*`PVo(PmB%I-Y32!;ZNB6Q?m$s-vj}Vka=G7h)YMgC
z-n_FyP~bZ-W_?*<Bou6#394wSZA>YDbjwTU3P#%S>haHleoGIJ_jRz(xryspl6a6Y
z;PO#FV7T|?{c_Jw;F!giXZ1o}_!@`zz)E?IhG)KfU(g1-06o8V6@36%;$VD{TyVRt
z_e29J`em@e&CHBDo3qKI|EilIE1F^;@J%{tGAJ8I5-|^bM-RjOP3LZY4c$-j@n@Gb
z3G_?t2m`Q@IT!3jPVph`HA#^3k^nk*L+?v?(x3bx{6&0xDSg2YL6b`D^{OzL{vZX4
zOx~OcEjaj72+{aD#4E?d?8d>S2)+MMJ7B*iCH)gXDdOo53uV>3=O!;c$0tU@SiE%r
zkCFjAGK0OvQhMQ;E=2*aR_W$zAM(H_dkqG;esp2vV)$o4=(phRwT3ZcKzY5Q;+2*1
z@d=aR8vxFmAO^BLcqK+cX4rJeOwfEfK%U6kRUMmqL*(%F&R>Yc7^S_2m+7RrFwOjS
zWZVuzw@$3$dc*~6JyqE*0%BgM@A#l*gN_jyKDdh`?4047T37j9lg&bYa19MqxVmQ&
zJ-!_}Py<_LZoM5?6smXCpnCUA8DJjg!vKWBBeGD6b%0XvnBG4(jRBP@p)p5hTETeN
zTZk6!cYF<R16<=;uJOyG=T)Q~6gNciVI}lYn{TlnTua+2&>B({pg4TG43+~1V-EtD
zUqk7g{!B<7o__h5ox0hi36gPY{ee#fpIXCnU61gzo049`c<I}-qC`F4?C9ns6T>@~
zReblT8mluh6FT4;Y1MSbRnyScf1vmCN%P6I%fKVi)aHMrZO&rP-Mp4#&a&EDm;RUk
z!Z+GE?~^@Zxct%XPg}tU<OKU-MD^<QsH{w)kFxr_DIg;=X)$K&&HGgqj>1^M1&m8i
zU)P>}N(aI~%^moY9XF4G!jxrP((znXeP{6uZG6F3M$OxEr0JFaT3sw8$h}6|^a7cC
zfcNAD=64?fv?fOtNY*jy;N32urCd%5AFYA{>#cBlAk9xxuqHLuR#yEUmDccL*m+DY
z`b_vjHez?qV@b$9f7=Dh0PgQU)y$H5d^80g$OOdj$M}hWSIJlghQY;D`Sr<Zj2+aw
z8b0UM3Qh_WrjY|~zOry4f5(8mu%c!ql)St^Cz&2sf~ID*9xL|YJtbm!xlrWXoh1-!
zKvY@Z`706%Gga9y`;~8;vkj^MpFxG48dkMVf?5?esFl3|6~+*Z`dQ$;)z_!G-HX2D
z1-^j&LXj~?^X1j`9`H$7m_>Bvj7>wC58pfZYF@O+ycre-fS<CuY${O04-JF8LKg?t
zvOJc1DJ}c|S;zRPj>Q?$4jh5Id9?GlEU>bHHINNNSBp+dV}^9|m2usL$L#Kbd8og0
zG!kAC&*7+!$#Gwqb$=MXgby@k+n)@8(>aiD^#TZQOSb})c1t{c$X8iREM_zGB4BPM
z2wZp<uj5-lEIK$npg-%(nV6U?Sr|9}KP^KQ2gzZ4x^2&Ne9peuO+f=gOQOr4aP=F~
zDU(e`Ltc$+za?c02zfnbsK;+aFWByfmIOkJFMpzLB{Q%Kg@sV61OUU3TpVIRXj3#I
zNpQIg0|8dWT|3v^6+?lYP_0KFLNOGX`Ninw3`Jfs>*LGjB34g*YtvN9DyQl*_ehvh
zv3J?;C>6S74J4<tR^;zF?XyHv6878_%5?W!UicXO99EHrRxeLi+?+p{@_cDy9i4#D
z5BGG-oU1SL3u%0vldZ`{F`<;|N!}ioV@>|w3|)X;tH`USaq<|bL)*kYWI!y@a;TH~
z?K3z9A;91V5flOp?0dzV7N7l)od+)AYrMj{{@0;aLy^D7Z<*pho}k12Hw;t4%u9?-
z2xh0?Lm5IntDQ4`dLDt&9jG_Vp692;1*<OasUMhGo;@7^M|vhY>`<>d*{4VUfFkj;
zyGu)?3TpNmIn2RMFuB=}+UmDPvgHAMT%iD>JNrO#2k32Vk7)3`cK7?{i6_KQeud{@
z{P8$Q?yn|GMy9rCOW)9)&4B=*LB7m!?KDKs0Mmjzg)5G01W^us`0?%cGJjEBbU;L5
zp%!ykXtJB_3jqe!vO+I<oF+UXyRanLNck*){rreQzhCVDzU4NGW_a}-G0;r^8;MM|
zLVj)d?aQe_L8{BZ!e>1jbj7^wxgo^GFyd7q&gNXrpR5^<o>;|haC+{4{KJhAtR6;e
z`jlzwL!ZzavePj)qZ>RqNjZp}I?#uxJdAS_id!-Za*VJZE)+}9Yj*ucJLsxN>V5-~
zZG%U0lbAu>e5sBO_=4jSa8N}mmmQa&$E8vhq!bq2OfA4JuU!}#dH?ZHJ69k=5diLK
z25x1Tb8xNInD;K2h8ZCahhbrys|9=3Wd?0o33xZ*m&8A(d25FKFtN7P?rtZ~!A_cI
z<4AU0;pFi-Z9XUT_PV3g48tuI@BuL(Lh0Ujom80$N`vxAb^aYNGKQgqDZXuVNIF+L
zK0ZO`9Y9v>z#WF(_wQRgF%HE+8V?0}PUjz8v64n%H^31#27tUKa@SxZBkvMO|1^%Z
z33%=acDf~@rbacLhblig5#_--#}mL(E^!22GPl@O)nq-q_oWrEk#JD3q*}@;mf70(
z@z<8xv#?l&KyueJe<-Xv^Owhp^@5Nj)zgxx{YPKZ4gx5MVT(%N<!a2(gLDOAciE~z
z@Umb5$D^1t$+ta&&xXMh?#PB7f7tLRfpSFP-XJOtgd5!Xb$p?PVb)ntVrpQ2Qq7d%
zy>w`UcvP*i*vh<^8;q?n$wfI=R+>OwGC|@UX-HHf5a3Cl2`Do*vH(#xfJb0e4Bx$8
zNzkRaTcB0M$tDb)G~2kUoz&Y)%&=I+DT98*@ex3qo*3@1nse=rA|HK#UPFtcKdkAn
z7FBRb`j-RsvpOQ|`Dw<Iz>h~dgYJXrKFj>oYI7$hECWHX?|8NbDEFUit6-2Er^A#r
zi;$*0Ok+ty1_r4+13+Zsj2R+@X*Vm%=7A$#2@5#r{1Nsl(i;f1<%lHmN*URG&3Rk+
zBX{q=0FCc}^W0tA1V%?tI$iqut!IVv;Q5hb7;xqOVdq=oJ>&NlbQnzxeesa1evoo1
z#ASQ&mMb`W1*)pd+HSgc9GZi!4?`JvveA+>S!;7a0fN}D<xE7(XXBxA|G=bIW0*V>
zgKJ*D9#S;R%qI1-K*fLPS#?|Fy=~j}lEhy#hp*|Ph8O37z|e9E$l};XaT1gCT&4?&
z`3?NKXg*e4za|H0{(SaU^8FnoA3SBPBUbe6@+<nrITvf*|MaGV6<S+hIiKVlqJ)wQ
zZO3}cQygv69hWn@Cx(yY`a8JXb&qCs>)s+Y$D|nrj3rd2m0gxR@v=L99*EtaUY+@i
z(+l>j%jOGJg2D9<5T14@@Nd~M{Iap=v}`h~tN9tCmecpA-6Yj{ps+<5ojxZ>sgpuJ
z2u$-mQ7ANG6bAA{5w}>y7C^J1H7)tzafz-bCB@846qbvVI5*gi^uA9_3*prXm-a$g
z%b)1kDJ)R`dTali&EQ=BPaMyS)lwygj3Ml0<%^hkly|S6<rNU*7eWlcguPVIi-R;r
zMTdv)`+ggsERz>5Fql672X7@SW<i3IV#BPd<7{S#*?z5lRdQVjBX%g3vfm2QcWaip
z=fb0TTcV?n!ICsX450UH-T2$TQn<$SYz&Ce9RF6mTPI4xxT)bgbo$oM8@wJ3*G}t6
z4NN=YQ&WsDZe{BOv+AhX0B<m**%m2bRuI$|RGfwtPIEka1=2d?!8=GbiU8&_F}TOe
zn!~J9PbaM_jxfh!jz=1c)o()b4?_719QNH5kjb+&TF72jeGRFf>caY|$<m9tP#OT0
zMk3KUfSR-h?8t5BO@mY5*9Ro6CGj=YiUysS6j6Ej_ohsyq5LY=Fx+CS&urL#Ra{4p
zC*d<0`tb}|>B>Qafr+KyO{Rhisk9Z}ITu?Lt#rh@6$329DsM!EfFte!4~-&Jd>^1<
zUU}G3^`CxIg(%Rz%~2()2G~Vd28s(pVj26#1c1E)&R`+ysl|3K54C8>vTh({-z89U
zqcNjaH3@R9GfP}hjkC%{yT?=E4j<eBmK0{=am`GuYTX#fya|#lDdYh@(>=cTjrZr)
zU*8)Eqq9i5YvUi~A_9rH!uO6BEV?26qH#Lb9Ta_f-gizGak;_TdCgr~iawQOx~yF7
z2!>t)08+=C>VEb7PwnbFU~EVFSOEwJrUqyg3mFAsw%ye+E|HK8ya+C7%!cwDFf#_s
znXg#=z5na=PbDjlC5D9fyE*Qg>^Nt{Fk>W76!4&(#K8(Tu8LyXq?6O0PpJWCs9%NV
zZpdzS$H=P<Tk{m*{nDrUjJKLpMqez0$qUd2$3}6W>h~|0{#qKgVG5X@Y@G|_jn9gw
zORn-3U4sJJgdJ9j5(3|W(tNDPteQl@<!)oLe}l0Wfys!o_=~8hcHJyK?m*`FyJ6CK
zQ(!)P0mFjgvo?m;e@}A}*;ZUgSi^_fSSVHZ0pTl{4JV+}g5l~#??{t6C-5Y{3%?&w
z&O2Jf_9|u?;|53_&(qIf$7|(4bgP;R^JdqLYbpf5<B{wndfTxX$_i4Q&d8n)b2-$v
z1?x!uAIjTclIWLV!z;K+g`2Ru#WzI3{^oJa8SqO#IIx!a4dN!!EAnuWn4i1cqvZXt
zUD{u*Z5SwJ?zC(C$1SgM+Fr<>8v`!|?>fv2<@6$MN%nP(Y^~tp%3+KOHFT*z?%k;a
zIKD3H-t~;<m{x}5N^-kb)t&fB-9nG!SLvYzE2GyV2S(3V`uueK$`QK`Lv2@l3Su`O
z81e1~e<(@NAAoq=0OIjO#;ZxecAPUB;v?8AhX#<=)P1yJI&3-H3iQbr-7xsVKu`v-
zHgz{*g=c<ag_*2Y8diQ2elG*!NqFY3kJ5iwOEj><a?dc>D*KJ*lANSE<|IkbM$L!r
zutDe9S`fY1r2|zT%l(3*Hi@w<THe^)gTqvxpc8rFx7FQ(S%{=!xG=bEhZMMM_6A{a
z&kWxcNfWC93=dW7&iNPu)=*}S=%oex!j559{P^{Eb)6EXfC|erp=Ta?Nhe(qUau8y
zZf>K)j#|J~fz0i2GRH07P?gMMbQ)?C+xQthW5?e{TM6^UF<nzZ3>2lP{K(4dbNWV#
zOrTnq+)ofXO!GcT1(S7e0_RE!`40G2R(5+2k}$3T+>x<Vy|=FM@hq>4*+bC_Uf4R<
z<|SDAOcRi-1$i!IAXySvKz1jfg5|%f!BP&<Q<{fyi+E}qC!^{><}tE}N_h#EG?}Ao
zj3V!Ln*NY>ka!av7{B%jPmLM5E&<vY($b{<4CLSnr`P(yRg2R=_Z$UcI0wwU3U66l
znRV(+VZ<{wxL+z#W7BV{MqtU3(ahhUFQ$5}XQ{f1z4-aA!W;;nBAAuuyJ_=gy;z4U
zV8)s2&kATiZQCY;g#UX7urC6~(P@$BUGA8QRN{6c%#jNjGy-$*&fV7Z-jm9+37-|%
zfz@w`p~}vHbBVYGH}{ayYX1{e#wp<fYRi5vphMryLNVh)fq-@IkGKOaF2S})YO?e6
ze>gOeTmj_W2(S^zOs6btpS$hFA-Kh@aEm+Fx;B7AvBK@J@2dX$bFf^Op$?bWVm0Ns
zL(>zSzT@(gnA@2{Xi}D(q=GXb{{lx^r~to}s<NIsp2BE4p(9%Iz7CnB!Kfv1=={kz
zG?1x6k(7kKvP153Ku1F1QGJXJ8WM+DgLKtpQB}YhyrlZGf23%9XRiNmEoQtH5t1D+
znT5bTFf}F4{Szb1<h3X$tUpz{0O5*x&JDYP@9X|AT=SMCCXnSIu|9i=5br!v)Whp^
z1_btzN3A+m$1nw+I8>=({Pkax%E(0*wu<lfQEpNec3w5F7y@?zN1a^EI{=x!6I72d
zznL4UH<ut^VZNSy$Y<UZTo5NmG~W6tjR%!Y!D`DY-JxG#3&O$ub0Q%>C%`qRpt|w~
zoPfpKdcP5;w;NemxYt7&Mjl3!aLhD@3PYe#Tr?P`^n?oZ$R96x`1S<6k|*3_zlzoN
zx*3t%!^K&$P(Z%3xEvOivc*8QbSD5ldlh+wtTTe<!i}&Sa_SFF`cL`LIzPCATMLw-
zU3g&kqIoxWVeW7*`aF+jg2)p@8OGwE=S$l5Fp}Cp^-wGPwc-gjYW_8tfWmPnsp24f
zFU{BpGpBxhQ{uiCtHjS0PH`H|H14aB*ZHXZ;A;H=PI%>;GIr<R4uJ(uAx)PKJqVks
zHdSy&VfpvByf;(EPl=EY+SkZmQ8w2(acYO})mKYXurK5PX{Lp-PT<^phrp6xNYo9p
zJT7W|((%5d6G+bh%dMOeyBF{gVYWrfGSX!L{DoW&9O3F#kNyA{<uzFa#56}j*#9;w
zyZL$~^OxTZ0q2by)XwYngzezmnlJ~>?f!Qw4i{br5_g;yAm2AsvnWx%XhdStUWa3D
zaN&+AHiJyo*T*@#p+G5)6J$TKLdPBK0(>55p%1sv$Ub!yB<Gd0+wAv2KJ%qZL=hu*
z9em+zPHQC?ne||n*LoG%v`_GHDh^U8m7emdN%Bq)3R|F<8LV;mR;IVxHk+pqnf@80
zacfCa)o1go);O{Tb28I;8)X)&4YSxJE(p0>iB%4bE9_)yi{+er2VwATAi+}4axyA_
zY`%;Nqe0I3+o)zVhOtWJNcH4rEb%w8oRW`lv!;-DVNv<}A;QZJoH)HapAiJ|?$1cE
z7&F@AzsCZ7lDo`eAK86vPyG*8Ufw1k_K}tKBDDfZSSx_Y!!*V|>fnL~r3mZeI5*+$
z;RrG}0n(BdX*SntA6lJ4itZxLSeA&H(2!H46?mVYgRt~~X4=$PG@<S{TDtT6(s!Mp
z27ax<FaAIo53)Eq0T0+f{!jQs-|!u%W1r5R3NS5QWD8>&V+~ri@43G@HI*(TG*%Qa
zdbqwS+LHlXH`x+EVIQ5H7PxHQ63h?*bfD-h0@$1&BgH)i=3rTrVE9=D)c((~9BAn_
zftGI9{V>MEp;;36Aws5!v)OblJ}0>uI`Mm0r;X?Ey}CTtZwAoqB|0*NYzT?rU@&N0
z-Jo+$W=(x>e0;F`VL_lkr(Dz86JHw^w}{j2F2k7|Z+F)M1hKfOcsHN(Dts#-3cRUd
ztLyh|z?Bw`ya*Dla34-`nzJ0BwPCCI@<6aSDK_Z<orf>&IC-x=0M#meJP#gv|H3&q
ze*T9y!W+CQD`1t(XM;sBIE7Vsa&-fQbQ0cev9dD5z6;WD6(v|D@yIJLSmhS1vTr{o
zHg#qVDs10f2T$^_QMw_*^bdCUWDD7u&B=I!y3m=W!CzA`6Vl<H6GIY54Arz_Tj(e(
z$!VZ#JIN$O7=#5!Yn(0)U(!l(uNgJk^LpoQFZiRm25{@fo3$57sChfdAVOld1jsDV
zYwdMdNT?v^kx%nV8)7h5vEM0bw9Yx4c=qvpoWin~W_QV9M!VcboT*WhT7GG@T>@ks
zr!m}t=&_p=e?SsWZyCV{OK_9Ib%~OvLnd7qm<&+6I-p4Qjy+T`G2a5XW)xk|0g?x>
zmfJotMH?hMDBfY;$U`=eU<|wNj)X^Vy!oE4>VuGwLQfwP^L{BO%yiOU!^=}yZ%z7y
z=Rx<jqHs^q1x1&@mmos{AcjA?&-3BA1VM=<I9dBcs}<|nC&nSrVCNFn)T=_9XGv$7
z+sw7($;=Smo`F18CFCn8NS{npu41pZx73Y2djZIv0Qay^=j$g2D7O68f<?t=p-0Nw
zD(6hO0Q3Q#vjAlP^BFj%m~#`Xl6liQ80xS%eB+isIx+*ht|kdp4TLJ)<&M})8F-|A
za<4bYp9+aNRsI|=@gcMRNaJFwuQTQWM=4?|qfdA)Y~cv}r`5omd1#_apeS1-rtX;I
z=`c+r;&z^02HR0eGYNxGnAKx%d^zw$(SzYVnIJ2+u$}(b)=>TO1k}AqwL&ovkx2!C
z(_`j-hT@zn(~jYcbZziu7V_`^w;0GoZN=xO1eY~+d!AhV$_-dF7tVM4Vjc}j@Hw-K
z(=)^7VHPe(1mmCazKwU5NH|{v>>;M!m;>TK#G#EQQYO|048R}+_czbo*-+`y?OI`Q
z^r^Ek#{{^6Bs%~zNIl}i4alk*yyS4KU{0~Z3}ohK&<$`ucHvn5h1=dEFAC3w6;>CX
zCjC^)1e4?AC;D5i2y8nvOk>E%c)L40PW3rxv%BQCHPUA9OWX(Q8S7t`S?+<-m@wwg
z$S#G0hRUx|vBS6_J)WcU9J^n_(7qDYcdGD(P7eVW9J9_<Yb#f(bfrK7B)$_Oa_E3r
z*q-cYix~Vcb?}O=pEo{@_SU@V#U<J2)<LVC!|dVDX!;N{7uKA)ASfm_9lV(m6Ct31
zc+V=C;p4wHdl@L+8}A-2sEdzJ`uF=P__nLJ1B*Vsj%Y;VgG0L5wyfHKu7_L8t@qbH
zcs`~A_lH|RZ!|O$(;-8^xM~3Yf)l!kwL5imT<=0GBzYGTU!CG^X1hK7u9ICMIIyB_
zmoaQ`OH+wYp<cF&#>$02&(GNQlr-gLT_=|lFmQBE)$z${AE3%Z{^Y{L_FdQ0d{efX
zaR*If)FOUuy@~r2T+Xah(YGBe&f++k|MczB`-mgGPe{mb!WL{%JF!K>oL*{^^__o}
zdhVBMI=*Li<Su-;k6<XmkU1sUP9?pjF&@{OFo$%H`!e%{Yo|g|O%%EDxji%99$Kkj
zILt+3d;+Z@(zqVO*!dJ?myokDK^X^7je^ga(4w|@(#&693L`iRH*NhlaRsR#A=y-^
zb<D=^2JIJCLVEcC+r*EntOWiNV3&Y<rw+}>rVQ%8Amw3)e7EX&^viNipork;rekDu
z6U)Zta@CJAkBc7ZJ`Yu+3O=B0GP)UjAp3#Lkwx`Vb`e2P8^#9J`2QIwNK#cbkg8%u
zEA(iN(T}NR9}(E^gjojJa?$tz;QkdoF;GG`fF*Ra@J$F;g61NSz7!5sh#8-PULZB#
z)eT_qruK_?o}IW2lG2;ScQx<mYU?8DHM!wO=PiRXJpnvD*yI=2WEU0V2f3|lQ_g6d
zAe#~O${XnxiT_x`rA@_qOunzO1e%-x#B5H&H<790{4XT(lKp)aPKxr<kxLcJpy<}F
z1dUGpv@75aiL&)7e(8Uq4-(G{mQc+QFhr6gk3cBW2vcs*d<CRRq}KaRc;|ZmG>|S{
zZ3tiZYBMOSSMAnUr!n5JHxwO7$XvXDWc%51C;yBVY=)_U?}`HWS?zAnbpfPlg}{Xs
z^BC~=4CG$O-E$XK0%_=3{?j@V(=QDIT4v@&kbRlTQb3X9#O2h+eBsG;us@*i7OVpW
z<v=(CK3K<8ZBNvHQx)Pp0O_6SxC9T5(`i@eT58@0v@C|U!IagHm`!JF!_J+m@hc{k
z<v#>1@PO<gd_5=JR^D4>jCoc7B}-<z9fKNwzQLyA$S>U0NFqAz3@kPL3#vk8{?ef&
zmuD2vut8^}sPx#0t!VjFDT_uQH-3H5arr!4J@zMNy!C`wJA^;G^322hqYkObD;Gdk
zAGjHGaoFmq%pS>8rD2}x10-FMwl3Rw<?ih%0dss7j6ylJ0raGlSyT0*23hweUC76?
zQErf&Iq)*%;z&a`T?`zmwvLeB{IdZZ)iep)-fg?u&O*9zJHn+Wa}Pk0=`KuG{<lJ~
zPJKFpG;w&oSjcwi!%8@Ghi*+c@x<?y%o#Fr!=O_W=QL&mNffri(agRag_kf5M0mB$
zyl0Ykr4ON~FHbR;3<)MPUB6*61HnQ11>4ikihF_BFu%Y{w?_`Lg4ZaTPM1F@Ct&hS
zjsf!lE<?ehZDl22$bOLBzh}gNW|G<tOFaLmcogysfSh^NeoBRWU?nUe{895b9wr+P
