From 9edf64a6fc8bd06363d382bf4fa4de6c606044a2 Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Wed, 31 Mar 2021 16:57:43 -0700 Subject: [PATCH 1/5] adding service mesh concept page --- daprdocs/content/en/concepts/faq.md | 23 +---------- daprdocs/content/en/concepts/service-mesh.md | 41 +++++++++++++++++++ daprdocs/static/images/service-mesh.png | Bin 0 -> 60762 bytes 3 files changed, 43 insertions(+), 21 deletions(-) create mode 100644 daprdocs/content/en/concepts/service-mesh.md create mode 100644 daprdocs/static/images/service-mesh.png diff --git a/daprdocs/content/en/concepts/faq.md b/daprdocs/content/en/concepts/faq.md index 8106ef646..1c291d447 100644 --- a/daprdocs/content/en/concepts/faq.md +++ b/daprdocs/content/en/concepts/faq.md @@ -6,27 +6,8 @@ weight: 1000 description: "Common questions asked about Dapr" --- -## Networking and service meshes - -### Understanding how Dapr works with service meshes - -Dapr is a distributed application runtime. Unlike a service mesh which is focused on networking concerns, Dapr is focused on providing building blocks that make it easier for developers to build microservices. Dapr is developer-centric versus service meshes being infrastructure-centric. - -Dapr can be used alongside any service mesh such as Istio and Linkerd. A service mesh is a dedicated network infrastructure layer designed to connect services to one another and provide insightful telemetry. A service mesh doesn’t introduce new functionality to an application. - -That is where Dapr comes in. Dapr is a language agnostic programming model built on http and gRPC that provides distributed system building blocks via open APIs for asynchronous pub-sub, stateful services, service discovery and invocation, actors and distributed tracing. Dapr introduces new functionality to an app’s runtime. Both service meshes and Dapr run as side-car services to your application, one giving network features and the other distributed application capabilities. - -Watch this [video](https://www.youtube.com/watch?v=xxU68ewRmz8&feature=youtu.be&t=140) on how Dapr and service meshes work together. - -### Understanding how Dapr interoperates with the service mesh interface (SMI) - -SMI is an abstraction layer that provides a common API surface across different service mesh technology. Dapr can leverage any service mesh technology including SMI. - -### Differences between Dapr, Istio and Linkerd - -Read [How does Dapr work with service meshes?](https://github.com/dapr/dapr/wiki/FAQ#how-does-dapr-work-with-service-meshes) Istio is an open source service mesh implementation that focuses on Layer7 routing, traffic flow management and mTLS authentication between services. Istio uses a sidecar to intercept traffic going into and out of a container and enforces a set of network policies on them. - -Istio is not a programming model and does not focus on application level features such as state management, pub-sub, bindings etc. That is where Dapr comes in. +## How does Dapr compare to service meshes such as Istio, Linkerd or OSM? +Dapr is not a service mesh. While service meshes focus on fine grained network control, Dapr is focused on helping developers build distributed applications. Both Dapr and service meshes use the sidecar pattern and run alongside the application and they do have some overlapping features but also offer unique benefits. For more information please read the [Dapr & service meshes]({{}}) concept page. ## Performance Benchmarks The Dapr project is focused on performance due to the inherent discussion of Dapr being a sidecar to your application. See [here]({{< ref perf-service-invocation.md >}}) for updated performance numbers. diff --git a/daprdocs/content/en/concepts/service-mesh.md b/daprdocs/content/en/concepts/service-mesh.md new file mode 100644 index 000000000..cba402532 --- /dev/null +++ b/daprdocs/content/en/concepts/service-mesh.md @@ -0,0 +1,41 @@ +--- +type: docs +title: "Dapr & service meshes" +linkTitle: "Service meshes" +weight: 700 +description: > + How Dapr compares to, and works with service meshes +--- + +Dapr uses the sidecar architecture, running as a separate process alongside the application and includes features such as network security and distributed tracing. This often raises the question - how does Dapr compares to service mesh solutions such as Linkerd and Istio? + +## How Dapr and service meshes compare +While Dapr and service meshes do offer some overlapping capabilities, **Dapr is not a service mesh**. Unlike a service mesh which is focused on networking concerns, Dapr is focused on providing building blocks that make it easier for developers to build microservices. Dapr is developer-centric versus service meshes being infrastructure-centric. + +In most cases, developers do not need to be aware that the application they are building will be deployed in an environment which includes a service mesh since a service mesh intercepts network traffic. Service meshes are mostly managed and deployed by system operators. However, Dapr building block APIs are very much intended to be used by developers explicitly in their code. + +Some common capabilities Dapr shares with service meshes include: +- Secure service-to-service communication through mTLS encryption +- Metric collection +- Distributed tracing +- Resiliency through retries + +However, Dapr does not provide capabilities for traffic behavior such as routing or traffic splitting. Dapr does provide application level building blocks for state management, pub/sub messaging, actors and more. + +The illustration below captures some of the overlapping features and unique capabilities Dapr and service meshes offer: + + + +## Using Dapr together with a service mesh +Dapr can work well with service meshes. In the case where both are deployed together, both a Dapr and service mesh sidecar will be running in the application environment. In those cases, it is recommended to ensure only Dapr or only the service mesh perform mTLS encryption and distributed tracing. + +Watch these recordings from the Dapr community calls showing presentations on running Dapr together with service meshes: +- General overview and a demo of [Dapr and Linkerd](https://youtu.be/xxU68ewRmz8?t=142) +- Demo of running [Dapr and Istio](https://youtu.be/ngIDOQApx8g?t=335) + +## When to choose using Dapr, a service mesh or both +Should you be using Dapr, a service mesh or both? The answer depends on your requirements. If, for example, you are looking to use Dapr for one or more building blocks such as state management or pub/sub and considering using a service mesh just for network security or observability, you may find that Dapr is a good fit and a service mesh is not required. + +If however, you need advanced, fine grained networking control, you would probably benefit from using a service mesh. + +In some cases, where you require capabilities that are unique to both you will find it useful to leverage both Dapr and a service mesh - as mentioned above, there is no limitation for using both. diff --git a/daprdocs/static/images/service-mesh.png b/daprdocs/static/images/service-mesh.png new file mode 100644 index 0000000000000000000000000000000000000000..f9dd4eb4158b2b864dcc7e2de4021370c7fa0c14 GIT binary patch literal 60762 zcmeFZhg(xwzcviR2qOrLV?n9oIEoHUM0&|6Dk=gZN|6!}0jZ&fmIMnRBA_C@*#MCe ziVz?P0cp}Z0YVar)Q|)SDUkMtnR(84p69&pKk!|L>*6A;tiAWzYyJAV@0EDV(o9lZ zR$NF(Nb>r%%eRGu_6a`zF!a+8f#5&yQXgEiMWPRi{dD z-1fTe54`3OA|xc$w)ZRC1^Vd+mR4uD)9M#LK7OI)4|w6npK5AAfk$cEf`DTc(9;;>gd;={g^7lTVYctYA2MKfywx$Nu>w z{J)=q|91|A{&x-pTJirMInV>e+rNwm{d{@}(_DQw)K+(@}ms^FF zCDOva8Sb^+a=3Z?#tHGn$HD_Lr%5ltdu?xPvd+J`boiHjB6%7&Cr(iJ+Wz#=^f(iD z=67*XJz!S3DPeD9u|4;DZi!o8JN(zs5>O(09n(ABygU5<<(a=n7x~wK|42G(diL@O z>wgAldB896PY48^-ShJjS8&mr4kw)(HKmo!mJ>b?Cym_aMvyK!ftG{AUVsZtj+pAg z0pRq|Esg1#qJeTp*;=h@r~dstG+otE9<4$mLcg1$CzY=q3z<3-&zf%84RH7pvuFyk zV$((124bohj}w&hv0hv7C`(pY>YOo=6WThGK5gmjtS?ti`qSXwUocTPWKK;&U|4@W zxQ4C7Z4Y-X?fd;{qudl-2PicP7Wx-vC-ln4hTl_la$fZQRJ%CvrgO-G$z({sOny@v_v&FC-ouDr3@`ELuQ zEZP^R3(I0k3%$I*W>;}9k_VDo6R$jL9^t7im2F(NZ>i?QnD!VpySHmbBa^7>IuEDF zg?SD>rb?~{1UcVgf#=~$@;kZgt24B%FWE^MH_{{}<#ZFdVJ5%{&lCComp4CE2aZkR z8Q*RHpiNa0`nALF*v9l0FwfQH!B2zbohNEb>RX(2zJIkwTz64-M(`R>*l4V1@4gW` zokxu3#6dbEQ*>W8%=^2z3`K8&b}jW6TVKhT=xrrRn>f~ZLf&~VN8OFs@BQ!cs4TkO zq*6S*do}-zw%PE`^X$cPzhV6w5te^O4CuU>^pQh_Z5Q2NUU`}n$rlpxE`rjQ#@S&` zOeVXZbYL!fTF zGnzWRK8JKI_2=?gU4TkQ!~n`t<-ZI3>u-j=y5sah%v#STus|=g;M(c$MGg~(7c$_P z=}Lv@OBW(G?`i3J95b{(I{4>NdYW2`{KdIrA6x6aZJtF$coKz#NS5Z;a6UaV?k>o3xj0s)yI#8GtzwrArbR&XyrV7$jmA; zg|k3gINk4{IvntcD8GKztv#h6WI&(GX6nKh#6%AKtnil|DXEDxD~C_wVR9SZ{Yf^) zWG-d>ypFxjxlsmlIlfY&;g!Qw(MFX?F9 z`@;J^Izg@?6>lEuQ@#FL#cl#*8E4^RT;Pyw>S^WQx}=s{5CdC_WWs*4W#pOI43M-| zIh|bv8Zi-H9gI79#miX*a4SW_kU2YF?D!FNpZ85_^sustas@5lO;eDCF#`K-ROzKf zyGW{5>P@ElN}pmKhN8Jv$}G+?KGpy1;7N7#_DES}Qx7Ud>A<-^L;tdT`Ql6Ytx4FU zb0_Pk|<55Ib z!mTShi8aWr!~PeE&}o*>czh|%_QlS6S#@o5PIcho8a)o9TV~|mm4YT!A~RGS?z@Qm zxo=7@d}fy+R*8eaEe<6omC0#Gk)-r)*(F3@6hw{yujY?N&o@GR zHP(&iz7iG&Aq|0sOiqGw0hIWuaxgi&#x-(IJzzF^k!aAkGB)1pVZm`Wee$#%y8C_+ zwx-J{k50(9Vda0kB=MQ1s0eOdu(9H>zY#z$bPdhlV0d)6gpB%O>GB;Qel-m1%)|?! zwN&lI8n6CXrW?cCSuSuqDp8@rpA`cPjX%i8hvO`~rlWhq>uLv0aI&t3G!$)MblmAH z`CDGE28NRtGEmKaE^QNkKlUHbl7C}SA*kM>2{^t`YnSE!SPrwCa&NZc)*V2MdvUp+ zj=8M67~&LX@iryze9Bm*Z53wGR)sbA2!v{4njqJ4(9FX1>b64umRYt9P@`*sdJlJY z7h-q5b|ohDz1c4)_TkOd$LTWL$D?K|K%wiq;axbwdIYIO1hfXbjI|4Zg|m9C1hzTw<~4z zNX;WJ+l7}?HjaTo#Oc~60Ok?rNhITOi%=nRgJnaJn_`o#bp6jd4UrIj1k@>36Q!wX zx5*-RP2d}3C_ji1X-@VRT}(71rjIix3W$zIfphT38f3%G5#?e~hR=)8^O8F}`DH-n4Ue%;)`bv;gTH@8wuDe}IgGIruK;#L@>_G44_6+PbBPGzrXVYjl;U+r z@b`aAdLGUZ*7LAT;Jr69jjtMW1}Tql9UvqSJOtVAg=2v7+CdEyP~$T@tqJKAl~k=JRv=6!vFFO8Sfa6=xlS5f19g z;klm&6zcxeK`}>*2%OX7VO#g{-Zd+6jYe0fZ|i@VqLW0#*6RjS@};KWcqkGWvpRKN zdD7Zaa>E)g#@p||t0qe}TaJHY7N=MqECT&V~=dM+>8MN6flt=J-0y=mqB zo{BDonYM)t8p|XIA8p^Y%+>Lq6)act?&s`ucb$NlhzSQTi|q4Pfa>;Dvy<+r5GtCv z?ScEncfmg?wAZ^N-}XqtbiJP}XD&k_+!5(zh-M-w*~_xwyWP7;{(Ez+_{AFRVgZ&%C|UYg zpj|?*&?gV)j4Ek4{{ED(u1%pKiFmgJ1t)l!%B0zcaacTcw0=Y=x}woF*8GI=twZm9 zv6Y@dzqrOOi2N1NdOH)2qarGxX(86D#KohK_{QFZ!ruDdf*SV>1>#PjmlV!3`=p$S zN%R%|PFXuC%KS>rV@3O#mGnlV>f^I^f4IjMO>H>-M1VYR*iC%b#f==&1f!zno#FW# zUBYZ2cTmcX`=Kq}N-=^QA~Pe0v_rAxlcJdvf0uUe*rJ|;&En^3N0M`@i97~^ghg-* zDP0d@No#8XsLiWzfg9{81tJ0*x&|Z-DfPU5#NuMcJ_#(P0r%P6YOH9gO{*;E+j^;5 z)dUljAOU<3Hqdrx0O~sSCer*=Kyb%v{*&cAUGtfVfSGfC)9*6@1@y1Vg|PG7UTrz? z$Pcqn3F&Jjf6guj&4=+XLtYb}ns7SRJ!|fdQ7ZXvvCcTcNHv3`&xTOaZ$AY>Plyz8BUWMAV ze@KYxnf&edCKeSo-_N@mCu$$*{!O#`eo&j@I9COD#jis37h?1xOQS=F1U5lBCNiMl zddP))XMJ9y!+sI?_^Zzc4$lDU!umem9Fu8gnewJO-9%GH^Q+aGGS7fx>rOZm`-0Ex zinUxk*?Kxo>@#A(J1+zMqt*MOCqW?@Xx$**Y$8qUMILu#C|g4^e{*Z-xE1W&;!9HD z6!5^tkyNFKek~aS+qNw}QIfQ)TMk9OtNc#&hA^hQG*BCt1`CWkdZ63GW+VCrz|);# zE9M>pdHPCF)?ALZ??)?_XtK6u3t}d?Hy6}g>Ur}(Ro|=MOr1szsVG{H3jAiCp0)0m zv55%=8OH>{*f;=x$EtBUyHPlpu3!?wI%H+E$rN~rcL|EStc6q$4Nr$UO}DR4ec|Yd zx>EmVUa`36??oG)e=8BL%+*G^B{*m58W8AQ7oW+Uk}_l%HuGRestu1S3<+CWv(p|$Q zpYhM{MeU2pMA7JH~d9Ydgl32)$o@UGvk-9;Na&Tsa#meqm%lV;S(;Rq9eB= zCd!~Tb0XB1+dV$FgG5YKT;oXtjYp`;xgo-$>@-h0Wyw^z;$F6oD6xa z&>i0dtgWb2HGd3SjKznE!^Qdgh>d5pbbHl*pdo|t9C}z>;pf-nHH6>vZI)xXfrEcr zaUDrl6^AMs0jeCiYOv9x9Iq70Mv5J2rmrQ7fT9*#0BAkIhzi+#!0;Bsv>gE>hWW#6t zJ1#n}VUJ=?*uL5A09J5@2YRLT>}x(|r`wiW)ENXJ9z!7X?o%TC#_e{za^k9SKuMxZ zXf}hV(yO7rYvZuHW@By=8NHZwqRb4|u*Q>H=F)f?9#JcXDjspxO69M!VW@4|2k5z0 zori)9%wEK4qeVIuu+Z#w(onL2Xd~kq=W0J^YhAH0Z*#VRrdSYaP1Tg49}l6l z9U6=X?3-f3oY+$}`&2Ucly?YT*M3;pPRA4N65|u$2-nyv^H3{Ep2f6~uFT*$FGZVp z+f?DB4~7xV^oouo6|NZg*et8%ugXbIA-LU*w~?G}af9PC+4WpWr{c#I12~cKEBGg6HZ79`uY|$2x^{Y$|g&jm!MTpoMtXf}nR&^!Y~}d{J|`)9R5W zOjcS!ejo+4=pLFfxp0;G2R|U)p{aCkC?XH~P;eB|DnG%rxsW`EFIX4%>^f`13q0`sWx@`VJCEf*Lvzm@Q=m22?6l zN0p2_$IpsSG`pZ`QtURIR-AY>{=o6y0vHRa2&mn}SgFlo53^5e@Y|PTu0gf)?qRRC zmU2PQpX3`y*EhfMW*&T4U1#SM)FCi!o(k||enH>Tl&vznr(Q+en<`cRWtTx#QH&s< zzD6|jd2A2x8aiFkIO-XULHWgQpTtpBJ^GkUrUo!Tx$m)1_St+@>Ya5+X6(rny{}=l z7L~KdXRDNKRmyPUsQ_Ms!_PB0Iw8nV{oR!ht3R?c$OZ&) zMGvXFXKGKj;u#1Gm;C&Qijl~A zem^#o8(88Y7CxQx=jijgQd{Nqd*@nIGLM{Rd;n`0ZS%(zX$$-9^6Xh5D{?R`^NgPM zuY&hgQ+>ffi4c0DqY=SP_O-(hbU2d0n0(x%3pPSyxtK6v7m}tL|#?+ezYbgjGjnk}c z#{8sD-^{UzlA#Fgncr22FO>eU|2o(tRK$XbxT8Qz!A_{7#7ti5Q_kHzr9K>LvCI98(a(H*Uq z&!RICA5;$ef4uQ`9Z{eSooYZhtl80}rkF#zXJgIZiDM_+*ak(Yhq3K8r>{Q|wq4R- z%~t}#04uYMXe!b?K?K^gOhD#EPLxs)MA>9Mmw5fd*kr%Kg4S~RvCYBmW#U%1B{rEi zV9~}WQVQ3n`J*HmxY}VA$v7hP=WU5|5{iz;&p)VQO`;i7VTIwyI%-wdL4e`+mjh(O zumEf&S4Y%7yoe;I1kA#jGvli-r38=lMRG4AfjbFAi!9e>W4(u{Sd*uxLng-6V7?PX zsuFbDSF1^bsOQzW#Z;7I=5}@EYx__AivI`=!SAY-+4?zck2f7RP`)?-TX~X#kecB) zK?TVPN06K#_~V1mgwxb;~C{g9<^+k!ffN0ZlJ zLDRLDq$0nXDEfqB|7eL-rt_y&^lEW#`vFpn$ME|r_hSoTyvS_m%DaU2wgy<2cEpD3 zlx=@Vm>Y=mS(rw-{`?B+x0W1Z2V$LAq-iwp%}47mkJ}Si;Fu zWo`+0TmHl4ej5oZ+|`Q*Hh$4;5euvLM(}z&96QG+QY-K^eFsw2dhIT#I@W7z^cs}e zVKp3XW2R!t9ROaI_!Uih+G)`KB|nFza_Hg>=dpPET%RJ*h`E{Mq~=L`J3H8%+o&|x zlDyb;B$yuN6?57gF@|NXHoH>c$rO%K9e{5=cW{NvqiQl;m~rKSTZ(B?JHR^3GycJc zng}ntJQ(@?dwf5G=C=Bgd0In{Mz9hTeHI@R(gZ0V1C?OryuI?Yw}7=R15@B(G-8UE zSbN!AJ^nbvH)WL$8;E4Z&86|^FT{LPsCP#fsa>H;leCIg+GYg1kbBz4XXWqr41GS| z5*!4eG%Pr=myKmAipMJ7YP4Bd^x9TxsuQ36tkcqzNV?M&5?V$ZFdU?qrxK&V2bt>R zH)|Q6MgPuBKA;u|m^x27VF;^-0}Q2yeHG}{jYZ=MCibg0OY`I1GTUtmZT6s^rKWP^+Q2((`H`Y0@*}PJIC34;QY>_a zltOXFu-@O=&T>B79Q&Z{+s>eo-nz`7Rl|I5os9&jyc#7(^WeLDNaZiL6V>h+H@@2_ zpDupFQWa%nDtD%c&Qn9bFCS zD$5u8OzPa$4oWUa`)5TxZ2M><_uX0V8~soDV&;W=a2IsDP}13Zbv}0|g`{OKe7Y{O z4z)^mvTmQ3lGC{v#hFji;Ngfo&!a#3O@FyQfu+8p;E{+11?K0IE{lRlEYCpunK}K} z0dhSqpw`6VMYb1zEYZQe_!+X+rLy~okR5x;BaTJ5(@j+JloVi*lg~| z=^u3w z_ABuU;rIqGWEfxd%?sb?ZNEt`ei#G+T^!kRw{ohsO4y~7belOnOI&Fe-iLhbkGXz& zYclg_U2F=`=>A8CI&ziH_zlU8&x>JJGqn##K53_!RT#5~U0mK|g=hqAX?HnV&BP6H z9itz(RvK+#62!c2##v^$;Fo&Em*tJ<@G-%t#Grlvs%$F&|YsJ)P7x5dmE@9 zxsA56Lc+FpAg7&&_R8?eJc`mNj6O7(&u4e!08Q?M1cM;cJHE=>)1>Dmijg5%<^0() zQ!r|~^g}=ll*P&>=~iNvs#}S>{W^(1jKrTcE$b1Is2R&KZA{5*I^pNlL{ce8N*Q^E z3YDz-zIMBL8ZBL(96>!b6Z{6<+k3fyTPgI{?vkbB_k14BuJP!dP(cpq0c9nXheA%Q zC-+`+REcAHb$U05#B6D#5<}q5(nb$Ko9O#yI54Z*gdBd*H|p9l*Fa&!jTjE#t|}r? zjA@k`PiN=3fEJlvWsdg>4=c$BAd;t7Qw}1*a_9x}2XHfFn*x3@U5ESR3_4E#AZNlG zRQ!RIsevw=GVw6JF|LmIq4xwkjDlibObDF}q2?Qg83a0!AEMn= z<)G&fOw%^20`zYYqV_kVHWFHVbzpTq?sI0J*W@N(7fS2~4=Sq@^=hH!t%_sXCa?2< zrJ#u-poq;u4NI0Ep`=#^Q|HI)?Oj5n){`nUwM)${Hb%KzW8i2ow0E5W7tNw z;N|#DWt|^^4foIb#41I8KUiIN|30?dVKhp_C}ioTW=mUwbY|9b;k{6;|FO`jwL_F3 zk?096G=a3|HON$fi4cUWWYy$3tVbNV(7t^mWVlk-H+Uc1f?1SfKWLPBNhh@Mc)*BI zrjHY$2Aw8v!g}8??jfb!lhS@5TBQM0vSNwvukFexGS@v2^8xBU7cH)nEUP9OVagY7 z`n0Dj-O0c{T*M$cH(shNcW0_oI-wk2hMv549Uf*=th3&Lt8q`kTGW@@S6|ZEnHuzn zT0m0A=@38K)5MzYCKHHU_zYz6Y#i`ms>opZ^D!Z~!(HYIUSiPX(@S+q(|Sn$EfG{q z_fk_oorLwDs)8n|?mBGb+o$Wcc+CJ9RM1TgC-@I+xnr}tE>AoQ2=41~kkcGW;_9;T zc@GQ##p-wGJB55jYnK3QS@Fv@?4w2-n#O}`n~a+DGP!y`p3mZE_kd`|K<3p72Mp95 zg8#BFiHD7QWf^`=T#$Fv3TK@E6;-?pGPe2SSz##N@6FY(xrggMG^L~WulpB8sF}?~ zPyX&D`uBE8^47q*cCOQ^#q5UZKvT_IAY0!0{>OgL6JNovdy$JhKid1jRj~VrPGRHYnbbzCWxj#Z(9Vz)*>D}|+7*t$aNesY zC^UfBcnRGYqL)PwapsyU8mXsBLqbO7;U6VD==+gB#l|u#H-7-^#@b<>|S~UA*1uYRrzG z$J`;N%L0_%@%+^zHH|T~^U4k>Ym6RYEcz{lIl~4#e3&&>H9r%7N?AwMpxLdpIu66) z&acF4r1)epY4NK7EehDLB)&W0!c8Nz>zcxI*;zIPX_fccN!hm2>1@CR?b!Vrj;^tQ zo$rUTGt$w3Mh8Sd{yIrew|VWY*&^c-@h%$j`L>9>jwd1SJ+B^>aCqiO&V?2?g!ijX z`azE*=f;)#fQ8Do&>-oCM$v|qcRGz9ZYTI4M!acK3g6;2-YJ(4(pttO&-!0S_AzV3?