z135P-OGx2e=!DJUT(x7Le@AGET>3v`3yzln0I7toj#=G9Sl1@b+q+}<^?|45#qc$7
z>Hm|G*bKuDJTwpd7Om%$EKTpU&&><g!gbyPSjFp3y&T}70_^Hbr)Kn#^zSi1?r>TW
zRMemxOjS7YN?F@=)xPt98OMo6#e+!H)kst_aO(P!o?xQ}*B9om2t@x6=!u!@#%**b
z6*2&D03T+9+f_5NKd5Y@ayf@Nupjy}cZ$l<D}3L(0N<<qi$uL3{%2fou=pA9BFm{k
z2jS#kbx&uOSGCp}7IGyMO#A7q!4a$b_Y}d+`0J{2D4K4U>&T13bQg?5pWubVls8%$
z_=4(%;JJ+&{gEw^o`IZCJDq^tHv>e`6Y<y@Jc%D14I@pukW5P*J$)4m4yh+l7M4!Q
z0vNFPmMtkEzeA^GoTJTVwjI?s{jUQYIs{kNrhF8fnE6soa{ta)^DY9ei&p{)w+oB-
z&9?y9fhg`<7P$FaV_c`X-5ZG0{mBd>U}F%vZmcOPJv*4zr&x8AY?SHj3x5fp@O<=Z
zX8x|4WMF63w6`jpxS$6em#o;dLV}HFztZi<*7eZn1>$M6srCr?C=txy*i(u7%(b^*
zrQ&1ww8J`pv@qCVeuh&?DvO%0Gw-JfjUa=;)9&y-`x0pO3uJzQ%aK<;jA?)}s_*V~
zgJ(~RAs0fLtG(S*W7*i2$p%E40dQf&=MQR7#CZKZnU3WM1c_xmlJwVjmbo;ymV&Px
zts^yX5)q^_uNS2JhC`p;)H)p&LvW)FoTG#1y5GE04KO_Y!*{Em`J`c;#(2pNiMQh~
z=k!7`61e{SJ@Qx0X#Qw((<!mO{s-P`i;+>@|DA=Xkc$Ck<)Se@Zx8UjaRvwRy|FB3
zW<d6}JCQo9wB~g<d1byRRu$Dyx^#WFGy^gKz&kX+^>e5=<U{nst&{|}x&+M8i9>b(
zdQIQ{jl?}{ltlrpY@uw+u?fA&6eQ*fzbb0O;~c)z#3oD6q5xU&tKMC&0j@k5A$1W%
zFUH)hXDB{?X5M>f<io$$<P*`DTY|BT71;SfewsX15UDeGG{5P*trs+Lk2yC+E<qQz
zwcyOD*bOW-%anq<)T^974s|%iJ5@0Pfg)KidhuE;?QH?KY+?E9?eNKVu58)L1>{Y<
zAlQ+{-M4O~(CI+lrUOV!1|YFM87K&31qr-!C3+fWD!+L>kjCTvT$2!F14zwMx(#SX
z=rrsy$e$dP<F*5KwC{XxfQXnzVYDK^h5*|1JJ}R3Tp{CaDP4-WDyA&s+*6&R_#PY{
zeilvJ?p2b=cA-FgWnq6Pn1y==SKHP_=>;D!dgWm-OfYXYWTD>oAMP-_)#Wo4H=!ci
z^V~73tSghuzY4<2Wx<QbfjJc{o2vDcadO>p+f33FP36X1;<P>gSO<)!rB(fmtXY=a
zWDbjPV@>7zrMqAP4Qu#Lg(kzO5a6-GRE!!-fc**P55?vdsa6|f{d?_Y+c1j;-%<!7
z(EHsm_Sjg7)$qBZ0C&~|^2xA&Cayf$N0_}KF4rVwcn+(G>nvuh)s-EQPaZNC6=l*!
z=NFTw#~|O=-hSh1kfy#ze}y>!&~}JrXs-|Tx|-b1_gEC7L9FQ?AN;b&X5t%R&ABiz
zq^Esv84`9aC3Xj|e`&Ei*<KW^)f^S1Vc^l9ZW<;|Z(0RwUEvI!$W5LcD-07J21j<X
zl3RbLPerna#(#Qzg|`#Br{OoUvnnz_9CL(BEa3@V2tYONymu=-6T;#eNL*}ddht%S
z<6^mAK+pDhK1iUyiUiy_G{+1MzRpp>-2DGfNDCu8VBE5Jj~*6-L(GEX24a1Gt-BtX
z5mEW1Iud*<24&nriPuaT0wmccpA&U;K8mQJrV=)z(5PMV`apMAKc<3$VEB{<`<tu5
zz%`SPuU3c*z8#q9gREw^3&c}EKnAxGq1pBEw%3uaS*#bb6)pqW?!TWA12tn4U%DH)
zeP5${X$8rb;U&?%wlMyKFgDy>V&Ke``2u**9N=75K?faN(mUO&dNs*0?{nDb>3QZl
z)VO_OHEhF-J*FE7X|VhJpUL3u8JV{IJK?wBU0E+)S&wNGsKu&#=NgJhQNIAx3CHkO
zbinVtmiBxo^6T%^!}tQOL>zm70&M0DsY?P2i)p-n3hJT^l!@j6{)cTati;7!6*NDK
zjsauA!ezA)U}1ToO-7}`TnF<lJvmTRdbA-E{~717l$o-8?dv2@6#UyOaTZ8^6F?y9
zzt3q4abnFIy@1g`Xybzo&fVE`#KXfPv-SNc*J!Cp<Wm8><9_<()1HNALu>?vH16NT
zKXuAtK3w45(Nga6aKU59&4P`DU9k$a%qd+v`dP%=$T3`5IRGPFItM!;8<!?A3iUgH
z_Qe~W`FCu5m5jG!YMcR*t-^p&KK`Aj1H8a{QF$9dSJI$L$SpJ38}d5%UnzC2Kj06k
z0Dp+-UIUa5Y60V5kXL-42h5q7w4AyO`G0k??tgFH90*NJTu-jqT>@x1n$q2vd)~#b
z-)60(Yc+lw?=qm(*$1}zESHD0_8E!T>gs607{p);1bH$InmX&>^>>IYdbGc68Fpt!
zfgW-1yt5^cF3SO4*o#MzP_*=){3)H)KG}^|H|6Tw;~V^z!owOR0gKFKn>aJSC3zNn
z(uT{o_x11eDKB7z9)J;c$6!{vs4+jU3d&D1O)<oI1Wqn1#Hp2OVw`z&v>_j|;gG^m
zxpFrb{%BiV$l25wHPWUzjRE8BaUfIdO__hH*5okTCVrU=cQ$HW%MYIgpbpOWG5Y#D
z26Gn5R`XoyS3UC0h2$$$fNHF1Euhvc8iySE4sf%QwHqjP3r4U@@$`O`p->PoRPz;U
zKpzdM;b>XRzw<gJ(0_XL)UVzo;{2^ZRe%<5#GJU(O3D$1xqSD*ER&DQP=Cq_P!z!_
zgVz@z9>Kr@v?I(9gV-wWHDx@ty0t43eBT`Kf7&i=1*X}?l^^g`ceuTZXNR*Lasn_s
zgeHy9Wu&Hd3PMcY&l3*an%Q-09_iZiq<D9~`*`7tgkhA*#Dqwcd-q5~cSO`h7s*5Q
zDF;*hPKZ`+Imtg$f~syQyNUK9=9=T&=S|DjoLF3;O)=0(Qrr$dT4XT!9kM*!m*IYR
zZ}v0x62$S$*(FYx*$YL0_%42xde$CQ1ca6BF&Yi#YHHW_QVsO<{uK<NmvBUc7`pxg
zKgzf5h64+3wcERIdBlsvcvg%Pem(Gn+x|=n;FcbY51$vMkB{x>&tmi<<KGE<Q`xI>
zDJ;xUnxAo(OG+rZj9XeLIxHm_jxCkTtbgHE$$1uE7rsr^rzSm-!N=v+C%=PNdylen
zz<)y`X<2wg*mzB&tE`yVM)Qt#{qQHe&(Z@;D?2ua!H?_^%o@aV_4}~ztZbw}utE=^
z@IR6MGz+~Z)jbIXoTztb514(WX%R5j?v97YhRrvqyEoHsxA!mG06z}uU_^DEqxG_e
z|Gj5@uHWD>L|NM6sMNG}IIWf4et#wNJO1y4N1g2kaYJ%(9v<qZi3u&+LpIP35GsrR
zrZV+}Le?q<@nuZ;!xQy6w;}!@LAhj*(|c}vxn{2mQN`I51HICpK<CsXC-w)lICBrR
z4E&KA4{Q@irwS+*+sB!#s)gDFHcAK5hINV8DO_#7dG}A-BdWw6&nYD)7J67K{7vN{
z4IS}{Eo_PLRaF);Y8pGwgCc|bIN7JEB|GfHgt$rHg1%nG+O`rkTu|wZC(j0_L9rcj
zpEbRs-RmZ7C`0fxJqxefaR&S--HI*=FZD*X1?O{zn&tSn;W2R8-j9~R<;F=j?F`#8
zOO`BQ0!y5_8fuKE5)7p)v%}~0tZ%n_Sm}^}D~r;XB5=b>u9=)(kONrnUm?s5%%o&&
zYPn(hQ+9w^Y((x`63P2g;=<&aHj*=Kn>rJn#(r*RpBxftnDRiNW5EHW^~m$44_{XD
z<5uW2Ax7+kpM1X8u*{|RI$Utym3!;G`XmUAZ~vw-b0?#><A#F5+h7tpnhJ;W8qTxy
zf-Q(rmq$gaTmED{eY`<P-{9Ez*X}IsA60J(fuFxG2%*PS;kApW{#k7;l3Ly;$sWU|
z4o<i*M_EK*G<oOFTSR>xAWTRd9s~;jWE2+mReC-{2}x}<P{zaa<l;>EssnTsFJ7rk
zdO_O!TOzt#&UVnf%iA6SBu~2e5P}#+5c5r<^c>bPSF-^NR?3Kpm77XX_MvQr_0*YG
zdRB4Dp}2zvqb|3(%Khc=X(C7-bo%=2>CdhM<(LfSt52560~S0s!(=uad;Bb5q)UqM
zqsB~$vX2Uj1?_(y!2Y;s!MP>xKlV!f<8gv@krI6Q$yS-9QblbUZE^j|{j<S6qJ0ba
zdZ^={yb}c?<O(!!Z?&*DTy7;CGwk+|{c?CExW9+wDn4<6#tGh$usf6Rv6?unG|%xK
zItbF~ZvIOmWM4EZt-A~VKalQ$Yn`7w=Y3pj#qgS#Dba^GXV!9CkK%uWm)PJ&tl2o5
zJ^Xag6_cbq^j`gHbs@(-EKO#k>_cg>*w)dW9TU%YYH|AEJ!)qS=af*FmiSPfH}WLL
zH%`A#dWLROH@}(_e4}#Qd>0q_hhQ#!>Y}b)&>6;VDr8xx620H|F^Ca85O1?_`Xtk@
zr5rEzYaXpVxOQ=r&k4{_dd&9(BQW8p7Zbf?rT~|cDFG+tCt(4vg`L|?`ORwzXHV@9
zFTuzHWbyJ6J|_#i?<t8T;+DQqm8mVIZL&gR_fOT}&4&lke>_e7JjWhuo~Rz%m_p``
z1rIS#c#HXCsVArMN*3K@C?oLvFFd5Cwc<OMl-S3@8&vjMA!C_b>&M0A7Ba(bB0KR6
zG<X8&ONX({rB5@3$+M7QLgBocmrK#jyeS#(yWsF{Us}P84WJ`|hO-%MMm8sH3-d~s
zT!6!$r=48vHUlKIJh1wcw1G|*^$VVo*J)FnYn*WFwvxJ#X2R4ek%1?AK9DCN7*dp!
z1Bxb}s6@B1hY1*~4XZ>~ecxoDXFGPd*F#bj`s<`XzVz%zB~F=E#)iKqUoFikaY^&V
z9?zLc|H>jX`1d|#6;><r2kDMfIdAa5@0ZGF`ggP!DI4f@1LL&3R#>goSr#-md>60E
zNw}CKrrOgR2GH#H@&;10;xbB{@HWZXsomz`Zpm9Gj7J<79B)PCb;>nATFe1g4$sJO
z#AvyIO*;3cQgZ!6FCfDT=t88k0~y3=3;EXHZWp&Zh~#3lQ=VrWe<{>)sy&^8?tl(k
z5o70x!#HyG4gXae(b?0Be`Y>8L*i`q>tGU;rE6_W)N-BIvr#jbgTi`go}}j1_w;K|
zi&l3`r|3*jyRd8q)qKG@>+R}V$1a;i6Kvx=*mCi8vrt83%#!frOtU$3rDywC6agRZ
z;qB*cmDQ6G`xtV;fto1^EBpBCMUTN7mC@;WEhZGbc^^nH*UNrc-teTsR+%L+$(Y|z
zDF|$QlBDd8PIWxjs}<*h#~<(L&&I>RSDoVkDp=kus4>vXYHK@4Ddm(B@{2O`8HosS
zDKGy(NSjN)K(*N~abgAee<+<@!w0Z#a)gq2xJAysoc|ZgBF^EINKA;;@_Toq`p3t!
zZz_jkY!kkwqMaX<o$?rHZrMzOmJg5L?fB9Y{fJn~QaJfq-Fu7S)<xwNidON>2vXlP
z=(W^`@OBWh&h$oBaYL%<jg{)4b#F+`VDNwn8LtqpmQ9Rz*cd{{caJJz8)H@YxvOd0
zT~Q=rCK#wHVPSMkRv<lXv)9yos+@y<CDcQK9{Cv4SnAk)C9EsWKmP-~<6H(NynkNB
z4t1T|?ZQ~^34dq8zAde6O^n#Lt|qCg|DbN$0>@v&7LDH5RZ7*F1beT$T6^{Hqsk0q
zo~LZ=XcsZiTh!rxT?|Cmb$LvyU@1S%jipL5bGF}ZXMLEBlEmM>Ao=7|E`cPq(#J^I
zzwC0;TS}s7i(K<;PtMr+Wt{k1w`Gi*9_>ZrsUH2;dgiFY_h=g*T;gT`9Baf`{i*qn
z;GSCM=I^&A;^iBjN;(J5Rfweci)V4Rqg4GXd^Jjp)4@#pesKt4EcQ7<AiKtw6<y8M
zhF^IYO7KRUJ*E0}Y8F6<VfPl`G?upz$V{Rf7x%Mw*)v)t_6QG5uYs$}(@nF-t6Sk#
zY5hd6g@x2r0$+vcf#Fu)bUp-`Rn7e`OIt}1Nqv3t=ByZEIv#-Oh>Fgs!1;1Y9J-P-
zi{Fmw_dSHXB~s-UQ3KLqVlOQ_+AS}965I%0pT}OGBJ=*nt`i@l3q0oYlJo}ES3+Uc
zN?x$KTD6^6CqVVs3HGv15rzxG_7=Mxa?oVAy`{ds6fk-40ax^lK2Pa+8PN4~&d&E<
z26`e#J7<q_gVKs+yZ6-W*Crh;-w%HnhD%~%4(rUn;LI7ylHOQC?Z^0hOm>sVEhnVL
zG)5Sjr*k`q`u}2U_r29r%EDKj&*#=9uy`_LzI&8}LY}&C$^5O|EN4uE&BE$Kq<{uq
zlv&g0@WJG2+1EAO;N<WRs834YZ6z+|kl=fHA&utaE$=h(;9=)(1D(>NLgc-cFkvYR
z1N)-dkCnkJ;#&)b^L8yMyan>(c7gtI8>dKho1xk(e?m~+E#T)lMT{`y0t$IM$KGYH
z(-99BKo2eQ*_df15Bf8fMBxuw+Wma78MxGs$OoiKPk|ewyKKEO@?!+^$<S#9rCQIo
zE_K9^PFne8wq3d24l8Zw=c%9d@v4@Y{qZ3aI4*4HdGVzqfhV0nY`Jn^OMgmN;BAS@
zg9Uq%SS}o<^$d|p@M{0#lCD@p{Pc5w{B%)yw~k?7DT|x)!z>;kD)&*SXJ>BS_zrL#
z=$k0$fP33#COU|*`dD^R;dZopt+^8u8n;`DBVTvpxif^wv+Q$3=0?uvR@~$e+?`1n
zY8CS3wc8bZWOHu!d!1jJ=6H;*`^8e7r|@!$!T*m*)Gv@HES^0ydStLS_K*LjvYs~d
zDS^f1^03;N>KkoX?Hd<2_q*bp6h#<Hh4);_4$`ve9t^xPs`NHPqP02$e^2BH9QFM5
zW*?n6@iezn%pZxj71Y<bJzE%wAB4z-|H<}9zA>y>UP*aA(+R}0RMeh@fuE8EFWkxq
zJTLE%>YYeCWn1{c@@c7}auv$PTx~UNa~k)dQ$*cu2(g8`S-dt-US&s|m0WO&vhX=g
z=0b86;s1b*>@_A~plLT4iRiK@=R#u{HL>j`c>7H%3|ZUdK?YmBn^nXS^ABIjR&+l@
zX~8g-W(%{I+zNU!nsZt>%mattf%J*P=0r=6OM$Y~AKWg1_i*hy@LvFgK4R9aHKiEW
zo>qe0KRn4|wBvBzc~OGaAS}#{6cOcC?R#m5-`M|R*;FUE5WR$Yo|}Y@4_4p>_a*$%
zUd@!}){n1f+N$^_-9z>Y-wwL`m0@TY!lq7)9R>Vy0j-M~^|(F|ivlh*_;Np;JK7Vy
z*mRbJ+mk(t!bT4X5&j4h$<AIWGCX{sbkS~-82+1tPFw7b9#aP=H0x-30_&E+yGRhH
z6^bm8&QQ);HQpec!v2G$8t?oGLV79U0@LlAM?d$@{6L(FYaq;JpEKLBW^9K*_K&B#
zq%1~dT(`V5AtIs;(mXe$dzX~hSlN>u;~2EL8eW<T^m$dR;>_hvK1{p3{<gW==roqQ
zSVeh2y%w`D8f+o6moi=Zr&~wHPzw(cA*d@AHda$xm<-pwT<1j$TJKk<|G4U<Tvpj@
zM1pjO&rM3{v%8=a_9p3;!XYcJGj}DJgHv^HyDBS4KpK|z(n8);&gA!RWvTAJ^g#<p
z$+DTnz|~XVzG?+XNk>PeDlkdrvh-hHOq0#W4E~SPc4NfUASxpi9dqv)Qo}8q{v-Lp
z!^oEgI*ZC2kgdIS>A&I}ZyD&JF3hAi(pN~73lKd%jbTWf^_@gpAF(A;hd(C6-4+fx
z>sX%W;xCDwuBZdnE6@n=hUbzPw-EHWYBP6V;Uks<{02#unoh#quVF~C?CvWe<8|Pf
zWn3|wP5^;v3~lyhdxMHUoqVqS>pjs(1sHuDP`rh`E-JcBFG3TIQ!K(%pU4rB<F$aR
z&5j|F$-NA;ycn1`E?A*|U?eeqQQ`7uPP0jT`+yd%e*GYX8p}O&$dfg+f8a{kH!MaT
z7h-tZu9n!yiZpoJZ_-WGhKH&wq7Saha+Vg0uDiYBU*-j#(2H%{J3h^l5+czaY{zL!
zQ)lSYaP|0C<b*@KZi$!A9aBO?TZv<@uwL<#V_$r)(}<m-9bsf8ZgveWuuk0UU<VkF
zw#ivT63k}*%{Q;o!h%11>7BZ1Zv!ySNw+pR!p#8Rd?{}&u5hwFFj)yl-M|YZrF`;P
z91-TvQ@p<w<80Ru_`yQ3fU)h|vgNJDeS4?e$nshG)PZkrJ1`j>CaiDp(|TlYqRE3a
zkN$PPP|HqZJezdS^i05{&Pt$(@uLEB`b(mPr7mr1uDy3DTwUuu>)`x7ks7vr`;?F-
zv$#Y1gJlaVKlG=QUv_XwB*M^l<-`Psjd1KurcneA(6jgt7X>`x4bmH#5|{RkpmbuQ
z)<h#<b%4^>w(QBbH<thBv57nz{O8!-hm-&mP@hy{6@9>%8d@i3-~n4WQtK_b$FzS=
z5t+I{5QX^`5#|syQodCZpIZBBno9#3wn%0ph6l=zmr=;rVL5WRBV1z*D8oRy4fr^H
zt1gz{s2*|l3p^K;=a&l@#!Po$h2hb7IjIi_zn?)vDq4Cj;Tv%L2y*;DuUs0-BT%D+
zo;!1)JoG~OIhMC$3x^*qyN5&a<D?Z<Y4TpUaFGS8R7fL6U;t#SG0Xe~$95_2&d#_L
zqG?#FiQ=HIO*`h&)Bf3R{*9+3JIW0Jjib{l4>Yd(W-X72<yH)Bdu)m438W{n1NKxN
zTi9vtp5vm|(QakrT0YwluI1L|KX;SB0ls4Ko2R#@yph9b@FQ<4@xm8I0o3ZHtnlsF
z6Uj}g<Sooy)NfZb$LhYPXQlM-;|9CxAQe)H(arZ+3;hdCD}(di6QrSov!Cak_7Bzb
z#O#MGrY*KQdu)vXtoe=0{LUq}vFiO&7V1Xtcal}r&=6WV5-WXF4NQzt+mY)DaPCmn
z14VJxjKeu^2YsKpAFn%tt%&U28$occ?A>GwH0E7r=ai{sRd9dq;tRawF5?hW+UdUk
zixm8i$>GgA(C~|={4p?<lq*G++{F&l^%mLjz;e{jX!t$N_S50>D%<T`_AEj68k%}6
zo{CnL?kj)dO=Y*e<@c+o-HiVV=Q5d3a!!YjIwEH<cEP2H94HLM>ZUD>O*L%`8fScW
z{jDaE8B<dU+pM(#UEAVU`vJDL)|)(x%cueY`*m_ttbEijrBbx%^f|zX?h2=aaP16g
zgzT5}O0O8V#7?8f+ef2_l}-|Y_@#fZUi1x*ev?&?k`@Cu&cCx5p)`U}6PqwpKHf$T
zEk90}&{&<VXzYw~n=V!#-C{D0HSRWAx%~g`(F*ohY+d^i>~kJ#CNk_%!nS9=XxG~B
z`@+D@ghUJ=yKTFd%ti>(Q3$NU>=X;fGVk0z!imh=;M!>l)tsIwE9ST4{PbF0KyPN}
z3m9&d8D^*Dp_tI_Fu@~M$WRepeajB-uwp0Ln$@=6VE+N)FH3tJbpQF|DIkko6O7HU
z!}*M&ZEC~cj+Uu!hfQ7#EjxU|w9?T8n|*+Jx7vB^Qiv*A<5^u5P2xONKJX%*Z<voL
zKrP>-mNWjEk||J<!{VEz$Tz$857FR%ZXIrt1`*WcsFt1s8x^#iLlEFc9Q%J7wB$UN
zy-`0{UrJQqQ@~v1evK}`?(*vtzp;mI-@jgJJwOm;It{?=gqBXk5Hs2<L5X#Xp-)Dj
zXACC4hL#^2p0Pi+E1ihSEJ+ZRY-wdXIDzO2g_Vk;axPNh9+}}9xI<nuFo#~(A*wF2