=nen$T-;1BH-**3lGV(Z;^vBRVZIj8bFTqhT=myoD%q?j%8Il_e7o zgDyQ;P>;UfW9>}jF&FsvLS~b-^N|7Iv3&l*Q+B-}c~ekJBv8hbo5Q2vISYygv(l;R z#2P4qD5#EKqUN0B2al#vEgd%&G0*OrNQ&h7+&q4-UsNv!Y!|dl!rx>5LakFOIyl&q zF@5<=ZF+}s?9p{&_rH-0K}-1?3a*=-O)Ks1Xze17k-!IZZLfQGmWl&dOSNpT&g&;U z&o?lUR4ALuYY|~SmwBB%T5MrV-af*8Xp?WkcKX!u~2B=oS6KV zGWplX7B&xwr{`rv!Ywdi-|`*{6B;}m;M1cC1EiqkAuhm?26g5(xg`}GJGYn-zuRQi znXeDJTXlWT{BxRaiydIstt%I}8aO^GMwrAbw{%OEA+^i(>gGn><%;?5-KGcSiWSGt z?R<;BZg%0O9%|!zNGn%yQK#|o zdXa}{gzE|@(Yer}=dLYWSbbXHqUr-i0VS%@u47-pUKRGocz2C9(IVnjM0=gbgvN4dlnF&Sn&nXnkvg&APmAd|7_4 zvA8H}ssI?yOAVR_VeVCVN0FzK<<{WryRAaK``$AZXv|N?Asd)f!!7nghngKhs1WNl zpN;NxX5Jyk_sf06i0~a()~1r|6r-_70E^zHE#?dy-C4?M1M#Qb@IF$cdm)o*Kz1ZH z$31F7p6x2gyL~MooLnzDcQrkgODqB037K}+F4^V+mjTT`SzmeP7kF*~el>MPk^W@@2}^V%)tx2se9DAz+h_Aqj=+ zn+slr(KnWUtd%1~E+-o^r>|i4MahX64IY~nF`&?r3Y8ikba=sz*A8l%@*srxR2Yp^ z3)>x43PW=1BWV(_lQLt9aV9a&2R4@XJwa3lK&YD~gD#sql2$-u#P+6@RTGQ8staje zKdFgM9V^)CSi7{Tocpl*wW^Xu0XPt=E7hMf^G1O8jxN zqZF>CA6TvrHuxXZjqW&Nx4kmFkfhQ4(!>c7fFHF2KWpE271Unk8q9>qsitvXYBx#WBszoR2nk52fcW^*b9cp(B|yy6avly8W=wd51#yS)(5mIQIj$MC}`x>DFd5BhPf&u|qmsR1%Scjz$IX-(b$!^& zk#ahXmyV05HrP&`THhaL7H(-hdaNjjd7Qc;YJVo|)1@>+arm!{h9uf$MEN>ozpYNz z)_9XxCp2vFt-dnm0+%Htz(UNtDFhhqeDXT2M4S13XxDg~aT6}c z;3az*t5u;)V^Z-=XLMVo3REG6*8t^i3Gg?BT4(&%D{*16vKb1&tPwP>%RjcGs|QnN zHzo-KFTUby^O6R2j2M}5W-)ME&*vBjS;;&DQnw?mJoskZ)500!a|OR!=Xm*pD13J( zRat%$y~)IHbkua@4pQ{!4f!f=v4VOo1A*?!kD@lnB*0G7=-7j6^<(4OelAET*IO50 zU5lmqP76F&sc-)YXI}=ga;YSh~}U03rh_w4H(?lS!KmEX8(_d)xD zu)8$##L>knsr#|glrM$HW;YiQva@oarf@->S7F2hW6YS@No=Y6Jf63`n5!$zzKF0k zB$z}c;LO&Xf#Vc`u0h$KoCD<0rc7&OKhW^qhS%rT)4KSWW#_sOit&+|{ zP0;wt<8I4j;iDN9E&$kS&Rt(!ojxvAkblcRfSg0mC48*HJPefZ;UT` zB2J9D3v72jv-{JRtjQwtOerN3CzpYI-{vb5HQuAetD`06K_`pt@&sFV?(IWs3a(cU zjC}DP-6qv_Fs?}i&kbLBta`-kyX^^qgUY(#JyPY?_R&F0#dWI2qox?wCV=>4=tsdC z{`e^xkfds``Y~58{?YT=JDAyEysE>Lg#017lxV z^Z;g^JB2d!$4-O4`>QyIwjVTe3LU-@ZblG)T%KlZjw)()!!N0o=>|B|RtMNT1+5}E zWCy^Cwp({og>tFufxr?|kEo6y z7(cHnio2^O8I~(CI6jsrHlbYzb)Oupj9{55gSo?r_>_kAN6MlH&N@wf=Xbu*d(b0e z28L8GJ$1q5Gag!8j7uoA*)nVaz0R1>9ErOVg8KfQ zC2Ukb>3#(1Tkm_~jZ^OH?75p10Q}h-k(K7}9@i zz`2Vu;vYJfTL@B8o36mEC?FHr3P_s82mWA%5hM088X#m! zAb)nDr|bBu8Yx@{wiJLI*rJ#a>a8rcF=`Cv&_Uuv?R!cMPSq|745G6Av`f7Y5z6E; zaJ0{5>Tm^sWrq0u4v|C1aUqNWHzTvyMa}$UvWdGT_x|{^NZ*oX?i5~QuwijwD%J0y zJ>otWg@J6)LWXYVWI-I-mN92IcxwAe+0%-Ijj2IdPem72$A{8<1_P3}d zIPuE;hviDOI@B%m^oDDT!%f*GU*|gM=!YjCGc$5MV&l#y+=H4uMpmdwQos4O`WuOG zB3Dr61l1W!)t)Uuy+M8I9O&+x`8zdyd>@`Zw?9n=#5IiZ=(RI%-kr1THBkI*)Hh&t zx{79H$J?C=v*Nig>dX8Hi2s5sb}K$JqqpL`*(Lz=H2bAONKY`!aDgFpNJxnTD)JTz zb+#dXi*sgJY87e37>r!dP4gi7>*SpB)t+`dIuf6ZOd3f#1 zXY65-Ke3JBVDdhQveWL^3oRvCCa`3NpP;C5B*TAdl9gTV^m02*Vs%)%Y+{mVt-)IO zAuN|3JwS=rt;n%N1b}-?arv7M=Wy?=NRC6RxEO2L;_5^N4lJ@4-0orPwt6)H%XuNt zjVDS61jTaowx*SWXv!8OY#CtpiPM--XDQqzkLy9Ru%Q`Y~+q$GkBXy z1fG7-Hjr;fqK(%`aOd|!DEF|~@fmcgy#8&;Dm}OE!u`7;f`Zo*;R$4M0sC(IR8)cO z<6n5mzvZv;+$zk|lAo%5@|#z%ibx3O04ga(~Y z``6lkgl)`4cNGSXSurQA{TL_m4dq87`67l#p~4NccM1lID5e#IwK-=NIs&}+8LknN z)$G>R*$jyWn`{f|R|$&3(Sey#`37VRlYmqR93tQYFp*o|uZM;C#7ZcY%7j}ZJP0}7 z{A1B`qYLWttf@kt$$Zr~NdlO3Kax)?kUn6%%N?ZPoDlDB-6&a=+ORcY`?tw-9iE{+ zZF@{)8<)FndB^Plx4l1U1MF`fd8P;OGGWn244y#wFV-t%)~ zx_`&()zdx@vOK-1>79CwW4AnF9}s@`~Cg#C2A}t99G8Biu(AF%CL zG0}N{FjeHoyfKE($Ex zaZ1OfpxlS4=x_tUCOnMI24<+MaVkn3kby#R&V9MMOo7JhRV_3}Q_$ummI?-70;~`M z<`S5ECSBL5&YN~s|5|N$tGJ9}%JfK8z;>p_b}qE-TO6O|V-aXr)Ew{~<)w5ivX6F1 zof~Ws7=qjkiF#Lc=`(9>C;p1Sm~Rh%X_Gr0>YX*&=(gS}SsUP;wVf2N57Q*Qaow10 z#R6fFw2nt8-%>SEN!i~6945epu=t~~!twR@x9ms-1*q@E(n~IS8?{=yR)C$3Qe})D zc?Rp*lc%fw5czevIhiCJ(biyB!`($?3H(RIGE`xBiLuKa=Fn<>0vZi&mQ-@ zIAJ6(xg#5Br{V(^g~9^|rgSR(_x)7_65y*3@eEd~+9~lCeut%(;6eUE&bo! zZZMx-`59Z`So@&c&hz3Ui#WiTnkxQ0q??^;$y!uXf+0u=hQCODY0m#G?h))5#5=E z>w$uu1S#IEao3LQ_lG2La0%%#=8KPgRXJnsl`_VN-lW`>&u!1D_0*92P0Qo@#_Sh@ zf%+|bZU1NHz-?x{mBz!YKqphOhV1FW;d3-;N%Ma2`J6@=nnxMxIJsR9DPZ0i%U=I?Q5O*LDp9|@=Y@b~hSqO<~bc5lNb zRA?P1a_N_5*sHfekTP{8sJeN7)LBzWx1X{#&TBikCQ1mRq2?=}n*$$d=0SWjIZ0auS6Q(1J~W=+N!9FRN*k9UR`h^Ch z{70SoKdT<9&>eLWg$Z|vzn+fh%}5UJaBB1>ywqpD;BR@EPmkJ zmm^-=h0WLn8_}CU13$uNO$pmn=Z2_u&iE5gHCWXAyqrlMc<@==73e9w_8cS+wIi_b zIraUSBSlC5A#S;jtVi;fHynK!&6P{%Hqm%-Ku~DA0#0F=4wS+)E)7w%+0L*P4lDxL=MSYqI%FC3<`v>|v4V=mVV~3p#f+5KlJwgCAmZ!gV=?ZI!t?Aq7*v z>fbo-O8<1e7Q$v&$hta^1;9pTbNvlZLNpb)+RYOt3ll>(vYPn98c;sm~ih4QT2g=KZ2Ii4Gmp z&PkOTz2Yv|a)q}^X!;Y=gI0r4Uu8f&<(=r2-1Pki&I$dV`oNU?bs2V( zwWXYDh2yoB;+O@E5T#)+{_e&)4Dy`@gFF~u7@w|>4qgjM!%XKGX#GPK!QBFYH|=D? zV8KX{O868%KIdeBpdyXH%7=UP&w)9;a|kH83g;vBvooU00fzowkf|6Ec?~1&3*@-o zAItmYkhT!ge67QR zEl>faOT2&$4y_LBg8L|(;m!WGEe+ie@xLXvKiB2ry$xG+pIDE3Iq8sYd9IEs_FRG* zIQKth{w4VS+u5IU-w*c$JjpLQt@ZNeQ3ow(AGDvDd`!hj?^l|Yu%X*I0V(k9e2fvO zE@Ha15T1t&eqzE_jSSyp4UM_cq?MEJ=}&OR2mx=eIAX|S@C!@y2_K{ge))oCkKmU+W0 z=8F1Mjh1IDCO8-=^a4-{N%l3Hxt-P6bwpv1+xyn-P~Bp`)0>gx|KPL==yn+bxc0Q> z-mo9vyoai98!hC`wgwfd`_H9aEQHUndbW!oU25myWrzMzleZf}*7&1bS+D9gh}eOh z)*#sDDbjAv0E{zz5dVY7OvO@FrFH`0=(W>L6Y{4+9%nxiG&>aSmm^CC>i?6~`9eW;kHz}dBEoB8i@&Dj!Djn_*R&~5p`(=$kmaDY1lz)S zi?@E{8Bw#ovyLW`m)L#4-m27QI_i!`+{f0!$QatCihYB1`Edt30`&+Q(e59z&&aGU+ z^ut(*VAbkA>41Yu!*!k*5{9su1K{lJ#F=lG39pgFfuE`q%Wm)fCnFb4$q?`ag@$a) zry3$zkG0WV&`3HmWI%RfRRfp<S32Q5sN8oSK|HNNFROB2S z&LM0nOn@MElJbm3TRkojUYUu&#uJ5}Y{h;n(%j5ez6~ac%sfdCk<4q+|!6NzyjFZS5_%fKVm* zm;W^-{LSl5{ZmBf&j8KLWdEN6gh5kIKtv<7cIVE0o?Wj7x0lAZTXsYkZZmS)sI2K$ z-2x(638?BMt6H9U_la4l1mN()>B$UN?Q3WEc)4o*0yq|imQQ^qfc7-*mp}ABsqf|= z5U?WwKXm>0&mjIk_WbZKlQ@jH?j!df{s-Cq;r^MwzFH9apI>RB{@-5}Tjo#K9jtEl z{OoI&4VsA6`M=!S=9#dL&CepC0fI9H{*AbAAqZ8D80h{7$A7rEMW{3JN1vg^%9whTu zpI_Dfy3gK0D?&ooB>uX=Uq>GZjR?Xf+ZCt3zKH$uznA>KXY9K5vSk6P0f;#Z4prJJ z({ka>rAGbw^yf=Iop>7jDa{f(x8x`a;BG&yc9)SYd#QY`rTX>r0esav${_6cT5|N? zJ#P(!4K#|_R?fKknVJaJ{Ki(kVaQUA;PO_v6~UeMZuk2%yzQh?%(LSw_8una(ipY7y1(<%0|Aq*{P(FwIi0acCY0%qWp?I@0k$R^T1`#(egoqF zJhF1Tdn3}y*m$!Z2Qd0bORKb*^uUT?Soe!Gf5{dVkyp7MPEo)oG`R1U6StKB-qqkA z{_DL;3)Rt^ORbeaz18nBFJ67SAdsEwY!?FoRM*EWg?vn*H^6jdA;SG9o^6y){TuGawl?P3Rz)dy%oP;#uWQpu3NP}%sS94GRp_6#+iFqH}0%Y5sKm;5{Wdu`@6;)e{~S} z)4lH5_Y<302^ijnc6WjWj-P{okK15gA$X!n5yQ{QY$7oX7Wl zn$J=Hhq~_$hjUx|X4{cOiHPVSi56Xm5~PYcA~9n|H$)Jf=$#b3MHzx1%81^_D5C^X zMi9LWqeP9G(TVsTWbc!6-t4{4`~CA>-yg1AX=~ljmd+;KW7e4f6$nse342J2fGTSWyjF#Mo5ri zTX3pVVqw^}g_{ur4b#(Be1u_z>FJH6mW2tCpLgJIQx>-VZFju{$qlnh`+TB<+(Hw- zYpsTdtKzUr=0arfkQ=UiRZA{acVN5{8SwJz_v5WPLsreW6WQ_=#2bc7p)U(D8>1PR z>bDR(>Gp+(1?UDszjFd%^Es$>Nwna0HC~YSCwX?{j+7eqwD*gO+6U&$U#pd&jiLXI znTeTS;yK(_uOes2%E|%{$2`8%ju=QTOSbB)npkBsp3Z+PQL5rvwR(mKsfB9{D|*I+ zQW@74y(+tG?xceo7Oyg}yiRay+I+oq5B<3Mmh*JJ2^y8>>i#wCa_3KfPSv(?=7)|N z_>}NSq*z8}y!hRSrl*uKSWjhtT^UO3I%?f80cWirAQfult%9Dv`H5}im1-10>eHsx zb#rS~j7#7mo1Ua$3+Bb$tVnu(a8}XfVv;&$2DYk}{Evf~=B^RvP?iP(ixBX7(PhFJ zp4)`oyGHIjBL~)7ZZ`|;G~OPhwJe;BSVGdR*Z!>iPgKRjO-+R3Duq=nxVkCCjCa{` zT6j%l6e39J8_{1uLO~sCWFIzSGY;*27spqAmv{I$LowS?D#B4mZW$K|jN=T7<+q<;q(n z@VU*u8j{rc44WM3)jL~U+D5K&N%{syw3Cadt2{0?B$U4;Sov)XWk_Vhy)rvL|1e7F z8yG$MDV9fN)74w&lyuxWH@)LJ-W?+Jo;CDz*3Yg&5piZ3`&f9(}TSLCN#H1yozC`$K z>Ttu{#r9WP ze^QleoC(tPac&mzXU>(Tb0|SRb9o3dNqdEv-(RwX5)Yjj_&$*13uj$KrL>a2@SH!P zE!4W{miw$<6Swcy{35kwGwCAg+;lFpSV#NEobAC=WVdvd5K?J*49r7n7NqhekZS20 z49vVZs^OjCgW;WSo8cXJcUg5_;==>9eAz|qo`WRa6@x`tr}qFnA-%3vT*3Y(Yg#+U zOxwOxsr|D_DC=IFY42d1I(zfSJHo9?PnKLyKZ9Qxv3NlzZ!AdRq&%=3BK+f>N;XiYEQB7789hf!SU6p$~IN8Ya(0b*Km|$hJ2<_&f~*_fNRAr&6>eb#1EUtqvB_goJ*}Y<)HXIvIF|YO8@7 z;u#FPVRkanW^XJ8w(gz4XL#U0?RN6VeSNiVC<4fb_9I0$UOz3th`xkyo_=*+9#HUX z#pk9uY}Ho>+km~*KLU)&Bzu;hxP%IsjPgn!O>YJ7%$j_@qV^^sF4|ol2kE?