z3K22Bxt^pV`v2m@Z01SbYwgcJG#7i;5=lHM0Gq3iSO6oS*uz9D3)R2>)9kf`1uL+i
zuZdZTfI0!l)iOiqo*RiTzWfzm$c6hhYYj!Zu(aMxxEAnY(EDc=(r=s3`f4jLEB$#4
zxPXl!#s|DDmw~)}MtBRPB=%ZO<t3&8UIBqtiTLBo+CPTE$XNlQ20T)KkYKl4!1tWL
z#^qkNms5x(kt47pVPQ!rh@vmiHI-3|-i~gu1<NfqV@S;O1uc^NbF0?JeFQ=j+yOeF
zqRJJ)W|bXy`Bp=_n%k#iHzREBJjNI7Ll$#U%?K~O4kG+2^N(!~=CT_0T?|0#!osR;
zKzzWj!GXAu)Yt_4>6Q<H-gAWvrK7(ipZ}@^4HIBMfzxHapcx!*xkG0KFrcX&nknn6
zYG1a`Az~5_=M~v=D-=BzM?tVPE4jIA%Do;{u@v@K&@x#rN8X$_(2JGWJuw1TQIy8#
z3h4(#Qjy}sQ3Z$a&6Hz&5?Qame*wNwX(*g*E;~{lD{V2KCmzO0pkN9j4bK1#t;+Lt
z&47m2w)n@6eeL#q(p6@oHv1G|5%zI@sVkf8Tk770`!22^EX^Lq59p~u36$NjZ2m8Z
zgnX+qId_qpGX=0yP3|6EbRX-Ym86Bn`kP<&&*vp^Bz1JD+n17Eb6tF0Ce39jXvIZI
z4p=Y`-V<;eI)T51WCaSza|Fj%ojVUg;<ydm_sPV~pt)W1=<chw(Sshr1b(A8iGv9}
zN6#lVFoF1}#SVo>yr-n(Kk-2AS}-V$+yAwK<KMbviDKjyMK^u@{fA>;sTgT8!z1cb
zm8A*b3_;Zw168ZW0J%`DMUvY;fV2A-RwgSpc3=O#El6C$DEyf8xqA%bOt)ypZs&a7
zrZj2FLjsHD-jh-#gYB<V#*Y6?_jk`3s>L)j81hXh#}B}*&3L6PfnlG{9|ufR$Z}-A
zDmV8}zuaQhVgQ|;=;2dXgXVx)Nipk7u>aZls&Xa^>0n=i0R~%d0k45xQLstVR$R~b
z@AdS@FPAS5^Z&ivSy*nR3RYC%a&0w^#qZxX{U6IQak)qj_%R6)G;o5D1aW<J?_Oic
z0uomM@um>-LE|`cnUkTe+t%Mp8*ZMH#^UVVc)bj~-UlM$kT@;7`#XC|>$yR{XY*k~
z^p?4tUv@FRDh%2mop&z%IYbW>gW`BNcIJHX0868>f0_)aUH~@!uJ`yAf8h-veICnp
z{BdiHI8s*^Ml>oLk4*7Q90%}>aJVR8Z#}NFMm#6a)U^GM?RnS1jZjZ@pUfWpus(Sp
z<wx(rjj0yEgs$Fy0!c4PH+u)U&9AtN>g-5aA;>s={a}P0OT3LZF3WE@`8?;mktfS>
zW?zEQ6^|K4R|UKqVS9V=$7FED!?A2{a50!Y9%XOV6Vry$w8g##3c=)_lPJ&oPSm){
z$y)bIhZ4U34;1ujzY^Z_yua>QP~TvK?TELkL~P!q3%C}v_4mog8LvYcX{pu3(bW+z
z<V>$iv7(k-Kr{|*#5~@$hfau&U<P;+9myBcKg?VZ+BT!6b75bz2C1F-4jH5@S1Af|
z@#s=?UQ>PVGfC!=dQ%27o;GmP+xM=#fa>*y|LyjG`adqVJmY1od{E`{b!6lLofZPO
zEU3E<d8CPM*Id8*s`bLPULE+7@??J63iH$6ds*6gLxy>O*B`AlpP~rRbMF%gn3)Aj
z0H(KIWqu-ha5OiX+s_hHeFMQAxON~N96-I&ONb#lW+edYHE@G(G$p&+?Ci1^UXWSD
zk~J`~>s2Q8M7q53?aRd__bwTy4l1^+AQb4}{B|YG|A$P$j9G%)JKBA>{2I1+IWBhj
zNkpOVxY}s4xyP&r>xp?}&~r>@)wtdZGI)46{W(br(|C25l0Qx6auCKo#{m#RaqX2e
zi(G$U4jEtvf%o!aV*_>eMjh2s5U}gnfAbE%Y2N?rUwX~R`K&qlV}9<E--i7zX5C(m
znAC14i3xoQ0A%cK%?@r{;j=bue^H+kOpoV%c9Z$-hnHop%BAOp9SEJ^Zy}uSOGbNO
zs0RvB<IrD%JxijTJ7(uKCOId&DR@hUC$}2I$9PqEv%UP}&YsQN^kpi&E#K2uG{L=b
z*Zaw2@=?Wq;L6+oxFS7<c90gZ%GI23IldYfq492qy{$@i!~X`U&l&x7?8)<)uUK>s
z4`MdhP$#yjsm%wwQYp1|zCMUb_8&9gC24$nS#0Fppu<n~es-JRB{AATwtzjm&ahzo
zSZY5{b@6b`%h-ciq;P@yFF%;6%b)915I@+w7EL~9<Iwmzui>6O-m_1Uq~=Kx%c307
z89|*VJ*N>rp#!v8(pOnh2|Kzpyx!Tv#W`puVM%?2jlD8aZGYQ<YTKkiUTCa5uY+BL
zg}y66s^ry)j*}+Bct$$y2<V)*r&p78XHwd#_ZAQKS3KUN#fl8gK`SO4o`D>GO9<R0
zkKKQtR$-0m+_JRt!YNgAQwjpJC8-sY)C1S6rqG7-XJKdX+I+wQiH8FLpH_gUys46X
zL|EA`AG;#+Or8s7*I=uY6*6Gz!DD*zaHs4IbGel)$4Cq=x{I2ji#u+j$2Hh~ENbUW
zJvK*wl-Sp2lp@~&M}7X{%fG;xaA{O{O$F%XrQBDC1+qe7JI&ScZU-%CLl1my1HQMs
zwn6PRjq#S<O7)hmEV`Xk(WMHSs|DqpUoCoAca*R~#br=D&b@wzA%2bx-@Qxw$E(NZ
zPct_6FExq=Ji;hrABHK<ZZV&R=719%^}4JB#t8ufZvz&}GCP1V!m~%1@daq~!gs??
zd|!ate;3tRlAN^IN9CsTJcqWHFLZXhsTH*|R@G;k<3ef3ZJk#-N;CpH1AOFg--Wwa
zG>8U2sw*@57t#Py_x|px{X8<~-?HB)=E4NMsM2c?#CUF{tcr2+IWK1wIeSlHe4V!X
z=YxsyJnQb0m%ZaT`)9v>0vve5{0H|vr(_D@(U+ivSD2~dLk#S@xFi<Ixz_KPo%rC)
zjrWf}kw1V6rBXi;2#d4Xbk=4B=BOxsJTECD<R=kIio$u<(Kb@xGn@}|LuC0>P7?Ae
zf-4!zhBIhDu8iy;w+%4RVoW&T@t8iK@QQ-%FHK{J18Agqp=1t{{S?h@=*&q4wUxgk
z<)(wMIY)PQ=yV0`BWS6vHLum8R9sh(AeYp9Oln7;1o72`jQg;ez)oDA7Q=k?#!_E%
zARWJJ8p8!7#?#EU4);<am_0hQYp!U=fvI3}7v_UDnTk?|1mI=^-1l$5ySu<-x@p|?
z%ek5;*TM4M&B1$*6L5Wxzr9XR+%czSLAijO#pu2lwe{^7r2n9SeOb7-axV2>5m>44
z_9^_ro^5ef(%%EhOm1%rXKg2yYw&HsSF<>r?E;n{ynb>1uS>3F3%yu@#v!~+EL*XG
zRdQ<_jVC}F!<`u^%9o#1I0Zafd)pH~Xgn8W_sQmm*jp5*%)a+ZN%5P++YRk^ZBV(>
zjWBs?R+X3ml@zd<tu|OlVeG|t%5@QPgZVvkrokF?8XDja*SIu@zAs{zb9r_0{AspH
z^M}T_awCUC#YOP+2R>(ZVD+N+`bo9fDB$;QBi@=+7?{aJt+m*jRG~=ua#;1CZwCLJ
z)#V>Lu5GL`LB0=%l{A#L=NiyBz}YpU3y~uAUmSNH9?l;B4p58lw=S0X`oQ0FMS5r7
z4P`>REA$CF4XY9FYb^anO2Rx$**N>pLL8%^xK$0}14fLXWnPZxg>prL9Q-HYg4n_5
zdVQ6wHFdtuteB3ab8o7!dv5}#tl_$R0ffzTdCt2w(VSI%2?cNW_>nl8f+&g8gW0G!
z3#8m!oR@)1_H$RwPZB?@!s4_NN&Nvt;$_q(jYfqaW~bU}{B9IX1|q8<T#m|-u3U_S
z^0GzW^FU}DXU#}Tx9cNP3cy|qPywk#`0t?vKo1t{wz!}9+{Z;2koVagpz}6I-6FiX
zIBDaFub*VHAML-+ibhq?g*YU5l3oo0RW{7sfsu^21#RPunvnwqYo}?D2yZ<`c)PC8
zM*0`XE35&nXC2!;21Tau*O*@FXn(ck^c=oZG5`XY8$QObYSLhUC#v4sslk(iw-S!k
z1>ed-V~BsQM|pYWR&oE6cD<bisE?;&k=P8*-H3WDFApn(Ka9)bxYeq+{)g&G);08_
z2QB~Vf+pcsGc3ZX(6aoELhYhLl|sN+_t@MU{{ow8Q;Np=71aF(S7~d!Avxz~$1zWE
z*YDxCoX5wmZgxPPUk5-G*Q&}OoDYysH9r6_Ufm^Q8J{>eo7T4~xN|638y|DjH+Ttt
z*Rx>e*Vp%;;-jn8K|z=J6xaClHP0bKCcl%t)^Rb6C9fA@StI@jSfs$dN)l3g=u?L0
z_;>Ik&H5iP8@g-;yC&*6H=f=OH&r0t^Kqg;;OHYyp8%RJp~y9USQqNko|(sbuwD|2
zg8C%i3*n@nBYY#{r29pC|07E-`c*-lJCveXGbDLzf*J$7-{wuPaHp{U;uy~#Q&G<!
ziDH#qpOV1@^@VbA7R$$Bir>e%q@VQ^9OcS_#usAq|59<((VlZ!>rMApuMecV&N^7|
zVa~)@W1~+-pEp!*!sKzGxd(m6(IwqGlH`DQ47ozM<Q9)_7(p>MbD7H^s^?;q*jc{)
zmZU)&{7HoaW#j1&6Qkv>8r26rE(OyJyyjZ)L3PSOcG?*i1*;x-+Q#F&X%->GNB$m8
z@2t-cNz%-OeMa!eliDkVHx_W1A)E_QuKHlh_QAfgizM*w4`LSQg-&?7js#>W@7*Mi
z`eiNUfUVpbnTVeQhQU9vrj{K_3TTT*`A%KIeOLHUAUSM5^v1mVh}Ajx0G(DvnQ*RO
z8Wj=q5PrRYvbJt*bKb<)uJMMeE0AI7-PGmQQQR3XTMDY|HBj`~D8Y#P{Id&&_QL(f
zFi(aKLD52mk5~=9^vV0|F5UF-uaSuXJr=cmrLb(sdwd{R0!!ntmP5Q{dh@5BLu(RL
z$P;)}4_h!EBkplH#|`jcNZhWDY0H>@=cmC5r}Zo@%c6J&_=zqYAL0gGH%|mz!0f)_
z;<E#$19%^CSJ>}7G<ZJ<;n7RY_1%fbs$gh7IKEa)+l*rCgG6O56l`CVeDZ*;{D58g
z5u&CZEbob(7}EIG^=)s?nPJ_y3W|@9PqS7ifA>@{VK>%#SYOj|(o(9!!C`1iC~;4(
zQ!ZwRH$%0<RGCLbDl<jI^-0=9L8HsuHYnA;z;xBp;4Y8NH;~Rv$D<i<V7MPpwBPT4
z^OUwSso;2a8|2(jvN|1qyPNSYMbUoO-egv3G+<sF{zF|hUO#_q`JDU&TGmsUku`PA
zNhKM_SwITyGIOxsSS73VOzVC1r^HAdge^KcEbJ%1{E}G_28rq8KMkPBQe0PvHJ@R5
zdS0H$_()Na$TjAB&fTUkvU!y6QC5UU`RC6hL+foE*I?nS9<qO_M6B#&BpL$})Tb0#
zLj0*MjL%D4TDBeLtEu13QdgNvdz#KUHb4I8=={_T>P>suW7K`;K}XJ^{6GSI(eHE2
zk6mOnQgY?xnXzRG-f%geu@Jb({lIRZ3>3<}|7@Jy|6zTz*fhLwx;kTGyu91qv-IPs
z-VHiS+}1D(3QDX;Ci?0=7#=0=4zJ3FrcWil`Y&{dR})BI2-Q-3Dk&u-FS&)0c*YD%
zC#EnPCq3G+upYb|Luwm8a9LB<qD4VaMyPX20vq|D!Wb?_;;vN;OWCm>#^UR`+p9?>
zp$ad6I?|97`CY48%Rl%f&u8&QZus{0Fmf@FkNR%dvV$;NJ!DX-pA5hLQXl#<5IGc@
z+QFIVK43`<jnyooe<6)>MZ;L-ioii**g$(av&$vH{QJasL-V%P@Hhbjr>ly8J1G0n
zzp0so)lt@QZwI675_*rV`;o(75&tvBW#t(M4kC+zja~Sa$D+{k;FJSb%jeZon$gqL
zm2q^v3e^28Qq_+QuBspV(mSurgN0`en$w1&zzJ=dtcik*0GRi-gX?FL3YRe9t6Iu@
z7bYehh#>mmD?MGQd4dj>A?xCV;9?4T3iA4P-Z)G`*i0HI--W`yx)uLKXyeIgJaF)1
zS9Q<`O=Dc<z@i-}lH94;z`z~To1_>P@(m{%{k^<Mk;JLxJ#F75n?JO?er9r#DA*;l
zxWoESrYM{9$$qL|pa{1WA_F-4+iS`$aB+g>ai-GBF_QWGGFt;ET*JZ&2jO2g2n`P9
zX%$yTMklZ2fIcrX#>eQ7sEPjIXa<ZQ<871_O%avE$YNB6V1<3>H`Mhd4dBMyW-u7d
zh3UWEz4=2ZV>_P%%A=#*T3Yq(5Ybd}xCBhl@*C>m;c_xIMk<C`YjI|Aj`k#i6avcE
z>gI<v+mOMWX1!V-cJj;1s;S~A=5`MMk=}LheaDCICas0J?*i-%`3-Z5M%x-V^*#{W
z1F$e407Bru8fjMW5qi-afu5?7#>GV7t2yLsBDoR-j^B%I!ihVu?^76xYmI74*J(Q)
zT*9l<loarB_S(8UlU<xdexC|qF}O%txsV7GpM<1?;^TjEGRFTn@FqyA!57o_PU=S4
z+tLIVJZUF?;LI2)(wc3wFyCoy*fg*yQaztKQhG*=&S?@lz}KoILY3BsqH*~vexm*c
zY6JwM8?ujbyqZkeP@}eBHEwm0jcVQVGFHgj&FMQaF;4Y){{0DP+<4B>o{2HO6_*JJ
zWNgLwnRZ2c!mc2DnlAALPl^CqKDu)nF>9O4<^=bB&7dI%1=4ro>rO#h-Rk>fgD!IN
zdP(-Qm$x<Bw`j3^Lnpna`r3n6uP@jqc>+h9!Y9fB3L6*|oKF_}m)EjDO<>vl(~~s@
z@b{%987DkF)xTznX}9s~vtP*jUgYVSu1qE~W=bn)Y6zCyd!0G&DfXcO1qVR+_yo)e
zMf(VdF6dpi@2!X1zozM&T1M21;MS&}t=qE4#*UMQl??*fBQINi=jhqXWQ@Dhf(|s^
zJ@MJQk=zn{2o#oC^?L?l3kww1#Z_C(UXXR+%+uCotke`#SOTZmy!Xy<@9c{L1+$a!
z@#Dvys-lU1SrAZ}Tt#+jqm#t(uc2RkS%jeR{&Rx$ZVdR_Ms^;D6|9C2HW#eeMu@`f
zU<bdf`1?eI*2j%79Xn1MuXz38tOAy%iQ3xq=I0Q&#U4{RIrhWo!RJY@hH0h1;1+fr
zpUkgr7j;%X+ei3@Ny!SxUIa`nmmYXSKqZoC*fOua$k(&`pyXP778sHV?BMu5`H{Gf
zg}Gqt3u@BdlI3d5q*xSL&4ThCfQiu+p2jfa1arM{f3(4?$LtNWMt>Dgx4qS~m;6eR
ziy%m^zbM9bZy=%&ZUJsue%amsue~o1r*i%J&u;5%Bs)YRwvwSToD?$dgp{JxNwE!e
zDwHXi$95Sym2y-^Wh}*MFh!Z!ahfxiO&LSxDMQHcuKRwr^E>Z#eb4v*-*vs`uM>~w
zxrepZz1C-a*1At)$HR*B(Q=(rK*6fF#|4C4_-fw3kmWPbA$?%t8Ee$FJ4Lj<`4dmc
z%#OVA+IL$qEGoz}Z=ar>&e<TH7oUR!2L>$#0dsJ78%8t`qvGmB_y%>6m~>P)03)oW
z^bZV%Cd|)vIhvl{$kgX+oSWNb9EBttX{QKcnT51vGP7cPC5Tb_!zdfgGP$s`uZ3z<
zj<huz0Dm7lg4`mL?a@1qjJ}8=@vYQk){&nzJB5F4DbUK@qKFzipJlxwxu!SC={5In
z!3P;_IQncz2D)+yKB%#+^;;L;kv~u85E)8J>_IzM<&cEAPNlZm{H?`4q!P7VhC@z6
zBCf3{oea%g`G6x5`Yxh?<7J>EgJ9{7&zy9{1ozt;-{#I-0As6Gv<?Y>>li7xIY`1r
z+uw6qC~jLKjpS<M9ImCOE5AVRIm#=;?h$WE3)|J6-$Y0^q(@toJFC?=ycU$iwgo7!
zaUl?mHDXzprc}E-Rg;6}1}ifPYIEb7i9a<}K%}abkih0-=HT`SlqPMC6-Sq}QeyYn
z`5oB|C%JBWgDG)<@HNg4IQq;T%R;VI>s}^1#;Wamg4F8#N+V)dVlgifGK7uN6KG9g
z9fIKu^xr`2>3#~Li~+CL>~z?6LRYL%eUAVXwMg;IOt<_v;>vD%E|uwnv!Qa7%e$9`
z@QIJgNgP)v_QZ__Aq|Z<#i<V45Ty;LS!^8J9B`9WxXp+3Jvg}caOsf7<K+~q^c->T
zpY&u1RW@C>*O_q@Ay1tz$MXnn1cDQ|&0BDjZxFj=6!9@m$%Jx}Y}o+(dCzA<7f!kh
zI;L1z=g(*rEI}0-W8}2JB8h2nb|)c|aAhM%U>)vU4x_z|Xs6N&QqBapma-f|j`obH
zFXdRC8N5!e10k@xuRH6PVwbW;NTWnoT-JU^4X1VpZrFnN#hN}w-JH%sh13R%WO32E
zWj*Tmpb-Rw2v_Ot`yQ0cv9m%(Rqq(NA7sji6=oIrFIW|B;hQ(bc!7h!tKq&~7H`Hs
zGZ%2+15hw-^x)yW5TbI2lD&TTmGadxh*%E_cuO!Fd1QWTy~p_bmtb4f(n>7!-B)w+
z;AB&vvIh96+7sKG3^^<?u8iwyM70m=H<EvWf5fqy_B;uc&a;iYGjpS58M7zka@tj~
zKX_q7WXIWSeS<(ubFr%?&LAd=uQxY@5eyp2Wz(f$?-D9ggcz9m`uaYO2CQ74o!P2(
zevMl!YY?10r+j4t3HxI>tr{TjHZrZhGDc$BEy)6z3efBaD7b!s@4p4pk<0oL`T$rK
zUX!Mn1$maWgH)jP#=3OZ*Py??9OoiOMfJGaOl>mYO8!IzDWw`BMc8P2`=X!;jvyh%
zfQ?yGS)7T_lmpDC=^|x-<el7&p$u9H$veo03c)~m`Os4FhF3TqV$V1J@X2E15rOK=
z-SGooxTh*m4I5;r0s!69jf+kq)Z%y2jg#vbB~Mqqz43DK6~bj~B{Sm&nxKI48CCuw
zt4PbN^ii~xp;+2!Z1BVZ6LXxO&bNG&z5K-k&cvCJ<79>;;D6E1u>jf21xB{Mj5J!8
zL<-PgOA8A84Oc$=S#YmxlRwf|vZV;3mV*E5I^~0!@u45SLN!xEzhZ7HRRj9Ly)`(b
zq34SaO!)N+A>;V_w;Q)ON=JGlP$9(rs`{wz?sjZ7DA*FuH5!B%6HzFt6a1S$v50wr
z6s;HY-TCW<czuv_S|ur`q$HuMO-vj(^`BexXdKlQHh$=0J$JP2uXYJMBrs4wSDN&|
z_fNnW6nXwZ3UW5FTZVY_OsMYhT_M>Lyw8qndu0LZ>m~KJxgoQ^$EL;|)z{URb5Q^O
zX&sK9lE3gy_N_vtZfMmY5Lo#zd_3me-_GVf(x4!40w%O6GL>(i5rTh>Tvu$#ySOY+
zZuJR0j-grtBBGkOl@r;mS1D3ibuevrj$dv&Ui(Cnz?_eWnr)#{cQ?OQCF!%3R@+ru
z$xh!3FLAxeawy)}6MpMOCgt}KVh_m6kc8}hp@s)W-Pc+=%>X3u^2&Yk*cv3AEs#fn
z+t{nhtECkaO1O^&&Fvnm`!BoPjGw(bg0!$Uz|CdgWqno`CelL^8}_b`E`5q~)$aYL
zy|6H4atF;%oi-j!&ZfS;#A<G~$xUT=*d*6teCr~pIS)#SMvJq{Ii`=M1JfmnZ(%R?
zFpK9bb0@}kEd=$$nXJJIm&w_#aFpevSMuV6q$uxW)-0R2h|kup=yY78`d*U~X+>gD
z&w<Q|&hX<hU0T&v=5M!-9M8~vmAVdQJ9dv1CnXuyk+zGEsZBwifn*rE9S6|2DAv??
zgUVK|SaXjfSeF(tkyqKm&LEIbbCE-N+N))|7{kf$HzLM}-$7bl%r~2M^e!8KM7oa~
z&t(xqC?kV2+X`?(_`nk))lD_t24N!i0ck=__d#`z0+7ZI3iip<KBJ$}W+svf))(>n