-rY9^; zNaH#w9|v9Wx-OG#6BmDfc-=cUsQZAe089I`ojDm@LvdNOa@pP85ZTBqx>gNrjI6&V z6G~62LrW`2VVuL3_uAMq3%TyqHCL1jTsGV3;bNdp`aI($tt_(SgxzN+W=*(|5BCu~ z8w|`l&?u5L)9hGUBeA0sw{h%qRX>R;ThERyoj=f|MIOk(5qv-2MT;#aUu25$oB3~z zzQ|k_v+i#ZzIJ$eB%mvO$tU$r)fFlMm2P9pOyVdG_OiRT7dZOR_c^1S%t-DZ zpi@%UYg=;cyfccyPM_MOcU{iH3trljzk zV6HVlL~q#ZA~#?LD17cYT^+fn)+Vrf3iqQR1-*wS&cjksFaibk0qSD0J_)aWrEHrb zOlN#`y4Bv8{Il;iI&$;g5gKzrKRXllZljb|?QVrG8IU0Q$JV91OgA^LR+5bumE076jxU-W`Izo^CYcwRVo8=Yp?0Km5LkpWOua(GcqN9K z)}E6S92J$*+kS!aO<=6OHOO{D{P|0r=N%PsN}eK?LHLEjC#BJD{j*oa?Q#et_xxnz zpf;2YSv4Q*ZlikBS-OaN4y;lSg-xdSZ^D+1=N~arxeN;>(~vVqTEeEVfP=Z6OFR=5 zMy3ojXc!t(6g~*xh{jj&OvJoZo~t$ilX5&_>EC|oF*xgDXgQ@YebO&sR%P=P^VOs; z=Dwn4vAeyHUELfWbVlj{P8GbXKSf)~_Ol-e5Y;MgjhD%00!+!mCm}aT^poAbDha=M zt}U#INJI6Um}EuzET=g&W#P*{K*Do?9rrdjaK(BI7CcqdJhWs2NkjV@m-~75L4W9& zA>!blcN{dz^NoJu!;{`Elo!OI*=0j+`gRGXmCtS1RL-jb$tUj5l#{4CXL{&D;U(N8 zk%jU8`=D>A1imJDFQ}J6xhvj?ib691w5t*&PI{gC*BbOF3Z6anDRBpQUK}e z?>6`Ta&=ujFI9 z7}!EfW9Qk#jBC`*s|HrQTSY*OHhtuDQvS{9geXS&s`T4YBcKrObeHJ-Yz|^xE!syu zJ-qW)k`>yIeU796U7)=Bm_5pzhJ-(hm84$;6-bQ}vc%6ZqjhTJ&)3|3?J#P?LNET1&!TS9R!Gkl^EMc5!G8HDtcc zqyFO1i3Y)v%n*m1jf90-@2&M1)Tgq)WkfviEDgVl`62<8P-Yt9*QqzawQ-jzJM?w$ zjE%r!((4)22yqyS*sBbvZ7Bp!Mq?@5oxwXLY3-efsom9?OJC_=@~4@`+jYJau$Hf; z#?EdfV?bQ!R3Y3LBuyMRIc~& zhmMud3uGG{XBpy$B3>EESOPMEJvL~JXrz9fF2&M0^~ zAD;ABDB}qpuq;DIS8qDX0;hzEmp0q3;q=X=>qBh>y7Piq{jgzc@@PizbLT{m-xQtUc4NNYGo(1&M)VioIWy#ztCLs3}V6E*Kf`f%kj~o zKSi(^Y!<7OT|a9U!QuPCdHIb=4y9i2h@m195oFCdNI;qfszaywFu#w*!+`3SL~0Nz zc#`dAu6^mQrAWWZrV%HClf+|EEm?UBzOh>`!UeqVm6Q@9*;UdYy@wT@zoWYT4| zr1J_XXB94(S9ngeuDjFiajnyPx44+sUm*J-_lnhKZ)F_b7&HkYDu67wQ%t&6`>+RdII4n=?7P z8!UfaFqb-~Jtot&Y##G>o*`@I8)YGUvBB6h3nVvy_6-wAbmZIX&J#ECA`iNpb1i9K zCKg*Z3)qzX$ZyDR$(4xgRS2OU3W%Os2kG0ZBg7&3;w!f|TgTPyDDF^50s~vBWJeWBNv7@m`~Hc{Z0v^xA1juWLQ>i2{Bh zJ4)$10j^og;+Wvf^hlY@ecy!McM~b?WcJ;U1AX9gz+|`3^;@GR5a+W+s!p|u^Yu*h zWA53(vg?&Qb!dz~64A4O*(3szM&y&)N!S@SSr^`%`j zqq%k|7q?oLi*J~8bKa{FGIrhQ0MJrB9pm%Sh^ii23wR)%rFj`;EdS{mF=rMH#%p!F zHnOc33fzr-fk_+lrpQo3JtMIy?h6*-A~&^^04E_{&3G04b;!>7O)%D-RC-%EkM7o9 zedx=FQsAy4unBI}OtW+-i03H@zYy}|;z`Qk+Y&XX%*O><>cgSMh&S(sJG-AvBw5;% z=&oOdPMpO#jmS;(rG~tWLA|vYMso>`E_XYolK-tG))1=?X}`OVoTQav(-CfYDNu2A zu)(~bWf`o#=g{)AP6uP>cN6`KkJ=nubP9}kO2)`As8nn^v3f_&w{e;I z3(nx{{at_vvz^EV;mnF(zu$5o# z?01dmEG&p2FU3Zm>P#SfHY3tW1WkH`NlJ!j77` zG^}3sHCB!(tri3OQ5G)TA6a&sweTL6n|_?g3J68e4Lj$9zBlSQ@2kWSDl2@Yj3w}~ zi`lj!C^S?A_vJc|jW+Kg^%3jgo9Tj)X8X+ZZKV9K-f-n8Y1E2&Is(4K+N)~yF2d=p z^|V*R^CeBa_1?khT}~Yls|M<@G+daMqzs^r34^p;g2R{iMy?qJ-d~tsksnL!r(D8Y zk-NQ$qO*Es<_xyb<{s8-hhQlSG0uBW5tq7(_M<5O((-7Bh?FO;1L|MH9;<|!`2O5i z;J11NsQeT4eCVzB{lCL~yPg}iAj*V3_}^E2VGXG343BPc`chtCv5}8*D7V%WDfmDh zT=_x1aL#JAQ(g3{ z3M}IZgi1uyjIkm{6Q%Q*E8WLF*TmuPR=!9#7MP2dtIE*=l@Ryeia>LDdTo^5o?wmQ zXwcZcGM3XuwBQnTH#0oR_|C7Dz=(uj!!7SAZ3SUS=nSImQ5T3)cP^klZaC-al(BvA zWsS1cZqn-hk#p^8S!6;tZB(K;NpwwQUGGLeh%%#0#;r|gDy+1Ecymb0qg#s_ZdFR2 zPWD`ejOul<^BlTS9qi^@Jgqt#DZ_`$k}T^JCv3dhqD@G0pIBstM}Ag~<3Asj4G{U{ zy-f65==YwNbf2fZ8rNQZNc)}A1BJqq7~^MlAH`U6&b`y#+^Uw4_-^Q(kP}2v=+w1Zv4DBF z56U7WbCv#@Kj%ryvtJVD%Rlk~^8kom!|=u;&CTZwWo`O;<9R)X$RVQOM%j5CC+~W_ z**pxcQq|)cBFTR%g`M;kPRGjqZ)ql3)?*3mi@_%^P+-PG*tGvwK8GQUMy1%&PyNSz% zY&w$M>PIWnK@}(#*o?iu$U+MQ)q^k16uEd40RI04;?E`{$?e94Oa}K}8fDlO-ZWtx zU!9o{8};veOnBU9=!5E6)YE4sugdg5`wu+TS*@)8@0SKRuL8}|2?JZp1%dLo0Ca#_ z8nAW;h~~eUCRP%>sg%HM06uZcP4&@Xt56t_Y(0#}xhyIIK)gKXAq?Z$=Sa($e2L|e z(GN)$Z{{$9D-nB%N{s69Kv#2L>g|bq;>cZ zglJe2$0!Ecaq6%~J{#;r^9?yC1*2Je9wd~SzSuO6?qsQ7C|7PE)udfepaLS4UxX&S z095Rd%HYigaJU$6C+YRD9;{Uf?*p7jJyF%#2YmF7FNApk!e^vpCSGUkRj+3VU2h&V zuBo=?UK>rmYnP^FZvRww^U7Gbi&0q_JJ7#2Qg+DkEt{L{UqiL5Yljsh?8qAltqwtrS znw1U=;P=4W)7Px}*t%~^7wI5&=ba+<+E#WWo|NnMY&wQrYWJG$Fx$*Dih@*eJJwY$ zlp~^v%Yd}zR2R6-@?xcq+AktIJQ1+Gy<69E|GqoWB(_FVHQ?i;MQ0 z_xl*?9!Hv>Yjoh$e^m#w+if{rCLSPogOh)$KYg~)5j21*(GC!z# z+SRwHMHA-OMT1S4uXey~F**3(jS9Zupy;yKeOW;HUDH9-J2~IKi)@iI)N{7&QxB?W zoyudntK>zlU=(4cx=}mJHGmk{s)7k8FQ6mE>NfS<;q^<;X4IRI;%0YgnZI6AwqkwC z{Uz0e2S^1hQjYYfO>G*LYgidIEWPZMMhxswPZj2^n>I89FXh4_l5Yt7Z8n8>lyopgM5L(V zE8Q!Nu>dUdIAl7W-|pQgJ5R|G%@AuJ9aYBI;YRXjW#fWm8b$3QbrbDv3jK-J`GB6t zb!+5Hn8p#GLDSq?fx>4MENh`}9Z}Jlz*{r)cjvuBA6%ysx5c++l5ly*xIPo4*%F}? zui*X`@GP_U^m6D@(BDSaAT)9RT zfy@wPtH~uc&@o5hw~F%u?SKdy>qb&A3)shfN4|Nby+<+FGBsXN_-s`KZ;w}2KLq(j ztS&NUX^Y+TAXf5)LqzTl0B>U{HQ(0OPs*zxldo0Qs%qa_mSYYnR;<;!6N9b#v{~)h z>Yn?DKl)1ui?Al)?~YWoRX(ewFjGFJI=y?LYHoR4*#U&GC@$8qaUJ_j&zxR`)ixJ! z@FTg{@^4%O5w}07hnwZ|$wHebY{52{JUM%qa)(bW7;C$CZ*DfqF{h(ffQUY$FFMAo z`KGsH2Ib3^P-xty@(FEbrNHbiqF|0s-9-s6^eHzwav@JXv2L~ZmS~n$T78Nw&R|wU zys57Y6Nhju6GTP~qUE{+W*GH&*;QxV_qrETa)umvfh-@8()+6<(gvv}Idv9vL`S|D z0X5Km+rpL?87x>Syv>M6osR$LypXrrc?l3q)X57ufbJMqo7!oJJVAqAv?4R;Z&O?V00dQt)G=ln!v4U4e;4B&Lb&LQ zByTv6@hcd7tWiK#;vXQ+OJe!I_eh6?FpQg@CuKmKBW0ld+f>JYBG><*_<|DEI*a>Y ztI&CvKl?$&SZ7jLszOrIoEXmUFS5ht)x=yjPasyn69*yR&jTswpAAK!TgCg^od4dY zK=zXN$Y<~G+>srX4sQo6nL$5gw-58jr(eAU^38hP7OoZ)S7%Ms`(#K)UZa6z`Qd5) zBdZ;jZZ1(5X$btc%L7C?h+*x+w0JfhlfnH5XL@x>7H6!6USbkqO80>`gN#pD)HQ`9 z_!3(brH@^$JN+l9Vb20l7IK{LB>Ef-5frOC$3H-%%uNmh+f!WCmg1dz*kg3cDS{w^48}}#y zE@5-Np>#>!(Xa)^-jooQjMH#UP8*iGQPz$VdDDW^f<M|)#=S)~VkL~F#de6-Ufr~b1B7@0i)2q;@Q2~qr`_%@vf z1KYv?1%zAg<_2HAFA=k`mwE!tCpH!7TR0UF&Bj+ws(D*_ zOyLsh>*f5ztUl7mMPISJ|wt8YfT?WH#IF zPf)qjN@*tMS)Ty@KAH4wZHkh19P8kFI*-oycx%ac3g%(7_?|*rHV=UuL zf$@1cH}zqv`08+^CE9;4nd;K8>=934|H0Erib5_69YwR^GKu)3(s}*TnCV63g_q8- ze(4~n9Ig6g^Y<$5f$@hFENW%hb*kKdFw>Xb`L)TM&)D@TZr_vk!_Y- zi;^;b;ttqJq*oNaYblH zt!8DGNY_KY$A#$a_M9v@2u@1SHP^{Kk}mImNEb<}8HIxL^Q33XX!EJj!eWD@-&j!= zQpO!C5tnD!w}l7g?@Ad-}TyZe}?f@i%Jcw9F1$IHY=RN>ucg zLBxN@g&e5)bWrs4hJQ^38@4b-lt~C3oxzUz~#JEhZZL22;*il%>zooP&wh& zP(U!4Or`T2=5PVy$4~B=kn?o3Teh$;w{J)~y_y^R)T8CEkkVm&fz?eOFoI3FVs?#U zi)d2Ur(FhSks4dmp+Q`fucdD|Sellh#XlN_cLPM%Tef+AhR-SsX)R2fEUs$t5O&9s z5{d&Q0h+}*+k@g6R4&B>oDh@A@bAa z_goVf^u5;0z_i zI<{~6P6)f!z=s@N=4ux6_wQlDEvZCj%$GdeL3HhdWd{w31^XA5J(gU1W_8VR>m&h% ze>OvamMK=9x8|01y2JfC?KQ41PSIoBF-hO;AJ+QzE8Zxq+ET}Iok_?Yl>ym>(m~vc zqD9l`mE9u--KOspWfwJU7#awDbWx_SfCpYpt0 zh%%-ngFG<9go1@uF3NAl)y8sgB4r4FhKhw*3g{e5Dx3fIiARg~G5wNv!J4w3xzgx~ zAy(55C(l0mxy2`gqOj#*|AU&0S0F^`tQgs5wq*{Ry^<-0cd(F-vNUj`3>HCIT783N zu0IFbo7xN6M25!t-T(ZdLTjnpWq$Qka@X|24QET2hK8iB?%w{psbn42&=X{noJD-M zI6zlIMH(7dn8lx2vasTbr?gT!wg6ixX>=3^%_=99HMHU$Sw+#luvNTNfBDlgs(Q(< z?&k)`J<{#%vGuJB1@Fql>SA@JTSna%jC-2)^dVmk$HRw7)>EGg^0Mhj=$@y70Jt++CO2J z(83jw*IFs8kBeS1SxW7;^c@Dlx3q_XpH;KE#J&{KI3cZHD%Sr1Hbok*iM|6@&_Z1| zcbe&U0Xo^VwUW0ZmqqktlqLPc5m`)2$hLGtND}k3vGN#E+;66mbmO_BeisBBtWv_zq3&W zRdc*7AcF_MoU%+U-l9WMqrPb8UXh{i{Itaca7l1{NNfvE3{-2m2%@BtCX&Suo~=+u zGhPmT(HKSpbu6YX74ADLA;}9}mU6mhV;O)+WJBQOth#rsI~N2OD^{j|H*z;g(7X<| ztr}QxefSgC-l&l9+tFafcPfRAak-(92ugoS)e^ze%jT66K<8vkpko4dX^>8~UGGVP zi{$0C&46r0@c{8$rfE7VDuk6)&SIEq{Ipy}VrZoOS}oal3f3#{As$)lU=*bR^q{wxnBXSX;{g9oo;aP&vHt z+ZpUaXN-KiUXRs#3(TbzB31M06ZuOWrV%)(Cf*CoH1(k+ie4XRwg$E0KvSp-G0p~( z5d)`_Ft^UT?(0JFTxDW51M+aMmOPC0Q<={j?*?#kKR5YliPy0S)dpC8;W=#a7LOg6 zNWvHdVtisE(TEm{p(tl)CI*9Fo7%v%1U~?~CInziZUSBe!X|V-33E0W^GH=5@0Sns zU9YzVzvUBJ22Y{Ju{a@!YxNX%0Y@N|(Yi{LwY4$)L=@;}?ms2TC7cW86XHuDYa{pP z6AJjTfO#mU#&KFMUCA|}ir^HKEdxKR=b94ET|gbp=~`s{3_}VonQ}C7a9t`VocryM z?f%us7bjLnGM4CQvm)#~a&0l*`r@qvtf=(uO5*&)Qcdw_I@#`MoMM}i4hdJjx;!J6*Jzqk7r z!ir=e@o2u;a3h!joWEoF%##+?O%$vv!7N?}M6Sn^5|aOFa%&ABrt8uCBK-L2yGh!% z8!s&>SJ@vvT&K%2(y?kxu%Z1xBrz1QsHao+WAI`M`zJm(Y9yks-skhPAFnFG7O)os zkGazHil|-4vPz#DV*rZp#(d}qh;%m+2}~S+`^MK}l%+UQjA6lDI-ZPS{FjLVRGiVl zu8`{2F6KD_N`W^Adfytn_xX}~#PYLOYp~1)3zmAm8c`(ua&nY~i)ZPfF^g_FdXo2k^@GG8(9yrVLdW<8OM7NascuIwE>Cbk(NG%c%6*N_~BNVwz zM2||G@XwTMuO_)rL=BE(e~OknqLEwUUuw@NT=xiPc97oRw^nd}O`T>aAqVdP?z%lj zYq6B44!pGqs7+Pxmq?3~t~r4q#_`k@&NJ16-l|*D2VOH;vnw@wtag)!!(ewHi-ipx z&8%B(z-z&~AMFd=#dOXbJC0!4vHN!^0O9znWGP}Yt2*kOpZMAw1mzN+8Iz}T4Tp^3 z+(QPzHi^K4cT-}J^}S3h_CSX5iL{K1-8-k+%MQoOUhx7Co7Otxndkd#Dk6_P;kl>R zP6)rE23iG*9z|ToE9bLtY;NZ&pY#jO!7`1fj!