z*|vU9xUM%edw4UtSmEB<jCtexFFjAY2Raew0r?+wlK9-gw(}rkM$M35VEiCKps-Xq
zzQ`~5nkPwTT}IJUp}E4*dnwb8v#@B20sAMGA;6w~80WZ`aAtvy1U?Hc=!8J{9Nzkw
z7y6=>buvgS$Ih{a^mKYdU3%9tw{s89O>6WI`iM;2(LhEhv6U39Yeh-AcAncp1uob@
z((enqS`l*!ml6VL5pyd|ekE!Zpd=H(Bw;TvFTDnr#Y`LO<et24o13zM2=97@slmXg
zypr>18-5qm`f~0;fcF|QpDK%%wYu4g`a`n>_|)sWtcg08+>{O%krbl@Q>xEQtD(<S
z|M)@xXDEd9@R6<33g>$04+b(u-t>>6466KHNR~7N2bt&9_(Vn#N>?b?s`T!=%HxU4
ztf9eWgSYZ(P@2GF7XV}6G+1nZda&ofwNISg&;_c`9OW+)V&0BSC>V7c4|Cn+{mI%N
zjV~WA%Z_QAx>o+!d;dIecb?g}hWnT3I4|G>f=qB;%iP-Y*&N5r!wlRC{|QUt;N8Q_
zyD^gCbL7bakYY@3T-P61WkL$x93NPeQ@}Q{uESuP@nPTq7y!}7IB!K8M}Yqc4pTgg
zarmJ9)v9*&mpTL%`02M+el`Q0H#HmkMedSfMotcUl2n#-bS=K?g%UuEJW!TDGgbQ2
z=R%Gx$%n;jT<x8T?K{(q{Pu=>Zt*;0U2weK^GswIxZ$eBW`1vR;EO}8zjpEWHHCg7
zvVBb-^w0`*N7C=#X0)V*bZGuPUt5-K$6zH>l2DywlvMdAof1NHX)@`S=;VO?Q0;rO
zsAWjx&XeAF4uH%0lhp^DnupUl7LKgbnuPbrRHE!IzZ&*&gQ~T|;cG}DBMq6NX11Yl
zzGT&J30#w*oH2evOM7xw3|e2qui@YBzM8w0FV}G9xe1Vi*gJ2kh!Qe4n%mqbCor1Y
z9Qat6(K?tOUv4>^Lr)G*(C*Xp4deLtnBK$wO2@MStQ2f-MSVy&CRI|6$-C~G*H4~U
z_hI@W9X<;JZ!G9iP$1~i%-bNG`=hVj$!j-e{Ujy<;pF(d=CcDzp4rwB9G_SYOk08z
z(P@ZQ1;qSd=lP@g8zN3&ta;Nqn3SA$;UgK>WLZP|32qzh{WXnN*jzXBGEN0N$a75$
zBj_g7*NFgqE|D{g#=`)t3!u#0+&hhR%y4w<%Rf2$q}nikw*N{~)ANQnaUD34>2lmr
zuO#=pU+Vp2r!!|nDO5OHxc?xWa;W(KL)k3+LEi5!n^X6og?$~#I<FTWo~r&?toQdc
zVQXMuXN0&_w{Sy?hDA)OtbKS{?+r0Tw?JzV2KH7}duu*E$jE|F8CQBr9WaQ*8mndm
zzQ{kJM+KO~uXB=yT*;2_HX-Wi0XwBPjNXxgUv`Jl&DZ$N_I1wo)wyJ+<IjVnYynGD
z7b`(fg!0!zc|_^U)Q@m<<$n^0z;2i~cVk3@b#Q91eB$M)a7l!cCpwVcL`MT-oj>j4
zBSZ205klPKVKWEw6l#y4smVWNy`H2)zE*!<xGQvV2J1xineb69^qIKG%}nD%ZaSbg
z1AclQ*zDxXx%G@rsc3GkFIwh6(EO+lfF0%@$E}NDIR>$v%zF20)6fO14Nx38IQK30
zl=G>ZutBpe@nKM`$O*;i&&el5UX|8_J~$Wg30m5s^&5i7`1@dE&sNZFz~zA5a$iNG
z#-gfP94@pXQyPnAHE``pcQSN%((OGl`Ux2srV=j@Da!yjv+if2ia+$TT6k5$!S}cY
z5Iyl7c$Hfjt^i6gM(hjU?Y{$EA1NM&t>upfh9{dZrDdn?BmIUGRvphxR-(1oOJ};@
z&kokHd~lFg!*4rb%!)R&Uh8O%(;~8cBt98$N_t?AcmsD3MAl$BL?=gc<hVsuW?Xn1
z3)*MddxD)|hZ18*7Ooq^z_7Y_ZNq7D@XW=)Gp{_0Zw>(E=4L`!2w2HYeAd;t166kh
z{o71kk@fK;t@mkpCFB6<=U5M32!s2%{Odv4i(7q?h(YO~0>XBoKY!q1J26cX%ENyj
zVRCFBuRJ<FC7Xh6Sig(A=WyE;1qj9KeCqd7&&Jfo)glP+jn=d3c6)Rixvj9!h{FCV
zN*IH;6c3b736B8Eh~?-^veNJ=l-#slk?Y;%Xz`it^E3D0mO)btZO}8x>pynnpV@MK
zgYGV+y7%IWXwy1&vTR4R%abuBl`hRa{Zro&5OV!1O^L8okhDO^V8L4>(J95M8=3w=
zZWi@hP~JI>7mVmKfNs(zwzZ?FfqWorXJBe;3>qZmn7-Xf7a2$_zcH}&;1m)>UXKV0
zFl*?pa5%MYdA+je?4dk|p(XIJ@J_qVw;n)ESFDMQAlNz`K;F}cu04sMbCg;EH1J4(
z-=Cb+itxeK%9eOxul^;?zFgivc{ejI!E+#Z^&h~g)Mb||IS|93UI0rg!DGG>z5*)b
z%rt)>4B@e0Z{SB4Z$rE(Rnp9#-WquuTdMwcR+;7_1#?N%AU!SKl{-<s3yA11#Im7*
zD3V$Uu#a6n?)=#2x+sS+J#f<9%54hYs2_!E%oSia#U&NQtzYL2jU}qv7V=a|mGpXK
zeZmok5|50n+F)P0=L64j{6a2LCYYpOITR^!{zlBiae42ZCwdzv5=?pI+dnJx9L+gn
z=KJkv2^VTFug`<P3Mka#+j8POfus2XbXxIasW=Wah0X0C19<bcltM>6KVq&K3gwpA
zs`=$Ol&Li@<D2}lE&Ms8A3!g8c2`7%+}KcSebO3xZm@-xu!W9qE)t$hzI>#%nGfX1
zx}^?$d3323yF?xacJ}`2aPZz;>+E>%CMjJ#r*u^At)b|di3sSaum-VgR<VCK0Yohu
z>pFCa1Rth?9k2?n--JzYK*^De)29&C@oNmGI!5ki{uHeJuIKgA4Sb|#+ru}x1Cc!C
zlXeRFwAbx|Ry{pxGMMuPTet!&ZdwL$BvCw!FuP{z=pEGvN9<nZ%hHapw@mAAo@u?B
z61p;F8?1EVYl!7+DFCAz%Bpx_Nr*fJuVI*_KgS0RlPXfNC#<3KG(IXKe`T`MqoRsq
zwo2Z)<7q-u*g4l-9M#eEjg9V%(3A$Mxrm7JZm+uv&YT%q!wd%n3r`SsQjR;V`Os1*
zhl_JEx58p~gv*=9du1W5TxVv~xBhd}1`c%gLI`j!K1k~R4bPEzq2!K{!K2PV!<0{6
z;M$l5VYVbKf%N^xczM@fUcLte2G@%=bt+V$V8L8S-lADoJ=Z+-UR@XqeG}GCjU2E(
zHo~`xpkPMk)7`^|KPpF?yY9g3o2u2!uB*18_dK#g=^JsLXZWgpX6bLZYDG*4B60<&
zcCmkKk&k}@!2(nY#fCk+iC<4kB4tI`Z&$RAed{pffzjSiD<TU|SyW98@o5KUi#==Z
zFD!Y3cdf&~ZUji;R$`TJ9F}q%1Pv$>nv{|LK`dDXS;;1W4+=}Sir;9%gJ0v;(gb(x
zE$5b$-!8dtKZ+%f?ZE7tX(wH+)itOVA0BLfuu^2vBJq<u4YnQlUyMHTlXZKQqRU>Y
zBg+{3r&IamW_Ua?kooF+e0W@3)5PN6=!w$9EYYQf0`Q_pE#}EoiL_vVk5@?Xb-B3n
z<69so5^GzP=Q(t2AXe}q4Ekw$^r)tGI|}5FaC>=wFHJHsuh)k<sB%aUzq3#O%-@dV
zl-D;|kRps^2oOZq|6P29i1xBwMx}XAZ*hqBkpf)ao?m~JEYP_a?w#OS!1oE;fY+o)
z7AHzS%sAjIF+Ku{0BvmK%er@!*ok$JcSgoh{(g5UvMb;xNzV2xYjer%O5NjqyUW=q
z0@~}}<-5FxKWvnJ;!=g(4F1DJXc$r&8t1ndeFqwJp|nQoh<2M_@Cr;h>M%e_4WB8-
zgO=Fc_7-88Y<Zoz$vNUYhBsVLhWebah?kzW?z6bM3Iy>Yu%sF9ebrCm?Wq#}bAG&y
zKHNaB{R<@{{j6EwV(6Z48kn!$p<Grm;o_}z#}hpY9k?KqG5geEgiIul$bKkL`Tlh`
zCNe;W9%kl)J8q7@>iRLbkjx}%k-%ub(os&G*577xq6R?#)Y8z1tyg)z86j&8pMz|O
zI_CCZ4?F;S;8o~%ObLoiXVCYF33nC2?cHIlB>%UD-euM?XdsHH&C9`6Y+nw9a26uh
z@Ayaq;{$aeCxLxf$4LhOp9J2Mp!=!6yrR$3g8NyH*Q%koXzPLVFYy=yaoJ))9`JMq
z_Fp6h<&L!IlH+Cq2chmrw0soO2O*1j!{X5P3l||wV-E7ji#O@~uyNU%SD>AnR~VhL
zw*}sp5v=1q`}rgIm=3T2c!mfv!Pm>8NePfq%dH#AB6{^-aXY55__JNCiRRejcV0EC
zFIZK7Yzu*;F~EHq`)wfn8;~*FlkyzDmZ<^#zhq0Hf;iUhF8T@Gf*kdvWapGEA7nqk
zZ!>zA2@CZ)9tg~bfRuQv=t|FWSZ&yVs$Y<C{&p%Buh%gPs2BzUbWL>AvR*OtgoJXH
z{Er`#+mdF|L+O`D>1sKpUq{syB?mC<`uaA@u6=p{+{(wECc*GJG^wSC@?a<EL7+m%
z_CYo{JmTe<l=Z*NGhTn0=|(&i%jLroZ3nMQoT0VOx)Uh8pIKsKZcstcyK$?b@>oga
zi7#SSP$oliR4Xir*jh(HMWa!)u6T@pG(J`vm%DCn9SQWN_^-`Y8lIdRtrPIV@WioQ
zb_4HT09A1TBB4ltkq)?d(HYGd)@MIzR=3gm_DN3EU9@)iTSFg2O9kGVk5jBy_<U<U
z4&E55`-MEI-AF0o((C=5CnfWu63h#ZYR1GO#sjeyJo%riY^e4)gs>pXOy!q0pNS}T
z(bm(Ls>Gpu5oY)+1*)}J#X<K3Je0(C(CF22Y#QE<ZXKx16jobRne?!3LlN6o2Ru^x
zbC4Lmxg`##C(R_~m7CYxD1$jfih=d3$pzfG^T|~oRaFH|0xj6IzSWjbEN*2Jp_7M&
zP)8Wx*x099P2)pB4(JB*)!wAvoA|kGC5G`;I72*-)zd1$kt|}LMxR8opozTT)9(C)
zAJx19HF*KXwZHcwKY+iOBwp>{LNUlr@<B>KH{z^Th*?r6>S^a;Yd7Az8&bPHK|99q
zo50KC0U?XODH}&H?i!W@!%+zQp(nM{1eNnw?uiL~0L(fwU)3LWVh*In4S#9q<9OVD
z#&%#SV{N}1Hc8&zWKB3w*5E)5P78MvYTm7gyhKQ4^Ni1(boFGog6{3L<LW%ir#+>(
zwCP6@w+zbZ(AJX1i%+)i(}nDz5`oMiS%l73F2A7r)d<m`O;L}wAN(e5aON7p-OFI@
zuUuX+-0x9x3XD$hGCVCsp3P|`X<O3D0=DL?Q~Ze&{SJYrkBP!~I~}a;oZRIZg}N=%
zJXg@%nQ1)QzPVx(QJ<<sfVP#peUd61gLZQp^OE?PBLQ#Q{WocB$tQY?Y(m{VrW9(n
zVM&R!W_Fs?0)u9A!RimH=tuRU^-T@@;I7`?)+)s8C>rS>`6~C>8S9M`55OHE9n<eP
z7!p<E5}+Z6KM)13=p@59^Y-zDlWY%D?yZsinWOoQk5aBS>NIn_6jR`6Jq`ubI$k{B
z?)AlZg%&ZBAlAAXl}V7rs17^9AZ`Y}2a(6+d5<pT>yBd8hAS6*cyc0Z<8c4)-wprh
z+R*}kzV{@<ejVHDjb}6`X$CEMK{&GBZpD3Pkh8h;>UcP$WYuh~kk&K%d1SoLSyBQv
zCNjoetwD5nnia`H*OmeXv7z@m@)3}j=|JMU@y!0@GQ5qn7+eNF(`%rnm4cHuR2x^9
z&{Xzk833_>fX5Xs3J<=%j!QZ;^lmK_e1Jua0gWu$>Pm18$(s}~$s1}y7OFl%Xj5I*
z!^Nz+n1SKm&bl8lkFm-dk(cb4F8wI}Q04eBO%K9n8Y=`$rPAyU7ak<Dp8~{0DAwKu
z4Jd@xYGvJ(gE9EPz-KB-Z!1%L1dxnABE1>^F#ht)d25T~o?&A|Rvyj;vs3=A6=OHC
zz#p@OA{%9(lV0!9?S-p!7Wg-M0gaW~7SnDkQ97#XI1^yb(1n(8=-qH_j@!nar#ai0
zjQaf@D&G8&ljD7Y&bbKR*SnMprJigOnudG{<UmbC<;wbN>I?Ymh(F^ZEr;!2OXDTd
zDU^Wqs0$Kg*A|F8-M3jW7N6V3lkH!6Ig>Wk0lxE6*1#Kl<3bix-azR~F^A6$@1KOl
z9@%3^7zXkx=>DbP1hT|<WZ{F>j2=do;Zof!X5Ig`&%#Q2>fBi@HczDYrv6fjJVnOD
zX=k+)2FiGB^kVW1-&#&<1(@!BQs81-J-mB-r#%ur4-mDxC5xM{wESTGKvL5n2+0MA
zmLA(b+V974nmddjj#c09NL!F3p{z2*E96L$eBxOHJ1)7|NNGL)Y~R-hk^a&X#lh#Z
zF9q_p`t3Sdto*dSRQTGt-PuP76Y9b%BjqN;VYC3la!tmMGm)W^+QA#8V?%wb5J~}*
z?I}`f4#xqC%!l3T{c9B=-v}to^@2i*akd>^nP}v@K;q6dzmc!p+o}~ha5N2`n?RP&
z2XMeGj8od`8hJKP(8EY*YM|+h>3$2u#X<vCz@DJhoAA};dvNhuq6rC71cT=9ZkL|}
z*^V3j`q4`y|1N6zEuThj&v!`reQBC{+BG7D2wV4$ZfNj~11|zPFR?{$6TAz$H`yjv
zD_d(=%<<!l{joKm5kS3QG~N_|R$-xPDyXF<8pjzBfViwWL1N9Ss34Ckpcx2Uw+Fi~
z$}K}KxRAh1w$<LRq`9~@kq?lELy$y8yg*E0Atv|FdJ`C#+xWZtDk=x$u!LF*`ivZS
z)2&o(fA_F0<@H~iyU7TYhCL659yWZMer22!FMl0a5JlesV!KFuDCiwQY=7;&xh&Vk
z+vVtqmq^M9CCh-6ih!{Kg;qYUrVngz$qaFm56nuD{CmMQ!Le@K>AV1p?qRk;CZH4e
zLPRM$B%+F%iZZ5V_H?cKV4h5Fl#YGSQzZtNgbX|t3dHTbiOa=_o}EAi2U&XjJ|qb5
zCY-+S(@jIB&IoZ!<Vl0|N&G>II@gqN-enB=|A4m-7}b6Pouc2trNO0nZ}i1iqNo#=
zyb2}Q1{+Q-AdVEqRDkr-ErTLB1xdFDkl6oY!;+_e@Nn6Z7nVzC<*FV&3zt8y9LR7a
z0$p090=#GUp707{NMBIabhgXkmxptQ%?le4xRS3x`?-G4?BG-9<^ucl<0#aKWOO0I
z&-#cyNe%&uo@hmyTUWEN?kMHQyi@#->fU?Gz-{Xr6R+0)O19Bf9l8}Gyc%xIU?XOA
z=<~K>#?|UpBuTLE{ebq^2VWV(wLuhNeNMJr>90e$g5WT<K43()zu)H%Cy}pruLZh=
zyU9I$3im`-bN``a8hYz~=3Uj5oUCgk7tC(y?sH1`&0Hi`Zd7anwU!ci4W*goU4tS6
zRL>K)eH|-QRYk%5q8D=;$u22<(Kk9Jd9Rw|5a^)vi0c0PNm$xx^Vq;ay$N(ZnEUBe
z2>kT*Sr&NIV%?!i9=lq{AEiRK6ZV6z*<g&ArMw5k*{Z1K(Y<~8<-$?^8r33*oY*GC
znf3oBnnV`U&DB1cOK^=^$L6V-!!B%q{s|D%vI*)in1aKoaRYQ=BdSy&L;`llGALVK
z2$3{N%C_=iaaWwwlJeJT$Bf>E1GK{g7<;?H34Fs&yi61YP`go5FFrwkF`<N0!iS1(
z2Sjd)t$Z$qxLBLk4DWi=efhnCeST&S-=a8X9R!r2D-e~Wt1ck(X@={f#Y7w{2IXQE
z!yVnLu!I7rj~XHDN?kFfXx9%OB{Z>*s$RXf!c=INk-fdrSjZyg49|xjk0Sb_Z$vU)
z{l9sk)XJyJxVi}mx-jY(-TsHbFGN!z>S4RSaW7Dg-z0v?eas6p{CKNc8HKpCH(YXT
zMQ{z%1q@O75|X7@z`MIVj`9=dZ-*gnfB-;-a@o(Q`0JP{%R1>+Ow<R>V`=-7R=|Z$
z=lH<UlX@u|&YMPLnnC^k0M|WBTWgxgU!c6Fbu6#yB_i($#YNr`$!Bjrj|6&FD6nCd
zPV7d>7w8LB%a;U20UoXb`a_)IG$J4~=psKM+8x`W0_BB@3ZwFs-DL#TiV3>09l~VS
zzDV=2@wk`^_lWI11bT#+ArCUz)!jJ8)*DW4fBUpCq7p&aGSNIW1V{_pA=gPK9J0GS
zPQ^Z}f%4g~!e@MDkC#@8J;-SHHq<f3$7T5BpLOeX>iw-bCi5bKzOu#CiQaluWu)y%
zvu(ZnEv%t7g%5xdY?4nr=CMR>U8qvg^+~gBzd*QjaU-&UD%y3n$4I{t+fVj02H+rE
z)&$)&h}NF^b#8uQ&><ya17-1WX2j3;u7@lkWoyVQE@%EJy3?d(e#QFx=J$)~pMP4k
zl=AB9IfFO+@sG=IjptY_@vW!`YUiudE6@r!I3bX;7rl_aog~_oCgFVHN$+u`%JfHr
zW@nJz$z**0cDUh;X_VtJKO(3wQKnICrmrqqgqJJQthJjRI3JPV>ZA$WOLOL<cQKoa
zS6h6Fdv;rJr8Ola=1DeW@!lz_6rHNB?&!5cS2`e_q+L5p*Qm`NBf3FQ8hJeYn+m!-
z#}CdZw68@@l`PpPDMt2>OrsYhQrpGwq%CkdQ+8MCHOKRtxVq~e<)jTL#{`GjCdrOH
z1intq6+JZX^0d%5*lj)wd9O68=t}EcXAegD+}jZ!Mw*hfG-Ljrhw)kZ0O{3G(E2{{
z^PfI{zz{Qxs&xYwbJ#*Ah~u^$TVCJXvau{_VB<h9YM}9vH`g!wQ}yPW`tc6l;hnO?
z?cT0bjmb{mhN+Pr^~Z^X)Ig1(4-ETNR*pSKs<@aIDFvN9qjLO@kD=b-8`D|crHV<P
zwP#H#1zbjbR>Q*ZQR^H1%!72BtXT2=IJp4hSCN7t1u#-M3$@WWv9{;>wU+Svdfkc+
zSG|x4oZ!jT&ka<aow-1sOE~2N9BgI-dHPY2yQZ&;TgvBKsZ|Ap&~TAf@K8cFtO~=<
z3_Ny|WtVDe8YKSm;xEV+)0b0ner&fZ9*9p*g6mO>NwuSwpZf(DYh`j^YPwwoOl#|6
zD|AaXtnQ)9thx##U(Y86H{%-6VPz>xQ*mmbmuSRRcaDpejI2eEX&bZ-PZ~D(WsXGV
z_~G71u+)hsxtMMr+pCdhj;48uH9YP$b%ZUdmUYt?QJ<3GOJ2dt-sd!pdV0VmY&+~$
zk)<Su-rJvkguM@VL}Vk#qDpQP=NuUox~Xe6S^i^jjz^4C<_);@@d4{&cXDI%6)QiF
zWhS(KRiro#<Uz@us$0`<#@p5-NkopHGnGooIdbs|0mpz4b*HCY&#_ky^gW~e1%XbI
zvTmKvN(IjEnp9%CmELiLtIl=^-8{icu`jEUdaP|J;Du?ZFcSyMMAdkwJ<6Z{@(Z3F
zwHJDKhyx8DGG_`%%_+^#{+N%FEGh%*!0IR22N!OLiD{{{`SY$Hb9D4lum1-ceD37(
zZZECl&d#ZSc#Uyn@xaE6{QQG9Qj!*pZ7FpR`9t)cA~ru-J3NK|^gjmV#!Z@clQ~Dx
zzdgr8CYSPr-Gi${{`<SgrOUT$`LEAVjcGKhsfvu^!Up~47t+?ys8{}cz~O@Y=V#8+
zNgyBRq#X%1%)d@@IXq>shseSF+XTsi6iSHD(w!)o_OH(XMhZ`@J$drKK0}M7(`m7G
z#+IC5>|Y+H8_;PI`}T8!rGNP-lME70-d=+{_x#H<u)%BKsSCGP{rBCG0Rfg<86~oy
z=l^-8)a6vljt?LH{aa`{G$vT)=aJd?BFq2$9;8MW;Hm!;t^X4(;vk^?|1Da>%dezo
V$*xx5&0Ylm?KCtsNYl4F_dj?+H?05w