_Gov)~m_l$K*D&Qv1dkKCDNjzA8} zOjEAvFT0xVEgism_zu@je`VwGIbi@k)|WF$U_a(1$A}4;;U#ubP3StkTUrZ~0k})2 zQH3{%SWsxFU>k0gQctQmQeXl*{QruQvAVk_3u4*=k1<)qodlkMXNwF5Uqg}BK%%kxX`7 zc2r3tTc$r8zv51;END&xR-W^k9jmSsTsu}bIT_20OQa&EJ}|(;-oKxF{o`lv9{q3c zHsVAklqlYfViEk6894v$=i+QVBF%yXBlIq~swT;EU%9hhV>7T_&{6SGg+LC5c32iY zvU#OFr9Mo0X>wZY$OxiYS-dB+GOTm5B-e7+{>P>kK2hBVC2jYTh-)UoF5{(mx{8|j zA@-SdOGkrcDWYxrlij1vV+}bAB0@hjpb^jjB9f6NGUoAvn)#bHiP3ZJV|z6-s&^sT zu}0K~E<@FAeK+A^LZ!gA5=TLP8|H`n&jRu%rm$sR7<2lfB|xf4lgY-@r(Aq&d@vD5 z9UqMWWB3nIdH|v%A}tS{uF&tYDe%DQT;c3q%yOBhJ(^@gs$^J`uYRfg_+tbpupsU^ zLmd&i=*AXb{jmp3>2K?`B8KbzDZj5`fczN7%b?rzA+k?&zg42OLFq$kU%UB^+#D$3 z{wUpepJQC?4>QsS%*cn>TG><7BWc!4j=|uFqrGl%l>&7?@uTLLA2Gb<4(< z-OOlAL{#oyu;M0RUAA*S=*-P|R~uBcV#&Knqz2THkl$YsIY2uf>-?<+F`!`<702AC6AxWPXCMLo}OfY$>R|Wu7payn}o2E5d49y?&ef=vj_or(2fvR7=m$5 zWOTJD3Blwm>*6O65nD0fTR>PWLXg)sHu_RV^pkdN#~*8#1#rtbNv;Z`YQ{#>wpg|( zauQ1i|I{9&I=&Abg5h&BnW}CVAyf)#xi)hV@brXTg{h545JDJeibe9As~!iTQkdG+ zpM!9QIb{aR3}&d=_%``#J$TB4lJLqq))%uV zcf>~i`^?M{RvOoREn!#x36?4Miy@91%j3d35nK4`BhC6PDQGUcy6}JX+v>qavKeJO)z~k(y%tOCfq8kL(f@zG&Q6Ju*`hxrVnyz$PB_ zew22bt&Ye>kG1*(vixF}rMZ z(m(7GxG2_F{Rz^VwWvdfd?#8|ERFKNtbi=)sT(q=7BiK7JCTIv9+Cy^hCM2zZ0HqJEvr9jrt}_u3;RSbsxWWCH&0fBK0(nR&@w z3^ky^E4e~R3eqr3Ev_m#dG^d3zx!hY%r;cClpbw;!1urUB{FS>PFq|Kfd6i_GW30Y zSMtn|=TJ3GmAsW__&i1OXvC;k(LI6g{>u^d|8Pv*O)2w&T&P{>@Gh&GW_;#i%_4qU z(Q?spoax?X>w=Bfw_)asS#Xx?9Jt~YC>})$eUVAc&vXly48Prcxk|`T1G?Fsan-{~ zq45j~?qr#6_4fxn7h4?$X{AMYmh?e<+ad-B#Yj73^H#&)2ex6B?){P}M5Kb=#3 zlgzvz3u>pnNf`vuj1O3ZmxYd+GE47&Og&qE$;fw0Y}~U8Ko#!uwE9Au-ss`!YW4_> z8hAplR!Z~5Aj5mB`YZb;4Nu(r7M98oqvS;;1bj4iB0$3>fC5634|n3d(O+IH-#|zH zFgkaUHX77{byrJuh~Z+BaALX@n0P^HwRhLHXwL4H*jNRn$%8PI$nb74d zex!GLEMN++y}a%&W-GS(34s=OYo!LIOAYTE)*qwJQB=FDlQf=(Q$F&_cC>OuW@U}f4F^H@H!A`%>Jnej`kbiMW% zAaP~}Al^7D$*a!`gNqfIZ|!YMbv}v#PYl&-oWuJ$P?jOV3Kd!BF&_+;46$g8c zkupvF026gpw)*plUez}U0Z_LmBQ(=TCY@h!KgMI+s z9fZll56T7Hcja=YFv=pupfb_R9(mM&K>y?k(C7aD@saF4tZy8A5jI?uv1gM0xa%?P zyy>Ay*V>47c5T5;WqGOf=i_oM&Ri_{q?2NWurz}dt=`0W$2-jIQYO@nEmJ$!P<~Qi zpQ&0);Iq1Np8rlB`#6@a<1 zf^`n+7nD+au(Ne5p3h>_BX_e8eLENhd=XAGOLN=OcYp3$)X2`>_r>I0t$R_V(*B#YRI`W#c94AOE$_-AqD))+2Y@?^S1&+o!_Eek_~ zn87(u344Sr`;Ij#z+Te6U2e&5`I}?xTw(_APP$ z_ue@8SmoW?Z!_^E|#CfRYLIKwh=KM(JY7vqFt(`Z+6$b+V%4(<0pz%TUHzBY-CWw5t?*V;(b* zE?O!v`0&OS?DP<0Y|R8+O>xG@=*i+WrG1V&=5|Ibi8YnDS8Mqm3L5tJ7Uk4d^i>jz zp#8D$KYfmPy4%&XDoifTx;1jMT3)|zsQkQ@ z!K-JBt77=-N;d;T%r_^-&v zkPYSpVR)PKprH1rsD<|rvnd5pGCDlKWobB3GEsPkE@W|+3|K!kizyaAfKOGhDeYhGn7#?`DuHU;f#qkFs!s3^zbUG zGNLR@ocGI^b3MO5LZL83IzXO^&cK;uT|UoxWqM4bE0#^^J7A6GO}W#NZ`1GUX*-;a z@wO;4w$ahM=3yWVG+Y9g%caMcs4E@j4c%_@d8{Rjy^(Uvc6F~HCV8VD_w3?0QX~2g z3r{~0C2$>>e9BpmL)%V|`W-8&<#o$A_lE^t_zPMpd>@!scFR9M?bI^!!N%rUiw4JJ zS9Yj{-nQ-I5^jeqVp4T02k>-!H0KMHN4cZp1^eQw!dN3IpJw?CtJU<9O&?vBf_F(4 zO*Di=3Ek4+smTcw+_*up0V02YRTqYrV;U|QTac4|Bja1YrE67{&N1*E^nA>X ziAfzK}1*2%~%&mCzEu>_>e}D-Q`j3!lB^7jl33sU!vb3@`{7 zF`l=GZ$i6&g;!d|Fi}a3!G9|~;jEucP*|Ap*fI@X7X8*g0xuR&xKa4}_-5jE3B3PT zesv0_2#=URh)sNvot?X~4_s3D->(;nia0iP*F1a}9lN~s{0rAp?xPct4-{;YrZs{2 zlqrMKb%8Gww^@65Z@>1fMBqccEmkkYy}A?=UciqE9bCB|X?5rp+P!yW>4u(mGa2(Z z4L`GvHNO}{!~Mf(ZnIdo>ov3b+)T2)JV$#hO7H7vWP!c1$IkCFiN}?Fen0BF51&iD*HU)XZ1`N9Q@AYb zyQ!nB(u?k5FB|)~y9{0yawlyYNrIIa#(xLWh^O7ketl7oZ~>F-mL01^TEoCQ=-Mtk zkcGy5y-&yY3G*2tI^b0RUU`*{DXjm<>yWgbBvyi)wJ z${w&&YrOqEwIiP~Y$p6_IBZIj`6({!LW33XN?X`T8~W}CUHnDODF>_Cwnyib6X`BJ zQB*#C@=+H$LxIf>O?mNkl?gBvb%;9^*GoeG0;dD+PG(!1-7vPiH{3VbFEsUt5ZY^X znUUQOt+d5WbuRtah*DYg@KR3Z8XZZ+)gCVdG`1?PXl%LJVQv-Xp`SnAH$Sa$%zZ~1 z#$UsWe<4(5)!p9Zk)0gv885jXNP6hi-eT#Q;WiuA#XOqiV}Q)G{}*t9QR_btJkayH z0Cd$KqBP*KG{xhL`2UFV06D)b5c|IhHv;rvM*%Af5DmkR&k4L*^H(v_AH3J-I|2^= z#PWGS$0Klc9XalsV$$nb|CD)<kA#6lSH4>kpzA?THwPu@>rNqH#p1|8Sn!|BIZPV;7b^lEQXW4mTqjgbNIE3* z1j)BA20SY1RS-j;oo{TZWJStD{`8H4l}GDVuXf{rIKNjHm?ca7rzms;^q|y=Qvyn{ z%2(j&LoCQX4}2h!^*ZpyMh87kWf}<&IkKm>YPoY{wBm-TgaY)`{?ww_kW`~S^R` z1G(YAZ$~lX!WKdL=oqcsAaS+7&2gWD7J;nSrB`SvR+&2OPHh9ss2%k50{@Dd2VRE z@Y%ynq5+80`E+6juk@sgX1yk+bDgl@Kje)W=iY>Gz#vL~erGWYx>)`!Tw7@Eo4wsX zr3Nve2b6^X{S|$NhbaKQ`8Q3K=~Gc=UlClXsS}^qfPexA=uW;CNZbQ#c%|mUQDSgw z(}wMzRt8ijShAwL^1~a38;4oVbo)}lqKhAuc`T)`^;gPH`*qSydUyek)qGohJ}3t* zo(MiCeXI6P-T z-;96Eq^=XRvR{|5x{T{2V>X)nLBCnAsta(pjmOPj$ zdmAC79UFi-W1}-vJvi7Z-12^P#}|gZjX6tQB?5Y~y(k#KV$O%O|HrI*fVIv?tBpFF z6JyrAv5%g5+TEnvd-AamWc5hBZ(Dpr@8q=N`(2Q~DR{DS4AjrbTg5(F;1}L0G=k2s zDN|J;?TYqNob{(?Gkh|Isd4~{8uiQ3gDEjBj1==1zWi+#uF+U1b+h=3+c?mVkj0re zXi#xZLTWE8OzDPzqenIY=s0ch+oxY;&ey37K zii2`l!^rswRb41cvi|S97~?!Hpv>^TvEj*<@z#UIAfC{P66xY9E~m^s(CFVQ5mI*3 z+`OQ`F3%AprPh}U#U`XXLv9^rMmWg$G66q zSyv(;us1q?k#$MYqU z6D3jlWTeIpD0l&1-rcgGY9j6MyWhqmfDO(rf)p6KuC!oloSB<#f490Agjo)SIlbFd zBrr-xY-Qvw;vVX31B5)95_ihf0_qqD76Bf{zZd9wOLgwBMIK0~j<8*V|2NXeXXO|Kl}D&FQkP} zP9EmoU0lb#-Lb(@B+W>(!&>Ke@DnQhP6hV-*Uw-!Fk&0+zw#*WlCBNE>)7%IP$^Vh z4~2$qr?IZmTSbrMQ=N^>OV}eI(UD&lg5%1s>FV0PNX{z46wY1v64n@~`mf>^(N%l! zSYFRL<0VYkZ4WI!;l~D|y50^oruf5}_zgI* z{?{bRzoAV2h-?4G43%}AN-ZCs>fI`V&>>;2zBJb-%6eti6fD8IUjWRCygg((uC zel#am?dDlBQ1)2tHp~gU7s%{66SCMa&E8GAlns9eI_AyBl6t20qHQ4bHPAq)?1Ga-K`e}zq*YcVHQ^!2g!O@ZCp$ib_82f-7A5c2labGM*f zWZnSn+uY0FsbC1b+|EyQcI~h6zo}9U)HuEMS$&@H9jAxu7mI58A3Cte9QpGFsNV6m zDkjC=>7&G?vM9p_tk9==b)z@sd2c-npqe(Je*Uz{SOMkAN9KCRIe=VAXFwO4)wJh# zfOsZ`tiatTi@KE6K%cdudfpkLKZ6OV&NdC6%F}GY4D>x;JCCpO{y_hH`;Ad?RiL;! zQ~y2bpM1wRRmL%GREU2gAa2o!gEW7z@t-xvFGNRwKd<7rJzj#2Ex14lqm!_czRd>z zMqzRNAv5{>$Lm8kwY*99d~QA5^b7~?H`(q719msGZogR21ox-K+_|8p#IMg+rs0lZ z+%K?a-IgBRlEu-+b6_*48y^dnM~zAVS-2XB_b=!guuQ^=G_4CKC1z1Gg#;O z@wkN>C}@9?I-$&Ffq(OV1_JL&0s=WY=BXfv+^+T{_IU% z{6HWnll~jk#|S7T)bk0mks4&opfP zO9_YD`;Ham0o;CDvMgI7DI6}V_Y>B;=xI)q`4~o^tRTA11~)~3JK1S;v}J(xK*<}m zqax-9oC?8RO?K?Rw2}@H8HZ}%+%U!IOOfSF|vs$VtigN-^}q{DY!`uuK+8j6o1_nwrE`uy{dsC0mn? zm9a4i6I;OW<+A{WptVuZ&g$i&~UIIe1*^f?YE;-=C3(BN$ha1xJ0Igk0AOBnJ)H6ZKV^w}V%}yOY|3=E00r^*Du-P+PWWHN3G zVxz@ZLB)BtVa;IcAg_(PNmp9wwFGMUumRO~u>DN(I$_mgE_Ja55g!5Lm$CTk|5S){ z!30%4v%(G)|gvr0y*;)VMy%Q%H4!VDzB zo->k*y$$*z;+Rl{jo!j52a+=Ur?Is*rA7c-|68S(L@J^G>c?ge|M8kya49F3FELs{BggP?J6%vJ9ze+Rr;J~*M}Oc+&&xceiDZdBcGHSVpnsmuNhem23uBiG@xCtama`&_1QNWW>x0>rPN${IeTrDTKqiZn0{*GV*S6RRSSkbQt~9 z+@*;O&i4y|vQwfWTyMsU4~Pti#fawcj4*9;B$i~&*&6S&o4!Q;kJH~9CuWiWA%Tar z@jem;Yx>=S4Dd=ITrU}s!A*ZfCEtIVb}PsX3xo9~90CS?Q_zq9G>(`SuFiKF76KU4 zL%55+eax|DYm7xezyK$HtCyK8Ef6pbF)XxW5bC@!0ty&HP}>V)RuUxzo6C zNUrk^Y#D-c^BvOJ6MwQcf%8pVsM&VIwdc%wgt8plw*^FmAh<%ke<6?BXS1)a;?7L4 zwE*wM5I&ppt;%Sgg@7I@Nh*Jx5L!)yi|B?6u@K>zO`xqOcsWXJeeL=r^txX*-Mwe} zc@xOkJCE>Rs1})8QK3c_w|V@los#<-eER*m?V1e+hoNU^7A}Zdn7f*0iPYCpS(1dY zNEvG|Xl?%6X}k801^{{geYk>XuGCFU(EyrL|w=3 zy#O;aOONm1X8rm0>`5E9p4%F=CMCkO+HV$lX5ifbv;YkyV*CEu31wojvf6+<@TI9ox%44=n$01Son{|cqZ9gwbd*%aY!zg2|4P3B+deZQIa*0WO z-3UTAOR#GbBh+=AFo~8_c3A0!o~`FCExE2Fnh{7Ww&2P~lsrOth`O>6$l|20=XttB zQncfBeQvr{k(>=Ts_VEl3F-Jk?c}^I4esgulXDVMKCAx4WVXzxy1qI$$pUUJJyqMi z;hUn7Y6mmUccx7hjyo{j&7{Pr!}t4rg8I2K7V`j$k#U%RX2zuYs#8%u%b6jIf4NQ{ znr|MPC8>r&b4Gs(MG|I@~xKfdM4`fE^N*9mE`zHF6 z2!qhdY5Tx@8VRL(?Ob%_DYbPh+sL!ny(im-0bei?^2_#&kx)Me-M`F#a`6nSlWg}} zpFpkWr5kV$Iyw^QeRnH-Jfe^C{^CrGNIg1|ajF6OuSfq%WmbB$1-#>yUAt3X>&YEy zJF00Wxn-_q`LZWQ<|E3`2%eph+seeGG4@2@)63B76YTw(gJ9WT0cYIZzGR_t_vYOv zdwBO!fg%#24c#axmTo4YPFgTuW_ycK#R--Of^(*VwK8X_Nv8<10$t&TL76L$pHT4p9dIhI5wcHD3A*bd;6=Ea4M~I-y}=7#xaa@2BBhT_O#de z^<(oY@BF8i#(Ic-!mDU7HJe4JppL<-%kvF?dH%zQ{E3AJAOFx7A=W>h{KZi#_x*?- zc^PnMIY=(qk*X%OnNe=`OqnSGkDs?a)l_DAgN9f6__6jUe%ydK`O9s($|j)M0VNrW?J&Ytpt#n_476&scC@H~*~B{@qEb`(u44<)bD4lUV_@R4c4YLfuis+T5<)89i+MS$8<9J=t4Xe^}5ONa%GiAW>sTFKxWC z3a8Qy5Dpticl9RH&y44(7o~;pO7ZCsLbj(h&o!gII>TJsDctkV2ZN)_k|{HPgaPfm zN1oxh9jvA>p`UNp7M0QOqyop<@w7vqs=985#8M&Hd7Yw|&!dgl>_-^}lcxUBHWUMF zLK>YGX~7472nCvty92ToRyexQIjmx0>u(S=vGR<-_008tR1{qs9 z;suexn$zW5hM=eAmzv9AaFr(IRa`<8XX()MWFMOiaapZVQ8a7>_uXwDSC(dN*T91e z=LA?>57M6kGxqRr0@L}}WR^Nw=W&R1sBpgSIC2-6W|RBe=woI%uCiqXMRo!%&j4QD zU&zZ4Doa9X{s}8RZqHVgoJBi}CSd#78{Muo6LRYv2c`-}^Vj+I&Qhu+GTcMWy#s4> zF1ML?LhLw=ETHvkz&LD)PTFRa~mJDzdwf@OeBUX5ow zK#>_=s97cYjQ`Vv95SrQ*#?o9d=+ax8DW z582k}+RBk6^nemX=tlY`awh}_SbUpvum&be?|63=KV-}=JTR($!|&uK1I_om78D>c zlU(G;4^Z9R!CN9c@U z6RX^-E3A?l<7b%9l;Rg8%LFDKQ4BZA^VL<&jIk$f3}^s=9%{l3Op1WtkV1|YYUo9K;3NE z$~5gs?rX6f2e++z^O>*7WA_K8Sz^aBZa9bfjdzC5DCzRH&zibk?J+cvw=ar3a@-VZ z%{=fxkZfBU09+tf!F#sd@{F$=hI=EdtA$@iaSymy%yP6-xi$C^L0nHNzVy{K>(qIg zoyB!QC2W1XWU+^P_UXo}O-Jq6ug~pL^S%1`kAIYfBt2^uI%bybc-L*GPjHFMIU`lP zGq!!4ll65_A1{230Gr|utMK(JQMJE@y6A<#ij(n;Zs&?J$@M`Z;m8{OSs%ATSwBG| zqUS#ZNE6S|HEay|Qn5&lgV5dbMqxWlXF?Fgm5GJ4FC7k9krLrB(W+WO;ivhwosXV%AGsy@(5!7z%G_1P<2_f1jDYB|ol!=jHKnOU@7 zPTF2}i!7s`9nLvv6KmDH5)ZL%=i1m>(4IYu^4DIeVxhvKh=m!4@;fr}{Ft(-?a}_9 zJ7rAzcj-H!bxBlGahVGx{tf*gi8o-%G^}w>1d@T^nJty@d7>7;;!O8W5&`ZvUAJs{KJ;qqI({L)tKDh(tN(U$_Jhi!M zZ*>ttR-jrJXr6s*WhRdc8peI5W8WhtYR;2B-IJphx1 z0Q1oIRb7`(*U_^5DF$5GM)FwJj9Pa`^(t`y2umZ8!92-q|4nqIS-8o0TLaI~Mi?E8lnk8=1d`B#$%O~JurE4zkIcq5DMC0nEKrIjAk zV;$C4_AY+#LvSFB`N$mL(ToVVQ7{x|HqZGRbmsskfVYo}CwG_7#?YIsk!_%YB9o42 zu1c~WG_`{FuG(Sc#{M$Z+y}hC8!KO^o$EEuUt~n<0btj+3i)HkKRi;}ioM*>5l-SI zXwW)f{Mf4Rs>hKEr$*=u7$_Z0@4!h6V)05VWc9{R^(N1&lb0!66@eDt!XY{Y)(w|O zVwlxsEYi)r-!vtt-LZ=@ynvQ@p^&8wJH#1IzG&RFy57-Q1x$=--ax}UT8C94prP}Dw zO-58XUgDTe)ROsa>SAf=mUKIB899X3(E)vMx+BCy#)Hu_63o7ZNY%W$-_QJ^vjX(7T5HU;HY@)?{J7fGdj7afT8NQ)(3Y`-k-zABg0Bc^2a0J|-~`h9DJW@01s#An6$3yAS`#tFCwlSAkt*~T{w{WMs ztpKk)wYO`zTvNB)YY69+e~86H~z%LTOx!E z0P;KnJ{U}5fJ%T&^yT|qzWvR|qC8yiH#Q|e0S4==tMAPZ|7Xgzhp9mjg&K`=RKAe>PAP{JmR8{XP?tzSGnsk{#f)dx}J zyQ1Ugdu*6E-v5*v7_J`356nqM*f3()5SN+3WHYX*4Qmu30aLXpeSbYu`6ENQn<0lBu3-dNQ)gfnMC1l8gJUQac5!#Vux5eMu4&Yylk?Dm9k;5KgXW z_%m3DkxiFa#9c2fnd&90@b^m*`#aMvFB^yJG@>1id3oQpi5W-am$03ilfClg`3T}? zlFU6OQ(YNo5JZxi<_R1L4Q>SpGXvFH zEGT$F*?W72tg~V@MdUpjbSIhZ85}yR4`Mdnof{Cwb_n*4YRwdPVuf&|W8hMt1Sg}K zd80a9#9Sh+8qzKQc!(7988JoyDds-B%Kba@CCdi6b0B4Ml$cy%AUCMtjr!Uf)i#6G z9m3kK0`G9ppBdB3l(dsLYMO#Bu{4^)|PG8uEmkO>dA z?h+9sHeG#;f6it;$Yf^r&&hnm8PkZ@{El6*J4J|rO&I?CW)1TQ1L-Rhj%^zq>KOmli|LYYPgK2QJ6m*)8~%;or7;5&QX^A zTY}ym2(DPcg3p?G`3xeb2-pSW*xB@~$BN4YSgB-Exoz01FvY03nVn)_Lk(5;(y4~e? zu;&Wj?7;NzM;78|FKFZiR!}}w0d--L9h!>Yp4v<1OHg{0o%d+meg^OQ2z))7AstO> zQ{@AOcH-l>0rg&lR&LM_05IXE3txZr?Y}`5H|_fznQ#9P(z@yUmxzA*$7cedVW7zW z?XN6Hv)@t!rxh=A?xyhw0OW|tN4WXz^ZiU#B$QiHp0>Uwzxm1g9qW7g=Rh~78;A(a z#%Jf7ACpUCo<)e15dp=ZZ@?xUygzTB&3>ARk#V018EAVCaJo?`mMhB5(+q+1qVz8V zeg6EEDC~ysy*rIM70?EZ{y#Fb_3QQF99_}}2yZfLoXEM}#AqT+-ovor^?{KzN0-(IQ!KZ!|2*6!5 znbAi(Hv|E6xe49-Y(Hn*n5hP~|9sa`dpf>x`YIUp&+l8em&prm44nVM?Yr2rIVZ2! zuh;c-S}3|cI7V4v(MXp@@#5Ir!4^2WkS2s@90o)LB$_ zRZ*XCc}h5QeI}HZCLd{fykS4RQ&_WfSP7e|tCoufBuQu^=jWxkvcJ+tn?NXP_txx5 zBWQ&%9P)#&UmSzvV!-B{vRwN^n$u*~etlxd#9||rvyJmO^H%8i%A9d#--(Qx%O+*t zPQ~>A-;Vn#;eMst%!eeG%;J$Ni5a_N4^uT!QQes+1S~vHETMKzUUSi7sk zJ`I>c?{z```S-|3#%I}|o@G}rGo;0}uvNPSo9_`(O4d~`i{H01AW#%1){0R4toT`z zm;~{isR~V)>(|$KasK}P+X9CdXBU-Xnh?2Tixm0F;p1gmRHLD-@%Wk{=5(T~YE8l5P&a`|qm&KX)vt9k`V|>-; z_6HghiSy!2rahVlAAWdMddON-$Tgc@pAOIJgsp5%L)GbP8sBxLvzBs z>Zi9FQ;Jyh>NGT5JlhNTd71?@s!bF5K%fN%yNbC5f0o{03b$O@4faI+r>irv8)B}~ z(>BS^@Vvi8`OI)cd@^r&k51@$^exHmzvfFE$`?%_FO6a8Jik?uLd{lO!0o=^^PR_mx)Zcu0)a3fpe!dsyHYYQr0BRD+S=Oc%;B|q zw2Xb3yF|r316y~zB4$itHOUOAIp+?w)V1R!_Kzoj?lOJ^50aUez?FM3eBlyEGa%-A z^1W{7?N7w)&qxLxB4_qP3h=fJz@Y-M%7#arJF!obYg_DnpMV7mKdftCe-}Lpfihoz z+dlZ`ewp-Ur+3C3 zY(Bj(vJK@sTvacU%v;KmKB#n?1Z>|7~P|(w@dIIh|kQexRyw+A!(c7W>RStLke(pMc#T`BiCJgfn-3>M>?1A_eA zrr(G8&#^RkKrP{eJ2_khqMF<_o6yP$_8F&xINc+VT*juLt%2wE_g~>O&g+xLC)sR6 zrriQ|sc$g)e9JdRt?Wpv;F(*ax>PZ3`RY|Oh{t6`Q5%2o!rQ*BR$TdT-#hS&e4kqM z%f}_AJ#lM8Su7g1r{Q@Y2eEU_8WKpsVAY)p_jTH6Hz^?edkLOzXAza1dhgyWy5o`)rDw!9X;71 zAo2h!IZic97*U(7Rd$UogA<0HffuQrUn55?6}W7l5?)<&&x!;-F3D4j+|;p2dxnON zUTHH`m|rNySjZvisuws_<>nZbYkp*D_n<|wt7LthMAGd>akXLSKUHMFjd8*na$Uk6m`%wbRE%1`EA-Lf|qKZ*OGyOW2NT!#q7j%yS8 zs1pLn)0xU`xUUtbHmPVx5}CGx97bb>(SQJWf?njhR1?O(WUM` zg0)AjhZ8D=%)(3cH%1F8-%Ko2G-ME+uBL^474Vp}_R^=OrY-`^GCI}KY|tD2x7U}) zGe@eCdwWGSn+Zs&1$5v~N$%D>-05BmZ+xb9TP%^P?<;Kb(*eOu_O92q~b8?^+qbbrat0aB*zsIm$Xn^ijK=?(87 z(4P@EjSzwSh=-m}F-_po%H`%s)iIP|$bhg4&AzXbs;eMPb3}lG@~J@W(WH=EDv;OV z2+&#Z%(B*Lix=py8y~+R6|PpKS0J*bgi!%{JOBMX5VM+sZ7P3MJxgRY^tCS3C^2gE zhNB1T#LLEW(Swdx2Sf>5rPB%Cv z@H=lu>0d7|^J!tq)<2xY?rv_EQQ0QvIciqJE-#!-Z|wkgqO0UJ(79IvqPl%{w#ugd zjzJtm14`&fHlB{0xLoyAyaEdK3A~-gl12;pI+9 zhSL;il}oYf;^!jp>L}LfH+W7mc9xOzIRQ|N{x8(hPMhO~?a0AIY$BKHuN06+Un)Z( zd@sN~ah!n!OjG~jh#VoVdTldM&@3> zDTD^(IQ5OLzk@H%%?X=NYg?69$1_OLov*kM_yAwbu;FOgFSjM7?4j~p#pv=t&{zgk zFJeQY<%eKvXZH&M`-KAIoP^+67)^!^w`cLa#$QX~iQNdheB^amN*)Ube37scNNrp7N+n>Z^Jr^ZnHQ}DP(12`%8km^U%sNbAFdw)p6KLp3i%5c zg{D#fI}!(h05C-DN*k$SsZT(XQH?y3E{8!QH_qd=I(6r`mLigvY6s;zQOTf^>sMOLBOr>enF5Z_L z%2{%%(Y{^|=E}7ZNsy|^fy}|ZdXMvAmD&1jcRQ20MxV*)8c5#g2&Jl;mr52O2mrq; zZB}~bN^22wz0trtO)ts(4k)p1K)x^bde4zDhBj1qy)aVgaQo`0BDudFdc7 zb74L@E;%#_9bG)r-cg&crE0H{%6210Hb58i6vtVD8t@KgHmJ9+6Ha$3!xDl_RnRN1 zQ0)8)KB*Rq=L=toPZef&a#8felJI_YThEc8aD8%Otk{e3RV6;-#EEr!@oK1MV5G`(NqbtHP?^$Scf_QmG= z370H=)2CAAr!G5;=*NeWPwE}g2H|(7s~xb(o+k_OxgD4@QVM$3`EGQC)0Quw%nAD; zL)M4a`cp(dy%b4NTncEPeY+o=x>Ez$;P7S9uh+rH!y{zYsWR)M$S@yK?Ck03QGLvB zxA0D!(Zn=Sj7j6;h>k4N4h+gCD0mGVr3{MbBunUMXdx8*X8;Z;w|=kS2vCPr06t3e z1J=l+)arbZ%__S^0I-WwS8Fxw>t51pgBc05%lM;l3s5%&_ zckDYdU*6w5DrJ62u1p1J*x?K&jbb74cmM)0bE1k3so}I5eG;1I$>+3XajIa|I(Ak$ znZK;KnMyn_W3$$&|!)#liFVx#CFYf7$Eg-k2r5k5(IDq=R7xwEo$ z^bASCu->JGyC~dql^(qoe6;Le%oJ?UziJTUqTbS6Cs#+h+WBD*-pHOWu8l;s`cH zsi#u4n!chtzCrFf#&@FU!gKNU_zW-m+Xd?;?)bUtG9}ZVQNp=LP$8J zmYP8Mt5x7xf%k2|@fpGSAbCKO-tA;}z9PpZ#~1~R%sf8zQ=*odh?=RIk;+K|H~6cd zc)nKoI$*vkY?jF?BCC1CPgzXnwne&FM>8<`_Qr8`afuFda~6KIioa1_Zl1ey!czxJ zKY!9Ktba&`P*2&z7po0pHoVt^x>+~?25EcvFtKjVY-L<>@$N+eQs9SrLC^0IvD%f< z{DI7^)YKo~eMaAU{2cF{Iq$`*qMhoQaCpz>w8MV@2>_E{SauzC3<*-OzD|z{HSOlH z-7TK-c~hd0{t$1eowiGTK!_+vqe(kim>79ZAsLfAqs`Au{j%SqD;ZET0q=2wLljfe z7$B$gQ!Ii-ndkBb&t6Dp_YI)M9uuf5uC)oC3~&=UOFKDB$9j6C37+@*^{>?vj2l_f z4banR-76ErFQdcMx%TR!iVmI_SMw*T~W?Lb0xK zaXk$JLrESpEof?j>5_zVfl`BA^DU;7It5;VF|}%wtf-Y9sDd`BtGb5|xMo3lebOHH zsd|gV8>B=3UoNk{8vdx(!blvkrobVE<|a_n*j3xoHSckkzZNX(x?TG4-T@H&Og{u1 zdIq{eStVZ8Y-K|ZP!cbs^ZQB!eKhz<91sdc7R@0UULMYgPD%l^fTR+f20MGARzZ%h zQI=8hQEx1}#L7sLnkL8T(DZgIq5g0HYV7n)_LC3XmZ8&A6WSZMA$&T9CWZD(_I@0=u8)R)#UHOQk zoMrf<)U)b~h%E_pKXU1b5SHd|?+Q6|k!s75BLp#Zn409T{qiUaZM`<({eO9cj*Ugi4|?zFOrf zoekkPXY!w?_Lj3g@d|t*50`eA|vLvD=sQ zefx4U$7;iS%Mwx4<#ic?EVQ7Nl@+VUFsW_I!P7I_;nDr*)5LsmPvu1(FFuKn+PBYR62L}Nw9|@tDArG5( zn#&K*G17(4aW(mer6bzFYGz03$iUk0q&FOZ5m(=uu2z1;Ged5G-guN>?$Pwct=wr# zt49JbnX?5effEd{lz-X@jSOD5sZ)bU1%*!|l}*3(OEPw6=g!UUmFuP?5UWhIrKuCj z`UBQ<5~ARK!k*cedEmSj)FOHz*6H+?_$&4B3L4`>bQ~noi-SC|cpC{*5pEydHRrV* zfv$w1!8)W#nq`R9(Xz^|`DqM01MOXI8pfJebMcpNT#+UCe3zAyEV?x+)#_$199KWf&7?_$ z`obS`(QFMa&o%j#+k|oAd8ZXMDDjR^)0r~%Gc=PXN|P%uqUGhLU1gK<=FFn-xa=AL zpR0A=DI_S%v6FzP0N*$2lN)O(A{4kzto))SE6eX{%_Jmy-*NbIT4Ub|lj}|je zly>*a8p=G>L|NbSL$TC#M{QL9eyimQckLGX*$2@+1L%D$a-;W6wJlAu;iYmk*y>ii zBsF32rF{gEqO_6y^RY?Cal-!<7$~z)F4BWu5aslb19 zGo^N9U9*1L#nP~eVt~JHt4bv3`PRm!@GQCa=gP_y%u?m-*AR@*qb|_mI=6~fDgZ~C z&)t~Rm1;dYq^jD{907b03~M2U8XoE*sZd`wXc>Z{99f#Ah&xi}c_MN|Xqg1l{Ef8V zGmKQdoa%c*oIBxIBvH7#r;Kbsj_<+ZxNB-}0^s-z{pf2SxJ{C2?k2JbY3+r#obDbs zXMFS2@9?{1_IhMn(+48$N+q}`D~!o~W1*=MXrHY5%`CLwWtax!DTQ`^&+8&7JO%t` z5P~V-v}@wn=1!%K5ecrzwd9T7QbJbv7G+u>D+scRMpK@!tFYGNUiykPQ?Q4L}tVAFYSpiIgsT4savKmssHOVqsK=fmAUyVUCU=yj>tmJ9Z%h_l%adeLF5! zXFv-jS4Yxid%8NHg<-7D3D{<|a0c}%RVyb1wFs9H-0LHI3yU11tc9|{QaQu-saPA? ztFyQgp%kj6_a*cYkPI`;DIY8t)t z8&nJqpUT!s0nW|L=OqzDLE>jyM~lkYrA|m`S{%x%Txq%Qe-_MkiC`kDR@l{+8Mw(r zV_XI*#XIp$hU9JnIvKcBPH8T$Q)w|oGc13tPnIf}+ONs*hSh{y#OwjNMz1`ndZD94 zZ5N!