literal 0
HcmV?d00001

diff --git a/tmp/requirements-cloud.txt b/tmp/requirements-cloud.txt
new file mode 100644
index 00000000..8122f2d8
--- /dev/null
+++ b/tmp/requirements-cloud.txt
@@ -0,0 +1,339 @@
+#
+# This file is autogenerated by pip-compile with Python 3.11
+# by the following command:
+#
+#    Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml
+#
+alembic==1.11.3
+    # via jupyterhub
+anyio==3.7.1
+    # via jupyter-server
+argon2-cffi==23.1.0
+    # via
+    #   jupyter-server
+    #   nbclassic
+argon2-cffi-bindings==21.2.0
+    # via argon2-cffi
+arrow==1.2.3
+    # via isoduration
+asttokens==2.2.1
+    # via stack-data
+async-generator==1.10
+    # via jupyterhub
+async-lru==2.0.4
+    # via jupyterlab
+attrs==23.1.0
+    # via
+    #   jsonschema
+    #   referencing
+babel==2.12.1
+    # via jupyterlab-server
+backcall==0.2.0
+    # via ipython
+beautifulsoup4==4.12.2
+    # via nbconvert
+bleach==6.0.0
+    # via nbconvert
+certifi==2023.7.22
+    # via requests
+certipy==0.1.3
+    # via jupyterhub
+cffi==1.15.1
+    # via
+    #   argon2-cffi-bindings
+    #   cryptography
+charset-normalizer==3.2.0
+    # via requests
+comm==0.1.4
+    # via ipykernel
+cryptography==41.0.3
+    # via pyopenssl
+debugpy==1.6.7.post1
+    # via ipykernel
+decorator==5.1.1
+    # via ipython
+defusedxml==0.7.1
+    # via nbconvert
+executing==1.2.0
+    # via stack-data
+fastjsonschema==2.18.0
+    # via nbformat
+fqdn==1.5.1
+    # via jsonschema
+greenlet==2.0.2
+    # via sqlalchemy
+idna==3.4
+    # via
+    #   anyio
+    #   jsonschema
+    #   requests
+ipykernel==6.25.1
+    # via
+    #   jupyterlab
+    #   nbclassic
+ipython==8.13.0
+    # via ipykernel
+ipython-genutils==0.2.0
+    # via nbclassic
+isoduration==20.11.0
+    # via jsonschema
+jedi==0.19.0
+    # via ipython
+jinja2==3.1.2
+    # via
+    #   jupyter-server
+    #   jupyterhub
+    #   jupyterlab
+    #   jupyterlab-server
+    #   nbclassic
+    #   nbconvert
+json5==0.9.14
+    # via jupyterlab-server
+jsonpointer==2.4
+    # via jsonschema
+jsonschema[format-nongpl]==4.19.0
+    # via
+    #   jupyter-events
+    #   jupyter-telemetry
+    #   jupyterlab-server
+    #   nbformat
+jsonschema-specifications==2023.7.1
+    # via jsonschema
+jupyter-client==8.3.0
+    # via
+    #   ipykernel
+    #   jupyter-server
+    #   nbclassic
+    #   nbclient
+jupyter-core==5.3.1
+    # via
+    #   ipykernel
+    #   jupyter-client
+    #   jupyter-server
+    #   jupyterlab
+    #   nbclassic
+    #   nbclient
+    #   nbconvert
+    #   nbformat
+jupyter-events==0.7.0
+    # via jupyter-server
+jupyter-lsp==2.2.0
+    # via jupyterlab
+jupyter-server==2.7.2
+    # via
+    #   jupyter-lsp
+    #   jupyterlab
+    #   jupyterlab-server
+    #   nbclassic
+    #   nbgitpuller
+    #   notebook-shim
+jupyter-server-terminals==0.4.4
+    # via jupyter-server
+jupyter-telemetry==0.1.0
+    # via jupyterhub
+jupyterhub==4.0.2
+    # via -r requirements.in
+jupyterlab==4.0.5
+    # via -r requirements.in
+jupyterlab-pygments==0.2.2
+    # via nbconvert
+jupyterlab-server==2.24.0
+    # via jupyterlab
+mako==1.2.4
+    # via alembic
+markupsafe==2.1.3
+    # via
+    #   jinja2
+    #   mako
+    #   nbconvert
+matplotlib-inline==0.1.6
+    # via
+    #   ipykernel
+    #   ipython
+mistune==3.0.1
+    # via nbconvert
+nbclassic==1.0.0
+    # via -r requirements.in
+nbclient==0.8.0
+    # via nbconvert
+nbconvert==7.7.4
+    # via
+    #   jupyter-server
+    #   nbclassic
+nbformat==5.9.2
+    # via
+    #   jupyter-server
+    #   nbclassic
+    #   nbclient
+    #   nbconvert
+nbgitpuller==1.2.0
+    # via -r requirements.in
+nest-asyncio==1.5.7
+    # via
+    #   ipykernel
+    #   nbclassic
+notebook-shim==0.2.3
+    # via
+    #   jupyterlab
+    #   nbclassic
+oauthlib==3.2.2
+    # via jupyterhub
+overrides==7.4.0
+    # via jupyter-server
+packaging==23.1
+    # via
+    #   ipykernel
+    #   jupyter-server
+    #   jupyterhub
+    #   jupyterlab
+    #   jupyterlab-server
+    #   nbconvert
+pamela==1.1.0
+    # via jupyterhub
+pandocfilters==1.5.0
+    # via nbconvert
+parso==0.8.3
+    # via jedi
+pexpect==4.8.0
+    # via ipython
+pickleshare==0.7.5
+    # via ipython
+platformdirs==3.10.0
+    # via jupyter-core
+prometheus-client==0.17.1
+    # via
+    #   jupyter-server
+    #   jupyterhub
+    #   nbclassic
+prompt-toolkit==3.0.39
+    # via ipython
+psutil==5.9.5
+    # via ipykernel
+ptyprocess==0.7.0
+    # via
+    #   pexpect
+    #   terminado
+pure-eval==0.2.2
+    # via stack-data
+pycparser==2.21
+    # via cffi
+pygments==2.16.1
+    # via
+    #   ipython
+    #   nbconvert
+pyopenssl==23.2.0
+    # via certipy
+python-dateutil==2.8.2
+    # via
+    #   arrow
+    #   jupyter-client
+    #   jupyterhub
+python-json-logger==2.0.7
+    # via
+    #   jupyter-events
+    #   jupyter-telemetry
+pyyaml==6.0.1
+    # via jupyter-events
+pyzmq==25.1.1
+    # via
+    #   ipykernel
+    #   jupyter-client
+    #   jupyter-server
+    #   nbclassic
+referencing==0.30.2
+    # via
+    #   jsonschema
+    #   jsonschema-specifications
+    #   jupyter-events
+requests==2.31.0
+    # via
+    #   jupyterhub
+    #   jupyterlab-server
+rfc3339-validator==0.1.4
+    # via
+    #   jsonschema
+    #   jupyter-events
+rfc3986-validator==0.1.1
+    # via
+    #   jsonschema
+    #   jupyter-events
+rpds-py==0.9.2
+    # via
+    #   jsonschema
+    #   referencing
+ruamel-yaml==0.17.32
+    # via jupyter-telemetry
+ruamel-yaml-clib==0.2.7
+    # via ruamel-yaml
+send2trash==1.8.2
+    # via
+    #   jupyter-server
+    #   nbclassic
+six==1.16.0
+    # via
+    #   asttokens
+    #   bleach
+    #   python-dateutil
+    #   rfc3339-validator
+sniffio==1.3.0
+    # via anyio
+soupsieve==2.4.1
+    # via beautifulsoup4
+sqlalchemy==2.0.20
+    # via
+    #   alembic
+    #   jupyterhub
+stack-data==0.6.2
+    # via ipython
+terminado==0.17.1
+    # via
+    #   jupyter-server
+    #   jupyter-server-terminals
+    #   nbclassic
+tinycss2==1.2.1
+    # via nbconvert
+tornado==6.3.3
+    # via
+    #   ipykernel
+    #   jupyter-client
+    #   jupyter-server
+    #   jupyterhub
+    #   jupyterlab
+    #   nbclassic
+    #   nbgitpuller
+    #   terminado
+traitlets==5.9.0
+    # via
+    #   comm
+    #   ipykernel
+    #   ipython
+    #   jupyter-client
+    #   jupyter-core
+    #   jupyter-events
+    #   jupyter-server
+    #   jupyter-telemetry
+    #   jupyterhub
+    #   jupyterlab
+    #   matplotlib-inline
+    #   nbclassic
+    #   nbclient
+    #   nbconvert
+    #   nbformat
+typing-extensions==4.7.1
+    # via
+    #   alembic
+    #   sqlalchemy
+uri-template==1.3.0
+    # via jsonschema
+urllib3==2.0.4
+    # via requests
+wcwidth==0.2.6
+    # via prompt-toolkit
+webcolors==1.13
+    # via jsonschema
+webencodings==0.5.1
+    # via
+    #   bleach
+    #   tinycss2
+websocket-client==1.6.1
+    # via jupyter-server
\ No newline at end of file
diff --git a/requirements.txt b/tmp/requirements.txt
similarity index 100%
rename from requirements.txt
rename to tmp/requirements.txt

From fcc6ca2543a73a609e164af5b8c1fe66d4f51901 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Thu, 1 Aug 2024 21:57:39 -0700
Subject: [PATCH 02/26] Gets local runs working again

---
 docker/Dockerfile.spawn | 7 ++++---
 docker/start.sh         | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/docker/Dockerfile.spawn b/docker/Dockerfile.spawn
index 4e192511..2e3d6260 100644
--- a/docker/Dockerfile.spawn
+++ b/docker/Dockerfile.spawn
@@ -50,8 +50,6 @@ RUN python3 -m pip install jupyter_app_launcher && \
 
 COPY ./docker/jupyter-launcher.yaml /usr/local/share/jupyter/lab/jupyter_app_launcher
 
-RUN chown -R ${NB_USER} "${HOME}"
-
 WORKDIR ${HOME}
 
 COPY --chown=${NB_USER} ./notebooks/01_thicket_tutorial.ipynb ./notebooks/01_thicket_tutorial.ipynb
@@ -59,9 +57,12 @@ COPY --chown=${NB_USER} ./notebooks/02_thicket_rajaperf_clustering.ipynb ./noteb
 COPY --chown=${NB_USER} ./notebooks/03_extrap-with-metadata-aggregated.ipynb ./notebooks/03_extrap-with-metadata-aggregated.ipynb
 COPY --chown=${NB_USER} ./notebooks/04_stats-functions.ipynb ./notebooks/04_stats-functions.ipynb
 COPY --chown=${NB_USER} ./notebooks/05_thicket_query_language.ipynb ./notebooks/05_thicket_query_language.ipynb
+COPY --chown=${NB_USER} ./notebooks/06_groupby_aggregate_of_multirun_data.ipynb ./notebooks/06_groupby_aggregate_of_multirun_data.ipynb
 COPY --chown=${NB_USER} ./data/ ./data/
 COPY --chown=${NB_USER} ./thicket-logo.png ./thicket-logo.png
 
+RUN chown -R ${NB_USER} "${HOME}"
+
 ENV SHELL=/usr/bin/bash
 EXPOSE 8888
 ENTRYPOINT [ "tini", "--" ]
@@ -76,4 +77,4 @@ RUN mkdir -p $HOME/.local/share && \
 USER ${NB_USER}
 ENV PATH="${HOME}/.local/bin:${PATH}"
 
-CMD [ "jupyter", "notebook" ]
+CMD [ "jupyter", "lab" ]
diff --git a/docker/start.sh b/docker/start.sh
index 877f861d..79f0a5db 100755
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-/opt/conda/bin/jupyter-notebook --ip=0.0.0.0
\ No newline at end of file
+/opt/conda/bin/jupyter-lab --ip=0.0.0.0
\ No newline at end of file

From 879a4f455b0d771f27664fa66d310e903fa95f3f Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Thu, 1 Aug 2024 22:57:59 -0700
Subject: [PATCH 03/26] Gets local runs fully working

---
 docker/Dockerfile.spawn      |  39 +++++-----
 docker/jupyter-launcher.yaml | 134 +++++++++++++++++------------------
 2 files changed, 90 insertions(+), 83 deletions(-)

diff --git a/docker/Dockerfile.spawn b/docker/Dockerfile.spawn
index 2e3d6260..a163150f 100644
--- a/docker/Dockerfile.spawn
+++ b/docker/Dockerfile.spawn
@@ -17,7 +17,11 @@ RUN adduser \
 RUN apt-get update \
     && apt-get upgrade -y \
     && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    dnsutils \
+    iputils-ping \
     build-essential \
+    vim \
     git \
     && rm -rf /var/lib/apt/lists/*
 
@@ -38,7 +42,7 @@ COPY ./environment.yml ./environment.yml
 # RUN python3 -m pip install papermill && \
 #     python3 -m pip install ipython==7.34.0 && \
 RUN conda env update -n base --file environment.yml
-RUN python3 -m IPython kernel install
+# RUN python3 -m IPython kernel install
 
 # RUN python3 -m pip install -r requirements-cloud.txt && \
 #     python3 -m pip install ipython==7.34.0 && \
@@ -46,24 +50,21 @@ RUN python3 -m IPython kernel install
 
 RUN python3 -m pip install jupyter_app_launcher && \
     python3 -m pip install --upgrade jupyter-server && \
+    python3 -m pip install jupyter-launcher-shortcuts && \
     mkdir -p /usr/local/share/jupyter/lab/jupyter_app_launcher
 
-COPY ./docker/jupyter-launcher.yaml /usr/local/share/jupyter/lab/jupyter_app_launcher
+COPY ./docker/jupyter-launcher.yaml /usr/local/share/jupyter/lab/jupyter_app_launcher/jp_app_launcher.yaml
 
-WORKDIR ${HOME}
+ENV JUPYTER_APP_LAUNCHER_PATH /usr/local/share/jupyter/lab/jupyter_app_launcher
+
+RUN chmod -R 777 ~/ /home/jovyan
 
-COPY --chown=${NB_USER} ./notebooks/01_thicket_tutorial.ipynb ./notebooks/01_thicket_tutorial.ipynb
-COPY --chown=${NB_USER} ./notebooks/02_thicket_rajaperf_clustering.ipynb ./notebooks/02_thicket_rajaperf_clustering.ipynb
-COPY --chown=${NB_USER} ./notebooks/03_extrap-with-metadata-aggregated.ipynb ./notebooks/03_extrap-with-metadata-aggregated.ipynb
-COPY --chown=${NB_USER} ./notebooks/04_stats-functions.ipynb ./notebooks/04_stats-functions.ipynb
-COPY --chown=${NB_USER} ./notebooks/05_thicket_query_language.ipynb ./notebooks/05_thicket_query_language.ipynb
-COPY --chown=${NB_USER} ./notebooks/06_groupby_aggregate_of_multirun_data.ipynb ./notebooks/06_groupby_aggregate_of_multirun_data.ipynb
-COPY --chown=${NB_USER} ./data/ ./data/
-COPY --chown=${NB_USER} ./thicket-logo.png ./thicket-logo.png
+USER ${NB_USER}
+WORKDIR ${HOME}
 
-RUN chown -R ${NB_USER} "${HOME}"
+COPY ./thicket-logo.png ${HOME}/thicket-logo.png
 
-ENV SHELL=/usr/bin/bash
+ENV SHELL=/bin/bash
 EXPOSE 8888
 ENTRYPOINT [ "tini", "--" ]
 
@@ -71,10 +72,16 @@ COPY ./docker/entrypoint.sh /entrypoint.sh
 COPY ./docker/start.sh /start.sh
 COPY ./docker/run_all.sh /run_all.sh
 
+ENV PATH "${HOME}/.local/bin:${PATH}"
 RUN mkdir -p $HOME/.local/share && \
     chmod 777 $HOME/.local/share
 
-USER ${NB_USER}
-ENV PATH="${HOME}/.local/bin:${PATH}"
-
 CMD [ "jupyter", "lab" ]
+
+COPY ./notebooks/01_thicket_tutorial.ipynb ./notebooks/01_thicket_tutorial.ipynb
+COPY ./notebooks/02_thicket_rajaperf_clustering.ipynb ./notebooks/02_thicket_rajaperf_clustering.ipynb
+COPY ./notebooks/03_extrap-with-metadata-aggregated.ipynb ./notebooks/03_extrap-with-metadata-aggregated.ipynb
+COPY ./notebooks/04_stats-functions.ipynb ./notebooks/04_stats-functions.ipynb
+COPY ./notebooks/05_thicket_query_language.ipynb ./notebooks/05_thicket_query_language.ipynb
+COPY ./notebooks/06_groupby_aggregate_of_multirun_data.ipynb ./notebooks/06_groupby_aggregate_of_multirun_data.ipynb
+COPY ./data/ ./data/
diff --git a/docker/jupyter-launcher.yaml b/docker/jupyter-launcher.yaml
index d2d7bdd0..2f0877ea 100644
--- a/docker/jupyter-launcher.yaml
+++ b/docker/jupyter-launcher.yaml
@@ -1,68 +1,68 @@
 - title: "Chapter 1: Thicket 101"
   description: Intro to Thicket and basics
   type: jupyterlab-commands
-  icon: ./thicket-logo.png
+  icon: /home/jovyan/thicket-logo.png
   source:
     - label: Thicket Tutorial
       id: 'filebrowser:open-path'
       args:
-        path: 01_thicket_tutorial.ipynb
-        icon: ./thicket-logo.png
+        path: ./notebooks/01_thicket_tutorial.ipynb
+        icon: /home/jovyan/thicket-logo.png
   catalog: Notebook
 - title: "Chapter 2: Clustering RAJAPerf"
   description: Using Thicket to cluster data from the RAJA Performance Suite
   type: jupyterlab-commands
-  icon: ./thicket-logo.png
+  icon: /home/jovyan/thicket-logo.png
   source:
     - label: Thicket Tutorial
       id: 'filebrowser:open-path'
       args:
-        path: 02_thicket_rajaperf_clustering.ipynb
-        icon: ./thicket-logo.png
+        path: ./notebooks/02_thicket_rajaperf_clustering.ipynb
+        icon: /home/jovyan/thicket-logo.png
   catalog: Notebook
 - title: "Chapter 3: Modeling with Extra-P"
   description: Modeling applications using Thicket and Extra-P
   type: jupyterlab-commands
-  icon: ./thicket-logo.png
+  icon: /home/jovyan/thicket-logo.png
   source:
     - label: Thicket Tutorial
       id: 'filebrowser:open-path'
       args:
-        path: 03_extrap-with-metadata-aggregated.ipynb
-        icon: ./thicket-logo.png
+        path: ./notebooks/03_extrap-with-metadata-aggregated.ipynb
+        icon: /home/jovyan/thicket-logo.png
   catalog: Notebook
 - title: "Chapter 4: Stats and Visualization"
   description: Using Thicket to calculate statistics and visualize performance across runs
   type: jupyterlab-commands
-  icon: ./thicket-logo.png
+  icon: /home/jovyan/thicket-logo.png
   source:
     - label: Thicket Tutorial
       id: 'filebrowser:open-path'
       args:
-        path: 04_stats-functions.ipynb
-        icon: ./thicket-logo.png
+        path: ./notebooks/04_stats-functions.ipynb
+        icon: /home/jovyan/thicket-logo.png
   catalog: Notebook
 - title: "Chapter 5: Call Graph Query Language"
   description: Using Thicket's query language for advanced filtering
   type: jupyterlab-commands
-  icon: ./thicket-logo.png
+  icon: /home/jovyan/thicket-logo.png
   source:
     - label: Thicket Tutorial
       id: 'filebrowser:open-path'
       args:
-        path: 05_thicket_query_language.ipynb
-        icon: ./thicket-logo.png
+        path: ./notebooks/05_thicket_query_language.ipynb
+        icon: /home/jovyan/thicket-logo.png
   catalog: Notebook
 - title: "Chapter 6: Composing Datasets with Groupby-Aggregate"
   description: Using Thicket's groupby-aggregate functionality to compose datasets 
   type: jupyterlab-commands
-  icon: ./thicket-logo.png
+  icon: /home/jovyan/thicket-logo.png
   source:
     - label: Thicket Tutorial
       id: 'filebrowser:open-path'
       args:
-        path: 06_groupby_aggregate_of_multirun_data.ipynb
-        icon: ./thicket-logo.png
+        path: ./notebooks/06_groupby_aggregate_of_multirun_data.ipynb
+        icon: /home/jovyan/thicket-logo.png
   catalog: Notebook
 
 - title: Thicket ReadTheDocs
@@ -72,13 +72,13 @@
   catalog: Thicket Resources
   args:
       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
-- title: Thicket Repository 
-  description: Repository for Thicket
-  source: https://github.com/llnl/thicket
-  type: url
-  catalog: Thicket Resources
-  args:
-      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+# - title: Thicket Repository 
+#   description: Repository for Thicket
+#   source: https://github.com/llnl/thicket
+#   type: url
+#   catalog: Thicket Resources
+#   args:
+#       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
 - title: Hatchet Documentation 
   description: Documentation for Hatchet 
   source: https://llnl-hatchet.readthedocs.io/en/latest/
@@ -86,46 +86,46 @@
   catalog: Thicket Resources
   args:
       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
-- title: Hatchet Repository 
-  description: Repository for Hatchet 
-  source: https://github.com/llnl/hatchet
-  type: url
-  catalog: Thicket Resources
-  args:
-      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+# - title: Hatchet Repository 
+#   description: Repository for Hatchet 
+#   source: https://github.com/llnl/hatchet
+#   type: url
+#   catalog: Thicket Resources
+#   args:
+#       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
 
-- title: Thicket Paper 
-  description: HPDC'23 Paper on Thicket
-  source: https://doi.org/10.1145/3588195.3592989
-  type: url
-  catalog: Thicket Publications
-  args:
-      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
-- title: Hatchet Paper 
-  description: SC'19 Paper on Thicket
-  source: https://doi.org/10.1145/3295500.3356219
-  type: url
-  catalog: Thicket Publications
-  args:
-      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
-- title: Hatchet/Thicket Query Language Paper 
-  description: eScience'22 Paper on the Hatchet/Thicket Query Language
-  source: https://doi.org/10.1109/eScience55777.2022.00039
-  type: url
-  catalog: Thicket Publications
-  args:
-      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
-- title: Hatchet Interactive Visualization Paper
-  description: 2024 TVCG Paper on Hatchet's Interactive Visualizations
-  source: https://doi.org/10.1109/TVCG.2024.3354561
-  type: url
-  catalog: Thicket Publications
-  args:
-      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
-- title: Hatchet Improvements Paper
-  description: 2020 ProTools Workshop Paper at SC
-  source: https://doi.org/10.1109/HUSTProtools51951.2020.00013
-  type: url
-  catalog: Thicket Publications
-  args:
-      sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
\ No newline at end of file
+# - title: Thicket Paper 
+#   description: HPDC'23 Paper on Thicket
+#   source: https://doi.org/10.1145/3588195.3592989
+#   type: url
+#   catalog: Thicket Publications
+#   args:
+#       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+# - title: Hatchet Paper 
+#   description: SC'19 Paper on Thicket
+#   source: https://doi.org/10.1145/3295500.3356219
+#   type: url
+#   catalog: Thicket Publications
+#   args:
+#       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+# - title: Hatchet/Thicket Query Language Paper 
+#   description: eScience'22 Paper on the Hatchet/Thicket Query Language
+#   source: https://doi.org/10.1109/eScience55777.2022.00039
+#   type: url
+#   catalog: Thicket Publications
+#   args:
+#       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+# - title: Hatchet Interactive Visualization Paper
+#   description: 2024 TVCG Paper on Hatchet's Interactive Visualizations
+#   source: https://doi.org/10.1109/TVCG.2024.3354561
+#   type: url
+#   catalog: Thicket Publications
+#   args:
+#       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']
+# - title: Hatchet Improvements Paper
+#   description: 2020 ProTools Workshop Paper at SC
+#   source: https://doi.org/10.1109/HUSTProtools51951.2020.00013
+#   type: url
+#   catalog: Thicket Publications
+#   args:
+#       sandbox: [ 'allow-same-origin', 'allow-scripts', 'allow-downloads', 'allow-modals', 'allow-popups']

From b0c2c786fb71035bff24cb9a29dbf8ba53a6185f Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Thu, 1 Aug 2024 23:02:22 -0700
Subject: [PATCH 04/26] Modifies config-aws.yaml for AWS deployment in K8s

---
 aws/config-aws.yaml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/aws/config-aws.yaml b/aws/config-aws.yaml
index c5cb9594..7ef33f58 100644
--- a/aws/config-aws.yaml
+++ b/aws/config-aws.yaml
@@ -16,8 +16,8 @@ hub:
 
   # This is the image I built based off of jupyterhub/k8s-hub, 3.0.2 at time of writing this
   image: 
-    name: ghcr.io/flux-framework/flux-jupyter-hub
-    tag: "riken-2024"
+    name: ghcr.io/LLNL/thicket-jupyter-hub
+    tag: "radiuss-2024"
     pullPolicy: Always
 
 # https://z2jh.jupyter.org/en/latest/administrator/optimization.html#scaling-up-in-time-user-placeholders
@@ -31,8 +31,8 @@ scheduling:
 # This is the "spawn" image
 singleuser:
   image:
-    name: ghcr.io/flux-framework/flux-jupyter-spawn
-    tag: "riken-2024"
+    name: ghcr.io/LLNL/thicket-jupyter-spawn
+    tag: "radiuss-2024"
     pullPolicy: Always
   cpu:
     limit: 1
@@ -43,10 +43,10 @@ singleuser:
   # This runs as the root user, who clones and changes ownership to uid 1000
   initContainers:
     - name: init-myservice
-      image: ghcr.io/flux-framework/flux-jupyter-init:riken-2024
+      image: ghcr.io/LLNL/thicket-jupyter-init:radiuss-2024
       command: ["/entrypoint.sh"]
       volumeMounts:
-        - name: flux-tutorial
+        - name: thicket-tutorial
           mountPath: /home/jovyan
 
   # This is how we get the tutorial files added
@@ -55,8 +55,8 @@ singleuser:
     # gitRepo volume is deprecated so we need another way
     # https://kubernetes.io/docs/concepts/storage/volumes/#gitrepo
     extraVolumes:
-      - name: flux-tutorial
+      - name: thicket-tutorial
         emptyDir: {}
     extraVolumeMounts:
-      - name: flux-tutorial
+      - name: thicket-tutorial
         mountPath: /home/jovyan
\ No newline at end of file

From 908f9e8060d27ae70a088ace33bf650209b1519d Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Thu, 1 Aug 2024 23:03:25 -0700
Subject: [PATCH 05/26] Updates GCP config

---
 gcp/config.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/gcp/config.yaml b/gcp/config.yaml
index edfbae4f..51e67f9a 100644
--- a/gcp/config.yaml
+++ b/gcp/config.yaml
@@ -16,8 +16,8 @@ hub:
 
   # This is the image I built based off of jupyterhub/k8s-hub, 3.0.2 at time of writing this
   image: 
-    name: ghcr.io/flux-framework/flux-jupyter-hub
-    tag: "riken-2024"
+    name: ghcr.io/LLNL/thicket-jupyter-hub
+    tag: "radiuss-2024"
     pullPolicy: Always
 
 # https://z2jh.jupyter.org/en/latest/administrator/optimization.html#scaling-up-in-time-user-placeholders
@@ -31,8 +31,8 @@ scheduling:
 # This is the "spawn" image
 singleuser:
   image:
-    name: ghcr.io/flux-framework/flux-jupyter-spawn
-    tag: "2023"
+    name: ghcr.io/LLNL/thicket-jupyter-spawn
+    tag: "radiuss-2024"
     pullPolicy: Always
   cpu:
     limit: 1
@@ -55,8 +55,8 @@ singleuser:
     # gitRepo volume is deprecated so we need another way
     # https://kubernetes.io/docs/concepts/storage/volumes/#gitrepo
     extraVolumes:
-      - name: flux-tutorial
+      - name: thicket-tutorial
         emptyDir: {}
     extraVolumeMounts:
-      - name: flux-tutorial
+      - name: thicket-tutorial
         mountPath: /home/jovyan/
\ No newline at end of file

From b951737aa27d6e01bbc55c2e85678e81606e9fd9 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Mon, 5 Aug 2024 16:00:21 -0700
Subject: [PATCH 06/26] Adds GitHub Action for building and uploading images

---
 .github/workflows/build_docker_images.yaml | 60 ++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 .github/workflows/build_docker_images.yaml

diff --git a/.github/workflows/build_docker_images.yaml b/.github/workflows/build_docker_images.yaml
new file mode 100644
index 00000000..dda9f5a0
--- /dev/null
+++ b/.github/workflows/build_docker_images.yaml
@@ -0,0 +1,60 @@
+name: Build containers for the Thicket Tutorial
+
+on:
+  workflow_dispatch:
+    inputs:
+      tutorial_name:
+        description: 'Name of the tutorial. Will be used as the container tag.'
+        required: true
+        type: string
+
+jobs:
+  build-containers:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        registry_url_base: ["ghcr.io/LLNL"]
+        container_info: [["thicket-tutorial-hub", "docker/Dockerfile.hub"],
+                         ["thicket-tutorial-init", "docker/Dockerfile.init"],
+                         ["thicket-tutorial-spawn", "docker/Dockerfile.spawn"]]
+
+  steps:
+  - name: Clone the thicket-tutorial repo
+    uses: actions/checkout@v4
+
+  - name: Clean unneeded stuff in runner to make space for the Docker image
+    uses: jlumbroso/free-disk-space@v1.3.1
+    with:
+      tool-cache: false
+      android: true
+      dotnet: true
+      haskell: true
+      large-packages: true
+      docker-images: false
+      swap-storage: true
+
+  - name: GHCR Login
+    uses: docker/login-action@v3
+    with:
+      registry: ghcr.io
+      username: ${{ github.actor }}
+      password: ${{ secrets.GITHUB_TOKEN }}
+      
+  - name: Pull existing layers
+    env:
+      container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+    run: |
+      docker pull ${container} || echo "${container} has not been pushed yet"
+
+  - name: Build Container
+    env:
+      container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+      dockerfile: ${{ matrix.container_info[1] }}
+    run: |
+      docker build -f ${dockerfile} -t ${container} .
+
+  - name: Deploy Container
+    env:
+      container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+    run: docker push ${container}

From f1f6c033aba983be5ab7a805729aa37c4a83f11c Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Mon, 5 Aug 2024 16:42:51 -0700
Subject: [PATCH 07/26] Tries fixing the action yaml

---
 .github/workflows/build_docker_images.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_docker_images.yaml b/.github/workflows/build_docker_images.yaml
index dda9f5a0..e8cbe6c7 100644
--- a/.github/workflows/build_docker_images.yaml
+++ b/.github/workflows/build_docker_images.yaml
@@ -20,7 +20,7 @@ jobs:
                          ["thicket-tutorial-spawn", "docker/Dockerfile.spawn"]]
 
   steps:
-  - name: Clone the thicket-tutorial repo
+    - name: Clone the thicket-tutorial repo
     uses: actions/checkout@v4
 
   - name: Clean unneeded stuff in runner to make space for the Docker image

From ed1d099269c3989d7d8a2543bc76374a7ac8d14a Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Mon, 5 Aug 2024 16:44:05 -0700
Subject: [PATCH 08/26] Fixes yaml indentation

---
 .github/workflows/build_docker_images.yaml | 70 +++++++++++-----------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/build_docker_images.yaml b/.github/workflows/build_docker_images.yaml
index e8cbe6c7..f1785d76 100644
--- a/.github/workflows/build_docker_images.yaml
+++ b/.github/workflows/build_docker_images.yaml
@@ -19,42 +19,42 @@ jobs:
                          ["thicket-tutorial-init", "docker/Dockerfile.init"],
                          ["thicket-tutorial-spawn", "docker/Dockerfile.spawn"]]
 
-  steps:
-    - name: Clone the thicket-tutorial repo
-    uses: actions/checkout@v4
+    steps:
+      - name: Clone the thicket-tutorial repo
+      uses: actions/checkout@v4
 
-  - name: Clean unneeded stuff in runner to make space for the Docker image
-    uses: jlumbroso/free-disk-space@v1.3.1
-    with:
-      tool-cache: false
-      android: true
-      dotnet: true
-      haskell: true
-      large-packages: true
-      docker-images: false
-      swap-storage: true
+    - name: Clean unneeded stuff in runner to make space for the Docker image
+      uses: jlumbroso/free-disk-space@v1.3.1
+      with:
+        tool-cache: false
+        android: true
+        dotnet: true
+        haskell: true
+        large-packages: true
+        docker-images: false
+        swap-storage: true
 
-  - name: GHCR Login
-    uses: docker/login-action@v3
-    with:
-      registry: ghcr.io
-      username: ${{ github.actor }}
-      password: ${{ secrets.GITHUB_TOKEN }}
-      
-  - name: Pull existing layers
-    env:
-      container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
-    run: |
-      docker pull ${container} || echo "${container} has not been pushed yet"
+    - name: GHCR Login
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+        
+    - name: Pull existing layers
+      env:
+        container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+      run: |
+        docker pull ${container} || echo "${container} has not been pushed yet"
 
-  - name: Build Container
-    env:
-      container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
-      dockerfile: ${{ matrix.container_info[1] }}
-    run: |
-      docker build -f ${dockerfile} -t ${container} .
+    - name: Build Container
+      env:
+        container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+        dockerfile: ${{ matrix.container_info[1] }}
+      run: |
+        docker build -f ${dockerfile} -t ${container} .
 
-  - name: Deploy Container
-    env:
-      container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
-    run: docker push ${container}
+    - name: Deploy Container
+      env:
+        container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+      run: docker push ${container}

From c8bf13d9424f281d9fb52b1dfb3d324b103c23d1 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Mon, 5 Aug 2024 16:46:25 -0700
Subject: [PATCH 09/26] More YAML formatting

---
 .github/workflows/build_docker_images.yaml | 66 +++++++++++-----------
 1 file changed, 33 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/build_docker_images.yaml b/.github/workflows/build_docker_images.yaml
index f1785d76..f9855c64 100644
--- a/.github/workflows/build_docker_images.yaml
+++ b/.github/workflows/build_docker_images.yaml
@@ -21,40 +21,40 @@ jobs:
 
     steps:
       - name: Clone the thicket-tutorial repo
-      uses: actions/checkout@v4
+        uses: actions/checkout@v4
 
-    - name: Clean unneeded stuff in runner to make space for the Docker image
-      uses: jlumbroso/free-disk-space@v1.3.1
-      with:
-        tool-cache: false
-        android: true
-        dotnet: true
-        haskell: true
-        large-packages: true
-        docker-images: false
-        swap-storage: true
+      - name: Clean unneeded stuff in runner to make space for the Docker image
+        uses: jlumbroso/free-disk-space@v1.3.1
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          docker-images: false
+          swap-storage: true
 
-    - name: GHCR Login
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-        
-    - name: Pull existing layers
-      env:
-        container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
-      run: |
-        docker pull ${container} || echo "${container} has not been pushed yet"
+      - name: GHCR Login
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          
+      - name: Pull existing layers
+        env:
+          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+        run: |
+          docker pull ${container} || echo "${container} has not been pushed yet"
 
-    - name: Build Container
-      env:
-        container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
-        dockerfile: ${{ matrix.container_info[1] }}
-      run: |
-        docker build -f ${dockerfile} -t ${container} .
+      - name: Build Container
+        env:
+          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+          dockerfile: ${{ matrix.container_info[1] }}
+        run: |
+          docker build -f ${dockerfile} -t ${container} .
 
-    - name: Deploy Container
-      env:
-        container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
-      run: docker push ${container}
+      - name: Deploy Container
+        env:
+          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+        run: docker push ${container}

From 2330fda02d53fbd801369bf6ff31bf13f545bbd1 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 11:21:52 -0700
Subject: [PATCH 10/26] Updates Docker CI to run on PRs and only push on
 worklow_dispatch

---
 .github/workflows/build_docker_images.yaml | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build_docker_images.yaml b/.github/workflows/build_docker_images.yaml
index f9855c64..147e46ed 100644
--- a/.github/workflows/build_docker_images.yaml
+++ b/.github/workflows/build_docker_images.yaml
@@ -1,12 +1,8 @@
 name: Build containers for the Thicket Tutorial
 
 on:
+  pull_request: []
   workflow_dispatch:
-    inputs:
-      tutorial_name:
-        description: 'Name of the tutorial. Will be used as the container tag.'
-        required: true
-        type: string
 
 jobs:
   build-containers:
@@ -14,6 +10,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
+        tutorial_name: ["radiuss-2024"]
         registry_url_base: ["ghcr.io/LLNL"]
         container_info: [["thicket-tutorial-hub", "docker/Dockerfile.hub"],
                          ["thicket-tutorial-init", "docker/Dockerfile.init"],
@@ -35,6 +32,7 @@ jobs:
           swap-storage: true
 
       - name: GHCR Login
+        if: (github.event.name != 'pull_request')
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -43,18 +41,19 @@ jobs:
           
       - name: Pull existing layers
         env:
-          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ matrix.tutorial_name }}
         run: |
           docker pull ${container} || echo "${container} has not been pushed yet"
 
       - name: Build Container
         env:
-          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ matrix.tutorial_name }}
           dockerfile: ${{ matrix.container_info[1] }}
         run: |
           docker build -f ${dockerfile} -t ${container} .
 
       - name: Deploy Container
+        if: (github.event_name != 'pull_request')
         env:
-          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ inputs.tutorial_name }}
+          container: ${{ matrix.registry_url_base }}/${{ matrix.container_info[0] }}:${{ matrix.tutorial_name }}
         run: docker push ${container}

From b6e81e1de8ee8ebe6713edbed4fbf3f0dbfb8905 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 11:25:31 -0700
Subject: [PATCH 11/26] Fixes repo name in Docker CD since that apparently
 needs to be lowercase

---
 .github/workflows/build_docker_images.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_docker_images.yaml b/.github/workflows/build_docker_images.yaml
index 147e46ed..2c619119 100644
--- a/.github/workflows/build_docker_images.yaml
+++ b/.github/workflows/build_docker_images.yaml
@@ -11,7 +11,7 @@ jobs:
       fail-fast: true
       matrix:
         tutorial_name: ["radiuss-2024"]
-        registry_url_base: ["ghcr.io/LLNL"]
+        registry_url_base: ["ghcr.io/llnl"]
         container_info: [["thicket-tutorial-hub", "docker/Dockerfile.hub"],
                          ["thicket-tutorial-init", "docker/Dockerfile.init"],
                          ["thicket-tutorial-spawn", "docker/Dockerfile.spawn"]]

From 9811769485b5d3272351d93079cf805e002aa6ee Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 11:35:55 -0700
Subject: [PATCH 12/26] Updates the README with instructions for deploying to
 K8S

---
 README.md | 972 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 970 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 24aeadc5..953827ae 100644
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ or by clicking the badge at the top of this file.
 We provide a Dockerfile for users to run the notebooks locally. To run locally *and interactively*, you must first build the Docker container with:
 
 ```bash
-$ docker build -t thicket-tutorial -f Dockerfile .
+$ docker build -t thicket-tutorial -f docker/Dockerfile.spawn .
 ```
 
 Then, you must create a Docker network with:
@@ -59,7 +59,7 @@ $ docker run --rm -it --entrypoint /start.sh -v /var/run/docker.sock:/var/run/do
 
 Alternatively, if you want to run the notebooks automatically (i.e., non-interactive), you can simply run the `dev_scripts/autorun.sh` script. This script executes the same commands as above, but it uses the `run_all.sh` script as an entrypoint instead of `start.sh`.
 
-The Docker-based code for running this tutorial locally was derived from the material from the 2023 RADIUSS tutorial for Flux, which can be found here: https://github.com/flux-framework/Tutorials/tree/master/2023-RADIUSS-AWS/JupyterNotebook
+The Docker-based code for running this tutorial locally was derived from the material from the 2024 RADIUSS tutorial for Flux, which can be found here: https://github.com/flux-framework/Tutorials/tree/master/2024-RADIUSS-AWS/JupyterNotebook
 