&d;>=8^%P4_7K@=$^H$1^dEV)=NvtV*>M}!OWR-OlGOC0m+5p zUzVC3@fpg;Bf_LO&A%bF|JvgH6t7bhARVCAyD%8D=q$vG>XdagiCe;d9) z+_mU)8~OR!!~i>Yj1mwSfdaXE~tvTG~2FJky8uY}4JkIN_Rd6}-3a~ z*Y6>3k&uw+SyFf-@o1yU0K?!h+q_^ML=*>U-dSH?_S_z~t0t--Lgzr7i!O19Ml&E6 zKOnH)v3g)H>!oPo)Iga9>(wU{hRE}z6wJi3??EJ;1}Wx*N)v4b?pK-VGX4uIwz@wu zW#fH=Ro3^0$|)~U^Bx3SG%0_ajX-T1Ue!#$KxSX_Pp|6;&C5A)oH(YS9@>fjc9r%k zUGQbJK6V^wcg;Y?P{f|iH8MRNgBQabJtf1r*iLQ0OhY;Ez)Cp#bY2@%gx38LQ&xua zkpr``u!mbCK2igt^9CkjX9o61Q$bELr^4@@cnk83>9NZ`Qo^AFMIRKGYKvP`Ny2DK2mRKrF6y@$@}H(H3(mxxgyqFfHucyK~& zjoBqQQ(3fa(+fQ{JZ$Tx;HK**P9B@Own;7ZN}rT=PQ<~oNi8jzuzdZ9-nWB{Oh+O4 zhnX`8;{wei!gXS}`RPv)J(F=(j_EH$E>1=jwhyEC5O)18(VQuI4)nG1Ld4n)Qq^)* zK%+@Er0Sxq_2Oe`*H5!AaC86X**+jY?oY?&FHjr*ObB`3j7M`gx{&-(;?r2)6i&e@ zKfEnX)47(|?P>A)#rBKZn&MHBqS3O!-7g!LD>!|80u$$@QPG5&_1Q~ISEz8$#nG^6 z3Ca)KIClkVB)y_SY`(;d(fnGX+ZjjRNpHcJvUl0w1v8 z#82~eNJT@A14-NXF}T>qNIPPOW|TV$bJey3V?+w*Kz~ z`hk`DZ{uWLVA#H*5uSWa#s=$}`9o4V8bRVg{Ai4jP78ET%z&0am zP)kYr)+7S{^_B|Q2P?BvM#Qv}mp~2hsog?(O-9Q@#AaDx>m)Z?40a=Eec0@~8N_$4y$X-3! z!dAawRn$g&%lM07n^ghZP7(Ca0Pu8AIb%i?D`V6=yTTG*K#H7KA%36_l;!?riUEb) zw(K1!h{!Gt3yw&&V9xt^#C#`QkQN5khypWVgeol*Y+wTap+BYif~vWu4iO)bmwB_y zWU;fAxS}g_Xj;mSQn#=x5d&Z$5Erc+6F~{6=-Ggtijc=UhZ`)-kUT{!w;V0hof`T0 zZrtA2yx3&P5|R((Q&QpxdZ`bPi~1$gc8(w4inb__%EDW6Zy$Blrg7=wr8d1PaojAD z{xGA#TP8g5EMIu-hdzx!9XDH1@Ug2GxKD@0i<^=h1vGbVcgp!tLk?6QU_|uLYxOp! zN)FEopcG2G{*o{J0Kx#Kxp|Yo{WC%O2n66F9@hRfpK-4dc<%=@H>SzsfIm_kL^ptu z&$p>`ygzb7tlPj(w=aI8`y<(EI1NBTgq*4^=x`NZli%)ra}_ZB?H6fM|43SXu)D#N zOe|%l$h-`L+&a@(i&(%1Z2_wcTMaD4Wfd} z&4yI^{?>500kh Date: Wed, 31 Mar 2021 17:31:56 -0700 Subject: [PATCH 2/5] Update service-mesh.md --- daprdocs/content/en/concepts/service-mesh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/concepts/service-mesh.md b/daprdocs/content/en/concepts/service-mesh.md index cba402532..67902e48d 100644 --- a/daprdocs/content/en/concepts/service-mesh.md +++ b/daprdocs/content/en/concepts/service-mesh.md @@ -7,7 +7,7 @@ description: > How Dapr compares to, and works with service meshes --- -Dapr uses the sidecar architecture, running as a separate process alongside the application and includes features such as network security and distributed tracing. This often raises the question - how does Dapr compares to service mesh solutions such as Linkerd and Istio? +Dapr uses the sidecar architecture, running as a separate process alongside the application and includes features such as network security and distributed tracing. This often raises the question - how does Dapr compare to service mesh solutions such as Linkerd and Istio? ## How Dapr and service meshes compare While Dapr and service meshes do offer some overlapping capabilities, **Dapr is not a service mesh**. Unlike a service mesh which is focused on networking concerns, Dapr is focused on providing building blocks that make it easier for developers to build microservices. Dapr is developer-centric versus service meshes being infrastructure-centric. From 908c1fa1472c645bd41810f50d8f6e98c83f0443 Mon Sep 17 00:00:00 2001 From: Mark Fussell Date: Wed, 31 Mar 2021 21:21:01 -0700 Subject: [PATCH 3/5] Update service-mesh.md --- daprdocs/content/en/concepts/service-mesh.md | 34 +++++++++++--------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/daprdocs/content/en/concepts/service-mesh.md b/daprdocs/content/en/concepts/service-mesh.md index 67902e48d..5ee94f698 100644 --- a/daprdocs/content/en/concepts/service-mesh.md +++ b/daprdocs/content/en/concepts/service-mesh.md @@ -1,41 +1,45 @@ --- type: docs -title: "Dapr & service meshes" +title: "Dapr and service meshes" linkTitle: "Service meshes" weight: 700 description: > How Dapr compares to, and works with service meshes --- -Dapr uses the sidecar architecture, running as a separate process alongside the application and includes features such as network security and distributed tracing. This often raises the question - how does Dapr compare to service mesh solutions such as Linkerd and Istio? +Dapr uses a sidecar architecture, running as a separate process alongside the application and includes features such as, service invocation, network security and distributed tracing. This often raises the question - how does Dapr compare to service mesh solutions such as Linkerd, Istio and Open Service Mesh (OSM)? ## How Dapr and service meshes compare -While Dapr and service meshes do offer some overlapping capabilities, **Dapr is not a service mesh**. Unlike a service mesh which is focused on networking concerns, Dapr is focused on providing building blocks that make it easier for developers to build microservices. Dapr is developer-centric versus service meshes being infrastructure-centric. +While Dapr and service meshes do offer some overlapping capabilities, **Dapr is not a service mesh** where a service mesh, is defined as a *networking* service mesh. Unlike a service mesh which is focused on networking concerns, Dapr is focused on providing building blocks that make it easier for developers to build applications as microservices. Dapr is developer-centric versus service meshes being infrastructure-centric. -In most cases, developers do not need to be aware that the application they are building will be deployed in an environment which includes a service mesh since a service mesh intercepts network traffic. Service meshes are mostly managed and deployed by system operators. However, Dapr building block APIs are very much intended to be used by developers explicitly in their code. +In most cases, developers do not need to be aware that the application they are building will be deployed in an environment which includes a service mesh since a service mesh intercepts network traffic. Service meshes are mostly managed and deployed by system operators. However, Dapr building block APIs are intended to be used by developers explicitly in their code. -Some common capabilities Dapr shares with service meshes include: -- Secure service-to-service communication through mTLS encryption -- Metric collection -- Distributed tracing +Some common capabilities that Dapr shares with service meshes include: +- Secure service-to-service communication with mTLS encryption +- service-to-service metric collection +- service-to-service distributed tracing - Resiliency through retries -However, Dapr does not provide capabilities for traffic behavior such as routing or traffic splitting. Dapr does provide application level building blocks for state management, pub/sub messaging, actors and more. + Importantly Dapr provides service discovery and invocation via names which is a developer centric convern. This means that through Dapr's service invocation API, developers call a method on a service name, whereas service meshes deal with network concepts such as IPs and DNS addresses. However, Dapr does not provide capabilities for traffic behavior such as routing or traffic splitting. Traffic routing is often addressed with ingress proxies to an application and does not have to use a service mesh. In addition, Dapr does provides other application level building blocks for state management, pub/sub messaging, actors and more. -The illustration below captures some of the overlapping features and unique capabilities Dapr and service meshes offer: +Another difference between Dapr and service meshes is with observability (tracing and metrics). Service meshes operate at the network