 #### Podman
 
@@ -95,6 +95,974 @@ Clean up after you are done:
 $ podman machine stop
 ```
 
+### Deploying the Tutorial with Kubernetes
+
+This tutorial borrows from the infrastructure created by [Vanessa Sochat](https://github.com/vsoch) and [Dan Milroy](https://github.com/milroy) for the [Flux Tutorial](https://github.com/flux-framework/Tutorials/tree/2024-radiuss-aws/2024-RADIUSS-AWS/JupyterNotebook). Thanks to this infrastructure, this tutorial can be deployed to Kubernetes using the following tools:
+* `kubectl`
+* `eksctl` (for AWS)
+* `gcloud` (for Google Cloud)
+
+The following instructions describe how to deploy this tutorial to Kubernetes on either Google Cloud or AWS.
+
+#### 1. Create Cluster
+
+##### Google Cloud
+
+Here is how to create the cluster on Google Cloud using [gcloud](https://cloud.google.com/sdk/docs/install) (and assuming you have logged in
+with [gcloud auth login](https://cloud.google.com/sdk/gcloud/reference/auth/login):
+
+```bash
+export GOOGLE_PROJECT=myproject
+gcloud container clusters create flux-jupyter --project $GOOGLE_PROJECT \
+    --zone us-central1-a --machine-type n1-standard-2 \
+    --num-nodes=4 --enable-network-policy --enable-intra-node-visibility
+```
+
+##### AWS
+
+Here is how to create an equivalent cluster on AWS (EKS). We will be using [eksctl](https://eksctl.io/introduction/), which
+you should install.
+
+```bash
+# Create an EKS cluster with autoscaling with default storage
+eksctl create cluster --config-file aws/eksctl-config.yaml
+
+# Create an EKS cluster with io1 node storage but no autoscaling, used for the RADIUSS 2023 tutorial
+eksctl create cluster --config-file aws/eksctl-radiuss-tutorial-2023.yaml
+```
+
+You can find vanilla (manual) instructions [here](https://z2jh.jupyter.org/en/stable/kubernetes/amazon/step-zero-aws-eks.html) if you
+are interested in how it works. We emulate the logic there using eksctl. Then generate a secret token - we will add this to [config-aws.yaml](aws/config-aws.yaml) (without SSL) or [config-aws-ssl.yaml](aws/config-aws-ssl.yaml) (with SSL). When your cluster is ready, this will deploy an EBS CSI driver:
+
+```bash
+kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"
+```
+
+And install the cluster-autoscaler:
+
+```bash
+kubectl apply -f aws/cluster-autoscaler-autodiscover.yaml 
+```
+
+If you want to use a different storage class than the default (`gp2`), you also need to create the new storage class (`gp3` here) and set it as the default storage class:
+
+```bash
+kubectl apply -f aws/storageclass.yaml
+kubectl patch storageclass gp3 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+kubectl patch storageclass gp2 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
+```
+
+Most of the information I needed to read about this was [here](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md) - the Jupyter documentation wasn't super helpful beyond saying to install it. Also note that I got this (seemingly working) without the `propagateASGTags` set to true, but that is something that I've seen have issue.
+You can look at the autoscaler pod logs for information.
+
+While the spawned containers (e.g., where you run your notebook) don't use these volumes, the hub will.
+You can read about [gp2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) class.
+Note that we will be using [config-aws.yaml](aws/config-aws.yaml) if you don't need SSL, and [config-aws-ssl.yaml](aws/config-aws-ssl.yaml) if you do. For the latter, the jupyter spawner will generate let's encrypt certificates for us, given that we have correctly configured DNS.
+
+#### 2. Deploy JupyterHub
+
+We will use [helm](https://helm.sh/docs/helm/helm_install/) to install charts and deploy.
+
+```bash
+helm repo add jupyterhub https://hub.jupyter.org/helm-chart/
+helm repo update
+```
+
+You can see the versions available:
+
+```bash
+helm search repo jupyterhub
+```
+```console
+NAME                 	CHART VERSION	APP VERSION	DESCRIPTION                                       
+bitnami/jupyterhub   	4.2.0        	4.0.2      	JupyterHub brings the power of notebooks to gro...
+jupyterhub/jupyterhub	3.0.2        	4.0.2      	Multi-user Jupyter installation                   
+jupyterhub/pebble    	1.0.1        	v2.3.1     	This Helm chart bootstraps Pebble: an ACME serv...
+```
+
+Note that chart versions don't always coincide with software (or "app") versions. At the time of writing this,
+we are using the jupyterhub/jupyterhub	3.0.2/4.0.2 versions, and our container bases point to 3.0.2 tags for the
+corresponding images. Next, see the values we can set, which likely will come from a config*.yaml that we will choose.
+
+```bash
+helm show values jupyterhub/jupyterhub
+```
+
+<details>
+
+<summary>Example values for the jupyterhub helm chart</summary>
+
+```console
+# fullnameOverride and nameOverride distinguishes blank strings, null values,
+# and non-blank strings. For more details, see the configuration reference.
+fullnameOverride: ""
+nameOverride:
+
+# enabled is ignored by the jupyterhub chart itself, but a chart depending on
+# the jupyterhub chart conditionally can make use this config option as the
+# condition.
+enabled:
+
+# custom can contain anything you want to pass to the hub pod, as all passed
+# Helm template values will be made available there.
+custom: {}
+
+# imagePullSecret is configuration to create a k8s Secret that Helm chart's pods
+# can get credentials from to pull their images.
+imagePullSecret:
+  create: false
+  automaticReferenceInjection: true
+  registry:
+  username:
+  password:
+  email:
+# imagePullSecrets is configuration to reference the k8s Secret resources the
+# Helm chart's pods can get credentials from to pull their images.
+imagePullSecrets: []
+
+# hub relates to the hub pod, responsible for running JupyterHub, its configured
+# Authenticator class KubeSpawner, and its configured Proxy class
+# ConfigurableHTTPProxy. KubeSpawner creates the user pods, and
+# ConfigurableHTTPProxy speaks with the actual ConfigurableHTTPProxy server in
+# the proxy pod.
+hub:
+  revisionHistoryLimit:
+  config:
+    JupyterHub:
+      admin_access: true
+      authenticator_class: dummy
+  service:
+    type: ClusterIP
+    annotations: {}
+    ports:
+      nodePort:
+    extraPorts: []
+    loadBalancerIP:
+  baseUrl: /
+  cookieSecret:
+  initContainers: []
+  nodeSelector: {}
+  tolerations: []
+  concurrentSpawnLimit: 64
+  consecutiveFailureLimit: 5
+  activeServerLimit:
+  deploymentStrategy:
+    ## type: Recreate
+    ## - sqlite-pvc backed hubs require the Recreate deployment strategy as a
+    ##   typical PVC storage can only be bound to one pod at the time.
+    ## - JupyterHub isn't designed to support being run in parallel. More work
+    ##   needs to be done in JupyterHub itself for a fully highly available (HA)
+    ##   deployment of JupyterHub on k8s is to be possible.
+    type: Recreate
+  db:
+    type: sqlite-pvc
+    upgrade:
+    pvc:
+      annotations: {}
+      selector: {}
+      accessModes:
+        - ReadWriteOnce
+      storage: 1Gi
+      subPath:
+      storageClassName:
+    url:
+    password:
+  labels: {}
+  annotations: {}
+  command: []
+  args: []
+  extraConfig: {}
+  extraFiles: {}
+  extraEnv: {}
+  extraContainers: []
+  extraVolumes: []
+  extraVolumeMounts: []
+  image:
+    name: jupyterhub/k8s-hub
+    tag: "3.0.2"
+    pullPolicy:
+    pullSecrets: []
+  resources: {}
+  podSecurityContext:
+    fsGroup: 1000
+  containerSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    allowPrivilegeEscalation: false
+  lifecycle: {}
+  loadRoles: {}
+  services: {}
+  pdb:
+    enabled: false
+    maxUnavailable:
+    minAvailable: 1
+  networkPolicy:
+    enabled: true
+    ingress: []
+    egress: []
+    egressAllowRules:
+      cloudMetadataServer: true
+      dnsPortsCloudMetadataServer: true
+      dnsPortsKubeSystemNamespace: true
+      dnsPortsPrivateIPs: true
+      nonPrivateIPs: true
+      privateIPs: true
+    interNamespaceAccessLabels: ignore
+    allowedIngressPorts: []
+  allowNamedServers: false
+  namedServerLimitPerUser:
+  authenticatePrometheus:
+  redirectToServer:
+  shutdownOnLogout:
+  templatePaths: []
+  templateVars: {}
+  livenessProbe:
+    # The livenessProbe's aim to give JupyterHub sufficient time to startup but
+    # be able to restart if it becomes unresponsive for ~5 min.
+    enabled: true
+    initialDelaySeconds: 300
+    periodSeconds: 10
+    failureThreshold: 30
+    timeoutSeconds: 3
+  readinessProbe:
+    # The readinessProbe's aim is to provide a successful startup indication,
+    # but following that never become unready before its livenessProbe fail and
+    # restarts it if needed. To become unready following startup serves no
+    # purpose as there are no other pod to fallback to in our non-HA deployment.
+    enabled: true
+    initialDelaySeconds: 0
+    periodSeconds: 2
+    failureThreshold: 1000
+    timeoutSeconds: 1
+  existingSecret:
+  serviceAccount:
+    create: true
+    name:
+    annotations: {}
+  extraPodSpec: {}
+
+rbac:
+  create: true
+
+# proxy relates to the proxy pod, the proxy-public service, and the autohttps
+# pod and proxy-http service.
+proxy:
+  secretToken:
+  annotations: {}
+  deploymentStrategy:
+    ## type: Recreate
+    ## - JupyterHub's interaction with the CHP proxy becomes a lot more robust
+    ##   with this configuration. To understand this, consider that JupyterHub
+    ##   during startup will interact a lot with the k8s service to reach a
+    ##   ready proxy pod. If the hub pod during a helm upgrade is restarting
+    ##   directly while the proxy pod is making a rolling upgrade, the hub pod
+    ##   could end up running a sequence of interactions with the old proxy pod
+    ##   and finishing up the sequence of interactions with the new proxy pod.
+    ##   As CHP proxy pods carry individual state this is very error prone. One
+    ##   outcome when not using Recreate as a strategy has been that user pods
+    ##   have been deleted by the hub pod because it considered them unreachable
+    ##   as it only configured the old proxy pod but not the new before trying
+    ##   to reach them.
+    type: Recreate
+    ## rollingUpdate:
+    ## - WARNING:
+    ##   This is required to be set explicitly blank! Without it being
+    ##   explicitly blank, k8s will let eventual old values under rollingUpdate
+    ##   remain and then the Deployment becomes invalid and a helm upgrade would
+    ##   fail with an error like this:
+    ##
+    ##     UPGRADE FAILED
+    ##     Error: Deployment.apps "proxy" is invalid: spec.strategy.rollingUpdate: Forbidden: may not be specified when strategy `type` is 'Recreate'
+    ##     Error: UPGRADE FAILED: Deployment.apps "proxy" is invalid: spec.strategy.rollingUpdate: Forbidden: may not be specified when strategy `type` is 'Recreate'
+    rollingUpdate:
+  # service relates to the proxy-public service
+  service:
+    type: LoadBalancer
+    labels: {}
+    annotations: {}
+    nodePorts:
+      http:
+      https:
+    disableHttpPort: false
+    extraPorts: []
+    loadBalancerIP:
+    loadBalancerSourceRanges: []
+  # chp relates to the proxy pod, which is responsible for routing traffic based
+  # on dynamic configuration sent from JupyterHub to CHP's REST API.
+  chp:
+    revisionHistoryLimit:
+    containerSecurityContext:
+      runAsUser: 65534 # nobody user
+      runAsGroup: 65534 # nobody group
+      allowPrivilegeEscalation: false
+    image:
+      name: jupyterhub/configurable-http-proxy
+      # tag is automatically bumped to new patch versions by the
+      # watch-dependencies.yaml workflow.
+      #
+      tag: "4.5.6" # https://github.com/jupyterhub/configurable-http-proxy/tags
+      pullPolicy:
+      pullSecrets: []
+    extraCommandLineFlags: []
+    livenessProbe:
+      enabled: true
+      initialDelaySeconds: 60
+      periodSeconds: 10
+      failureThreshold: 30
+      timeoutSeconds: 3
+    readinessProbe:
+      enabled: true
+      initialDelaySeconds: 0
+      periodSeconds: 2
+      failureThreshold: 1000
+      timeoutSeconds: 1
+    resources: {}
+    defaultTarget:
+    errorTarget:
+    extraEnv: {}
+    nodeSelector: {}
+    tolerations: []
+    networkPolicy:
+      enabled: true
+      ingress: []
+      egress: []
+      egressAllowRules:
+        cloudMetadataServer: true
+        dnsPortsCloudMetadataServer: true
+        dnsPortsKubeSystemNamespace: true
+        dnsPortsPrivateIPs: true
+        nonPrivateIPs: true
+        privateIPs: true
+      interNamespaceAccessLabels: ignore
+      allowedIngressPorts: [http, https]
+    pdb:
+      enabled: false
+      maxUnavailable:
+      minAvailable: 1
+    extraPodSpec: {}
+  # traefik relates to the autohttps pod, which is responsible for TLS
+  # termination when proxy.https.type=letsencrypt.
+  traefik:
+    revisionHistoryLimit:
+    containerSecurityContext:
+      runAsUser: 65534 # nobody user
+      runAsGroup: 65534 # nobody group
+      allowPrivilegeEscalation: false
+    image:
+      name: traefik
+      # tag is automatically bumped to new patch versions by the
+      # watch-dependencies.yaml workflow.
+      #
+      tag: "v2.10.4" # ref: https://hub.docker.com/_/traefik?tab=tags
+      pullPolicy:
+      pullSecrets: []
+    hsts:
+      includeSubdomains: false
+      preload: false
+      maxAge: 15724800 # About 6 months
+    resources: {}
+    labels: {}
+    extraInitContainers: []
+    extraEnv: {}
+    extraVolumes: []
+    extraVolumeMounts: []
+    extraStaticConfig: {}
+    extraDynamicConfig: {}
+    nodeSelector: {}
+    tolerations: []
+    extraPorts: []
+    networkPolicy:
+      enabled: true
+      ingress: []
+      egress: []
+      egressAllowRules:
+        cloudMetadataServer: true
+        dnsPortsCloudMetadataServer: true
+        dnsPortsKubeSystemNamespace: true
+        dnsPortsPrivateIPs: true
+        nonPrivateIPs: true
+        privateIPs: true
+      interNamespaceAccessLabels: ignore
+      allowedIngressPorts: [http, https]
+    pdb:
+      enabled: false
+      maxUnavailable:
+      minAvailable: 1
+    serviceAccount:
+      create: true
+      name:
+      annotations: {}
+    extraPodSpec: {}
+  secretSync:
+    containerSecurityContext:
+      runAsUser: 65534 # nobody user
+      runAsGroup: 65534 # nobody group
+      allowPrivilegeEscalation: false
+    image:
+      name: jupyterhub/k8s-secret-sync
+      tag: "3.0.2"
+      pullPolicy:
+      pullSecrets: []
+    resources: {}
+  labels: {}
+  https:
+    enabled: false
+    type: letsencrypt
+    #type: letsencrypt, manual, offload, secret
+    letsencrypt:
+      contactEmail:
+      # Specify custom server here (https://acme-staging-v02.api.letsencrypt.org/directory) to hit staging LE
+      acmeServer: https://acme-v02.api.letsencrypt.org/directory
+    manual:
+      key:
+      cert:
+    secret:
+      name:
+      key: tls.key
+      crt: tls.crt
+    hosts: []
+
+# singleuser relates to the configuration of KubeSpawner which runs in the hub
+# pod, and its spawning of user pods such as jupyter-myusername.
+singleuser:
+  podNameTemplate:
+  extraTolerations: []
+  nodeSelector: {}
+  extraNodeAffinity:
+    required: []
+    preferred: []
+  extraPodAffinity:
+    required: []
+    preferred: []
+  extraPodAntiAffinity:
+    required: []
+    preferred: []
+  networkTools:
+    image:
+      name: jupyterhub/k8s-network-tools
+      tag: "3.0.2"
+      pullPolicy:
+      pullSecrets: []
+    resources: {}
+  cloudMetadata:
+    # block set to true will append a privileged initContainer using the
+    # iptables to block the sensitive metadata server at the provided ip.
+    blockWithIptables: true
+    ip: 169.254.169.254
+  networkPolicy:
+    enabled: true
+    ingress: []
+    egress: []
+    egressAllowRules:
+      cloudMetadataServer: false
+      dnsPortsCloudMetadataServer: true
+      dnsPortsKubeSystemNamespace: true
+      dnsPortsPrivateIPs: true
+      nonPrivateIPs: true
+      privateIPs: false
+    interNamespaceAccessLabels: ignore
+    allowedIngressPorts: []
+  events: true
+  extraAnnotations: {}
+  extraLabels:
+    hub.jupyter.org/network-access-hub: "true"
+  extraFiles: {}
+  extraEnv: {}
+  lifecycleHooks: {}
+  initContainers: []
+  extraContainers: []
+  allowPrivilegeEscalation: false
+  uid: 1000
+  fsGid: 100
+  serviceAccountName:
+  storage:
+    type: dynamic
+    extraLabels: {}
+    extraVolumes: []
+    extraVolumeMounts: []
+    static:
+      pvcName:
+      subPath: "{username}"
+    capacity: 10Gi
+    homeMountPath: /home/jovyan
+    dynamic:
+      storageClass:
+      pvcNameTemplate: claim-{username}{servername}
+      volumeNameTemplate: volume-{username}{servername}
+      storageAccessModes: [ReadWriteOnce]
+  image:
+    name: jupyterhub/k8s-singleuser-sample
+    tag: "3.0.2"
+    pullPolicy:
+    pullSecrets: []
+  startTimeout: 300
+  cpu:
+    limit:
+    guarantee:
+  memory:
+    limit:
+    guarantee: 1G
+  extraResource:
+    limits: {}
+    guarantees: {}
+  cmd: jupyterhub-singleuser
+  defaultUrl:
+  extraPodConfig: {}
+  profileList: []
+
+# scheduling relates to the user-scheduler pods and user-placeholder pods.
+scheduling:
+  userScheduler:
+    enabled: true
+    revisionHistoryLimit:
+    replicas: 2
+    logLevel: 4
+    # plugins are configured on the user-scheduler to make us score how we
+    # schedule user pods in a way to help us schedule on the most busy node. By
+    # doing this, we help scale down more effectively. It isn't obvious how to
+    # enable/disable scoring plugins, and configure them, to accomplish this.
+    #
+    # plugins ref: https://kubernetes.io/docs/reference/scheduling/config/#scheduling-plugins-1
+    # migration ref: https://kubernetes.io/docs/reference/scheduling/config/#scheduler-configuration-migrations
+    #
+    plugins:
+      score:
+        # These scoring plugins are enabled by default according to
+        # https://kubernetes.io/docs/reference/scheduling/config/#scheduling-plugins
+        # 2022-02-22.
+        #
+        # Enabled with high priority:
+        # - NodeAffinity
+        # - InterPodAffinity
+        # - NodeResourcesFit
+        # - ImageLocality
+        # Remains enabled with low default priority:
+        # - TaintToleration
+        # - PodTopologySpread
+        # - VolumeBinding
+        # Disabled for scoring:
+        # - NodeResourcesBalancedAllocation
+        #
+        disabled:
+          # We disable these plugins (with regards to scoring) to not interfere
+          # or complicate our use of NodeResourcesFit.
+          - name: NodeResourcesBalancedAllocation
+          # Disable plugins to be allowed to enable them again with a different
+          # weight and avoid an error.
+          - name: NodeAffinity
+          - name: InterPodAffinity
+          - name: NodeResourcesFit
+          - name: ImageLocality
+        enabled:
+          - name: NodeAffinity
+            weight: 14631
+          - name: InterPodAffinity
+            weight: 1331
+          - name: NodeResourcesFit
+            weight: 121
+          - name: ImageLocality
+            weight: 11
+    pluginConfig:
+      # Here we declare that we should optimize pods to fit based on a
+      # MostAllocated strategy instead of the default LeastAllocated.
+      - name: NodeResourcesFit
+        args:
+          scoringStrategy:
+            resources:
+              - name: cpu
+                weight: 1
+              - name: memory
+                weight: 1
+            type: MostAllocated
+    containerSecurityContext:
+      runAsUser: 65534 # nobody user
+      runAsGroup: 65534 # nobody group
+      allowPrivilegeEscalation: false
+    image:
+      # IMPORTANT: Bumping the minor version of this binary should go hand in
+      #            hand with an inspection of the user-scheduelrs RBAC resources
+      #            that we have forked in
+      #            templates/scheduling/user-scheduler/rbac.yaml.
+      #
+      #            Debugging advice:
+      #
+      #            - Is configuration of kube-scheduler broken in
+      #              templates/scheduling/user-scheduler/configmap.yaml?
+      #
+      #            - Is the kube-scheduler binary's compatibility to work
+      #              against a k8s api-server that is too new or too old?
+      #
+      #            - You can update the GitHub workflow that runs tests to
+      #              include "deploy/user-scheduler" in the k8s namespace report
+      #              and reduce the user-scheduler deployments replicas to 1 in
+      #              dev-config.yaml to get relevant logs from the user-scheduler
+      #              pods. Inspect the "Kubernetes namespace report" action!
+      #
+      #            - Typical failures are that kube-scheduler fails to search for
+      #              resources via its "informers", and won't start trying to
+      #              schedule pods before they succeed which may require
+      #              additional RBAC permissions or that the k8s api-server is
+      #              aware of the resources.
+      #
+      #            - If "successfully acquired lease" can be seen in the logs, it
+      #              is a good sign kube-scheduler is ready to schedule pods.
+      #
+      name: registry.k8s.io/kube-scheduler
+      # tag is automatically bumped to new patch versions by the
+      # watch-dependencies.yaml workflow. The minor version is pinned in the
+      # workflow, and should be updated there if a minor version bump is done
+      # here. We aim to stay around 1 minor version behind the latest k8s
+      # version.
+      #
+      tag: "v1.26.7" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG
+      pullPolicy:
+      pullSecrets: []
+    nodeSelector: {}
+    tolerations: []
+    labels: {}
+    annotations: {}
+    pdb:
+      enabled: true
+      maxUnavailable: 1
+      minAvailable:
+    resources: {}
+    serviceAccount:
+      create: true
+      name:
+      annotations: {}
+    extraPodSpec: {}
+  podPriority:
+    enabled: false
+    globalDefault: false
+    defaultPriority: 0
+    imagePullerPriority: -5
+    userPlaceholderPriority: -10
+  userPlaceholder:
+    enabled: true
+    image:
+      name: registry.k8s.io/pause
+      # tag is automatically bumped to new patch versions by the
+      # watch-dependencies.yaml workflow.
+      #
+      # If you update this, also update prePuller.pause.image.tag
+      #
+      tag: "3.9"
+      pullPolicy:
+      pullSecrets: []
+    revisionHistoryLimit:
+    replicas: 0
+    labels: {}
+    annotations: {}
+    containerSecurityContext:
+      runAsUser: 65534 # nobody user
+      runAsGroup: 65534 # nobody group
+      allowPrivilegeEscalation: false
+    resources: {}
+  corePods:
+    tolerations:
+      - key: hub.jupyter.org/dedicated
+        operator: Equal
+        value: core
+        effect: NoSchedule
+      - key: hub.jupyter.org_dedicated
+        operator: Equal
+        value: core
+        effect: NoSchedule
+    nodeAffinity:
+      matchNodePurpose: prefer
+  userPods:
+    tolerations:
+      - key: hub.jupyter.org/dedicated
+        operator: Equal
+        value: user
+        effect: NoSchedule
+      - key: hub.jupyter.org_dedicated
+        operator: Equal
+        value: user
+        effect: NoSchedule
+    nodeAffinity:
+      matchNodePurpose: prefer
+
+# prePuller relates to the hook|continuous-image-puller DaemonsSets
+prePuller:
+  revisionHistoryLimit:
+  labels: {}
+  annotations: {}
+  resources: {}
+  containerSecurityContext:
+    runAsUser: 65534 # nobody user
+    runAsGroup: 65534 # nobody group
+    allowPrivilegeEscalation: false
+  extraTolerations: []
+  # hook relates to the hook-image-awaiter Job and hook-image-puller DaemonSet
+  hook:
+    enabled: true
+    pullOnlyOnChanges: true
+    # image and the configuration below relates to the hook-image-awaiter Job
+    image:
+      name: jupyterhub/k8s-image-awaiter
+      tag: "3.0.2"
+      pullPolicy:
+      pullSecrets: []
+    containerSecurityContext:
+      runAsUser: 65534 # nobody user
+      runAsGroup: 65534 # nobody group
+      allowPrivilegeEscalation: false
+    podSchedulingWaitDuration: 10
+    nodeSelector: {}
+    tolerations: []
+    resources: {}
+    serviceAccount:
+      create: true
+      name:
+      annotations: {}
+  continuous:
+    enabled: true
+  pullProfileListImages: true
+  extraImages: {}
+  pause:
+    containerSecurityContext:
+      runAsUser: 65534 # nobody user
+      runAsGroup: 65534 # nobody group
+      allowPrivilegeEscalation: false
+    image:
+      name: registry.k8s.io/pause
+      # tag is automatically bumped to new patch versions by the
+      # watch-dependencies.yaml workflow.
+      #
+      # If you update this, also update scheduling.userPlaceholder.image.tag
+      #
+      tag: "3.9"
+      pullPolicy:
+      pullSecrets: []
+
+ingress:
+  enabled: false
+  annotations: {}
+  ingressClassName:
+  hosts: []
+  pathSuffix:
+  pathType: Prefix
+  tls: []
+
+# cull relates to the jupyterhub-idle-culler service, responsible for evicting
+# inactive singleuser pods.
+#
+# The configuration below, except for enabled, corresponds to command-line flags
+# for jupyterhub-idle-culler as documented here:
+# https://github.com/jupyterhub/jupyterhub-idle-culler#as-a-standalone-script
+#
+cull:
+  enabled: true
+  users: false # --cull-users
+  adminUsers: true # --cull-admin-users
+  removeNamedServers: false # --remove-named-servers
+  timeout: 3600 # --timeout
+  every: 600 # --cull-every
+  concurrency: 10 # --concurrency
+  maxAge: 0 # --max-age
+
+debug:
+  enabled: false
+
+global:
+  safeToShowValues: false
+```
+
+</details>
+
+##### Changes You Might Need to Make:
+
+- Change the config*.yaml image-> name and tag that you deploy to use your images.
+- You might want to change the number of user placeholder pods
+- Also change the hub->concurrentSpawnLimit
+- Change the password, ssl secret, and domain name if applicable
+- Change the aws/eksctl-config.yaml autoscaling ranges depending on your needs.
+- Remove pullPolicy Always if you don't expect to want to update/re-pull an image every time (ideal for production)
+
+And here is how to deploy, assuming the default namespace. Please choose your cloud appropriately!
+
+```bash
+# This is for Google Cloud
+helm install flux-jupyter jupyterhub/jupyterhub --values gcp/config.yaml
+
+# This is for Amazon EKS without SSL
+helm install flux-jupyter jupyterhub/jupyterhub --values aws/config-aws.yaml
+
+# This is for Amazon EKS with SSL (assuming DNS is configured)
+helm install flux-jupyter jupyterhub/jupyterhub --values aws/config-aws-ssl.yaml
+```
+
+If you mess something up, you can change the file and run `helm upgrade`:
+
+```bash
+helm upgrade flux-jupyter jupyterhub/jupyterhub --values aws/config-aws-ssl.yaml
+```
+
+If you REALLY mess something up, you can tear the whole thing down and then install again:
+
+```bash
+helm uninstall flux-jupyter
+```
+
+Note that in practice of bringing this up and down many times, we have seen the proxy-public
+not create a handful of times. If this happens, just tear down everything, wait for all pods
+to terminate, and then start freshly. When you run a command, also note that the terminal will hang!
+You can see progress in another terminal:
+
+```bash
+$ kubectl get pods
+```
+
+or try watching:
+
+```bash
+$ kubectl get pods --watch
+```
+
+When it's done, you should see:
+
+```bash
+$ kubectl get pods
+NAME                              READY   STATUS    RESTARTS   AGE
+continuous-image-puller-nvr4g     1/1     Running   0          5m31s
+hub-7d59dfb748-mrfdv              1/1     Running   0          5m31s
+proxy-d9dfbf77b-v488t             1/1     Running   0          5m31s
+user-scheduler-587fcc5479-c4mmk   1/1     Running   0          5m31s
+user-scheduler-587fcc5479-x6jmk   1/1     Running   0          5m31s
+```
+
+(The numbers of each above might vary based on the size of your cluster). And the terminal provides a lot of useful output:
+
+<details>
+
+<summary>Output of Terminal on Completed Install</summary>
+
+```console
+NAME: flux-jupyter
+LAST DEPLOYED: Sun Aug 27 15:00:15 2023
+NAMESPACE: default
+STATUS: deployed
+REVISION: 1
+TEST SUITE: None
+NOTES:
+.      __                          __                  __  __          __
+      / / __  __  ____    __  __  / /_  ___    _____  / / / / __  __  / /_
+ __  / / / / / / / __ \  / / / / / __/ / _ \  / ___/ / /_/ / / / / / / __ \
+/ /_/ / / /_/ / / /_/ / / /_/ / / /_  /  __/ / /    / __  / / /_/ / / /_/ /
+\____/  \__,_/ / .___/  \__, /  \__/  \___/ /_/    /_/ /_/  \__,_/ /_.___/
+              /_/      /____/
+
+       You have successfully installed the official JupyterHub Helm chart!
+
+### Installation info
+
+  - Kubernetes namespace: default
+  - Helm release name:    flux-jupyter
+  - Helm chart version:   3.0.2
+  - JupyterHub version:   4.0.2
+  - Hub pod packages:     See https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/3.0.2/images/hub/requirements.txt
+
+### Followup links
+
+  - Documentation:  https://z2jh.jupyter.org
+  - Help forum:     https://discourse.jupyter.org
+  - Social chat:    https://gitter.im/jupyterhub/jupyterhub
+  - Issue tracking: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues
+
+### Post-installation checklist
+
+  - Verify that created Pods enter a Running state:
+
+      kubectl --namespace=default get pod
+
+    If a pod is stuck with a Pending or ContainerCreating status, diagnose with:
+
+      kubectl --namespace=default describe pod <name of pod>
+
+    If a pod keeps restarting, diagnose with:
+
+      kubectl --namespace=default logs --previous <name of pod>
+
+  - Verify an external IP is provided for the k8s Service proxy-public.
+
+      kubectl --namespace=default get service proxy-public
+
+    If the external ip remains <pending>, diagnose with:
+
+      kubectl --namespace=default describe service proxy-public
+
+  - Verify web based access:
+
+    You have not configured a k8s Ingress resource so you need to access the k8s
+    Service proxy-public directly.
+
+    If your computer is outside the k8s cluster, you can port-forward traffic to
+    the k8s Service proxy-public with kubectl to access it from your
+    computer.
+
+      kubectl --namespace=default port-forward service/proxy-public 8080:http
+
+    Try insecure HTTP access: http://localhost:8080
+```
+
+</details>
+
+#### 3. Get Public Proxy
+
+Then to find the public proxy:
+
+```bash
+kubectl get service proxy-public
+```
+```console
+NAME           TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
+proxy-public   LoadBalancer   10.96.179.168   <pending>     80:32530/TCP   7m22s
+```
+or:
+
+```bash
+kubectl get service proxy-public --output jsonpath='{.status.loadBalancer.ingress[].ip}'
+```
+
+Note that for Google, it looks like an ip address. For aws you get a string monster!
+
+```console
+a054af2758c1549f780a433e5515a9d4-1012389935.us-east-2.elb.amazonaws.com
+```
+
+This might take a minute to fully be there - if it doesn't work immediately give it that.
+At this point, you should be able to login as any user, open the notebook (nested two levels)
+and interact with Flux! Remember that if you don't see the service, try deleting everything and
+starting fresh. If that doesn't work, there might be some new error we didn't anticipate,
+and you can look at logs.
+
+#### Clean up
+
+For both:
+
+```bash
+helm uninstall flux-jupyter
+```
+
+For Google Cloud:
+
+```bash
+gcloud container clusters delete flux-jupyter
+```
+
+For AWS:
+
+```bash
+# If you don't do this first, it will tell the pods are un-evictable and loop forever
+$ kubectl delete pod --all-namespaces --all --force
+# Then delete the cluster
+$ eksctl delete cluster --config-file aws/eksctl-config.yaml --wait
+```
+
+In practice, you'll need to start deleting with `eksctl` and then you will see the pod eviction warning
+(because they were re-created) and you'll need to run the command again, and then it will clean up.
+
 ### License
 
 This repository is distributed under the terms of the MIT license.

From aa3f753a604ce3740e2a84a1f318ea5944895435 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 15:22:56 -0700
Subject: [PATCH 13/26] Typo fix in README

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 953827ae..3ef06679 100644
--- a/README.md
+++ b/README.md
@@ -128,7 +128,7 @@ you should install.
 eksctl create cluster --config-file aws/eksctl-config.yaml
 
 # Create an EKS cluster with io1 node storage but no autoscaling, used for the RADIUSS 2023 tutorial
-eksctl create cluster --config-file aws/eksctl-radiuss-tutorial-2023.yaml
+eksctl create cluster --config-file aws/eksctl-radiuss-2024.yaml
 ```
 