level and trace the network calls between services. Dapr does this with service invocation, however Dapr also provides observability (tracing and metrics) over pub/sub calls using trace ids written into the Cloud Events envelope. This means that the metrics and tracing with Dapr is more extensive than with a service mesh for applications that use both service-to-service invocation and pub/sub to communicate. + +The illustration below captures the overlapping features and unique capabilities that Dapr and service meshes offer: -## Using Dapr together with a service mesh -Dapr can work well with service meshes. In the case where both are deployed together, both a Dapr and service mesh sidecar will be running in the application environment. In those cases, it is recommended to ensure only Dapr or only the service mesh perform mTLS encryption and distributed tracing. +## Using Dapr with a service mesh +Dapr does work with service meshes. In the case where both are deployed together, both Dapr and service mesh sidecars are running in the application environment. In this case, it is recommended to configure only Dapr or only the service mesh to perform mTLS encryption and distributed tracing. -Watch these recordings from the Dapr community calls showing presentations on running Dapr together with service meshes: +Watch these recordings from the Dapr community calls showing presentations on running Dapr together with different service meshes: - General overview and a demo of [Dapr and Linkerd](https://youtu.be/xxU68ewRmz8?t=142) - Demo of running [Dapr and Istio](https://youtu.be/ngIDOQApx8g?t=335) ## When to choose using Dapr, a service mesh or both Should you be using Dapr, a service mesh or both? The answer depends on your requirements. If, for example, you are looking to use Dapr for one or more building blocks such as state management or pub/sub and considering using a service mesh just for network security or observability, you may find that Dapr is a good fit and a service mesh is not required. -If however, you need advanced, fine grained networking control, you would probably benefit from using a service mesh. +Typically you would use a service mesh with Dapr where there is a corporate policy that traffic on the network needs to be encrypted regardless for all applications. For example, you may be using Dapr in only part of your application and other services and processes that are not using Dapr in your application also need encrypted traffic. In this scenario a service mesh is the better option and most likely you should use mTLS and distributed tracing on the service mesh and disable this on Dapr. -In some cases, where you require capabilities that are unique to both you will find it useful to leverage both Dapr and a service mesh - as mentioned above, there is no limitation for using both. +If you need traffic splitting for A/B testing scenarios you would benefit from using a service mesh, since Dapr does not provide this. + +In some cases, where you require capabilities that are unique to both you will find it useful to leverage both Dapr and a service mesh - as mentioned above, there is no limitation for using them together. From fc9df14a7bc4de63cbfd50b852f18a2a8c99cc01 Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Thu, 1 Apr 2021 08:37:22 -0700 Subject: [PATCH 4/5] Typo fixes --- daprdocs/content/en/concepts/service-mesh.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/concepts/service-mesh.md b/daprdocs/content/en/concepts/service-mesh.md index 5ee94f698..7e2f11344 100644 --- a/daprdocs/content/en/concepts/service-mesh.md +++ b/daprdocs/content/en/concepts/service-mesh.md @@ -16,11 +16,11 @@ In most cases, developers do not need to be aware that the application they are Some common capabilities that Dapr shares with service meshes include: - Secure service-to-service communication with mTLS encryption -- service-to-service metric collection -- service-to-service distributed tracing +- Service-to-service metric collection +- Service-to-service distributed tracing - Resiliency through retries - Importantly Dapr provides service discovery and invocation via names which is a developer centric convern. This means that through Dapr's service invocation API, developers call a method on a service name, whereas service meshes deal with network concepts such as IPs and DNS addresses. However, Dapr does not provide capabilities for traffic behavior such as routing or traffic splitting. Traffic routing is often addressed with ingress proxies to an application and does not have to use a service mesh. In addition, Dapr does provides other application level building blocks for state management, pub/sub messaging, actors and more. + Importantly Dapr provides service discovery and invocation via names which is a developer centric concern. This means that through Dapr's service invocation API, developers call a method on a service name, whereas service meshes deal with network concepts such as IPs and DNS addresses. However, Dapr does not provide capabilities for traffic behavior such as routing or traffic splitting. Traffic routing is often addressed with ingress proxies to an application and does not have to use a service mesh. In addition, Dapr does provides other application level building blocks for state management, pub/sub messaging, actors and more. Another difference between Dapr and service meshes is with observability (tracing and metrics). Service meshes operate at the network level and trace the network calls between services. Dapr does this with service invocation, however Dapr also provides observability (tracing and metrics) over pub/sub calls using trace ids written into the Cloud Events envelope. This means that the metrics and tracing with Dapr is more extensive than with a service mesh for applications that use both service-to-service invocation and pub/sub to communicate. From 87126869cbf12d9b5ec6bd237212b6f6c2749617 Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Thu, 1 Apr 2021 08:39:11 -0700 Subject: [PATCH 5/5] small phrasing change --- daprdocs/content/en/concepts/service-mesh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/concepts/service-mesh.md b/daprdocs/content/en/concepts/service-mesh.md index 7e2f11344..342aa1049 100644 --- a/daprdocs/content/en/concepts/service-mesh.md +++ b/daprdocs/content/en/concepts/service-mesh.md @@ -40,6 +40,6 @@ Should you be using Dapr, a service mesh or both? The answer depends on your req Typically you would use a service mesh with Dapr where there is a corporate policy that traffic on the network needs to be encrypted regardless for all applications. For example, you may be using Dapr in only part of your application and other services and processes that are not using Dapr in your application also need encrypted traffic. In this scenario a service mesh is the better option and most likely you should use mTLS and distributed tracing on the service mesh and disable this on Dapr. -If you need traffic splitting for A/B testing scenarios you would benefit from using a service mesh, since Dapr does not provide this. +If you need traffic splitting for A/B testing scenarios you would benefit from using a service mesh, since Dapr does not provide these capabilities. In some cases, where you require capabilities that are unique to both you will find it useful to leverage both Dapr and a service mesh - as mentioned above, there is no limitation for using them together.