 You can find vanilla (manual) instructions [here](https://z2jh.jupyter.org/en/stable/kubernetes/amazon/step-zero-aws-eks.html) if you

From 2974737601b840b0368d6b59e1019adeb62c9888 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 15:27:58 -0700
Subject: [PATCH 14/26] Adds note about getting AWS CLI

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 3ef06679..8ba236af 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,7 @@ $ podman machine stop
 This tutorial borrows from the infrastructure created by [Vanessa Sochat](https://github.com/vsoch) and [Dan Milroy](https://github.com/milroy) for the [Flux Tutorial](https://github.com/flux-framework/Tutorials/tree/2024-radiuss-aws/2024-RADIUSS-AWS/JupyterNotebook). Thanks to this infrastructure, this tutorial can be deployed to Kubernetes using the following tools:
 * `kubectl`
 * `eksctl` (for AWS)
+* AWS CLI (optional, but recommended)
 * `gcloud` (for Google Cloud)
 
 The following instructions describe how to deploy this tutorial to Kubernetes on either Google Cloud or AWS.

From d1277df0e2e80bc764b5ff003537fa2c012ee2a3 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 15:40:34 -0700
Subject: [PATCH 15/26] Adds helm to required packages for K8S deployment

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 8ba236af..21ef18b8 100644
--- a/README.md
+++ b/README.md
@@ -99,6 +99,7 @@ $ podman machine stop
 
 This tutorial borrows from the infrastructure created by [Vanessa Sochat](https://github.com/vsoch) and [Dan Milroy](https://github.com/milroy) for the [Flux Tutorial](https://github.com/flux-framework/Tutorials/tree/2024-radiuss-aws/2024-RADIUSS-AWS/JupyterNotebook). Thanks to this infrastructure, this tutorial can be deployed to Kubernetes using the following tools:
 * `kubectl`
+* `helm`
 * `eksctl` (for AWS)
 * AWS CLI (optional, but recommended)
 * `gcloud` (for Google Cloud)

From fc2909cca74d4cd8b704338005e0f4f236a88695 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 15:43:31 -0700
Subject: [PATCH 16/26] Changes flux-jupyter to thicket-tutorial-jupyter

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 21ef18b8..9759739f 100644
--- a/README.md
+++ b/README.md
@@ -898,13 +898,13 @@ helm install flux-jupyter jupyterhub/jupyterhub --values aws/config-aws-ssl.yaml
 If you mess something up, you can change the file and run `helm upgrade`:
 
 ```bash
-helm upgrade flux-jupyter jupyterhub/jupyterhub --values aws/config-aws-ssl.yaml
+helm upgrade thicket-tutorial-jupyter jupyterhub/jupyterhub --values aws/config-aws-ssl.yaml
 ```
 
 If you REALLY mess something up, you can tear the whole thing down and then install again:
 
 ```bash
-helm uninstall flux-jupyter
+helm uninstall thicket-tutorial-jupyter
 ```
 
 Note that in practice of bringing this up and down many times, we have seen the proxy-public
@@ -941,7 +941,7 @@ user-scheduler-587fcc5479-x6jmk   1/1     Running   0          5m31s
 <summary>Output of Terminal on Completed Install</summary>
 
 ```console
-NAME: flux-jupyter
+NAME: thicket-tutorial-jupyter
 LAST DEPLOYED: Sun Aug 27 15:00:15 2023
 NAMESPACE: default
 STATUS: deployed
@@ -960,7 +960,7 @@ NOTES:
 ### Installation info
 
   - Kubernetes namespace: default
-  - Helm release name:    flux-jupyter
+  - Helm release name:    thicket-tutorial-jupyter
   - Helm chart version:   3.0.2
   - JupyterHub version:   4.0.2
   - Hub pod packages:     See https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/3.0.2/images/hub/requirements.txt

From 73e143d09bb62209b62750cf36460e223285b3fd Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 15:49:48 -0700
Subject: [PATCH 17/26] Removes commands with SSL

---
 README.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 9759739f..d7b709bf 100644
--- a/README.md
+++ b/README.md
@@ -890,15 +890,12 @@ helm install flux-jupyter jupyterhub/jupyterhub --values gcp/config.yaml
 
 # This is for Amazon EKS without SSL
 helm install flux-jupyter jupyterhub/jupyterhub --values aws/config-aws.yaml
-
-# This is for Amazon EKS with SSL (assuming DNS is configured)
-helm install flux-jupyter jupyterhub/jupyterhub --values aws/config-aws-ssl.yaml
 ```
 
 If you mess something up, you can change the file and run `helm upgrade`:
 
 ```bash
-helm upgrade thicket-tutorial-jupyter jupyterhub/jupyterhub --values aws/config-aws-ssl.yaml
+helm upgrade thicket-tutorial-jupyter jupyterhub/jupyterhub --values aws/config-aws.yaml
 ```
 
 If you REALLY mess something up, you can tear the whole thing down and then install again:

From ab2e18ee13f2dcca68ee680d63a8ccaa11658f00 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 16:02:30 -0700
Subject: [PATCH 18/26] Replaces flux-jupyter with thicket-tutorial-jupyter

---
 README.md | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index d7b709bf..50881559 100644
--- a/README.md
+++ b/README.md
@@ -36,25 +36,25 @@ or by clicking the badge at the top of this file.
 We provide a Dockerfile for users to run the notebooks locally. To run locally *and interactively*, you must first build the Docker container with:
 
 ```bash
-$ docker build -t thicket-tutorial -f docker/Dockerfile.spawn .
+docker build -t thicket-tutorial -f docker/Dockerfile.spawn .
 ```
 
 Then, you must create a Docker network with:
 
 ```bash
-$ docker network create jupyterhub
+docker network create jupyterhub
 ```
 
 Finally, you can launch the tutorial. To launch the tutorial without preserving any changes, run:
 
 ```bash
-$ docker run --rm -it --entrypoint /start.sh -v /var/run/docker.sock:/var/run/docker.sock --net jupyterhub --name jupyterhub -p 8888:8888 thicket-tutorial
+docker run --rm -it --entrypoint /start.sh -v /var/run/docker.sock:/var/run/docker.sock --net jupyterhub --name jupyterhub -p 8888:8888 thicket-tutorial
 ```
 
 If you would rather your changes be preserved, run:
 
 ```bash
-$ docker run --rm -it --entrypoint /start.sh -v /var/run/docker.sock:/var/run/docker.sock -v .:/home/jovyan --net jupyterhub --name jupyterhub -p 8888:8888 thicket-tutorial
+docker run --rm -it --entrypoint /start.sh -v /var/run/docker.sock:/var/run/docker.sock -v .:/home/jovyan --net jupyterhub --name jupyterhub -p 8888:8888 thicket-tutorial
 ```
 
 Alternatively, if you want to run the notebooks automatically (i.e., non-interactive), you can simply run the `dev_scripts/autorun.sh` script. This script executes the same commands as above, but it uses the `run_all.sh` script as an entrypoint instead of `start.sh`.
@@ -68,31 +68,31 @@ If you want to use podman instead of docker, you can replace "docker" with "podm
 First initialize and start podman:
 
 ```bash
-$ podman machine init
-$ podman machine start
+podman machine init
+podman machine start
 ```
 
 Then build the container:
 
 ```bash
-$ podman build -t thicket-tutorial -f Dockerfile .
+podman build -t thicket-tutorial -f Dockerfile .
 ```
 
 Then create a network:
 
 ```bash
-$ podman network create jupyterhub
+podman network create jupyterhub
 ```
 
 Then launch the tutorial:
 
 ```bash
-$ podman run --rm -it --entrypoint /start.sh -v /var/run/docker.sock:/var/run/docker.sock --net jupyterhub --name jupyterhub -p 8888:8888 thicket-tutorial
+podman run --rm -it --entrypoint /start.sh -v /var/run/docker.sock:/var/run/docker.sock --net jupyterhub --name jupyterhub -p 8888:8888 thicket-tutorial
 ```
 
 Clean up after you are done:
 ```bash
-$ podman machine stop
+podman machine stop
 ```
 
 ### Deploying the Tutorial with Kubernetes
@@ -115,7 +115,7 @@ with [gcloud auth login](https://cloud.google.com/sdk/gcloud/reference/auth/logi
 
 ```bash
 export GOOGLE_PROJECT=myproject
-gcloud container clusters create flux-jupyter --project $GOOGLE_PROJECT \
+gcloud container clusters create thicket-tutorial-jupyter --project $GOOGLE_PROJECT \
     --zone us-central1-a --machine-type n1-standard-2 \
     --num-nodes=4 --enable-network-policy --enable-intra-node-visibility
 ```
@@ -886,10 +886,10 @@ And here is how to deploy, assuming the default namespace. Please choose your cl
 
 ```bash
 # This is for Google Cloud
-helm install flux-jupyter jupyterhub/jupyterhub --values gcp/config.yaml
+helm install thicket-tutorial-jupyter jupyterhub/jupyterhub --values gcp/config.yaml
 
 # This is for Amazon EKS without SSL
-helm install flux-jupyter jupyterhub/jupyterhub --values aws/config-aws.yaml
+helm install thicket-tutorial-jupyter jupyterhub/jupyterhub --values aws/config-aws.yaml
 ```
 
 If you mess something up, you can change the file and run `helm upgrade`:
@@ -910,19 +910,20 @@ to terminate, and then start freshly. When you run a command, also note that the
 You can see progress in another terminal:
 
 ```bash
-$ kubectl get pods
+kubectl get pods
 ```
 
 or try watching:
 
 ```bash
-$ kubectl get pods --watch
+kubectl get pods --watch
 ```
 
 When it's done, you should see:
 
 ```bash
-$ kubectl get pods
+kubectl get pods
+
 NAME                              READY   STATUS    RESTARTS   AGE
 continuous-image-puller-nvr4g     1/1     Running   0          5m31s
 hub-7d59dfb748-mrfdv              1/1     Running   0          5m31s
@@ -1041,13 +1042,13 @@ and you can look at logs.
 For both:
 
 ```bash
-helm uninstall flux-jupyter
+helm uninstall thicket-tutorial-jupyter
 ```
 
 For Google Cloud:
 
 ```bash
-gcloud container clusters delete flux-jupyter
+gcloud container clusters delete thicket-tutorial-jupyter
 ```
 
 For AWS:

From 0f35a75c2054b702812a987b5e47a608554823c8 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 16:51:05 -0700
Subject: [PATCH 19/26] Adds platform for pulled image

---
 docker/Dockerfile.hub | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile.hub b/docker/Dockerfile.hub
index 4bf8192e..a80cb926 100644
--- a/docker/Dockerfile.hub
+++ b/docker/Dockerfile.hub
@@ -1,9 +1,9 @@
 ARG JUPYTERHUB_VERSION=3.0.2
-FROM jupyterhub/k8s-hub:$JUPYTERHUB_VERSION
+FROM --platform=linux/amd64 jupyterhub/k8s-hub:$JUPYTERHUB_VERSION
 
 # Add template override directory and copy our example
 # Replace the default
 USER root
 # RUN mv /usr/local/share/jupyterhub/templates/login.html /usr/local/share/jupyterhub/templates/_login.html
 # COPY ./docker/login.html /usr/local/share/jupyterhub/templates/login.html
-USER jovyan
\ No newline at end of file
+USER jovyan

From cbd03c18301043df48d5072cd07bef840ee877af Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 16:51:25 -0700
Subject: [PATCH 20/26] Adds platform for pulled images

---
 docker/Dockerfile.init | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile.init b/docker/Dockerfile.init
index 06c1f211..0b07be77 100644
--- a/docker/Dockerfile.init
+++ b/docker/Dockerfile.init
@@ -1,4 +1,4 @@
-FROM alpine/git
+FROM --platform=linux/amd64 alpine/git
 
 ENV NB_USER=jovyan \
     NB_UID=1000 \
@@ -10,4 +10,4 @@ RUN adduser \
     -u ${NB_UID} \
     -h ${HOME} \
     ${NB_USER}
-COPY ./docker/init-entrypoint.sh /entrypoint.sh
\ No newline at end of file
+COPY ./docker/init-entrypoint.sh /entrypoint.sh

From 3d2383319ca3916214ce89b2b0f0f23e363398ed Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 16:51:53 -0700
Subject: [PATCH 21/26] Adds platform for pulled image

---
 docker/Dockerfile.spawn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/Dockerfile.spawn b/docker/Dockerfile.spawn
index a163150f..eb536d32 100644
--- a/docker/Dockerfile.spawn
+++ b/docker/Dockerfile.spawn
@@ -1,4 +1,4 @@
-FROM continuumio/miniconda3:4.12.0
+FROM --platform=linux/amd64 continuumio/miniconda3:4.12.0
 
 USER root
 

From 5395cb3a14dd2ff2332b6394a4f612978f448b13 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 17:07:53 -0700
Subject: [PATCH 22/26] Fixes image names

---
 aws/config-aws.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/aws/config-aws.yaml b/aws/config-aws.yaml
index 7ef33f58..38797bc1 100644
--- a/aws/config-aws.yaml
+++ b/aws/config-aws.yaml
@@ -16,7 +16,7 @@ hub:
 
   # This is the image I built based off of jupyterhub/k8s-hub, 3.0.2 at time of writing this
   image: 
-    name: ghcr.io/LLNL/thicket-jupyter-hub
+    name: ghcr.io/LLNL/thicket-tutorial-hub
     tag: "radiuss-2024"
     pullPolicy: Always
 
@@ -31,7 +31,7 @@ scheduling:
 # This is the "spawn" image
 singleuser:
   image:
-    name: ghcr.io/LLNL/thicket-jupyter-spawn
+    name: ghcr.io/LLNL/thicket-tutorial-spawn
     tag: "radiuss-2024"
     pullPolicy: Always
   cpu:
@@ -43,7 +43,7 @@ singleuser:
   # This runs as the root user, who clones and changes ownership to uid 1000
   initContainers:
     - name: init-myservice
-      image: ghcr.io/LLNL/thicket-jupyter-init:radiuss-2024
+      image: ghcr.io/LLNL/thicket-tutorial-init:radiuss-2024
       command: ["/entrypoint.sh"]
       volumeMounts:
         - name: thicket-tutorial
@@ -59,4 +59,4 @@ singleuser:
         emptyDir: {}
     extraVolumeMounts:
       - name: thicket-tutorial
-        mountPath: /home/jovyan
\ No newline at end of file
+        mountPath: /home/jovyan

From 669cf41dfabc51af8fef7b443a8110070347d511 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 17:12:43 -0700
Subject: [PATCH 23/26] Fixes capitalization

---
 aws/config-aws.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/aws/config-aws.yaml b/aws/config-aws.yaml
index 38797bc1..87931e52 100644
--- a/aws/config-aws.yaml
+++ b/aws/config-aws.yaml
@@ -16,7 +16,7 @@ hub:
 
   # This is the image I built based off of jupyterhub/k8s-hub, 3.0.2 at time of writing this
   image: 
-    name: ghcr.io/LLNL/thicket-tutorial-hub
+    name: ghcr.io/llnl/thicket-tutorial-hub
     tag: "radiuss-2024"
     pullPolicy: Always
 
@@ -31,7 +31,7 @@ scheduling:
 # This is the "spawn" image
 singleuser:
   image:
-    name: ghcr.io/LLNL/thicket-tutorial-spawn
+    name: ghcr.io/llnl/thicket-tutorial-spawn
     tag: "radiuss-2024"
     pullPolicy: Always
   cpu:
@@ -43,7 +43,7 @@ singleuser:
   # This runs as the root user, who clones and changes ownership to uid 1000
   initContainers:
     - name: init-myservice
-      image: ghcr.io/LLNL/thicket-tutorial-init:radiuss-2024
+      image: ghcr.io/llnl/thicket-tutorial-init:radiuss-2024
       command: ["/entrypoint.sh"]
       volumeMounts:
         - name: thicket-tutorial

From b92fc87b845e678e8743f26b90026e8a8df37f11 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 17:20:16 -0700
Subject: [PATCH 24/26] Fixes perms on init-entrypoint.sh

---
 docker/init-entrypoint.sh | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 docker/init-entrypoint.sh

diff --git a/docker/init-entrypoint.sh b/docker/init-entrypoint.sh
old mode 100644
new mode 100755

From 8d71165ff14bd39d2f6841514d2746ae9578de5c Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 17:43:13 -0700
Subject: [PATCH 25/26] Updates pull policy for init

---
 aws/config-aws.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/aws/config-aws.yaml b/aws/config-aws.yaml
index 87931e52..d0c93003 100644
--- a/aws/config-aws.yaml
+++ b/aws/config-aws.yaml
@@ -43,6 +43,7 @@ singleuser:
   # This runs as the root user, who clones and changes ownership to uid 1000
   initContainers:
     - name: init-myservice
+      pullPolicy: Always
       image: ghcr.io/llnl/thicket-tutorial-init:radiuss-2024
       command: ["/entrypoint.sh"]
       volumeMounts:

From 1f43da3b11c34f7abfc3b2e6324052a8bec60e52 Mon Sep 17 00:00:00 2001
From: Ian Lumsden <lumsden.ian@gmail.com>
Date: Tue, 6 Aug 2024 17:48:42 -0700
Subject: [PATCH 26/26] Remove pull policy from initContainers

---
 aws/config-aws.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/aws/config-aws.yaml b/aws/config-aws.yaml
index d0c93003..87931e52 100644
--- a/aws/config-aws.yaml
+++ b/aws/config-aws.yaml
@@ -43,7 +43,6 @@ singleuser:
   # This runs as the root user, who clones and changes ownership to uid 1000
   initContainers:
     - name: init-myservice
-      pullPolicy: Always
       image: ghcr.io/llnl/thicket-tutorial-init:radiuss-2024
       command: ["/entrypoint.sh"]
       volumeMounts: