From 00d1011bf1ac20ec99131c4d8d2fe4600bcf44fd Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 17 Sep 2024 11:02:10 -0700
Subject: [PATCH 01/36] Update proposal and risk section for 1.32

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 208 +++++++++---------
 1 file changed, 101 insertions(+), 107 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 35d5c2175ec6..7a0835f0e140 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -307,25 +307,24 @@ The "Design Details" section below is for the real
 nitty-gritty.
 -->
 
-<<[UNRESOLVED changing from 1.31 proposal to 1.32 proposal,
-incoming in a separate PR]>>
 This design seeks to incorporate a two-pronged approach:
 
-1. Change the existing initial value for the backoff curve to stack more retries
-   earlier for all restarts (`restartPolicy: OnFailure` and `restartPolicy:
-   Always`) <<[UNRESOLVED]>>
-2. Provide a option to configure even faster restarts for specific Pod/Container
-(particularly sidecar containers)/Node/Cluster, regardless of exit code,
-reducing the max wait to 1 minute <<[/UNRESOLVED]>>
-
-In addition, part of the alpha period will be dedicated entirely to
-   systematically stress testing kubelet and API Server with different
-   distributions of workloads utilizing the new backoff curves. Therefore, this
-KEP requires instrumentation of enhanced visibility into pod restart behavior to
-enable Kubernetes benchmarking during the alpha phase. During the benchmarking
-period of alpha, kubelet memory and CPU, API server latency, and pod restart
-latency will be observed and analyzed to define the maximum allowable restart
-rate for fully saturated nodes.
+1. Change the existing initial value for the backoff curve to 1s to stack more
+   retries earlier, and reduce the maximum backoff for a given restart from 5
+   minutes to 30 seconds, for all restarts (`restartPolicy: OnFailure` and
+   `restartPolicy: Always`)
+2. Provide an option to cluster operators to configure an even lower maximum
+backoff for all containers on a specific Node, down to 1s
+
+To derive these values, manual stress testing observing the behavior of kubelet,
+   API server, and overall cluster operations and behavior were performed, as
+   described below in <<[ UNRESOLVED ifttt benchmarking: link to benchmarking results ]>>
+<<[/UNRESOLVED]>>. In addition, part of the alpha period will be dedicated
+entirely to systematically stress testing kubelet and API Server with different
+distributions of workloads utilizing the new backoff curves. During the
+benchmarking period in alpha, kubelet memory and CPU, API server latency, and
+pod restart latency will be observed and analyzed to further refine the maximum
+allowable restart rate for fully saturated nodes.
 
 Longer term, these
 metrics will also supply cluster operators the data necessary to better analyze
@@ -336,27 +335,49 @@ Note that proposal will NOT change:
 * backoff behavior for Pods transitioning from the "Success" state differently
   from those transitioning from a "Failed" state -- see [here in Alternatives
   Considered](#on-success-and-the-10-minute-recovery-threshold)
-* the time Kubernetes waits before resetting the backoff counter -- see the
-  [here inAlternatives
-  Considered](#on-success-and-the-10-minute-recovery-threshold)
+<<[ UNRESOLVED ifttt late recovery ]>> * the time Kubernetes waits before resetting the backoff counter -- see the
+  [here in Alternatives
+  Considered](#on-success-and-the-10-minute-recovery-threshold) <<[/UNRESOLVED]>>
 * the ImagePullBackoff -- out of scope, see [Design
   Details](#relationship-with-imagepullbackoff)
 * changes that address 'late recovery', or modifications to backoff behavior
   once the max cap has been reached -- see
   [Alternatives](#more-complex-heuristics)
 
-<<[/UNRESOLVED]>>
 
 
-### Existing backoff curve change: front loaded decay
+### Existing backoff curve change: front loaded decay, lower maximum backoff
 
 This KEP proposes changing the existing backoff curve to load more restarts
-earlier by changing the initial value of the exponential backoff. A number of
-alternate initial values are modelled below, until the 5 minute cap would be
-reached. This proposal suggests we start with a new initial value of 1s, and
-analyze its impact on infrastructure during alpha.
+earlier by changing the initial value of the exponential backoff, and to retry
+periodically more often by reducing the maximum for the backoff. A number of
+alternate initial values and maximum backoff values are modelled below. This
+proposal suggests we start with a new initial value of 1s (changed from 10s
+today) and a maximum backoff of 30 seconds (changed from 5 minutes today) based
+on prior research <<[ UNRESOLVED link to benchmarking results
+]>>here<<[/UNRESOLVED]>>, and further analyze its impact on infrastructure
+during alpha. 
+
+A simple change to maximum backoff would naturally come with a modification of
+the backoff counter reset threshold -- as it is currently calculated based on 2x
+the max cap -- so without any other modification, containers would be "rewarded"
+by having their backoff counter set to 0 for running successfully for 1 minute
+(instead of for 10 minutes like it is today). <<[ UNRESOLVED ifttt late recovery:
+what is better?]>>As late recovery is expressly a non-goal of this KEP, as part
+of this implementation the late recovery threshold for restart backoffs will be
+factored out separately and remain 10 minutes. <<[/UNRESOLVED]>>
+
+<<[ UNRESOLVED new pic with updated modeling re: max cap values
+]>>![](todayvs1sbackoff.png)<<[ /UNRESOLVED]>>
+
 
-![](todayvs1sbackoff.png)
+### Node specific kubelet config for maximum backoff down to 1 second
+
+This KEP also proposes providing a more flexible mechanism for modifying the
+maximum backoff as an opt-in. The configuration for this will be per node, by an
+integer representing seconds (notably NOT resulting in subsecond granularity).
+The minimum allowable value will be 1 second. This per node configuration will
+be configurable only by a user with awareness of the node holistically.
 
 
 ### User Stories
@@ -447,15 +468,13 @@ accompanying API request, if the requests become rapid enough due to fast enough
 churn of Pods through CrashLoopBackoff phases, the central API server could
 become unresponsive, effectively taking down an entire cluster.
 
-The same risk exists for the <<[UNRESOLVED]>> per Node <<[/UNRESOLVED]>>
-feature, which, while not default, is by design a more severe reduction in the
-decay behavior. It can abused by <<[UNRESOLVED]>> cluster operators
-<<[/UNRESOLVED]>>, and in the worst case cause nodes to fully saturate with
-<<[UNRESOLVED]>> instantly <<[/UNRESOLVED]>> restarting pods that will never
-recover, risking similar issues as above: taking down nodes or at least
-nontrivially slowing kubelet, or increasing the API requests to store backoff
-state so significantly that the central API server is unresponsive and the
-cluster fails.
+The same risk exists for the per Node feature, which, while not default, is by
+design allowing a more severe reduction in the decay behavior. In the worst
+case, it could cause nodes to fully saturate with near-instantly restarting pods
+ that will never recover, risking similar issues as above: taking down nodes or
+at least nontrivially slowing kubelet, or increasing the API requests to store
+backoff state so significantly that the central API server is unresponsive and
+the cluster fails.
 
 During alpha, naturally the first line of defense is that the enhancements, even
 the reduced "default" baseline curve for CrashLoopBackoff, are not usable by
@@ -465,41 +484,43 @@ by each risk if the cluster operator enables the new features during the alpha
 period.
 
 Beyond this, there are two main mitigations during alpha: conservativism in
-changes to the default behavior, and <<[UNRESOLVED]>> per-node <<[/UNRESOLVED]>>
-opt-in and redeployment required for the more aggressive behavior.
-
-The alpha changes to the default backoff curve were chosen because they are
-minimal -- <<[ UNRESOLVED]>>the proposal maintains the existing rate and max
-cap, and reduces the initial value to the point that only introduces 3 excess
-restarts per pod, the first 2 excess in the first 10 seconds and the last excess
-following in the next 30 seconds (see [Design
+changes to the default behavior based on prior stress testing, and limiting any
+further overrides to be opt-in per Node, and only by users with the permissions
+to modify the kubelet configuration -- in other words, a cluster operator
+persona.
+
+The alpha changes to the _default_ backoff curve were chosen because they meet
+emerging use cases and user sentiment from the canonical feature request issue
+and research by the author, AND because they are indicated to be safe changes
+based on initial benchmarking and analysis, described below in context and
+<<[UNRESOLVED ifttt benchmarking: add benchmarking link]>>here more
+broadly<<[/UNRESOLVED]>>.
+
+<<[UNRESOLVED fix details for new proposal]>>the proposal maintains the existing
+rate of 2x, reduces the initial value to the point that introduces N excess
+restarts per pod, the first XYZ excess in Y time window and the last ABC excess
+following in the next Z time window (see [Design
 Details](#front-loaded-decay-curve-methodology)). For a hypothetical node with
 the max 110 pods all stuck in a simultaneous CrashLoopBackoff, API requests to
-change the state transition would increase at its fastest period from ~110
-requests/10s to 330 requests/10s. <<[/UNRESOLVED]>> By passing this minimal
-change through the existing SIG-scalability tests, while pursuing manual and
-more detailed periodic benchmarking during the alpha period, we can increase the
-confidence in this change and in the possibility of reducing further in the
-future.
-
-For the <<[UNRESOLVED]>> per node <<[/UNRESOLVED]>> case, because the change is
-more significant, including lowering the max cap, there is more risk to node
-stability expected. This change is of interest to be tested in the alpha period
-by end users, and is why it is still included with opt-in even though the risks
-are higher. That being said it is still a relatively conservative change in an
-effort to minimize the unknown changes for fast feedback during alpha, while
-improved benchmarking and testing occurs. <<[UNRESOLVED update with real stress
-test results]>> For a hypothetical node with the max 110 pods all stuck in a
-simultaneous `Rapid` CrashLoopBackoff, API requests to change the state
-transition would increase from ~110 requests/10s to 440 requests/10s, and since
-the max cap would be lowered, would exhibit up to 440 requests in excess every
-300s (5 minutes), or an extra 1.4 requests per second once all pods reached
-their max cap backoff. It also should be noted that due to the specifics of the
-configuration required in the Pod manifest, being against an immutable field,
-will require the Pods in question to be redeployed. This means it is unlikely
-that all Pods will be in a simultaneous CrashLoopBackoff even if they are
-designed to quickly crash, since they will all need to be redeployed and
-rescheduled. <<[/UNRESOLVED]>>
+change the state transition would increase at its fastest period from ABC
+requests/10s to NNN requests/10s. <<[/UNRESOLVED]>>  <<[UNRESOLVED ifttt
+benchmarking: add benchmarking details]>>This has also been empirically observed
+in benchmarking analysis described XYZ HERE XYZ. <<[/UNRESOLVED]>> In addition,
+by passing these changes through the existing SIG-scalability tests, while
+pursuing manual and more detailed periodic benchmarking during the alpha period,
+we can increase the confidence in this change and in the possibility of reducing
+further in the future.
+
+For the per node case, because the change is more significant, including
+lowering the max backoff, there is more risk to node stability expected. This
+change is of particular interest to be tested in the alpha period by end users,
+and is why it is still included with opt-in even though the risks are higher.
+<<[UNRESOLVED update with real stress test results]>> For a hypothetical node
+with the max 110 pods all stuck in a simultaneous 1s maximum CrashLoopBackoff,
+API requests to change the state transition would increase from ABC requests/10s
+to NNN requests/10s, and since the maximum backoff would be lowered, would
+exhibit up to NNN requests in excess every 300s (5 minutes), or an extra A.B
+requests per second once all pods reached their max cap backoff.
 
 ## Design Details 
 
@@ -510,7 +531,7 @@ required) or even code snippets. If there's any ambiguity about HOW your
 proposal will be implemented, this is the place to discuss them.
 -->
 
-<<[UNRESOLVED changing from 1.31 to 1.32 proposal, incoming in separate PR]>>
+<<[UNRESOLVED changing from 1.31 to 1.32 proposal, incoming in further commits]>>
 
 ### Front loaded decay curve methodology
 As mentioned above, today the standard backoff curve is a 2x exponential decay
@@ -567,7 +588,7 @@ Among these modeled initial values, we would get between 3-7 excess restarts per
 backoff lifetime, mostly within the first three time windows matching today's
 restart behavior.
 
-<<[UNRESOLVED include stress test data now]>> <<[/UNRESOLVED]>>
+<<[UNRESOLVED ifttt benchmarking: include stress test data now]>> <<[/UNRESOLVED]>>
 
 ### Rapid curve methodology
 
@@ -690,7 +711,7 @@ container before restarting, and the number of container restarts, to articulate
 the rate and load of restart related API requests and the performance effects on
 kubelet.
 
-<<[UNRESOLVED add initial benchmarking test data]>> <<[/UNRESOLVED]>>
+<<[UNRESOLVED ifttt benchmarking: link initial benchmarking test data]>> <<[/UNRESOLVED]>>
 
 ### Relationship with Job API podFailurePolicy and backoffLimit
 
@@ -809,9 +830,11 @@ This can inform certain test coverage improvements that we want to do before
 extending the production code to implement this enhancement.
 -->
 
+<<[UNRESOLVED whats up with this]>>
 - `kubelet/kuberuntime/kuberuntime_manager_test`: **could not find a successful
   coverage run on
   [prow](https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/ci-kubernetes-coverage-unit/1800947623675301888)**
+<<[/UNRESOLVED]>>
 
 ##### Integration tests
 
@@ -848,7 +871,7 @@ We expect no non-infra related flakes in the last month as a GA graduation crite
 
 - k8s.io/kubernetes/test/e2e/node/kubelet_perf: for a given percentage of
 heterogenity between "Succeeded" terminating pods, and crashing pods whose
-`restartPolicy: Always``, 
+`restartPolicy: Always` or `restartPolicy: OnFailure`, 
  * what is the load and rate of Pod restart related API requests to the API
    server?
  * what are the performance (memory, CPU, and pod start latency) effects on the
@@ -860,7 +883,7 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
 #### Alpha
 
 - Changes to existing backoff curve implemented behind a feature flag 
-    1. Front-loaded decay curve for all workloads with `restartPolicy: Always`
+    1. Front-loaded decay curve for all workloads with `restartPolicy: Always` or `restartPolicy: OnFailure`
        <<[UNRESOLVED]>>
     2. Front-loaded, low max cap backoff curve for nodes workloads with XYZ
        config
@@ -870,7 +893,7 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
   exit states, and runtimes
 - Initial e2e tests completed and enabled
   * Feature flag on or off
-  * <<[UNRESOLVED]>>node upgrade and downgrade path <<[/UNRESOLVED]>>
+  * <<[UNRESOLVED in 1.31 review, suggested not necessary]>>node upgrade and downgrade path <<[/UNRESOLVED]>>
 - Fix https://github.com/kubernetes/kubernetes/issues/123602 if this blocks the
   implementation, otherwise beta criteria
 - Low confidence in the specific numbers/decay rate
@@ -981,7 +1004,7 @@ To use the enhancement, the alpha feature gate is turned on. In the future when
 made, and the default behavior of the baseline backoff curve would -- by design
 -- be changed.
 
-For `EnableRapidCrashLoopBackoffDecay`:
+For `EnableKubeletCrashLoopBackoffMax`:
 
 For an existing cluster, no changes are required to configuration, invocations
 or API objects to make an upgrade.
@@ -1002,7 +1025,7 @@ they've turned on the `ReduceDefaultCrashLoopBackoffDecay` feature gate).
 <<[/UNRESOLVED]>>
 
 Or, the entire cluster can be restarted with the
-`EnableRapidCrashLoopBackoffDecay` feature gate turned off. In this case, any
+`EnableKubeletCrashLoopBackoffMax` feature gate turned off. In this case, any
 <<[UNRESOLVED]>>Node configured with a different backoff curve will instead use
 the default backoff curve. Again, since the cluster was restarted and Pods were
 redeployed, they will not maintain prior state and will start at the beginning
@@ -1035,7 +1058,7 @@ coordination must b e done between the control plane and the nodes.
 ## Production Readiness Review Questionnaire
 
 <<[UNRESOLVED removed when changing from 1.31 proposal to 1.32 proposal,
-incoming in a separate PR]>> <<[/UNRESOLVED]>>
+incoming in further commits]>> <<[/UNRESOLVED]>>
 
 ## Implementation History
 
@@ -1094,35 +1117,6 @@ and insight can help us improve late recovery later on (see also the related
 discussion in Alternatives [here](#more-complex-heuristics) and
 [here](#late-recovery)).
 
-CrashLoopBackoff behavior has been stable and untouched for most of the
-Kubernetes lifetime. It could be argued that it "isn't broken", that most people
-are ok with it or have sufficient and architecturally well placed workarounds
-using third party reaper processes or application code based solutions, and
-changing it just invites high risk to the platform as a whole instead of
-individual end user deployments. However, per the [Motivation](#motivation)
-section, there are emerging workload use cases and a long history of a vocal
-minority in favor of changes to this behavior, so trying to change it now is
-timely. Obviously we could still decide not to graduate the change out of alpha
-if the risks are determined to be too high or the feedback is not positive.
-
-Though the issue is highly upvoted, on an analysis of the comments presented in
-the canonical tracking issue
-[Kubernetes#57291](https://github.com/kubernetes/kubernetes/issues/57291), 22
-unique commenters were requesting a constant or instant backoff for `Succeeded`
-Pods, 19 for earlier recovery tries, and 6 for better late recovery behavior;
-the latter is arguably even more highly requested when also considering related
-issue [Kubernetes#50375](https://github.com/kubernetes/kubernetes/issues/50375).
-Though an early version of this KEP also addressed the `Success` case, in its
-current version this KEP really only addresses the early recovery case, which by
-our quantitative data is actually the least requested option. That being said,
-other use cases described in [User Stories](#user-stories) that don't have
-quantitative counts are also driving forces on why we should address the early
-recovery cases now. On top of that, compared to the late recovery cases, early
-recovery is more approachable and easily modelable and improving benchmarking
-and insight can help us improve late recovery later on (see also the related
-discussion in Alternatives [here](#more-complex-heuristics) and
-[here](#late-recovery)).
-
 ## Alternatives
 
 <!--

From 1273fbd3dae5c2cacad1a9e3cbe220a8e77f4dc3 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Fri, 20 Sep 2024 13:54:11 -0700
Subject: [PATCH 02/36] Add refactor for backoff counter reset threshold, and
 resolve major design details

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 131 ++++++++++++------
 1 file changed, 89 insertions(+), 42 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 7a0835f0e140..f11143ab3789 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -194,10 +194,10 @@ Currently it is a subjectively conservative, fixed behavior regardless of
 container failure type: when a Pod has a restart policy besides `Never`, after
 containers in a Pod exit, the kubelet restarts them with an exponential back-off
 delay (10s, 20s, 40s, …), that is capped at five minutes. The delay for restarts
-will stay at 5 minutes until a container has executed for 10 minutes without any
-problems, in which case the kubelet resets the restart backoff timer for that
-container and further crash loops start again at the beginning of the delay
-curve
+will stay at 5 minutes until a container has executed for 2x the maximum backoff
+-- that is, 10 minutes -- without any problems, in which case the kubelet resets
+the backoff count for that container and further crash loops start again at the
+beginning of the delay curve
 ([ref](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/)). 
 
 Both the decay to 5 minute back-off delay, and the 10 minute recovery threshold,
@@ -205,6 +205,8 @@ are considered too conservative, especially in cases where the exit code was 0
 (Success) and the pod is transitioned into a "Completed" state or the expected
 length of the pod run is less than 10 minutes.
 
+<<[UNRESOLVED summarize the proposal as well]>> <<[/UNRESOLVED]>>
+
 ## Motivation
 
 <!--
@@ -331,17 +333,16 @@ metrics will also supply cluster operators the data necessary to better analyze
 and anticipate the change in load and node stability as a result of upgrading to
 these changes.
 
-Note that proposal will NOT change:
+While they are more deeply rationalized in the Alternatives Considered section,
+because they are commonly inquired about at this point, note that this proposal
+will NOT change:
 * backoff behavior for Pods transitioning from the "Success" state differently
   from those transitioning from a "Failed" state -- see [here in Alternatives
   Considered](#on-success-and-the-10-minute-recovery-threshold)
-<<[ UNRESOLVED ifttt late recovery ]>> * the time Kubernetes waits before resetting the backoff counter -- see the
-  [here in Alternatives
-  Considered](#on-success-and-the-10-minute-recovery-threshold) <<[/UNRESOLVED]>>
 * the ImagePullBackoff -- out of scope, see [Design
   Details](#relationship-with-imagepullbackoff)
 * changes that address 'late recovery', or modifications to backoff behavior
-  once the max cap has been reached -- see
+  once the maximum backoff has been reached -- see
   [Alternatives](#more-complex-heuristics)
 
 
@@ -358,15 +359,6 @@ on prior research <<[ UNRESOLVED link to benchmarking results
 ]>>here<<[/UNRESOLVED]>>, and further analyze its impact on infrastructure
 during alpha. 
 
-A simple change to maximum backoff would naturally come with a modification of
-the backoff counter reset threshold -- as it is currently calculated based on 2x
-the max cap -- so without any other modification, containers would be "rewarded"
-by having their backoff counter set to 0 for running successfully for 1 minute
-(instead of for 10 minutes like it is today). <<[ UNRESOLVED ifttt late recovery:
-what is better?]>>As late recovery is expressly a non-goal of this KEP, as part
-of this implementation the late recovery threshold for restart backoffs will be
-factored out separately and remain 10 minutes. <<[/UNRESOLVED]>>
-
 <<[ UNRESOLVED new pic with updated modeling re: max cap values
 ]>>![](todayvs1sbackoff.png)<<[ /UNRESOLVED]>>
 
@@ -380,6 +372,14 @@ The minimum allowable value will be 1 second. This per node configuration will
 be configurable only by a user with awareness of the node holistically.
 
 
+### Refactor and flat rate to 10 minutes for the backoff counter reset threshold
+
+Finally, this KEP proposes factoring out the backoff counter reset threshold
+into a new constant. Instead of being proportional to the configured maximum
+backoff, it will instead be a flat rate equivalent to the current
+implementation, 10 minutes.
+
+
 ### User Stories
 
 <!--
@@ -531,8 +531,6 @@ required) or even code snippets. If there's any ambiguity about HOW your
 proposal will be implemented, this is the place to discuss them.
 -->
 
-<<[UNRESOLVED changing from 1.31 to 1.32 proposal, incoming in further commits]>>
-
 ### Front loaded decay curve methodology
 As mentioned above, today the standard backoff curve is a 2x exponential decay
 starting at 10s and capping at 5 minutes, resulting in a composite of the
@@ -571,26 +569,38 @@ behavior, we modeled the change in the starting value of the decay from 10s to
 !["A graph showing the decay curves for different initial values"](differentinitialvalues.png
 "Alternate CrashLoopBackoff initial values")
 
-For today's decay rate, the first restart is within the
-first 10s, the second within the first 30s, the third within the first 70s.
-Using those same time windows to compare alternate initial values, for example
-changing the initial rate to 1s, we would instead have 3 restarts in the first
-time window, 1  restart within the time window, and two more restarts within the
-third time window. As seen below, this type of change gives us more restarts
-earlier, but even at 250ms or 25ms initial values, each approach a similar rate
-of restarts after the third time window.
+For today's decay rate, the first restart is within the first 10s, the second
+within the first 30s, the third within the first 70s. Using those same time
+windows to compare alternate initial values, for example changing the initial
+rate to 1s, we would instead have 3 restarts in the first time window, 1 restart
+within the second time window, and two more restarts within the third time
+window. As seen below, this type of change gives us more restarts earlier, but
+even at 250ms or 25ms initial values, each approach a similar rate of restarts
+after the third time window.
 
+<<[UNRESOLVED ifttt front loaded images: remake this graph with axes too]>>
 ![A graph showing different exponential backoff decays for initial values of
 10s, 1s, 250ms and 25ms](initialvaluesandnumberofrestarts.png "Changes to decay
 with different initial values")
+TODO: remake graph!
+<<[/UNRESOLVED]>>
 
 Among these modeled initial values, we would get between 3-7 excess restarts per
 backoff lifetime, mostly within the first three time windows matching today's
 restart behavior.
 
-<<[UNRESOLVED ifttt benchmarking: include stress test data now]>> <<[/UNRESOLVED]>>
+The above modeled values converge like this because of the harshly increasing
+rate caused by the exponential growth, but also because they grow to the same
+maximum value -- 5 minutes. By layering on alternate models for maximum backoff,
+we observe more restarts for longer:
+
+<<[UNRESOLVED ifttt front loaded images: add graph here with proper axes]>>
+TODO: new graph! <<[/UNRESOLVED]>>
+
+<<[UNRESOLVED ifttt benchmarking: include stress test data now]>>TODO: stress
+test data paragraph<<[/UNRESOLVED]>>
 
-### Rapid curve methodology
+### Per node config
 
 For some users in
 [Kubernetes#57291](https://github.com/kubernetes/kubernetes/issues/57291), any
@@ -604,18 +614,55 @@ configure (by container, node, or exit code) the backoff to close to 0 seconds.
 This KEP considers it out of scope to implement fully user-customizable
 behavior, and too risky without full and complete benchmarking to node stability
 to allow legitimately crashing workloads to have a backoff of 0, but it is in
-scope for the first alpha to provide users a way to <<[UNRESOLVED]>> opt nodes
-in <<[/UNRESOLVED]>> to a even faster restart behavior.
-
-The finalization of the initial and max cap can only be done after benchmarking.
-But as a conservative first estimate for alpha in line with maximums discussed
-on [Kubernetes#57291](https://github.com/kubernetes/kubernetes/issues/57291),
-the initial curve is selected at <<[UNRESOLVED]>>initial=250ms / cap=1 minute,
-<<[/UNRESOLVED]>> but during benchmarking this will be modelled against kubelet
-capacity, potentially targeting something closer to an initial value near 0s,
-and a cap of 10-30s. To further restrict the blast radius of this change before
-full and complete benchmarking is worked up, this is gated by a separate alpha
-feature gate and is opted in to per <<[UNRESOLVED]>> node <<[/UNRESOLVED]>>.
+scope for the first alpha to provide users a way to opt nodes in to a even
+faster restart behavior.
+
+As a first estimate for alpha in line with maximums discussed on
+[Kubernetes#57291](https://github.com/kubernetes/kubernetes/issues/57291) and
+the benchmarking analysis <<[UNRESOLVED ifttt benchmarking: include stress test
+data now]>>here<<[/UNRESOLVED]>>, the initial curve is selected at initial=1s /
+max=1 minute. During the alpha period this will be further investigated against
+kubelet capacity, potentially targeting something closer to an initial value
+near 0s, and a cap of 10-30s. To further restrict the blast radius of this
+change before full and complete benchmarking is worked up, this is gated by a
+separate alpha feature gate and is opted in to per node.
+
+<<[UNRESOLVED more details of per node config re: kubelet config api]>> TODO:
+API <<[/UNRESOLVED]>>
+
+### Refactor of recovery threshold
+
+A simple change
+to maximum backoff would naturally come with a modification of the backoff
+counter reset threshold -- as it is currently calculated based on 2x the maximum
+backoff. Without any other modification, as a result of this KEP, default
+containers would be "rewarded" by having their backoff counter set back to 0 for
+running successfully for 2\*1 minute=2 minutes (instead of for 2\*5minutes=10
+minutes like it is today); containers on nodes with an override could be
+rewarded for running successfully for as low as 2 seconds if they are configured
+with the minimum allowable backoff of 1s. 
+
+From a technical persepctive, granularity of the associated worker polling loops
+governing restart behavior is between 1 and 10 seconds, so a reset value under
+10 seconds is effectively meaningless (until and unless those loops increase in
+speed or we move to evented PLEG). From a user perspective, it does not seem
+that there is any particular end user value in artificially preserving the
+current 10 minute recovery threshold as part of this implementation, since it
+was an arbitrary value in the first place. However, since late recovery as a
+category of problem space is expressly a non-goal of this KEP, and in the
+interest of reducing the number of changed variables during the alpha period to
+better observe the ones previously enumerated, this proposal intends to maintain
+that 10 minute recovery threshold anyways. 
+
+Forecasting that the recovery threshold for CrashLoopBackOff may be better
+served by being configurable in the future, or at least separated in the code
+from all other uses of `client_go.Backoff` for whatever future enhancements
+address the late recovery problem space, the mechanism proposed here is to
+redefine  `client_go.Backoff` to accept alternate functions for
+[`client_go.Backoff.hasExpired`](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/client-go/util/flowcontrol/backoff.go#L178),
+and configure the `client_go.Backoff` object created for use by the kube runtime
+manager for container restart bacoff with a function that compares to a flat
+rate of 300 seconds.
 
 ### Kubelet overhead analysis
 

From 978d99d2d0563a9261d9caa7d406468a75cf64f3 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Fri, 20 Sep 2024 14:14:32 -0700
Subject: [PATCH 03/36] Cleanup TODO and lingering unresolved tag

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 keps/sig-node/4603-tune-crashloopbackoff/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index f11143ab3789..fa908f34ea9b 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -758,7 +758,8 @@ container before restarting, and the number of container restarts, to articulate
 the rate and load of restart related API requests and the performance effects on
 kubelet.
 
-<<[UNRESOLVED ifttt benchmarking: link initial benchmarking test data]>> <<[/UNRESOLVED]>>
+<<[UNRESOLVED ifttt benchmarking: link initial benchmarking test data]>>TODO:
+link benchmarking data<<[/UNRESOLVED]>>
 
 ### Relationship with Job API podFailurePolicy and backoffLimit
 
@@ -814,7 +815,6 @@ completely different pattern, as unlike with CrashLoopBackoff the types of
 errors with ImagePullBackoff are less variable and better interpretable by the
 infrastructure as recovereable or non-recoverable (i.e. 404s).
 
-<<[/UNRESOLVED]>>
 ### Test Plan
 
 <!--

From 1461b6a57df9138f48a5748acd972eec841f348c Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 23 Sep 2024 13:45:47 -0700
Subject: [PATCH 04/36] Reformatting some paragraphs

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 31 ++++++++++---------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index fa908f34ea9b..dfb3b52aa99f 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -374,10 +374,10 @@ be configurable only by a user with awareness of the node holistically.
 
 ### Refactor and flat rate to 10 minutes for the backoff counter reset threshold
 
-Finally, this KEP proposes factoring out the backoff counter reset threshold
-into a new constant. Instead of being proportional to the configured maximum
-backoff, it will instead be a flat rate equivalent to the current
-implementation, 10 minutes.
+Finally, this KEP proposes factoring out the backoff counter reset threshold for
+CrashLoopBackoff behavior induced restarts into a new constant. Instead of being
+proportional to the configured maximum backoff, it will instead be a flat rate
+equivalent to the current implementation, 10 minutes.
 
 
 ### User Stories
@@ -471,7 +471,7 @@ become unresponsive, effectively taking down an entire cluster.
 The same risk exists for the per Node feature, which, while not default, is by
 design allowing a more severe reduction in the decay behavior. In the worst
 case, it could cause nodes to fully saturate with near-instantly restarting pods
- that will never recover, risking similar issues as above: taking down nodes or
+that will never recover, risking similar issues as above: taking down nodes or
 at least nontrivially slowing kubelet, or increasing the API requests to store
 backoff state so significantly that the central API server is unresponsive and
 the cluster fails.
@@ -511,16 +511,17 @@ pursuing manual and more detailed periodic benchmarking during the alpha period,
 we can increase the confidence in this change and in the possibility of reducing
 further in the future.
 
-For the per node case, because the change is more significant, including
-lowering the max backoff, there is more risk to node stability expected. This
-change is of particular interest to be tested in the alpha period by end users,
-and is why it is still included with opt-in even though the risks are higher.
-<<[UNRESOLVED update with real stress test results]>> For a hypothetical node
-with the max 110 pods all stuck in a simultaneous 1s maximum CrashLoopBackoff,
-API requests to change the state transition would increase from ABC requests/10s
-to NNN requests/10s, and since the maximum backoff would be lowered, would
-exhibit up to NNN requests in excess every 300s (5 minutes), or an extra A.B
-requests per second once all pods reached their max cap backoff.
+For the per node case, because the change could be more significant, with nearly
+trivial (when compared to pod startup metrics) max allowable backoffs of 1s,
+there is more risk to node stability expected. This change is of particular
+interest to be tested in the alpha period by end users, and is why it is still
+included with opt-in even though the risks are higher. <<[UNRESOLVED update with
+real stress test results]>> For a hypothetical node with the max 110 pods all
+stuck in a simultaneous 1s maximum CrashLoopBackoff, API requests to change the
+state transition would increase from ABC requests/10s to NNN requests/10s, and
+since the maximum backoff would be lowered, would exhibit up to NNN requests in
+excess every 300s (5 minutes), or an extra A.B requests per second once all pods
+reached their max cap backoff. <<[/UNRESOLVED]>>
 
 ## Design Details 
 

From 03c1284a5145f9ec2b723a6b63dc83fc44a19090 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 23 Sep 2024 13:46:08 -0700
Subject: [PATCH 05/36] Update kubelet overhead analysis

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      |  61 ++++++++++++++----
 .../code-diagram-for-restarts.png             | Bin 0 -> 81561 bytes
 ...kubeletvsruntime-restartresponsibility.png | Bin 0 -> 26446 bytes
 3 files changed, 49 insertions(+), 12 deletions(-)
 create mode 100644 keps/sig-node/4603-tune-crashloopbackoff/code-diagram-for-restarts.png
 create mode 100644 keps/sig-node/4603-tune-crashloopbackoff/kubeletvsruntime-restartresponsibility.png

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index dfb3b52aa99f..d7d3bc170e1f 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -667,26 +667,63 @@ rate of 300 seconds.
 
 ### Kubelet overhead analysis
 
-As it's likely that in some deployments pods will restart more often that in
-current Kubernetes, for this KEP, it's important to understand what the kubelet
-does during pod restarts. 
+As it's intended that, after this KEP, pods will restart more often that in
+current Kubernetes, it's important to understand what the kubelet does during
+pod restarts. The most informative code path for that is through (all links to
+1.31) [`kubelet/kubelet.go
+SyncPod`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kubelet.go),
+[`kubelet/kuberuntime/kuberuntime_manager.go
+SyncPod`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L1052),
+[`kubelet/kuberuntime/kuberuntime_container.go
+startContainer`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kuberuntime/kuberuntime_container.go#L195)
+and [`kubelet/kubelet.go SyncTerminatingPod`](),
+[`kubelet/kuberuntime/kuberuntime_container.go
+killContainer`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kuberuntime/kuberuntime_container.go#L761),
+[`kubelet/kuberuntime/kuberuntime_manager.go
+killPodWithSyncResult`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L1466),
+and [`kubelet/kubelet.go
+SyncTerminatedPod`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kubelet.go#L1996).
+
+!["A sequence diagram showing Kubelet and Container Runtime code paths responsible for behaviors common to all pod restarts"](kubeletvsruntime-restartresponsibility.png
+"High level Kubelet and Container Runtime restart code paths")
+
+
+As you might imagine this is a very critical code path with hooks to many
+in-flight features; <<[!UNRESOLVED make a link]>>Appendix A<<[/UNRESOLVED]>>
+includes a more complete list (yet still not as exhaustive as the source code),
+but the following are selected as the most important behaviors of kubelet during
+a restart to know about, that are not currently behind a feature gate.
+
+After a Pod is in Terminating phase, kubelet:
+
+* Clears up old containers using container runtime
+* Stops probes and pod sandbox, and unmounts volumes and unregisters secrets/configmaps (since Pod was in a terminal phase)
+* While still in the backoff window, wait for network / attach volumes / register pod to secret and configmap managers / re-download image secrets if necessary
+
+Once the current backoff window has passed, kubelet:
 
 * Potentially re-downloads the image (utilizing network + IO and blocks other
-  image downloads)
-* Clears up old container using Containerd
-* Redownloads secrets and configs if needed
-* Recreates the container using Containerd
-* Runs startup probes until container started (startup probes may be more
+  image downloads) if image pull policy specifies it
+  ([ref]([`imageManager.EnsureImageExists`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/images/image_manager.go#L135))).
+* Recreates the pod sandbox and probe workers
+* Recreates the containers using container runtime
+* Runs user configured prestart and poststart hooks for each container
+* Runs startup probes until containers have started (startup probes may be more
   expensive than the readiness probes as they often configured to run more
   frequently)
-* Application runs thru initialization logic (typically utilizing more IO)
-* Logs information about all those container operations (utilizing disk IO and
+* Redownloads all secrets and configmaps, as the pod has been unregistered and
+  reregistered to the managers, while computing container environment/EnvVarFrom
+* Application runs through its own initialization logic (typically utilizing more IO)
+* Logs information about all container operations (utilizing disk IO and
   “spamming” logs)
 
+The following diagram showcases these same highlights more visually and in context of the responsible API surface (Kubelet or Runtime aka CRI).
+
+!["A diagram showing Kubelet and Container Runtime code paths responsible for behaviors common to all pod restarts"](code-diagram-for-restarts.png
+"Kubelet and Container Runtime restart code paths")
+
 ```
  <<[UNRESOLVED add the rest of the analysis since 1.31 and answer these questions from original PR]>> 
- > What conditions lead to a re-download of an image? I wonder if we can eliminate this, or if that's too much of a behavior change.
- > Similar question for image downloads. Although in this case, I think the kubelet should have an informer for any secrets or configmaps used, so it should just pull from cache. Is that true for EnvVarFrom values?
  >Does this [old container cleanup using containerd] include cleaning up the image filesystem? There might be room for some optimization here, if we can reuse the RO layers.
  
   <<[/UNRESOLVED]>>
diff --git a/keps/sig-node/4603-tune-crashloopbackoff/code-diagram-for-restarts.png b/keps/sig-node/4603-tune-crashloopbackoff/code-diagram-for-restarts.png
new file mode 100644
index 0000000000000000000000000000000000000000..f5755b09be877677ece9bece94bb5021fc8b666d
GIT binary patch
literal 81561
zcmYhjbzGEf7c~k4NXyXDEuA7DIdm!^B`F}?Atg0*hjcdrl9JMmA~6U`gQOtc4d>!{
z&v(xE{N@kv(fht~@3q%nYa-NM$>U;?V<90S;VLS~Xdoe>bRi)@C@~=5PZ}lEIFOJ6
zkQ8MkH9d`Xve9*k<Y~fcWnb>BPxMW<4v?EgkSj-u+3bW<VNWYhmPWLnOGURwQ4tff
zyQ|y1#ieB-QOjtTOWzk19Q?9F<<T^V>~Y{vL!Hx}J|iF^a=f><Q$fXm5lH*+>3O%4
zgp4W){qNI<hspo{{#Y7-n(^OX2&C17L0<mv|3ldj3<$@ij+jW~2_gkJ_+aAsTpkrW
z<Si!s?{`I#i<7O_y_hUK{pd>OFybpTJu(?6Y66d%32P8|-$#n_42<KU0BX2^qa=9e
zqrAuvS`7B!@~1s*d=KxD(SQ+SOG357Z`A$fpU^kFUCd{OKgFPD{qHZ@hW=xbBKAg|
z6(wZG2;@O}{t8u6_nD?VemNKzcpOO>IddRw1$3)~?w5KQ$*}`vB8(6<fvC;rQscjI
z%quL~<;dc*A{|#{pJ4DO(*@FU#Ckm^l7z|>NNEw87?FVoZE%Kzg+bD+g`%2-sQr>j
z(|M$jhZ(4VRccCy(Swz5vV(E_SnOe`6p^(!{;v^iqzg$xgON*}=`ngT@`WSSLa5<S
zHE_mq#6+l5^_v`gZ!Xl+M_q=qMW#ka_a@6;ul()sy{<BBB@x6-P|6=*J%v(Ia#Xu>
z8MXwsD5SHDUmPs=4#ZGMOGzc+qvqp13#~mqJ2U#cd~<m`B&7egI}pvP%-MmBLFLa#
zreIpr>rbzSFa~l&y#mcwQ2S1j*>%>E1NwTy@RIAc0?1bp`O>CWJ2Q2<3l(qbR-W=E
z=lWf-DyMJ^sZkBLI;%jkKfdt2s?UBrQ)hX<UEN8bShx;}d4w~u<ab@kho8U(Ca!@u
z@kv!jQ^fjb5%?&osm1eI)7N}Bcc>VjnR!Dd3B8JMn<0v7@jA9BR!UwoZ&gX>JFqqv
z-hP^ZI{W=Q=2yBB+h65OV@whKQKW;}ig>yTv-Q^fS{^?!>bIs|xtw6svzmw3U<SiH
z_7@FXE~F=Z)|g16K7PUjOP?iR*@JPv`Lgycfx$TuT1Iqi!_q^74~Y>_)f6d3m5ZfJ
z7x%piM8odzJd{eG{rN}3{@-L-ljD-M95h&5r8+~+8=HtFo<Tk~hC)zIMn=^4%58tK
zo#odH*Nrxh{T#jq;>0JA7^k)2;q+(ysu*r1D(Q^p@jUB~Prxo|SLo7}*sJ7?=tE6H
zFyJ{nCV`>{tAlaB%C(eJxfZ}r>&qmPbO=;BNn+)Hk{I<TP;DOTpNyzn`i&~o3efMd
zTUrwvBbo2bA8UknE%%1~K&i~?gKpwd2>hXc!OyRG6Abe|>?d_jOhdusPY~TCwj!DM
zsCXU<hG^^Pn9Ho1GbVB0X3`sa^vckDD2Yte^WbcEuJiV6uHJgW?{Yo$b%{!XDZILx
z8;gaD-*tWH*C*B7&bupRf=%!ry=>&k_LOST&F%S86e+jg-_h(8PJN4!jOVT!!w(Nh
zWL7PbZTGqS;(vcP9UV>f?DuD#vAMa{ci%sn4aO!DKm~BMILgr5Au*A%N701Luku``
z>#Y-sKJ3mu4_1it_>syj@wO`<Tf}3<hUU5I-OZ)CZN3tIEeiT$nZUUwM?u@)IF$@+
zRbb5WGBV-Q>^fC%)$ebP<1Q|b$0Q2NyUA^*s%~d2bJxEmm~A5R3o=WPh-ulFIGFVt
z?RIAyL_7~@EtVSXGm`=oX41r?v!kN0hYptf?>X^&?(clh_ZI$+WDfH4#q^+zrI`Bq
z_&@{6isQko3dX^9GLv_Mdt}_<^Cl8v`@5n{uYs)~KF@M2=jhrXSKL>x*~w()i@CF0
z5}TF{IFJ|#rnO{XOXV4&I4jih16PzzuTHmx@DUnjwe26yLy1{XuQtaE-~XG0A8m|g
zQ*0*-j(~llc;UjR=YMf{zT_WAC{qm+v_kxuGWJjQBPX%4yZl+Kyi6>_w2V@z*Kl-x
zo@y%Mwy9R8!Ngn1jsU~op8s0MLsBvM<A-u2q^hcF+ILu^Kn9bNh!AadGk*#j(@p8A
zIGp;q4N(t%l=YL{`@8c_sSvD@^k<gi1+pxzLhqeNqmt6(>=xU+@;jed472D|QCiG5
zI~RuIVqx{ng#VOy_YImgEOhG>s0fL9hB{%@BC|p*=KY76T#Cq-0}GehuhD8;s;|Jh
zZz~2`|4vu4+Nd3ow)|;rDY#Pl;ZRq@TEBj!gHlIZk3Uk5#pW_<3x{r9Q8r+eQ`ILh
z$VJ26AC3qv(Yk}}qHhGJ#wi?RhxgmRacfK8L9x$?Yr(1ORoznOv#HD?&s$KyiILk`
z`<^Jf1A>bBwfVPrWNmoHC$HlTtK@{Yr~iJ@BPV$C=*cg%yvIhvLwiIxB!r9pm=d=9
zro-nek;`%qT5z6KMDE_+o)r_jc182M?*yoRx2IDqj?HU?wc!1-rbIo&?Am`c2-Tr0
zf5&p8bd%gGsL+U+1KZohGzt`=Sn3;jWWTX&=zVoz;^M#;`EX{3kG(pa%uXuma`2~H
z*BZQ9R+$r%KU%`D#SM%o$UTli@bOC2vsW%kwN-L4<R(VU%*-5vujKPkP*5g{6zf1N
zWbLbg;gRzzWYr0c*XZ(}L*2Ht%<M2<>GD=Wt#r{}-GCT{WybpE3nPc@5X>NvffvI3
zDoe;>_z5NJP8lo2p89_ot^(Q)@dal)X_E4VOPkm6BMIk{{2g)616W^ZaB$w1%|c7V
zMMOcm*a!D4ij}{G@^MZO<yym5_x=|_+t!DKe|b)(M)P1lxci(x<~c=;Ku=$RvtBd}
zLe6vo>=SLYz$=+ZNu9j$;8bp7>c6d<8FrDdLL)2;45);(wDfqF@_7?2LZQv(7uz8r
zI1FND1JU=l=QI<{hyyd!$lOvVT0)RxNF)a1XsUH51CUX66!Km(l}xHbmrls_>aA)W
z7KHl`_(IXHz+K|m;4>d;^SjmSD|ivQ7!kO;zaJ;{SU-7Vq1B_>Fj~ah)AOx22-q4N
zKIB`qs4CJv_)&7NWn|^$?=M#4go64a5f=r;XD25~rv1-9L9H-^eUL_K`RluWSL)-l
zd(%as%To!vLDe}n*0eDA>nV)bU%}vu;)ot5qjqnt3f)?eRTU!oD}Al6aWVLhu#$tO
zZ4WLE&32ylp-kvr>lpinP^QG1d3p-jF)N~FDDYyy<zA1AJ<1YbQ4zZA@13Zr;mLxx
zd!K$BLz4*QkNQ*$wR+MhO2Ul!3Wqnwz0~Gc`H`*{ja55@(?3MPAm|Y~dR>~FvfmrL
zPfZN)SCVNzh45KX=n&vQR#fNfHQ1<4b9Y>r{z&1ZhqFQ!O4S)yNr+g~{<Q9Q5Kc(t
ztyjJW5d}XGD`tz(inbW_x$W=aT#3%K0lsm~AM#AI4YsLNm~J*wyFBhw)y84s1<o=r
zE_dq25CM^agVC7vEa^XEOpsrt;4{d*g~W#IdWE6Z=f}pznp#6``R9)woq+hIfEO|7
z29EeRzp`&uS_yl&VKhC6qB{TZ>Eh4fi_OjqB_4b8to<u)T{Dq&(bmJdwOTE{c?lf=
zd34_2wG#ELkcF5{mZ~4|6IhOB)h51i@qtj`<HJ<~log%@3fRx)wRCl0PwBW_tNi1l
z1cwcSpNlK1?*JsB^W8a}fBAHg79e=ZiZFLQ&oYeO`iI3|_19*yw3|Ojg(3Zh{$m-@
zX1;V7y-c*-uQo5&(zZ5vQcO3jpwL=nF%0<K<=@=?_aZ9f5^+=_Pnme6^Twr=%}l{V
z*sy}bNz<aS_{+QRZ}<I8$q5gvy*R*fNgr8gk$`*rxl+GL!1^a@aj{yyR6*Sr6F3PK
z&e`4qd;gHLi;I-qyLUx=Qqmx|(`_H6kWcw3#JS?udL6BOPvOiI)jmNPAXh&$mGU#o
z>?gL$|JFQ|JeI?2Ca3Vil!}rP%Ko0g<O)@9r=dU}8}$lgw@wOD*3S|?7d1}HQWa8Z
zm~B0ysBn_ViYZ-M#%6KSRt^iIG#12DBN0}BKFf!oCL^1>J#>Eo_)|clOL0(F##rE`
zMX)%f={TRy+QA3(oCcKCqfv$XO^k45r|BcPC<PrC`_^mQp4L*sM>7TY@g#0&<Cx&D
z>=|opq<9;nyhMK2z^VbxoVY&UPc>Z^5*D8A*V1}XteiTUBi8yQdvDRuO+-!^H%@cl
z{r+S0F32u_;mlC#Q&OvOXp{AX9B;L!A#y?VG(csF$N#Y0<{Isb|NbO+bOn=_moF6P
zIz`gn-Pi~n(f#r+A{!GD6Xm3$Q*C5eTZUvqSEbtMxWrW%&eRUeY@+SK;$=gC6DuD$
zUMSDbV9G-af=L!NOZJg&9a;-0F5G!{a|2L?L;izNO?YkqJ@38~%*Qt;_23U$BiI}Q
z(V0zCfm#`oJ<HP$ruUjZTxH@^;AIBC#N7o$)K(csCtniwNdklX&dR^%6F%*#C!53z
zht3VGak5F9G#Z_Lz8G#k#xQUX(+c91yR@AJo?9Vc)GT1K?-@I~E#;%1z;z`gBv@tW
z5X;NUY9`jx7MLgy->siaA~R8KDxV5neIUNuzd2RnC|_t~sE<YvGDAfyM=8B%G5JlN
z%At|R>Z=9K+oC`qMIKln*i4+XeoNym^g;3(k4~pUfaLD}MF7v!+k5sQ440ZJifv-?
zi_!uBr}bHzc!9s#;A?>uM*jz8MQ%g^3BgmkG+wjNhuhwBVzSfMDh!ffJo?qu6@88C
z-%$=Z-1YM!nTe;USL;7gu~KEpLa!s|nhIzRa{cdE`wQ$tGNL;ASF%1D)tQk$3+0Qn
z9>0~o`p#cCD=F6R2Exy?ci(95A6wnu-4>hfudbSXI@X{Ski$7;;lc!%iCGpTl$SYv
z0MJ3r7w{O#pqsweXC|1Ye<a|Z5o*GgtAtiNAQy)KY)#v#>i>6?${Fnlpe4JRFZmx6
zt^!R-l~OpYBViO`C*E}MSKpryThX@Qf{BhSEZl+@03i4f*iIT-P2guoM@p$&hFd?2
zo9yR8Uppi6B!%X7hY75*b^+w=4&h)U=fFy>0|=qvA*8DHfAmHWTa}PuQp2~Wsx5i<
ze*j453nH4((%<29hR{kCZ+ORtbFPd_07SaeYMBzBz6`W^NPbGuzt!pJ=%CF2RQn94
z@rL2i$id;4z5qU0eeF9Zd~0V#uU?}*`X44pdM7f&<GylK@!@=LadFX#B~#EbR?Zci
zOnMRtfL-Dy{(=d&dhBxngc(cuLQN*!q9S^wKdMj`gli46T~59FF7Ny}mE$e}5KzCm
ztm`$}&43Vu$e1d7jV{qoZDOcvSEf-cqbvq6+PH@DR1BB|p?*kvv*#f_7gD^@yu7@K
zQJuw0{uBS(Q_`PiolZ|@zoWJQ0JyMvhKK(Ix(U*gOn$`RZ)#CbCxBf{b;T4Xz}^HH
zcByKjfq}P!RV&x}9KZZc5TCundAwYUox>e$`bz7M5{!DUO?<0km8=>m6@04_XDfrB
zGuE(GIH7d8JPtPhM3O~Tv8hp(!peKpXQ&z0RSeGB;j;NZyF;46sl@8BT9qk!a)Rad
z?j56D-a|l*I6OHC?vFgCiYYD?{%Dk!ZlU}KW~yA{W$H#tu&Ei&`ksiAyaVH&5bcp>
znTD+2_W5+J*~%UsY?TG8krAP?is&gv=3*$$w@%yWm*Fs&F48>$v8reqY!k>Tnldxi
zaw4H}%C$9$3Ux%E(>w-asd()0(YQ%RJ~JYOlAV0n2Z(DYa6|)M>yl5b9<C1Z=;4P%
zg<T&1UBv>m*=Alr({&g!+#-WwuGxn8N1tNY1TNvvY!MX52*2v*B0>_ckXe}bF~M)-
z>Uh2y>9EIOvtDU{VxIZ#?hc?OzpIlnzMdx_L$|uDNAhdCLAqUP`1xz)t}O{0Ls(-7
z6UrZI_g|lNoJ)RmVyAKV+*}-joUH~`=mh~x{di}#K{-8KA-|MrAlBOA@c3B7|E`Tc
zAUo@Pe~E%?+KOL&(P5#bxJmW+`0p6EQ5y^H`wFBlo9pXLq5i+tzb7(>`<`qj@X?nP
zlXz5|9&L<J(9qD>CEp}VVpiaX(#E{y+yq4zI8tkLB`CIo{~YF<>1ce%+;E;?Lrl&<
zR2vGv;N2hK1p$jwC4(Q6^!(=-opfj(8K|@JI516m5j^g}#1OhC&n%)ReG1g?m&0hp
zuXmnZGABhO#jK5NywS9IR8lqcx{_p~I(rSA9yV#2pT~e*Fzt_AA4>iV%1FYeDpvE&
zwb>=iiF{Nhb!j@%_%a16+uPUuq{c*?dTszXtPaF{)+mlNoZoN9XQlqXxuFEuAB5W9
zhhWdDu?8>^xN<pdaSSHgYW-5W%#xCluU@?}|B)g)GErmFOC{pY@*2uY{@(+T{x4>R
zt_06azDRRe<b)CMLyTzuaXKSvRI;T~aj;CwmH#NHfe2cR|HCZlA;rW-O5OzoL0ID<
ztcd6?P(%-q%06&iL}@#4O?mY^wiRNl|B+{bv~F~OociA{#PNV?`j0&e#(JQO{$tOi
z&>r6VAA6P$A^1Q4Obz+}=h<Mah}^)Z%W);v84sV=y$=kW$s?uz@3}ol|2?7%zXcP}
za3%su@DjFUS`7N<w7<@X?;VVs7V%abbEe4g!!fanx+Y0jp5FYM>U?L(d?)o(1qx5g
z>(YE;g(TAN`0)C0&5$)*)PxMUN)+bB>-i^v2$W=k|Awj|!iWf_EELQyO9I0!lH2rR
zko*Q_xAuhd(U4WS2AGfriiW+ap%6yk_gAQeP1F&S|E)Bt3C7j{1sF7)8t21YWy%8|
zs6#3EI6D6SJMt|r1~6fse?5|=GOUQnkf4X*!+i5Fr5?A-D3nUQQ37?tlfBa!K9Sv}
z;<P9m6*XEkjkl3Fj2JzlU@c$B(a5N=DlT&rGN?ey9tkgD_SpUR$5HSEE9`?qF%d+9
z*qL@H#m23xc<M!KhZLD@+BtU;UCF@}<_EvH_7CMaO>7Po7M6o-D7aF%Y?4LPn%Vmg
z16fm}v670lfeZW$>9vK3JeLx=-6NY@%E`{9WQKFmEY<Fw&h)+>a_aTDiVHDZ_Yd=~
z`Qe&W`>5F?eAl5IhhOEuq_G-zN#W4LtBMaU8<3&=d3rp6%2mTx9l2`Qa`1{31-GDF
zk_n@yME!logmN%gp~D0#2-R&wHsz4{-s%T)a<mQ1`d~}{_YhypCSiDN%SfZ(TfwO>
zc-(K?_&*#5h~cW0)M7~G1)bIE<ogi+Wv->deUp^Smu@nN&3_uf7(N-~^;hKKL<K_%
z@#vEv_Na<^)wjK84d#yYriE42Z}C(I?oMtqL$X#0Kf<o<%?8nHCm7yLCr`i2y)(Oa
z*jT=3{Tj=xou`v$Ja4%;;W?Sk%W)DYa8QNbDilQJY9ZpkLb#%87leHGetj!{6sv}b
z)bfkGrJ3|%=O1jG^YsbD$)CcTN0;g2KF=H+`<P_yhVZJrzI|Wb>4SE}3z~?kVYn#_
zLkcCnv{$C>YwV7Bj9r`@!ZUnyNA5mU;#y`ba$t0?4}CY;d8^a#KsK8^DTLetW}vi`
zWy?}VrVo_1?+(2&aBwOBiwX;9xyBcCm@lR1EqR%lH2w$^6I1;W+3N0G6TqBe{&zQ^
z+DvvPfxJ0~g?;;`U@rV){IgCqsJO&FoT-qRkf?$x_;@3RPqTOat1IBG;-pKW)xLut
zinA{FJMWXmOAdc<cRoaDvT_1qL!rF|GwyfUvNYoF<f3w0Mc6fh%NDvT^)C%p_BYkd
zE0EtlpJt=y<yFq3p|orzXWh@C{zvku?&$7}yfPZ!s*ieW1hU{oYBYS!rkT03Bg7Sg
z*uKsg?#)sD1TlpB;SakDuEL>*6zrG2^XSZ;LI#%`dJgp>{u^M;FRGAhZ0r_K*A3Q*
zv#zqKb_uVaearrQrvH*X(5H*~Ytyn0+Vu7=uBQaFJ4{Cus}=7#-h40D$nV9U+8F#o
zhzLXdlI;FoIMwdp@t{9NCttTY?1Y&b%~rm#s~jKAR$?;y;j%`(^`_Y*;na(!5PYR_
zf4$#{cuGo|+N_vF`v#O}jvx_5^I#YZDNBRMet-Fw#@y{@IOF+efGCC#7ZI_sITHSU
z0M$eeJXAR5^vZ~q_qNu=1h?1cIwf_K_Otb602O$8HuFh|f&4kGccUX`1xsL2FX#g_
za56sI1EG`jj7d4g&CQM9+p7e7Xe|_%A}OCu{gA+9W7zJ{boV4jjKfgaLUSp<M|UR-
z58TM$&@Zclmux)TMDuQXjqkEW*ikT}3OJYsTAe)IEF4~X>X@O0qLEwND86<$aP@Gt
z*G$9HQN^gGU3sK>$-notoE`C(`B0>lU~ytasCbr(k|V=WfWya_!rk>{Rw_n_zC>%`
zZA7vX_W>QvS^XbwDl8{^CsqrFTK<dno5eO59fHotXDQcUWuobKT|4KcudU={r>Oa+
zmv~IEWFFJkPh6C!l6`UI#|sMf+|mS_fPk9%tm6o<*$|O%8Z&}m$@e^)4W1+XzMKud
z*#1FqZ44md31+{~^c);J-9hL>GAXbY6x_r;z>pBk!|yH*SHU?>%C~S{9l%9_;BvU+
zQb1z1nM%I;v^XvIs7l<PfMPRh)l~TVQ-q%%#|L)-^GH587YHx3^imBlL2D^UHY{2^
zTrGuwL5r>L(20BFj$%q1tdia$`c>Mq<D5}uhpP22ANKRkxDnZ(aKs5RKLYxpf{LDf
z<h>uCYa&^l4gB}P5#8~d;SuWNMTrvJ=(}%I>xC~A7lRK4@2RuL<>+WeW5-_wO%zUt
zq@}XbO|+!<nxbAgsdBBzUptwHRb#(;Y-Y4-u1MC|6f=yBFjuGx_J(VpYT!#k1zyr;
z?@Q$^^Mi|O_pAI@t4FQxZj0NN%gu!|FYf#8$+C&Bu5GJX&`oezRkMWf#V7Nn(E;$W
zt|~1p1zb1w^2<yCLr{b61$_WaHIv8o?@9op#Jo?Sw#cBo>Q(}@#RnG6Pfv=bF95Vr
zxxG3~&cFG7BR1@JX17x)wSyt$u-NvU-<1lW=<Bmxz>i<Ary6Tl>Jf`D`$ykHMNUCy
z<nC<Fu{RX=!>!(L!noR4Dv`&4?W6AD&o+s#Rg;^(2TX4QoSxDvL=4245kNoJ(yuL^
zZcpI@*ti9{E3GXp0ydKv`d<L${q$vq-F&IF4ViwkQ+^W45l09z1L`(8pm|-YL3QWn
zSBn=9I2lVv$2cd-sE1aC|JahPu=5J4MR&&^T2M!5a1eebsRPJMUN507bre8kXdtEZ
z5V%05avbuJvUfN%;*>M7D~ub4HE)p<G3$}~G1-a99>2;K4(W{<v0dsAb1_mH;9u{a
znIS_X@Cx~n{|>sD%5Ab&@%q#BfqdMPA+6zoIuVbHu{>IFT==WR(DU2P+2mvvcw*#2
zJB0{?Mvn)+(Pt9<5-)yEW^woc*Hq<?ND|pY(+q+h>xs~6ejTn9Zkk-EzbOUAbATu0
z3X;RQC{1*l?-!h-2+dnyy|f{wS1nE^$ye-Ao#D+?<!)%+It+_*lHyUKa4!hw#X;of
z%hBBW_LTIEM+b{38L_if!|l&?Y~aZ7vl>hBD{2QUc<5elG|KrGoiBG9gIT7IZ?PY{
z{j?|v3u?>^duV1p;9VcVTI@m4JOe$b)3xt}UYh@_G@q8x*{kJ(vbOdKyb9zHkRRN4
zrje~b>oxqte%Uk*dPqI@Pzcq0tA`^v5zAUf=6t>oT;krAx9LVkM)4LHiA{nu-!KA0
z)&W7%4i;9#l*e1d3lL5Hk;J_}-4>{NW}6(1xBh~jpY3ER-6Y8+C~Z*~1HJ>+0#n5E
zu5Ck|E(m*}|8b9yp#5wxE?_(*h&(LcqmhT+f*(zPjAgx81q6#>XkHY{4u^XUD9XXv
zmDbD@u#Zn1A0JN(4e0p<dPIQlH>+>}HKuNL8a73c)~bR@Z!kKx6Il?{?nQz7{$kAV
zV4DVq_5(G$Da6+Xs&rkx2?K?<>O3yPn=32yE?O;BUETd-;G$5}g0)B{31MK@MqTfZ
zJfP8ezLM8lS-UQ@*-YT%;ZY4bBSAqZkC`U$tthoQ)<&uBcFw!tDBr@YCrYSZxS&oE
zq@^gKF;cH155yH$>elwqLn;gK_))#b>3>&IeKw+MrJ{%(34O0P<=AZ1H)cC^!H+8J
z>%Evf^F3nuC-#P6*~hb6cA}{^udlkRdMEpxGk<gI$etC+x}0F~b4h$LUyTy>PHJ!*
za|}ke&G~C4YdiHNlK5+snbghqMH5;TMrTxVSS($J%Z%70!&!3kz0ooCV{bI_{{HqD
zfgz9%y(;D|bz`ewG;WAR;@`@Ds2!#)2)!~LcN5d5DD%IHkRPNn;GM5j%PN5an=r^s
z{wlF>4qdOuR&;-z<8X;0r|JChk@ZeTv;G+Wo3M8eaJMfA1bjf#(8fyK-?$#G^!xfI
zJ0?FN*#y77mI(<7F>zPGD*=3+L9MCmvKG=7e(~n7Ja)v9-*ngFqS0cau082vj6-Ap
zTePqNrtSjSsI_W^o=VWBCByG-UG}{?!Nj!ao5pEG9=bkZ-QPmb4*9C&+nt@21!d|K
ztcL02O;x-JVp0$+2TTJdHqi_OF1Hs$^?8?nb89Oi_kr`UTKfgCQosEyHYpdzixlHW
ze=<O`N;$htHV~AyN|=mq4_;;tEW-KbLl|gjVbw4Ob{TY>1SE>@rj5wOQbk!jCQ^V%
z>8m%$Tb_Y>8*qj*-5m7d38~OWTF1I1vuTN2cWK46&9%t3IF%wn467(Tv}HZ)dm%B_
zTkFWGs&}tNQ^-Wqv`V{*jM!HP>uxR^CIAu&ZTS1Go5?5uqLzo0s~*_m#Q5YF#J&wX
z?Dylsug~{vdlv^Ly)V4#X_}VLxi7>lJU<!aHTaek&Q!i1uH?P9!SuWg&n$>ju8>x~
z4PbIZ({tmC4foRPUKu6!7LTpoe!QLkr_A53)6%o^oWH|sKX>q{(5Xn1CCBmQ!ZZv8
zLe-q=;m}d1e@*h|v)b+vF2+d^p-;+njt}`8XD<i4R4YI1HsTKy-5=tOGy0oe7Q;UO
zBUFS2zbyRcqr-#%jnBJ{Oh?A#BpwdLkvPK1^zfS>=wsrN^T+RzfVOo}X-QpJk_KZ6
z_6f-1w5<pcYc6zj^zU71-f$9BG_;plLbZU-LGYC^VBIu>d&#bSU>N{9X6)pyf=Sj#
zlJj}QU1=Z{Fqb$h)+l@-^WDU%ud6%e?!2Mj#pgrcCJ55QfTtLt676eCsnQ`pYqVV<
zptsw!PqXUBA*NeRvsl>{I=!*b5lI~f0#RisV!*2SEQ1+=j%TxX#}gVwe<S)nQgCp^
zSEfuJor7$fU;=7o@FM&b71+^o{iZ4wf&BdZG&E8?dNQF8XBE@<3tG%UuqLbSpC#*p
z9_xVDE5qYIqLJwT`nniv-<)oN)7^bT{fPNV3nb<TL9j|1R77XyOB+KNDyCZ??-gy2
z9sD;Aw6+talbP-0{7}}Rw>9%v2gf(14`*+n`O<6J)nk4sCu+Z=aaQmzD%7^A<Ypfx
zPtCL-+TouxMt`3uY|#}l7Q0G^@E8tpGJcbaX|<g`E=sb<x_~B#6#a&SCX+LTb#XBf
zT20_R;A=e_09&O;o(rnzg4A~Mm>udBJrF?Z_wM{_=Nq*n*R!=wBbNjGy>nD<e`W#~
zM8!UKI+SWWRPs1xk+6rpp9N0T>A^v~d^#6`N5c6B^hmSLVq|I6Wq(nO^&tpOQ>R!s
zI&$Zl@6Aug8KpBLAWvMw9#iExIGW}3<539U*hEFB7s@pNLS2b0_klVm<u>vGOrJ&)
zR|{mJP#$kB!Y8gvdIVvH1y897hvmL-mD3Y~fRr%~n*5;C`?MSu1UOS2fJfwqzJD(R
z@``C3{KxPCV(i}?))P;6rox`|<KW=*?Hs9#a~U)TK!c;iK02n!qUsrv#`Z^DQW>il
zB*YBcw!k_)yZs}L7K)V)uV)ro2QL%P^QVZdoKafeZwuAkaDI683X*-nf;Nj$1LKX&
z{L`!K7p8?%jl3vxke^^|Bb?hFvt}5{<e7v=V=OhFntZ%Ou@{xbdqi^0UBZq3wC3Gq
zZnHJ#A)Cx~nUpmP&I|59Gm=tQWqrvL`7=?4R+hA?y$w3bmFqvAS+KPrpSH($&-Q+N
zoA%h@KHHWaHv6(^)j|4bFTC^Dn$g-z^IVd5+$jtkH@&tw(X<-K-1~J5yVJc4LkF5a
zMv8|8oy8MvOlhnJayjF|n!YbRaLQSXT=9P{P=(pp%4H%50At>D(icIPpTmodh?B~b
z@Vf~oW;L2kd<H}y`E46?MX$fH2h=ZrYHAX!nEmxjONk^G79{-sUsq!>iy=TGfFeH1
z+;sV<lJ`j^J+LB$U@VPSnhODtft=FeT>)1)>J`8hPV+!)Bb{V2{BwXOTO2`9ZQLoB
zo?w)KnkL8F_1n~)<Bf)s-6z>A*k`|pg9+x)9X5?%MXLC{#dRZ!V}5Con=B*vz`*J!
z&xM0exy@J<AeuWrre}Qm`4mw>W;>@%rl3n?R?L`;vM({6?DhE1d9ppBR-7AV50VkX
z^alNnqbikq8#{KYm?B>$q1g1PXXw(Y{*MnQ-oh-soXXR(?iYfMWjy+c+4k&X4#$7b
zQvP02+5fiZ?476J+vnY}AC4L-ajj<%fnNVh^#crvT#n#SJn9vg6woYOZGFluqOM2$
z&Jp_{<pkQ@6#Q05aS7P<YFQwi;ZTb<1E^gP#p6?@TWbn5CMn)~|NI7Jn($5l6ADBZ
zUN4)&2Y#(NZb??w*c>X+2x#y^Lb(8b`q;bB>E8(ujYg+F@)>q3reWeau>dV1jRlB(
zMzclwUrBZsU(bLPL2@e%R4Y$$JLuM>KVqH$H1%1#GV%w7T`#DSKtBhxaMpO-ZF+(+
zO|glqWy=XRL843L)OVk%GBnL{ywq`AA+##lTGwcG-)+qpX9GAX$a<VfSXlTfjK<H&
z#ib{7nI2d62fat07B>HC`?c5KRk@gYu{3AIGjmhvu%j(P=8Mm8EI0|N^|zbZhBv*T
zv&EGL-<P<PxQGi1lXK0-iLKNs$)!6KrM*P`N9EBHo(RRSfA8&kd8Jc5OexO&-t0s&
z_)AinQE`bAy<=UWuh&upL#%-Bgw8KzSyYpN)rFZ9jd@!~E^~)pGv&iOWoI$8$MDxi
z=><4MK3823f!ZnFB?Bd#0*8Zkp`R&et#$H)GnM8$)c)T`jzrr>#$-I7xr}*mxpEF9
z-)0Zh2E4?#()!!F)zE%})*&B9tpzAy<4(Wv3}n=^of(utHc%A-5d5%#gTxSA=|I)q
z-1sLg(M$?r5#4~WHW5X<F2%dMzuK;*r_?s&=h7IA29&5f5OvTw*(xwTZR}An4dCrn
z!^eo>B6lU7M>;z@J8F1)yvESVJMuXg0|*9|*5Qv($$xW+bI_B7w<mU{eLKPA2WJGW
zo**ItFD<?WEt46cW-=r0Onah14(hfbjdt(%l&wn1Y|9zQRUD*NNS)kT<wR%L=m6=e
zqq^_Szp159-~<nyq66YI&fgl9de3>4K}i-uMgiRn565uUtxdRy!$}g4@&vVG5+#x7
zO;{>G*8E<eeX+-6`K`-TPHp*Cm`8+P*z#4QxpD<8SA0Z^Lc;a$#(k#1`VnVW8UH&B
zk4?%K7q@mCm9{$enx9^Y*50W8OT&kDp^?*}VIQSF=B1<XONjfX-olTklFH@&zv^bl
zYU1-G(dZnD_~QXHN3m>SJ1i|gIX*#xw10|qzp{U#pAu>~F@$oQ-AnzWeDCwbMYdtd
z<>T98%$?h3XMcE($wz%GZ7UB~^{Hb!pTD@Edczwd;oR7c8;9%V$?sk}hH^<|dJ`5A
zYP{hq+BWENnCy8QemT72F?4TeUfPrtJdL#Qn(}vSsluBm26sj&*Xj{}G3*!Lr(zdG
z??pcJ3_b}*X}mm=$yxLdY9vgDZXzaTQPVtRz1_t&lIu3(IGjX8Bt9D6M1>5r-BS_{
z?$P{->M;-1$Hm634<6^Dj8ye9y8`sYPv6&l-d<i2r~nomwRVQL_+B@fu8AP4V3>xH
z6~_`rpJV&x-<G)IL}pHa6zy_*^`4g~6e2`#O1x0Ex_Wne-Qpq51ll=_1FiAsrt)js
z{iEXkTpv~qj-?hGY^NY7D8;dD1STdX-krIDJAeoH3Hmqdxl2J2L$11zh+2&VSW%cT
zLveFjcPxvGDkXM;oZc+x!mUZvvQT0i9u?I4yqK0}Y<|C;;`WYiDUw)`A@QxA%RJ!!
zmOnKUN&tWiNI}J7jDOMW?9L)&4)zxlK?>2mMb~K%cG->yc~l{O%zK~cNO1(1b0Nle
zWva=uKFq}kvOzRb%%h%wcO4x!kL$U{at^=Jb|1|Lyfec*lIU+^DHx1%l}K@nL$Vz-
z5%c=kv1LzP4iqIOX;XOw!CcO$!dck$OXRy_xR+n0l`BSj9IUB3JH5M<|L}fjEThf!
zHFWUX&aht0ajG7>*S0XtjI#N3$SkMlPt`-X>iE*#-NbFjl&)lMsMc_))>oo-p&?EG
z<;Hjt_v^OjNC}3CF;q4qTsPeYQFT<wX2!5^yeB*|BmxykO6_G%S&Iz!RTe)cYIQO!
zFl;3d!Ik$kBJ-ijyOB5?^c&c8xr@)@HthN>eV)a-|7ktbWO$1Of0SnE*3`wZhdbTU
zHe82&Y&DSbX+0GkVqih58s8Ky{4=(4G(#6+f5Ox=`3RND+p<~pS$-sl$UyU_^2OcC
zI|PfEVC#4b)dU~#{37L7G6ccMZ|mpS4@5eUGn?C5NTQx=_Cnh0us(eHdg$gMcz;RH
zB2WzHqI_#hRtz&cqlkKwCOGAhwEGuXbgf~-54Ummouj?d#cc-V&g{*!*Xhw6>)a)$
z;A$b&>bxX+D)aFo)xO!450-UGN&YuHeg;>+tFDD}`p&q4uYAd4#9S2dFTb@*<<ZSg
z-~GAune`CpeC6q7O!3|fGtRqYtJ%|wU{05|5j~yNPzYo}&_hb~7IOLn14s?zwM9_L
zqXY>P+JGh}2Wa>LwHr`<2)pluZviRqKdPt<+6vVFi1?Qe%@PDQYQ_=|SC65SDpe&R
zHV$?@|3|sWmv^u4&hqu(p*w!wW33u*U(~FTdOVl&OYJNUiwGF;(YrChj&l#s78HNm
zH9cv+e!25u`|yqqqHq~`GTZJ+)iXs=O7%GgyZ&aQUjMzjMS#2awcw6t(=-bv9fH~0
zrCWBT;l<^G?V$x<<8hi@O<A1dCFibw##r25Y2PSrL=2y7o|Yt}GU@`7d(w{A69`Mq
zAOE%pn8qLIF16H}Zp*Y74-F#~nSVXVbVfNTXopjY^-oBw$}+zkD2$8g<!R^9HNY@V
z!cuD?RNkSgb{u(BJ5o1_f<-TvyXh9kP+ff^$=d&@vD=3w+8%q#<CndDj!OQ9Zdv=8
zcAm*Vs@W26l<dyMC|jHIKm_&9Xv%c#l)lo@;+RWK)#r?{<cc3Zd@Ke+^$qfvqR-$@
z!zTkGQ!y~5bn+sILd)e_P)(4$Xf_L}F2X54qB&gfX`dEI968{WV4tjCRL{I5-Tc&a
z5qyLznmj-EgOq-e2=yHAAXi;*y2@r}r)&D%Bh=Z3CnA;m%JM+Z#Kd!bm`1wS?O%P-
zuNYt<%Kk3)e0rK?F{UpKHgWk1Y9S4I`3)2-fl7*4mSj{WJyPG$gm3t`^*kD_{2kb<
z-z%}4M&yVN$-oycIYlP<&OSjV(8zyx)FMrJFVH>5ImmUdN8(&G^E{7e;@xkK(!s=Q
ziZJ^%oCnKwU-7NZ?T-!%tt7}z=c7fC-cO#uV=pWEev#Sz`aA14rh8hoUoR%+^Y^G@
zTn<g|*X64*3eYyg<fj|7;#HG-ot)95_6tN6<TcQ_rvBO<sJ+jny5jwJJPVt*N05|P
zE6<VpFP+HeqmW*ieillPh58^D7?U9J3ZcBnkrN=11J7%d$-cTq;ftP4n$s~Coo=F2
z;GB|f_jDZOudl>nIeC3?KVEwRwfZKQ5;PL9<;`zK(GlrE^f=;tZ00PoZEgSrt$Ry{
zgO#&qo-6%J+Vi(!bJr-HOa2A&rkMQi!8wxi&5LM`hkbI_d|nFn?PAIIj>&>k^?p4U
zZ9Mih{>WaljhwjA7}Lcf^{$}y-G`A01sZ8d(;H2nw9Ug8;#rg%>&D2Fn?i1c-`D&l
zMLaLIp&L!Hs%=qg@Z7uA$1#}JJn^aBK5MwV0d9ZJgsNZsW4hs^nUF5(>|hx^poNr5
zjOO|43}X5?vBYAb?^~)~obT5IFx49P7B2p5#usmw%BptN@gzEQ`0^wN&#uQZy?-e*
zi4cgilR9dHKL~J9MEgz8w;g92(KBMWV&JTq@mybhNz1S19NwN9lFaKj9%dHh92+kL
z`n&0mOhZn`7bmQe(rV|sKfDLqz7Y@<EO-P-hf?%RJR6mtdI@WQ5whYukOv!whg6-b
z9Ss%kEW(*x;01uEoOC{A`>aNHwjJ>13k#ucaJEQtE*+7-r0~>Lis=+r%2V7-A$2kb
z>X8h<;U&RKCR(1`l1=pPx9*#INO(91xN}Tg4#(r4?f*SiGWO?329fB$cJvC=FFl)T
z_=88qk6wD;<XYB8<O8v^YiY9~s}sy;r&Blj^DBgz`%85{zSJ&phP$DApW1K%IS<nn
zmDPX*e>o0sX0Cr@5e!U<SxRd9XYq}|WwY~_qNjOAc`*e<R-n5Jm0?4N__m3(^5=Mv
zD|Um{YGAzCKjmO#WP^V9U5(Hne1^0_vn;5k<x_F%t*!5~4XamC_p*^r&)aB@Zy8H2
zcg}{AD-;ROMg%LI%^EFL?TDfhB)q)4Lvbq{47KZ7wx<&eJE<ua>zG|#S8sXA`QH{R
z*B!229!X{j4F8DwRXyf+9TO7z#n^Aze`Wi`&rj6grqY<Em4(L&I#(ZIKmV;<+uZ!e
z7wZYr!qKed)*$-<>IR$sw)TeQv;h~Fjdz#FgIoea8-`oo6n=L~7;6?Q*&V&}L!-xk
z@=f-u9IkdXHM_1_91Od~!?IY(`jdpu+h-OvHorW@>mA3c3?g2Jvd4HGUx;g0kKTht
z*GfBANTtQl4<7Xh<e_+tc6Dl76{=P4l&D=}fx8b`CVd7~RlrbAjYSWv)Sn?Wc4DOz
z%cwN`!JP3tDjR<&^TjiYXQA>V8U5yZu|{yCngH`31KO1<1vt*bIby%n*fsx{-u}`7
z-7$yKG>^;;X*FZN??b7UKT_)|-h6c)%^j20uHI0`$M^Yl@gq5Ej2=CT?ajw~6T{B?
z(bSFQ{Ft5sCoiP9!6VzLjX4HkveuR(SrbDHqNx6*XCoBP9G8wpY^UR?#D^127^qCe
zRYGq1X6G8s^&4ya?@aom2H6oPk7^=`8z!iP4?>!o50uH9j{rfd-&C(&sqgw(j)=s{
zv06JXMl>9VwCF=j7D0t0IZf}@K^Q!f#)kN_rl?&CRnE;>vJvwW6`*v;W<b|@*WKo2
zpw&<MgASov5pT_7_DGdg$UjG(PSOWx<oJo|xb=!|FPHo)V90)--XKZeF5R2nb{M=6
zP<xgn=JwTAM;y6<`08<Ywy;*F3Q`?lG^|RCauo8Ku7jI-{SV&Sg)eeZvTHkyk?`TZ
zU9_IC5$WwJ+Wscz{c|n^W&Ufgqn-46cL=smu@Ge-9!<0R`Bv{IX9Fi*hVS)PT$FMT
zf`gvl`HzxmHSo$uJs!@yi^?tvr{{U>+(FZl3+MJEYa>lh0P;;}sb@c^O8ji!(4t-i
zSr|~)0G&~qx`>!LR;T|B>z(Azdo;aphQ`+|o%)R&``_pSV0bjtnHNLEPdi@W!QJ2g
zdaB!!qza2AZmH18Tlet)tQk?~#LX?>!L{@;f#LG$*VaL~E#gfsL){31+DtKf^4#rV
zGV0UQDQ9gUGheg0z4D=#enibBC*ED&c|q?^g7jfP5_!6aUe>fX5tdhmEsrIw6{Pe(
z0`n8dtv!$~$V7=bw%I^@r+ZA)Y=`gs8(wE&i(zGuCQgGJ$pIT7Cgz1f1T^l`ot^i;
z2iQ>cdR8F2JHxjP@_59M+c`&rkoC+M34ed;<mc@Bsr31PL5xw!=yRRZIkOOys^Nce
zdwpE>>+Po6;tPEs6H&wdzx4}@7z)g7FAKCe?`#%~{rfvM2XL_Jqp<hc?7MaWo!itI
zoK=LsiBMaVH@$SR_mm0N$fI~3+0M$v`wnCORb{Gae?8T+uFpE6>0pmtepmn1;XbOc
zMFdDdktRwGk@x%N5|P5Bi(wSL(0rl?Ee<_EKrf-gCtQ@>-EC8RICyPdy~Z9v@{vs^
zsJ6ckbY`$fW1qbZL57D$SbXn!f8337cl@1jW3@1b0361N6TC8mbi8dk&pU&;nGB|6
zn1tVOlg)1qajGZZnvCfXuU@sWpHYoW<;NSEF15GSOTScpL+49TtV)w(?PSn=!QFY_
zz$u3&%ofQU#2ZCT^;yR?SKK*JHOh#K;<>SVKa*0GfeqR$O9VRtbj^VcCSBC)2$-L;
zv$I8tX}!;OUI4=l(04aCHv@yfTEdL+ARR`a!eb3NnoU4V<-BlxbjoA1>UVp^YHLGp
za<aGZ;ZGMFG!+4f>B%-AqWm@OieMRzV$feC(Y&9;>P!IJa9R6f_<r5=Ei5m6gD^lg
zvXATaAuC}!gzBN_T~=GXxxDO~sheeahU&dBEF==rd9>c(+Ru#W8c+BX%w%R<Gcs-a
z6(+r>oU(@bvv~Es`23QDdxJ{CDF$vha9^&~u-xp&q8<HL|LUZ|SVF)q%^ChE4DWbh
zEGYsn=HqjAa2EuIX40!k)y;<vaO;%c!5bAwV}V}Sak1?yDBJ)QWemt0&_o4tW_Mtl
zDJ7CoP*8xux`3$*c#E1m4^6+FB(c7(`hjj*|9JRAkuo%xv*4dklY)J2besSE;>ZXt
z?#Rj3#KOV?c%~QNZp~l5WQ<0~qrL&chX)<#v%j00&EBW~Qh(Zy5`~okU?nKdZMd>3
zYS1x^-lukO^<3u{m*EO(hd1$urYE!%`wLOGtO0}{KGYpJnF~cz9{;;NTil)Vc~)g;
z#%<L1NNWDn4-XBC%OQ&au0TUxP6b7|-ygVr+x+fcfe=4G+d>%o{CJgumLzbUy~Bo@
zY6QJh+)LvU)8XCtS63f7uN<Bc9qZAo@eQ2c^m2dSW*{T4&*dSdGLdo}Y@>5%BOm=;
zk<EF3e>*s3{^#XOs%X*hnr4_k@ET59fwmFcm~E^-N!io$0x0R_qMz^r89N3_*o*J#
zryA-$ZNAqJB2XaJgQ1nTNdgU#Hz>6E+%^$FOdR&+BsN@j)FTr~Yp+zj&|)kHxBa#D
zpv(%eDMk~BSRwM>TDL7Hg<!!2x>`LdTrK_BHK*b*GkdIfc?c>a0lBS`CFDGm#Omkg
zH}s7AJ(P^>D=-HEH{BwBwqHd+uwZF3l$_^n7obkt+uDF~HE-TBkaiLU?JIB%f!(}5
z-L~w0{B|RIUtlT(<!onXr_FYX%e;{wVhs3uKr=m&o@#bd9Py}BFWJNFTVhz;N6Bd+
zMP>vZXnBK*t>yhTZNd;CS2Eqd)DOR%PpyrD*x;d9Qz*c#puWc_2~Fu*Snvg>V2E(c
z091Mc!qE#rAuk_8-r)N8mAN*7BHC=TWYDAHKOK}CtN(`1_I|l1(%MmizLXK^<1B@m
zzrfzcGFCT<^^f%3H*BxmqIXhSxeA8BEV%sdU-`Tku$Rg>In^X4CLZ-YBLzfU3|4(+
z<{W6&CtoTsasnBHF@vvW9IXaDkhtl>9(ZXX=aoJ%d)Bd<$q}F`PT<U)Jkf2Eaw3Z_
zzxqNbLqJGIHuLgaA4M?=7xM(DBEc$1-{vGz8C<*&7A~oAe!+nV2~v0on0uW0`FY@B
zloAspqLm(qquIA!rOKzIq@<^(Pr3%4$n{Oe&|6h;yHdOpaGwCHS2Zk2|3bITvo<U&
z><D9qFU2b&Ug0@oeG;(kw1CT3c2+6bYtZi90K}a%Mb0#dD1dx^FF8>)&kiOUiS|&R
zI1C&Qyc_KAHwTUIAxg%NK|nnFrslfiIdJzr6j4CzH>q6)#%%;-8b^KfrfI<00vP3_
zuPMQ$-en4;pz2hx<6uF6^xDwS{+!3OFC1vQ*<Irm9^U~j5$pzQTs-H0C7B*h(s+6K
zB(OJvBc(y}1_g}m{dA4VP_(iXs5M%EB2&gR(E!3}B5f#ySV2Wc|L-x>;y&P?l!{6<
z;+z73V=0N1*2VR8+!J0YFKv82dWMGp`(U~CO4S66jne;~vIDV~=EeuqWBOuKErAp5
z&hBoqd^oKJ7KqM3&<~UxS~*%W1`nQ;cRT(0<*G$opdFkrt*e%&mA&666ixL@K|2I3
zic3<L0_-&lnw}PEY}xBiIlz7BrG)Pc$b_utwkdr3cBnR081%J@T-ZQ;Nuc0DydVR5
zq0n-Lco?u7905*t=yhcH4<Icbj3z4_7NLM=uxDBT_hN*wX;o{hNEKco|NbhCsHYm)
z%QU$!`r){z@DlRx<qBs7wr@6>q@;*3*_eQKpz!=fw9EOPp{1pz`63f>IrY{*sgdNa
zv9W6Vxkm6fWgsm80tR5MDN)HM@U$n$5;68Ulr4z81h$yZU>i&dfT|n>VJ$hr5)(;m
z#Xpx0w`wu(v~+7W^-%s3lj6}6Xew>`K7Jh@9`5Aiq_$zG@c;q|CJo>S1OljJK$fEZ
zO+iF-GDzd!RrH`UQ~4AMIJuVqzLD8jE9BWju=T>rj}3nv%dx|47(e#}%1)7k#+by1
zvmGFZ0u5|R0XyAJzguDaltQ4r0M{|=ndK-P1^we6_A~(3`1G`rXCwacO>8FlG(?v_
z(jpb^>+0`c2Pz)FqqPVkjVgn$iiuB6OhJ^AkEJAgZZp|vKUcu7N&&QmzdQZ?FH?6x
zns@;&B{*ZiLPn(XTKDl!QVv}pI}ZK%<R35`P>K6ofV2!ESP>Z-5Dn>r@qji(R#sNc
z0Z1zf>cF9Rpo4K6f=yZkOS=VT4k&oHA~5$|9GFZ>2BG7nEXfa^gyS<j!g&(#D*`&H
z2HG0JZktedbnKJ!bJFGMJ0P_)G5cNdrVwfsOiS4?2PBSWB$S|&_>{v0v^xq~r$A-|
z{J!tuiY&eeXle-x3bH!?>kB*udIZDr-7;)+6KWEUmftYQH7qP7gwwcVetaDN`5K^M
z)rpr{Jyg@pWgxKQb0B~$z|?Q^<UR5NVn1%<4o&JuKO`ac#EfQ~h2@gJLLT!zY~@-|
zZm#j$x3o`>fUHf#V-J|{dYyv;13}PV1S}X3s7p65Hz**z2I?nEupSn}Y3jgadr@2k
z10EkLY{|U3I#)0spyHx4CS4<jbLuzt$$(A-XcV!ESH(80{Yb^T&+h>Tajwo14^pdz
zhDBsGS&C2apz#D|OrZA}-2hhMo#|Q-VMdZz3EM=KCbWcAb40<~3<|s(&3c2nVhLh9
zXj28qYJq(Qc1=^v>5l|VO0+dVC#D<7h<Nkmog_w20wyqMKqG2bfm$c?g{uYdy~g7;
zzk<C54iBIpi;4i)0wg~%`1#RmB$5i6VUeXRCaE4#4qZ2Us>wN^$(X4z3A&+1Pw)gW
zX4S<Uz^rB^b!r^!d_BOjy-$w-i<j6Xp5PWPIZ^U5zi~(n7rF_wT;W@QW4J$=P&J)h
zSfG+3BO!4=_#<h+9@Pb0f<D00ZK}5zf-=Bb47UP;By|<+V5}%>10T!bH2haMZw7-;
z78gNNlU=iv_GNgiR_UPZN*a?h$lvswKm~glMZy{RGrFFI>A_mu-tL<umj~=V?C)-Y
z*#fxty?{gEtLtCd^^T4XdfpQ~f=!@B3kUeQ`r+v7OM}D$Y}7JBda0n}EN?A<Gle(3
z4ipOG9x8<#dJ<_K9pK9qHcYw;Y$qOMxxkk1#!b5=ITxJLzqDlRrNHq&1-K%7_ctGy
zI8ed?kxEiNIV}Q2f07Bn@K<S;eQXZ}9f0YX8N;tGXv-k??gQEwvi<9GD!UF>f-Zp-
z@L?6%jTeNZ9Rd@;gIB<P3q0XtY7p>SMmXRB+#3%W%ay?E27U<q-|S183tW_-2QZrP
z+!kD-Kh-Nwg)#8(!lZ$22^m;O?sl7&3iu&0xFndg-P7L!0+1Mk_LP;Qs`1=_hv`8&
zqm{(2^9l<ngFn?@1Ed)k{$M}Vu(Nsk^&dK5OcZFpYq=3(9=AB<Sx|_1yD2Dy^Ld0b
zE(1gff+{vHt`>D#pZtT$oq@MzK`-<%Z@`_BF9GU-4zEw9K^_>>Y@@wCDH(vSb3m&F
z&gXJA&}{{){llsU-u-!^iJt~(Ocr94A+V`Zb(DxEhlR*~B{(UUL6;N&NJxdxIS}d@
zbJGCE+k<al08KpEd$XNCO-p`J=H4GZfS$%o0PLaZ#-x-KPePmvBLz+iaFfCECmQ2?
zD_&Yy5Cei-aQ>4`UqAb<B>`9(dN`xb_)ErN&j@Hk0l1e0IAt<VkVfVK<`eh3DHRos
zi2jlk4`Y7xUH1o|G;{(V^MWIUt};0`rh3zty!T*52Wu+_%#fwb!5SILC&AKh!N6rO
zvNUw^dV6|kzx*T>%N6ya_ebGYVnBTSChmR00ty;nBWwj<6#-7{pH_OxayAE?IBGGy
ze-+W|?}m~T=@1~Mg|$U)fv<JocU+_-1R+4T&LRfG&B+Pa2Al0J0N++r@!&CGL;!;h
z2|WB|uDBT26QIZp#cg)|8;e21YZ|<Hb#t&R{p1WNC_3)0wt;CRVtO(fZ95D#Xa6_e
z|FUw`bHHa878U{@(FYKe%{!oqk7p-<riU#~t%nC_Rf;qSXf#vP75IMhZM17LN`~no
ziE!vQ?f~DLp@D%7=r1?eXyt!(fp-7}G>B^;4MfF*G^AZ+@Iq-~?8#42@I4D4Dl#~4
z45!PkfHTi;g+Q{QE`D(gb~1*aLeSv`SZwZYj#YQ{p2PB%3u{yv9e_gy^lSS(X~CBc
z3_Jx>bO2xZ0pdn*w!C%dACPm<hdnQk)@$?^QZeWdAbJHg(u-y3S9}JOoSp^RYTzc4
z0Iux<!8#x;;Agx570%#M7!DaEJq4A#H53}$`zJxxbO2oVmA@cm0krs$NttAMZ(0;p
zPEO9$KjB5hRT*h!SKz5MWXxkb?Ej=-wf{=e()8qXDMoZ)#sS7+kR{cri%{RzKY0=%
zfb+}z>Br~>6$pi<a9`lTfz!phBlwmHkac^|{vWE|Jf6z+{T`Pgv&{26h0G*HY(r*c
zEEO`hiK0}7sBM-Zib$$$Oj1!QiOLWXwG9cCP(*1Gg;c-w)cgJZeLv@Q{y68nIy}#F
z-}iN`YhCMFx75Zc`DTQI&F2l374Blb4ZUG~SRsU+6)e!lPk{~{RuxZMT3SX%B;T!X
z*6^q&ax%t6(?p6+qQu+xtWrSSqv7^y6y`x&&gyY`ragPr5b2yCHw3v{H6a;DlhJ2H
zW<D4idW;Wh+YJT=k1gxcdb<+$(7CVjvZ%6c*efh9&QW90fsI_FFc`rI?ZUzF)>I$$
z3Y}Z-FP-ln{w&F>yJsL6$#w7;z?Nm8#ZvqRImR)hYm5|L&F9GzsWT+w{9?<RUldYh
z6H`rkLkD+})^wi@&wQGeOhDFq=%+CHAVP9hd}L_!Zdp0Kk}Z1%{x3h^#nKs{L+8Q{
zhTMwdWX);EXVmwm$@)W%bC@!dM3O-{GRG^EO(K#^HWc5f>mIW18HMBl8N?YMn)ELx
z|4S>UBzULzPcVI8{`TZBFZo|)%0_BWTYWrX?dZFA>mt5*O_<ow{X?Dt*vTn>qw*<<
zUAtZbFe#a(@|$0Oz6!7{Qa-xprfSgLP<?%UrKp!YkE}2fpP4c%t)M7R`%f@u1wOsH
zL|G#7vC7{$zE`&ByMn1o#()K{kd?o3k-B)Q2~NxU$&J0aR5Ls7)C@crYM;vC5gRIy
zXth_*O*ra=NIVv_BKl-y=B~LmW$osw(GIRf@5^L8rnrIIeVdkKDDUphpQ>2v<mNW$
z8Dmw_DW8R0pIRf`-S*<ePs~?#(%!ZZh)|kx>!9jR=?p;zxt^q=USHYM8!IZUyy9(Q
z8dzi<n-=|>Vxv(+_9vQ!qAW4hLcT$HyTy(`$!Gdi?=4QAg=AIPETaZw33gaoV083P
z^X?Tl<$e233uEm<T-)PPu7^|PDYw{&$Mi-a*#mSqZMz@-KjMYEo;-Q-pBhp(-Qx&&
z8b<n<w;eqG=KHbI$pi&sb|u~~c({sEs+^H9?RJY)DG16uTiES8weoMxcv^M)^>v>v
z&alK)OCy1K){?XT)r<zL;ov@NfwvHy*acKv;6Z@N3d=wvR%jB=Vfa{3!}Dc#H{o`J
z?HAlv&e_{vwVjy7E3wEhB{a@qM;@BiANu(I{rlso&;`c8;sjkwvvCv?wvF02TuG5U
zK+!Q;-#0_ihH1i|&$jKlx%ZW*am|J*7Cso<NazI*!r<XJ4ks*2a%5{5H8ieC#V)L{
zCBL}!5dt4VnApsh`hQ+gG=|%R{v1DEQBi>`?_g;wH6q8-95>qa{`Gz0uh~}H9adDB
zsccYHt-{<OqR6(Z?q>`R@5RR$?Sm-Ayg=&cGS5IXWRP$w!O4zBq#YR<xxYMXi$IDf
zf|1+wIlLmD6nEmZx?43JAFx~p#s>XFQvoBMms;~NHs|a3cOv{NN=aRS8HC9_o(SY>
znDHQ6E&|*vOplJzZtQ-l)cxhlbl=4bI1o7THSeMH7o|Ymz{D;%(_8i!DQ@dE&x{aZ
zU2@i7qIvV7vwDpVLR>pnr?Qti0q0>0pIo5sI1PUdyL?TGc!9Jk`;$u;KD~zF(a27P
z_5I8{D5liIGlSWyw@8v}7q-JA2}J=L<=&x>1uO{<oA*APLlmYqyQM6!jvYF1AniCf
zc4jXA8p0?ibOPiQ+tbY6BhH-cmR2q=L2^=(BGVoqfyjJCSgJm^{YF5dMOtY7I@Veh
zlzM-k%(_h8sA4YPia3!(kvD;XWn`O~*Z2RR>|Xx$E0^E`Y(gbJjx@d)8j8f1(Z8Q_
z(VgDm;JwRHBV+}6`;rpwDVz^~h~OsYn@xe}u^6@7#Dr;@E;lIX`jo(_{eU75bvw=(
ztn1fPxk`fE(XRFC_8a9^*|Pa5>FMGIhgAJUFE7kK)~NYHa4ZisXuZrf7;Q~y1r};)
zCgfZ6CAxcLC|j9WYp?hY(FgvON>x-kU7E{J@n2Pmo$umz43G`8Nh=suhRd?ZdXF0J
zxbDaLM0q0cv=<^~Wl;2*BIlF38`vo4b#`w?@;u`AvN8JkIDI4b7kpPn>JP3_nJmA)
zgVM&^TFfX<3zGR??C`IxRLQkDk^1jQ{-wr!M~E2C54#^wRM;BEhi38@SdEj0ceqor
zCQk_v`rzpAMP~L@TwIyG93G$!m6|!(0p<1q)wCY+5khbg<0ZQSX6<ah&g68HbUE%n
zzoWSUeFT=Bt$!PfE>r_H<{3Q@cBq7w!6E>?M?o@^#y*FAw|}yWHJKPqz#CP6fxJ=r
z2tWpl5LbvBRcj;IIuO9M0Mr<BN2Lho2bYuOy1eE1h}K9G|BW$m(!rvx?+iG7g`~2x
zvr)YZY*dn$u2WZ6N3GAs%G&f4PA+nszth~@s&3!DozKO_wjp%%m~KgOvL#XL8E)K|
z7)n%oFwl@40La&#$G<$d=;7hv{RKs?TPDlv`h%B+|7>33ExLB?n(#X=ujpz8OdF5C
zgJ7uUoYhJmskK2lEOzoIYXWbq{O>ao3++U7Bz(Mv@Yxx&Ly39NFR_qE%M3WYhZ$A#
ztK3vo8@4^e73|4ZPPH;=Pq5VXgbjQeX*7tMn*u&esiB-aiH(l&%5t+9sxt?^k*a4y
zM1gJ~Dpcd6zmNFWmRWn-i#3{)KgfqsbT8$!CO@>@0xn~<eSv&A(8htc9W_T5_kVQ`
z*XN6A4u_do6ynOmIRKAe%gf_!2k_S05K%$e*sOYWG9ABdzsts6Vzkrx>$|%T#Ux~9
z{^pA;(u)nJ)v}Ol^IdGlTgJ<FKRC7mb0d6xU;|qHYio~#@;WmAY+H@>8(v}Ii0?Do
zwLD<;WPMiw-fbuKLUv5AeJ|g3o!M0YSkwF;f4yzKp~t2=qQp!-0Wp@Bf%orr>Lo+~
zmn)srJfrmXjT9oRXl(>xwvtm6^|OYyHm@;4Bnpl-#qJ&+Q1%W0ND}#tJO3*V1M&Ib
zwt`ycHo1qsS*^HOcV7Ueg<c|?_4I@hHcp`s)q&&Ll;Za+->sJ11JdT>$B$)^YH@!L
zBpUiAgSw#VF5SYo8?XbBFaNXEd)pW{C@CqS*cexP0|_}Phh0!L0#&7w{pU;+o<2Un
zTaX47AkJgf6Cqk&T-4F(&u9~akdTo6x|dPN)xAFP@$sM-R#7C^?JWeoWeT6S?O+nR
z=HaXbm}}oKn(psI!P4AbIQy8$`-C2X(Yp`zDaLL8K2iXuynUcy?DB%A1ky#7-EKi-
z5rfFtQtkd;V7wVv;dIi>AN)I=vRXDz*S$V+1C0b@<NKg5jHBjQR5*OOSXm!s$;9X7
zZOaKDNolRvaU0E>c7A#_`uRg+4~nH}K5Yn1svl91%LXAg75~v?tVi(U;o+GT`S-b;
zj$E*cla>d4U`=KHX4O{SEoxQJI|yf+ubhjJa{E6$?_md_`Q|fERFgPFdNCs8U!nD+
za6LnqQ&Jn4jmXm9^r^@F*-J57y>&GW#6wtUs9SybC1HhFEEMQEgk&kMV^fb;oH?%>
z=!D%0P;d$?4mcSLnCYOR!J|1JpZ)&bq8}+kn$~Nonueuhiv0Oq?Fl0yD;i3G-`AWg
zi~jLx<~3i@E+YI6cJZzhR9fOkdQ+W$TiMZzLPXx;v{Cf;uD(8<X93eFcT~@pr6<+M
z@!GB46EfV@(s?&jzUje;;&lXHz_m4IZ`v);(6XUyMu*M|`wO9M@AIpKAK{m8fU5)@
zQxu45-|7o7W`|q>W2`S<zru&>rU-oogYtYW(qFlNBlvwgSNdPSe?^1ma=&VK!3gb~
zU&!d=W?L^Yx@-LU*UCWvs3|FVgM$m5)}=1Fc>ps%P)csnoxS*VARKd}_OH#puB)ob
zaZ$%#dA}Fpf#4%2*7pqd^4x21&f;?Kn^$m8efjbQ<}xKP!-EfriGeyj6kn*-p2D91
zym50&3xi7HcIi#DO88;HYJtZQY5mi)%R)QWlv=)u%W*8&{j<WaEnS2`2X=rnXiK!x
z!{nv+y8mMkDln(w84)jAR9SucG`=ZR=L<_q7J*4dEw^Mi4LMzF^Lw5>yNN&OCVKh;
zXc1nrLaJlb^71ka8EzorTT2Bsn>16-=!Fz45N2T0R;ZTUw^1F>OKbV;Fjc3yZNhHC
zRGLDu!z@I#0%g<9*|Us0KFfI&M(AGxvz0Nq{mzw3Cq_rTl!mD$@tQ?l%4=ayGal!M
zUG+tBVuO>&>CRs8YR;$G?7Ey9-$mQVYKclT2P2Hzas=B_p|4*6vjQ?Z>h--Cq#%LL
zpRj^^kmps8F3`)`K)%}D*oj6)Mw-6)u2^_)Bm6HNr&h1(UvHzcBVKq39M2|VYz#1g
z7prTCL<r=C!&ChcsY5Ol@e|Rw#RsN3UiK`O(yGg|6OVy+Km{thh=~weU8y_%7jngu
zGdj$H=tFYs<R_!Nuv1a^nr&6ayv??m%!F64{ABBKTBch`_RBPY?>Gy=p#rb03m&XS
zl?BG<_;xx=bsF6SL$Z{m&~vBRJQnBkq!0I87^4pzI<)oes<4?st-1nl11&n0Jb-Dq
zR4NwxT%SYL+1aI?0b0xHw2EdyS^c|cHo0tkB*T9n$%^WI8;(4SVEi6#amgK5-Z*2$
zahpz>22ra}A5^Yid@sGij$ErNjmODTcD86OPNJar4QHk2WN2%U6}RPklmF;$D2K2n
z74|tkL~zCUU_MjYm0kDmu`nW}-r7Xb+rg1;E~c1mv&!8M?i#&Y#M6<$Y(IbB81co6
zAdJ3$2Wt*Y^aBZ?*e9umk2N&0|Hkeu(--NUTPsDP)9l2e{v6<?7t;&)UTNHm|3ZWc
zKj(V@x9nBO`7WsWl<DGEa%#U(UIg8ebs2+YoeJeqaG1+*<~Z1>{W#rZyQoys4VPS!
zvk(^;CL%KoA~i&CiT}Xi7W~XV37Zg*{f=5Knkj&h7-VuP*l3o-fsq+rXiCCKYk38>
zQ3-a_$9ucm0*+L%u7^RT%O%;ZIoN1gq-uBS(Zva&>1P&n6xiZ<fpo#&Yk19vf~CmM
z=+Dh~=wsfBNC~<Xd-v`I!r!`Ail+q|2S`d{_2YCNZti2Yi`e!P*I77$haNJ00RqYu
z5i-sxOVY|Jn`G66K}Ei$wqD2pi8s&U4(aE@!h<mMVaEAdkVi{Y)i7usE20yS^J%A9
z$w8+2O=*Hyv1~nt(OIwrpJuycC<A7^d6F+466t)_C>sO^aOA4_Xg#{pZphi^cvcmI
zcS;wLduEg12_hy*#qG@DucYlkY+wB^MaEG7|5P#Ft0Xkl(a`}f&vXfct;=)YzYA`3
zQCmX;e`p5;=jG*<6VN(ExXK}nITq}tce`sv@J=A9(tg61jmIr8XL73xIE&A(@1K|k
z4Qq2@2F*59&KL@3t5rE!H#ew`4;F9$m}J_+L)OUQXGBDV(l>QU6bdLmuDUbw<WZ?q
zjH|y{vOg2EL{(kO<hnhGpCBEoN&|23>-8rxptdjuyT?M5qQS2Dm;ITD0uN@RD5Qdi
zYn4^kqww;HsD+ree9MJ<*vu&VBH@rjjIg8fJP1-B83U|)n>)ax@$wf2c`*udMcbj_
zVv<-Q;|67`@pw@w0M}@LDYE=roJs&*s<R<28B^Aee}3Tmss+U7SEc=Pt_G}24=;C;
zi83Yx-oz7>MXODLo~`$U1`kH>JKNhWB>}>Sem^LIwBKTm1?wV9le_SQ*~Xnnrx*G)
zxb`1`_m>^Ii}NU|^B?ePUQ0>*Z7P5&h`%iIXDDb)R4*(nEc)=zontZ&?m}QM{hD1J
z%CfT1bD3YKzP|prNR3~Zm_d#8IQ=D61%e&ME2vohwi0??0C~f<z2ZDV{YE%Z$Gg|Y
zV|fMhMmslgZzx1N0+6Y5rjObGQYuxeuiMELqU2}ax6-fOuyqqQW-29@UDuoc|KU=C
z`Vj2`5I`N16uF4)pLO4*AEM<bt;b3Tt?*b#$M4WLFkoh4QWi3q8vXp4um<)2J{^C(
z-yC@*{D#Xj+k{&w_Ukq%pZLFMQ<FC&UtWD90{Qs%_)YoR{x%5axkVd*lP;nT?R3cf
zTWpL_eJoqw(O4Oz)6gjOJ<u)9#l_W2mzJ;sxiWj(e_m&*+vywQa8iA!0|@U?(rBm>
zI=j9TFor2{8@TC|Lo__EqdV8>a6rqEdfDaD{?P|3{3~n-21aI|!>NUcA@y=8jZUXN
zEv;?Jw)U3mY+YGv)wp~uPxMqVi?fJxP4L**JNWyDOl?hNHMvPz9VV2C@>j#H`aw%e
z3C<@N2Y}1GV(_v3H}`B?z4{{d<oG)rn6bMc(1q6qxuEd*ot%_p5on~PWdFvv9H2BU
z5Ud$!o#7WRo}SUMJn~HfX(s?O3T%-52M(NKp9A8Uk2PgFo4i)V?3wRSd?j1tg^mQN
zYc6rq?P=Hh!|l3U@zgzd|0U9kEK*;Z_y7YJBNw{vWr`Kouj_?hZcXr-Gcng@pTkzV
z?)L~-FdlsFx}g3kc$4r;WdM8_<5`XNjTr9U{SMm%c8$Jh?||6Hq;+vxnytCHIS$2-
znW6X`F}>jG8#i8{_ATc*2{ecx0#3(Uy({e@7>!@=E*ury@=F^%I{0{4Ey6iZo?=np
zerG@6qWY85fe$9;(QM5vdS5eRvi9u%eGQ%K`~uC$Fc?WpT;r)sgMDq3xBEEI72I*N
zN8E0!VDkM0d$fOr36Mj{AYRtN^uI4Vq}`v`GEn1^OO~~vY~9psyNXe?bIm7iW=6)8
zB4)G`z3Kq~xdUUDzqS+Rekyx~xT-{--}4!NvG4xJfh%XNq?gu!PwBzrbSVcH7hz^d
zK2z-$NYj#`p&SNiSaW0tV<#&oXJYxz(ku2v)L=FCyu{ddLdgHpbbkKjpc`}OUE=6#
zIF+(=)sZOl3rC>|N<jOf9{tqgtrQBS!msK;&Ith6Yi>2BB0=1IH~N+I`k9wdIO*m$
z<{o1RL%5vax$aMJF6~aP#i>N$CpT8cOb;^(Yb^;u!K7OsQRAR%ZJnonE`|drG7vS0
zi#r8;)Is2O)SqK@VDmaJ7$5cX^TW6uo+{Z*^&22V>UL`v;IQ@#F`+UZ@~Ty<cvvWH
z?kpluPvtm0K{H---QFsWwP{2_iuzb2Kej>1*1o;f-Suo4jvcDLO|IN!ccy-Qy89Wi
zq{NQj?6?pa9jrm_x%IAVRwUCgH#=RJt>Gm&*;guBGQtqZsVYEOk&q|ZNZ;t&&J}Sb
zjpOj)9~E`<gwrxgm5`AJk&xA~Fvd8D{{Ue?V#Iy(9{y+7cKv~)UV1Oj6o-iR+~?O)
z2Oj<Ov_-GO3vbZraHD$0#FYs(_{#sCTNDl_jDHU{MjxJD{r))e=cYi<i2RMww^$0X
z8^L$L5pd(788>SxG#TirA4hAn$dt)FD-ENkMl&yNYp7)5i~xRZW5j;H0pDK~l`7k=
zzQifsG>UU$aYE9g#Deqdf^9R@4cPdbj`KI={sEP~N!rP0hw57t3-?3E;#gh-24UD4
zB<FE8W%s(!W~SkWJeCl4)ELtpypNc;R&XWE4i4(e({5$%&CTad7i1tfqqSpYme)wY
zy#`4A=g*&)HPqB}c<BibkDTSxp@@$?vQP5082SkCX&~>n!KUx5gJ?90@93f5Pe&q;
zxrQ_zZP>f%<qfV@SIbv7GJ|ezz5Kg&@0A-Wvh+KyM8Bbaq8uM+T(j3aY)y*3aHj+J
zicL)X=FWH9Uw{2maQl3l`>5ibc=p1lZ{F}dvEO|1hy3abrwR-C)sKLHHnF5)DqG#7
zPJKMcX4>4%%?)K{h1sn!;oA<bO-wr&Iv=McyR2s`snjb)dufwx1TZ3UZtomO71)IO
zjE^?OZ{4~TxR{NNP1G<#lWz)>Jtao09318b;ySc#bs&~)QgKX`Jn9MdGRqC^a}<#Y
z2?@XfQXh)f%Y1^fkNfSt=YoT~v8&OOlDd3MTu8~`*oG5CLM8VU<6xLP0igObo~Dr%
z@$-8~mC(U$WU^9a35c!y?NpI773|DJ_bN<{s&ej>jJVMe;Z4WlvhwT|lYda2%pkre
zQPFGnUg$YhN%9>Y8oGlCdgyYn+E?7~XkQJrYQ4$k^kH(+BBmS-yU<5Pmlf4B+zz2l
zo+EJ8iD;dPKv8%LB}i``3w$^3tlj%E0`vPho2iE$=vg^)G}R?mvZ>QV9Xve^OFJEf
zT{&eEZEu1%SxbT$!r<-)XGlM$dRm@5$>jC*^|gi<Eees<(Jd?N_ad!eCecOt%MKgA
z_-~}pz(Oe~Jk)FwNL$WmC-Rn2Eqru9f)uJKu;^CG*(7{@F*wNLBajgA=kCPYr`<VJ
zF{cpvbE%j<aB^~Ts0(_1=dCbP;a(P_<0Ma&p;er@0_~;57x0><k6E1cSJJkJK89ns
zbHnYAFYoX<8ThoayuUA#A|ZYe@DfnXoqmYV=@@(NoFM<zNDNSZ#39KKWgmC;&|^F~
zXPeN$b{UDW+_*-euDNXZnweOenv3ffqyOjKyJa3;%HV52w1kNoYdDIpLB68{%u8r?
zaFfp-=EvwcAU244Y@J?1Ru>a;^0o?x6$c2;9nI)CB^o&PoTn-*$iB(leO=_5l5-j<
z^u#$Y@J2vEJQiv-iCy~f`Kh4panha-4Ckg9molbk6}67n8;om*NEJMx3Fltu6y3Q#
zp3m}1rH6aYC?$)%_RQT-H$}vSm-k}s8a|^--&s-csB*$TJSR_R)usLX7Ot*VkBUuA
zP2D<6txq9ts#-BF^=&aO+a}GJN{Wt*Y}#AnHDy4H{r>eUy0s^&-fTT`q~YexdF<Qi
zr>NV@<!I!~d2opb!k*iWZayL%E1#m(eGY$qWUz9<sdYZPGT~PSY@o5DmL;PQD=&I1
z(bt^YiBWKDQx;DUqv417mtJ4g#m`7ETsFTMO3`BuQ17p$xqE79X?cEb8Hwv<s%$#H
zb+>di-{HfDBP+FY^71CLL=#cJAZBbkzeHdbw63y7q^cS5N+DJd&8&}_BY$5lxbOMZ
zbJ9Fy;X^=@N?edR%1~nGrW}h*69I9|ZO<7Wl{}r5lj8!qQS=e>+{YKso0?=)Rnrfi
zwWtMRwAK(RSD}T4g+W(AmC@Jo01gKw!4k+a2X==#segyDX9mo4Pyi*s@2U|^n`l@c
zJ$kfohHOyOaBosrAc3E<DT2o@VTa_eDyE~Unm4}P%&s&~RN7$E8z;4qP3u6Bjh2m2
zCOAdw3x^q;PPv>hK57(wR)=A_{}Nx9_4!JUiHWlHr4}nB6(z1Zwjm}!xnR4CWp-}P
z?}vj9TcV?@m=lOOFfV2$%pAfFh&CW4QJ1msQj$6VXC#d05ureLbS1$>b}N-cL2dw-
zC1KlC#8mUn4LXmpyU@5@L27|xDewJ-@iZ7FS0hyD&jLZ&w)9?9p;57a(Vi(j<4A(j
zq^T%<hTs!I=dgdGlT%!udne1<b?#KxgJYwi`c8GE-G{<2o14*oN}KjLo)lc3a!d(h
zcNMUROy#EcsB+Va3=+jMi%qlF=Ad2I{Os+e$xYraYZD+Exj5%oOE?dWg<suu|H(b`
zlvcd*=fN5|8JRJFt{Da6g|Dazy?PNgFY=oNM+AdjDtH`#h&cqHmL)78a1d88L@n<p
zgaFl=w{mij0Ye6>S1iI*q(@l7?Kr2A1Roz!(G^%c0RwIR1hviA`FZ<yk*1YXNd(ld
zJil(g{&q=q+8N}393{z>vlm=lFa7sD6a|Rld_Rb@4AHfyzfVF;<m7ZxnvJjzM!~#A
zZbouLcuGK036ehJ0lmF1^OLAHc6Pz9>gTaeXv6K^vnOrSs0ec5jhdQiS`mX7N7K`%
ztB%U@TrL^8iux64;9^OM94|B&MapQ!w}hh)wf)_EumX+nY1Ru7Jx({aDGWH*g4;kt
zwjuO7<adOtJIozKUQ{~@KTGEfoHSimI?TAi`7l-`o#`{fxuKpbyqq#=EV@Vbpm#dk
z-xW_ROB*k79Y*!@D|DRf1gDLY0sUumbTkp7R;s4ZpF?m05b@Si@&NugpGN2a;MWAt
zL83`Yp=WAtZia|-p@~@vCrD`J%-C4A#xA3U*TBI=Jr|D5vT{0v!U(y}fRX3D;r_QB
zU^!$i!_>^H35n4wz)jz9KfJ`<USVPPzk6bT^4t~1DAc?u=uUm$_H5;JG?gt7OyM0*
z7e*$#36Z4C$=%)-{1$6{%?j?&I4`N-^dU{HFHBF|w)J$<-dr+ECDRUp0E4JeX8f9*
ziv?-mqId4x>0}W?Bzo^+BidZJ7=5?VZo24_^XIt9QyK~@ncuK1ODif)Vi%$?_j}q3
z0DvB`4ZVc0uvIGBP%!$Tw{OYE`mIipTh(je9jBk^4UC0$2wc1O+t^uKQ-rQ(^V#Gm
znUo~$UPplpP)tF#A69_8^7Lwc^XlS5g0HfIJ}`7M6}0p`0F=0}F<Q}BZM_I%C%uBK
zhCBm~OdNY{Y~i_cMPaipYo|QlX)|_D<ZgurlJ3vbO(=QLmZ8YG4Kptx1c%n4GmfU>
z%1@7%Uvze|IVw=lqbfcl(-~Y>1LlpW6XNuFO%d(};~ZMhIwesb=dQ6l5C^_Xk4!se
zG4haO!L=inzI!t_KV$Ln?~+1OswbMW$~Of_wPm(wsS~<~_3N#7T^RLKRbq!jOQg&h
z-aDkTSJ>MTM8H-&X&a221F+e}{aG7aZZM>N5YKxxdYzFfG&sx^v?&#OkT@BWW=Z4N
zbXEi^E#Ec{QC%Pjv#(#jVq=*rX087&kc)$enwdEj7^Q#bHtyHD%}!R~2M*ZIx4d#|
z0KlI4wq{uK%ZA;mx_NoL6eA=?K$XNFyJY?7IiJRl+89tq-L}cnlpOdQ!%g^ayHEqG
zSij#qhfsKcGD&~V-a)vxb~J{%UR*h7mn@XUg3;^qPmNJkrDJDJwH0PdT7&61cdEHo
z=3KnE`d8qdJ?yrKC?YQ}qgsIEk+{hufcn_@TRhIeT0j%Q)RdHCQly@#H!Ot3USrhS
zV11A_s9etCS_g=Rj9>wUQk`{t&jR;#NM)P5kX`NWG_?VXCx}!N#5(w+&FgKOw#Gmt
zJ?oMy9C1#E(HHU;Tk7`cfYubAx80Z6bUU@s=YT0lPG)LdoxTD+p_&n2sk`;6^hj`<
ziLAgB{E+2#FC8<rvSN{!+_@%{61$7abDSU#>#G+3#(_&=CT0>hw^ux>KmQ@gWv37q
zSMoQDMiL75vr!!TRaZ={urc?vT1ow3l2BYCug1~Pzg}NI>xL(oR+aCtg?s;^b7k>+
z^u}uK929A~?m5!2DqSNZ=gXmSfI?8mj#Q2Y$(CRFa&mHD*U&ln2x%6e@98DY#l=Ny
zV~!`sl0|;In!fr_IHWmXn~>E%z<cl4_njvEQ>b3PPxUZ_aI9H#8GH$AAWN<EX^Bab
zGtF<ST`(!YOR<<HT7w|FK0UuCwZjPQv!XW%tl|6jYxk~kt?Vze71C{yULtd`x>H{Z
z5nk*?fs~c<(bB%Lf8#@tyF+df3t4HeGl3d4c=qcTu6xfUdQkOM(Hl2<+}mTG+QI&a
z4k11&cC!?N#z80xkEvfQEgj_+-w>|kbnoXUgX#E5aB_qxKHh)EnoXR2#I7$?IYLK~
zx(kgqsfA43MiLbj<<qo7HpL*u!eph3*v^inXtKqR4ZHQyWoh-hWC`7}ImHOAX#j_T
zYr9U2Q_ncck~3(!enL7rf$Zou<Gg&bv$NxG{qg6^nmrmG_l~SLG%PGHDJ~9;pw&vp
z?thA&4)j_5!%g35Rw0bDKfZh!yzbA=#-E|Jfwwxb;PbMwhDNu{TDBS6guw~a`;I<9
zYk3hDrM#OMqr<)-e}bCRdF$cE@SlxQ6H1x%(AUSI_(_5)88b|0g53^pUK!^^+D<ip
zo9IVZ$ut~{v3)DGstV|Z`;!lXmc&&2?)z}HDMrqT(_$oe0pN#&d8B6MWb~hvW|Nf+
z3=I05(lJJ1ps(M-yOtV#PDjjwXR0>qJLQRul7>b}vMzgxW@S0MvY6V7fdN5*$4LFk
z60RmF8$*JFvpVj*LFhgHe(C^^sH51&MKpn2uDXkS{D?j_)u>7K+=heo2i|e1T}N_<
zOjnw?-lnOk$#jy3{F_%Mxg;Y$U)a*J9Y?Hl%jQfGlVwLXCHBa#!bxT9x;r><(N`df
z;;FVl^Z}uCZ`o@N2N(N+M26>@gL=P2xw)zC)S_mbeSf(p=9ZRk{@^|_NHg-C3=Iw0
z1XZp281*gz@?u=&v|^Ci-&O8q-k??oSO3!O!ikP+J*=E1)P4do>vw;gnQ@>{d6nGj
zG#k5#>_^YUMtvBI>w5YhS9q`F5*Oy@uZ1`dd&sl|qIqhM<|Hvr5W8>RXEeEB94Id@
zUkZ~ND<N%D>dkqCv+gnSBs50kGdlam@<l`~=*y%vgyVYvx72Bsn#)c?qM`+ImRw78
z$<iaM_9E0Egn?dRKR6JR%H4~7wig^3Y6`gRTizkPzJFBec>|Zk2I<{z0{~2@@OvCa
zHYu_sZe#J^w_U<Gw(!$YvCK~g)y*^;8m_bcw@41E&$6+6Y;<6fBja?2MKl1>P$;Q_
zlW4G~(A!^_<!MzntMHy;*hobkSrxsJ<1SiCar#Q!cLie5HOjBg;-SC7sZJArA~x@#
zFO2<P2nH3GjV$v|<O{bR0Vqhh-(b~cx{|$C`rgQD36@EGQqX*o`k~V5j#WFapgP0u
zBh*+B=YsB91OIr=_Bsg6aQR!$9P%ZIxJ`Ze-jIiMh%iUFxbQ3VjvlsZweeT$fM|x)
zSEgK`HE{3=Dc#9)XvM_DL$gZpf9n_XjF9jEeeV7?17CYA1<JJWJ=-Hz)2eJY?pQ$g
zo;r>GrjyQ3>|J7F?D5OCHb_RbF;T{&iYf4C%u67D(3Ut97FKiP#?OM5M=a<(#_@$h
zv#8HE!Cc|ff6rX$;q&LuA?*~f!eL!DpU9_c73s0)g4X<PqPO~6%T%I<(<Tn?*7ovi
zoOhpy#97}B^>h7i3HK~q#@>}$cFmP#oEbujD&-2HDG&_M%F5~KZRNguz%K{Ze9c9b
zx3;h|w&T*du)0GZMYl0;wxFaP^z(a*b|SjBynK8U$(OV_c*t~zUpGYR6lCj5IIwy}
zlaIJ&){qQ&Tw4WsEDAY;HKsRxj%QhPEUvU!`>ISmt%x|;iZQ9QI$`a-Nnwtjo`RCS
z5V-2e+9drw;DMF&F~F|a-Q!11#C5)+x;z*j&fm{YnDq(mI%1NVH4Ea9T||af=_#vQ
zn3IzO*w~kED4wYh3bUfZ+*vtSk(F$^@Q!5PwQJY9b+<p?`^lyEXKj0g^!XGOpAT=|
z#Opsc+ZX&VhF`d5f9TR<pCeZe;K5GI(IDU}mi!oq(ZP3s9v#j)^b-@gH8RjA3z$2c
zSMi2JXwuP@9d1hLmD8pLAWNbkFaXy*g>>UWY@~h>yDOw!5EbB-AMlVt*yT5ao@pL+
zcXtoqA$NP|Lut}wEZ<b41Pq+=A!XUhHEGg_R;bD<L{1|Su|d_6dZnsrkomTn_}||h
zLZhzuFurf`->-a69y0gxqTapx6Yo9rA_4MYtJ1)sl;O|`0MH)d7KuGA=9@N!pn3pe
z)LmXgISr{=607L^OMVnAxg;^8bctbk-C~|(Um2>aVep{lVs__Ph2>4sH+Avyzt514
z%?JVz+xd1)4Y*c`XrB-7-aW7JwUocL_f<hgW!k_WGy<WCvCu&b7W?L#1j75-m7Ryt
zW{#`S-W4-15Kyu0+6eMGxe2H68ek`1{%$n!(FO)f2;mG*%%}sme;H~^w@Too9AR92
zR0xo;t;|Lsn68y+4@}43TS~>~BADw1741MBFC)Xr$@#ITg!#}#got2W(u^abPk6gL
z<Z4`3*>rE5II$|jE;uA4<6PM_)3&xYpOrgzz5tb2?MTKrAGfQ?GVd6UK9FeUB5Z7L
z;=Zv0^j=qlVZa3zOY_@(aB{L4e6W&H?isk8F3pf<427akY=I>MTS<_W)eW(FnP&sc
zJ8qCxNgBF++uk+?0_9s=OV6<pW}egPwDP-=zMECw9vN`=1QCd|fjuBlxGHETDnG;?
zlig|j%GaTCmpARNs;Z)=r)T`S;xIOecLGZ0#NY5jX7NmmWaC$=Mm|B0W$ZY+4#2P>
zFRJmCHRabL|9n3B=d6BMv9wAAFfAJIq42XFl&{^%oxGdUyMFz8Z)FyL$N`8ZC6n>O
zXgun7&>foU>Rf3p2Ixw2HU5U*=#cd5ARNB}v*QeBnV_AIC52XN=qhU232|~L?L(En
zN?iZg8R9aZFU4g%;^IWln@F8WZq*n<1({NQf~Pn#et=2#5QIqRhT{e@mhp=l14nNG
z<lz1oVm`@@Emg^W>E0v`E`_5esAGdq>_n%4JaOrtH|&5lf@9HSPkD>D`<0J(jMm%e
zkl0)i#1*J#?rk++yqy~99j40N{f_B#bCY8t2m|l;!+dQ>I%~FcCy<RUWTZ{b7NErk
zdUf!EreU2n?^vg54Zbqk^oYLI8*Kba-m;xk7neVZ`OC67U~Sr!t(Qo0>z1CqcwvBM
za-9A>H&p&ZAFpDQpt+jLxIs}di5KO?%S+Cyqx!ir6g8e7o1N_ycbeG`nsX@mX3;Ga
z!)CI<u7~Y>SmvPWRr-qLO50U%`p_86vINDFYk={UB*tPWNg;jL(4>}1c~jn3@jiIj
zvdjAR<?NJd=W%>50D?`QPhyx1w0COnTB>Gcfms2kqp(vW`4dAodzvqWY^0Gs%PX_`
zrx(r9=l!q_8n$~HUSC-}q9<MwJ_a2v_oJE|w2EwBFUHgNM$})r=cCZ@nt2#{nrR4~
zt7~c~S9_#iJ5fG?=I@UD^m6^uC{w8+#5{VRJ1!Xifhg0OI^<yTWfqNy?K_FHn>c@z
z_V0BeB0K4;oKiG*j_?*Vxz6NB?a`x}w{mBf23{iVYKY*;zL+JekA9%gh!A<HI7|AT
zUp!SNyhEzSUnViHZ_fdxZ0wTWu9Ofkk~J2=Y6A}oHi|k3yLQWTCm{}@vgrQOJnkl4
z|1QzAj&z`ODu!Fe*v7^6Qu)=5F)=aQs@y24Sy@>SE}+vKRF?t?H!d@%3wr|)w9vB3
zxO#Dn8`P<3F?4NrZyyHjjmrcV+EG1W=b5d#)Py{1d0cawrbNNh-7Q+3wh0J5!RGWU
z*?c;(WM+sN=;m5RCVE``%Onuc7>g#>HFIkAZnPmy6&`%_qqiR&bh~>f1Q88WK=St6
zGKqcAi)0B#!|wC~ri6~pK3YAqWritc?~ZH4RAm)t^Nv%!FK+I+Xif#?v?}m)QqHFd
zTc!e%^C3hQB;3~1R(-BT{}#K4^U|$6mbER!Vo#kHVjH9H&My9;nf0d%>GI%5R>}f~
zr<lI>)d3<*gVgF0Hgy1L1DeD15>A*im9(Pw8m4@3$qQovQ`rKJ_3rKhg_NtfFCY;$
z9WT4jS1fYhnmxcus;E{kU;coy`O1|m_8)0~Kgw}pp0E+IZ!R}saL~=1BP1WIEt7;L
z<7++K1Kr`<$w|dhH5yg{mk08<9&$v!3v2>aHYNSmj<%YHUN!_vxcXGPtfY>QkI$c;
zGpsa(?)8yx_9zj^JJdQK+a9p`_3Ky9aTWnf3tJnTO3y}ujX=LZQR0+vw)u-KRy(QC
zRKrbM+hoQuBdgat-S-}tLcktAcpV<6+szn#nA_gw{bn@*a;+vonf2-KqR!}ES&``Y
zOx)>PD4NH(tF+TuhvijPB`<j;;>9DIzh4wJyps!it%{vTv<;K!wy3C&%InvQOq#T;
zrOOw5B@iE2lX({B3MW>;oO0vl&9cp93sTL@6x`T#CnKX9jC)|f)D9HCfy3sAIGpWD
z^qgnnlVJo&j47g-CJwLpGC8x_Em>~J^N6+1g?+qJL`VGcwpIRU81~_3l(0Y%ME_CU
zv6ykY*Al&2N=rDuic1AxJTmMxoIV$q96M@{dNT*i_8$y1KgVFF$@IVYtdepljbT4D
zu=*Xi^7I(PPVVSRt9JR!v^2h6K{6^Q@sa+mt*52efjjp1&$&lpA3yxLhY@7qngFvK
zr|R`>nTS-582cGLJETh*X_Hyb-++^p&>u=uH4LB1GIVVw$TRQApp`{LyQF)U>{~yD
z@TcrtmJHi1sY7YbR9H@8#J4E$dm{t+E9~({S8(euh`&;aw?L!vf*OlQJn8kF1I+Z4
z^~}d{K+^9drgl8|HlzgmDy&WO1uvK0R)T$SjAA#w;<$e-j$G?-@sK{jj5`R{)YPCl
zx`(sP3r1R$mp6`e+4`_|6R=BZi6t7^UI)Pwl&oWtGLD@A>>jD-YyB;TO=JFqw&!$(
z;KYQ#mlY4^OeXl44`K3CVyA?!Fby~)8~_&_|0{JR!{!x?#`^mC<LME-+YCdyZp4vp
zv4}>$;r=G)1C`2dsjHR`%A{&8{ub+4#CoYZ63O1nij&b^h<&l(1aG)m<&{;sLSzNE
z{@rIBkAA{+0p~k;dNyk4i*pij3)t;rbI~^9PFxT4ru5Cp<S8t@H5JLI`;$N0XT}YN
zhT`;%Nc=wz=hrJ<&-ymhKauPIzjm0JDcf@?3}d6cgNqs%-dr@VZGvF~KttRTB_kN)
zc$-sZ(R85=S}2&6{62`FguB0pKaF8e>C8fX%rPUQcuRKKonYaDzH?_vlGLQ7gez`6
z>-vUJ<@|(v0Wzm6Q0iFiZtQimEQ&KN)AjG<UrrUYMaT;d4vzZqDZ@gsyJSV8j6J(L
z&4%<wP>A0>JoK58TeWm1V^HJcdk=jBrb475RV>ZFMK;|H4Ry&r$XLMniV5Ne6Z#DC
z@VlXgh=O31XFj&zoH~E@>?=aPQZHA(rW!vxJ1*mz*<2yY+l%vWW(|dcgE2oYr~*!n
z8`QZ6Mh9{MwDIF^K=Q*jPM1d9^@dv)hF_qeh7D}_D-@+Eitu8iJ25}?CL!O&2-zZ3
zOAz`c1SM=xY<f&w5RmfYCzz#0NGLH-Typ*qCjDL&9p1kmmlI!t^$uoA(5$%wFAVvC
zs~%@}d>*_7QQzCA7ydxX?8eRZ8&<u)Z!@S6xfp%B>0`|g=bN8D-^ML9O%1Vls#Llw
zex0#9wa*0K0OzElnOf4?fAb=|F?1n33;-&_wr%S|A<fr%ma%T{m<oo0>QOOc0_Uu!
zEO^QmL*&g}&@Lc<p)hcpEGK<i4A!@pY0i%M-<If>!Lq1q4*gyzakCwBHVBwW=6X*0
zoBtp-vKEuxv|coilHYVVuFONfxVYGDn_$1r+~!Ib>bHr<?JE_N<A4CAu6zZ504czE
zUi6r)%=$>wp=0rql9B-23YP6jHCrNrNb5=~>qCVzC!0IX;X|D7DK8E4kmu;;gHixz
zGgf_O!$Fl8(tALSx=d0KrimVNokb~o9?Sq{p{&~1S_QlSz<M~2Gu$S#4%3KwnmthX
z!0#dT^hg3LALG}7Ra^n?lX#2vdPfr~I#0*K-=?z<;X{o~EPa=5*E=C)Y$Pii=TyBB
zsG+UUO~OFvx+Vb)IC!RjjEjbd%NCHbW4j;e!-Ydo)$Lf+JmekOLMLs|ymW}kv05B%
zy?HTQ_%2#*)#3fl{d=xoN#~=ZJ4R=1ZsH<1T6`08VJ21n4rV<iy<i23Hx~`FJ>Miw
zt2iI}N(I(AoI~jHZVYo2*Y;zv)son?XCo2sHFyHn{kM2_Jz#Zo`Ku*>(Oi@0_jlNM
zG8<D<Q@N)QGn~gkbY)vf{3xUUt5{jbc_rifA;jB+A55ZGm-pR^J66vmMwe&0wU*_W
zYoAvlH@Sba?&=_w!4tW;0<m$yBC`v&SPD;Bm-z-QS6!j4iu6p$&CL|~XS>`q{P_Jd
zcJ<K37ZI1K_<a2IDbsi5Lwl)43`ePRaky7cKD}^aD<7x&Bhmr(^<I+hlhW+~4Mjq3
z)6P{8gHqK=<oKeR+X3C807-svdPUM~x|1U4!a!>UebZpMy;vvTV_7r#aVNKXM<Ro^
z=wZek2XgQhfg@g6UwgCL8|fgCEI2hdI0&j56xU~9iTu<1xZBf5{Ti@U&pGS=p4e2j
zvN4&myxY~aa^m@U^7xHI##IF|Ylpjt?3v77yYm0}mf-r?8nYBo2n!27{@psE21E{{
z0B2bmDreD+QMxe(EBR~~m+*Bv-Xn(vlRpB;uzY6MU6E>x8_l=M{3^V-1F_kj8Yz@H
zNBJ!XAk?jc!Iwi!*@wnRW+@wCt&})kKJq<uyPha<UuM{m>z0De29$tn{utNlIh+&9
z82f!_cTNQK)d1za)C+O?8&=1Z!OdB$ycIWSb=<~WIoEw~4t*`0Chi7yOQ^fu(oUQ>
zAuW0EORVS>ZT6CAPbKr6Qd18ekkAJEep;{Hv@U#__kBpA|17<;-60`zzXZ`S^=#ZA
zIyEpbP<5&ncYPU&aS4$*L2gPqO`x=&%)(;OIy;ZIi84dRov=o_1}M&9rwuGR22nrB
zq(F`<K(0EM(M$IAH5*`0wqP=i_bAt(>6$D4%!wh9=rUHz2}}W~#exCXjhUj!=qVMg
z#MiN*iYzObHjZjHfcC_=8Fhului-NKSD@X&jbwInFqCr{JGkkMt7QCco!JV;N_TUn
zw2_+fu6qq%e(Rq{lLhT8zcepN(M^s6%%achFuLfC#&UIts0Z8N@Nh3_7Sj;wFqwWU
zmRunt#n-J0@Kp{%N$|V4q@?<5mQ1Elcy_p5Xz1cEfzTv-d(am5wuXiVj>s3UNL`Ue
zkI`&dOKoU~u*wAul#~z-_<|6XIE_2i>7UsA_z1E2*1FI!5E;d49zeHH9m|AJ;DTcf
zq6eI*=0@BgJE&H82?~9%?`2!AUDTk(4X)$343+=WYLV*G;QCpybNDOKxW@Kc+96(l
zw$12y(q5~-B<VS>83r@P9sYB187|bYEW7iDXS&~vj*?m~;zne#ac3)gNP$keP$3@B
zi0S6%y#Vg#RH$G5-Mep6d`fHyW3V0$$iMZ^*KEX$N2#Ov-|&?hG5=nm^W5v`TYe6t
zP~*r)%4VPAQ-Wn^BAG)^-p!3olyU!$Mbs>XW?z$)e7Uw{b>Tcp@<Eiy&dG!XVw(wf
za-Rjm*<ZCs|HNMR#7r_XJ7t{8rYJ<Q?a?_ree7l2;QEC5m{!KB7{KOW&Hbvf68YjE
zn%kszfA_Z!QQ`>P@x^;4hwhE|y1n8*51{h|5gkwKz7lQ9d9=3<9ujI*7YBeXJ}<^S
zfcA;g5^?~jisBcE@f)_W6tBCz=Xs`LKB?r~)(QuiCF)6OBh#YiPDnkWc0@VfuEX^l
z;~}&k_Do*|TuqML5wz_&H2&c6*>%?@HSGKabuS2^IY`~E4aMc+`}L<=ksiP#sc5X1
zlR*=4AhE@ih9e>5>B$CG;-5r_I2gop8_{gO%+1x_x+MuE9ENV8!`X_)GblQ?&$S1^
zx<dT}Z?bz=u7nWqR_Xn~l^5WRT0LbGLNLCr?%7ZWtOSNPchZjD13hS~^|76K8d97M
zN&;jWehhdG%+RcqT*U-|!f|P~+T7e{sOew5d`VrHi(vE;tK52}9_a_}F844oLVoUT
zOKuGd7CWs1K>xw<oNLb!&x)ATP%sI-CsM*xQMGax-kLqB!#i7&z+S6NycyT$=A!=*
z#uLCn*mnoVXm)zag#8Dc7h+IPfVT*)UJvGHtNha9BI~#>vz6xW@USrNb?Gv+g##eC
zt&&$f#)uGQ1P&YV@hw?0W`l!Oy6F;U)z+^kEN42#pzZW;*&?AIN_Q*6Fq_NRt7WjP
zw3L)n^b_OFel5yvt*tbND5&W!UTX{pA!2%k02u_o>TA(QGp+6I2#b$wH;Y8UWeKVi
z*;51O(Ng?6JFETfE<aH-X5Vv3*s-=G>DN<pX>*qTqmH(D;Dl{2Jlfw&?`T@}cFdMj
z(kZc2lxUv?DW3AA?@Fp&RjYp8h$ik^v>11JD>c&Je{nP}v%I9?ZBEe-P1?5uOMbn>
zd>Iiggt{&7kC(RYg{Mh!jnquZjRhHBo?5dfuuzsXf~Lo(rpQkil)v!`3B7y!R({p4
zpf6b}jE=oTOCOCXJ5He~4wG+8+d`zsvCF&JbfqwvHOyNdijCR&>{;%4x0)X^j9(Qv
zbQeOqvlM~J1X496Mb+85n=q9K`wu9e3O&D4)ZyAB_>E>(161f0;Igx08GYfn1qp3C
z--B+-LAs}J@btLH5)Zh!K-YSSOMkU1w=CoP`xRx6kr9V(H|b9wJ8%dj#O#-{m8&j6
zFJ<~SM=jbWDAMPNiLw~FhTfdTWzBYWIe#8#aoq3-UHp0hyTs7XhVuLMpWn~n9|i4_
zRmh{03e&H?Lm|~)wVgP#SV5HWF1Y58S3*J}yAFsSikKZccka5gUjcRPes|>Vh+D{5
zRrLVjUy3l|m#el@@DD1euCwb_ee>D?UjlXYtC&v#^xOe<1Hw{+gYV^Ei~3UUEOS^6
zujZB66r=W9|H;q)t}X}xI0jmtXR>5owdw>w&f}Im(fo{iYMs`^tzXlia-_)Ww8E-{
zA@#cDg{S;vBgubqG8Mb<If&WvJxm~_V(rdIPw&ELIp-)Fh891)e=jN^pz!ND6_;QI
zC{hAGM-rV|tBcdfHE7;#kGRj?j%C4~H(PgpI>g?2j(5O4wrv7{W#)!kVJ#_z#(Sz=
zos*WO<0t-lhC#F@CD-uCr6#jV?g^P^>_X(tTTQ<)<sBaDI7vK^Pb&RJ5Xt(w+OIKB
z#rcHo!V`pm7!Ot#h;ZTMgW6Wvu{a@kJ1;p(P1L2rp$KWD)&*eqYahUR8GXhw^a|TC
zz7NZ<zE|hgdMsWVhxE4k_U*h(%g5Q2QGBl)!$W~zU^@prJE65X&tut)`J|q@P5(I-
z3WXb^w?<m^#r>d6`dRDl3Vn9ZyyL_lJIdr66Ah>euvd>^u0(xD?bN9)Mwh_L*x7Yq
zK#1D^C&u&9t6wN7G2Wws>yUy?&X91|_wbV^o9n%7Y>t1jO@Lkyh4w8dgfKd1t1DZ+
z#<;OVavEb6;oz5NKfY;TXfjC|VLxLOdIWcN%-+`Nqt6c8zuz?HEyY$$vUkqJkNbj)
zS!E@Aa^<j*>w*%axUJl?o<RO)rVX~m+aC~XDg|A$i?jGfXrM&URLclj1iyrG1cK)E
z7^uQBuUN4{cS~@v>So?9<&Vu{<Kx%Er=8A_FuL^)(M?w^#q2eE@i|{f(R)0CXwT~|
z3E0Y<;~Wb#*Uh^y*5RqL1eq#Iz|NK86ISbwENI5Xb2kcUGmR=W$0<fJtaXmh$GD;d
zB{v!N6QzN;ptsXz4FQ^U#dR|Ve+aD?x20p2FUTXhK<?BV@&!zGpS`K?-py$}>|xN^
z3wt~4=9jNtt+vbe3JI~l_7;=&gn2@mx#rmPv~tQW-{L%$uq$O-bRRJi3iS?eI5T}3
zXD+5g%Zm^Eg)zL$&?|4c4=;&?$8-Tx_(NzM+;Ed3zhV!vv4NN2^gB9zx(v1irl#z6
zTM+{cy&FdEN1M{{budS<7V<8%FrD#b9Fk5Rb4e~gj%<sYR2N5KOZ>?rYamNv*jo*t
zzL;IfF~a=!(`#P<tCQy|sP0Y}=|`xE=kbo+#72RoQT4fV5+9^eTft!AvMiSOe8R#?
z4PtGXpLF@G4j(#Xu@}NTdmEeLR+wJMF-2v-tiemPZ7*27^15HD!Va-Xr`|IO6r?EO
z*roqS7Ho}u%EClnJanEFH$%e51Lyq>-RWy`XDKXDnKAc#nV-*1w&pY}<uIoUqlxvp
zJpECtc|`awI_UjZk4WofCLS~68TP8m+cWPY%QP-5)J<Q$gR0ZOZh6}Lz@o_J9Wk<h
ze*gT8!f!mP0or9k)@^QX81aR4@6~o8T+SzAkooH3({DjjcZwe4;6XN)qBjB^Tw`M+
z6eBmbxYS%6+%>cIy95vEfKX2sv(?59#tc8C92xr$N45yGFfC>1&rs9S*bkF8C&kBy
z;+C3e!wXs)hWR_%+us4z%sfp<VAMG(I>b-y@qyU*%<Z?j?D^>4xKq0+le0Q&u~#p`
zUjr>R5H6@S?>*7;+FkQ_Fl@#sPWnWecSFQide>4IQ67FBlNVEbeB;C4P*t@(e=fw6
z#r#k+!YV`3NjZsyxTp-^<jvc+;pkqAp1;tdrKA4^E&yTN#p{z9oMO{e+6+DPMfHNG
z-oNksU7B}Id->aCsQGmLmK`c|zMBqfR*T=$J9F$2#A(Bs=YvzGJ5RKXg>sl5kRn^y
z*>Mz<VAA~ax)u832aYjd_VM7QOxqH+Zw=<;GxQnXZlhA1b$J*{*_v^yWVM)2{cK+v
ztpCNiRyz}SuFW@Ow>+Blt0JL&+t=0>0PKQf(T%nMob<?6@kH6DmH;6I_J0XNA#Bd9
z9-+P`x+RB0;Yx)o8_53t^JpE_*VQ@5DrT|T|NQw=?i)I?RH`)EZba@;b}om?8L6iE
z8csj@q#aO3Oq!qs7KTF~O1ePN4_CI|m_*<@dFm7zD`=A`S6xL<u=KYR<*HK|TR?eP
z);GjGEy|{>ofy-Dm&11aJnRgd+^*r_dh8)pQCwn-(MMwH04WnBoP8?d(BKCIP-3JQ
zWLZuH8#W>|OUp`*u4O?6QP*V(9zP9*Cr0a7sP<aS;Je=3n0#vDksE~z7l5?_{%OUa
zpFE}d`{E*T(j+BgaYPZ@&CVVEI83xwk(`=+WQIU|{F*8`L5wHg1z{6JC`I<H!nOu!
zY;a`)?>Hy3zUvsPfx%r!vbJn_3N%s(LS@5-DA-YfB!cT%?)SEl+CXO%J%LfMOu}S(
z6JxOCS;lP^Tv%43f&q!J0YMk9R#pZIFOjpQ6|!@ctyK|tIkXAAFKa$UD6SDglA<`_
zMA5pCw;yt(upT1%FL8B0L7@#+q5$;X6F9@{N*2`oZ<$W)j$$JBKV!;m8S@LOJ@+|@
z(12d26M4a0z*x{I4@&b2^ntz0kkgd5qOD?99*Ftb6hY`ytk7zNL922M;0f9r{JjEG
zI9@hjahLG15_NGAp`s!XO5bXI>T?XhZn3t;GHHsf#8cgcPWr)VB_6VyfkJb7HmjJn
zKAiW+Dx~oP6P=q{1Q{Ux2kGQn3@s6!yiBIw>uImn06&ru!RgmZY#ie5p4hEFtX_d_
ztyBE*$hx-*rd+FE6x&mJ(Udwaju!O!vuDM+pE5=v4xk7xo2Jnmx}^B{ZumT8>oQA?
zTk!W^vu2Hq2PNQjMWx5x@1VgGbQwi4CQLVgW@RqKc|KtaYXmQfwV9*T^!`%GC@Sj-
zUiPpEOK3Q3e2^24elfz*wOqrncJM%z$oC37EVM)cw#t?_j)hTfu@Jef;yvG^|7^7q
z4&U}Mzn!(p4iJL}JSlwi8*`?1nd0lcY73a6prQfBD>AP}N%@cI>uZ0*$iOJNANouw
zICf=3*{+80v@@68$o{@j<g7dZdWX9T&B|NqgM&J)gD=eMu7(`;7nTI@!x&Z#%j;r@
z6<;Nbi!Sbl=F@jiw2y`AE5@<wCd)lU5K`Q7o+HFxDw!BjneU{j(y|_dH-w~(B~@8j
z`9jQhkwycQ-_7s^gku3mA2x)|E-J2sa)EK1O->vK9vc2<B8Qws76}wxj!!{g(Jnaw
za#sVAnVpv!CfXd8XdR`<wwecR3}ct;VDkdn84F|GUL!YX`hK98t&de$h<w1Se)dhM
zzBt1e+Bb#kCZkd{wX_JMN(2xxX1vp@(Nu@<A#MeI#xxdH0JM*>ObbS2k*!vx(uS~T
z1DNc>ZGmtkwb})U84psFId>H+YtaQ^M9p4<m-#F9P(*GA5AiPcsd--_J;ksaHs7Fu
znAllln>GAoyF#NF(dogkx9$)JpcG&kR~J%oVHx<{V<`ot!?u=p#rCVcj%S{%r5&2{
zGqc+k8|64}l}8+*g~cah<TgWkdqzga2clys;mN}Ct5>(A4qZM7>zMGoCG?59D$$jH
zFj5@P=^J}10*J}q>L@Y0U)ow)D&M7A+9(+MZPLE0>t#W9R+jWn3*P+((3pa|9_qr9
zbO`?GyFd%~OH^y$n%!+S7ih};*$(zGY2_vn5eo>XWYH_^!gp{XpDj;oM(O6>;N7l8
ze=(dxcur}ejOCVFrbx$`xAKnbi*F7vf3|q_eWV-$pw>mwfv%*06@Agd9Y?pimd%z}
z{)?0z4r+ozJVxCY?bn@K3wNU%!{>=8F_M3Im2P_%c9%L$kVv26u0k$p3TfN9l6_?n
zO29m!hvZJtW&#u=?0YcAKvYks)-IXvr%Z<CP(L1dM@ZC;t#K$P-8eQK!`;L*EKXK8
z#t(41e&9t{miJ8at-|kT@5KM!*uZU*nm?Lq*yF=D-waukwcTnj{1nuFl)uSQm|kdV
zUBMEm#rCbW_-4iA`{wxyTIY^EI>8HN#)I&Qi$WnM!qqt0Zx>>~3Jr?K&V8e3ETBn0
z>%t0)y%&(GU|GIE+XCG5sxHjT$TDadcx6_ek64c2T*F*nt^B`_{K#CXfwlX8*qHdP
zOvX|Ce?#dD+fApF5c!cKo?I~2*kT`#p-~{L4rc|F`=3xIVpf}PwzZJ$*%6?}(5ceW
zQuI_8_q7o=wFCh9KflM&{SIljHGxuENKc<mx15kn#0P58dcm~TfPwNIwd9W<CsI<V
zIbf%tJ(@;)W$qm;1Cw@{nY|ui@}`#%6Z;7pM>|8fvFN-xYS-S{dgSNF+o*29WTKh>
z6~P!3gw2^_Z{PaqL4>pJ=&$*0c2GMpyibS!&*JW``{W+kPCaz7bmX$txG;5}opJ<*
zkk^1GZQyXd1i%18<X7N6fO~p32Bc`0YdwY1cWB&>3R}|TBl$1yM|{N$;faqLvnG21
zCCb%m{Zt!5$_3$WCj+0Tk={3<sw)!dyMO+B*`R+5`=33Pi8~E7A0q?R)z^F8J!H>)
z-(OTvaB^~TB{Shy@^v+%=pn*=l6Q(|cEid{I|`BjRRK(=qwB^(c5>>4xr_|e;S2OB
zEsxKvFuOzy0`c?1?xO*j+3hoE=CMmy_J`Mq7DSYm@o5`t>pP)i^s$^QEEv{i`w&jC
z-vOPiOElUZ4kOqrEi;hhCvl+D@)@Sskd~F9&BGXIA^V$<ZUSt+{y24?J|nosDfk--
zg&vLvg2XVR!RE(4x4<Jy37uJgpuGRS8n-%aAIuUu#{6XY*=l#JTqRlc@kNCA4a%Bn
zr1`fB7dddcOjfeh4lS7%@U!0*hxpX<?*0iIJ1T9g4=)Tg%|7%TGbQ$2{)~1>6ZoRR
zbD-&aUJW5DKQPf+kq8ajGqFb=o-FGockhAL_9-}3u)(#^8G*f(Ws2hxuweRX!9N9C
z4v7!VP7A~n1M{S%rY@o*R_)oj;yreXPcR+tpT&1l9a{ShAmt2b8`k<G=Ga#>y1*ya
zcDguq-RD~$u^!1&Z?*^<mx`pd<i1WZKzowWj><{;=DRu3!$IG|<i+9>rh-#9wR#x%
zP)~o449fJM#Rdg`{*NMMxr0!_UTdoDK)tc@%qFT#8sr&UHg7%;>vQ-Sq7fubL$eS~
zVPBn=T{y{~F?w+>7bUUH@zg(gs@rE3Lny#heEaXpn?50K0pEN^djhUFQ6+M;QS5dA
zIu;4{GybzMOp4IiO2`F+-|=Seid{@(4L3EVAEtA3bVP&M&sK~40z&8bO(Q81rjTN<
ziiSxkefKesXgQuK2mqv84%;43<>#aik(EP!=f3Ho@9+XPUz=ka-?{NZM|;-b@YRO5
z>5Ry0512OWVW7a8?kD`0Wa?0{V^A8o>={4={)z3}FMMbK0#@%vFe^y573}TMgc`z;
zT3igp_0XLItE<8RlYs+cPTeAv$UfLXeQcEgZjmsmoqz9I-)K*t;R-jFu|K~*{}~-X
zmUP(tHi^^gMXGDVkwxBlBjpA3IW&J+H2i^@BKQG}{V*1pm3gx|gc@QXAIA#fDVVNQ
zoO9*-cNuD}!SFwgRMigbl@I3F`I5fo%dIokTBWOMQ_rU!&=*M=&SP<WQ}q9l_1*DU
z@BiOr?~v@h$zGx1%3jH67-c6)kz^&hY#Bv`s9aK#$cR!hLPn)7p^ONnC=H^JxSyYM
zzTf-4fA{^@IgfLS>-v1&<Mn#3*XQ$Y-}SQS?%eCGr1Er}<sOM|;qj)B4xhaK%+3V)
zm#x9Tq>)&2`f5Ye-@#|k4ny^YegdaY3tO-eUj%z+!XEesrqaR^``g<YHCqmQ)T{Y@
zR*A%Ret3{=(~UQ41spk#qub>aL{UD29!b0#DkuFYG$)N1wa#kTjw`<Nqxx~sATGk1
z?oQHGLTxY;BVHuu^v0eY!P|qEHeIvFP8WC}5kEm1N;tJ8WSW2WF^9eWWzlE|q|Ww6
zqw)q_{}&yNr>AFsRh9+sdSd!#$)GC(&?H&IG1~PtG=G6Vp{t<?X1mSmWo?g)T!x;o
zIJ=PHzwihm$r(JJeaL$rE@re;A(UQ{eMTuu$w!aZ5RqLd(RZjTVRt=N*Yw%^?g8nz
z1{ce^z4)=F!q%N5BipuY*%vkT$#D&ATR{KI3BKfCgcP{lmdFL$hR(~sw<mGRhfhC`
zA5bZljR(98aNK(Jyh?7t$$sIVg<m7zP~(lpl(%xUbKA;OA=O`xje>sr<L?6HGw99;
z@&+~6tG%atJ)Ox{ajpe~P0>pjQa)5_@)4!9jgCZ0O&9V2Bl$Pm=xi?_9hTM62>}pC
zz#q{oTg0-ZydFfat{}+}$aytV-)Qs85y**X4ImU@Q1~r=JU+tspPz_<g+aOlX-cxh
zOagf1F33IZ4n4asd_H<L{rgdt%$UOWNTO1)FWJKUNa)nA2KHkI1Kw_(J{x`P;8F7)
zx5h}5sfFLVKkm%QwJbIotQg*FG&m)(x;;ifGzX;P(|7Npfo`GT{+oOLnD`0`)69nG
zasiaOY}}J@b3u&lqLNBHG`6YumhkfvN{KC%@>)#Q0;$q>e?&*Gh}@gd`de4?*MIqj
zOTz81s>}+T-h@BiJYkSTR~Nq2^>$|H{OZUzZGFzUA7xV~T3MV=@C^MpIol|;%z3ul
zY^;fCC{oe4kIPR#gl=kquXa4JmwZ1!S(7rQ6p>-DblrH%xs{T*#;7HBm)V~B`vJRz
zlJ2PpU-nOdoDrEa>VUu=s0HC^ok>l-(4Jn%AWKz|jLh9B6sn(BSg@}8R(|q9$(6;g
zJB{CuB%i*XSBb~6P&eK1er#jDg^a@e@pA{AY5uyr+WE3@eBzd=NjYgXOZs{Z@f17g
za>)z{)|AR?l#7X6`pb1E``-n;ev!!6SJRa$PZe~9#^)fLzNIU!G&FK6q8|F<x=dVu
zvZ@yUTgVcjkeFgTO4B7yj*9xk^*4Mq_{W4^-AIyH#p=&R)gOjBpTrbYGmXA?&#BHR
zsD6{HU;dIGcRS<vOFDzbKjo<_xeIJ5tzr9(uI`K}>{N=jFfVY6jyh+puprlWSVDGY
z=h&MM=la7MUCQ0+qXb2NQ{|>7-mS7fRxy?%eG^-ZlZejB;jkx1<$3h~J@`FDt?Y<<
z@rFrin%qGC??<%d&xc~QU*$*FFDS3f9%+@E8N9Ok=lxf{LjLI0CA0DQ%>e=aZft!U
zsVrhS@UEB>o`<Ll#bx$HUe&>uq7QU}MhM_`w)hg)Zq*IPbT3<{A@Kjm5!HBBEhAa#
zkKV)YPExf}UkALl(fRcLbn(WYt6yL6os<;+!1x^xHQ=i*W0^6B!hJFEzZSN^{aHP|
z7E=Dt6h06AScu?JHW3j$TB?`ecEd1PSn~H$+)@4Tt`lM({(M||zt)O_ls)xkQfhC7
zh1#Fu*lg98Ba6n{RX?oKVa}OSynpnm<?rqf&qlU9ITBVE@4Lo4TM}w}^9S!rMXs+H
zJlXaubYT6x#opnT74oxn``xNn&tAy))6wD|9q4CU=BZkVb0zNyt3_>W-u+J{?{Y&{
zMrL4W2%Y28t_&$ACe|3l94MX56|g(8eIiizlHid~bqOlMECEvo7|kgK7df}--d=q>
zJd+*JvvZ17D+@(l;!2#c>B?lwN9#sbM(_Q5DFq!=C-0cu%YVO!bzj|Uu{(Y;?%DB>
z$`?=j4WCo)Xa8!X`Madewn6X9ulrHFGgKZLkrUK)X^ERW@B3A+t>C-Baf8G46i*tR
zb>q?}8J(%e5Ax>DL$1q0p9_H8+)kM)7#JG*X;Xm%y@yj{RQ(p$k0wL^fE1?aEQs~1
zhEE#2mv3d^*UHf!(O$Pf`eOH1=8xWbwXI!{Zs}^MxGd#n2g`bO*Ehu*LsCEW2^~)V
ztFUajde!WSms7on-e`@7i;bDsgP>F0Q3H7~aa{EJ?o-<%o~T6*2}Eaa^-UE2`zdkf
z-;oCS#dn)Ni0)@;d^p;^Y5eQK<+<OgjSdgF;LXhN<oHK07#nK@6WUv`yPKGpny)Pi
zWwsI7#2ks|Z`qw__~|j7O7o?8?YsK=FOd~_a_isC(d&D+F#kF~ePb&-4f~N(QY>1%
zi)qFbsbBkkgbs+*E}xsrhbudTQAscG<nQ=R<*Q#al%6Efuq#JxKHd4^IQH1;;xeD*
z&E?g_zm2D?S<-*y)zAu^50?5^#@RR|FGJIXWv@jz_4ZNvLdL|8B0cNF2Ocpo)%zXO
zEQaLM;!3mT$8?3$54b0hj!Su%{~@)kj*P@{EZsj}DNkL!<=Wh5zMJOC9y8Y6h%Tv!
zo-_^6xoPNoGV0{4u+Z}*J9G7GB&)hWHP=>|#d-s4QH}>+Qr5YT`z;KOF2Bo<c33Ju
zoBw5lZ#?Y!!n^s+DCERMWOZqRl8_GVoMwzUZ7VK5%TIiQiGqT4TG6sE&ea<;9bw;h
zET=6aEb8}>Xy&Ch#+Alj^@)b$m8lUgrG=j@z3=kvWT@xDbpNW(tfs#&;Jmlh&{~rB
z?8!G{IUa||QS&dK-DZtW4gd6wI)OdvRez_E%SFLaTT8HKb$R7YT1|l4Eu<p+gaf!l
z?W0{4ZZdS$=!iPfG&Ylm%{V!P!-j0{(IK7mpM7!n%J+Q~0S)qs_Kd(v+`R@aw^MZu
zVXN~pjP7ZB`M#y-2RjwO4!5Y--?d)T?Av_ua(80=MJ73)!a(f!<f(%h0dMlsNk$Vm
zEj}59hPGa14PEy~%5LeNr?dI}PZqXXd$I#%Vpdwm{dv+Wx&qpn3)U8lRcZN{H&q!0
zn7!n@xf=E><Skn@-Q-TXv88K&bC}*m<d(_rCNp#v{2u+bF#oOKS<+ZqjqB>~_QudF
zm3&MbD`rR6sU~>do1=F|)dI_u0{C41MR`3y91ytyOGi?U%HC(C9RJ|$W}F|6b?R3C
z3x-PJp6+@n^e&K`_2cuZtL$*<-!D%Blw>A;#pZvjKehf_TEEezl~-kn+dLZOR_A`d
zY_w`8XGJA__{7+07%cf`{Uclf*GGMG-W6Jnl|Iu5^6^sZX*94$wae?t?RS;$m__53
zh%?N~tK(6x8pG?Oq~7kJ@Xd2COI6&7?&&eTx3$0bLtbU?jSqfdmtW{Ss`;>Y^-)^v
zwAiq$SzvIq=SEL2_b)N^DZlIDyG-9+-`cFsUS_tG@+Y8PPw&IXyT+B7cS!dmT4rd<
zx3YaO5VF6)4YNkzv115%93+Hmuu;ExUdj}*esjuxbQGc?ZlW1%CVlj~Hy}g;Ezj|g
zkgVu4S6jx4J^pnlBf%1S?`TF|YHG>PD}BEN9|p=ly3s!7Nb{ews&frlR{R3oLsj?h
zqk=}KJ5DI1hU?_`UOs0FVcZ<QzlFnd6YBP~{aI#@5f8n6cLy3}cqt~(IZjOph=?e!
zV^3_cYeAKTJR{str;jV@{AyhH#*Z|#cxQ|NHrE%}5}stR+O+@-!cLw<3?{e6l_y7c
zdxlmx^lMLxhd4BR;*C{UGX91h302<m7d_$hV>3U08XbPinfN-S0sdz1BMY?a(}{vr
zt&DWMN)%}OiJ+kIU(d&KXmqt+sJ8qGk|(bNL}{*mlrJ5PI*j#)0q|-1Ja4j4Ze(s(
z*8vfYNb1ttw{Iid7=7oL-Zs@uDnVo&SkG<tJn8D{>gjQa8u%1AattF`!nw`Z(MoB(
z6wgVRBY%9^s^_%M3mg4JUGP-q-MgCXzCzsGL8~jL7Q<ht>j2BgTR`Oww>qIs@fN%@
z`^IfG?U!%x2Qy}fMH23rJ)9y9YfYHl>Fh^R$)C*}!n!|TJzf;%jy!b=NoR&VIZgSm
z+>W_|mvqX_R3Is<A-WVf63Y<OgI#Q<8`LA5{;Nt%$UE<EjBec07Y1ehHPn%Z-iaRV
zDeA%+QBy}4DSGJ6=odc5rlvMIYTKj66<Q`gopeSqflhs!n)(?M5o8UdHeUbdOU;8y
z|Mqhm?kM=ycd%LzDhgi%OWjK}M^rc5XaQ-^_c=o%a$zhHSdg%8pgV-?SOl&B81av%
z2P4|im*a=+`1kXpc^oQp+2m(g<c<IZxEE%7wfMJ1>V7_It+cPU0<6qzK79f7OkfVr
z-4sklv>+VP(2?1$#BKxri98-z>(NO;jPY1Lxc)dgCv-0Gw54CTz=M34|M6W!?<BAW
z!%_&F9lm<in0Z51CklL|KV8XL7~#)gK^ZZ*c<KCr`V##-5-7983X14xb{vvPYN00t
zXTXRD{@h(QTcRnm3JR*K&b6BV6;hIHVPP?QU5gvCZKa)->;ul%oz%%T+N;%=Y3jU1
zg!tE8p$5v-4gv>Jva{f@q|@&+FM8N@OV)Cekxp!0o(njY>k7KBF8JS@YI2e_n7L5!
zIdao=*2HF)2zdS|wiNbh+P{c%Yq>flAl@ES3xN)F?yHM(7t4K$&i;cTRq>ao6kB$X
z$P7dnqP<!-Y~Zge*CyiuZh*ny_)`$FgM))G^(v#u2E!Hmv+I&(`_reNW7ln4z<{Bt
z<8up*gg*-~uq~xYE<ci6K)~V>=E!cwfr{dJ645dsejvO~Z3UL}AtCsKPe8!V&`B6s
zph&i>aNqtx4b1WCJ)>q2v6c2=2l38{(E;?0u#7+bgfDP2Lrj87=meea%6@EZ5ZfHW
zMzB~5n%lNroxQdD_G{n)YBP<if6u;_*+3u<?wV@Rzyg3+m2IQ~7(-&W?rYYwY%DC?
ztxqc75d6<oPp>RhH<ct84HWp!AHc|%XNOG39`oD@N5<4k2qL{2EA&h6;~2W|6~byx
zt$R%4(MxlF+w)1#R97Q`xt|`0INC@1aroe<{7pJiMp<D<5`6A;<j8*TAXv%b6Ub)(
zHvdmNy#PdPfU&3H(lg=TXxL;IDE3GS3Bf1TF>f<c5~9QOq$Kw|51Z#o|Fj^1=z!@5
zIb9p0peoq+`Al1-R^X|*xw#A3m$o4qCNy<KPQ!~{Fs2Wpn8)tq7f8KzdIMz5!v-{&
z1*8wj$+sLUC4<?gz;K<L0u&@AvL5ymc5aFCABq710oFv<zhXwi&in=RKv2*u-nKhH
zuQDS~#Qby|fUcV1u6L$fJe}a?4Z^~g&z&3n{CNpf3-T+B-iz0n^BEt(z^^TIb0AXy
zWW)-N@13AYYYRn|$5=+pWOo0tOC&EoN)FoWj%cL(BUZNHN#)IRyR21R?y=3n1LClY
z#OZlRl+w4hKI>zwuNPN{nHUZGce5UvKYb65ADpa3PHDi~TJiwmBh|i+kH_qI!q61#
z(OK<)TzJ^dTAWAQed)V5rY7kq2|V)@rDGvKDesTRMkThMd=E~_J#eIe?`i%MN+HlM
za1@X4a(%#aLSlLLkz~DYCF&s2e_t+5L+4B>x}xr7>NEX-{7hK!Q23#Qm?EY-duDgh
z)&h6J&EZzR^xZ4Vl8EF%@nEx*<3<Fbo!)175zK`gzY>-60FhrpDC<v7GSmfyg!rV8
z?uxroEkAGa3<x+Y&|i+dl5onf&La$Q6a|tvyzubb%MpPS^XC<7Hd<fnkQ?VnEk7q;
z!g>dB(%D&Ze9NBr->5;m$EqB&gUGObDH><_thfI{L?oV-FiN0WzPzj#>tAX1N~j<1
zN^@g*_dB-Xr6S2{Hcs1o&p<YG=`S;;I`qupmgoEcUeu3s5@NjP*l9YBsv%-R$yU9P
zF@Q(59AZOK9gCMMwkFoXKn(E3Mu?c{9^&f05R*ce&Qi_dtH87IxoemkrSd{r8hd@z
z5>D{q;^OGLnyR_<&O(B8gKVbF@YKWBizb@cK=YeREW!LDHC*ck1X#6U77nS+m@YMR
z&4e}l^Jd$bhjn#5u}*hqfb)SEaJzblzxGgEe0-<X3pIG)dOf1ZD<AU$e0kFGwC?uw
zJJPU^h9F~tGKB+Xvz{LF_>uQeK*EX7XvtD1Nrn;S=B{!JiiFD#D<NhamE5f^H~Wdq
z0F0^k?{CV=lw9xod>@#(taXdU(+F5}ap}JvM26&AceqnFm|pPOx+fR>8`$reDN-w<
zOTXat#yIwQdZATtx^B+pr0Ov(r4##C0Z^e_P?OGKPT%cH<p{`kbaKKL`U;-J{IP_`
zkt52(A7KzROv21jIhU-5fmE$6u6yj~>~HO&bW@s-5d-89GYIvWcW;`&Po`>#Q<SbB
z)|VlP$aRx^gdc^r;KR*IkDMJ8v2Bq=h8-T4H=n{!cNX#puxil26EX++p{InP%hUJd
z^*oM`e7=5s9HzJ=i6b;uC!W-jgOo?J<YEE%ZqkJZ8lzXE`A*7Fi=8GJl&u&+)Wbb|
zBeZ)o1V{Dkk00k=kUBog_TN4F7dlXH^Ns8v{$u<fr3BLn+GW0Oen^wH9}6W{%LG!i
znq8DJ3UsmXJgD6JTu)Eu0o${^UKWd1oRA*u*4rs#MgF2PG=BjnpHW^(Y-pM1vgb)F
zrA-#+b%188Kfiwzy!b6rPg(G=Rs1eWWd;v;h;m%frb|taFZ%*M0}E2K^}k4C7fn56
zpoQz!<))K1>+8b;9EqcavkUC|`yi>Lmus-gW0vw&>~X`wz*fwSU-DE%9pPiOO$9zi
zSH6GyW)m9Xo(1u?RtrRe81&G6XaDA1vmIlA^>K7=uNgpX@mb?$p0eU|n6Sn*2z&RG
zHXk4BG>yup{uG=pS799a8;lYdIhzs$!(ZBC1%tU_^uDtd>a|P!`zbJOrCy$p$yPz7
z1LW7JWLG-<HB2FraZJKQ?rlWQYCD~cfn#<z{X_T!rK!at&iDM21sQvarAEt9Ej4Q$
z;w_B<W9K$jyNio-q5jdM@%Qgh1Mhs5I>?@vm@BELCvbwdH2t;AB-0#53-lmE=HW9@
z9v<VZ!38B9`A6fg-GY=WO`t-2UWlvJWtelWnr;bkp}5BjLl?y3`xP&d3SST>c)c>8
zkkIYTELV3?wnJBuvSFj?cMVI_o1Ks)3T>pNNprsF8FLN{oCBvB&r{qqWvqN_yl?NN
zKw-QO>OWttB0KB;!_%9;^7M5SQ!BfYlEGmk(hBKgDoJ-zGiPUJGFYm`k1k`rWwFqv
zsB7s{pupN0sBB>Q3Pp9-yx|vSi0S`*<y&MPdl$`-xu08=H7qIMQ}Q7y8#8V?_HA_Z
z$FDzL!YPb0@v|{^7XSRon``0qEBF!Er$og58Pm%fq_InhkWJGNuO+ij99&=GV9v<U
z;;*5AV-|*Gm<i^&{ZV^w!>N<Lf6?nXZ8&pS;4_huRuE*g!BRDT=N0{nd*T#(pFV|r
zba(Bmf;Q9L$ye}J1Qb8x6?LzvQgQ(ggK@pXbvbMK6g~)WayH%L<umi&i8WuTzi;rI
zW<1k8Ax=G}Mr2(;o#D&C<oVs$8V+K5O;{2OuWousLPw1x<~^=KQ}DD>e`?Cz^_pY-
z{3c6+%9)EvW4N#g3mYy=^@pUEJMQkqHv>yru3mEAe$bAKQdR8MxXt?lo#5VJ|24Cv
zsJ)=Y=$<u|EYS%gG^>@Yj;d_yxKqz0uun=%GHEGFY5lEq>z69cw&pvGG<^DdbQ?`B
zwqIL&pq+v8s<Ni$Nx2_0QgP1EANQQW35o%UHnP-;PFyNY&noSEpG43Ta-0t7zRD&p
znTJ*qNi@S?-T?M{-RPI%KA_Zxxr21Pd1;Q1L+4qv6!-A3NG6NBOAQ>i_h(pXRSaA+
znwycCDVda)_8f=CnN@Up%8%Z~)6y|8c%FyX^YnPjhNO`l#x?1s73^3}Z0zh$F47uE
zd_pj;!{)VpOHiOY%KD5R{>f7PFAOJ;f!6DqF2%F9>e|F{oQOd*=@YS;hT#Rh7)K)E
z3PNQ8+iQZ}-x8c5G9*y{n126uv4K=qSLZMe1=CcPCY|6Rt7Pz;?I$dklDL0@99BT^
z)O0<h)e#+Z5s<AEFBPlI&&*(WMDmXn6U!{+5=(C@nzBEq81@O<t-HIC{tlBPmuz5x
z_bI_+BJCFi^_udI&3g>f<Y^!F2`1ZETeq4x;2lFGT37frCYQs9*LPRlE0=rr*v43D
z@yEXdT?uwrf78v;k^iryQKrSGcE6n`7;U7djz{XQ7ve`wYA$<M!lK0M1+m4u{`B4V
zZP$C;wiW0WN{b1Tdi(C3*u|t?rAo;Uq|oTK-dx(^yLZz0aBMJ3bXSO}oq*89`+iXO
z(Y6Ujr-H5Gw+k~gKeo1cH5MCaUEBV%;)+Z~V=-stp)j>7&ndQ2`bDtUD(N>WGW_py
z?RJXZ(1w-hn9umR`55F{*j^p4lP0^_hY?AlD8(aoF{m^t*oS5!2uiT2;_#T-j1FOg
zPHsDSC0iz`t?K83OpKlFI|MY?oo*V84b<+cc+XfSrFquofGGKeaZ7)JFvdcs(^?O%
zeDF54Jz4wU!HyiYwY#$(<?Ki>B)?8oXi&{+_$OJ5o2cW(uEdk>ekKw=)rMbxZ;Ej!
zvIe!0Qdai0?s**2XFBKv``nS1iq-T3-bN~?^@R?!Oa2y=6Stk1v`&&;IP0!pPQ6gy
zAI9;dYf2)SX;~YBFAZ05S@*!TGl@g~sg=rpOwIe=obklAPtKkhFDr%SgfXgGXoxVp
z>O^Y+3^djcE~uesMtjuhaF;X56ldksowDk6!9^dzk;8QNpu0SMs?dp;%?xg~d(H8{
zKoYB^s4RV{Ykh9pkBnIuPOUy|A2U3So<erVha4WQQy6^n{qWzmDrf7zO|3lHPtaJ~
zZ89;<kTmJYn`fCrC4m-ZT1G-znr>G46urq_3KXdM@bZxg?MTgkXs#T($3h>0UWzzL
z-`d`?m%M%t+CtbG15ccIQggA(pM}iZ`{p(-B6R1)Ej-#LvYz;2y7#-&zxUicJ9kej
zk%^t1P%4)^L6BgD;?+Xlnho`2Urt{KA?EiOh!Zc_@z6_wk#THS1`N)GH?(L<YBL*?
zmNlqo@n4Lj%_!Ie0Wn}KP}I_tTzJMo;ate6#;cMFt1;cge^ddHb;#VMnukZwFJWin
z4)PkVk|>?4#@f0(m&Jr6yI5-qD!PuPj<4`0x7nTgF}n6b_Un^Kc=CSsP0Zom6jOCg
zjrP{|7Jo4J(sFm~3W-JPdle<HA*J#xV6>d1<YX@6+baMwl($pnCHZ_g<W5=JIRsX5
zmwbDA-2TbrhEq$vle9-Z9~@`Xa>6aExb9rUD2wl0l>s0rT!KPeTx<I{rR$SPhK9}9
zpAwAb8Bu3uA$-D$HN93Xw#(A;DLvPeJ59%0eHEb%j)S||UOZlsk}&d45x#z<j;>qv
z<(19tOQ9Ya5V|qY({~z+jmP+BM2)vH-`kzD{->817L<iTHSa)GPW!WGDZ?DboZD8H
zkK=N9y))sL%|ihgKHJK5+q<tnfLBiDkPqrOT!9z)!rKZKWegqm@p65@Km(o;J@^=r
z14SfDv$NgUONkG48_nHz>LKzjcjb&c-+ryEOj(2IHsf~7QssL<ZjZ0YK^%-$_BJtw
z3f&hXOEEb|@lb=Yz%g}*XfivNV6HMB{t3mMJ;Wgh`f;!Km7ofpThlK3NFX^!epfLk
z>ae!L&lz{PiRX&Qv)qjlM1l5Fs7s1U)rQ4z;2GQCIp%7FdBROL%1H<S^O4uvYeF~Z
zjC@$fXRsj6b;{+BM(3gsU4icpf3A6_?b@7t@dl2yFN<MF!d3?^X05sxdb0bl+M>a{
z`6isXgHt-z)p<kf8+*vq#gkO+2puiNY}k+{d*(`1Qt1@LlEpJdOnq@7V>=Lr-|B?Z
zduyO(+i1eUDQN$Juqpu<g0`s~Q-8%9PLXT0{9e&%lJ0fP6WTn~_6s{8-ArT`GQEA8
zx~tSNLvaxXMy2%n*w^liQ~T2aQ+TC0ihw168L#i$$PU|R$T5+O(!n~?FCXddX@?vG
zDP1gLS{r7M14ksb3s-WKiR7BHCUWf8qOWf~c8MPi*pn($r_)!}osH4TnxpiT^UpJF
zf;ID$JYU(i1r?trMaNFh4dxPL-r%YyQwl=+&rno^JA{SKUb+#W3jG{F7NJWO*-3Qj
z`N$xX;z~#p={~iwJFxdPvDN=a&6!hNH0rG%WAfpauovatwS&d_@7QmB#S5!t5SsXP
z_gpTiMR(v!g*62?^i#GI*o)FsA{gI0BY5qbC`TpcVEm7^bdilo*Ltw!ZjFo6o_hwH
zQ0H|6WpbM=yMTr<Xa2F!&%J)g$BEJ9<=lN&ZNIn4`&UgzCF&lEX~n;IrTeX8t)@e{
z6H_p<f6c=sZmC5H{$5k!j6t>?>y24XZjWUu5O9ZqllGhhqfW!NT)OH|WNykh(<89P
z-_e@xI#iZO3MmY)CZ}O^)H%LKm3CpZ&bcHZ5n=w`9g>ogG-)zUZnEzsztA3GE-u?U
zPsGi#-?G=^O)6n6;nuL)k#Q;v_Z5t^uxREPL=%JH7GKKJ{=x)~6Tg<Ty^MSJ%(4A%
zwojk~FNKztcA~pG?heW7wg$KFq#x`7PA}uomSvF63TT=x1rqLSPQv<&(~V?3b);mh
zC6UMn=A_SUyKo^hi-heiAli89PY5{3E&K_PWlKKgz1z*WO@ewW{RR_xTj1!L9R#Lz
z@w9lvD<Eiw$^EL{0KP2*?!j7kh<Vx>c3=#^QU0pmOh>p6#mw8@wze{kn<Y(hXyp-m
z=wUv`?kAXQ0)>o%YM57{Ek(IxUA00J^X_ZL$*4jLws)AeZsHoSqv$!Y9pUQ@?oiS;
z`Q?F^rL~}?5&+4`Z2pc;Jd}YGx&P-WWHWWeLc#1mZP+ExH3`eFUjRx&Ktq{_B$<OD
zDDgRpdQzw_<>>y~+`b)Oa7aSD*MlBA7_rFqHZ43_i0nPU+O^>Vb9G~*K^E*5nJik<
z!Zck$v{?Kx3*B8fz&seyZ|K0KntO>^%bBa=%meKst60$oXwr(}wMqm@&(<2M{`;-8
z&nK%ub(M_CCOc15+rH2I%y~^9Wia9*YjB7e7)2THYq^r^ACIVHX1*Q@GtVB;gPOkh
zTVhS}uDdeV4Q>p!YxT9_Ah+E67lIRnxKLx=)4A+ix;4S)XBnhk;Yxh7Tav1KcQhB*
zC&gHn3c;vPelh0=vzGNHw9XIni>-H4Jg#w4S-)@VZ>1w*Os;EyLpeR$Y^E;fotxJD
z%vO>Lb%la+b@7iC5nteJ(>y|ZuO_9Wc-1kNwX@AxNXb%zqpzfSM5Awn5FdcXPFX5I
z$s1ACx!XlzK3lo|Xlv_TXT5Mh-GOq?weKIS=@BcV+^Mh~9{Z@K0X;=&xCrlfK<<Cd
zWgCREMCEbO9GLmkL<Ht3z<pJV_?p_xiLSitJ4LmnQ9sfl>jXMMwe6w4L;nihmL>pN
zTgK%x7jU^q(0@LC!h_~b8O$;lm7KU6(dnIk80JYUEF!|1va8(n%C}31ie$O#VTEAf
zv;$YJTp9QUGhmh&x2f3?lX7+=y1`ykL;e}6y(G-VtF=ID&%FnI1FJ;_sU`F0htBt7
zW8^9Le@EXIY@<@!(VUr?m=x&g!}iK_|6Brz7I&|?X5<V$7;rr)a@%-6+vPlD+d7I|
zaUw!<aGYaOL!idP2M@Xf>2Pf!MQ5}fgb3EX>3JhyQQebIl2gxbb*0-J1y6OaTEEni
zBI5`CnpWH%^p#d^O=McX?H$3OIYg6)0MTv7){#wRNJb=K4BXkkrO24;ruk8C@Zz}%
z2xyO|MqNLKaw+x=PumS#F_?H!Yd@~BugqC{DMC>ts&-UHPVW7yc&lkZyvTqmcoEz+
zgcMN~uemYOJ`F#HCb|e%=W#QoB_%CH{~FO$JmdfMoesA#C#{eAr^{{XpVU7I(0(jE
zt*@`B&!9$muj`|J)>7?kOwNha94UrfF>BW=+8^F3_9CJ|_+@zX&f)SuZVvMMcZ*Q+
z{y3}bt*m=!_=aO|U&C(|t*?OA_-NANf$dq&`qTPu&%=01==PW*Q09SGjt$o8$A&WV
zO3f0@yK&#BAPrAhuKvg$fB}F(Jh^WG`F(Y=R{*g{XSR8<wUS)wc3!S<Kcb0{;R&X-
zJe&pw1~UiI6#E&j`4IU~K^gX5Htwlvny2)od?pOPZvZ!vB%7{{yYN1XoBl3{8m&ZA
zRPK%XKaQb%IX5gE6h`1teh(+$bnpsY(AS9>wtK|l&(Fbrv;ApBctqk8yqza;Zk820
z%ngnR)D<a14xApDU5g+(+&vY1Nwav)Q+~l1KZ9TPL;0<cgDqoHdOB!_HCMD>aJaOQ
z$6Nw~&%8<?os5XUDarRab!Y`v`Q&>3wzdabX{$bp8}=^NE_IMUuj9YsxaH>5Gnv%k
zg4<SmS@)DFR0*LN!~vEa_B|NkmY*%9oA;Qc3VztYjzb%1)ydM~CC=56S_k^}(m#Zr
z{@Q~Zfu<5v&nm~H^5P2wIfCFVYL)cMOswNND8C|(Z%AMJwRj=8f=$_I^93<=-p7F^
z0W-5J%F{L!ZJHfC+okYw4i8kxD5n^*l(p7>fh2nJrL~zrvj^=i31R&4qi@pNIL<4{
zQ+dc38#!Kjej=DlKtRE8RXb)#=k3}O2W9feWuGc3LpK$VX%4U0Ga5}1+9o>E`uc;z
z!}~8L3Eo81;`mF50-GXc8to|_E#}uB%rq)e@l=NI9$Y6AWkn(U3g=zOVAnA3#xC;{
z<p|y~9x(h(bSLHE`^2CMB09_e5BxgRQ&#jP8gV0MTq(C7<@LOqEGDd@y-@Zdl3iO(
zjoQ_fc2x_vk2qL3Vtf@iL|-@yUw8gcqB>J^_TQzDP#tIcgjPCG?WtNRg5fL6;b?ST
zy;MBHHTO~L`~c~1rQUAE^Yq<)ltYjI`8Kk$@L+85tQ`Rky`Gy}zSfX!34^|b%L?)7
zci)z!Q9r>vhe%#%eXWy0vAAuRMBSPcXg}GIn3%YbRLK;vF@k(&R^`x1S_xr6v8hYR
zUk~S@$cE?faeMngC?%i1vESDiHH?OOiu3SH$VBNH7XKx3>TB9R&7ys`K6>chKWtV=
zI#|O$iC_~f<2tl79bwRPw_M@=HjZoa4Td~fyts|z+~PZSLMajjxBwP+6aiXVc#Y%T
z&g3`n5|p))-)t<5jp^<sJdH+$JANeBR|AUX)XkkJwv42&0fokz$b(Bva5OzLCZJ#+
zrNTUDvKy9JATygViXk_eR_O8L_dLW!-`VocE)p5BLpOJd9cxmA&&2fD@@rCnjTiaF
zx5-1cHSRZZB~NDN<^sVQ077dSH1P^19wfL+@4;wD?F{LiEQok|hdRz8h^;z={A+&x
z2+}8SEuufGVV%Q%0}UNxxxPL2Ffnbwg4b8w;3$~T?Ck7GPnWws>@U3!9-G@UN8>dy
z+$3%|)Ks%0q={IyrevMeiyEIH0|)=&irA-JE4Z`~^h!)-oIdaQ8en*$rRW~^l=&Y&
zDCtQ^8qn9%>w^B<=WWUEjSGkI6kw#IRv{P2Mf>&=@HYHqWC*@SDwx-f;s??x8r*<+
zxdjECF|$YTAp(~LrfFO`wj;%HTbh;#qQ`#4zh+G1$YrZ`^DV(?kaz)(p~p8p`gOxD
z(}cv$j}7RKBFBBy`0|x2l~NOrIkAolm_16dql#Q80*o!=>KVM39nY*qwSb(2Fm(De
z2H%EnePJp2{PpXO0P2zc3JG?bS2EO>`3CJlSi_^^#doV&=dePoF38&<h5;J}Pgita
zs)3380`9(hJ#bAD#Sx~1<G`LX*)`s{vb0fIlXvX|>ziHse^h&vKDtZNyp-fxrhd9+
zvvp~<-Nl)pA2tzU(xd|%mx_wW+YV7FWNFrFrnkt{Q&Nl+j8p84b)_azHPn&ogkz~Y
z2#1$8BZ`SDkgv)#H~aBhqk3%pV1?r?W@BM)3@L?=&BWC7S|`O!XQ3D=yK_x00?p)D
zKFxHarS4zdRimhkw7#cZq~`TlhZt9oG?(CPt$8dwJ#YrNHTE^xCu9Bfq9W*$Ef()g
zqZCWwiyaFQ`{H2WoXK{haNCBz&m0*gqp&@oo`(gJYIGpdD!9|*uw?HvZlUp-HXuqZ
zGow2lHD0%`O2$da%9<{+Nde6+5#i&Lv*-UAJ~JMlpP&D5)M+i_)wXYFxJqaaoNjGx
z1$KDLp)28Ihr>;0jtfumZb}@=Qma08r?{3?iaIIB8Cl8^5jodT_-q24=Tyod00l>;
zH<|Z%R^golQpy+mn>HeSyF}%s&^O08B2F&jqdFZXa+EmNDApfme41wzrM>R8#p*}^
zQ#I55rpoZJu%zsH9!wST@wH<K22@u@AQt8K1R($~81O5NdvZM2nW7gL+nEFYX?)M_
zE9#e&OnrTQ@hxHYi@<=4T`@kdznAd)KE^S%ICJ-jUdVJm80S9vmn=E!X^(u}cC0zD
z0sXhIVAQd4-&9aKd5c-+${{Ylj&VuF4$5YMfkf7E->s>pQ-es>RJt(>zHsTY(n;rv
z+SmNDtQ?ZdStO%_7k?&->IEUvVfQNqYUc9g3H(AZ<v7osABCygTV^RG8%#a<PL#kP
zsA&%DJ+)VX3Q7SXv_-QnC}YpPVwa4Bod;GaFnY-Oz)b{G6`0C#y>#u0FdK(Y+`PVw
zEsoho8DL*T7Duw$8rj1!PnonaO!owClh5D32Yj4=2nPnP?On+LK@c)cxrB7HrubO*
zf(y4;uj(kdjx^G<R(n*Xlh%poYvnOjw{fiB%uRGr@PNWw6T4zuXuZ2yg>1TqM*&vA
zW|LM!tfwc>f+;UN1%p2DT0-G`2p$K!+6({0RLb%07sF;NdiCZX)>wL7c<W=td0yJn
zGz(VK?-G&k&YoT^8gV?gGo9(wgSg7gsqBhRb1Et-(A#TXNv#ZRm@hikrdIKZpl1^k
zZ>L=LDYYAEJX6m^q+f#~D|>!BkS4Ok^1=uCBB*@iV~g;sp%@(BanaoYwGJdmj!lPd
z-MWR<!KM05mQn)qlv-*4ItTiV#aEkTWMm}lT8~O3!fIrm`8#EQQUOz@@PqAV|2D`_
zv9nrPw6?}bGbV3up6t7s>1p;uS)U=7Cn<r{bg4Duy6PuM*E!__;pEpj`@fn~WWt|5
zLH0&V4svK=&kqMiW^t2*d4ix(jT&H4LIRDY-RW7ZNDNBo#W4&511LzQ?7rq2Oi@w`
z78n8tuk@hYp0XVcF{W8;!siCy#kX<KG|t;h|6gF?Zaz|n9vIRY&$|fbK7Hgii#aG^
zztVzv;&kw#T`#8jD_vW#7iS=xwG?*>M@=s+TSDgxgx#@;e*FIZY-arI4V9qW?%g9@
z%wyCA^Ox3aCz+WErv}2c909fz(@tp!&Z89rfLRE&1yDRKw!N8&S{vkTDHz0yrAN!a
zCSJxv!(N$iu(-$t`Hr~ud3E|Q#(I)9{v453lJ~@>5$1U)T;?acWA}`J#<+cZ<Lgoc
zMZrVzidF0FHMpU1CbS=dmrY0p6E;dw8<{`PH!!F#<S~nRA9o17D!-Vv->bNU;QTG&
z+*7)@P!1Av8R|*k*4OXp1yk++IomBNqrqBjXF)Lm;dI0HlHVrWW1MyFI!vXz5kdB8
ze0o}mA!~cVsC_?=zy=xp1k%CB{FBh4;M9GkQT4?w`tOZp;&R2tgfJr5MW(Z5*E#cN
zwKrLqnYlKdp*l=#T}R$*Ew8F`?XAYqpS;S>am4VR6g}F&<MBf$rO&*7yuUc8jjfbf
zs-4Ag$J^O4{!yH(sy7Yn8a?QBtHVNUV0tP?#rRan@Gxc5%_&}Aj<G<sVC~|E=GNB6
zW0wJVi6?kGr=3XhDY56%yfUfy{Ue)XHG6Do1T(YNBiqb&8p67Md)-$d%uO!Sgv(|!
zz}b0_h;>T>XOjJ){mwaadq?g`5YWv#Jla+RzGxu-Eip_$cP=|3zf$m*$=}|7@$@l(
zA+UfYW}i1|@<ADLi`zGe$Vr`gpql;wD^!g+=R91<0_&!Q&5|~VQxR);CQGh3;SZ9N
z@<vD;3UbPAQ<#ObSB6@<wdL1Te4ws~e3YSK45#n(ZRBpA6SequkZ6ZFeXsW%4^85E
zE}Ag6ym(yLKxD&8JFoA6I^CdJf~KO8c);xlJ>qh2qq#C%>0~Y4qIN00a`sy>jj|^(
z3b+CdE8L}F*O^|OX3boM+uv<KQxx-R)|0nW3Nmpfp#S5|R}4qXj`lh5Qx7T)WQ5sd
z(mS(#wcN4e$uHG?wQCOUZctS?#l#q_gXS8USL4aL7~kqkr995&a_Yu>z=4{>e02Ia
znLI@z#wJk(R2HHka`0T@<lx`3ix>>|)aJMZ6<zIuld+kB@jfQ49Y+*yuri!ZfeeOA
zjw99p_TUQ>^n-&UviM?NRz%e-!gYx3!=K<$wSj?da1ed?FYb$^9_fAFWPD2A+m8=p
z0l)wBNp7T+8GZL&6lAF7O5KnVrj)dk{+u(++DIyD2}V3`wkyTp)KXkIRIuALG+v>P
zh*Ym9Sp|(wAyJ8l5JNCOnnlZ57rD`PPgk`-q^Vsb8Kp>2iD|P}_ePMjKBymrjj1J#
z?jByJrG*4l&3!_6v)cyWh<?mjT%LJvCXG)K3g|?42Jpu~Jn67BYeJwJZ|k^T8hx$@
zzwBmD8@B42KdsCyuCu$LTmHNu^^&B3w4SIw&Zr+9M9{E*zinjb(+dj3RAg^5W}3W1
z+%J+xq+RP3;DoNp$!C3$OD3HkMf+eM5kX8V<4Rj|{(~~c@F0_yJA%b;&mGxLb?OxT
z63%x{ry0ZVb2L|AD0X!wD^tC~B&fJ>3hA9Cyoedll$$qiGTnaieaf8X3Oys22Ju;U
zT(Q!PYk92p`o=T0)UDUh5jhME6_Tu~*5CK*`3TJ6+!W5H?qvpC9;kC2>mzEU6Pb)S
zk&<Atu}8cavJhYyDAjiOyJf!XVtAP_)!ae!W93PIkfHVfhavb}D-1(QhE&Z}hFW0{
z0j<U#JbwMno8SMakmU{BHMdPFasu5O9<NeU@G<=b-YxuQ*SIHf9>A=cEqN2Y(<Q`F
zn%@oLl-RLh_1o~~x4R$*(xW94^Cp%>U!|Vv!ts_|J)ndsgqy7$DI!AkdR^XTar)Ug
z4mUKMIQPe%;ZLYM?7wH^ZY>FUN>7G{T$qA!EBhvt;-w=Fo$6EsxJk{=c??EUA}j4Q
z`<cKs6$jOKe}#I*eaQ3GCX1_6zv{j>wCtTUIf^}W{=<MyYs!VnP+?m3H0U3EP&`y>
z>^k{l^s%RSp*!$*ocoRiz*f=GU0|wgTQYAo<4I(XHaWAf2MDBZ;0J6T#80GaSDH<*
zX3-<79xYBA3*Mz$&7q6Z>xP=2Y6WpcS%1GAyA^nBmS_`XdpwDjZi#_j2hMPlHyQoL
zz(%Mz(*o?8Eby+O3K9>w$y)F1wI*#q`y`9jw;9uP;p8AL9v<(Hy;DxY#8c5xn^E`r
z-e0=?0KaUH`koQ?xIo{?>jz~+zRHBOB094*2vr}bgQ5lM=gB@nT3?<?e}3A(kl<q2
z=Uaub2D|5q?~5n9{FJBzB3|qzyxiQ}pwqr!RC1CBzvhpbnM>%ral)+3mq*`9xnvW3
zF%%_mdbbHm$sZ2LGMUE>1TBkQz1P4X+pAmJ3{-h)Lgl;EhiEp@x7~IS;i=c#ai4UY
zDKWNSqpZCYb}|P$`~3WT+L<%se7Dq6FI~TJgP7Wm#U<|mk<91WBF6m_SLkykMxYr+
zDAC&vKx#H@rqu!wHEnBNe^cvhO^v|OBo@64dujU9`)sCWX6ujxkz8BK6M7*hC+SOy
zi`4bdNh*<jXx_TxBx=>+;o%vsJAcrg8ZW=XW~dy%=sa*D?=cm)h?zHID`AoLXi2C!
zG86)jDOlA@+K2a`W;9LZmv9|F1<`Y_7a<1L3%Z`;46*cM;GET8a0NMB``Z2A-sIu-
z<ng`XnyF6+t}ItxQ)F<>zek|=wQMyVqw?2|>*`p?NG=4e^Y)|{*|ku)le_@`BS23y
z<^d3fP4@fVxro*YGc7U9ZUASN;gRDQcNszNV{UG~Z=Y~$_Q&I`f47tpqtw)<3GlS@
z{3le$=Isp_*0A;^1a1%V^70^WCy_|7;3E9S?ENu3_HPpt+DO*oj|5VQKoWCRjaJ@3
zY26Nt#_a0r)4nS_h(kn~%648IFehZ){x8|Q*r_E20-6R{MtlsOl(Jzt8}F=awR^4O
z&R+a=LdK2=EuMLfP_7m&k8luc=z$HBZ3*2Hk#ImKxatsr?dLmq2`}(WxK|twW`agb
zMpX*Jbv+G+wQrxA%aw2*X^b|wus>6-dH_yfnQa(0)SeB2AqAMO=@d0Ix2o;e|3Jv(
zPr&s1Iki(QHJ-#;ji&y@<DP^&vqx>BrC6)afH$M2@}{~f-O--v?)UI?qq&lml?6lc
z#1O1ip&rk*!X@n>bVGdSIg*@=jGZUe-qi3cpc?q&yXn&7fYfkKq93;%M-_<KE{4yZ
z4s1ZG5rH3I#%}I>yz4SEnO8I8_Q*!>|J-?>_j%e}eCoYDm|gJ|&C`qWacnJ)muqWl
zfuoh6$-vGze&{5x?*_DM*9YEdWZ-8lEi51p(e*Dmz82+CM}}12EuX@@huJ9Vb%WU?
zq^ihC6cNpl`)$kH$Rsxo3#(Njw@syrZe4oD5X_|2I^5ND1OO1ORp>jGaZ0n!)eio`
zewMvUUh+C#vP+ir+U@OqG*8(~wAJx8?HwHKp7zr36l!}~N9N>6J3IHh)mqi*p8usw
zF4S~(x(H~6JUu^_(~w1>Mc++Ngxq}Ib+`NWKl?g_k9HWC0d`N1hH!S38Mal1kOG$}
zYxt?z56LQIwBUZYl8Xz#BwS2MNiik6B6S4EtHKOa1D3>?EY2H$78h?sKPftbianTB
z>%BYwVOve{yN6g3I=4-hP0|w|Y<t|j$Cn2`LP6(SLPYuq32k&;cMR(byZwM#9BuOq
z68)o>7woRPF9JEn1G2HOuq$1NF04Y_!4tNp(p1M!Xf;bhd08rM-PL${kh9j!kR?PS
zgn(`!`xd?%bU>Gi%fY4QP<#*9JH&m{*d&ew&{Tx7=snSyDm^BxE83R<5f1ZBDc5$i
zRT!dT)v>9onzSW)WuHLC?81!KG=1X`sD5L~D34_t82h;t+SD!&)fC!M*u88_wHb3@
zxnR^VC6P{NXY+NHksrmiLLG}q>Ng=cozoECPXl!V#A*Y$SUv9IAlb_y`P`9G@C*<*
zAclM`KYKLFL6PC><?fxXA2mmC5hALjy$9R=b6)RP&v5Q2&5iM>TK6xc_^rREA3KeM
z+qS~}G3s=zEzzQscpyzkS1ATxiAF5@(5VH<eFadI0iD0Ir%Z6l3&Y7UE%}@)Ofjf|
zyZM!JRJIgiJ-&-x-D(~0`h<~u2e<)VY_66cjR}TS<{tV3o!9)YUw7~iU={dbCPR(k
zKV@5KqCNkh_HWP6+#=1YK{vmOS=<$WQC>-LZHp@>QdthJHAvV=$YM{%F{7m#1?2De
z2|fVygBQJr66%7#yk@W4=u{>BBG-5og@mq;@S29Czl2vJ(@ipIhu-GRxZ!Pum2Ftw
zU7LVDtLcpR7evLyoU<E8vIWhR=Eq?X5xI+wg9P#i)arR>u}{nvf?Y!QrqH5u&JJ<r
zl*YMhCoG~E51N}N)m|LLR>X6wIQ=Id*&ddyybxVkK7-s4DBtN>plw{??{UVNzrA-v
zsQ!=0sAy`?73pk|piql#qDd#+-Nl3WxTm7l(bNME0+u~?ZuEC`(SI(5V)|So-JI0U
zR^mM|<2`xhNKs$wa5q06WMB^mWZ)-2GYGwB#8b@Z+2iX5OGeNHP!`*DVb0FZ*xTSs
zq&fqBnBLyGk>u^?-3P${M@zyUPdyOK>8z?`l97r<3gU4xK_K_JWQ<i+2wSAv#}B3p
zYO_462*=b~=e4X_o7d7gx284+P@3ob`DeQ^GsT(c9SmKL9nwn9v84Fr#=~8-0oeqo
zl^sPjyv<QKOlACnvctHIjSPQH<>xm|0*{|{b{ZNPP5m8%!sS%4=Hezg)<4{?2i6RI
z2vP3e&y;vE3|CcPpxVTF9IiP0a`b*!2+&?h#_3%N=q|8=cnspa<&&Ciq<?E_&BH=B
zh>^r!;s1_=yg_}EvasG0Nx=k@?RyD=ir$jlDcdYD2oW>knVHF?9xV?dDVsS|W+0(*
z8*_CMxdD3c%iJF=qb=Q1|H<3wLVr6JeIw$PKG4Q%a@6s<z+(|BH+g(5qKay9h70qj
zpLy;gL-l;tm8<RYD6CTYECVY>Y#xv6>e2LJn!`$x)Y%BKRz8Z+;_7+AhM#FjNd`3K
z^&PXg9yb895PvoA`Tp(IwIQ35s09AQ@;j{dwLE=?X6@Ln@`CfzlGN1Lf9M>JJq~Kt
zysiI-ZUG-vHvJw^bVajAIJCS-xP4qA3sACVE|&_bVAP&($6*we=9J1o)Ho6iR`T>q
z0Nnd?HD2Y~ziOA1%5de8>*PLb;N|JLiv}6vS6wL}5YkUXMn;}vDtPHg!KukXZX3x+
z(te`%YHhR?1&@KHrR_e&wwFtlPLP;-+PY2yh#}6{gQv)^`#qXz%IM<9fdW2-uK#Ug
zwA;l+P5OTe?}mNN{UU7)8xEW{dd-s>0<H1Ul|Msw%}?bX=yvI5B`&rlp|3U+m=#gk
znm$8^&9}#r<cfOs)yqIP$Z=;plTfK;5|hLKske+L1I*2lFc+Y~>w6&=bOMZPDJzda
zzN7CupP7jh%jDS0%;mR&S*z0nn#xGYi+S{F7Q*yuCM{k}>f;v`wMmW%U=GF}!P!;O
zgI#geK8}PbJsVVAFZbp@+LFRr-8TJ{=4=1|e;dBxQN&=WJO0UjihI<Xhi88L{(Up?
z_{TMN9jyh@PGa>N>PdUU`D*I_dqX}S^ufIdL|)=0KC>%MLL^+QISGEE3{!%GO4!wa
zN&#<qf;m=y!LVi=Lk)crDsbB|aL$O)nxE=1%be$mIf=*xc^_L_PH7>xPDjdiBDC~G
zvCgAKv?8%Nl9f0=V0>z^x&#Vqbm!DFal;uC2`aoyaq<q{iaPPC4Pi5qva&^xQ0VTk
zh{a?9Ku-*3+cVINXM8-kkVT5cxGjv9Ds!xiS%HgNKw#?gX9DsSZo<V~p*qoXs-FMF
z*THUisxa+8kA^7x_oMKyEwUxQw$f6|+!Ak_9-Uy|!=>WZF#YvwnN1g`)+eBB4l-4w
zp*46mO^)H4)RL$=IZi`ZCt@M2^wu^u3GY!(Bam^q<0KSPZE1H79a#8=GZTuZY|Vo<
zl{7&Lsq19~k8Z_~_FCC8gf+6Yo9OQ%QtdBjU=G3397qxQ!zJ6YT3d}HMPgXzVOvxh
z_G-xkH}eStHpa(aHAY8cn732=w^lv~@;NlKKHS=XmOHlRal!bHTxfY|5e7?B&3|p3
z9FhF8a^Zs$SKt~?QT=`*p+$PpZw561FytRk2xejno33i{gZ?X-(0vmkV>WS2ZLx)f
z!B=2@O_cRz)?exRfsk#jem|_Q{@;7u$Mk@I?Egi{>~kpYaHM>H`ylqC?R>hMmbrQ4
z@`C!`<UL=3G%XNgDxRA1mH8p2M(`Pmm*gl{G!C?-A$TJ*am?&GuM7OvGUe{${i<?=
z^D7jgb;sN>VP*U={~S%CglvcjZR*Z<jnQWvn$~(fKxvB7F>-0{R)6W73FTN!Nnz%P
z0y$m!-IByOtB|;zCTBQ(2X7r>SYsMsqN=uML}WKbpza?A4ELaJ;UN9La5Jy3sTlFW
zNfdO3L_jwfL&R^dK$l+Kj6H_^mDCE>#mg!4U_t1yW4D}ZO2DzrmeFAv$E|;-nE>8A
zi98_i@RsebDfb{5LkDw1!4H380Fru4Rs0KSY35sUO4(S`AzWh!B+ALjft~{}?mEWT
zP;H@MHgY-UPq?P?j~+b=>@jnhP9<?mTQSt4*k^5Ki2lKNEXu7qI!<4IUbFe((07D_
zB;k|QY~1n!p&6}ghdi44g-ZDj;6(vxd{EsYxYLBQ1b^cZ@FAZU86Uz>SEh~q=;>Dv
zAs-2<;{{4mSqbU@nR<b00xjC{X9AcB9}*HPEnZ$l>usf;jeMe*idT-39V*rQ8%Y!*
z=CC}%o`y_R;hvt?q|G)N>ib>ipcB;CQE(1CD{(lu<)c=eUuK}At6rGB(@R*P(6?sF
zb+(i3#<34TK>tA*sq}s5{<_4qJu+loLpJemx(qXNYstLz4{@&)xOZW=lRw=dmCo}0
z#jqD1Np$r#N#qj{NIo%1-o&i6P1&I+b#~Z?&12@w%I*J<H8F?trcV=JY&w{83^76I
z8e=0Gz)k`UH9b`aU>OzW;=)4G?>*NFa9XnL;YS?pr1WJq55lhnWfACzXAtlvF?-nV
zMY4AzUX!mwYu;G5zeg;tT2hSxb~c9U+Ae_$0+$TfaIY}!jZqhbSUygViHVU8zjq0$
z<$H(v4gp8IG&JBlbGhh+j1rY2p;Bd-t>bO3B<rj)*#@URAnss?#h87$Y$+c-=>Nqa
zv%}Vvuyow!UsdV+jxoJfRiu>PCcwVE0m4_;K&3+(7%NBTNYMDG*ffHTK__jAR=zI$
zg;HXo|5}>7ry+j9g#b@0cTC%5x+#-?a(_{BYq(rQf7-&~hm0LC#)t=qX6!>zo|uz;
z+Rn4~+WoNbRbC}(>WzQO_R5x48~TSRW$~uWY8sCY>-R1r0vL{LR#w(nBZr#HnVB&g
zif{1i1$hGxnkq1ba1fAuqN1Q1T#!HxWw^&4qhcS#OiY--P+ePZ%_rE{`wW<(vNMrQ
zAX9FqsMaQP<XSr<bIVlB;!bDfkzaGklvv6HK=B0jb@(C+MdAX*kPAPhEB%B#B>4Z_
z!laL{d7L<zs)Otu4=^!$^PJcLgNAKk_n)X+v)n%`Vi3RR$1{oJxVz)j4HAaE6H4)?
z?1+Q3&V1K81n&@m{rq-tOtPog5#ni~jb5>!Q`F2TetG@rIWeS6H&>JIz9f2OQLEE1
z;@j3T(FvZ=vT40sX~vNXwS_w&8*!uvSpB0!@CwmZq85L;Wu@kDnw0X12kV4~cI(ty
zVoEPjJ9Bdz_Pih!WtiVBqD1kQkBXwIs!#rj8=Lp*Gb}vcm~7mc+aEvCL$dpMA}pI2
zuX^3Mng+;XmN&Vmh(#EKN9MPry?g+Y1JPiXQ}-Ad&px}}5G3HKA(XR_QyHo>LJ2xw
z6r;6knHU$;9|(2;+pqO)F*5tXxJE3_-q5Huq}UM>4b!4KJifbjkKgd6na&=UwB2hM
zGNs*UN#^alCcXF2N7gy05+)Bc(jDrAhQV@nqg*Smud@?NYy#l`IEgkC@cT#3^f~@L
zEc+*hFaM{FRzD=fqr#G1wN`!>#HH;`pCfFaLcaR)__nB1A!t0eYd(2^rMG^rBxGtx
zbxsdJ41O98P4?d=l3ib}MK-PdNz5~n4qp=ib`=+{$MfQRSdzErE6TZn9p$FWbv5V(
z$rKUdfWezu_L*-L?GE0Oe)(Vo)x4^z>b?mom1_N{tBJn(fW6xTwr*vraPycup}ZL7
z-;qo2gcW*-k%g%a6Pb2|#!r9^$1s{z&~};2TlxnE7I88YKCfon$w2k_g@mBw$VW+X
zK%9z`SWAWTPO>V|hb`SCwd}*li6E%jEUx}N1Vv5evJw%)?t9lRoSk2dg0Gdi{4GJ)
z%~dvakhh&+aJ9bT_q~wVDUjz%fyx6}r`|JiGeFZ}%Pw)=m0K)EIMmVt2C7Ul*Of!i
z(yy&Jfu^vaq3D5bt9UaGp2B+@Dnr>k92JO)lYwiHp}qLXsATVqC#|HE6gCpYrfcv&
z#Z3Yn@h<>q_saQfv}VytXD?&;?ENs~8U8Z^jR+^FExsr*SxCbTvJvLF3knXf-EBW?
z=|(5m#dr^`tPj@(^RkQf6y|De-xq<G=aTdtn$Dj7XUR1aluelRbuTTytOKwjQH^)W
z(6jOyYfBehbE)>_+QCcY&%cdykZcv4XX2jW>eH~bn0W89_K@(~9zgL7^CEkAw;nLR
z9&x5=WQ^J`{%vI{p0&0w;k{uk?iu>?MY&s*mA^vy-gF4wS!!t5U0^8)xdwI}7)E5V
zdBFAcUX<jo2e-CQd4%^iNaY1D%Ktrn)X%>FWkP=x4ycPYpKym0;pcM*|AJV-))SbU
z-FB<lB%|wi*856dn)}GdSI)kmIkMZ4qS^MJei>STjO1=#S$aWjy^;f3Ycsc)IkeFX
zV+;s-1&49CpUf$sw$pWza_@mA9!=qCCNH^JtD&3RnEP{=0+sp&dMB#J)<8R(zC%`l
z<iJb4dsU2}-9Rhsq0y$Et5rwZ(EQk2%%8$z$p#NaT3p9ls(s7oM_cR1DyO(6i7t9$
z(SAAKGjniaE}hpel3sj02cW={^_=M2Lv8KtUI+RfO#^i{zn-x!Q-r0O+_CG6hi=?^
z6kV72hY#CRGL94Dyvr%&s8(Pn0Jf_-B}4<FB?yxdpaUx8ZN6`rt)kqS!H=68x&{l#
zhnKMlF40AxSb-QArw1{smLqngqmYM4s&tp?@5KYfE%X+SJ<I!Bbq)8)&R^7AN0d`a
zRGnCQ{UJ{wvW^_X;NYq8xcvNg=ob4LZFm`q>;aa8QEt+~L2RP=gG7NPYfq)8NhDn;
z`M7ydMG$@^nx~nJ+qVzndXxU6m3kBB79gR-x9*#@mRO=gCaG&(ig(}6I)8q>(xni_
zXPEO5^SZXK4!4<Ah&;8nAwtTbEOBgm-0I5jM!6li*QXoq%GAz{)6>+3r<^%+Z2}fG
zNjJOGZ-FcoQ~(w?5=ET#jcnVa?;5T&)5t8&{6L518;*jPa{>p!`w$KnN?t!gMt#*^
z9Xrl+8y(ulvPf{s{=8GQ8HE?{b2b{SJ@)KA^y8%!xGmKcuBJV{@%W#^NAIWYCvJk{
zO+7K?vxc?0OBbUHgZB8y{&9DtocIR_9b(d|`Tf~Vj`e3Dn{vxh0C6&%H0+bZ!)QwV
zkgXv7(uP`Swl1RW5w2uz8B23Fy4+s62AT~VtgPp~F|qYLGjY;jtvL4Ap9}?L?{_sU
z#}>k;3f8*yzLzx)>CMOA*8+pY#;QeRO`yw^w{D&xnX;qL-x3LzEnw<{uZLsS2HKr#
z4<z@#dCnudS+e&*>t)4@oiUSwyROso`X*HBB+w6zPyBW1H>JR#Z^q!K8Wt8t)upqD
zx@VbD^pt-RPb-BvkRk<n1y~>4<j*im2L<|*3nHk&;$4Vprt>3WAB|hMF%gyNcF|*(
z+JP5vvhqCsMi+q%jazNETbNa$dR?v*b#?J&G=`>;hFR0w!NuAsgolSq>^u`XImlWo
zU#nG1`h3`j<@`WXYkO+F*9^l&Y^u_<H2OgjQ(~K0gb#GKDZotnt@wiv9a5ajHf>k5
zW0^yxfipQR9<GoJ*!w_7!1m)nUMV5HxxH7lo}}vfs1~QKqc4^sylhYCevG2F`30W4
z3X=1--Ft}72V}FIw0`w}b@v|rT)*x6xRDXEvm!H5_AVncBQqnBtVD&Vl$4OY64@zR
zNVbZGO-o6Vq%t!~MHDi=$5XxU@%emy|G>}Vao_L9eZP5)=XG7@b)Lt09LM=%*J|*q
z>>csk%>68IgILBson)w#y30*`zR8>Uq-^6~E>%#<lOsiF>%()aT9G^LfC^gRw#;Yq
zYBw|KZJ%)l2``j~{GAwYTb0`N8D0jI>$uWFKAg{PdAM#7r6aQH$vvJFax~Qo$fzjm
zpgxe$jU6o)^jh!5@3q6rtox1rraA&%<EA5^(DGN_({#>~sj`w_S9-FOZMd3&>C34u
z0@1_YzJ0vwJq*e@Fs`|zc)Tl4z|8}-Gg_Rfr_c!K{P3CCt$&}AvNC8R4m(g`qeluW
zlxpz4<*!LOk{Mh1KfV>{vC}YObs=+gKj2ktp4JAnwx0v-?OPf`rG9=%lX}b4NY*h<
z9=m_<-h`cZWaymv`Pk4#nY`#~gfJ%_JA(2P*V40+31^?6V4{(P^A2x{b90kA<`GM<
zFVPGjOlmMk#Ay%@6%8S{U~Jo)_XtV-{Ra<*hlVf)p+a496B*+%KYlZ0N-f({KnWq=
zSKuO)EMdp>T>QiISxk9Gx!ZMPKj)GuoPd-ttYXp0b=%=EFY1*anX81`H!LFW8tsJ8
zL*k~tk+AcP0o^u}SYGa3$`{TbAS3sFQD;gk*L>(15`k8+9Yh-gFa|!*P1@`7(v0LD
zRchW&*tTA7=g!i19HJ`~EEO&-T9k2B0BghW1&mL=!JZSnHNw{jtb<^V?ZLd9yW}r;
zEq!6jtoVA<nlD9aKc}5tosBR028fhM2wo=%G)o;0P6$2BCoOFT@?rKGrPs|lXr*k4
zo9IK}HAfj`ep9@m{}qnfvHi7$y~D8_r0tbt9lgr`<LJhNp+ZGTS*ax(<D!v9gC7Ql
zee63r2x>|9&)e*7>SZTV<&H34$iaJ`ymR-#ci>D1$^ic!P(Gk>KzA;`Muw|uJFQ%9
z%OM5R0QWzg9r;48g<tin51iZS?d?B8filf(6Xr-4d?KW4WNeI`iD`P_hpSKgtC)%z
zPreYXVL{bnB*)R)TE)dtYukUYA*pGu$+Ee|+}`*qa#8V(<Q+<s*uvgYG4h2rz9^lr
za-AbLx9<saJVn-QeaG|K;G+#ecr^z`{^njLE*$p6a(JzrYSqU6dV_CsS~`}eIn_k?
zbgI<PXmH7D&}pS=mNGouz#Vj0(2<*ge$e3*_N5fvm0MW54*#K;;l^NUPCG9NZ?986
z6U58(uJJrihk*5l%PbPF@_Y;Zr3wuly5?TNx+nK`EXSfu;>ni2SE(**0G`!c`zMPc
zLpJSw!B3=O>~e43kM8^MC;re~*@y-(H+hGM;~&;9CtCF}NoUA|sXYwg)`|iUKvegS
zRq3B$ad9t*YW3^;-(>;Id;HUGh3y7yWXsy~C}C%L{6k$fCO^=!fgTg4r$2RU^3i`4
zTrqP!iDD5qD||@`UD54Xs4=2fN4Ae(hWUE~pFba4X&K`hq-SX(!InS-dY`2~tjHu2
z;{pqsi-MPUcYQDn@3~}W=*+%(^F!3e$YqKHB-@^&W7~xw;r^-9W`L1?H#-c880p)D
zuss;)=thKN9mSrblZR;cW_4+7*W_MTif55Qw~aEDzQEcv^Cp)r1^pD>{i*e(7+k|K
z65X{S6nz96<0>gQ4=5vt@fs!T))6hJ$%{8OM5p{Z?zkxk0o4E0sp>^4C+-Lox?l(D
z`VWf7{;#FrBmhS2I3MvxXnNvMbF>hr#E~e)+##IXXJTNmcU3)xd>Wt=^f&w0UIhSX
zhlq6A2E+5udX?FZo1)f#WW?2M9fy1nx?Y0(NF>vmN^)vlvR9z72fU=eOfF5Yjmx97
za<R#lE0(N7x-*9PJy{1oH+@(sr6p~Do^*_*wC+D?co=+iivoDs1{?mlB{+AlhXAS_
zlx5;qYotq9+ny-X%3X;hvhxa~@b$wEsb3=2Vho+)5jtm&znP#%Ob7vG#GX7y=|xSI
zOG{){Yp+ldyO+Q^uBv&LdQ_6%emrF}@b?iD!Qa`gj<bRIR-2j)h^S%y4y@(mrayXx
ze|EHwg!ByqmrA}m%8f^YuF4VjdQuZ{uY*zi_jmv2!>ZMH<~ZhTElO<PzfAqPqgO#O
z!6mT-BM9{T%mR}2iNK9g*XoANC1NnkHDz{MK#G}YlPwNEYyQJO|HR?;=b2asr<3*^
z>*7v=zb}fBo<g(cckk{Yw4rBhQ5HYC<J?boWYXRO5QThpAWEHI?#i)t*daG=xI%Ii
zFh58o7Q-PeATGXP0=GHb2`tMzwnJ%7lD!X~03*nVi5RrF-cdbU1!SE4TM^OaYX6&r
zL2Grii<<+gZCG0C=;+uHdc!Yo0m7jy(j+W7kdfRv`1>7ZKPW+EHgCTi^cK^c9v~^5
zw4gv^3@{)6V+Z#@$NWyq4^_9+aYC7XRaY-Teg>L3XdxS)qUME)V0f2R4Zm1tPqPA#
za7?gcrQk)1^q1jD>2g$U@8A0a5gU2|g#o|{A0!@V8M%X-2D2+sRW-E>Xp4OB264#z
z34%FpZXOJF;^rob$t8xM0+$N;ArysxSq`9vGu$WC*4hfHHBDqwEsSZ<Ah@2IdiV5{
zO^M0z#D1ttY+j+P4+{zDJZkNTB&`?TVksgN?P089M0Rm=Fra!?$-?E=FO-GfUxH#<
zZf_776VuW-Y$!Wjbp4tWdA_NWdX|T?kX5nA%-D;#O5qjl51?Z4{RHeN3d$NlHh!i%
z(Ln1<P<0@Q!lt;MkrC4Z8Zl@mVC{2Elz%4_K(UPI`)xu`7Dp9%zxO*dYA+aI;7S^L
zz9`bBZ{YwhfIybG0<rsRAT;+lU@HUY&Vp=t;?>qi5)UtK1TQ7%#MZ~(-fB2OyHP>Q
zEz84kJ9wj;%lT@QuYFAjh<$gC$H`9z;K_!nBTsjNKa3uz0xNKtadUB}agAz0RkDtP
zBLDHg3a=0K)E#6!IS(uO6rN9UHt=&JhT-1ebj}y<2r5FS7d<2}a&8)Cz>x}j^rh7X
zo}Cs6&O#`)lzhJrz;)~sRts&($nRz*CMI%|Zc}`@D8j?khgT7~MhhGo<|X<F#tPi0
z=h13P=;yS{QYV!Q?-gc4D37O3X{Gd5!F(W%stxPs=cfg2%&TXyOuP3)`rz?dW1yv&
zbFfkZcDBGY(hHPn2_*wcl)k$vH9%DJI<8(vcLSNMFRB=%&ff+Hy+K44YI+KCm<@z-
z9Kl1robYNAg`(_Tfl0qXO$Rst@sCr)ZNtv##7F!#WZi8ooW~LXc?5$@)Wx&Ff?>Sh
za5WyoK`loDcJ10Fl;eghG1o9soTNV;#2eyFnogm!>`2ka6~+HG!_3g@9GxqV?BN)p
zcj8eSJ+&)j=!HQO+!oZ<W2!Tt_7l5X<TiQ%Nh9Q#dqNqtfG1Qgnh`DZX5;)$wWb1M
zKyXKbhjS=;?qH#PMkXv0qnQP+0H^{Nle}f)`i22f>ValzgyUMiKf?#0BN;jQmIVcl
zR_<NT0j$BNa7SN>ONF=R3zE&+kH#;aj110QQ<f3uUd{(ljZUyCnpPl=N1Sq@ZYK~g
z={TWZf~((~84~(MhHOE?&Ydj_^CJ2U;48S%PMC1~fF|x$R~LFNRiL{Y901(|yLHR{
ztihIQib8Um12m7U!o2XZjsW$m>85qAZp&wJ>+<fSy~O<#XIOWS;m3;y2f{QGD7cJG
zB4Z@zwui2fc5>}#<tiomS<jSTevj<8iCxr=vx)RQtLj$78mMu0YX}EHz`>KBdl#*=
z@Z|OGY<CKVOj0G5=0Qg3jUV5?lOPXn6t2UC4o8Tnq*viy>Y+f?Bg^*8G#{U2YHBp4
zNd@l^?wDI@OA8Ow%4`vaUXstd8mB{xll{S7q?FJsRuyP3v4YTv8eiF}ZAX+cP5)-r
z?N%|#X5Ih_)?YWG_&Br{QHhQzuGY6q+0VE9Nrv8J35Z)4>7R7Zs>SAOHyQi%3E-;o
z(LhV-PGrmIXl(Ag4Jrg-QIxPrr+V5cw2TI1;=;+3riv284ueNMIN|XTE(Y4U5xZWJ
zXk|IRL+9ElwIWf1auI>mtro<TZtS2v6YIF{WywQVNv7QX7EO^i?d@CDDYuSJO^H7y
zi`~_Fm~-kcJlXf5l){GODK|7or+y+2MIZaIhS}YgbP**HwQWJWKj|_te%6~<SBL&H
zl68?jFwU5@sBzNwTttaxJ-WVt-Hn^l;0lTroFl@^0=;H~6DpQKH5?v@xPZMj@fm*g
ztnRBQ8DVxK0?W(ZzB|C;rxERRw6znrSsDoK<(YwDw!Rvj#Q`Pu=^~f4p4$JBQ5I7i
zQ#^9119QVrrGl8FIgv^B01Z3TwNzA8%~ens#6L7kL=6W>V|Na9k&pv9dKV#Yx-vo9
zYupKZrc<D^_XyB=FCik%;wZ8O6-;Sq>t&H%<AcltyY654xopL5k6>l}Lwgd;a&Rh4
zUBM4V1LOr^URWdak))X~j(Z3At6-v-v&X7$=|npu6&9G2VG0rw^Z`Swh}1xwOPxk%
z$&3b~!48F9F}EQO3=SeMuowZ^r0dN_O`<>l6-@leAT+IU+YyR4PR{i_?8$_QWB<k*
z1qB8(ZFs&k?CcaDEB{{FL>>(o7Z+!VMhD3;xg+$?5Dq(2-=jaDhkVrqC`Q*ViaPKX
zrOa$rFstH~VpNynI<DC5eLJN47z&~lz%PFL`0)hF)kF>+o@<i!YSoK2>*~-Z2Dv56
zMec>oIxbo-&(U##qhb5OT>6vlAX^WXKe}n;pj&=~-$hTW(gU2K#tG4fu;d~Sz)cq_
zaR5RM)UzdBsPitnjsPoLX~~m8MmJVzuJ3_4G*c^Z9yR60@ZS1EkC|;;q2Go_N=p-Z
zM7TRm^4G7ji<shR;*MiyQHXAe(4_KCIdn^xq6-2CAa$|Iw%`_XwFM@5@7B!X|2%t&
zb1VVJw?BN?ggY?8h7&ymiiANiz8<A$PzI13TvMwN3p;u5v>c6G^Pk!yDzf{ce7ama
zA$ugCwEM7TQ&Cdlh&=;mw64J-+`sBMLW=xeZh08aUJ7jnG)xIy>*eT_kg&UD^TPa^
zc}s1Q&Qqd+UfoV8LDJen*0TVRLM#xyd;AamTmY<X(4FO`yr{X?+q}hE01^5IK?Slv
z$-Q}c2;y5dkUapQ3QbSA{gR6ledvj^oBwRZ(wXZXH!6aKH6zT1MA*n$$3PiQ#L!iP
zpx-D>aQ&P@%sMwa4k)++;$wmoF#Zj+oRB74K!{A246}SS6)VUtai2-LYg=#?z>0}e
zoCp(gso9wsX0tcF`+$x8o}CCLi#U~}?p%W~l1tV|V>*a{Ea(j!q)-c4VCVzT@Hgb!
zE{3V^nVIh7%vNYv1jXk7oXgzVYC6Dz9FN8)P%<y+$G1S&ri)v-)2;4>iJ>9ukLCSr
z&9!#Qw<n|=x#`x}|0tb=olCm&c1Yncg}WgAVG}=q+w}4EEoY?|`}W<HN$&-8hXjK4
zQy=>JN^(A5y3Bb;3kE*sdgh3dkf`bDYin3wP-ftbZ7jPmUi4UxSYGa1!E?zYJ8tle
z_s)X>827+@JK<w9TKEvT*UJXsFFaI~nGM-ZLPTyPIPs>8mph$ulcRk4J6eEc)JHhr
zgzS4Lw16virxC4s@FM0@hlzLIh><}3u_|vuBzHYGJrMb#?`bEdAOdZF<-JK%xF;~O
zODM+4jc2{wlRbqo5u=Qz)b04U{OP?9sWUH+oZXB{U_H}5<3m9gBWWCw)QaqfagZLb
zV0=afU0Ey5-7^~_FaIVuH!UqfTek41`XOy<4oP&r0nE@z5)rH62qq;>A)TH5qN1Si
z6AgKw+g{#vp=<*r<&xbhg)~A7><tClXWQ?%UF3P{bhW>f;%{L;-t33kM=B&XsR@iK
zkHwZM8;{(mAmg}gl<6-o61CKKKF!_i8GE?73B={mQT(>j=6@AG0UO!e$p8CBYpiW)
zlvXGdA+NN#(k68&d@afEm^l9II$4J`IkD3J7cycqK-9OfYrm}Har_VbAv@S7tnBbd
zuY8hDE;ocQA0r5<Yh~Y`K<vPn?J@B0Uz1&{HI+En;v$Kvn|MV~8TMzT8MY9$6figr
zs^&ww>j2FVPNO1Yhn+auDznb7N%=NDT71>(?J@klSM1KQAT1>hyTAOqG$n5*z;bnL
zhdA0ap$2>Q;)RLb_maRJ(w(;_SlYie)WkXmf5y+vhu_oIF$f$wg?s&<_BEsuJ{A^<
zfBqP_-614>|53uXePiU|xwR6+K}B}!F*2!c_77cdU!)v^4kx0_9XK#Fz_H09k@OF#
z8n>+FK2U>GHy9+>*9U-0P&aU-`7gjctvv8%ps&qLS{4d#=hH64D?FnVRy+KK=a^g}
zZewad5mtaAXrEY^nwo+RT=(e6?tNz!x2}OrKN`y_92&_=J-8Wu{0W8az-z#=4fj&w
zsN=GTJ&$IaoLu*tH;UV~ZR6+Hu#=Rb%VkLvOcaJ47RJ{nN)q4|QnKfKnpcDD$?GHW
z5i!L2jlw0;Qlh)k@nVfTM7Oq(&JR-cEH2{m(`i<KTHuHJ4jasVSnz+__T-!un;TiZ
z;a{|87q@fxz|Ntg>6!0poT~uM!~-kM2DlDwjjf}4)>}P}_F!VMP>a)HZ2_!&QuA(`
z{vSpDKWJ2qDy^Ke?!TWfdJTV=&c{rdnx#(1b`W3#e&JauP%Gwtpz<opB*#?4c954C
zoA@_RIFg>$Tvdu^sX9DVGoU)_+UE6ldpZ+hinh&A2u?Y1DTm>2H2zgMCpdE4!{c@(
z)J+R)fAA&9oY4QK`(aO<#~ggAm(=xrfsSGq{~O-2d**&Ih{G++Tg8`=KbMvO*h(er
z)>cGCrT@i?Z^-kPPS}M>U#YIHM&$@!S5B90qN4hCA7<fha56xUxYpKo6uxiiULHE=
zVC0zD*w{EY=6_Dv)=*2)Ia5NYg*;ZVJsVAy(kTLm`3qn^vn&P~QR6j6oL|h$<b5aG
zY)!5t_atS|n%;Tz8lL^9dL$c5EP#2GING?n=?H2+vFG2q;=s5ArAD`!*z@>p=#A)_
z3*qqmb)2|kVXR4<tPbKA0T}qgWrX-eNH}g(IRAZ4C?xs04cq8AWkwJ<ClxXsIcVe4
z)1&qlNcdU>5~$|C03Q$^_bSc<bY@MI@oB6Q#>bLc9R=KDtdydpR9APZrU6xHPg}XV
z?fv_*hChQS(#@QJE1<-2b~iPn#2y0VB-UB?MERGZObq0~Ks4R6R#I<TP-*Q8F8<Th
zQ6Myk4ymgr=;VHwSZ7r!<9LX#{b@z4IxUu{St^ER?O`Ae9m0A82+E30I<vNEH~v|9
z|8n(Uz&0)I?c2@a(>o7{(#7Dk1Hg6EduBH#2a&RZR{<)(IXc>E3193cv!=ggHSsj?
z=a@fUee8{K+Fp3tBdroOmx)K+ez5k0&b8tJ+|+dkx27c|K$Jt|&X#^C^j4OBm{{gW
z5FDRO<7??t6&30Ttj$X)Se2b-|5ihntMA!=FbjYU4=Zb)v1Q=!x4xR2JLlfv{uzA~
zKMW#6@hLX9?T*%2;s-x)3jfAKC90W!#eVCod^(DqKw&^wgM~SqI$QBK6R(iRg5U(g
zHdUnQZi6q~MX!(ya4CA;M+>mx8VCcZQkk!65~V9T6M|}eXwKnA1Yu7Non?qM&4-YT
z5&6v2)O#eefJ-3WcVb5s0T=_xI-ONRy5R1ZLSQJUaJ96w;$eyYNXF#}2GnyL>)MT6
z^evjuKrUi<cda0a(Tj|V;=;IXV9Bu3XJcY|nWxV}eF{vz({MIe<&C9Vw^K^09D&!m
zVSlu4H!#qKX$+I!SUZY{mKfn2+@lCdB>Lv)I2}211PQetQYPzNTegI*JbTUo=f#vW
zP$yt_5ZL#c#<+Ep1)H0wRuBYr@*y)Q$jZBbBJC9kjf*n@62W&D!l4sBK1limm<fuH
zD>2g#ReS4cpubd>Q_u&ZtaW&S38&u==V57RZRk=S0IfoTJy6ML>U$Ohp{!bziWvl7
zOV8LCo}po9wbCn;&m#-`3YA{#9h_wd7$ILh3D=TG(it4boI<fwiQ=|wPoig$)EQ+c
zF-0n+;1}pQW!8NJ#ewPPrCd#c<koD1O7-S${ze3vutZE$-IFk^)!*Mw&{pBC&#^<n
z*eTYfUo!)<7k~yTd2`>+V;sll2Tyx&`;#eGTR_g-O^s3pN|fnlIkvDHXm0F;MM@Bb
z%@flspg@?b;befKV+>6!G}1Bv(-FebAy`3;L;3lbOnkE$tzH%oy@?laGlEQ-oECZm
ze~{_70KDnJ(75M|=s)2lba(F-m`0&++0IYq7TsW>-93e~;(-BLHTeNyUJY}hw<Rz`
zQW>5K$d%=`7;uJpIozoJf|g&EtBDxEPzUIf5~-hJ0*B0@MSO?5oPnz5i$JTq1YrcL
zN%jD6*%FtO?_wg((hojO+)5h>R%~>;cBT3rPMTSKo^rZlXeJUnH=e8!BL{B$Vjp-2
zZ)Rvcg@0LUl5KFz-vxxs?vAIO7~}`r_IY*}z620+DU=Xby?_4z82KOarl@~0tJ`^u
zzSxVU;zn)i+kK059H26!PHfxNmr<4V-t~5dAU3a)W^WilX~UuV0N6mR8_daY@t(#F
z!DVIN@Myi*rvU~Uv=~=t^s21u+g|`wX=r<lBZhk*U*ZgNwD=dwPAiwHdhRp|i6l|P
zkQ{1fefpn-RSt+R2M!#-gJb34*`N{P-*y2lY>h7AP8<a<7k#!<Oe!0Q`4ktH{cNDI
zX*|6MSZ#DPX=Q!2&@M`hTdn86t3=10I%`5WmHWcl8tOCA$M<CIvw%%hLcCXD4D6%g
z9<qc%i6Lx;#CeDh-ErB4D;43$Kv=*;wc5@b5OLh)B%-7=IySh9ni|JL02EWv%3<aQ
zxQ7dlL9=6kE#dYBCEhYhha_=Z0!m8+N;ZcliK)F~Pg6|B=fL9x;pdcjLMwZ^8g3)8
z<~T5jbw3|~;RMP$MsFJ70>=O##OeZj%OU7^hpxB&iE>>4SvmvjMttExXAO<?cy|%Y
z7KP&<xPOsX)1?X9?^{0$VA#t7nLd+f%RYF#EP;(WD5064!?}yqlmELb4s46pV-#<%
ze(KQ8f-VE^U+;R2?T1bhX9bs-!P>>|BQeNG|HrTbA-b}Uo<phugBAhJqD=KUbB5jf
z1tJ%s8*9lOtf#3Kmk&EL^AJW2l+kTgxeMC>0P^uNtmCLcVN#n7gr%3F!zpMr`;$js
zwT2%){{-m|kO(V`A#JEoe&h|b!HtF%I*<}#c(s^Gy4?D3Vqgk<gNCAo8XX-S0sO0}
zsdakliC>z+Qn>e3i&C5eB*ca7L8(wi(+8RWEcc7?tQn^Xi}G{l;y9!)S~b{#enNGD
zw4V-pzAG*(Bb5A8?6rbSkDZ&G)_5MYJwIWzgF0BZZBvVs0#yz7q_l<S<oTk1cV#LZ
zpqZl}G;>XSY~zwkU=0(HKB^&XmZS*;Yv}4*0h?j?EkCnaEdrz;Bq~F-@>Yyb$(YB{
zp95!%!sz0Re>m`;w-wG*3d}4lg3RXT=KKY{JQ?#~swC=tQ_Y@G7FtlMAX5+#&=Puk
zz<XpiV;<eMUNLty35iRT6hl%if+xwwBIc4<!bnO4hjv2Z;f1-DHeo3QDd6g?_JP26
zBpIxy`JdB@;$3gJa6d!q!Y$QV!S%9P&~4wdijQ%<dEZ)ITFS}EDLfYH=>81J4p4J0
zMn)<0b-J%isuXkn$wwT9oZCKB_y#`#`N~4N)9`0Y8<~eOwJx|NkO#CfNgIBGm+>^(
zIed!6RYeL!oF#~7(mh!Op~e!appfnQ>V;RmTVQ+g`*)S9?EY{}JizuZKDn)VT=!o&
z>t0%9r_LTYTgdAlsssN&*fJ%R)`UDUDd?af#%uu6=-!d!IP3hUJA*?<w9?2t=$gr<
z#>QM9d`Q6eqB`%0n+6@Hyf^jl<gqrZqbc^?MPY#Hoq@8cs;D3|l&y%Fi^7vtB6;U)
zE50jq@aMT^UeoxmRzmYy=7w*oMCteFGXK!15*wm}GUl?RDtQa6^Mln22*KHRPV~vM
zv5sTmV2}-GA;V>j!&hp_#M8{q|7Y_2Cts6xCqavPVL8_778El_xODX|jH#?FAv8_A
zK$9&sm1DZ=obP$e?Oq9(8Cl<T#4l}RWCR`L;Q*WPhD__A58OhJU(_aD2_N{3&6P6>
z--Qx=bFFO)Kxyz1ww!Ibc%qBLoxo*!vr^Zu0HW=^*yXLC6@OuRNT))Oh-%hpA3}v1
zqz4jPU(#HzgwhU7ufY<uA)+@R2yui*b##dv+1PN=Yc0$OmIPO6EdnEIEsHu1cxSz<
zkd+|Xz)%^+Wio{e9rWJz_|+!|$=;$=jfe|dT)0)%%XN86A!IR5BrF|scA3`Pvfc6S
z{8~N&R^7?S1vr%Dcgh#)(OUU`YLTLQ!fud;s!|JuVg2np`Rc>2-X~7vq&>nFV^w+R
zF~)e@y>}0BKtCarc{_a8DnMSQpkXaM_+SwO*&(0(IyFTgh0+*erV|Z5JxFgclF!p*
zbr;7H$4r}nBE#>Q@+qLEFlr}u&|%fQht}OvCqQ$YT|lG_?9f@jY)xY~hNFH1A`gdv
zJ4avB1eDs|0kO;<nMwSR3124=x28tmxSOd6c2D0Y^oB6(!@!jlRu_>tJnfmFP_?EP
z|2jpe6O^Qu_>>wU%O$$6N^jvLGoTyTVt?=S22bQymgl41n_Zs8nf&gGOQD?Wp%PS&
z5Ku9R0;nv(T#HG41^Ugd;lquq2>Npn{hZ=H1kq!83OvX%UZSBi?em4Ke%o!6&jWD#
z^R$CmDa1SQ^rhUzo{xse)eC#i6BBe2-8SHwigu9MRJco_9$jTtqI#HLT(ps#jCV}M
zX@SU<=&hr3+|19dz~Xkd56QgaO$0;4C~)_36z4I#yrH>y7@JI}bGG;?n0CIK4<v8i
zjL4dUt01A|{dZ@-!!fbVRoU0Q?1j3vOJ!FHz3NqZ7Pt90fbg3Kx2+Rwc?g?Xp@kw@
z?o+rU6T~_JvgVD|Ae(?}gP&cOCMNB$b-4O)gBOi8A<hLm4r~;L#!wNMUGh&OzcT%f
zwQXr@>q`8t*YYsy{;YT-8gu-))iLC4G*0SUyF^We<mGGZ>n~uZBHL+8bE-;M8ZvP|
z4>@YW`FDZ$=##RBQ(C@hF_fcwDE{F@6z}bT)s@+1C!P#t)q0Sl9A6!$-2<6Mwa~{O
zvv^CW-x9dJF5di!$gwCeo9?&1B*-y{=#WQx1|3E_f5TBqB=}+5{K6bd8X-^^-2JEU
zd=DUN6ZI*u-5riVBP-Q6KJJ!>vUF1y_i`vCQOi*93w5F=mh<hl=lk@{Qsfr<VK~&*
zgq5YD<M{6KV|8l}%Bwb%<_r^`(99wyBP;KOUI`gq*H1XSm5)LkJgvj*Hl3bF^z_c)
zkz$h<XmjsH4O4$!tLZR67?EXJN-nN+B<B!V;1*4OehJk|7xE-8-q1~yN~JP%T9F2X
zjf?tI)9*N2kqsOBH>n389MA@p?#+h}TB|qB&;vcM0|`e+x!D!ThfFdCa2KJI*7{lR
zUG)*c3x_%}Mal1UX$<7v1AT)lRQ2L2*Nwk}{Qd-1nO~(_&WK0j4&VSr1^pJ-Z}0~A
z4vtBhJ!c!&ec;5Pv|_jYDa79|9r@zU*9oK1sMy%hJoFyo$&T`;pmlaUdjJ`^>3X^T
zOV?@kRMPeoThh`Z>Cb@cLrTYLW_MTf%SVs&`tIJivDG6R(6*l0*NdC`nYRU@Ms>j{
z%L|~9J9O;}aY^d{70W*rOpOed`b~(3vqtSbJldgG$eW0!(R?8?7MQy|zO!!Uwrw<u
z98NX!^S<0uAlfEk@Oqebp~5nBC2wLVxWc8qhqTf5iQPCJUvEui6pZw;O`=?|f7?J*
zBBWYpFQIA2^07t?_>RsWC<(>9A?)|KI5-~BcSt2u*i<11V>p0Md=>p^{!Z2=Qu6Ka
zbRtsnQINbqmw&BCCr+m7*c5`oFS3lN6CgH8;67rC2#NV@ggLD)<FV|f3A6RHC@n>_
zp*aCs4u{Oql;e8nl$pBXBN9`lvBHfB*#oABDr5*`AN%{|2`mRNlhz3RAzLzkFc#dc
zTI68k)b;i)=dP?BWbYvX$%x0-`r4UIu3Em;>kSh(x7f0I7PQR+U%y@o&AhO91Wu4n
zE;o@$!OZO?1(2MpP?O}w{`&C)jNZNU4gg#@M0Al31|3F|E$e(ybVkzSMd{9jl2f=v
z^^J}3&E(hlfmMd8mQlk(8-cb*p!2)gzI|_yS~@PEinnfCt$q$h7OH>?zo!%zS=4OM
zk)L^koDG3Ua|ea|`dM(&%DFdfvV}I6hR=#-mS|Y}cV9_ZV!e%a>nt@VnH^Fzly}X2
z6|W%ObQ}az9GeS<K9NFHUht)++@5vX=j6%U_G&O)z>v8!87lgb*{u_NE9@yu3TLXf
zL_cXlW@4io_nJEg-6mpwSnD|v3O{5QcNtlK-N$68wcR4LKMPW6VC0+n`Kyn<j%qsm
z^V`QvTvuF|BDX`s*Ewq*U`>Nm<3Ct#lLA1-FtEU*;g8W2b^c?ok+258(dC<TmD%d(
zzBR4l;t+nkjc#k$WsMmKX)$aaVpAxi_Ly;|^2SaII)r;^=V!x0zcHKt;df`6LdMJL
zU<9+jdkizh3+qm3<f{iGa1+<XXCfcY-LKC!j%>B@DvEZ4T)IZoJp4TiE^TqVCgfiL
z@sGiR_#Gv88@5nuawJd+bQC{DeRDd7gOs~4GfRUGUp}bfVZ1bF$j}VUKb4Q>OxXzb
zM+^KEqKl0AI?=#y*{`*TVoP9i<q`_AdFru?9tcWS?kz)fPC<vog8mnskI0oax?L$0
z_U*ZJl<X6o-Y(LrJnBK;)s+X2MPuu0%E~+!ZbpW=s^Zb#8cdVWrlz`Z=*o}e3!k~`
z{h+nJlpIQtUO~NPG4bQ3h43B#i-1f^0h#J}WXfwPRf@q}FkE{hxraT_lS@D?*Eoyv
zg+OrS0S@<YYp1$I#>M@bp7#D?)(!JDa|)kcrZ55r9A|TDYb^I(bHs`u#0ecr%zuyh
z9~L9e;~^;dVx&RqhJ24;s^T9&jj50#d+Xu<{V(v|F3j-@)20;QcE<*$rg*rxij7_5
zus5vNp-)BhL|{{EI8(p+yB_CgJslk?@@K>rX@(OkLMW!Y`~LV8TUS2OXaKGl9_Vc{
zvChLX5qJRW@Bkv?IM20nZ8*Ays(wWK8#C&D0;=<wYL$w)kdTmoL4yP)Dpm;pJ}~X*
z2g{WZmWO!yh&pCvsn+_!;;g7Rdcf=D$B=AJm;~CeW)|e-p<FeC&ZfP!HS%nh_sNZ@
zXg--;SY1(l@RIRklgt*G1kV4(%Y&;5DkCk`($Z><FzKs6VTQlX+OICA{K*B!G(y;1
zktQHL%NoV8gVRlNvbVk5sc};=P&tagkw;5Z1ou2}H~xM-!i63zraej9k_2_>sVm@V
z#xA;-7)_Y4RH}gpdj946_t!pfUqE-%?=|nkP?tU?!8HEPzs-T^)JMpaQ92bK6AN<`
zYk`&uRL`3dzI|)$9B~~(!<egA-vNOdXhdo)3EyN@sj&I5&`^FvlPE+{ohK+`kv@L7
zbKG8^Z4{p`@{QjW3=c!G@hArKF~U1mP%c`x9R-Yre%U<rWXXB{9a>0?*&1OOWs}7z
z?7XzR442++dA4RLwxQ|acDUYJva1|xBJ<Edj_!jR3m3cs6d=G9aL4a4Gz^)6odC^~
z&m$v=fQOD<SM%qZDEFW~1w^xzZSBOJ^7aPin3IUw8=L|0MOqL>LJnS0k3KF<hP_3U
zJID|H|3SOCqJee?&4m5|yPdOcH3I&CiLpF**vOqd-&W=$bpmw&*JYb7&^>Xhl2mJ1
z1qC+B3{)@&vj*QnUkgMrhZPJYFwNL#PJjE*LAEUZ@7+!)y*NI1b&z<<fOF5GKmujj
zQs4Ds!Lu-^mP67BXAfjX(80MN2}DAE8vxz;Q@}X^!bAnVfte9dfV=hvk_7YvOaSql
zaP-&<aVOASF)KdntoqQwA$+}mNH6<}43jkp(u>!X#{?cvYJLB{E8Q>Md>DNxB0nRD
z5W5hM2S!F<DzQQAMt=V5B6C;Nc-W|qA3ui3lm{Gmp?39~>(VKiFts%sG!M9Y0%P$$
zeY(JF3`-IVsw2i~QY_v~eHFC!=Km(M0^@?bz&dL~xYs<4KlOV!G_ZmJ3#05dVcdkI
z`#dW&Y)B<xay#-OlXoBIZKKcUEwiAg{z#ZL$|NIv?}Jtgz7prX`>Kz4d9#g|U8I{p
z7w~ye-@t!zHrHxs06CvbobLb(lkSXtNq_%s@0D}X>*aokU*-qao%_6qE|>Qoo@}b#
z-}02`MBG~-yOx?d{_Wc;IyH0ar3?=TmH-B2=jAP1`y<36#5gr<8mt|gn=}5yxYpT0
zGIMC>qmV~YNIOl(%sSS(BsJ=?MDyVDD2^f)E201RCJg?%Rvx48F4h_5oYjZ|WRTDt
z!XrsVOXZ3v-!T7gewL=|@%*pPTF9zITz*M0#!RKVFQt@?+a&APm$&8s?UDJ;QB5da
zSenOS>@F$@JeUYY0WG?gD9=If3-XJ7HVlg*1g^a|Y^XBS9vDp7BDVE{U4p;|1qg2#
zh0VURcN_u)=?+6BxyJl&`-G*zpj5)l=l>J;31=bXs<oK7_}fRe4KtM+E*F)Eb%NES
zvb}zLFQq&5KnMw-o+6RKPR0Hq-Yz(X2AIb48r8p@v1gQ%akU0Mgt4TJmsAi;_amdD
zpJJ~Q?ARcd2}1OSlmyBD3b>YMXUEOp%~MrHu-YJcUL9<vS`x*GRrD`-c#NI`b-fOO
zG`=w+kdf#F1(zrmA<Kj)>Wx(W7ZX=lBN1ZTKY%^>b7lFQ{%xpMm#(OVwhR}#EkIQX
z9V{_=xhoi1+qbbX*kz9c#WsIJT=z7HZ16Gxh)e&IHfXbgd+Oco4MC`e2}94bun@=>
z!8HLoD6{btti1$?NoaWW9|#=y5hWb<dS`H7+<<cr92FK_z8@hRKHxWa;SK@_;h;Bm
z7jB13*Y!YR<WXB*?YsA*aNF~H3<IhjuL@M{oVyC9g|-@9k=rrB`?$!ir07U`!BhRK
zc|TKy^@fhk#*&6;=jzMFw~lrQMA8m$opF-$4vL7pn|+Zsf`;tLHa<S;e#dyb4d2du
z3iAF+{_KG)-=hZ~UrhUkjXi&MZQ(uV*E5H&bGGbQ0mqr(*{u?zd*098X};*lEhfum
zS<QD6H>HA#3U_pNoI>xMNnp=h0WDR0y92MAOeJ^L<L2Jqn(~8=q&wy0W{(H_wzaf;
zZE|7e3O4CW>%DtVe0%Uq4Wm84m%_~C7FgZKbRVPZq`n)`^yre)5-?2e{fy+eyzef2
zx;l3B!uMcaG27dQ6B6o@`zuG1Z9SQ8*u;y?Ig%ckQLJC+_z2M);vK^#1-e@Emn)MT
z7u968B&fE<#l&b2yJq?;9C~zlV8B7_-LHqg9>5xgIhOkCu9fLH%ztQVYLW`{ifaqs
z>_@%B@)@tBV{9GeI0RTrGb#1j%&j}&<Y6&cQVAG?cX?d*IP6|g=v7=QjLDfJX*}wr
z7V-N`zjr&DEH6{jqwJOKf5T`mHZd;kqgV3=UrAB*8+mySp1!)zsPcEOSXEQqb<$jS
zjLzA|OAoUUV!-0^|7`m)>e3~vYS;0V*&DlBNt>0w-9P#H)}5$a>XzAW=f{+hBA)-z
zp%_c6QaE=q@N0)rh_?3TNYcJ{`zKi@=ox4`fAybyf#Owa;M=#dGOh$p<{KOm;^Gf}
zf4!$;)pO5lmNjeF;&?9FlaXxzf7KR7t{9vl<sx0a_i?#YNi{|h0;!9s+UiPedn5H?
z^&d{h9!IZ)tXV@tBTi+8`ta{w=eS5|CRI>kM8c+veU(ETgpR+A$XjV)F%fxB;U-;z
zNukf4b$_JZeEz$J&=F}d2l^o^J&-QuGFO*e>G-z5F4SBOvhne&AD0eWStV0<4w*1E
zUpw<bbmd}t1#LUhUF~(@gxmFH^$F&zIhGfCAFxa^lx=R>g2jtfnahSR$!2kObaLCv
zd9uW(zC8$t;bDruapEk$CVl6ZCXG)jqU!DK?Sd@uxp1CGK%lM}y0o(-SI?a}g_NsE
zQ9!^6)uCP?CdB^6$}{BOBZ(aZG*Lf46wMJpK$*`fJOQNbf_l$?=X>8_*hzV6D<`v<
zZGL(=K0b&S9s<&eBhJ!Xnj`+d-iLc%j+~=-RZG{YSK%wTZ1k<}vxLyx^P<=Fm!iGI
z=8{WGO0+-0ETPlZ^WM~Lz#L5YQoW0|d;GJ!^Md4C6I8x8kXwu9?+NTV*LweZ6YWr3
z#o*ncGxfi(S!?DUjX^aRL$cg$ZZc6dM|YdNdJA2r_HKO5WGVG4^4D3j2zq(h4wkK_
zGS7bEL{4$mU6D+#fJ?!hqfLL$o~u|-{XmqjKg93!UzCooiuEtsD6T?W#ZS}?FDmMk
zE<<E0DNvAV>*iLd#-&+qT@Ltam~NvY88II2c-@3>^SRxF<2fgf%Bu$~f3{aV?4t8q
zxj9t@(yrs)yVRpEZAU}6tqy~*dpk({$F7|bIJt?PnTn3C^Fg~>r}otS$jf3wRzrhg
zc3nQ<?d#kQ8HJdIJg+t`d+@W52nYA&zz37ga@(53)YtXumGn|G?~3VcXCa<jR=1$=
zOeu9IY!A;Q_Sli4+&a#jrBn8qiub&fh=^WH*;RDnun0GPMZpuHgagp?kYJq3#c5Ok
z6P*t9IkMF`a~Tq%qKzb)w;$3W=rgJY2dw`72-GdQ4M%Q*l<OEjS@n1zf74ATU-S3m
z3@YCnsdys>0R-n-am>FiyO96!c`EE8Y8|Kg*LR8(ec*IPHsnb;zV*7V=4>)si>8eF
zrn!X`;}KPktjCW=L#aKtY<~X1NJm&jn2=&})b{xPR1_2>XOh~nqc$tc0dAL%JoIu1
z<q_f8VrO^Dji32u{mC(7I%0S$L%=-wZVp9H?wlLcoy0Yy`l~<q{(RRSNn$JN)fq65
z+PpO0H{1^Fbexutb>l|<b%Z!0bz#%-`$0!A10!4{hI2D+tLo}m0IiweD!0W%L^Mb@
zz+X=~&@d+c<y};xSC2pBtVPsby8X_R#V(crlm>yV-k<BS)w}5z_;C1=a`}>g7SZw`
zWv7J$_P1PA#8dlH^gj=KzcNxJ#4&;nq#yi$*~xkKRj)q@4YC~uyFK{zA-cwD=W&5A
zTv=v!u)yy)cAK_oI%#qjIt+SqAQUPN1bcB30^IP^+<I9uk3Pn!EfzMBOg-ybdHy+8
zdpBL@p^+1^m+e25Sui+H(7xu`%#syP-CD&H!)Vxgb`%Ceh{^Nw^XsUn1goO<A?FG1
zzYS_CovVurMz=bzYw1AiB&zxhTInI0asuW8Gg0@x`YrAW$vi)^zUwwea>Uj~M>WJW
zq##kJmHF7L??(ykL|2Dt8KzfZ>tdv(FJ6!;hliVxaoz&>nHJTFDJg=*PI5vMVE%EK
znB{sS<u`Dp@?47G%(07c2=QszgCvb`G5v5C{ZSMr&fBIRG3B2e)Om5Dbz!|9(r^x0
zSy`555w0+3x<j<6r)PIgNS}6U-8fY%P?*HgHn@RaMamJH@%aO$q|0f6n{zYC<?eYg
z)>JXb?QjnKc{=%_>H9%xQojb(-(RXw+g`SfT->hy*_VZ%DZb@IpfJO$F@FKhtaD&T
z_y;Tv^P+=mV`|D*zq>n{#N&8?YoM?|!rl9fjU+}rQtH1xAd3TtbUiauvR*x}0-<!!
z`AbAhZ)mVsJn_DlcTl?J9J__j@LQdw=7+FmrQQbvjx5!f2Yc#-IkF;4<=>Ikz4&!T
z;2U0Ww}hm&*Y;_zpPt)f@IO!8dQ0Ew|FE9rECZ#R%!yjgyS{0Z_taK3VHLZPK}R^}
z80l~JpE76LPsZghU$axf+ft>+h*7zn9{et~_BF@G+V6dgD7}V~1%UqFUsPmbW||AZ
zZ8vu|^AW18ww9Jh9~ZQ{b<t9VZNw<g3)P=L&rrGv2t+=mWx^AYNrA>54iQ#X!U0n(
zW@U~qXz1vkJ$-uR%>84Lr0Iot>qi2VZk6s>O*G4&b!z+5{<eV6DzfoWyRUu7U<3p|
zXzL|EvR!}A%a`L^%Bc=JfTbuOkr4xis;#X(LBl5yUCs-?FmP$Kb#<Lr6VB|ov%l}-
z!n^B_B1qF?4jhcQe200(U`{I8b6celiftL06Tl;0FqwUG*cBBOHR=B%_ShXfER}yh
zEaeN?%x4+S{Z{_Z4e;}!X{4J}Wp(`z>C@WUsukQ>Z$q1#ttVOZwS&{~AW73B3b$e<
zq|{lM&dOu?PM;p+iyk2{($+p0>Yo+acb0{Jf6J|w=KXbfd;a{%n@y21f5X<<?SpFv
zu0TM5t6Oa9+meULp%!9k70DM|);>P*_NG;L>Z@p}%#?qtUy*%EnywP_K+-~hE9T48
zHw5|!J)GkyvAIa09E}bf=k{JErnwfx#2xDRBc^yo2P}#cJAEZqantDNC<JR1l$2_^
zT+pxKP`ksLu%g0DBKe&4-pHwhQtJv$$=v3_yE%|tz8d@D5sOm<Z+{HHxV-)K8SI(D
zYl=(>I{gMJ8K?BwKemH{3$Ywt0_#F^gwaYyMg~wt*b@kPm6M)rOs=-g$piRSW6_2G
z2CF*8MQ$hHY5ahJ>Fr%{piDx{XOK@okXVSb{1<H_!>@R5!vIS=V8HwLr!9%Exo;qI
z%26}6l&t|M+u3QFT)j0XPeS$-22mb6c2h;#hwz}p`;HX*I8F#_9y~52;}j??m~u5}
zNd`WK9K-BK;Xn<Oirnk9@X=y`P2ADfhS_=WyK>U+;Ma0)mYsMS5AS*o4r?<reiQxY
zhDSwuX^GsX`?*@@NDNK@XT2$02trPY1Z=%hh3$`0V*xJ$?6^Gdt2IhM@F_-Td^9;B
zG#@!qsO;n8b7Fx`jKYoQxPXvAf;D~Th+~Yu!1D6)j~_oqB@dnW<fVimjOS{O7Fh39
zba8Ppx~{Tc!hUP=OCu3yQ`5@_)X2~IXK`jlMhLBKuyafhO;1i9T~JP|^Zi;oHqtj2
zxW&iZ(sJX`Eh%NMQl*`}`UOn1>@2LTa;#1)d>Q($*y1ZSqPakuRyTYh@UZ@S*S(g>
zFa3pGs-v(+V-U{v3miw5v$@SzKSjFL=&LJha<{**CA=OI+6y*gw)2xw+447`!4Z9&
zS&!3j(uwt-E)XbCRZP=XUB72i?MgAIEBiNJ^>bL^qd$kRVWvzjx8vmBIP`g&Itt&#
z4IRkdW2eCHt1Z3m;>bKFM1HUfmR)9hMI<HPypxVOx@kAJudpT0cM>~G%ls5?P;S~%
zz7PA%h1)Gk5&Jow35Otll%zv~d-JC{nobks)8KtWR)vihGli!(F)<Mu8VVAK%xwnN
zD}`G*zb6p-NQ9dsT*Ff_^x?#48uB>RpS`aus1o%pV_ycSTUb~S&Gy7;e7v?4<LfGs
zt+WgbAIlwsEBv!kS5-C7k){)oP@f~~!F!+AR9vJxB_&Ph5cS``cp=Hp?+CL()Q#8R
z_JmhJmt+MDGu(^&tgLpL^pzRrTtC#XCyHdbmEAtVF{GZz>EJRLu<+C#vFN(rWDzdU
z4?b_~ko9IDyMj<UW9!s$;yK6&s1w!0VjTDe_z4(I+6P)q%q=<4+#&n^9I*0(x7!On
zim(aFKz+`4Q$K?a|GjkhsoZ89$TyoaX6eRqjSde7JB0Hx8Nmd7zqPdpncNHYcY!3a
zcViO3AYk7G$=<i@@XZGL`ou6UvT7N<=jsf;oJ?8AAIw?t8u|I{EDl#u_3T&Dd1rw9
z#BVtxNI^8$1Bvkz&Ip^d`nh=0IMFuQPDXBS6{nVnnVA!mZtr4TvmAlO*Uz^~o;Y!W
zBTGE~xjLT7%7jUPAC%x5<4`@28y#x7O8uDm>~=?XdWMq^d<K0{o`M2`<9r(2GuP{9
z52LwJ_HeP7x>K(Us@6RQ2FzQ{sV@KKbRnLqDs09?jCSv)9Kw45i(Wpis!rHI>h+?6
zRWDB7`qiFzlI^|x>Y&Ii=fnV$L2uk1cpk0f{mYmUKqg0{gs;}^1v{ddmgSoayw2?(
zfBwmeW;8?YCw<>n99~=MDWL7Pa-a&mA1p@ny_(C{<9~K_bxEB^rwJBjH!?5ST(1nk
zd3YR{Lip|E<OOmaK72R_msUkd30<p2^`(~)-LQ8Epjz6kdZn0t-du^BKKx)C(M`Il
z?QCYo6jqU)lWJ*c+3Oa6D>yiKH1hX8UNs!MKNrT~fgu;JFQqq0rs#z>hG^E-ti4&5
zh$twaPmGqI=M|H0&U&Ail;ndn4FA?Hnm8v|A#$VV#Lms4?R-OyBjHE{fY+qEl+_}>
z6W7{u!->Gd#KX6n3)(D(-5RpRCsW^Y|L$LDi52fXdENfG-|0FJwj4ApDk?49{`Dz6
z$()YvM%|?T$&%Z%r~Dfm(`j30XqTH*ayi~^FUnDxq-A*O@xb)V*F#1wX~Zw(kZif7
zy2~NJ;zeHZ>8FL=Nr!tZSfAXwZE0U9X&k@lUZJGQ-T(!C&nZa+rr3XSg&pcwsH)h_
zFS}ed&mFPSIbvYfl`M73<J)#|-H$2uvae5^I%uR5-#=;S|0<D!{p9c{`{gtPWBCHz
zr?>o{EXO#N<;h!)iic;cq}Fz(Rus(**ruHRU9&me(%dDx%;QyL+~w?1D_82y*c)n|
zJ8KOtXejSKYJ6St&QJL(#eLfa<qmrmODgfn_gJy!1f~qF-jSEi8>|l9#bj@LJ^Yrj
z=M)*~V%K$&TFY0boLXztw54$>@VvX9V^0g9EGbQ~Q#x8L)|F9dy5w8o5b!kq%+)Kq
z#^<HaoN;d3E#045!>M04ow!(XV4ZyR9pO-cqkKbhytX0zJyDOw3-O7VD{M35-JdO0
zi+aclIQz%@^)ckuaHqdYeR%L$IscEUQqsE8d0*S6?x)K3Eqh-lAGUk;@lERO(k(~W
zP9(4~zCNQ{xsTh@CqGSZ(mF4lb}TRL?#PAR6=r)I$a0mOI2!MaeqYTl)_Wc0H*)!P
zPKx4j2CM9ad1f8&EY?E0qrI1T&Pe}`E*Rbu|JsHn*z9pw$t@464<*}o78oaFcAh$)
z#>IWIJ6y{-AzACBne{V`mkIW7NN%-tv<z%lzOJMH`GxS{{JP<4?h90ztOqx?8_$a!
zefoUhflWelMIlG>;URiF<#RFbTQlZ+$Ysl)4C%72dm6SF!E4Ln8dWu;#CpVdg;COR
zxG}Dyon4VPx<NN<vqIkP9IM_CFFh;s{W+eKy2?>;8{5nMgv|XlmQCqjco@;Vl5DM>
z3eckCkUxC>!~*Td9`aYMFR7EMPPRF9C%Y(Sd<fgX{I34zk!|yjy07J*G`|xPS0Pxp
z`@gcXS6daCCcU$LR<HVOnf&o-ovON^S>#AihMDcbK<ZwvPe0P1bQQ4h^55mVQ!^F7
zBVBr1)8CUPN6Vvjam?bfGgsvqzIlO>qN<Y?g3oHE)-%h#A(vxjK0&t<Y5rdCU4$^t
z@F5ST!GqU!Bx^)pr?xckarxYM=k@lPh?r}F_g)B1>igO64G|yqZhB1;YYCU`@cdi1
zB$Xm|3N924^G2(G*9?1Dy_IoG)1Ii)EqgQT?O&p$RXyZ2Afj_EGMB5JVX`rd?d%*$
zY`28LHe(+_x5=P~564A@ls*M2?%kQfa{Lyh|5UKKYbvYo?%OSS#kVt?f_6G2Ne9lq
zyZy`3{lwxPzrZ%itj*b$_6<GJypjP6yLz8VIog@g9E}K;ION%_VVEBvkuqf8l&+9}
z%j|`ha<Lg>p6eW6=h^Cl?);pXAqzz{<(AP)-am~Rg$g(Q3@sRbI(=HHRO^1J_>1E^
zX0Gp?d3jcWUT5*UDEI%$d;K?MF<rW9F8J=J2@4P1EJ-X!_`tiwx^=6U6Jn(`RUIRf
zbAK>ClB(@<qVDwBazoos%UZ*;c_gL&`$m>YQm%O8XZu6y7oBd9_)ELq;ONo1Pu-a^
zyfvao;?oq9;N3q@w=2C^rexo{hmQsJ0FvNmFf%D3qqi{~i(dHMB1GM3lX^Aui^xtX
z4sy91$FU_I5uG2?TM#<lBpntBBZ)mTA#!9gA$^iYR6Y9S3r*cXV@vW=woS+Mx>B_d
zS=}@&?)y!$Vb1kRIh#>?N)#^^B6z1ehqb$fzPH-h7_OXh>(NqD8@h-}XJrc$;~Nrf
zD)}$FZ;J3-O<NpyyFudNn|q1m)@D|t_IGxDvPI6WFHf)AgB0j9ip9cf{z$?`NsKlZ
zq>$Djtn$yzJZINQ2@Lzfqv!6i{#9ow2bo-g!MhLpF1u`c?!GU>IfOM!I&;st;PkFH
zPV{XgcDCt}Zv`$LcsrO|7`deWH2bai<H0tT4`iRh$}f%N%^keUm36H6N&KF2m3_D4
zcJFPJkt?{R<JXpP&2=DMzxztBh$z`HUHz)tB9|tk7uL^*C+XB#X4H8p^)VMHWJFrN
zsjlo6QnwfD{g}>y$VVdjR#bhT{oU$!WrNSgQcfE;>`BerAx{%uckeel4+jg&(EEIn
zScaQ}v$vnxU(yNmRH@0{v7jY(E1lw&Y*F!p_FhMw?t?qSKRLbbj^$T2Hmalg$X14R
zw$*!@y~Enwd(7U1)W+R-axBNAxsBx3=~R8&n-t@W=MOEmhsW*BObU#-Bxv}BeUUpP
z>{Ug_;~&!u(cwki*C<}@QZ~jo88cqBHskiI)X22yIzN=&@z0XXxGAYrxUzj`aiQY(
z{34SRA}_w3ud&Xs=xJwF^^R{oS}YlHTE5<DUyhDyvyENkLIkJN`5Iesfrwn24BlJY
z^~;pcXijY_-Vpt=?!gvXmg19zrRu2)AL6WS{kTqcGFSDC?(;9x-g9Pny|9^yQ*PeT
zc4o7#i@{ON{5?7*3zG&(hdJ8}SsBDNuFXB~FWhBCqjU3?NJ){HM)g#o<=KaQIUBXP
zeG6qJcSdm)SH1qAw;WTaoTI+wb%GTu|0%9xrE2%cPl~)?v8!%9_x9ZPP<_j(M6+}2
zblan%jXt|4aK$Sts&HSOn6`)!?Rn~}SJ1;4dP}UCWaZoZfoj3DOJq@%%EeNyiF%*g
zzuaA%_Ia4X^kmCVvWZ@XDjjK^X>aYk3yl8$++Ch`805(10EPT5H^YgW`u^p!yQQ7}
zv&JAze-weTpPAB4vMF^)_?IlrTES2m^Hui$xGnEr`OO)+mVivDwmny#BQTPGs`>$d
znlXwS7Zw+-_Srr>^7tJRDAchxEoEC1>egFo-Wr+lsa$5Im+THV8623~{im#~<$NUh
z11X&Jg=}zr$Hva|uj;CzQ<{bb)$8Ikd{)Q-85tS*P)6;u_upcouIlFLnf%n%L6WFB
z{uJJnZpU4hH0|KOW*8G%@BZZ)xCz{BY^PDafkkM&_e@J`D`vty8U5Vd(*vVHL6l;L
zTwQ-T2KGz~YXTo34s2WRRvFmG^6_Pr82T$o%pC%u00`+_8+mj1)QJ`CDKvqEgQ(|N
z4mMGX<?iSvXcWRO?swi%r2}iw8=BEvM_zqq|5|-aeZ{~8B#Fyr&rD|Yt@oZRH2jOB
zH0{vhl<r&jk<8mSwZ$|I1+#^|!~sbn*;~W0ACacpDXF|e)xqdOMn(o>sS_vfEo|Cy
zaJ#bdIb_)Ay~*urezVbli-#vRp{=d0GH-Wb8%F(HB4_TVvP_^I`*O4FVN>!BXbbA<
zcAnjRu&kg!811MzjiiyLIWoXkocPj}+H3HY;hmII@l3fnIdIv?%ryoGh{U|GxHutt
zbaQg`b_;U(ic{)cJv}|8JXb)T*Ux+bc8}zd`&Go)6F-*&lcxi=3Y-D<9{;!Sd~h`?
z!cA&u#rV)Bayic0e!9A|3s2teUp(tZ&+v1wMyvZ<w{zJS_Nk)m$+#ijuvVqLxv6Yd
z#$!3yek5}3FnNCE$Nkbzk;`^5f}bWneGk{Q65JUP;CF^zq4Fi|rq;j<lT74#W<$K2
z9^8`li1_)t+SUHbrU>Gv&=my_@xw;oJ^0z*Kp;KZ+J{JS4Db_A@&B)1SlZ>gedgCm
THnUwM_|exf)-Kg_xcL77c^2tW

literal 0
HcmV?d00001

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/kubeletvsruntime-restartresponsibility.png b/keps/sig-node/4603-tune-crashloopbackoff/kubeletvsruntime-restartresponsibility.png
new file mode 100644
index 0000000000000000000000000000000000000000..39cb73e51e3502f892f6be3b9b1ead0577a59d26
GIT binary patch
literal 26446
zcmd431yELRyDm<bG$J4=9ZD+QB`ICfQc}_>-5}CPcT0<ubR(&BcSuNgo@ep<_TJy@
z^Pl<8nK^srI5NC1?}}$VYd!aU-Pd*9Z>Zv%*BEF|(O_U;Fr=l#m0@6DJ;Bc$3KIAW
zFOU0E@J8QUOiWQ)OpHR&-p172$^-_6KH55}QdU&yad(SG5H;o#5o|;o^FHcy78g%N
zaSRsuiuZ1M^6=HOrxN0Ih`)a+%YKr_z!=2ASiUzv_>1$`7lEeS!E=0cyM6iQf_rmy
z4(rb&t<(e$m_B@M>P<WgQz!Y;76a@Y6pA2*Pik&+FB9G)EH<52lV$cUq<+z>c38C)
z$}ZeqKl<&?>vZJOyoqRk$(VB|f^VcV<&%w<(!iPEA<R$thkk|QCt^Z5wVCb*M^p6}
zq(cF_5d2b-Lp(d~**t<DbviSK`dqy`{+BYm5}x4}BzCN8&oU|fsk47&wY5^p^=;h?
zG*y`yJR<q{y*?B!tm5ahH)yXzZ&aUWiVoofguWV3++yEf<Z*v{NtkGjJ0|cs4UTL0
zWIee+UJqW(p>>|MHsCb2Y~)CdD?7Pg1QxxKXJ`jusRePS-ELtgVze3NirlyRjE*GI
z2u5`9vjv!ObrVf#Q+at9M(`R11~%9n1_8W+1wY_MfPe5YK`_YRH!k=Q&xHGrPhmYX
z;s5jX9JHZ`ikP%C_^o1OZ({Pn;k}LHY@aeEIMjr>s-~l+yd1BQjWx5OvCTUZW>;%l
zXcriMS6=Ya+QiY2!qwX9g9ERt0Oi9Lyx=wTXBJ9|hfN$U1t>M;6)D7Q>`f>*nOT`x
zDFx9eC@A>tjZJx##U=l>J9sBR`QFjdmY0Ra#l?l$g@f6~-i(EfhlhuSm7Rs1{RP<K
zg@fA%M?=>a9~`LuImmw;N8H50$ll!6(cI<(1$11)cQ#Ir0+f`{iT?B7KjSoUHUF<O
zeQ@~KWq}K1fj(hjV`gRf&trpK`Jun^Dw?~RSZRryTZ8EV=Ma3!#mWD${r~pKf1UB)
z_SF2ZJvq49{(aAX`{cjxspeo}FJ@y6PU$H4Uw7tTJOBHK|JsqC1-kNon~8s>`Qfi%
zo(0kPS^o2$38IlmajC$-2*XH=i>SK7{!K$nRUIej!J5}aLkpq6m62h15f<kd8X&`^
zjE2Ve3=M^m0*yY8f>288sZ@xRj0~!uqf7Js?fhj+Ek_k!14l#EHLcg?aZ=j(!r%Qg
zf%652;g2lQS>p86!f@cfp$LVY=J%M-)Udb|u(-bv3QsP@zzYgrR!ZSKa>=y8{1_P2
zD42LbZ+K`2Y)P<1M`6{pDztg#$fk`Cf|L(Jdk9Rt7oihpiVSp2)vFtfD6p3>Ax`E9
zR?d*AiZry9Oh(JYNl>W37KUTfR*c}lsES+1T>p$j+($+zoHs?D2HJ|z^9~6dSc)PX
zMR6-w$*ijAVZ3?6i_maT18`s&Z&|mkIOCzygFzGj&kUM^0jHDP*J)=$I+j*`rQC;N
z;Bu<cNJMkzPq9v>Fl@c^-?t~x?ffT``rh$3m&d_8fvxWa&8`mTu<mcq_4yO9`KK4_
z9q3#ccZ}qVP6Xgr?|sZTodaz1GhoJuxjsB!?TJ+IiGiyP;deWdqG$4q!s=3!)A3e%
z@%DQZkHbdiE8_ffD%hcuTa;L>XlP0^@xYXxkiENwCZ{zLT>Ag;M^R)yKAxAAXjMrL
zWeDvn=R6`{{<Bl?Ce6N{Z2V`gbZoBmY>g74o0IjgOc8e11B3DvcI90ZtLbkN=X6)@
ztKFaNuh0HYnXHL@b=VyGxjkO&Db-e(B?s=cu={ymJd<+eJBiEN^TpDq%WllCEGOdb
zZm(s3IBu2fq+=e0#|nHrb480dylV4DUjLOP#?~!{&`HW+8m?hS#NY>mw9f0a-TR59
znf`QVG64)yW;9>kWVXf{Cwj&8rRBtPtroAQ_<nF_@|1EUCwQ>hQ^14jb0(Co;!o%J
zF2BWgSyVcnQB8Q<adRkbq}FE9=c`JEYQ9lVgu885mHXYrD%R})nYZBQQ-3VMsP+B?
zZEjx2KNR<O*X2$_{s**Rjbz?NdXEjJaP^Pm$<oMvdH&-|Vr3K9fcaGrk7-vJKJ(<0
z=b98?gM^7v?S7k<+YMajs}pk~0r&6eCZgu6bFl_Xmp8}5d0JJbBh8*4b;&!^xb3n%
zZVr2RiOTN5C+XjoP6<&SKi5=rKig#h(;16L_ola0yY{8!CjM*?2667k^F7{z`34tR
zaAQs~f0t@=nU8;sf3DZ4xi{ZXfX{ceda&Ga)PW@=wZG8h^fb|V!F3hG6P<%{rS*FN
zzHyWL>DnOIVjOrPQOLZ*S#QqfuE!D<<<aF$D+a+MX1(WA7#3_zistn*h9-u~Mvn>Y
z?vmieTjR9VrJeGYFD-Xh{XdX6+Q8Dt19$#yv}(DYE-O=TYrx5F)$lgIEopu(yGh?4
zZ&xPx0{=4IhQ1ISDo2vU<aCcC>FH+AhNa8H3*jii*AXOdid_FN`NAV(N(G@4oh)Gz
z-^VeitX&+gs&k@b2zvey3`Vs%TKhRtVJP-9iKBoM>(%>T!s?}OX^K<|CT^o?<)8kH
zXG(~BuBBYiCVaS_pucT|j@e7TL6(S4?tNn?5Tfx_Rhl&<Qy-%v%3}QMR<k6fzBkto
ziaS(IIFIl4K2C#l86MeY=B^|Tp|~_2Wu%W;)sb0|4fB!LBYm@_qA9Nqho-QDq@S6O
z<Q|R4vPhrpPOlf2H^(^tovDwj2JztXWK_XqvP@UGQ1Kb5dcD1gbx$x{`+#kG0IIv`
zpO`2*He8<~#H#%iE*lFIj3GjUSQ^=Uvnw{!Ov-^&9+j{sFTUnvM;gGDDCGq0Vci7D
z#53ldWALxPvR{*OTMi^}w9OU|HJ++4bk~RVhe0ToljFCI=<)k_-S9i~k}eYjRAkL_
z17{)IC1JPyrt=daPR<*T=<B_P;jTOVY6~^%MN(D+pM^Ow?z=X5-;o}<U%C}IC{-hK
z^$w+(ouPQIi6+BZ;mc8OE><IF8vTe~nI3ioV<mtHH(&hSlzOvP(a;(5IEuv&!&rs&
zSu1s$>P1}yf29^yn@!v7;^#N5La_2+b+`UN&L^6(QOTEMNaJ&v;HYU2eAM&fOA@<D
zOw0Y9c7c%lNn!djUqfJfzGX6O>Z4Fb<~Y$BtLfC7L+&RC1{~zCEaKj16|29nmOWS7
z>dBsZA8SyvFP(k$!u4w2wa<SNJ{T<JrIWz2P#*t|ZeqFTtj7kU7|w6$ZOsBdBP71y
zeZ;w)ig>rQ(F}7WXulSsVRI;|6ZgvTkD_jwLpuK%Ic%a9>!0@7jU==5=*JAo?`Inw
zgc{B(?`6)J>GZw07S?+;opF~W%hFDA7>M)ZrmM{Q^JEhcn7yzE&|G$>vILlz^_xos
z-k<F+?#J}!%cmf4nLnHVZa%t}pzl>_Rjd2M@i#mQzYnusV_}oP5>tdom+sPSET{F`
zt=~DpXOBfZ5<`~i;eV#_)!qdqpmHKJR8lFHXtJ44f6F`BnN)D-)O%!gd{EsZuLjol
z_=0-#T10c(_K-f8*X2>eVP1N;B^Jn&AL~A<G0HJi6s^KXeqQPNWQq02^@H(1qEf>)
zh*!fj<wxuNmgVFnXsnvTS&c`1OuU%<>`Q*3w{UBpKMOZDJW27|gG*sKBd|qgFm<ok
zYUe=NOTngRqNhttH;BpZOmCgFX(_e&$|2y$3e)O|=c!nx!_$PiFS|FD*<<RpF_7db
zy}?$-(n1`W#7bd+Lai+OTH{){RrSRM)3*=vyni=BroRd4hhq*C4Xk80$PzI5QcK6Y
zR}oRAUj7W5=Z7yL2d4r*2W#kVo4{c<^!^yDFYFC#UFHIvLV7s!Tg4#5Q9P1VdG@>a
zz2Fv9uS5(j>=lu?BI&kx=_+9IcZCi*fxFea=)uOznat*vIi=vk>3MzKy7|-~mLTH~
z^$%Fst)=SKQiJg&>C`4+{;uWIDI8XtzEAQN=)aUOMk;^y^Lz%Q-*n{1B!Od7IEE`I
zD?x=oMwBoKSWP`R6tS_;8&(L-<S)F_h0qK|1c-~PC{aHj-XsE$f~;awS@wXDUITn%
zhtRwB@J0@7=U-H-sR03|5Gnv$xZ#ZLp*JYBV7s<4?Gh&FWS!CAaVCLf=YifJ;K2$8
zJ%e?BWJA#&j5~vH5GIO-iogqiz-oQ)0htOP;_zt4N43KP<_5$_3{15)_$@e*gUnYa
zTx6xB^zY8^g)?nY;@l4yQhZ174pp&kj#u+$UHO^y(&bUD;e>8aVwdvHZ?Dg57l!a>
zUYPE9(6lBsmv<6oKxoP@5sU=eg{=4u1m>Cn$~%uITz!}VYzTd<3>l3>SKX=s#@~!<
z<neGZ@4y?8IkysCX#5v4J~E3M@4^+JBZxrBK7=n)jSd2K`d~`0Wx@|1<}Cz@R(6|}
z+t5@kF@dL9Ka@@IVFuX1Oi}FdtEWLj@}LpU+h=0yhK}G%0cG9Jw4SffkbKI){Cd)K
zUp!29CxYmC=@Zxy2A1ZF>?NX2=bud<&mDhTPL|;}EbhMax^Xq1tE<$d*JK8JQnn^}
z!QG%A(B{|@u%n#o!_1P?BXEx@WTv-j7n6CO{6=7Wkxh6!sHGrynQLt`<bFQyvR*x@
z_o?u4Bp8zw6__*YKU%ENaH;vha0ASSa33ay6Yk~yRN#VCqMu5>6oXhWdVDaMyA-u=
z-`ES;IM%;L4A8uSr|JB2!u>nCC}p{H%6fDn-cIjR(>KtB$@^@iW$p>8r$1afbRL_=
z6`Hde>)ADsVwLmdh<+x&vTTf7PTi_^*fa*oW+Kn{XN>u=0?0<CmX$n-Y(_!Pb?Ov1
z22%)9*5t(CsH0%OJmJB7E1(p--sK?TvCq{3>t`fip6U90KLI3MC?!)XWnWa?-<-|b
zD7Scd{*0xIWJX@k;CEBDm?&Y;_c#n(>y7SEiO*^BTIoccu6Ho|Zbv8uM{U3Yo9tq>
z(qgkHxHVQ3>-cv@&2|-cXtGqB4kV!Tf#g?AA{Nyj&p+@u{)rOS0@!H(o6El57PuC_
zxIs}cm%Gn|^K7tOcswpDmT*u%KYjJh^b`cIgmi(AeIT(LAFgzbG`QF#%nX7IS&kl6
z=6QYg&GXush}}43$Y^`4$bP*KKjC80>$)@ooR(|4!q8tf@mhNNo5?A~caKYZU6z0x
zGNbPBXe5lMQs;Z~Cd26h%s*{c3Djv%x5s0%#De>(Ehlx_-9$l+;|iwAdOP;3TCvPR
zqg$Rvxt{&Ol1T9rfC}R^^gY$~TJF7wxIUx;sMCc;%xRT4*XX8#-VwzB?sn<h>NNmz
zm9xcBiTGVB$gl@`dkaAQ5Cf1&lY(Nw8`30zVu(oAxvXx%1Sf!m`{=PdxMBp_!Z3WM
zZTC24-M4o)#|mjr;1#MZ#vKJ@zC33jVAjE&bCZ1rf`%2`_pRA6A?X-uoPoL7YD+pq
zw8v31)t0isn51j<o9TD~BGFHnbu?|lM2n2R0ATGc`{~JxlBY&rK5OwKgt-r;^00ec
z*a~2u>@Vtrq?L~^)Xo+XPA2en=DWGS%8S>LWbvv+%3BxxUtWx&H3Cq|i|&s!@P_p^
zQ_%D3<TvL%EIiVm9v*`ZXMnZc#p)EZM0w>$a-~fGHjEg!OaQTw0@XI(#;BJ6bWCL?
z0y8j$M)ryMLSwyZnT{5e3@yjMsxkHBZCvlSOmbZLAwGKh3e*-YPT{`r*Kkn~lm<{X
z&;4{;o!jd40N4J>THxT^yRNXGJ>=dcgM6C0!V~5C<)dQDDay4Ubgi#@WQ=wuO5Hmq
zRWCyDH1^4>NW4I3=p+YA^1^6GZ74AdM7+_X%gu}(SeP)Pl=>(FJy#J-67EcSrbkbn
zM}2vr?H<1gk_+O8#J#-?`hG2gr|nC&tKAq)VLq2A9Ns9qm#jiOkB%CgcD~Ftduo?s
zl6f46Y#NY((;&dYYP`Tkz{iYd#C-ZvigmQvVKZW!ntz`xrJm1u_t&KT=FkgJV#Htx
z-6(Q?n4{0%>XKPnhGBxCH+6+if>Xid{KzJIE~!`>&!q7~yen3e{Npa0_4#lDOGf(N
zjx(FETDO$LOL?$_51=KSUeAo9$9J%_HCdif^Qj}3!(~tBwjG?{t7f%dD01^LKBFqO
zjoF06rzhiw%llX@Zd2>aWLKw?`r7HD>ab*(?k9h;Gzc}FGC$Z-1#<mjDsRkId1*c(
z4#G-N(`Q>FBK}ap%QZZ#`a^c8-o(xvsV$<bP--w8d}>YABWVpVnlZq#>=tA6e}5aP
zKe9=diKYzfM=B$FGS9{7Wcb4kR4&y?NDG`*X2TK8p|XTXL{=}2jtQ<Yrdk6FloFVA
z9r<-S(rRsAbQvHhP?pF*RD`d*&jKIk8I}%3r6C$0&+hitXhEbZv4aW$howqI{q_eL
zkvazw`ge`_IL+5}4FqK=`TU?ZiXKTZ99o<bYu!BA8g*B+$LwI+Tk1+{MA@V*<0DOv
z6*d6r3(LpL*M?tk$WM!xtRF^0+Um~_n?By2&wGTCE+NGR_$$(^nTpFFvpaU6wf}wr
zwNdc*E5G*O48afGexZRNBnZRZQGh5cMBhytNtpT`O;A};Xo5oG=yAlHQOJG~8Y}5?
z)(6*6nH|njQWoX5s=26)%fAeER^?RsXkZeBahK#4%RczN3t#rfm`hygeC)NlfkAXN
zp_n9S^dl!PU)1?7B8!YI9*1F$IsZAdgd{;aWuttD@Q_<c!JDkn1gi&B(kbP`c}s|M
zN#}R$V0#mr<5J%$ME(sF9&My8k3o7opoQ|<i8om2c$smn%zo%_4c?j!2hYHt`OjbN
zSyZbWSf!#9vG>L*2o{ltTAAr;a)NYt3vyp=3zjB4bV?~!a7xsmWJHK`03Q{e{N0D2
z07>5m0XH1L1HUX&5il#%20|cbUtjyYdZ1qrsD$$}3<|Zdp_B-4n9SmxpaBNhM~b2i
zAS60MiznjHWS#*S@qg)5iu8Egb}IoS0`96{aS`?n8qbRQfB~X7zGHo92$+Cx#y@cZ
zlOpG*dJZa_Z{R83sWR+9;&IwmP3=zyc@jMPoiyb1*C3;A*EF5YSh8EsyiBl7j}oT9
zSvo#}FX9rdV9xM7OA069Q7+SOVKyJlj|bSPzttDsq%#C3hCcez+4-L9rgqUQ_Ud#;
zHl5$ik%#_%?Pu&;9`D00f*7jT5t{g6M7Kj}e7Yl?7GqK%w9#~ZB1ixsM;1iQJWy6D
z*H~#Kxbi>q6$THQ7sZKa$b{iyv*$>W3f<OBb@2^|<9^2=kNo_&-$YksIw%vR4oZ1#
zOj2HI#R*VQHSEqeXz)7k{;B<@QKI<_<g9o=H|+4UB|2`6NMKobF$EAs`;bH63x~GK
zp2qg#z_5+aoehuE>_0NCg-SmtAM#xG7nnm2^4UuM|I@55Djjdz0I~lsP+~aUg*=KK
z2EZd%#2;y->7xs{xJcP2uE&J`EyXT+p6j}SqKn#YCB!?A(|QJFW}}(XR=O7tw<1)y
zlVv;~tzzmIjUp&jf2MGib9$2SyZ*BH1Hi)ixQ2c_NE-UxpNZ+TYpg2U0rx@6WwY?O
zgVne%jzJkzivqFCO4$MEWc->~D5l11{zT5nFU_efCrXt6d+ME(d5YE~`S~dvo+@Bz
zoCIVNm|u9`T^79g<XiBz+TsTp>$Fattw`pYd_5q*7C7kDzQ(ypdkY=3!Yfx8h-fvr
zSNA)Cr$iWA@m?nmo7VPlMMCWM7kXZ!m3iK`QsT?wO|CJysY31AvPwWRt%AF+u8T&%
zY*jd@;8`Ze_M^<ArgSxPf!y;X8sFvOV7c2UQXqeLJbY0qhB`DWt`Yz4CtU_16vsCg
zz3-cbcJ^EDIqv|i2=5j_F0{}aL-Xl(mKZYW>rx8zSDJNWo6}|))tX6eyEE1OjA9t-
zl3AjGC-v;aTkMK9E+T>eGC8%7>~9vUmyS4XFSd9$CUn91#lo0f!LpqMeV|Eq-)69W
ztzTo6L?6fm(N%z)`}8#2F-N=Fg64Q*aI{C}Cz|O=B27v*68f<s+GG06b3|K1@QGiN
zGXPPgwo}{7G;7a$AEnfT35|^uy3<T?srcbjqTixdpy3}JFODHMb5?$rX7Z4&H5lBO
z_&=WQP8<UC`F(mj`ZZZ)SrT&MU%v7W13Ndgunpj0ot=j_R21BuR}i}W?s0dy=?>%b
zuG^G(Es#JDn_eN&6{6N&XxE&CLA4=`);HsslGW7K>6(b0DdVn(6s}a|<$DS4ohmQt
zKUsW0y!OL<%xtaA&UY-qi%f@#ezv2wC7;H5#0Akp@<0T*&meqco=TyNn*mDGeWGlD
zN4*%}OPZ;H`AVbU<}Z9MABt3qVmvOEgRi>tO$U>;>~i>8(Ezeo5YBJaCrfEk>|8)m
zhh@?za}51DK$R^gHM5t&qAw^g8~k_i@n$2r*M*_yCE&D7D^70#uM$f1L3a%n6#)hS
z7MMQ)iluOk&P#2h<@!QO&UV%#NqjD4H-J=9&Xd6}o@PC4b!iq2M8lmQn32iEjQgwC
z6Wk)yXuK4II-FYGayN7I*gk@M+%A$#-~<i67&9?tNfON_Q$x>9;&qR_Ccvm;3z9t%
zq@(HL7K^QYXnRRh;?7*F22uW&g;nN#GM(_a6-hAh&4Z-aeO(=^h%R02LS!{p0PFq?
zK*cj2D^!}v>9P6<h+P_qu*W0W5|55!G!`8;27c$K0DPvCV!mYUpOVvvkIrt3LkdXF
z1sg)ZH<c0G>^__FZ}ozoV__p~i$y8MH8Y>8$npS1)lkCs_8vizzcbakWyb*saK6Hn
z)jFpiUXY+vn~-|Y!i<UoF7W%#GdTih)ZMiT&jN)EL1p}kr+`M=AetKU#J|{E6@(f1
zVZ;PJnebOu-8y9Pv)z=};UH6IwcY8o5^~xeyJ9En^5JC|rs8<(=V^o=IB31zl!H8p
zz?6uHhye;~|NLUVhU|mSE*ck827yEf9F|spx+RzW(a83(2?8VeE6@(92^F)IFG9+7
z-bmD&$pFIG$)4X7t{5ZnJ3Tda2*{D}l^X52Zxo{xlk12c(S9+&pA$!7c{cEETmWX~
z5i0T6V_Xz*IBEDw<q{QFY#(Xl$X7lBLWziFNmKehmuSRoM1a_?-7vuSZ3yNm>?B@^
z8cyW6joM#n{a{eR<PrM;pzP`-20{F0ttTHiJ5&TBNqFArt#F~b0>W+4QZ-x(&R0xW
zKv{IrTyCA5+Y|TstE>^MFX`_Dq$$wgRPU68m-F7E{>mqRk^T#{lQ!qlb@jqZ4d8@T
zj_b@m;(cr>df%fS<Z}!~DGFY=)UDUAgAJi1kNpln1FTBS(=n1cVdKp~t@Q1#on{=L
zb4)VrWoB14c|gpb?9eZZh(Ci>0GpnR2Te*-pr8m(uSS^iGbevY75QZdt0*ya0-uSe
ziHLg;@5577kbNFcva0f+{)mXfC>(SSr1uGi@V;pMDw9WUK-#_?CG3cBFye%U+8GFA
zePx%`^Zj8k#$clTOFA@lA)FHO2&|d9Uq){qa1uMjK};Byfa)IL|3I*gb^fruc%T!A
zz;+Zntm*(;`5>%_0!D)QB=HOM#t*_XQBH)#vJf<}1C=N_fxFzp8xcvcT`zC=I3!8=
z)&VFS`A8uD;SB{<tJyw+R`9giJP6LZPhVLWYaBkGl!XK7XpD{SO)5P|(nsw0InxrE
zAo8+1{`rOQBAw$Fp^J1bkY;V?-Y+H2vswWl=cV{~fOTujai32!!8zXw+2!x6owLSB
z!|WT}{>h0PP<be3{93amKIMLx|4}JLbWWYR)syzj;Q@1HLIZxO+Z6`sbi#8WX8s?1
zgx`uUU@vaG+8r|722WXQb6wtE72o2Pp=Z}`(`6q$!4ek7LJ+N>I!P&N<Q)KrPV(!M
zAqKO-$8Ob;$MFFIcdJ;@4x5yH{4VOoYben&3ZWi{Zk<kKU_~+BW^R3jDWku;)aE4E
znpep+!-_5_{-mndce<Hzqp}rCCxJ;X@l?CsOE)*+>#R{^s9f51FU?oW%E3i}`8qpF
zqt~x>ZuhjK2U94AJbA(_XFVC1zShnE2zmaN5XX<WS-k|CNKiS~IW1)8j<+3QrApy8
zKE+bdZVP!bwUMvEq38FP)t;tL8N!vIYC>`BB~Ymg=}mT`+?n`fHP3w1iD%)wpxw#3
zYjc&nD84tZ;vbXDmXjV;SjHo|a_6#(OiAuV5<NV|Kv}HuIu&{Jw~ggET9Lf?=LBYa
zrE?3Zt}sfVap{~-{$BJhhBZlSv3D4x%er3Pz<8}4LE>B*JZRR))4zd<@^i(G>wTI#
zrR<jwoksc?ww#=#Vs9s%hO9fHbT{?fx38k(7^twH-zovxSUiT#h5pM54P|?3<U~=M
z$!{zRwJfA~5*~5ZoU1e9yxvLfk(K;}J~a{sFHMSVHv~$T{V;U0+&DEFr;?Qh{bJqO
zdW0S}IillDz5#W&<1oj)=P^8=P)t9pj$1W<Rt^e8<6H46Q|Hqt4{_XKX5Y7r77tY=
zWh{1Gm53n4(<(CUNnj3b<mtrm9wzI0SJ`WrhyArUUg@+zVkFltK;qP;$%5lZK0_o|
zS|ytDp1cuzQbmC6SJPdxRMV!!6GpxIW9}Iky~NYIt4~rhj+CW(j~U*+{HiP=*}|f{
zO7z-ozp-@tI<i;60@3B9uy=N!+ckw@@Mxw6|5E96eW8g`t@!Jr-!|4}&9X~{PSWg9
zhRQ|_nnnDDpVYfo_o+M`cBGdWBos%DU%A@lFE`1f6=;jpQnt^p_Z)QQYt)SQNTO?1
zbz^Ao+A@7>3{5nDeD9TI`IIWSUQa&Icqm|=-AjciamPdb&CtL1_WV=h$O4X0x8v&;
zq3e>~s#jDqe?!;bzS0B{HR&d_WA0p(si%I>8{Zra^&+V?iG$Li8J9tcU37Vsyy}y3
za=m@%V<u+ycZsVR1JB+2%p&4NwpC>+P1Wy9{)#s%p-t-E-KgABHRr}fDJv^pVAF@-
zbVwYnJD|g`6x-5cOO+wVed~V_^RkGsHj#Ij==9a=-H;ZI^03CjJ86wlT(=|X=ocyR
zN2+~~hHHG;>zw5o#wJOblB{RNgPQ)nXR&Y1{O;BC^p~o(qUqN$Od7Qlw%2!rFVpY6
z^=M?ck)kGk(+7CUM2lQf-g@7MzEtePKJ^#ZP$>EK3oDH;tTi=WWt{kE!yp>fg2vCQ
z^;8l={A|}bp#J{$jxSI6obNH?j32Dlc@}R_w)2y!#u{r94_4N!1w1<O&SatC-?dZ6
zKVvo4=A$VEe(<y(3sN6NT?s3yPgq459q+?qg*?}0{N@_%)|GXDMdCOHn89dMdGR;t
zw)7r1NbcuHb67a_+!3s-F8ho}`z;YCJ8>%?#+7r^EU=Is-$bz5B?|CS=Fxr8s^T38
z4Y{=SdaX^RJpIvFQ8c*~6i(yb&4hqM`lP})35cNMEl}yKc`Q7&AVehN45#ZSmJGBH
zI#eX<puY|<OywiMak=y8&}@Fb;xVKVr1UkwaIVRcP^0{*WOHMXFL(Yxx(VSh|6gum
zjv3bNaklW5JNEGGKn$by9@FO?nk_@DNBr*z8(buGQn=e#!ydDTGii`aZg^S~c9BP-
z^eCxLrW$#iWaVJg+VGWSM??y~Bh(*uO3ksRQM+wPwI+13B<{9^r&M;?u^<%q@j7+V
zYlu~lkk~HbN~4U>4v3$ICtIXSiy_z@gtyIxaT;<;f@>S{9rPtLXREk9ZjPso4n1wA
zGcRB3+|1YgwzFPr4zZMfT72|TB9)Iko_XtijvL19b=T%b(oU^by2C{eIZ=1jE0RM+
zmzy`KJ5_G6IfBHT+$$xT%iJ!5JS$cQ6dmss7wx?E(+xAdE=q;<-Ww9?HgHEAy3D`r
z=uMer#Uyvuao7(INsPz|VqAp1r7A1aS}p9~d~>tlHp`m)(!Mh^bUnU5;-sZKviJD@
zHE;xs-7AO%p@%+xvPdv?5-bYmMG-|8nLPg4&iG_lC}JAhbnUp=ZUE&lU<l6w>8$jv
zyU|2A244wE1^+^2hoM(n_{`(ymnpTZ!{S5fP6Ks)aY{@`uZTHJs`?()tiOJgq(PD&
zqqP5(=2Wo9ij%VQn#!t?axpS3og+>n$yu&ERW504SFcq4N3oX0840ET*zUA;k?J(t
zb(ahrEqbCtclc>4??>n8F^g)LHaTLBGqL+WDor9Jx&k;%i}z;3+>#B7E&$gIObt3e
zd!s{Rvk*eU`ccTS*RFY$C0e^SZc`yI#5VEZTcH-)c3|^o>8FKisQk$h#rRlW3Y){9
z_%-?~&8pOr+zpzE&wZ%~5>pIJJ7f^69BmM+<lNS9dT`W@@(pO-eUnA`Vp{KYquwO{
z3|0tRDy=)qz>wXwx%q7kQ(lAgE!8T#ukLYD0jX(#a$X!m=N9>v-&IfGC88;*nH?v2
zYf!i^B5}4i!@40F5@w=pYS#cVZQ@j)U7jKZ0gJeY#h7iiXUE+mUs37U3A^1v{i$IM
z`YIewF+(QiJWXya=7lxG?!)|aQyq^CZsr(jY4Ma_&7zTvkxb(?7f;aV{-`AO$oVP{
zCAJxwvX@Jo>nh(mw-R4VOcAugz)5(nhpqZc2TYqKu<)GevKDqqtCHs6@@Yw`k+YN+
z-M<7l4c<4m4=K$1Pn8UVSiU^|)|7OvC07p*=ds++*h#k4#S^p6ZqnU_kkRi+RO)v(
z5o%&B%@$SPKYiP|E987O%Da0p+G1-JlN^bs*U+t0V=l(kf4I(Pqh}%{M9aQbTBu@Z
zM0j^>tKErol%W3=L)zs2RI=h{0z-~ea6|+aXUa!M7pq^%*N+$0{JDRR<2gAJRCI5+
zv#6b;%S_Yeu6>+hqw4WO<}81fSZXvnp3rRZOY!vnU9kQBLPs>#6<HtoHE(&-Ufq*L
z@4v=G!8LaI<jAga+u|_94hIZ9$TAqjdKYxhRVHvy^_Zsu1U%mwZ@zKzAC~HIvJ!vt
zywJ440x5V<!d0JQD06a*-91{&jf%EWh&7~<Lrz?PLl5c9CAa4*rN45f*n%Uy`JCKK
zw{KD}s@D_}hH&UOz4fhL_+h*)QDoM4PQ;sOS*Z)UsW=SB5E?T(FbK9JYjn(xNv$WL
z#T*cQR;<owvZ#l^Ww-oPohi}NsOpzSXi@s!<#_3)0gq!y&fR-rPL;vWHs=?2{N9=j
zo{9Q`B;|ANwKo|VPgU7$<5~9UQHlRzqa%O?NAt%a5v7edpG~Fp-2#8lK9Y`7_oEji
zOfa2x`^X%+RxL*FLNPpUuv#5Aie6N{;KSSkx+hGebQ;R8a#-UoUIZ5Z)1`Vgja&HS
z{4W~g=%oFB+4D%b?Azk8-Yqzu9wL}bYTU2A8W%c@m4Th(h|}l~j^G~hR$+)t43)v@
zu*R;@r9UIuCSKR@keR-n4Kq+<bxw6)T#RH=wcS+`-b$d)kLw?$#G+sSOx&orS!pD`
z;3`(H_?3v(H2r{+=oicOHEzY*%TogU*Li^_YKJlmn8V|$=NR;(eSV0P<b_wsB_x%N
z*TlL4IeoAu9&EZ8jeK#k<`V09%F30q>$b(=jLj|OZGo?})z{f_6V)_YV9^go)$R?)
zk=oW^Ov?+3d63k5)FxXhiaWwDzHj51X($d{*<rO6H;t1;e(Q1B%^V_@So^zxRaSrH
z^#o5g@!QOI{5F``JCnuZ$nwXBO)3L7e`%s97WkT99=0O}_e2!DJg8$6P~-19bR>04
zS>Q}x>D;(V8vQ*vox;CdpUq#SgW%-UvVq&ygQvfPs#lmmYJclKwjg7wJCyzk-4$Mf
z=HTM1@-*w07oQo&qA{Om#}r;Y`|8@P_bFmMPd3Q+j2E@ZWyMn5sM+^51ufsV<AK4+
znVz`X^2?;d)kd5`cE3psz=jW6mOQ?pX`bL{c6A#i+e|si4%;^$_ZNUEIl!e;=JF~U
z7gmK+NuqnAbSkFmcH#bl_lq4H$JJXbmX%_C(!ht>DL{CB29u9RN5`lN8JBu6eAq&H
ztA|c^1IQIi`f!$$ul3k2YXhQ&<^R4^eBgnlQ0h{8{c>k~Rpl9Pg|{&#9*(mD7zZzY
zc+<0o3Qr2*{U}!M0*c=ckK*(+e=M*G1vikC$Ww1kWlJ44Ztmw}YT|}Oo1WRK2wYtX
zonEZVx;hKdWTH-;-ghQ>3Ew}5D*%j5yoyWHN7n)2B~^}H%cIyID)m3y%jALn0I?W`
z!~QUocuR6Z?09-WSEKNa0va><H{JfA2cMlWC?%tl4gh-(%!bcFH52vsEoV4%&6I$=
zjvNTkc(@#6P;UiWO@8~QPKK_+n6~jjFnA^lYDeRSFBnwN!Fxf`O2x5^|4^oCfnz_L
zt+pbB4lWL<*-5D7;ANC>FQisXmzi`t9Go4TwpY&eVTMG%fMfSMzaW-`s?=!IgWr8%
zcwv;bn?s~p_4avQayEeJ&Nlf5xb1q+>zW>J1%cDJ9#(I}3uS$qK46W@cif#)diwJH
zlDuR0Gv9xejqw%u^DW*jV?`>jfv!UtDR8FwJrFR!x^FTBOIK5Q93=M^nwWU(*D6Lx
zxNU`T=^_>-@>ou*8J`Tc0XZ7M`cRT}$rCVPBPCiKZcDz%jneJh)CR;r6`1{n?A#V9
zcvYxVZ!ZC9)<zQdz)r{Xros6yWa#?lxTU=FR+I#c&wFwcP`bc=r_Z4K<7Iqv%QCxA
z3z+6}zL8(O2Y^V2jD<vk9(BgU>AL70zc$Dk$+?uW#UU41k$P$JB!_FFzUfeE5wbs!
zfn)(Q1Igh}pDY}l9CTnkGMxlUQDnsVUc<i3?`#PZz^i|AKeZ^8yFS^<Syf166^S4d
zU<3}r$&CbH1Pb}+8BM27@9IQ>l!;3tBLzeR8jUg?b!0#^%54m1umI3G={8=bs|^@A
zlfaJ-6&B-+y84}-!18GVv}K61znx&*<dje2Rr}%mm$AJ0>Z^f|U+Z&D;7Gg#HT?<C
zU5RF;C{X7Mkabu;080XXH$3hEvhRhi!*x#3K*tj}p!h<1axXx;PM3=w$DhAjO)CSM
zoeuD28IW8DIrz$VkOH~hb)tX`!*v>*<^RJ@_on6jZ%Xs|AJqn32fb90e=Gq+ivwrt
z2RgT-P9stUM0<Co^1IpVVm0F00zVyZ^GDA?{w#5&CrHIW6n=Xeh}-Q32^ncX(V!!I
zpB)3ZDJfq#L`qLvQqvM};akRv8-U`T>@mGGO)-FjQz-G1^PRT5I@#JN8b}w=P6>gY
zN920og_^d=zz;>H#(oVrr5+rEI_i7i3OunQ?8EWX+68XFMvFTjV6TrV2#p^;!e`7K
zg@oena3UiH0jpF|Ha<we{$5Hl$*SUgwN-G+bB0afipp)eE#Q9gYje;0t7;J?@Rp7z
z0L7XKpGke}BNov8@vPp6nG1m%&&w~L{F43sFA885kjfo@bkrui$*gz;j1v>^$lHoQ
zK^AF{v->bQUaT?LujFN<_~%!azo}n596~WBdfb#^ew0rO5U;L38Ha4bbBF=sz&fZm
z+=IfC1Wo4_dcpi4R%xifQekj98=|pwr7ovzUJNC_Dt3CCD~02UzHW_Xx;W&PJUM9N
zF!9-;v&m&Y9Vi-#nJ1OsT0boq+Ft>U{?sWkB-6u?+5QQ=vxi4~;mjHXR$@&BTzk+7
zFugi`2MQ93AR#L&y^>TbIZ!AMk-J!Xb08B0(6a<q1B*6*ry>Cu9Df&o>9|XOX|BxU
zeb;yjDY1EaP40SmE)fB@2tdc)pW^TdEdunhGB9yPPQQzf0os@p`RMmGwk#}I0|eg{
zE*`^ucqWwHU`44`eTd8>_=!D)%wcTB+|KWZp*+=GiSsGx-eFjPz^I>XHHfkUofCNc
z*t!)$Pyi>4m-toB`_@U9gwsg?)#Eh7btP1)t+~$Z-DwoBlf_`$07}Ygequ3h-Oq`y
zYW<A^Hn<0Tki9wL<q3NL15y|naRIQfj-=B}EuBt`A`*WCV%vC?y43*XUmsX_<CV_P
znl?uDl0<{@W#F8+(nA<ShT~Fm@#R7Jh_*+r6Wn?NcZ@%vMo5u^TjE%OgJF{fxsDf_
zKAN2T`K_*6!V7frT;y&bq?vO(<#e9?Zf?}I42yc<4;XJD`XCXqDb~P2V&+IND`R0F
zfg?h%nxy6u*m~cuhY`KtlrZe*9+Y$b$+zE_GwV|WY_9Xky8F{rJ)4Y%in|k~DSDTQ
z#2rc|e({J%L<c@RKj#WqSBH`~UN`iJUKYqEypfC`DLQ`H0p$EUiYTcUY*Z78cfHYW
z2#<Yb6PTqTnp;7@qi>aQN;M$n*!j!89@zjtt3#d5mmfW{g$`rL9>4PI(9~I{<|0A|
zf#Pv`=TmTtI>!YwoEuKWaiv33SMv^gXR)P)v+FVy7B7GwcIHH^`P1!eYn^*ELYVww
z?#l3$!NGx~0UGewz3+T!E1r;UNR3VETc==?-JfO%s{pgW1nj()t&_3%peNt}av0v*
zqW{pT`7r<0rlviJcJC$^%8AGzIUW2lD~@-ypyec94*h1(26w9of6ixE+RG1^NfaJn
zR0-Beketu#Phhb`#A12cTQw}m)DeU+st^>;i&zc_%K%Dn6vbV&0!~9ytm!(toV)yQ
zlY|$+2<=~B2Kk=NoVqSxkX@(&;bUIZHGGMP!_|jik2$a*^B9>6LF6EuXmf{~Gea;G
zIkP@^`I!;++720#z5~ia>pEGG!x#>WPADU~LT*4D5MPwJ$>3qza$@F3R~XW<`6=53
z&^KMr1jrr}s3mIAruS`;EfgwIrLpKdo9{SSQ$V>n0Ke%GQPef}47q!5(OlD&R1HBB
zz=-)_<Fj+yV=`p^%P}7Gz2wKZArT-qJ35Ne50HEPc^2R=|ID|7rZuHXv~g!S!hGoL
zw`#JBXhVmagZlgPa-p|9kdXk%mh51}w>8%v*=@P)9e2>y=CIH``ciV01xW9QA^<xG
z79ts>SCq2=6E_e^bM;+6FnaSNpgWsDjsjP}MPo&J)w~ToA6ZcgIM{CE)2#d%_8M6Q
zAcuB;7+ubeoD8b!Z?1<ce&-7-Z0HNkXROM!jS!pf2odOI{Wsc%jcsV;|2mo*9sgBQ
z=|dL?5EC+l{xKf>Pj+fxvqu{C0?!MfQ_8tK6cr;Hfr;T+PGS9cxxPNFTq3p;MR|;H
z2oAt#oxE{_ho4)$?{7D?;ks#kDd@1-IXtV#BS`s7$&R#f>KwOXjC-R*4i+ZWiq)e-
z@qC5uF2oM*w9rrk@IZX&D5{-S2QaLH4uGvQAy_!*0i}a`X0~9r#ow|1{JDbizZvxc
z_{DJp*N1&R)53lde$V9jl4IchXKaBKvse&jC2uM+xI@eG6esa__t)n@)rGKx^q1#J
zag1s*kjh*x;0@X10Icd^hkQbikFLko8xd0Imuj?tE!^8=D<)FtxCLsg&~I7j69QOf
zX7HuU-dqf~-R_HMK9{{XaL;>zA&eRXSM@u73SV1l>?0X+v~siI^dn$vmw|le14$hA
zr`u{t0w0|lo3U>SGQ47d_`bFH7%4U9bz~n%EG!JlxxXfVxa>0n?^fvf;+(ck6Afr{
z_~LfFahV5Dq3KW174RH*?ItfTIqrdE35acc8eqhaVN_!j&?M!t7Y9~IrOTC1EbsoB
z``;~mH;>&|B0w1kK=4cQ!J&-dFna?}PEc<~s8aCe)mZp%#XUD(DFy>05O0H$d7c7S
zntdplJ{?HJSS4FQ$z9zVIAq6aXp5~q`pVyorHw$gRd>D{xCi#|<k1)!*^(P9GXD2t
zWxBJ9@cCJBwNCR1{usoZe>@b@`L|*Q8W-|p2@-bNJhJEPowR{>k$hm#V16}Pcz1F@
zgnfh*fYcPFbk`MB-BsW+4!NRB*i8TU=Irk*9pv5vT|D*QO%ImZj{epz_JQ7rJTU5P
zBxJxKrhK;;mwCdXS7MfF>bEml-Vgc!C?Of#Wx?%r&#R8c%b=}g;Qkyf#(YJHs*Z>q
zHxHUM+S0xcCclaWzVJQ(WO6~WfozFe071M2K98}?{8b~`a9#taO0!`yPYiFt`x^%V
z+3rfNzxA$%*#>6|nIiD>WVyaKz|{a+8?eZ~0Bu;r{d}*qyoVMt+DU=d3~>yyqvK(r
zN3I`nt%O@HH&X0xF6^djtWzS8B!LAl7TDKh0H%IPym_*HFClpKhpH{DMz_Hke=G@9
zB1;s|b0Y&w>&FEO=P^0u+Nb&cz*Ha&JclPd?Q$lc_+GvaCw!K~VfKUs%(2!}PAhr~
z{Ab|N81MVl_!Bjsiay=2BS;!}FcG<e+8$?_7U<nJXLf>TrDSw@qbL-Qt`BtJ6pm)^
zLIy~n?L%EKS4d22k+4W;pu?v9hak7)+eBU9C!niaE(F*S?wT9Hl$KsyO73sH+i^Z*
zdBg$)H6d$%97B%HK|2{r#AvQ`&fi^&?(*Xk8t;RzZ>zt4AQ;II^44Rz2O{^|&GoHe
zfZ!Yzf$igz3#r5F_Ub29B!9L%CrIt%y8|bzDNR?~#WQjUu}=p+Lbj-TypSF>aX-_)
zKO6mJ=q1c^6*3m2QaDS0R~o%u1+n-0cK+k6EYth$ZzlaGuU_qNjd56@=e_(4BGh)?
zk-qn>NtXtEVAk&8)eVrj$CfQ<%>#?4YqCreCU`LUlU&lhuFS;-S4!(-d@WSslxx(d
zEu1X_S@fHA5(>_cODv&sjMEYbTVnbuXd_a|FN=Il1QAY^;9~_NiUi*GL_HHjPt>B2
zktVk2m{uIl`@MOw`eEUa<{r2{1aXI(J+Gevr{}NBl#MhX7ZO{TWYrfn5r|<FN`jK+
zvv%zVA`6&NH*N>W+Pk+1QZ6w7QtV@<O<72a#X}HBYyN(rGU|XL95vuZlDV5R@6Rdv
zQ(9uHKkZ}i4uhZ|JKeAVHV(w9L9=u>$+&khpbq%q`e|)AV=<YU9x-oFw64N#RZ@ho
zQC9A9ySQBZHhn-PaxwAroqEJL(f|pzj(-o@0LMlUi)q!KAAT?cum?l~^O4r!a++T}
ztU57Z>^XAkJw94s&A=XGZwHQ}t4k%`c6?v`<l0BRK{Q6{#EF<v^S-L;yY;NPeuvY*
zSTR8Mp!Z}lUE^S{e!uy8?XZWuHpU<y3y(<s4Qs98>Qg2(l?q=4P`}$^qqrSMO#fz8
zXr(RZL|t##Zyx2;e|0?GR)=YV#Q`VxjCI<T3Ixw_Q}Xk=J(&Rkl1*1yOhHzrwgF$P
z-7Ug!4>je5I07}&x$-nY&$lUZtSCil(NJNWQa`uab*57)x#o*Z7LvO*f85cGI-p|U
z4{HXRA0}GAnjS^#=njft>+xRrAZO5Tzlq=c*Rngao;pp-1MNvOoJ~eOn4UzOAL*&5
zLfK{mb!Um&!qwe;{!Hf)kym-smnKpJd$PM^L=wL`$q>0se`FE5eh1ru;i6HSAL2~f
zW8$pBf)<37Z+)t!e@iL!ZPX=(*8LOMhwImT)leS`oS}l^u;BOx#I+LR<}Zdcz)%tZ
zNDYmvgZFK;n`RlFv~`AP9Is7kCuGP3m$9whh_<y+<$^$<=fcrwVGu;bZJTL;gr<-R
zDsjvGr#9@q1UQW!4Bq-l!@-AqJKn+f;o7<-Ezqod=U(kQj;YReU?rNiBxHkz)CKHk
zeCmSx2b}G+?&W$-C!UWEMB6v2S!9TcS*^aU3L+<FWX=JV+;fmr0k2Dvm-BmNeMB3q
zo)Bn;tI_iGiWQ#1LvhQ)>O!mSW;5#kLnG9vXK<Y+<lWpKPDV=>!XhIC++Nw7sHX#D
z8wm8oB~RlbziS9RuVZZ2Mt1r1Zb{^AYO%ao`N%aNZll9k_t)0^h?=$=#C=LLf?o-G
z?$QlXqK8+EQvR@*OwZ8CY*RdUD|_C(Jm*e;@4`GE2aR;wT1`jGlP<)-zt#~JM7$4T
zdH(r_il?6}^gF`_;Bis7;4Hr2<Km{BM@$QwaBz)v=elhlmF{*2C2#%EIbIi^-y+^g
z$&C9uV|)JmFwe@nrwc<PA6Y@wtwTlXuZTGQ<JDKL5^YSqR^@Mrh%7pIx*e4yd<t;4
zx24C(0%2>?1GvoGC_8qt<S5q6u7>=%O@9H@;L@Bs$bX>jJBjAeV8nEgs8kkHDHB25
z?J?i@SxrQbR+Nu5=Zu=wysLX6(i1N+YDpw-j;Y!l`CRtm+YkFPJpTA>qX-PWiadyB
z!bV}rBmcb{LbZ-pHh;ZT^lpI=AE%GX8@F{(4HS-*%{-5=nm_|!Dn0o}x6Ac}TP^fs
zN?@=E65h?v|7}cYC33JF>=Jp6Mlm&m^Zc}n43;wt>SH*=M)AxeKlW6P;ZI_}bj2A?
zXAaXY+GbW4NC|47CfmY3TX84XoLZ&uIiSLx*&w~~55C;&9wcTzDa~T{>^`Y5%kqA-
zd@eNfB-ZDV?=ST$X8HAhx^Moy=~#3qf7q<7?#}%Xn+qkqUxBmC%2g6>S;~jw)^^va
zW}4FHoEo@RQc(g1<j7eFv&3nA=-gH$nHt}Bd0fh_X+oSFHZx>nNk}*4gPJsiLI1_(
z@PniE|FQ06(m(P*<ZB8i7ZU8VNau5Tqh79O9XMX1rP6%8$LDzmK^IVen*~|}1Hwd!
zmXW9P{=y4a5f2^2$O1jkPODR8=#E<vFWk$ou&5sPe2xX-Y;T?kbl!!rmjlYCKU2hi
z4e(^V9)Q`h-xwhB47UV!xZ07XlMz|_Kfj(am4miqS>T&A1|V*vOqY)-y&RcP4(k84
zWbdZ)edwGKc0y)a4HbsE4#3hreN3|D4qRo`E5S!Xz>n*=JtkcdGxgnECASU~9m`N}
zcd9#I?+mZ`2sIRHARB!O)Q0+5vzh`#KELlEt0e#&s_ph1&}^Uqm{LB46F<(RSz#)?
z0(f}Me`g0aUaWj#&Zpr>U8KeihpL#$$@a`4a*qRFbV62P;K88=Zd$yl^_H8Xe$Cn&
zK+X6m0D#~`2KBCtm1=9uUL9`^mm?F<yQ(zb-+ctFB@qTJS%51XDNrD<w_6P&0*nO8
zTTr<oTTcdl=mIH}5x|Wf2Kl$0cnY0gvl3YJzW`{x{T%?V7_dZT0V7eJ-2y-i=Xq=Q
zV$N$U(gHxZC^vh!L6}mtL{n+Oedh&e77ZOp<I@PP1*y$`trw^G2P+OL0xl>`fWKIi
z0IWBCgtH3>W`QheB#*F>3>w1!4A+IFX2QTwy@kFD;1NqBQ2F%6(zz1HZ5A4}GA}aR
zHi($+0bYTM0h8OSQ_yNaIt@IEvX@f^Z<6C2s2>qx`9Z|-FK6BN>LkRaCVg?BIHI$V
zAe~hQZXSI=?iLFj>_G&wYN4WtnalPVgTRjWK^t=EE*^~xH2{TQiZ#l&VPV4-dFH};
zK_s+?JXQ<7S?ZpyTf!m*GVwAWXFFeCqX7Yo%NqD+&6utM(*6lLcXB}+$xIVoekuS@
z<7hp;hJ?(Uz~F2^4QjCPrYG%AZxWc(a^IxAg?LcwtHi@=ZK%|+o^jhub1?=y!Ax}(
zprYYM6+m}`qus$~hQP-fkK;iu`>hcgK<1%v+279N3=BU3BdRel%VNW!S1pX<JZ!Zz
z1t647;+)3=tPXdhCoa?3&o7QxbbqKeI8k!cxl*F<r2?yHG+@=<r?d<svH|ZUp|7~b
z&%RfdK2Bjm#r|3rfQrclF5qu~+VwUi#dT}@j8}6HdOIbj$qqV@nAOSKD4;evsL{Ei
zfX!m8(4dfgC$SabPefE}tCo%dPV0h*qaX1P;0%<3S_<+OjI|#~eIzhiHkfy;(A~FU
zHuClrg{y>=2W@+~*KnLTt@367@@F5_hI&^J$mWsn3iMtD)4(>m`1A=qZx9^%oIeuD
zA!-WZE>7lAZKP+#7rFg3gTFlFI~W>*{1z0=G-gAohq~gw*6zWwq|wyPx;X?sOGCf-
zpMDQ!-?nL+l2;G@xG-S-t!#hd5$fuoesHR#`YP!B4KN2&BA)I}s|X!?-{0N(xge=X
zwL%rNK=iT`E(#o+;u%z>*sXR;@6FZwXLgrl&x5F1+kmVoh}!A*;OmP-Y-Cjs%_H9s
zg5eaZLs{avPn=enM%HLSRJJbq=Xu8s@fA+tw0;-TW`G-#4%~gej}7S`q?X5!)Uy4C
zGYFDevY~QafIR5I+9n0HUl#2d8$C>;JDA4*t2?#!u!;}Um56d#O;LaX`D|*VAl<#s
zD6s|Zz$yt80Wts^Lk8o!KF&9nATEj>*e3$xayJ7xEiEwZgMp$nVN*E$S!ilV1^96i
zKtm4u^F7_4(Nw`|4Nyb-O6Oq%cjxia&R7u@z%$W3WFH3@`D&1nvB=^8xP7DNc{)C2
z`m7KSiOL4Se<PUOiyo>ik;z<JQ>eqm;80~Kyzc$+zB4?3UWNdDGXd02clYwcoF*VO
zK`Xwy2b0Ix{qNW0V6<fy63bLApz&G;h#hu`6!xH*NtX;s3UrZDLP4ie1Fr5(;vw*U
zs(fMAWrSicU^1X)1gFohKR=}b%}Nzkvo-R-a!pRUKku>_5A271pa?Mr)8KwK3&JI-
zH|PSgKl!6nq~Fr~5_I7!=Sn>TJ-cz>s~Y;j*A37BZ?_*m+iK6Xsgfz^rH8&KB8EwW
z`O^r9SjKlZm-e?;PH7sz^-BZX+3a>J;#w63z7dn4s)jnCRZHKh4bKQv!$yM`P^vHE
zr-r3Y8f2(xBH;q*E%T<GZa{Bw5=`TD8nL$BU<dsiP@{yNCvY;ie*gbcT0|PJpTM&P
zBCN;&)KG_uUUj0VP9+&01-_Y}7c~E^0k?hJ-`QGAG$1#`0E+*SI(j7kQAl$QaPLFy
zYkF)H%zD4{awIW)-@QrauV3p=P=NAOES<u{A&X8O1)yr8KM}C}SVKh&IdR1|0L8fz
z;hnJW3O}f;f4l(!8V~(t6dWSjAFK!^{ZUnXUE&B59!jXu5p*ufR|NZtz<)%~9{?b<
zZ*qWqu`c397Bv6oh$d|gXXukRIQXKXSo3?`)FqV~n6P?YIqr~@O9X_{gL2zF(*xv?
z7n17KWKqIaD1}<+Gy$me>!IdfvlgOvRG7xCW?avv&2)iGS0%X#u9kV{2Rkg0%<mnC
zJZg+rMz!s>ppOr6HC{unvWx-o>#?G<%}#RiB{8I@Y=S%adl`^#wSuqHq2|mLfR85>
zO=(v_d32Sm9M=uHQ)~j6Of2ZvEemf^JpY1c_t#|-&N~Y+P!EIya$`}(dw)S-HIy!$
zbu3KMEKASeU17XLE>@Wsv+j@F{%er`fGAeyptQk6`WnMWog{DVGpHT6j-kR9q-joC
z`DEiji2Mk0w+nOH+Y&D2bX)*kIOmT8Cp%IBSzJlP(D8B*r2NwX2N0T`z)oEnV*YP(
zj1FkC*?DT(H{|vf_Fjn9Y=B!rCocq%_&ZRHMwvc=%w=BH2P*Ee@(%HU>6Zf%d$=mZ
z5cPe|K5+X<JQTNnjNGOqY*4#6du2tB>zHJNtt7j`mmhqqfF}_Xwnv#>6C+6WY&l0M
z2p+V;#}UK5?Od?C`+#_g2hc-11G312{?JX1$Mh=RC{~-09wS}Km<vSG-=@SW#F?r9
z&WJ?1c>tyBU)l`+I;71MQXzyb8h^gUtBY{okysP63x8?~;n^z8NLdFU#Nf8?a)1ZW
z?q{Ekc@OB1saORx{{L$4%A=uv|2<>hM~Jc~A<CevGnP;)Tl}(R8N^qbqHmUwC1X!n
zlFF7WA+jcA3zIUkWKD{!QI=%Q&V7HT-#x#3@45fpd(J)Q{^K0R88e^HGtcvSzcw@K
zCWPseQVJEc{_ODWv$K0!_TwKpH(DqA7hYd#;9oT?)J|MKS$?cX<Dp|Qq4bt5L}-*)
z>rXexBhn9B(|j}i9}PyyxYE<9+`A!|_RHC(qbMK=d0f6fgdP&N;ULgpUYSH)iazJh
z@I{W-ToA-ODcIc;%A6_Fzw@_I>yW(kwqK*Ww+9<Fs8z{Hnqo*T!T6Ec`R?N@!rBSM
znKVGT2u1~H^)kz80_AJXUJPeAkIOheVRmu5a_<3=w<N$ZLL=c9%=#xE%2{XKmvzlX
zv{0Xpu!pzo7C&hGa+|oL;d+g~L`^9oArfyI9CF0Avee?6LWRy1`&Q^MI1<Xp(furW
zb;#eue~CDtIm_TR(`STKssQ~{OSx$E2%m8x5TBs9s@_JA1R9P$Gu?3ywfvW6QzjYD
zEcm(1sLhLHqV0DNsVLF&`^CJ~ye)}YYS82U=$c>OGA}9G%k=Y@3LcaOPUoa2;IndK
z(Er5PR$OKiysfDmavp7KcCB99>+j#Q)^-tjIL<+T&!tJD_mG|P`fTOsdF$OsUajx)
zHmwB>m%+#`m?6HKh+EL3-sO5&Xy$IH`lJ2sF|umBWEEX^rdj+iQqG8R@T9Qs0jTIG
z;a`nu#ppInCTLqBN9VJ-SU0(?u7x$a{@QD=q!3dD7Ie+XQ(6~_-uB3rk(qz-V4Y~<
zbQ`ickVNLF4&)3$;i(E(e{L~9Uq@;<>jFT+47NO|{cwdd8Ohm2?Q&wuBMF0*=Wd#R
zzRbR*i*h^*>2>ta8(3!~8v|?~qTSpY`FxCc;?SIQ_-#bHq1EwJy0_#llxk8$0Q%}l
zX|?yvv{&;dobXnwIPpx5zrcrcr)r-{7GSX9dqSk_t0Tu{lF?YF&p39Ip0JTJW<--&
zn)^sMp2e=z`nCuAwWlDmZYp4ubxMShXCHmt>YO7n07Wk=w~9#{SJUw1iaBhE^EAqP
zcRhNrvE5%{zS8YGrt-2G5_A9{(Z!O9G1-|B@6}U=>(ao60_!%L0a=J)E@_e=`ZL2%
zD#>4IvU+K<Flk@7Kl_Je-7S6^d0}Qlb)p`vh(UyNQV?XeJJ24u)KfsY8bci8kwH{?
zV_h9_!D$<#fPLNdj~(Jsj@cG!LK8s?BHM(DJ-^D|$+C}r3|%dDy2lsCmitFot0qL8
z(mLht0*vcKsz+UyyeLV9?LXWve}d#tKsePFgJtfl<q_F#vp^tHFjz@CL{U^6^*`B<
z#hg#UK$h|p_y%}Re&xSz{tHTmB#P{6ERY!f^$<+7qh`R-J1K3s3Bh55hP%KIIloHK
zzC*vJaf_Q<B21bTpE8vi7`9qFw*8Fv?mv}J`d@)|74Cd@rBRTch=()dv7CXJ91A>w
zmYn}x&|<(lBM){Pf0pPjDg@+Z4twG!WkwOWTO8IN4)MR1PI29d%t(<vEY6$>(uC?X
z4oQ+5OITz#*Z9q~Z!!t3@tL|=+uWFVSo#6Th0_dde?Yx(VHCsR{Or-z`u{BD{N$b9
z)g?yH4%ZJmH$hkoA2N8M6q*Z29YK(-!}dvv)48@KWjb_fdJJLh<m`KcK#h6Eip&;p
z0$L?VnOwEI-A-HkAc9l)@NxIvD5Jk~#YyoJXyyM#$+3Bl*e1ZBgZ2>K1TVyU7}LFW
z1U$i;Qt*|*{E0zki8mN?z+l1SF_F5jex>gMRBK&PxL@dpQyy;q4mwUEeBj>GabeM^
zaxVtH0iY{-A^&<gK}g-p06@-@5@D?%TgVVez&85;`iiU<0&orZzjwC$9PUBuMwlF_
z^xOtADjR|&Mj3Fh33efD@U_1slDCWzRC$1)SZG8T&$$QqRc1|_Q&h9Cbsg#=a^Uz{
zFiX!fR4D)ba1c1|jo&|IK@^Ft=#DEmDy-p?2=!Z28Nfm}!;O^(l=VseDy85K!piuf
z9J7}*`xl}Zr2`=Oc=`#f2So2^1++;YtqRz%8=59=Pmhp88D32{9#n)DkA09R1Ht=b
zM!d}nH}MYKYT7~L+5Wv%LEF`ak2URr)+hKu_=*Bar)5;Zd1CK28Kksjxh;?&5YG@!
zK>QtuKQ6QVW!*2YT)@>d74o|z(=|gD?+BdKd~Jy!L`WdK0s#i?!yt6bBptb+YzHIg
z&7%Ni6Oc6B_kHI6NSguEJ0K9<83lyMv?@fTpW-`9&YcZNoSlB`JgEteA0!A{x33T)
zxz$&h-x@g~m=olgsV%P%w;iOY2eI-bAG?$w2Vz0$7&;KJ2%@IHHhTuL2R;L{Nizx%
zuWN;lhg|^n4_Zr<WBFY+7eC+;iVQMdh?_0~VtqdQ+Efuk*7i)*O#BB7A1e#so2pO*
z^FiLl_LTFfVQm_=j_Pj+LC79nOT4D$Gn<6n_>qlNTRgHfyoq-T$*1=rB%QSnT6fX$
zL-#rZbJAVyeOWlR<}#>vCVty1pIo471K~E*{1%_|7MwqexG7qJuPL;6U>cR%&=y9^
z8G_Be+yT1TikwKtOul7Fx;={{K;REB2IT~IH9-~I3^ub(p)=!WX|_q4>N)#>1$|*g
zO`tt`em01)?!Y8e%z1l`i%}&2X(Y&Ytgrx!P8BpS9Q7S(Al<+#Ev<psCCB)Y`rmVd
zYPiw{Ld1C%WY@kG%zYw@&_1uHk~np+#UgO=z0^tgw8X&FzW<E){xg0y3yBAg_0A5P
zDxD5AYR7P_1S{$$lkOl2Pr&ZRjJ#~!7lC7mIQz%oQ;So#ZLceu2WmnP?p4KyYx4jS
zeh{a*x%<3x8rUn62^m=Pp@1bLUEG-yk5gPc241$aD<{5D0V2fhDeW1D8aOsHd9yPu
zm@U#k)FYdQres=hZtS1VW;_%~n4J1|%_k?#J0Rx;N5v>XdMQcMvc=(*Zjn1+VJuWu
zMC`9Dyneh{z}?01Dc^(4#Io2DMn>5!h(RCkZ6T{$hUR2iSU17;`b_Hw(+eg-@0m8!
zmI2dEu?U+?t4j^s+eONgE62Ze0SzZ>D|1u#O1~f|loiFJ+CTY!c)16AR*A4mxgW?H
z=&QfEYwE^1faaoq(^MOJjZ?{?P1CW39C6eT_qE!)Csz=A8!6;KU4O6Cft5%)ewbm*
zNgeZ7Me{Rl66%Xw*f?wt)5%il>&`9EkRn-7k4Qsjl3QWYcoE4}Yba)QcVv9FeGze^
zVV1a*v5r|GPjw7ai!qHV3@eRt`vkK-tSC1w{0#V7g>z$4Ms5Mul@B_0m`zL8&uUfP
zcapJVZ*-dobj9Q}dUGyAJu7ile@;iGuXgwr1xr;cM;KHL@xM>t7UU#*X#<^EzuXQ$
zNAPukL%>TkbrespL_IG<wEL5M+YUAA^ZfSd52^<~74hTgwFh`(igiCXVrk5ys%S6g
zt}F)vI3s<g*kvp`?IA8{XRM97gv8mz7(lF6&fMJ4FKKir@vo+sIj|7+gy=A`3em9|
z9x{ECPVXujfZwk)5R9W`e+rUj?MTZ0drv>-58)|?G^T@t@=Y^CjC~NAjYi{p=<h81
zW>Gp+i!WzfJ~rZ>w(1_{)Jy2uuk)Kt5xFv@p^Zn-N_uT(Wu)ksL6A6ETx;fy!EwoR
zK34))-lR!O56V#i!0l71;c5dBPWpi;9n3s=E|$Z5Nt3bX*`b0B#~!{-ZUN~bs0}bU
zSIR`<aAju~=oA|&3`tWmo0JQDOv~t88iL=Yk!2zN&JZn2S%an!yQEE<*z3vILnPCK
zXl129m!7_KNu&bdH+N+IiO)qVCmoQ;{P2luy<pV<opAEGj(|DEnP+d%YQI%jRwO@L
zt=&tHVG(mP8JibRhl1Y~-hgFv<K7;@nk!#k+)}s_pdW0_pyVxWRp>N=qqnpq?$v2v
zIU|y;ff?5xVF{11NTQ5T;?`O|l<)<D>1NqgZth-i79&4<LLIYmj3bpI^ctF<0_5>Z
zc^imE{lCK7Z<KCMrh0f)x$bV5agHZwKjmQ-%;CzR_u#Lz9pf+yXXEdi3xz4nH@T}3
zvI=K&U!h(#!%thF_P~2+o=hpAon-a62&Bjt_K=ST0CX=x;nBuPMUU>LQ$ob)1}@R7
zS#E-Da`SEE!u=@z(@9q|-afv$;}^&=SJW?0#)s?B{-mh6{uU7PG#6NF*mAnDe=1CK
zi=-j#x-`%EW`}0Z$G+Mtzv4#lD&Lz@{!qm-e(sM$Brbi$!z^JUBx1kN%OkBxwZ3i9
z`PPM*goerd)>n%<&?4|@B1K+m+Sq|^B`QX`rY@5(R(5*7{H0FLo=~X*6gom(gAE&<
z$d<n(IU``No&KiKz+NcBkSOQ3XSwA0l0R$iYV0XRc4j7&qjQh1NU>4P^QGf!*BfVP
zO8C|WC>EH;J4JY{hC!aFD<V6FOdb4#{3EBcSVK?U&HH>@*&Y|}cUYoeMnNIE;AVD9
z<R=3$A(pThKdIag@4mjMY~)D|n>5l_$Z=FfkSDz$X+CL+GJ8}WK6!~gR|eG5r+?^g
z;iudNUq|CmwR#M`D>f*PZnS&e$Kt1)PQTM)4)c}V)i&6}9G9%QGxd6HBwS+XEnBXt
z%GIIxOb?FxQ%botFFCaSl1~cLON-z7<dSV5=0pERcZve*oNCr?M&_HUqb{KcE^JUD
z#lM(p)Do;)<1M?I{)R{CeONs+H~`{Pr%tV~3;8IqRPv1cdi#jEqcL3DpnZANGIn4~
zhMRuAR&cFn-1z*``Yv}S7PK!={lryzxL$Ey^rzN(@x!Q4*Xd+SHF5uw2QQ?ym90Ub
zc$nYj&Y#pUz<;e~jrfm$`pyvV=!x6csC{S6fM1#Xn4WLIe06XHvde)EZVJ@2GQAoQ
zpJKnXEvOZ20TAl_#df6WPt+J;LB9z%Pea>Ke6T#|9)X$fDv@VEe?vr&S~}}M<R#5R
z;JHrzg#b0;9FhjZS-h{<Gin7}9opcc^nxVq_ze?0d=LQx^8Dg?t83`>Yhj#%<oLmO
z^MEK#ekG^75XgiyN<n4XI^%(Kr(vkJ`jC#3MM_U#tD~69)cv&you6lbzzZ~K<_(g9
zUYy~()vjwmH&@vkjFbaO!ZNgnkC}BB04U4gMwskT(?m^1-(_DhnSh#Irag0(Xd%h)
z-qdmwpC4F8UAER1NH(wO^DV(|d@%98rdY(-;X}n*v3rl$G=l?uEQO<I^Dc1JL1FI;
zsldMzxr#Tq%7Um@5oz1|AAZPy>nosO5ECSTi1W?wf<0q-1)M`wwsF%J;bH=a9C#X1
zTdj<^jG^@lDW~<J2Sa_<CQsmNFin6X-)B~FQT!uP*9Hu#<`aCcDPsH=d+iS+Q@&MM
z))s&oi<o)rL+GJ71Jt`D)JOJtn=lcZ5G@7EKp}1e0tR_5Q(#;iH5R*1sp(ne9bO%p
z(7%BK{q~OEArZ*0v+yEw;9flkvNg)!8Wx`H0o7vW0{5#M430BtOrv1%)6(7)?Z_wd
zs4Mh1RC;DUfs)Y-_v-84ji*2f)cz=Ab+`w7F}TVxYuwGPg~%Y+IIYJ`8)PQYX0RC?
z5fWDSiU&UMllpfZBKY*VI(H~q(}0y+rn+<bcoY?!{ehdcb7#Na2Dsa{_=r`hc8ZF}
zQ2@#hfaz?PoQ0*Ncw^ZO*BaK{R3$}jSOSXZEF|WifTy`yGfD&4;B^3D-io%n@CeR@
zJfnb?wkpk725AB@b0H%lP=lBHKFGcVcNkLX=51W#`|AO~!YQ3>c&HmX#;j|JWrH=o
zCbB-ul+nh>2^h-a!3#Wd4D+*gp-FH<z*X-p=@N@<GeDd7Flo!ETpdJXcLW^QepapK
z%h#t0q_p8vVYLkm(w^hv8c^rmf)C0;P~R+gx0d8>UNoyy$jH!eb9?2XH-~EoFkWW>
zy;mH_w|`xYx8NkPOhGBjN52tu!_%O>b?weuFd8!fpuEp5aq@>M<~VNs+dafFMqV0U
zAc+M69h_#i&}oTc;uMO9il!fAVdWigRsHZ4OIjBT05rS7d#D!C9YG#jkw|nDaqr9^
z71~rF#>1jb32?e26uXS|^C!lkq_I}{`d*5FP`p+f4zo`aB!e615@;^Lqjl=XgxL|u
z9T=lmw{z7?XN#wle$8!yW+ny74)r>^=T#>m`mkoJA&oEO#B;te<Z2P6)4zK_e|h{-
znK=8s6R_$havs_z%ziF!MGzm*_}67F!`H>ByvI~89MTI{2!z0wST2UJ<WVROS#Il;
z6gP1?NMp|CI!qj8Nj$FV9Bc&6$@D2o5-A!3Elmhqh>g|^VL>7a)mrm{FkvJPsmv#S
zYQ8Hm0j)2cWa9TXrH+lubtpz!W{cz`;)qZj!|HF}Y@Q_(ZDcK$&XH$>U{Y8F%rkY9
zKv-KpfbfL3x9g$r_e-4yzJca-Rix)uXeufvE;*wHFM*b~M><yc5}`>-dfbMaIKoE)
zOT@WUOH6i?To6?AEN;w{_}}ll^KEPI;kFNsB8&Q^Col{=D8oI5;c+v~JgF<_t-ZC|
zUw_bV@gN=QbcO!-6w<ab+;e1j#W~ADl~Cd3WEt~A>o5R&Zy*}-zPj=Yz*6MyYp9BU
zI(9<lV(Wu;wf%9<IyA~l$he#c^?%(jy&Ucb$wkK~v$$@iAB1px-f&DFmWcC&V};4s
z;YUi6k}9E={1&CerTi727mo6^=r<VIiFPLRs<Ca6+XHF81;U(IGBg%mDSa7sk80cR
zSie~<6s8>C8UCsr;C%M53;X|0_igCI%d4QA`A3Us8tTmtl7OPPaI>+MJ~cG4pIaJi
z{Yc0KcCkD)rxJ#jersRGa|@ur)7?YX;qOz!c<=8eg7pFGU)Rh`nku0Ew+=V>`Y>NE
zZ-4IsiE<LyvWiFstcs#*+f%z0*rvWGSgtQZVJDXbgMeIyslDF>pD>fiK2P%7Alk*I
zlVU@5w~e%XN$vcbY?YzBO1OTn(S7u*M$CzPi9CiTnA7K+Oh&+K(Wmk;SwvlcW~A<x
zrnF^o+ECc4B*aXem9&5(t~<CS@af@j48>3YjiKL@pOejvsbDFKF1+x{xJJ$C<!lFk
zcH?!%^2#4`-S5tbL2Kie82Q76^G(5K<mdy3NcpsfA|Z057kvYK7*}?5th-nk`Fl5E
zbnnt<Yrzn1goKu#ZW85C^Z#9FG1&Ea0C%6RBLnQIGw(@xs%2Gkt-l!8Q{_)mPAVPZ
z;@yOD7mu5wYqoTR#W9{odMaXK!nHoNe1-e5x61jW@>FX@G*I*D(M9;+SoiqYD?zU6
zP@U_#KZt2BDJjp7bl#zls=FG9al#@-Ql3=Q(vPgQ3vp$2RLsEy=k2v%$`k501O$K-
zQLG#g01`z97)G_h*^CO1l;QWtea?mQ2rB$1d#@n#2O`4n;b#>3{*<w3!*RqppOi=q
z6vohqHpbK7B2>_$x=>Y1)E9?Frblr4FAVBJDC5p|po9If%Bufh;Chm+XB50kckX)G
z%;Cq+FY)_5pu#U@G?eWz{*X&Ro^KZZi-E_#9)a39TJ_shmwOGosR8};2`c}`0dM0<
z@P`9bn0FLjxX<0cs*pE`hqn|cm{D$kyrt6Hu;%Q(SyKU9KfLV!|1<x`FWMHDYC&D(
U@NGNfzqZhv);HEGK7kMUH`oc(b^rhX

literal 0
HcmV?d00001


From 83ca22b2065f4a748df5085baf8c73a213d2469f Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 23 Sep 2024 13:48:09 -0700
Subject: [PATCH 06/36] rewrap

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index d7d3bc170e1f..c5af05f50ad7 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -684,8 +684,10 @@ killPodWithSyncResult`](https://github.com/kubernetes/kubernetes/blob/release-1.
 and [`kubelet/kubelet.go
 SyncTerminatedPod`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kubelet.go#L1996).
 
-!["A sequence diagram showing Kubelet and Container Runtime code paths responsible for behaviors common to all pod restarts"](kubeletvsruntime-restartresponsibility.png
-"High level Kubelet and Container Runtime restart code paths")
+!["A sequence diagram showing Kubelet and Container Runtime code paths
+responsible for behaviors common to all pod
+restarts"](kubeletvsruntime-restartresponsibility.png "High level Kubelet and
+Container Runtime restart code paths")
 
 
 As you might imagine this is a very critical code path with hooks to many
@@ -697,8 +699,11 @@ a restart to know about, that are not currently behind a feature gate.
 After a Pod is in Terminating phase, kubelet:
 
 * Clears up old containers using container runtime
-* Stops probes and pod sandbox, and unmounts volumes and unregisters secrets/configmaps (since Pod was in a terminal phase)
-* While still in the backoff window, wait for network / attach volumes / register pod to secret and configmap managers / re-download image secrets if necessary
+* Stops probes and pod sandbox, and unmounts volumes and unregisters
+  secrets/configmaps (since Pod was in a terminal phase)
+* While still in the backoff window, wait for network / attach volumes /
+  register pod to secret and configmap managers / re-download image secrets if
+  necessary
 
 Once the current backoff window has passed, kubelet:
 
@@ -713,14 +718,17 @@ Once the current backoff window has passed, kubelet:
   frequently)
 * Redownloads all secrets and configmaps, as the pod has been unregistered and
   reregistered to the managers, while computing container environment/EnvVarFrom
-* Application runs through its own initialization logic (typically utilizing more IO)
+* Application runs through its own initialization logic (typically utilizing
+  more IO)
 * Logs information about all container operations (utilizing disk IO and
   “spamming” logs)
 
-The following diagram showcases these same highlights more visually and in context of the responsible API surface (Kubelet or Runtime aka CRI).
+The following diagram showcases these same highlights more visually and in
+context of the responsible API surface (Kubelet or Runtime aka CRI).
 
-!["A diagram showing Kubelet and Container Runtime code paths responsible for behaviors common to all pod restarts"](code-diagram-for-restarts.png
-"Kubelet and Container Runtime restart code paths")
+!["A diagram showing Kubelet and Container Runtime code paths responsible for
+behaviors common to all pod restarts"](code-diagram-for-restarts.png "Kubelet
+and Container Runtime restart code paths")
 
 ```
  <<[UNRESOLVED add the rest of the analysis since 1.31 and answer these questions from original PR]>> 

From fb563353ee2701eb07291df85e34d21ada010fc8 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 24 Sep 2024 11:33:28 -0700
Subject: [PATCH 07/36] Update more per node details

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 125 +++++++++++++-----
 1 file changed, 89 insertions(+), 36 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index c5af05f50ad7..68016ba6788e 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -205,7 +205,14 @@ are considered too conservative, especially in cases where the exit code was 0
 (Success) and the pod is transitioned into a "Completed" state or the expected
 length of the pod run is less than 10 minutes.
 
-<<[UNRESOLVED summarize the proposal as well]>> <<[/UNRESOLVED]>>
+This KEP proposes the following changes:
+* Provide 2 alpha-gated changes to get feedback and periodic scalability tests
+  * Changes to the global initial backoff to 1s and maximum backoff to 1 minute
+  * A knob to cluster operators to configure maximum backoff down, to minimum 1s, at the node level
+* Formally split image pull backoff and container restart backoff behavior
+* Formally split backoff counter reset threshold for container restart backoff
+  behavior and maintain the current 10 minute recovery threshold
+
 
 ## Motivation
 
@@ -281,7 +288,7 @@ know that this has succeeded?
   node stability
 * Provide a simple UX that does not require changes for the majority of
   workloads
-* <<[UNRESOLVED]>> Must work for Jobs and sidecar containers <<[/UNRESOLVED]>>
+* Must work for Jobs and sidecar containers
 
 ### Non-Goals
 
@@ -516,12 +523,13 @@ trivial (when compared to pod startup metrics) max allowable backoffs of 1s,
 there is more risk to node stability expected. This change is of particular
 interest to be tested in the alpha period by end users, and is why it is still
 included with opt-in even though the risks are higher. <<[UNRESOLVED update with
-real stress test results]>> For a hypothetical node with the max 110 pods all
-stuck in a simultaneous 1s maximum CrashLoopBackoff, API requests to change the
-state transition would increase from ABC requests/10s to NNN requests/10s, and
-since the maximum backoff would be lowered, would exhibit up to NNN requests in
-excess every 300s (5 minutes), or an extra A.B requests per second once all pods
-reached their max cap backoff. <<[/UNRESOLVED]>>
+new findings]>> For a hypothetical node with the max 110 pods all stuck in a
+simultaneous 1s maximum CrashLoopBackoff, API requests to change the state
+transition would increase from ABC requests/10s to NNN requests/10s, and since
+the maximum backoff would be lowered, would exhibit up to NNN requests in excess
+every 300s (5 minutes), or an extra A.B requests per second once all pods
+reached their max cap backoff. <<[/UNRESOLVED]>> <<[UNRESOLVED ifttt
+benchmarking: add benchmarking details for this case too]>> <<[/UNRESOLVED]>>
 
 ## Design Details 
 
@@ -601,6 +609,18 @@ TODO: new graph! <<[/UNRESOLVED]>>
 <<[UNRESOLVED ifttt benchmarking: include stress test data now]>>TODO: stress
 test data paragraph<<[/UNRESOLVED]>>
 
+As a first estimate for alpha in line with maximums discussed on
+[Kubernetes#57291](https://github.com/kubernetes/kubernetes/issues/57291) and
+the benchmarking analysis <<[UNRESOLVED ifttt benchmarking: include stress test
+data now]>>here<<[/UNRESOLVED]>>, the initial curve is selected at initial=1s /
+max=1 minute. During the alpha period this will be further investigated against
+kubelet capacity, potentially targeting something closer to an initial value
+near 0s, and a cap of 10-30s. To further restrict the blast radius of this
+change before full and complete benchmarking is worked up, this is gated by its
+own feature gate, `ReduceDefaultCrashLoopBackoffDecay`, which when enabled for a
+cluster, reduces the global backoff values for CrashLoopBackOff behavior to
+initial=1s / max=1 minute.
+
 ### Per node config
 
 For some users in
@@ -615,21 +635,34 @@ configure (by container, node, or exit code) the backoff to close to 0 seconds.
 This KEP considers it out of scope to implement fully user-customizable
 behavior, and too risky without full and complete benchmarking to node stability
 to allow legitimately crashing workloads to have a backoff of 0, but it is in
-scope for the first alpha to provide users a way to opt nodes in to a even
+scope for the first alpha to provide users a way to opt in to a even
 faster restart behavior.
 
-As a first estimate for alpha in line with maximums discussed on
-[Kubernetes#57291](https://github.com/kubernetes/kubernetes/issues/57291) and
-the benchmarking analysis <<[UNRESOLVED ifttt benchmarking: include stress test
-data now]>>here<<[/UNRESOLVED]>>, the initial curve is selected at initial=1s /
-max=1 minute. During the alpha period this will be further investigated against
-kubelet capacity, potentially targeting something closer to an initial value
-near 0s, and a cap of 10-30s. To further restrict the blast radius of this
-change before full and complete benchmarking is worked up, this is gated by a
-separate alpha feature gate and is opted in to per node.
-
-<<[UNRESOLVED more details of per node config re: kubelet config api]>> TODO:
-API <<[/UNRESOLVED]>>
+So why opt in by node? In fact, the initial proposal of this KEP for 1.31 was to
+opt in by Pod, to minimize the blast radius of a given Pod's worst case restart
+behavior. In 1.31 this was proposed using a new `restartPolicy` value in the Pod
+API, described in [Alternatives Considered here](#restartpolicy-rapid). Concerns
+with this approach fell into two buckets: 1. technical issues with the API
+(which could have been resolved by a different API approach), and 2. design
+issues with exposing this kind of configuration to users without holistic
+insight into cluster operations, for example, to users who might have pod
+manifest permissions in their namespace but not for other namespaces in the same
+cluster and which might be dependent on the same kubelet. For 1.32, we were
+looking to address the second issue by moving the configuration somewhere we
+could better guarantee a cluster operator type persona would have exclusive
+access to. In addition, <<[UNRESOLVED ifttt bencharmking: linkies]>>initial
+benchmarking indicated that even in the unlikely case of mass pathologically
+crashing and instantly restarting pods across an entire node, cluster operations
+proceeded with acceptable latency, disk, cpu and memory. Worker polling loops,
+context timeouts, the interaction between various other backoffs, as well as API
+server rate limiting made up the gap to the stability of the
+system.<<[/UNRESOLVED]>> Therefore, to simplify both the implementation and the
+API surface, this 1.32 proposal puts forth that the opt-in will be configured per
+node via kubelet configuration.
+
+
+<<[UNRESOLVED more details of per node config re: kubelet config api]>> 
+<<[/UNRESOLVED]>>
 
 ### Refactor of recovery threshold
 
@@ -976,17 +1009,17 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
 #### Alpha
 
 - Changes to existing backoff curve implemented behind a feature flag 
-    1. Front-loaded decay curve for all workloads with `restartPolicy: Always` or `restartPolicy: OnFailure`
-       <<[UNRESOLVED]>>
-    2. Front-loaded, low max cap backoff curve for nodes workloads with XYZ
-       config
-- New XYZ kubelet config convertable to ABC on downgrade or without feature flag
-<<[/UNRESOLVED]>>
+    1. 1s initial value, 1 minute maximum backoff for all workloads with
+       `restartPolicy: Always` or `restartPolicy: OnFailure`
+    2. Low max cap configurable for nodes with XYZ config
+- <<[UNRESOLVED]>>New XYZ kubelet config convertable to ABC on downgrade or
+  without feature flag <<[/UNRESOLVED]>>
 - Metrics implemented to expose pod and container restart policy statistics,
   exit states, and runtimes
 - Initial e2e tests completed and enabled
   * Feature flag on or off
-  * <<[UNRESOLVED in 1.31 review, suggested not necessary]>>node upgrade and downgrade path <<[/UNRESOLVED]>>
+  * <<[UNRESOLVED in 1.31 review, suggested not necessary]>>node upgrade and
+    downgrade path <<[/UNRESOLVED]>>
 - Fix https://github.com/kubernetes/kubernetes/issues/123602 if this blocks the
   implementation, otherwise beta criteria
 - Low confidence in the specific numbers/decay rate
@@ -1097,32 +1130,52 @@ To use the enhancement, the alpha feature gate is turned on. In the future when
 made, and the default behavior of the baseline backoff curve would -- by design
 -- be changed.
 
+To stop use of this enhancement, the entire cluster must be restarted with the
+`ReduceDefaultCrashLoopBackoffDecay` feature gate turned off. In this case, all
+Pods will be redeployed, so they will not maintain prior state and will start at
+the beginning of their backoff curve. The exact backoff curve a given Pod will
+use will be either the original one with initial value 10s, or the per-node
+configured maximum backoff if the `EnableKubeletCrashLoopBackoffMax` feature
+gate is turned on. 
+
+If on a given node the per-node configured maximum backoff is lower than the
+initial value, the initial value for that node will instead be set to the
+configured maximum. For example, if `ReduceDefaultCrashLoopBackoffDecay` is
+turned off so the initial value is 10s, but `EnableKubeletCrashLoopBackoffMax`
+is turned on and a given node is configured to a maximum of `1s`, then the
+initial value for that node will be configured to 1s.
+
+
+
 For `EnableKubeletCrashLoopBackoffMax`:
 
 For an existing cluster, no changes are required to configuration, invocations
 or API objects to make an upgrade.
 
 To make use of this enhancement, on upgrade, the feature gate must first be
-turned on. Then, if any <<[UNRESOLVED]>>nodes want to use a different backoff
+turned on. Then, if any <<[UNRESOLVED]>>nodes need to use a different backoff
 curve, their kubelet must be completely redeployed with XYZ kubelet config.
 <<[/UNRESOLVED]>>
 
 To stop use of this enhancement, there are two options. 
 
 On a <<[UNRESOLVED]>> per-node basis, nodes can be completely redeployed with
-XYZ kubelet config set to ABC. Since the Pods have been completely redeployed,
-they will lose their prior backoff counter anyways and, if restarted, will start
-from the beginning of their backoff curve (either the original one with initial
-value 10s, or the new baseline with initial value 1s, depending on whether
-they've turned on the `ReduceDefaultCrashLoopBackoffDecay` feature gate).
-<<[/UNRESOLVED]>>
+XYZ kubelet config set to ABC. <<[/UNRESOLVED]>> Since the Pods have been
+completely redeployed, they will lose their prior backoff counter anyways and,
+if they go on to be restarted, will start from the beginning of their backoff
+curve (either the original one with initial value 10s, or the new baseline with
+initial value 1s, depending on whether they've turned on the
+`ReduceDefaultCrashLoopBackoffDecay` feature gate).
 
 Or, the entire cluster can be restarted with the
 `EnableKubeletCrashLoopBackoffMax` feature gate turned off. In this case, any
 <<[UNRESOLVED]>>Node configured with a different backoff curve will instead use
 the default backoff curve. Again, since the cluster was restarted and Pods were
 redeployed, they will not maintain prior state and will start at the beginning
-of their backoff curve.<<[/UNRESOLVED]>>
+of their backoff curve. Also, again the exact backoff curve they will use will
+be either the original one with initial value 10s, or the new baseline with
+initial value 1s, depending on whether they've turned on the
+`ReduceDefaultCrashLoopBackoffDecay` feature gate.<<[/UNRESOLVED]>>
 
 ### Version Skew Strategy
 

From e0f35ba49ada94370f88f7b812012591fc6a1231 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 24 Sep 2024 14:06:55 -0700
Subject: [PATCH 08/36] Specify kubelet configuration implementation

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 68016ba6788e..9ca984ca4276 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -660,9 +660,25 @@ system.<<[/UNRESOLVED]>> Therefore, to simplify both the implementation and the
 API surface, this 1.32 proposal puts forth that the opt-in will be configured per
 node via kubelet configuration.
 
-
-<<[UNRESOLVED more details of per node config re: kubelet config api]>> 
-<<[/UNRESOLVED]>>
+Kubelet configuration is governed by two main input points, 1) command-line flag
+based config and 2) configuration following the API specification of the
+`kubelet.config.k8s.io/v1beta1 KubeletConfiguration` Kind, which is passed to
+kubelet as a config file or, beta as of Kubernetes 1.30, a config directory
+([ref](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)).
+Since this is a per-node configuration that likely will be set on a subset of
+nodes, or potentially even differently per node, it's important that it can be
+manipulated with a command-line flag, as 1KubeletConfiguration1 is intended to
+be shared between nodes, and so lifecycle tooling that configures nodes can
+expose it more transparently.
+
+Exposed command-line configuration for Kubelet are defined by [`struct
+KubeletFlags`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/options/options.go#L54)
+and merged with configuration files in [`kubelet/server.go
+NewKubeletCommand`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/server.go#L141).
+To expose the configuration of this feature, a new field will be added to the
+`KubeletFlags` struct called `NodeMaxCrashLoopBackOff` of `int32` type that will
+be validated <<[UNRESOLVED]>>at runtime, or otherwise dropped,
+<<[/UNRESOLVED]>>as a value over `1` and under 300s.
 
 ### Refactor of recovery threshold
 

From a4412ede31f408263d59ed4ddc9a7ceb8643123c Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 24 Sep 2024 14:21:23 -0700
Subject: [PATCH 09/36] Update graduation criteria with 1.32 proposal stuff

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 28 ++++++++++++-------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 9ca984ca4276..fa7071766a3b 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -1024,19 +1024,27 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
 
 #### Alpha
 
-- Changes to existing backoff curve implemented behind a feature flag 
-    1. 1s initial value, 1 minute maximum backoff for all workloads with
-       `restartPolicy: Always` or `restartPolicy: OnFailure`
-    2. Low max cap configurable for nodes with XYZ config
-- <<[UNRESOLVED]>>New XYZ kubelet config convertable to ABC on downgrade or
-  without feature flag <<[/UNRESOLVED]>>
+- New `int32 NodeMaxCrashLoopBackOff` field in `KubeletFlags` struct, validated
+        to a minimum of 1 and a maximum of 300, naturally ignored by older
+  kubelets/on downgrade and explicitly dropped by current and future kubelets
+  when new `EnableKubeletCrashLoopBackoffMax` feature flag disabled
+- New `ReduceDefaultCrashLoopBackoffDecay` feature flag which, when enabled, changes
+  CrashLoopBackOff behavior (and ONLY the CrashLoopBackOff behavior) to a
+  2x decay curve starting at 1s initial value, 1 minute maximum backoff
+  for all workloads, therefore affecting workload configured with
+  `restartPolicy: Always` or `restartPolicy: OnFailure`
+    - Requires a refactor of image pull backoff from container restart backoff
+      object
+- Maintain current 10 minute recovery threshold by refactoring backoff counter
+  reset threshold and explicitly implementing container restart backoff behavior
+  at the current 10 minute recovery threshold
 - Metrics implemented to expose pod and container restart policy statistics,
   exit states, and runtimes
 - Initial e2e tests completed and enabled
   * Feature flag on or off
-  * <<[UNRESOLVED in 1.31 review, suggested not necessary]>>node upgrade and
-    downgrade path <<[/UNRESOLVED]>>
-- Fix https://github.com/kubernetes/kubernetes/issues/123602 if this blocks the
+- Test coverage of proper requeue behavior; see
+  https://github.com/kubernetes/kubernetes/issues/123602
+- Actually fix https://github.com/kubernetes/kubernetes/issues/123602 if this blocks the
   implementation, otherwise beta criteria
 - Low confidence in the specific numbers/decay rate
 
@@ -1057,7 +1065,7 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
 - Remove the feature flag code
 - Confirm the exponential backoff decay curve related tests and code are still
   in use elsewhere and do not need to be removed
-- Conformance test added for <<[UNRESOLVED]>> configured nodes <<[/UNRESOLVED]>>
+- Conformance test added for per-node configuration
 
 
 <!--

From 21caaa62f3b62e7c11306b65bbc6d2155b32264e Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 24 Sep 2024 14:47:02 -0700
Subject: [PATCH 10/36] Update with conflict resolution info

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 74 +++++++++++++------
 1 file changed, 52 insertions(+), 22 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index fa7071766a3b..ad81c48dbb03 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -714,6 +714,13 @@ and configure the `client_go.Backoff` object created for use by the kube runtime
 manager for container restart bacoff with a function that compares to a flat
 rate of 300 seconds.
 
+### Conflict resolution
+
+Depending on the enablement state of the alpha gates and the configuration of an
+individual node, some conflicts may need to be resolved. See the
+[Upgrade/Downgrade Strategy section](#upgrade--downgrade-strategy) for more
+details.
+
 ### Kubelet overhead analysis
 
 As it's intended that, after this KEP, pods will restart more often that in
@@ -1162,34 +1169,27 @@ use will be either the original one with initial value 10s, or the per-node
 configured maximum backoff if the `EnableKubeletCrashLoopBackoffMax` feature
 gate is turned on. 
 
-If on a given node the per-node configured maximum backoff is lower than the
-initial value, the initial value for that node will instead be set to the
-configured maximum. For example, if `ReduceDefaultCrashLoopBackoffDecay` is
-turned off so the initial value is 10s, but `EnableKubeletCrashLoopBackoffMax`
-is turned on and a given node is configured to a maximum of `1s`, then the
-initial value for that node will be configured to 1s.
-
-
-
 For `EnableKubeletCrashLoopBackoffMax`:
 
 For an existing cluster, no changes are required to configuration, invocations
 or API objects to make an upgrade.
 
-To make use of this enhancement, on upgrade, the feature gate must first be
-turned on. Then, if any <<[UNRESOLVED]>>nodes need to use a different backoff
-curve, their kubelet must be completely redeployed with XYZ kubelet config.
-<<[/UNRESOLVED]>>
+To make use of this enhancement, on cluster upgrade, the
+`EnableKubeletCrashLoopBackoffMax` feature gate must first be turned on for the
+cluster. Then, if any nodes need to use a different backoff curve, their kubelet
+must be completely redeployed either in the same upgrade or after that upgrade
+with the `NodeMaxCrashLoopBackOff` kubelet command line flag set.
 
 To stop use of this enhancement, there are two options. 
 
-On a <<[UNRESOLVED]>> per-node basis, nodes can be completely redeployed with
-XYZ kubelet config set to ABC. <<[/UNRESOLVED]>> Since the Pods have been
-completely redeployed, they will lose their prior backoff counter anyways and,
-if they go on to be restarted, will start from the beginning of their backoff
-curve (either the original one with initial value 10s, or the new baseline with
-initial value 1s, depending on whether they've turned on the
-`ReduceDefaultCrashLoopBackoffDecay` feature gate).
+On a per-node basis, nodes can be completely redeployed with
+`NodeMaxCrashLoopBackOff` kubelet command line flag unset. <<[UNRESOLVED is this
+true if kubelet restarts tho]>>Since the Pods must be completely redeployed,
+they will lose their prior backoff counter anyways and, if they go on to be
+restarted, will start from the beginning of their backoff curve (either the
+original one with initial value 10s, or the new baseline with initial value 1s,
+depending on whether they've turned on the `ReduceDefaultCrashLoopBackoffDecay`
+feature gate). <</UNRESOLVED>>
 
 Or, the entire cluster can be restarted with the
 `EnableKubeletCrashLoopBackoffMax` feature gate turned off. In this case, any
@@ -1201,6 +1201,30 @@ be either the original one with initial value 10s, or the new baseline with
 initial value 1s, depending on whether they've turned on the
 `ReduceDefaultCrashLoopBackoffDecay` feature gate.<<[/UNRESOLVED]>>
 
+#### Conflict resolution
+
+If on a given node at a given time, the per-node configured maximum backoff is
+lower than the initial value, the initial value for that node will instead be
+set to the configured maximum. For example, if
+`ReduceDefaultCrashLoopBackoffDecay` is turned off so the initial value is 10s,
+but `EnableKubeletCrashLoopBackoffMax` is turned on and a given node is
+configured to a maximum of `1s`, then the initial value for that node will be
+configured to 1s. In other words, operator-invoked configuration will have
+precedence over the default if it is faster.
+
+If on a given node at a given time, the per-node configured maximum backoff is
+higher than the 300s, it will be dropped in favor of the default. In other
+words, operator-invoked configuration will not have precedence over the default
+if it is longer than 300s.
+
+If on a given node at a given time, the per-node configured maximum backoff is
+higher than the current initial value, but still lower than 300s, it will be
+honored. In other words, operator-invoked configuration will have precedence
+over the default, even if it is slower, as long as it does not go over 300s.
+
+<<[UNRESOLVED]>>TODO: a table describing the conflict resolution would probably
+help <<[/UNRESOLVED]>>
+
 ### Version Skew Strategy
 
 <!--
@@ -1220,9 +1244,15 @@ For the default backoff curve, no coordination must be done between the control
 plane and the nodes; all behavior changes are local to the kubelet component and
 its start up configuration.
 
-For the  <<[UNRESOLVED]>> node case, since it is local to each kubelet and the
+For the per-node case, since it is local to each kubelet and the
 restart logic is within the responsibility of a node's local kubelet, no
-coordination must b e done between the control plane and the nodes.
+coordination must be done between the control plane and the nodes.
+
+<<[UNRESOLVED]>>
+- How does an n-3 kubelet or kube-proxy without this feature available behave when this feature is used?
+- How does an n-1 kube-controller-manager or kube-scheduler without this feature available behave when this feature is used?
+- Will any other components on the node change? For example, changes to CSI,
+  CRI or CNI may require updating that component before the kubelet.
 <<[/UNRESOLVED]>>
 
 ## Production Readiness Review Questionnaire

From c9f7badbb79e1f7ae69c7d251ac197f1dd7a6a0b Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 24 Sep 2024 15:10:05 -0700
Subject: [PATCH 11/36] Internal consistency and proofreading run

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 90 ++++++++++---------
 1 file changed, 48 insertions(+), 42 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index ad81c48dbb03..f94d1805019d 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -320,7 +320,7 @@ This design seeks to incorporate a two-pronged approach:
 
 1. Change the existing initial value for the backoff curve to 1s to stack more
    retries earlier, and reduce the maximum backoff for a given restart from 5
-   minutes to 30 seconds, for all restarts (`restartPolicy: OnFailure` and
+   minutes to 1 minute, for all restarts (`restartPolicy: OnFailure` and
    `restartPolicy: Always`)
 2. Provide an option to cluster operators to configure an even lower maximum
 backoff for all containers on a specific Node, down to 1s
@@ -375,8 +375,9 @@ during alpha.
 This KEP also proposes providing a more flexible mechanism for modifying the
 maximum backoff as an opt-in. The configuration for this will be per node, by an
 integer representing seconds (notably NOT resulting in subsecond granularity).
-The minimum allowable value will be 1 second. This per node configuration will
-be configurable only by a user with awareness of the node holistically.
+The minimum allowable value will be 1 second. The maximum allowable value will
+be 300 seconds. This per node configuration will be configurable only by a user
+with awareness of the node holistically.
 
 
 ### Refactor and flat rate to 10 minutes for the backoff counter reset threshold
@@ -384,7 +385,8 @@ be configurable only by a user with awareness of the node holistically.
 Finally, this KEP proposes factoring out the backoff counter reset threshold for
 CrashLoopBackoff behavior induced restarts into a new constant. Instead of being
 proportional to the configured maximum backoff, it will instead be a flat rate
-equivalent to the current implementation, 10 minutes.
+equivalent to the current implementation, 10 minutes. This will only apply to
+backoff counter resets from CrashLoopBackoff behavior.
 
 
 ### User Stories
@@ -434,9 +436,9 @@ There are cases when the Pod consists of a user container implementing business
 logic and a sidecar providing networking access (Istio), logging (opentelemetry
 collector), or orchestration features. In some cases sidecar containers are
 critical for the user container functioning as they provide a basic
-infrastructure for the user container to run in. In such cases it is beneficial
-to not apply the exponential backoff to the sidecar container restarts and keep
-it at a low constant value.
+infrastructure for the user container to run in. In such cases it is considered
+beneficial to not apply the exponential backoff to the sidecar container
+restarts and keep it at a low constant value.
 
 This is especially true for cases when the sidecar is killed by infrastructure
 (e.g. OOMKill) as it may have happened for reasons independent from the sidecar
@@ -617,9 +619,7 @@ max=1 minute. During the alpha period this will be further investigated against
 kubelet capacity, potentially targeting something closer to an initial value
 near 0s, and a cap of 10-30s. To further restrict the blast radius of this
 change before full and complete benchmarking is worked up, this is gated by its
-own feature gate, `ReduceDefaultCrashLoopBackoffDecay`, which when enabled for a
-cluster, reduces the global backoff values for CrashLoopBackOff behavior to
-initial=1s / max=1 minute.
+own feature gate, `ReduceDefaultCrashLoopBackoffDecay`.
 
 ### Per node config
 
@@ -667,7 +667,7 @@ kubelet as a config file or, beta as of Kubernetes 1.30, a config directory
 ([ref](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)).
 Since this is a per-node configuration that likely will be set on a subset of
 nodes, or potentially even differently per node, it's important that it can be
-manipulated with a command-line flag, as 1KubeletConfiguration1 is intended to
+manipulated with a command-line flag, as `KubeletConfiguration` is intended to
 be shared between nodes, and so lifecycle tooling that configures nodes can
 expose it more transparently.
 
@@ -677,8 +677,8 @@ and merged with configuration files in [`kubelet/server.go
 NewKubeletCommand`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/server.go#L141).
 To expose the configuration of this feature, a new field will be added to the
 `KubeletFlags` struct called `NodeMaxCrashLoopBackOff` of `int32` type that will
-be validated <<[UNRESOLVED]>>at runtime, or otherwise dropped,
-<<[/UNRESOLVED]>>as a value over `1` and under 300s.
+be validated <<[UNRESOLVED ifttt conflict resolution]>>at runtime, or otherwise
+dropped, <<[/UNRESOLVED]>>as a value over `1` and under 300s.
 
 ### Refactor of recovery threshold
 
@@ -692,7 +692,7 @@ minutes like it is today); containers on nodes with an override could be
 rewarded for running successfully for as low as 2 seconds if they are configured
 with the minimum allowable backoff of 1s. 
 
-From a technical persepctive, granularity of the associated worker polling loops
+From a technical perspective, granularity of the associated worker polling loops
 governing restart behavior is between 1 and 10 seconds, so a reset value under
 10 seconds is effectively meaningless (until and unless those loops increase in
 speed or we move to evented PLEG). From a user perspective, it does not seem
@@ -717,9 +717,9 @@ rate of 300 seconds.
 ### Conflict resolution
 
 Depending on the enablement state of the alpha gates and the configuration of an
-individual node, some conflicts may need to be resolved. See the
-[Upgrade/Downgrade Strategy section](#upgrade--downgrade-strategy) for more
-details.
+individual node, some conflicts may need to be resolved to determine the initial
+value or maximum backoff for a given node. See the [Upgrade/Downgrade Strategy
+section](#upgrade--downgrade-strategy) for more details.
 
 ### Kubelet overhead analysis
 
@@ -765,7 +765,7 @@ Once the current backoff window has passed, kubelet:
 
 * Potentially re-downloads the image (utilizing network + IO and blocks other
   image downloads) if image pull policy specifies it
-  ([ref]([`imageManager.EnsureImageExists`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/images/image_manager.go#L135))).
+  ([ref](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/images/image_manager.go#L135)).
 * Recreates the pod sandbox and probe workers
 * Recreates the containers using container runtime
 * Runs user configured prestart and poststart hooks for each container
@@ -818,14 +818,15 @@ period, we reevaluate the SLIs and SLOs and benchmarks related to this change an
 expose clearly the methodology needed for cluster operators to be able to quantify the
 risk posed to their specific clusters on upgrade.
 
-To best reason about the changes in this KEP, we requires the ability to
+To best reason about the changes in this KEP, we require the ability to
 determine, for a given percentage of heterogenity between "Succeeded"
-terminating pods, and crashing pods whose `restartPolicy: Always`:
+terminating pods, and "Failed" (aka crashing) terminating pods whose
+`restartPolicy: Always`:
  * what is the load and rate of Pod restart related API requests to the API
    server?
  * what are the performance (memory, CPU, and pod start latency) effects on the
-   kubelet component? Considering the effects of different plugins (e.g. CSI,
-   CNI)
+   kubelet component? What about when considering the effects of different
+   plugins (e.g. CSI, CNI)
 
 Today there are alpha SLIs in Kubernetes that can observe that impact in
 aggregate:
@@ -844,7 +845,7 @@ factors in specific changes to the backoff curves. Since the changes in this
 proposal are deterministic, this is pre-calculatable for a given heterogenity of
 quantity and rate of restarting pods.
 
-In addition, the `kube-state-metrics`, project already implements
+In addition, the `kube-state-metrics` project already implements
 restart-specific metadata for metrics that can be used to observe pod restart
 latency in more detail, including:
 * `kube_pod_container_status_restarts_total`
@@ -854,11 +855,11 @@ latency in more detail, including:
 
 During the alpha period, these metrics, the SIG-Scalability benchmarking tests,
 added kubelet performance tests, and manual benchmarking by the author against
-`kube-state-metrics` will be used to answer the above questions, tying together the
-container restart policy (inherited or declared), the terminal state of a
+`kube-state-metrics` will be used to answer the above questions, tying together
+the container restart policy (inherited or declared), the terminal state of a
 container before restarting, and the number of container restarts, to articulate
-the rate and load of restart related API requests and the performance effects on
-kubelet.
+the observed rate and load of restart related API requests and the performance
+effects on kubelet.
 
 <<[UNRESOLVED ifttt benchmarking: link initial benchmarking test data]>>TODO:
 link benchmarking data<<[/UNRESOLVED]>>
@@ -896,13 +897,15 @@ restarts are not handled by kubelet at all; in fact, use of this API is only
 available if the `restartPolicy` is set to `Never` (though
 [kubernetes#125677](https://github.com/kubernetes/kubernetes/issues/125677)
 wants to relax this validation to allow it to be used with other `restartPolicy`
-values). As a result, to expose the new backoff curve Jobs using this feature,
-the updated backoff curve must also be implemented in the Job controller.
+values). As a result, to expose the new backoff curve to Jobs using this
+feature, the updated backoff curve must also be implemented in the Job
+controller. This is currently considered out of scope of the first alpha
+implementation of this design.
 
 ### Relationship with ImagePullBackOff
 
 ImagePullBackoff is used, as the name suggests, only when a container needs to
-pull a new image. If the iamge pull fails, a backoff decay is used to make later
+pull a new image. If the image pull fails, a backoff decay is used to make later
 retries on the image download wait longer and longer. This is configured
 internally independently
 ([here](https://github.com/kubernetes/kubernetes/blob/release-1.30/pkg/kubelet/kubelet.go#L606))
@@ -915,7 +918,7 @@ number of variables during the benchmarking period for the restart counter, and
 because the problem space of ImagePullBackoff could likely be handled by a
 completely different pattern, as unlike with CrashLoopBackoff the types of
 errors with ImagePullBackoff are less variable and better interpretable by the
-infrastructure as recovereable or non-recoverable (i.e. 404s).
+infrastructure as recoverable or non-recoverable (i.e. 404s).
 
 ### Test Plan
 
@@ -939,14 +942,16 @@ This feature requires two levels of testing: the regular enhancement testing
 increase confidence in ongoing node stability given heterogeneous backoff timers
 and timeouts.
 
-Some stress/benchmark testing will still be developed as part of this enhancement,
-including the kubelet_perf tests indicated in the e2e section below.
+Some stress/benchmark testing will still be developed as part of the
+implementatino of this enhancement, including the kubelet_perf tests indicated
+in the e2e section below.
 
 Some of the benefit of pursuing this change in alpha is to also have the
 opportunity to run against the existing SIG-Scalability performance and
 benchmarking tests within an alpha candidate. In addition, manual benchmark
-testing with GKE clusters can be performed by the author and evaluated as
-candidates for formal, periodic benchmark testing in the Kubernetes testgrid.
+testing with GKE clusters can be performed by the author as described in [Design
+Details](#benchmarking), and evaluated as candidates for formal, periodic
+benchmark testing in the Kubernetes testgrid.
 
 ##### Prerequisite testing updates
 
@@ -979,11 +984,12 @@ This can inform certain test coverage improvements that we want to do before
 extending the production code to implement this enhancement.
 -->
 
-<<[UNRESOLVED whats up with this]>>
-- `kubelet/kuberuntime/kuberuntime_manager_test`: **could not find a successful
+
+- <<[UNRESOLVED whats up with this]>>
+  `kubelet/kuberuntime/kuberuntime_manager_test`: **could not find a successful
   coverage run on
   [prow](https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/ci-kubernetes-coverage-unit/1800947623675301888)**
-<<[/UNRESOLVED]>>
+  <<[/UNRESOLVED]>>
 
 ##### Integration tests
 
@@ -1021,11 +1027,11 @@ We expect no non-infra related flakes in the last month as a GA graduation crite
 - k8s.io/kubernetes/test/e2e/node/kubelet_perf: for a given percentage of
 heterogenity between "Succeeded" terminating pods, and crashing pods whose
 `restartPolicy: Always` or `restartPolicy: OnFailure`, 
- * what is the load and rate of Pod restart related API requests to the API
+ - what is the load and rate of Pod restart related API requests to the API
    server?
- * what are the performance (memory, CPU, and pod start latency) effects on the
-   kubelet component? Considering the effects of different plugins (e.g. CSI,
-   CNI)
+ - what are the performance (memory, CPU, and pod start latency) effects on the
+   kubelet component? 
+ - With different plugins (e.g. CSI, CNI)
 
 ### Graduation Criteria
 

From c3d9e2c95a3c9580c5adf6eea64757619094410d Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 24 Sep 2024 15:44:53 -0700
Subject: [PATCH 12/36] Add some new unresolved tags from IRL comments

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 30 +++++++++++--------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index f94d1805019d..cf24c69fb717 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -665,11 +665,12 @@ based config and 2) configuration following the API specification of the
 `kubelet.config.k8s.io/v1beta1 KubeletConfiguration` Kind, which is passed to
 kubelet as a config file or, beta as of Kubernetes 1.30, a config directory
 ([ref](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)).
-Since this is a per-node configuration that likely will be set on a subset of
-nodes, or potentially even differently per node, it's important that it can be
-manipulated with a command-line flag, as `KubeletConfiguration` is intended to
-be shared between nodes, and so lifecycle tooling that configures nodes can
-expose it more transparently.
+<<[UNRESOLVED consider KubeletConfiguration again, and/or motivate per node or
+per node pool cases better]>> Since this is a per-node configuration that likely
+will be set on a subset of nodes, or potentially even differently per node, it's
+important that it can be manipulated with a command-line flag, as
+`KubeletConfiguration` is intended to be shared between nodes, and so lifecycle
+tooling that configures nodes can expose it more transparently.
 
 Exposed command-line configuration for Kubelet are defined by [`struct
 KubeletFlags`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/options/options.go#L54)
@@ -678,7 +679,7 @@ NewKubeletCommand`](https://github.com/kubernetes/kubernetes/blob/release-1.31/c
 To expose the configuration of this feature, a new field will be added to the
 `KubeletFlags` struct called `NodeMaxCrashLoopBackOff` of `int32` type that will
 be validated <<[UNRESOLVED ifttt conflict resolution]>>at runtime, or otherwise
-dropped, <<[/UNRESOLVED]>>as a value over `1` and under 300s.
+dropped, <<[/UNRESOLVED]>>as a value over `1` and under 300s. <<[/UNRESOLVED]>>
 
 ### Refactor of recovery threshold
 
@@ -1209,6 +1210,11 @@ initial value 1s, depending on whether they've turned on the
 
 #### Conflict resolution
 
+<<[UNRESOLVED]>>
+
+TODO: consider making one feature gate dependent on the other to minimize the matrix multiplication, and/or to depend fully on kubelet validation (which may mean crashing kubelets/nodes on misconfiguration) instead of catching internally
+
+
 If on a given node at a given time, the per-node configured maximum backoff is
 lower than the initial value, the initial value for that node will instead be
 set to the configured maximum. For example, if
@@ -1219,14 +1225,14 @@ configured to 1s. In other words, operator-invoked configuration will have
 precedence over the default if it is faster.
 
 If on a given node at a given time, the per-node configured maximum backoff is
-higher than the 300s, it will be dropped in favor of the default. In other
-words, operator-invoked configuration will not have precedence over the default
-if it is longer than 300s.
+lower than 1 second or higher than the 300s, <<[UNRESOLVED]>>validation will
+fail and the kubelet will crash. <<[/UNRESOLVED]>>
 
 If on a given node at a given time, the per-node configured maximum backoff is
-higher than the current initial value, but still lower than 300s, it will be
-honored. In other words, operator-invoked configuration will have precedence
-over the default, even if it is slower, as long as it does not go over 300s.
+higher than the current initial value, but within validation limits as it is
+lower than 300s, it will be honored. In other words, operator-invoked
+configuration will have precedence over the default, even if it is slower, as
+long as it is valid. <<[/UNRESOLVED]>>
 
 <<[UNRESOLVED]>>TODO: a table describing the conflict resolution would probably
 help <<[/UNRESOLVED]>>

From b879c7f45fe1297e71a03f23ec3c6f38ccdaba07 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 10:09:45 -0700
Subject: [PATCH 13/36] Clean up some unresolved's to undraft

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 37 +++++++++----------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index cf24c69fb717..2b06a4c06044 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -533,6 +533,11 @@ every 300s (5 minutes), or an extra A.B requests per second once all pods
 reached their max cap backoff. <<[/UNRESOLVED]>> <<[UNRESOLVED ifttt
 benchmarking: add benchmarking details for this case too]>> <<[/UNRESOLVED]>>
 
+For both of these changes, by passing these changes through the existing
+SIG-scalability tests, while pursuing manual and more detailed periodic
+benchmarking during the alpha period, we can increase the confidence in the
+changes and explore the possibility of reducing the values further in the future.
+
 ## Design Details 
 
 <!--
@@ -650,7 +655,7 @@ manifest permissions in their namespace but not for other namespaces in the same
 cluster and which might be dependent on the same kubelet. For 1.32, we were
 looking to address the second issue by moving the configuration somewhere we
 could better guarantee a cluster operator type persona would have exclusive
-access to. In addition, <<[UNRESOLVED ifttt bencharmking: linkies]>>initial
+access to. In addition, <<[UNRESOLVED ifttt benchmarking: linkies]>>initial
 benchmarking indicated that even in the unlikely case of mass pathologically
 crashing and instantly restarting pods across an entire node, cluster operations
 proceeded with acceptable latency, disk, cpu and memory. Worker polling loops,
@@ -678,8 +683,7 @@ and merged with configuration files in [`kubelet/server.go
 NewKubeletCommand`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/server.go#L141).
 To expose the configuration of this feature, a new field will be added to the
 `KubeletFlags` struct called `NodeMaxCrashLoopBackOff` of `int32` type that will
-be validated <<[UNRESOLVED ifttt conflict resolution]>>at runtime, or otherwise
-dropped, <<[/UNRESOLVED]>>as a value over `1` and under 300s. <<[/UNRESOLVED]>>
+be validated in kubelet at runtime, as a value over `1` and under 300s.
 
 ### Refactor of recovery threshold
 
@@ -788,14 +792,10 @@ behaviors common to all pod restarts"](code-diagram-for-restarts.png "Kubelet
 and Container Runtime restart code paths")
 
 ```
- <<[UNRESOLVED add the rest of the analysis since 1.31 and answer these questions from original PR]>> 
+ <<[UNRESOLVED answer these question from original PR]>> 
  >Does this [old container cleanup using containerd] include cleaning up the image filesystem? There might be room for some optimization here, if we can reuse the RO layers.
  
-  <<[/UNRESOLVED]>>
-```
-
-```
- <<[UNRESOLVED>>
+ > RE: The exactness of the current behavior
 It's because of the way we handle backoff:
 https://github.com/kubernetes/kubernetes/blob/a7ca13ea29ba5b3c91fd293cdbaec8fb5b30cee2/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L1336-L1349
 
@@ -807,7 +807,7 @@ So the actual (current) backoff implementation is:
 10 seconds for second restart
 10 * 2^(restart_count - 2) for subsequent restarts
 But those numbers are all delayed up to 10s due to kubernetes/kubernetes#123602
- <<[UNRESOLVED>>
+ <<[/UNRESOLVED]>>
 ```
 
 ### Benchmarking
@@ -1200,20 +1200,19 @@ feature gate). <</UNRESOLVED>>
 
 Or, the entire cluster can be restarted with the
 `EnableKubeletCrashLoopBackoffMax` feature gate turned off. In this case, any
-<<[UNRESOLVED]>>Node configured with a different backoff curve will instead use
+Node configured with a different backoff curve will instead use
 the default backoff curve. Again, since the cluster was restarted and Pods were
 redeployed, they will not maintain prior state and will start at the beginning
 of their backoff curve. Also, again the exact backoff curve they will use will
 be either the original one with initial value 10s, or the new baseline with
 initial value 1s, depending on whether they've turned on the
-`ReduceDefaultCrashLoopBackoffDecay` feature gate.<<[/UNRESOLVED]>>
+`ReduceDefaultCrashLoopBackoffDecay` feature gate.
 
 #### Conflict resolution
 
 <<[UNRESOLVED]>>
-
-TODO: consider making one feature gate dependent on the other to minimize the matrix multiplication, and/or to depend fully on kubelet validation (which may mean crashing kubelets/nodes on misconfiguration) instead of catching internally
-
+TODO: consider making one feature gate dependent on the other to minimize the matrix multiplication
+ <<[/UNRESOLVED]>>
 
 If on a given node at a given time, the per-node configured maximum backoff is
 lower than the initial value, the initial value for that node will instead be
@@ -1225,14 +1224,14 @@ configured to 1s. In other words, operator-invoked configuration will have
 precedence over the default if it is faster.
 
 If on a given node at a given time, the per-node configured maximum backoff is
-lower than 1 second or higher than the 300s, <<[UNRESOLVED]>>validation will
-fail and the kubelet will crash. <<[/UNRESOLVED]>>
+lower than 1 second or higher than the 300s, validation will
+fail and the kubelet will crash.
 
 If on a given node at a given time, the per-node configured maximum backoff is
 higher than the current initial value, but within validation limits as it is
 lower than 300s, it will be honored. In other words, operator-invoked
 configuration will have precedence over the default, even if it is slower, as
-long as it is valid. <<[/UNRESOLVED]>>
+long as it is valid.
 
 <<[UNRESOLVED]>>TODO: a table describing the conflict resolution would probably
 help <<[/UNRESOLVED]>>
@@ -1260,7 +1259,7 @@ For the per-node case, since it is local to each kubelet and the
 restart logic is within the responsibility of a node's local kubelet, no
 coordination must be done between the control plane and the nodes.
 
-<<[UNRESOLVED]>>
+<<[UNRESOLVED confirm the following have been answered fully]>>
 - How does an n-3 kubelet or kube-proxy without this feature available behave when this feature is used?
 - How does an n-1 kube-controller-manager or kube-scheduler without this feature available behave when this feature is used?
 - Will any other components on the node change? For example, changes to CSI,

From 0293f6f332b1effebb4a4bcbf8c573f45ec1dd2d Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 12:13:59 -0700
Subject: [PATCH 14/36] Update graphs, remove some other unresolveds

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 107 +++++++++++++++---
 1 file changed, 91 insertions(+), 16 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 2b06a4c06044..ac58e1777816 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -213,6 +213,10 @@ This KEP proposes the following changes:
 * Formally split backoff counter reset threshold for container restart backoff
   behavior and maintain the current 10 minute recovery threshold
 
+![A graph showing the change in elapsed time for observed restarts with the
+CrashLoopBackOffBehavior of today, with the proposed new default, and with the
+proposed minimum per node configuration](./restarts-vs-elapsed-all.png "KEP-4603
+CrashLoopBackoff proposal comparison")
 
 ## Motivation
 
@@ -366,8 +370,9 @@ on prior research <<[ UNRESOLVED link to benchmarking results
 ]>>here<<[/UNRESOLVED]>>, and further analyze its impact on infrastructure
 during alpha. 
 
-<<[ UNRESOLVED new pic with updated modeling re: max cap values
-]>>![](todayvs1sbackoff.png)<<[ /UNRESOLVED]>>
+![A graph showing the change in elapsed time for observed restarts with the
+CrashLoopBackOffBehavior of today vs the proposed new
+default](./restarts-vs-elapsed-new-default.png "Default backoff curve change")
 
 
 ### Node specific kubelet config for maximum backoff down to 1 second
@@ -379,6 +384,11 @@ The minimum allowable value will be 1 second. The maximum allowable value will
 be 300 seconds. This per node configuration will be configurable only by a user
 with awareness of the node holistically.
 
+![A graph showing the change in elapsed time for observed restarts with the
+CrashLoopBackOffBehavior of today vs the proposed minimum for per node
+configuration](./restarts-vs-elapsed-minimum-per-node.png "Per node minimum backoff
+curve allowed")
+
 
 ### Refactor and flat rate to 10 minutes for the backoff counter reset threshold
 
@@ -594,12 +604,9 @@ window. As seen below, this type of change gives us more restarts earlier, but
 even at 250ms or 25ms initial values, each approach a similar rate of restarts
 after the third time window.
 
-<<[UNRESOLVED ifttt front loaded images: remake this graph with axes too]>>
 ![A graph showing different exponential backoff decays for initial values of
 10s, 1s, 250ms and 25ms](initialvaluesandnumberofrestarts.png "Changes to decay
 with different initial values")
-TODO: remake graph!
-<<[/UNRESOLVED]>>
 
 Among these modeled initial values, we would get between 3-7 excess restarts per
 backoff lifetime, mostly within the first three time windows matching today's
@@ -610,8 +617,20 @@ rate caused by the exponential growth, but also because they grow to the same
 maximum value -- 5 minutes. By layering on alternate models for maximum backoff,
 we observe more restarts for longer:
 
-<<[UNRESOLVED ifttt front loaded images: add graph here with proper axes]>>
-TODO: new graph! <<[/UNRESOLVED]>>
+![A graph showing different exponential backoff decays for 2 initial values and
+2 different maximum backoff
+thresholds](initialvaluesandmaxonnumberofrestarts.png "Changes to decay with
+different initial and maximum backoff values")
+
+While this graph includes several variations -- initial values of 10s in red and
+pink, initial values of 1s in purple and lilac, and both of these initial values
+modeled either 60s or 30s maximum backoff -- hopefully it can impress upon the
+reader how including a reduction to maximum backoff increases the number of
+excess restarts later in the cycle. In the most extreme case modeled above, with
+initial value of 1s and a maximum backoff of 30s, there are 2 excess restarts in
+the first time window, 1 excess in the second time window, 3 excess in the
+fourth time window and 4 excess in the fifth time window for a total of 10
+excess restarts compared to today's behavior.
 
 <<[UNRESOLVED ifttt benchmarking: include stress test data now]>>TODO: stress
 test data paragraph<<[/UNRESOLVED]>>
@@ -670,11 +689,12 @@ based config and 2) configuration following the API specification of the
 `kubelet.config.k8s.io/v1beta1 KubeletConfiguration` Kind, which is passed to
 kubelet as a config file or, beta as of Kubernetes 1.30, a config directory
 ([ref](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)).
-<<[UNRESOLVED consider KubeletConfiguration again, and/or motivate per node or
-per node pool cases better]>> Since this is a per-node configuration that likely
-will be set on a subset of nodes, or potentially even differently per node, it's
-important that it can be manipulated with a command-line flag, as
-`KubeletConfiguration` is intended to be shared between nodes, and so lifecycle
+Since this is a per-node configuration that likely will be set on a subset of
+nodes, or potentially even differently per node, it's important that it can be
+manipulated per node. By default `KubeletConfiguration` is intended to be shared
+between nodes, but the beta feature for drop-in configuration files in a
+colocated config directory cirumvent this. However, it is still the opinion of
+the author it is better manipulated with a command-line flag, so lifecycle
 tooling that configures nodes can expose it more transparently.
 
 Exposed command-line configuration for Kubelet are defined by [`struct
@@ -752,10 +772,10 @@ Container Runtime restart code paths")
 
 
 As you might imagine this is a very critical code path with hooks to many
-in-flight features; <<[!UNRESOLVED make a link]>>Appendix A<<[/UNRESOLVED]>>
-includes a more complete list (yet still not as exhaustive as the source code),
-but the following are selected as the most important behaviors of kubelet during
-a restart to know about, that are not currently behind a feature gate.
+in-flight features; [Appendix A](#appendix-a) includes a more complete list (yet
+still not as exhaustive as the source code), but the following are selected as
+the most important behaviors of kubelet during a restart to know about, that are
+not currently behind a feature gate.
 
 After a Pod is in Terminating phase, kubelet:
 
@@ -1632,6 +1652,61 @@ review may be useful to such efforts in the future.
     current backoff delay
   * Detect anomalous workload crashes
 
+## Appendix A
+
+### Kubelet SyncPod
+
+* Update API status
+* Wait for network ready
+* Register pod to secrets and configmap managers
+* Create/update QOS cgroups for a restarting, unkilled pod if enabled
+* Create mirror pod for static pod if deleted
+* Make pod data directories
+* Wait for volumes to attach/mount, up to 2 minutes per sync loop
+* Get image pull secrets
+* Add pod to probe manager (start probe workers)
+* Vertical pod scaling; potentially do a resize on podmanager/statusmanager
+
+### Runtime SyncPod
+
+* Fix/create pod sandbox if necessary
+* Start ephemeral containers
+* Start init/sidecar containers
+* Start normal containers
+* Start =
+  * Get image volumes
+  * If still in backoff, error; will come back next round
+    * Error caught by kubelet, isTerminal=False
+  * Pull image volumes if enabled
+  * Pull image
+  * Generate container config, including generating env and pulling secrets
+  * Create container
+  * User Pre start hook
+  * Start container
+  * User Post start hook
+
+### Kubelet SyncTerminatingPod + runtime killPod
+
+* Update Pod status
+* Stop probes
+* Kill pod (with grace if enabled)
+  * Send kill signals and wait
+  * Stop sandboxes
+  * update QOS cgroups if enabled
+* Remove probes
+* Deallocate DRA resources, if enabled
+* Set the Pod status again with exit codes
+
+### Kubelet SyncTerminatedPod
+
+* Update Pod status
+* Unmount volumes (up to 2 minutes 3 seconds per sync loop)
+* Unregister secret and configmap
+* Remove cgroups for qos if enabled
+* Release user namespace (if enabled, needs I/O)
+* Update Pod status again
+
+
 
 ## Infrastructure Needed (Optional)
 

From 9229a7d368811f77c4098144dbafc2d85453b2bc Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 12:16:32 -0700
Subject: [PATCH 15/36] Add new graphs

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../initialvaluesandmaxonnumberofrestarts.png   | Bin 0 -> 23586 bytes
 .../restarts-vs-elapsed-all.png                 | Bin 0 -> 20140 bytes
 .../restarts-vs-elapsed-minimum-per-node.png    | Bin 0 -> 15636 bytes
 .../restarts-vs-elapsed-new-default.png         | Bin 0 -> 17002 bytes
 4 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 keps/sig-node/4603-tune-crashloopbackoff/initialvaluesandmaxonnumberofrestarts.png
 create mode 100644 keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-all.png
 create mode 100644 keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-minimum-per-node.png
 create mode 100644 keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-new-default.png

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/initialvaluesandmaxonnumberofrestarts.png b/keps/sig-node/4603-tune-crashloopbackoff/initialvaluesandmaxonnumberofrestarts.png
new file mode 100644
index 0000000000000000000000000000000000000000..7d483b56247c5891c7c5d9824367e6532062f6a8
GIT binary patch
literal 23586
zcmeHv2UL?;x3*=JaTIa%Q<OTzG8RCF-bWpAKmi-QL`6Va5J>0*l@SX9<Dej2ML-D<
zseuHDijYwtQ6dBhAwYx>LIME-fe`Ya7f?U_)?Ewl{r>;n`>%1$T5(?Aa?U=xJo`C&
zpKC`g4@rL`_sx<eOQg+y`}O#eCChM2mMnez^-6HXG`^vC$r4Al*{}OfhPVvTSG_vx
z7OFkF(`3uhuTQS{$GUaj|Fqxfmp%0l&uv?}?b3G++tqijNIq(Q|Ju%9zO`R5x#H4y
z=-wTU(tG!>JNm25O}DRp{dL{8z1>TeYc%a$)3~N-Y|>aVJeXe9)m0QsVzcwIIJU^v
z>d0xtq#l`0W{bF!2=a}y?%<F1MfZ_q8sJZ<S+^;*3H;gqr@S+CA?-Ifq8a?Z&kt3v
zwV)fWz5CyA!<(>dyku4+a~pRsc2f?;%EU-9;IHr5-O)0Ztc+k6MxTXa@tK3Tss6N3
zf7e^$0d3>DZknKDhl^G5F0AuLG{>KqLOfetsbrHpHnuOcMy}ii<89%|nGHl4zdN@_
zo<1DGGT7~`6FxCi+n6>Xz(hs9)YdY4n*e8Otf_UzMD_~)fexTq7vq$I(?gFm#Bxp}
z^-Pp+QPIaZ0$kgz3Z4mzbs*lfZD5zN=q=d>J4GKxC1*xXye*5E8U?S^&hWLl;bk(|
z(VnNx3*7wafKDT;U8K=me_zq8uVzEZ>w4c_^2)kBejSJkd-Z(rLvPotj!N?Bf+C`#
zhf*THH_XnNM849>57R2BAeM7Q*w>rUrm~#1@>dx@tKo-A#&gsncSiPWWSJdOjzr+z
z{dpKS+duW@gjLRJ)ynT8dsf39qE3h>u!IaAK{87c%xo4A*&c68+*(~5T#4Ed{8-qL
zWS20uIqk`$L6dk)ztS*jb_VfsXWoP8wfa9P2DP7N6C@%6+P_;cXc8QLq*eir=T;1o
zt+OOEEOeya;KS^E_3-`_4;u#z&6lHu67~#EV<P%?M_6wgyd1fT66sXi=~p%CG*z#L
zx*4z6e`m0|j2y`eWD{mNgcb`O`g6440grq)HKvk#S=PnQD9RO2(&rR-*<&NQD>+7!
zoq?@lg|LBp?2$Sdt7I4|6dBo+P)Tm@54q94QYmepXyat$P%+UaVFRa)juLTOM~6|9
z_}wbQ?ysCK@1rempWI9dBpYEJB!B&wP%!%s`2?+k(-o@|1mhGdTjmyW){pVJKR8G5
z>sy6y9??vi#<nWy@P3?7;{~@B*jp>&jjT-dcEspeu5^Rpw@ggX8?tEuPMN&wr`+sZ
zkIYba*3?Ly^6XxtsdtGPf>Z6O-6-Yoq2lpEzesckc{p-7e0L$Gc`x!wWZ?9cGNU@4
z?dEYOCb!r31Z$(821AD-xy$8T8J0<wGJ^SrmG~i;*rpR!M#z`Qn~9eCo;i&Du0KaI
z<r#NMT#o!+A1gcA8MCkVTFA3iJC0O2zk9yHYN+}#A6eIFf{AYAFKd__OU#-%`!Y<B
zg*Vy`i;rH1iA|51oyrg_V^pN+u6wRO*5B;tIn`Mei0<=0|22BFGNOta&{q|}EvH)A
zOI1w|q768LpEJZ;PEtaY6oWhcPqgWA%P9ILGRGM!YqNx}4r=;V&k#*!{aF)rJn8`%
zqmx<}i>=Q6z=UZI@Ruf|Vp7nj+qtXkl$3LOklE_2m1SwCv8x-I2V<#)RD?bx;RlY2
zQ6tgH2vp25(zVkGiAx)$xZY}YT}q9c)rfs;lKdVt*?MdIO@X`VBeTfRneZn|rH+Jl
zJwDBOLj7JmPE&Ft#Do^{N54Me;lkG*;|@-mG))NVCa*L`XJWLCe)L9&F7Iq)HKm+T
ziH$y}X~j<)TrOjHRO@K*OpH8ypg`X0iQOhbO@qPS!^x^#g^)q3S$G14jHEi-7Ah0^
z82&`X*45K~sIj!cfISI}nZa8k7SdnO^3McuMDMj7`HbVP_A^OMz#nvaheniWs}hat
z{c4NV_(dxwF!6pg>9t?;;rpCta^)J;wLge>{cy$el8|p>1!vNZvO;9f{J|aqYVQ&y
z7POXx>|ht+dHK9CDq$AMD#pbvtqX(AjwYk^)(y|x+r%$=ZcCVM^$PXTSUXXy`jhB#
zpYWD8Z<u8wnKI`fHHMt5E2Kn9aT97$Q;j>vG#i5d05VV5$lOABS6@-TdQ;L<L`BrA
zv9HKum61cRP8J3wK<95EMvmaJ?`(MKAJ87jb!(@Mg^WAIH&QZmDkI-~=k={f$@P^l
z<96zs$+4S<l-PTQ4?Q~2T|AJ-nD|MgH56D#t*{6N@}I;>PGd2$wTx-)@$lM?@w1G9
z2EV(-YocajfKw`SP$E<<L&X+K^t9lzjlGvw<BTj#h{{nB<;H}g4NHGaBKnDtFU4cH
z${7(uQd_#G%j~)vpS8sWL+#tw$Qju|7FuB8cW4d2$8qzsYS$5}nB-detdCTku_}yL
z?i5<|Jl1v(S~<eD^)Arb6F!nSovwEKO=sjoVc}21_{*dcOlCtoLL<7rx_^!7JCI97
z)f*h(=RL8TEzJ@aOzXJ3iP59_wO4gmV7O0>UHt1e?p7fh#_<);wsW7k(jzD78E%`&
z!qT%Q(Q`5!{vog~pjnHG;4KH9;TH4VV^K%rV=Rk5P_B@iXW;kP<;~r-gz7e;{Ub9h
zSMJwOgl6%!V&7Ok?Ss%@PD<ku<?Jo?+2{de8oZJ3cn<R>D!dNoe_=3>#vG4kC{2-z
z{Yh3p4|_TDdf0XB!nvQq3aOmYyM27#uL@r?>DNNA_i17DB;*E`YeSfBWRFag@Bnh^
zh6d@bR^H@-jjv~Eo(a`l3p}b-xi6ixjdSR2);_Jcz>40VO~~hec_#w?wmw$<SLU@o
z-R29)rKcx$|Juy_MUh%hkTDj1hiPej9Jn#&t<oOH$ETi}H>z8?Mo4W5!jISqQi}#d
zg79QGIWdH2qB=Hqw&&U96K#rp=||%eL(=!n%crp>i8+d3NvjfT+fFlFeSUegDyd%n
zo4VtJ>q21DY^>2sl(fi6zRdS!^<YIay-lVL4pWODR2mLUc~KH0v%|YDN(ChaA9f;h
z*6LT`A>oMncIcs^-!cAz1Tz(Y>5EpKbWpN5fgSrLwC0tsy$+uxu#?GC>$VE#vx4nz
z6Z;zP(PHC9ovxW2s=s2{OYRgP?{C3Pc7+3{SF%e)@z#?wMP=5HrBJymIDCA54V>I~
zTf8h?UJj;jQgE7;Ut(m}z@&O-25AfhA;V|jjd`Ww8_6>IN=QenZEE_4=n6E=;BEmm
zpv~LJg_L{%>nf#c72MVRvx(p1VY*9RSWYb*!ySYyDU$uqmgM1rr1ir&SLRF!R%>{!
z$`b?w|E{-pgYA~JIhUMW1uOp(cqtjwfqq6Cf310S-SIr&^&6AJRg@7`)Y0K6iKw+t
zsNs_yy@_SrL)-9!AbKgIB3ZYR=*RJ&-anHhCl#%WyoZ7Tk5uU-*?YLU?ipt%dE?bU
zOm8}_lx&P2v$UVlL;Yd>Hp``vFPt%q4R#NqyMz_$3<bCm_B&l!Y2@<PtdM9@gosqD
zBU!tJKfb|u@yswz=F*y<hl2Q(0te#^u19q>mH+i{dn*;J|3JAjJwCBIBRZ+ng~JbU
zQbG)MHx33k^|PcWYG$cl<!qnPtvfon?iO(XTT}wuJ5bfe;iulQy~jYFel;O@Hrbdg
zrJ`do5vOX*eaTV@ipCgT$LL-XYPj#=1fl4UA4^A&HdtC>vcmuI&ngffm@t_29bvdu
zq|a$(tmvjqL<jpbvE4$QTK7kAYbDvZlj4J0NhwUhEta{Czr<gpiw&8dx0UhKyTPBM
z?(D8@iJ@|Hs9|-gwiCNuj_mE{?<>&NQFZw$W-2IpK@(t0f0sG3cC7qJ9b7iS5z|L`
zi)v`(o7nTGqIH$aYI#4geh)~0$5kjx7dRv&%Y-jXUShe4WkK9AyYJB|6Vl#W`d{^_
zPZy$xY<1|F-Ze^?YoQyborySKNc$r~Uj<Mgj~a{G6C1pSY4wgTZ<F4MdVNsVx{=8_
z@}2Rz4UN4{8N%so-5pYlWLt@!G=E2uaGbe!Wd9c0EAEMc&N~QNf=h^VZKt;$aF|xr
zN~Gm+Ryo9{-;s>2TirZUGkr1Ik7gzQZbOgE)`FMJUQq~>6Va=Xr>i#Z4HI?T0z&!*
zt}G>~B->5qql@yB>UX$G+20nk%MD$&G6SlA+(1(%ml_OLmyTKP$BItXw8;lmmB2!J
zZj8O%9}(>9G|RS%>afpCo|oDt=0;`%!{J*K8K5*h#hcZ#ND~?^N^xIJjA034U%^Zq
zbG;J!KN4O%LGHO!{F$NN<#8d&8eRUMt5BUWHLRvcOC7TxBT^0$h4m2MHAW|;xu1>W
z-9_M~ITeOoii3iT3;bm^l99uPTbN{4waby~(|+Up`j$%7TGO+C2q_Vmv5RMDLd88!
zI%`~#)g~QC$>H1$7+aGUwT`_P+Bp@`r-u0SDkQKZ{$*x0O1zq|55%FRe^U3sYXohi
zu$qFGv*Qj*!+!*cT-t=CTQIc47(tA)@erzhwORGmL#3Df+O9@1t7L~meobsAKMq7f
zkg1JpV0FbPDg?xxfQEU`LL9568UG-#%18*X{E29`$D?M>l15J_C`Q;j$2SV9u0Mx)
z4Mv&UdOb_fSd+7MU+4`KXV-ju<~VE^+ciEPo>52M`;-Ieo0XIi*G&`~vhMd{`-Q(o
zVPz>H>er(!W^A^oRq}WIIJ-5Zdi8oWcYhfFS7p=cC9?yEO!C_jX!Qmw_$&wG9+UBo
z1o%HGl*>#|6iJVDQmxZ}<l6ExM>=;GRo-_{Tl=yGZtz=mqAX{Os&v^pv{Uyy5x>lz
zCOrR3_0f6*-)fhmnY*!_0f$>}5htG8?yn~cOzbC1fgAP<HO%U**YnyOl^H8>+d1)w
zhNF)=__g=d@nlmk>qZr-suD*xA4ctSt7~dKjoony)|)t19C?g#Cy%enz3cl(-W?y(
z8Kwd>s}$bIL@^Qfga?1j+@anjJbJF_Chl1CwY@|BB{XA!BPpzq*m%V#Xv7Vvr%JRV
z2JY}$&s1=IDpHCm1lIXDrtrW~fP-)laPJ4+30VltGmIX!+5LlV<qAMz?W1sO_Wnf~
z`T8v9<|gwVaOL_@^Xyoe-se-%{<z<&y|=J3dk=W=O;l4-Za<4FO4)etmZ>b`e2WTy
z2Xi_q?3BAUyK^Ab{#$cT1T%uED`QOB@;vmp|62EmtaAiO0IkVq{h||jP3<_|1Jn;;
z?c(c_WuyIRe*N_a7+nxMVAF4kbpyB^;7magM>;$lq6!>S<mpM$cvxML2gE7V`DfEg
zPEUHb3!o=_bPIKGd`ST;=&f6;q-iXL9I;(7a{M*>&%>%_jmc^-&l-4KmoJuXBbE%!
zWrZ{)<eOuy63T3o2DzY22`-<2<W;e3ILe{#ZhB4(y=6bj%XILhuakJcQYR`Tt~C~R
z4@xd4NcIinronq#W4b2R(GWeCWpmXcdRDiJGm&lfttD_#{bNg`2t`=DMEsMI+AJ%(
zPR7L088y|{DkvuK+tpVVtMCcm^CxzR+`t@?&^GdP;e}T4DgB&lvFV5wvsS?qX=lwd
z5%ODS)h6}#m<(5s<raWcjc8->y;C^1{6yQnqT1;}QrOE1qF8w@^D&sqd?xF#XbgiB
zfR&JqjhiO8eo^5sN0lW)Vg_yZ{Krbc$MgdGPfDMx4%ZLnb(Z<OEg65ZT;}BP-G)(l
zc;&rP)l?PTcYhqnZ=^a0I}1qXs!wbgc4#OGku6<|jSD^wU^~o)Guy92c+?i#M}<X2
zdeA{$df#D_#c3a_&R|1R;Qh7ty`89(*lijv=mM!qD^oH}CGdt0L=wW-<w_uNg1|p}
zRy1s7Wg<ohihRK%c_3@R*fhElUacYG?hYlVq@>uB9DEU0hWzLGp{XWOv*wM;U@^U>
zR_#cCW#1s}ti#U}*s(4wUu);72M@2`Xj@QbXnE{vU$Nr4=I*`H86{l1$p(49g2I%1
z;%0ZkevBYQPZi3TGTi2H_7s$TlSXq6C)+gkj(>G@q7mrO9*;t8T*#qv+ri<cfCEx|
z-q~tbxnau&{B3$$UCD~on+nQiiit|-BxOK2WVn^OHxCv>K_o;tuPQHWjj@UK+{`P^
zy}mE0i8isX4)LdQxw+J^YK7$NYnOHDOBy+>t<>b`5*Vbwdfw%)jYgg<&(l0Ecn((G
zUh^8A6y7ITmgHZ0J@^7=_*_HQAoGBef9e78?0x&1IsCVirZmam@|g!<^a^a+99roQ
z^bD<W0RZr4U?h$9=s0-9s7Y#`kTU&U=O2+05d)(d1sIe9(!RLB!^(jAAcfJ5|7sY1
zsOnVt*g=W$<VmkW8%#WC%N{Bv7m*6%1hs-fKV*?@g(5Z~_z%vR@R0enV*yO$Mu4m>
zpv@~g)^AC7pe?>9W(}*Q!2o}r5jlx$LleTUyUlDoEsVK5M=Gdz98TKvs7*BFVM4Rd
z^%1?;k>yk<8q1PI<n$FARl{n=0pb{QLxMp3UL<i1YN`3U!y2`hzw0^}Cu8J{czv*S
zRG7NE8+@sz0sGUhC*;8wu|J%u30r={jZYfP2=3DBbCl`z5Oz>&ZB%0Y9IpE9x$27>
z%tz<D@fjnRO1OOKwZ(gs)Y{^R3EU?JH3ISAioAb3*ZJ-ZpF358b9$==L|2+#-Z9WH
z+1QXLeC^Y^!J;Qx#<<-+S-xcYN&{|Nt?>;%8rR?~(AsfQ*!OZCE>cy3Hb(;vSdqMA
z&!uP~HM%OxOk~zewybQ6!~C+m)(B>k{7;s*PI(qL-f|cn=*v9d=wCau#UuTu5@3vO
zw=rY(bZs<Zr3dB*2W2mfmB~H$qa5t}O`Ll6vIv@R`z2kAp1aX&^Jl4;Eb)-XZn4L=
z=Nnb9CmHhclk%JfGM0fdz-W(GTnVA-%?1~rvtyRUYLE>}aYn<oY6LOYk78RpdYdF!
zA{7x{YnajZ5(Vrlr7vG#8vGBORv;vI8*LpN^s9XnICt=mZ+{KQ_J%HO@ccn;j;Gb=
z|8J#b6%R~0BaZ2N_BV}ZY|&V`y)9PYTVfPS^JUjsMf^Y)sY!m`TkKNcH-#UzIw5+O
zvNJ>1_57I{JI3hbh;s6SSn`xFZlJ(m?!o2)109^}InwDX7M|xs+uE{<04UU`0XlDy
z=2sgUMl|TU39stg<dTy|R0`iy!$V@2^=L#E^W9sIEQ_qECXW^yN8j7CgP7S}&cSqK
z2FJ7}A$C?o$kQwnujgRhS~yCgVj3Kuqf*g+e|mC~AQ78W;{udf3fkrOxXE@=I2$)c
zn9+`apDoA4!35M<^8+-s;#oxD%UX;5bfRaiqe16D{Jmq^xUA_nc`d+eB`ZbE@DXp0
z9m)ZDezGll5K5do+>)JJ4!ex5ul4Gf)Pq}sFfb12OLd6jW8aTe&3BnO^+u$t8V6s6
zWQ4LZC}8-`T;k5W^y4+crw=FnZ^iKtlZA}HA9gS`8He5uSOzn;=kUPa3l-rA;!*iH
zo{414BoAGL%b%VaZB(;To_=*DKZ}WN1-|g42_s4(W`i(e0B@l}2prL7?}0S>OMoZG
zs@3Y&0MfS*6^^3fyKWZ|W~WKWn&+<Rfh0Y)H73mZHWZlH*LN5FM)SowBVox-0cIX_
zAbve=t%%o(|Jh$$U|*WwS2ID#GMZ@r5qKv;Z~g7uN&i2z<>>4iW~-2xaERpcjaj(n
z;@aZJm}XC=-yz*8D8eOBBK)#nbG5dMCknI79);5fGl$#aw^To|A%GV!#Ju2Ezal6C
zO{Wp2(gv~ok<ny=p$e?FdU`6wBhxI3FB^4CtRR&Ezc@9<3T|_);b}a-*aO&D%<PfB
zhEvDaC-8?Qv%{V*{@m8;+w1&0CQ8g{-N!y;GJOo0HBy1CDRkH|p|SRv|C2TJiLA-E
zN&ht83NxZY;E|3nP9X*GXsJB>a4iXGG0gnVR})9slDK|wEnxaAAV!U1EE=NNw~ZUG
zZ86QJ`5xJiiDdfs@&`Ygp7!>8)LOnSKg7bEep;a)UtSl-+w7J7S~^SA$;uB_S!*=@
zid539O)D51yS{OE3qUR%Rfad<Qa4bOQ!<hf8Fsd^_#Cc3)jQwh+qFL`F>fB4l`Icc
zK=cNr%i9oY<qKBR!3wnVpeV2Zs^Q{LwDQa;7H&c2cjH$f<i~P}XOXQ&&tti;**=(!
znmeDgUb7}4y6p8p3>;dNnAe3$V0Nw6lm4m0V5awIcgAVh(+D&X(EvSpqcH*-RQX!*
zfUgz~VttUm+%X7-d)Uuxcap?up`xu32EuVX8L)Jkfc|x9eIe$1<hexcDu^XsjXoj{
za2Ag~yS$o$1yO5oNf|TVpa|iN6%X&2-MW$Ge%Y-t$$EJF7m7&tH^;al{q0Y*zP3ns
zF_<4t2R2k!R=3swp{fH7w{;*$J`p9-UQ=ZCQH9X2x!OR5d^bB~?affPcSd3y>0|Vc
z9@F48<*k4~#DUPyGAFQS1uzLRY~-mFItwVaNp40^$D?Vzwf~?$!>MqPSxA0fjs{6L
zTc6;y4s`>S>?-LcJNu*B{Gvp(+eJ(<E0P&`gB#D4DXxKbB@C!q^CQZ4T}DsRGTJ_~
zS*)sKKZy$o_5+@O$O#^%Eai!Q-KV~)W+IOGh#G=)T>0|Oh<F^|c@}aY*w%s3JHNY#
z8ko<SE9glVf8HKpGXI8FqYu^%Psjg*W!TfXE#mUaeNu`i#qJ8M9gzYwtdMl`IKto*
zkhyM(<k@Pq0@UG#7c<c#uH$%x;b+hN+G1tZEVE|E^9-nh4hgFFL<R7ZK7zD}nOq4!
zA*wpi8Im?|ABcvpDp%fPtM?EGf~#KOh*C%4l|3<o&Nadf6DDGc39`r=n#h8kE(p0t
z#D;GECj<VMe^^i#O&s6z4H{F6o1S{P8&jZq#nG>(T>qN!cF!Y1Vb?D!lyB@Oh-Lub
zOqreVlT_eT*Gqjp5CprJJc(D3$`5H0!iiw>;!&V8Mm)>{5ZpX#=G_i-v{(9=;MD;c
zWKkN=*wXg>G*07OTe!8$)Q0C~671Gc(UA3{gs&`7Z%)&}1kw?c{<w~Fi10WwLZtjk
z>W*>wL^wyvrE54K5viOv)dkGh`^Yqxwztyw9^($e(PU&4m7G=}(rpg*z9LUoe`A`R
z7QK9}?giPm5{hZIfvVGF7kD4>GN;QCjG^*8-S-U?6^=_*cV{OUr-IuwUPx9v=5*1v
zN@SlDh5IGWz?R^7+Ft*&HdMK1x~fAx8*XgbT@NA0(cZO1v8&ap_tuE$!~OLT#z^{B
z2j~2L?~L{F(oh8r?nzV(KEf%)x`d6TG17s<G<KPLO+&goT~)g)go$A1B<J=uCg;Is
zdSyK)>A@^(=rcY|Rj(Dht5}(bIYoF?HQrU3qUID0qQ3&sKYi6p-%^h}lNn;vgK$Y7
z?7?&2-inAQbSkH)cAK*yM~8jCl=sJa>^0h`IL`5YmRGbqeQB>VUAAW6V0Alq_xASX
zQcAix*A%t=X}Qj*r}Pu4?WZ?jRc?bJx$v*sp3K|xYa+<hsJRJ|L$1}=0iLqh3wLSN
zj7ziC$_dD(9n`GCgf@G(q<R;n1ksVyvhzLr=ccuNvrds$YC{}4_4s@e{bOfkzNZ|x
zXx=vmziymo=I45Xi#u=6Z=XK{_vZS8iznw-{p-J9(Db(qn*M7t5LNbG-`#R!i_#Au
zDQfwsa`;N)u89iloNDe~_fgYgIp23RM~Y|+9;BoNzkF0$)uJmQI+MUTBcOD`<~z6(
zumX9=3S_A(x|*ful=fxa2PNk9;-28EP9M!S@awA9^dJFqRUmE=IRy(;*uD0Il$Nig
z%{#Zl8z*&M^fXvYGZ^_X-uGjM{W{l+Ps&dR`(M7^pX3TW3cgXTGTeN*rcZChHgKZ_
zrBVr)&|3Hsohp#z?5vzRc4Gb9SiJA$p5*neJP!>o@lu+y*23+Z!0oCeFqw6oGY@yJ
znwx9+(G$Do(xl7X{f8{fD*de~nnjlvOm+8HIwoG`^X91X=GIF<ou$}+|LKS3X8X<4
z=7iKg=Y;CC8gd7aV7`W<-rV{f2*!fx@NnL?OZT52%g)_8Crj#ni$`;b*~ZU?I4AGF
zhxlKUqE?A1q@qV0eao!{W1!aKmUhRv?6L+q?+0&7Jt(OlM76E_WPw`$lB0v7lkb~T
zwRWpG<1`CvCOX)+PFR{jwLh&xAcM9SeY*5uv!Ch|*gOsxmfS{F{GR4?Jq;tln-iW>
zqkVH~Vfy<g$_K`zBiF%9FfoQ8uV-FHP<~PdU>H3`Tx^~eD3~gc{zNhJZ))LmElz{)
zTaK~Fm?U3N{=x=T1b6>~d%>J4!u&r`Fi<N*x}z?*rxY>rbTHZznziw#vwp)X-A6VY
zJJR8v=9|AA>)3lTMkb<rc?952G`yF7qW}4=rr08y0YoZj>wh*<WEPb3Ih39IR!ti?
zm~VSNv8K3!*G9cpf6T|oh6{VHP(aoq^n%{M<&*b&osCn?%5qEqv9&zm6Up_dQWj^n
z(1!qV+OksKXK!EGiY(kIFjl$G$C?6o(bKI%s*V+Ve2eQhu>mGItUNn%g`z{4vT#9`
z<HZv+O1uH@PMd>w;UEJr35mAqfQDQ9`EYrwVZvwQP&JPUfn_voCJT%34+FGr%VF5`
zafd)bEM|XfZUn!#o_)tP{!uC*T}nIuWr1pYr2T$lWro8AP_0ACT7#j-2#SSHP9e4{
zwM{_{;@Z02f-<^B#eexc;9`?27%0&o3*@tTVD!zNU=QeUsRub%i%8sHWq1=}xXS>N
zAF&3j_V!;^rMVfXV`dvHN<3#8pmOU12CUz|&J>RIvkd{M5T(N#(;Q2DY44G7TbqtJ
z;nJzT;MEWPMUJmA$e8H$Xt@>@X8zMP+H+rj6RLCMVO&U?U+$6qebALqJaGT1r1xO$
zi07r1+u$3peIm!!5&lu&{B`?1h)QXek^ERn@a&u5h1WQ3(30SdnydT$Ro;x~&LOzE
zH7>6nfGVi%zNO9DCu%L%Tnj#IGICL7q`AR7JzI21w)%oBZI`ZV>7xx{?azICMpyGP
zf4+IeqO+~3z*j~gr2E#&bKrVf1988Wp75!AnuX^X@UNRdRJr?zY6t~^=I#}~?1^|@
z<#n0AoCBM+th0^1+X}`>!L^CD#nw+Y*h`OWwQ+TC(*`D`8J7_474W1PE!XYva4Aaq
z#BwMS<V)XsDy`G`hl{9#YLjO@RMMyl(c~;^pN-(r<%ZW<@1&H+0bRFXGVi7;fC#d(
za+B8uSlyc?P<-$@&|b6~Q~k4Vd8<t;nO}ZJ-nZ-+a`2gM6z5WT^p0Y=ZnJ_0Fdd-a
zo^r}kt?w>?aPy@6=<*r4T<AsS*7DDSxR2}Bwt6lBEJR_~PNTkCCt3h+WUGa@*_8R*
z>jHR*Mrj44l%5d^Cli;02ns$eJ>q=_n#fLT->+%qfJ(^q$cof<2Kz98txJJ+QOv>q
zOK`U1cZ+<-MrkgesGKzc)TfMMX<*&hi^h*+{br{ZvL3w@yrZe9qXERwT)zKNi?tvM
zL(+SKIqh`;3g+eC`^Z|JXa~baOSY)^05{kwMJU(<q_@QCjF!8*FB5nhict6Ab}0~A
zmlj=?>!$97<ZvRtV_j<8N^sMYM7y{Ydm3=y6iwr``7f4&=nvk#QmA!A`aFp3`P#p`
zXFpA}`_~nX`+P-D<2R|fq)z~*tgJ7|(MH*HwO<$|twk~TmVq#**Q{VAn3B4Nw>+@c
z)CS@{Exm4lYQQ&^5MmyIv85hwjd|=0C<YJxu_g_uK9D*EYw4}?gvcgOi!{XIrd8n$
zl8nOI<9qJDj%(x;lv+k=?S`bWh>3Eq2P6ETQc8Sa_G{+~AA1~_M~hPU&{K5B@61I`
zAa;|=Txv}LTYN5J*0*UsC1xGLj7Z9*6{|z6)6Oq$7K>gSZU-p-%nwF3FH&Eq-yTvp
z7TNd=?9`>(6xcnrb=<eeCv78^6x#l`Dc8NX=N9Q0;>D8;!n9vhGi1Vx@dHf&o@9W6
z%-L5d$i;qRjAWozSll3YqSo^%19wz)k=EW9)3&%#?Js=|hQ26^SuLx2Bun^w2gG+e
zWW0R*+EhLVls@k;njXlm&bQEA<j~4RJbWHhU+MYu(h4?U&kN-`{UVt1?2O@v9T=|-
z@r#tE_-&Th-l62|3-iX_QBX8o+VXQ+#Nw2`!W&BuIt;PK$ZrlrVBnfn5Ot02TeL&o
zn73yLY!I>C)WYo@KwLrxA^}Ol@T$6fc~PTZwA5euXfDobH07liC;w*C#fB}gtsmt1
z`aYm%zInb#zZ|dIdlfOmC+1yIM(GyX6<@+sTw0{27j20O8y&y?-zGpGYHxik1wezW
ziq3#W&A|R9ueWJk<GBc;V&7WSqs6U)4>dEKmqIceYZ~tiBqK?UaWZ)|vjR+>mMsBL
zW<}FUS7ocaSIqHm!Cj#{FlW$<Gt*~5g?Jtg3j6se(`@-<Du92}UambGF(C(WBhOY-
z60M9=;*F;V#*?tsmmzGl$QA2Vq=P**6=;jb3z4kim<0CdlIHMgzN;I%CC3wFO8xZ}
z-z;+ewlf~zLVPb2lrq~uZdUeUd)foAy{4mL_xOUX;_g5eNwJZ#JD_1v<GY6pgtq5m
zRdH8kgPYQH)F8U?+h^ce-W6bIU8;b1%&luqkgFwFO9S{dB93zf*d<!j<M8mQ7=lop
zG5|{@P%5`gKhkdMUNJ%FJsE2iHBG5*xA}HHSX-E7&Im9RF<>A2elh&XKdn-wsYW+P
z*+;*8do)B?KAQ<W++qb$9~N^^S*vjcc_+Y&dO07_4)fkeuy(%Z**GBV4Sg%#x_cIu
zx0yTo6d#->OJ>O9LT18PzU%jv_QJmo8ULAyn)a-H`EeXdcT5vw0Z_itoZIF)hnPJz
ztA6Wj+aqh31>h|!@gqJ>xcmW_fvrG65#q(R<dclE>tO1elt=X?Gh>wSt}!K$NyTDh
zX&^~K`<C_d=ke~X-({Z6Auj+=n*yE&npsdnR3ClBW4aGN0M{B&K$6*_+kmg4`II)B
zH#Y2>$=k$lUMH{%T+j#eXHuu;@Gd}$?p57Y4{|*Xliz$m!2r-Mpzzapc<oew8K}0%
zlT2kv9@Uya<%H&t<EMZ;>*Yt_vvZa5g*gNa5Zj%;ORPTuCUrXg5f}R(eUBHp-NB~#
z`j?P804H-|z3~$C9Q1T}s1BBB8(5;M2miE0ci%732N#&THDZa)9MCO4>YB7V^Dw}R
zKpr39FTjqUV^|9_;gW*66v6vm16Y`3Xkq^Rr-h0BurRg}b<gCy3)JV*;G;_O?m6|(
zk)?KXV3fK)&R!Kr-ct??^#eo&O8g=5I2YhS&TNh?{AD4kZR=V7crLjC_`1|-#OXLi
z6AU@v$pSzIsQLrCmG`UmcPM!-$-ZfkF_&X}$#)N{)o4Q9KTv><xV<rEKBO&PSQVU0
zt5tua`4Pmo#sVYb;h|ryEZXg-qBTLP2l}c4YF~a+_oYirE1#X_<Q-B9{ax1a;+KEk
zQm^k;8QEC$;9uj|7nlz}w95Dp*6B-E?_<ngv~_(1tzR-c_BY1JdtW@f^JV?ytgP8S
zE34l(Sn6KHl&m6t>FONv1CfOddBo7-_qcKK3aT3h=oL%vg5s5G6<_{sT0N`J^!^JY
z;3GpnW=V@St^ZexGs6Cce#Wh59-1%SC1xXAt!;C3s(Yl_pgrsz+UMC9d;QmTW#^6w
z#8ptG8KpXOOz8DKt^ESu2Lry31CxYBQTF$IvH6AfX3!>Uh9lXo$|5^Ke9`T=FZMvp
z2Z@&Xr24qPfaYcI!~CKhw^UT!eypASmyY{CVT2#^fW<HI2bSc2TEP2|f-K&Y&uPp3
z&-9M}nT4^zo_cx-!n-49ycdX|#aoPKCCCq2CTM<H?r$<j+7!MNEu4GY6C<AsnnzpX
z;D^6hbDu)3oMMhCR`H9MqkV524|s`|biF`@@4?gEDDd?jZt6P-=kTrohHtX2{Aits
zrOT89Xhk?{qXj_IXFwfbI_TCIqUYS6BWP<E!Rj<|dUwM4^=t_o$G-Jq9+?|XabS5O
z8N>50&nn%j1Z45TR0Cd}<W_Ef4{HNnpA@I2h6hRz$tLXxFXuVfetBvv=|Psu`N><j
zHPCivT6C@#QR~<kfkrt3Jsa>u>)0F?od1EC<6<*UMAYNA?kBd7J_dQfa!Sa(gS{0C
zsZ}EMyx`~pd`yhZ9i+bLGyrV3))sAl$I1vf3)S`5=6xs1nPCqv&fS{0yy(h2ew+J&
zsNFaV^X$g?@Ck9zklN@$^fknw&i$l1oi_qh^a1JlAAn5(I}L<7|Fc~RVrc>0JpTi+
zt#X0c95VtA(DV?C46&Yo$5sWL`UMVnYVPN=r@*k@f9*X&_C3B3Hs0&;XP=dIlF@ns
z&3*3YvlqNr`r*Uxk-GN#{COeU{d@$gA;E-!Y0v$9_JVgG=ev-Z>`yznAguRm@#z#^
ztoR@>NN%6KAmF3GAh|&cZLw>CJXzqvJ|DrQ53++q_}L3STQI;bzuLZWKIlMs3AC=C
zkKpMC*+C-w>;($*i}rr)z#hc8#Ow1B5aQ_|vi`FXRDF~k5FtoLK3V)v*A61{%gpNk
ztvc87V1adq#s-%7^AY^5ehc;r{d~4|f2-er+2#GMexEq-zrEi-hrYkP-`~Oa174c*
zzkdhcj{xX1=mtU3zp>vZ@b%sQXV_1(5~{6gbM(t_C#9#jOya0HfGoag`{J8_FJv9L
zClmQoB>OPT94b_hQVKa02AU?x=(7tur2i%;t9dmz5b7-+WQ7mc=s*Q}Wu`6*DEZ%%
zY(#?!!5#BGOyD#&OQ<o~Gp>38+5ejoq?HnuWG0J5-fdIx8yRffcv1VI4X%ZB<lg}K
zH36Y6-BRM#2s+Ia=^<CJ$)Gq*9jZ)<XX=9gNSYf!v2W)<5I^6xW*5{z+e!v|brw+L
zjHfhIizpuqN8sB5sow$>$z_K0UPJu#{gnrxfi?}Q&C@7VXPIJS)8M$BP_dL}oL1Yz
z+Kb=U+RhzJH`=?1Mn}2Q_XJAsU|j_NUTunoM=lj~3bH}d@jGiDtynp3B{Lq{Q_G*N
z0hJN9IFdjfrs3XXw^JY)X(*Sss)@f14!KG@ZgpP8mVhF@c!e%1q7Q;He>s29e4WDu
zoAx=&H6jKMD4WBkTasJuAB=6eD5Z3#OENn-wyPo)+Vf_E`l!QDGtOLrz&a_anzBc_
zzp4Jf-Dv$}XFQ)WY!?c3s0R~7^y<o9ha!|XK2bb4*iq<mV)q$sX{feQA5@{@Ek}hG
z6F^vxP_<y+ivo%qX;r+LF*2sMK?QXH1s&`)*L04o2-{;{@*rQT5*2ziIMHP+mHHqr
zGc3Qfsa)Pf9Dn<YQrJ2DnUT6s|N3$TwTSc~TU#nzkm~Slsb|Q*y({@qc#Bb?+AYwI
z?;=)^<cvZ!ktC%0Q_zzwoU4tsFLk$Oz<khFGdp%lDMy^|a7{4MZ*(FUDx80^lucvI
zPM9}3%}uNdYzA8ouP?%Og|VCcP=Pq;7!_(&5;L3TUjlP>#<zNV9c;4Mhc$CC@i<?9
zeIq-R9PYvzB^eB-L#1Wol&o1zP`q1K+G#or>dmY;7y=5}UDJJOwSJ>BfiJ684I1|B
z1*#`9yme}Eio10dx=m~>UaO(_v1On*B)BM0g?IqN+=@V>y|G~yg;(G18qj{B12h=w
ztsi6weYH_|K<BVP0dL16eX}UAM{Nl<?AcBpXyQU$B!%Qg^_$56^(kzqp)j=ATc-hh
zjsy1RtIBvdPLL`-iFr98@l_$DAX?==xTEjVwnnw0U2ZFdbYC1~RRywgp$^|N(|poy
zL(u$5F_rgyZu|CXJ^qqf$kWw86~J_qgRYG&Pnn+zXQ7=Xqp_$jr04VDPlEk0#Jih^
zY@%F@z+nI_UE#y@DpkvuCQyfRw7%s_?CV&W!(hi;iw!y@ACWeMvkVw-tAK(>9lIht
zp%ch$u*JIe?FPLt`SHgRy)iY~pbtiw<HVX*z)vSaVCSagZy0i2M!fh#?TK~0cV|Hp
zx3-aFii{~rxCYM-u9Ma|iM(o(!Cfeb9Cl(&#}S0*4@Yp8&40@6&DL5yS8&$V5m0&H
z?NE9CG)tcvAm9Y2{|-kYxi*+b8zHmTNLw;jYW=_HtjW@$J&qMOWbNIZ4rs`)0L=%N
zQ`B8esc$gKvNaWMKtI_to!%MSp;9e2*aU$I0trM;Fdd;88I`ZCOmI0+pYM|x=7@~E
z!{g#oNRc&Qv!XDw)EzW)7wAU2=t?=8nAcR~P)D^5p<;A&VTCzxN@&%D(c(i>cJ#6-
zA*E)R-KAPkO46@>h+!MIA^fPfLW*iZR~;r3@1EmWQ~J8e6#gpqym%TIkZ}#$!p|J6
zcu+?OGmZj+P;E;XP#a4JzZyY{BV)R49Gs6BTofCe*k<P%R|blvb98F?aqK}fhUbJ0
z;rEtNUBa!gG*IeD0p-SBRXpI8%%a59sEjtyYYiRwh@iLG#dHUVanKPCp3&0U4+EaA
zkbMBQg3CH4+A~4PesCKXtB5RC6b+SHu>uSmRIr_Yx_}Piyx<y+vnM$8YqztlWJ;bP
zH0?MOtCDLNMBqQ-OxlUPD8sYh(9*q3<xP9+{s;n9>RvUVRx0x4=JAf<X?=m*1fGDR
zz42aC(G|uSzhW|TZ+Z%}r17f5XL!K`{4|y!d?S#TpqQJn22i~wkcf%fnlRtMnV$vF
zp>flC6-E<FCs&9YcD5Oe{`DgTkmxYyc$UwNWP3JFxxUHgjKIs~E-F&<>$w_l(koC!
z<Diuw5Eu)ef>Qy&Nuy9T8XFwsc%Fp|@dr+mNdYHfrMWk!TGw2y%QF@{LV!_QPi|>`
z0_uYpRlFaSr+(AtRWkFp|A69^7Yh1j#(+6HYbo+8`S+vRPhZK|b~xz)2vC>~)d3(h
za9HQzY3LlJsvBYy=&x?6mxZMp^RHPIAe_Z4XdMdMm_(kAF;c9AhWSp@qX=T9pqV+B
z(WFj1$&|BDN!W)G7oiy-=y0$WH4WY1l#YiyH3e{n2^;ua1WWtgM>&bGQ6g*^g59#y
z^_6!TbM{OcI5IN*RTbehac5gB&19n8wY3jwn5bbY4i7l_+2r#MscWR!@h`Qj2srp_
zGBW%yKHUCla4OWZK|+H1`#=HQR`V+V3=9iSU(Expfwm?lpsm<*u5ng&_<YahY2aGf
zRVvkrf-F8Mz|hnw-WLs%5m#jM4yuJ63mboZ$RL?%e1`T6Dpk@31tqtO&=RMpWIPHu
zQb<#fPHCt~h9BXIq9nOy$SosygKLBi9YG->#S{3V+G>Va8gC&`7fz9*T;lc#@dOb*
zpN-}~QfnYEbQ`!rdK-L@HUkd9d=TcL`@90G7;h!l#cxOmuil_Ub}nr}W<|Pd7l+jh
z>=#d;8|fwA<3E#+x?Tj6H8BCI1q!?`!J?>MvoljrZ-}{u2dQB8R|5}HItl4rROOCz
z+}d^#I(D%Y@AEwmPpudYdK2XWPNb!BgaHKZ!&veD0~^jbr;9dATh2^@d114r0zS2Z
z$4uqPZ)qFOh{L#3+7VkSH`VYk3~hm2bS37TxvPQ;Xt&JE%R=D-(_Z;S3{J;I5&Yjp
zD!He*GF(RgOg>4IV^Pl-#wh05VP-oMw&SRHw)-|V>Z_kiuhpwPD?o`IyGD}+tt5O8
znoz@6j1x`)aPtrqFFOn$);3K%Kl)+^W*k1eJ<X?O44u=fKYwCPChaBdHJ7z7S>$_&
z4%%DpKnG}$`YIFV&M469lD^@d15F0+yq4aOSHy4?prsLb2})!%BqSPK<Fm%rafq9j
zGGf#YM261kr?{aTYJo>iFCjH@b7>0({FlgZNSkPYgCGcUT6&Fv<;)#^dR%Z_vpH4#
z^;!1~v9NXa;%VVsi)z}&DE;`r^BihD*`IVOT}D)ni7fQmbqd&Fq4C2_!@u`Nn>+^C
zBo}H<4r2`(Fs3X8Ptzrs41)$wg{#k&I30MgbKsZsODC`Ha?{`H1;2PJ_QC$&4c>jl
z{_$XX9opl?>mi>B-|N01v&O4-ZXiwwx6~7cQjVNy>Jf=Vx=LdLfdCU3$F=Aw9X_$!
z+e3U#Wm9Yqhr@Xj@B93#+^-dsm6hvgG@4%{sfI_hk92rjTN0S)Yhu7V%#n<a{%koN
zTZ~q>L6kdWBndd<T(j`CrChhjmtK$QaAM^15UPt!mW_?1AYQBv>tKCNe+`e4D{#(i
zeZ=rkh&pmNy2?Nz{nf3Fvd;sfxT9uAQm?&b_)qRqEfBNXI09j!g_V_+>$;SoAbbyx
z2agz1`2K#)d1CuBVMM{?$jIKINfD*wPWyyVsM~cqc6C@3KXXrVW6$(-SOk6Y(e3h5
zRM`&^;{@EgrL2jGpb!*l*0n-hMU6B-TkWRV2Ej|X9>hpbvFnV-jmS9Sta{JRjzm;O
zt&u1BbVW^pmA&+tnsdr)uTa7h3ycd3X6+S4uC--k27^)8+S<DL><;c|fu-1(8KphA
zA~1MX{_Ae#>DAuW{1AifOD*a&g<H-9P{ra%$;2Lo1fqXHr)G>&zmJmbu5Low;aAdW
z&F<CNM6!Qiphg4=HQ`6ze?t&wK)i5w^^#wXT~b}LWZNom7Wb{K1Iv~i{S&%q_J8-{
c`06{yE=;kNeOTb^?<HmjEq^WAf9lfz0bA+Jg#Z8m

literal 0
HcmV?d00001

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-all.png b/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-all.png
new file mode 100644
index 0000000000000000000000000000000000000000..90aa3d6e50c6c52224d27126083f16bf2fc0b224
GIT binary patch
literal 20140
zcmce;c_7s9`!_mBiqM84X_FAjTF8*3$iA;5`%W=-MkJL`gpfV^zVF6TWY03j*!OMh
zyBRa{+|&2-{VmUPo<Gic&N=^lmYI1k_jO;(>-D;>+Xq!;d3st_S_lL}|NPk#bqIt~
z7XqPhIdu|zGBfX927xHMJbxmi>0!J!e){{x`2^Cd)PU3H$Eea;pM<{rb=LGo+!Gx$
z!wZp1u(bPnr5Jn4R(NQWh~5QG<M-EjwuYXhey2M1`}zU*6y$X~cMIR^$unYS#EywR
zNfmK%nc>Tc*_K{jQX6Qjr;-k8U>t>dWHjlwlAXD73B14!t+pfz2*f|<x(WE#lTZHC
z5Xjm4l*|x_^v_e^Jt60A{{QyH-G2YQsX#_ct<<j}ZFxB+2^lI$>jED;+xC>xbFeio
zi^|xE`r2}vf!3?utM|R}Yn23^FPrF{;bJpUtDf(wp~o|YPT~mMKvJH|Vvp$Sxn~Bo
zZu!XJJ|8}vM<~Y5h3aM=Z|GdoV;_M?-^z<K*eBhO8#_`=5=JT<?C|?*J1i1MRTJ5o
za3dIku=jd{lq?f?{Pzh#EXG;=UW;+ahUK@Fuo!-$<6mJ5!Pp?q_?QnJ6O2chXD2(&
zC;5U7#nnomuogu;)Z^HW+>^v?lBOfu|MmK~%@)R5JmPRV*lq6jISHS`A{gg+q8D!9
z=yv=b-HO!SpvL}ET6oRcr3{;HCv<_4c6i80+F2+I7q*uA_el!g-~hPSKE^5^jvcCa
z*>V!8U|itNqh*AiB8r>GDE{Z2_Lm3R2u8)Ga@F&lF#_&8-g_%isM*y0J3o7Wwc{Kq
zO1`jAVE?4ZirNm|@y0D@u7x9x(;n?~35j~`F8x40X1FS8EgQ^G4kaD+uItvi3CG2(
zdMYR=7!GXBhC|n{>L78!XD-jIbY>{UkNJ*NIwkFLxL}9!9jk{j1q0yvCFURS_yZ(q
zyfDJGevi(6b-38EzHDNIe?+QjU$@BQO|43$<9Nro${_k#=R$ANhCoSyQEiPy4MH4a
zKl^b=D*%7QsoICXxVaHy>*q0o=rKP~xjhOWDX|E_?(F`)8D1sZ-13fI(b}lPvNq%V
zpf8DVFg|(Tto5rwflYUksDplg+uou@4KaJ&eRoOiATH5k=Ct>AJD0=p;g;hOk$@k^
z4(tzLQL~)*7l+43TE2;z0c|L|EB8$NYmxed!T!9qU5o99F;lPHSBGB;AdgE%6XoRO
z=2s2{eHm}*Oh&~vG`N<H??O`-HA4FB3hSfGl1wrRuSc$(AKX&(&>Mb3MKdP8Qa|K9
zfkYq<>e^Q*wY1hK6iIhzuM(l}JJ_7+rW<srY6z7`0$+;p*(=SxX##XeW7U%kS1uK@
zNFL1m3Yp!Z+^9cDG!QlYc?zNSv>E&3-j7iZpG}z#@zmtSgOt+>ZDH)=uN{PZ`<6Ow
zHYVy*<b}|E8gSso29CtUN8X0KaqEi+n_!F5P$4~?t(YJVu7LyY;|Ed*vQ4|p4-T{}
z6PknP0=9c3Hhy9)N{t3iubiBQg<octY+LA#kCZBa3VbWDCTNVSjJ6<?9yhoZ5RaWN
z?Q#g9j&r0`cx1+%t(KDOa4Wg<4eo-3@4*~8J9`Hy!B-UyyAA{Jn!8u$R%!*~(J>z%
zcZ3Kud~-$weKV?c`-QdGVGTH1t_Xob?@U`zJaQ}P?TmM7h*f2I|G1ncFIywCW*%oz
zW8HV-fY*AuIml6eXHQWwxpYfd1!)38Z)GJX{i#*hVef^mfmy6h{K|@s)21N>_0{eH
zfm^Ul<%F>kb7ZsNIb*K1vwOM9$n{-1em(YB5xeMkzxgN~`|dcAg7q3WcC`>e$c-<I
zrt1^XP*RB%<n)8pD-$~CD%1``UiJTY?%3d0pB~vQ+T&_OMI>+z96XO0hhmODX7H-V
z!qw%y>fNY~9n88l?4+;7uf-`>6}U;#cH^}8acpm`k&cZ?G0V8jnn@UOo8^F%vZ&n|
zu#n9-?9%&aalsBxJ^c($z~lezds>}6tC-RY4erfWM9ZCrj8}C=OUufHrJxC$zWwzy
z)wqJLg}wCiKFBN)g$;Q<Jw3^;ASz4I!s`QT=L_N;jW@;j484>e9n^X57@pe2QmSR`
z`=e51X)4D!I<7tVnF6~)L1^x)yDVh+)>i-6`FYLamt<~TBo7r%D~&yBAqaVPk26jB
zhvjO=Hu`z@Oq{lhM~--too1<r?jO^0S1iY>UZuqk#h6ILn43fgCQ-RMZ87z`{fdr>
z4O#u|mTXov1r#J=_AT$ETPOnIh)GH3sT_8<PoCq~;xbF^LUz#o&)sfHT!vyxR_O^r
zONANUyGvhG#in{YUCHhx(cZW|UOT&k!aPV$aF7cJVXu|M6*Wct_3PLC0?nj^7m^a=
z(-WERB==waO5qPrx-6FBQQ|^St*-eFtKc~Q3^K!fXZNQ5!1P(JrZ2Q4qO_KlcO$Kz
zn$4BSdwVbc_z-GNEyZ}2)HFejN*4PHxd}p8ov(gtw{tTWEW7C{*O%zjciu5_T+NAP
zCsptAN-QN6IgD2PfCs={XMc>Q8Eli?2{5@N47bZnL(;mQe|w*BKJS_6=!1AT6N&gT
zwoavefioV~=bBNXmzm7;{Nf0q24jzQZH5OXsBc!YOL`Q=4>7b9vTgp&PZ><Ml(zTj
z7lQHkgBEFymo;~Cagy05_5w&P(wp@c$|w~?lXgrJ5ld1DQ&LR-=?IeVnw`Wkb?>H*
zct`jn+9k^uIK9``Mk~1nsZ&)!q6ro*8{3$=RCehtB74cLq(;180~+4&EMiY)6H5&*
zzlvLA5Wi0|o0ZjGR}%3EJyz{9F1gpPpv^UWmApz<57nK)#V4arf?ou{LRP-!OPxD^
zMLqVxE7RkKZ1d94QjkwJ1TcRWJDRO6Z1g3kK%?a7pN0Bq_d-c^@k1~r8mrvf-iC-o
zXo9U@jtvqK1`|N}AoTm|W1`3@*Nce%vg*wh-|LyPr^JO4$M3l88O3&E6*)aVxe_Ee
z<Iz)vRy9YlUAaru1UwZvh4LQCrNQpKY$~KBteiT5ls>M($<08+86vIq-^fzPwoSIM
zBM1VG$;7T$p>aWW*1V2snJqN;S>a3?E0%ZI69ft#9OoUJR^iaS`qrtgW<LV1+G1s{
zz=rS`Z9Rc|-9C4}6w`{y%RM}Zv7g8^F|N9qr+@FbE#JE4MwA{`5)=wTJq#vhovoVH
z4<kUSv5ROW(cUCw5oGGJ{UXf(rXeOOVS{cZ-L_k`@{Kguz86W*yC~n|qkjjn<U8ez
z=Uo4>HpRU$8Eh;9k(`tB$b^~@bZoXQWA%G;i<CUzS!Gsv=i*Us+RzoH;9e88q#wzN
zB;KcOM}doU`mtp$`Lu`x%8|=Fo7O&ek;+AnjvFpypLlugfwwBV8|S40nauZCryMn;
zFQ}^aXcQ7@z9U7A>}Y|_G)@26oF#9Y{SY_G48K!~DOf&)2OdC|!kNlG-Oi1-|GQ;!
z1DKw|Rc}4aQA2WK1!8!vJ#zeb^A9ZuMIm2ek><hH;^IFUzNc=`>}{}rU${g!-9b~w
zg2*8@*3s|wPC(xTK^fn4nu17plasUW&*YQxXzR&#sX{aCtc>*^fpZDx(rRp}Y5nqp
zlDG~n3L8_{Q%{;}hG?n^)a{&EIvWDq6h@p@o{5?+)cA%N@x1n6H4|Nk&XSE@vCnBR
ziQAyzq!&mz(sv@z`+c!%WAgKX`}aNp0XYia`|G0OF3)ycpJ@^VFKPz1m`=CtWd_Pp
zF~K((%}bSuF6nVeAThNSvK^C76uxSHdzu@2JAP3mGY*7s#SSmtSlg{ZAS-jN@Sq9W
z$uAjZ_`h!G_Im9`P0dPf))qC2hVSqdOT$Mw(ZVKJuj`IbY$hbz#(~P$X~iWIeu_Bx
zj~6Spt!nJK_Z417NXAXQ`0VV7&96M4C{OkKXs?;`!4A*e!&Egjj@zVrsfWFh$~86O
zbu2#FZ?Q{z8LV7SVbLo^SDC+4XV2T7qoXTm%ETY>x&4hwBOMYkq8oqld(dV6rWlXI
zR|K2-m?lZmOk4YZU+fjuGYVC`$uKdDBtjeoDq3j*40BLYvg0dLZ$5h?TjarA5R@6c
z9MLOM#A8EW9m^e@y4oGO%HK3{)0|@pvE6o?Xrb}r7YpgEG`x3+mz)2l+4BS!+j}Z&
zr%+x$V3p#f0(y7;NcujcL7QU7Yb)8*n-EtCg6hy)gg~s~W6~h&PEJ+TFiPV>jerlX
zvNcwr6_M!5lM`=S=1_l?em*$^?!ZWWhn=!tpvAmwZTAwZ@cp}&csr9|UtUxeo0k@}
zuP1fme+XC+a<q*?VL#YQ{J8PqSQRWfr{TEV&r6A^-7?{LQ9+Cxu^(YN68+b*u=jaK
zWR7;od6qY>$IZ`Tva_S-fO>CNR=ziXYj(FjE&AK0=oxd|!`|Ja7WHv1%(0=5jzUJE
z06R4|^#k9lC^5~zuea%}VjJF>V`FXoGIn;6`Drw^zxqY{?upr!YdrF0cyni7(gbx&
zW|Ef>p@;OV2lNAKeW+;)5m6~g5U|Zm4)k>v<v+_r8U2d^oh@tmhsJ#F_ZPpY2Yau!
z7_URJ^iJuPt2l3e6d&9et?VsNT{-Lh=cqn4*ARlaVS@P}V89gWk?44rCDhBXFZ(xS
zn~frOe@o>qEeks<J)<SvlQ;er#X@m|G_qEmhqE(~JCY~zM&y05gBx0ef&f2L+&bD>
z(zcH>^=Ts|1oHk81sw!(&Gf`wKmp&MD<TuZ|AQ~|BwUw1Lvx2D%0`m{ZQJ50lUdId
zeg3kCMUVdeax)*0vi(*zrz&LJ(D8_^Z!zXKTeo<U<NnixVVIJgl%UJu=1YV&YBK}!
z`@)I4n$`<lvHY6pJo<^*y?*<p+=>-EE=gHkK9UtAWvwzvHZMM>hNBE9{zrZ5izN9J
zTmT(^k=xqHQHUV3Ux5<>Kgz|dsrA#T!@XgL9S}$FYEST7>5Ngn0k3i+Df`S#D@l$a
z8W9!>IvYOYx(C-)IeBwp@^kz=wf2Zn<yB@g4H9~4^)Hso$6N=LDm-@<-X3wuX7suc
zj}~j$|MaEF6XY(_L3J{E4N|VuaqCy+7Swd?ua9Fh_71Qxl9wy?(}|-ZhqS{_RO*0Z
zpKv{ViX0}~i^|I~t_b#y@Qqy`E^hHV>V)Y>-d4(!3t_GR_Bkv8a07!R;gPi#_1*{k
z?xcq<3&VVsW2T{OVikqHYj#6`QizcZCUMdE`sE$t#?`Maq6}Uz#Kgj#zE({tYip|P
z38kO~;VYW8`1RTg3p8#U6AmQ8Bx%i<ROq+IJ6dWL9#1MH;R?6Vy6WmP>q6f9_G0-*
z`s<37d>W6!S5C;OJM1Jo>XxX^Lygntmz4Uv%56~{t>GLSU}cHk>(6oe0i)~^Ze_fM
zb^U8U<U?7bN{lBPeDn26Eek$f7Ha(%5;89O!X1hbk8e9YKzPT%zA`b%L0FR4*4JkR
z`Kz9B{b0LOVDzBjp#HFKvqZD7zJxTeJj7}L>m$>?6KUURKdR8@S8FI6OH$Ihr$)Zh
zrstWVn{`s7l}?o$q{Fs-RG}a0<HwKZC)gTw$hIwW*$>pLIlnq56tzmX@<smYD?;s{
zezHJgFo)lRhE>2u>j7=<_T5@>J0#L7w*)g*QqeHzCQ12@F~}2-7ooLnk^DwAx}y~i
zvj^Fqv}7+FV3t3wSl#g8V|=vx8NavM8zbs4QWgEUzEvjh<S)j7NBhHOL#0+K?)VJ^
zsn&NZ1XiYF?D<Q{eQgBgpaH9Kh+Xl#73r{!-pSM$FDScG4;<v`Bd_5|6{+QnJ)Kb@
z6b`$e7A|FLVPQe$c$KrtS{v?2d;;B>5kK0y0(F}K_^!;_BxpkS?Av9(gGmI^dt(o}
z-$=#yGe&E70vkLCSo6$IbEkU!eg{z{(;((v&^_OECVte+rDq3q%R}hNRtka>kBO~O
z`8eU=<R)s%3i1YcG3VPXSGm2?FThaolgF0FF&TbujQx)0w=8fLSAD7rjqAmi337Zk
zO@e!j_;Au8qdOi+#3JnhC7RCBi$5@&A&MKR5ni0Y<_c^8D%(e(?~QTtnPuD3e$3u*
z%I&tT-f8`YT~@GJ8~W69EXc#4`kfw$VwzLW|2mj?N%yb97~5D_q5A9H4D0deyLzT#
zW6pu`+WvY)CNdp+=rw1%&&azz5?L(vV!lHyosr}FnWdiJ?{(|g6=XF?(Y^UNf#1Z^
z?ZgBn)&9$IUNrdu1%kL*)*J8Wt1<34QRjK=c?_qH$e!(mP>PSu1^>sIo9P5T9r!)~
z;!rg#x+dQ<HRVS0fzD37pV10BFOCps;g!c*P}S^v-`Hz8-EDKK>Cl%aZ7%&M0bY}e
zi#>&8CZrA(S|A!KLNfwW!>URUB){6#lFl)^0S3kC7r}D72Z}J9dL5&h?*F9^n6-sf
z%c_W<Nq5NZ)yUa9fGOr!G|k>NSWwX^yE_2F<=7;PiTc|nNmp*e_wcCsc#&2`XCEOx
zUh_7H<L2G*oeYCX%}O}w+U60K_Lc_O`Grpea-{Z0*$3M{+ow*4#mZd!!(d2Yr^Hcb
zd!{bZPLe7{9bJOu2jkLOXs0a@hb<gqFUz9&3|bephHzUS@L1puLeoxk<<FGjMf1me
z>WP|!F+bu?Qf<pMKmuW3tP(w2{k9{MJVea;9XefmBbP-PC$*vRnw`gJBkqS@8UgSD
zQ36O>(8|!3odK|0z~!yQ2iCr|yGrkfIgTwkVug}9uDy9N>79hUD`|uwExTgRXK*Mt
znY~T-o^Zv+uT&^IpVBWHDlm%QyyRaP2BkW+giaDq#L4i09BkiP^BgQKnhidtHF=8q
z-6V0pa?4^xwhwSzwBSw~lvq4QK$)h=eia`}mg1bY09J-0rBF#3Ibl~x4I6}@pT2G-
zsa`orrx6BA_Ky>^E+rN^lsZp8Mysbw>8zMsRfSz(=TTcUQ0t7qnbz-**lmfwT&}RF
zS!{QWxAV>wz%=;c$7a(<Y_cbS<z@z=BGSY-byfB@)a;)9Dda=hZB4dlcJ`xoGKI#&
zVqee*!w8Xs?$|vv%pEF48QX9mh0yb;`NvtIPj{=)j1ikJf4ct5U;U1^+QzM<u{mv0
z8+AJ~o&M%4heG~EB6dSn0$fnlppfWX<BDT}hkb>vdpG-IZAeE+q~#1MoT&zH07Kw%
zh>#BgzKyyZh(qP>ofa4%2<O8R)O3aV^JcR@;Mbk|UZXlSOB_-X6g(PmU&cHa6ZQp2
z+XDN94a8(LzY!}eLsmD3?Ys3oyP>;c`Rtm4|6Vx_doWyAsYw*2j71}f<#YjB(ShV;
zC-7yDj=Tw8%&c8g$*eH~ba(WA<g)()mZZH=II)<FOftt!;Eye)m;cF3zWaqpq8Iux
z)Audz<wUV@Tt*H1ceyMML0lb{=HzDv3OXkJ3j0_Is$NEIp18vKBm0@3AGX3e)b#c<
z^kP&v*ITrNVV$ocwld6rGP3**V=!3p-pGU!vXQ6m1p5blT5=BXYht`~uaTW$5T=yL
z8h<-U*kMF?Io4IH+$t1P2K`2Vn4`BrXNC~TKgzmY$IW!ZL@SITFqcy;VGTvP_u#^X
zXF>m;O5eOy{vx0z<44d9mPxq5%+(Iw!ZJ?9=$|nT!$nOigV`DdCz$W*nkdBy7kllk
z=<O_YJG6efe3_350@-9TY^*t)32|8ZlTzU{DfL&ijk7EGATV&uLEH>Z8R06k?rR28
ztdoTMdf8CE!6>`?*q1&*0Ow#$)OkfEC4v&OpM+)xR3x|FK02C<Okw593d$)f8yq(-
zw~Z13rb@E_KW+$M(6t-ND+UShhLrD4w^(h<I}rRCM!tKf3h-8kB`4`who@VD$JfZ^
zlYrY3(g$6PDc&W2AYZFsHm6%=2Nn~(3qr3x8VO3b8OXo@=yD$B2D%NcP8<?$UCIyV
zzkZ4aorXhNQIn{zUx%p}C8v7BB)oRBMC^y}NsVWz-6Vs^+I(%Ea(#=EuFSCAQp@gC
z)jJnygVb9-?oX?6|MpLp4Rjxe$I!`UXE9;(N_#%4h}jKwfpsrBVu>+^ub)5d1gr6(
zW+@VW(Gn^)u_RuFcYT+_K+j{SlqiW=Z@{k~mT2ee>(#og*#qr#C_{<O4pU<BAD8jh
zETw)mGvYQhA{PN5lGmQC@Wt;Rmc$BK>Cd)?<~xqptmnyu`bM??V`MUbUim+O&i~I*
zxN6$hs3^VX&p!bC)e8G6M()}qw>|(3hP@S3=Y+>By$&<K;gU`}9U0}Tn%QGYIIk9H
zJ`KOR_8*_U`2L{Suu&g~^Ds_<vw#Ljhu#BD!ID$sx@=0;q4SOFM+zhU-uv1{_xFbb
zLAgB%5{vM~eF&LB%#~NWEY>)qvNgC2s$Zug9|(}Sg!F_u2X9br7`p_}?mLfvd4`Zf
zY`dQ<Zzo{jwYSMVC;z&%A+XilhTTcfN!a%T^6OtK%u0&F8E_kBleCnckco<?tktQN
z7cxP-2@iEO{@&YI7mzEqS%ql@Gh>wb-=(dII!)LEi5Whv5cqz`_3vl-3W|#P29=Kd
zhD<Chqs3-z$2=k+-9R9k@jx&$I9MMys$!LJvzK|x`}b{Zi|x?-SWIaqole@*(2_Ly
zaGaKHUI3l0My7H(8Gr9*tN3;l)NLyml$byFiG3RA(EsBDP(*v<#GD+3EW5I{fk%9<
zf8@Qd3!s!?6|0m_75l^2KMU2<{<mRl*OwYp?ld{!wmxP9UbaGFy(+B(xUjTaM@L7V
zN|F@6A^l~+p9~yQt2)_RwEQMP%k+|e1KKu7U0z)8Uol+v_mYMEjY%gEnJ&||Q;lx`
zfRRBe$lO`-PjBidsG9kB=o)yEeun#~@eP$W(vQF+0P;(0pOkB(KLx+x-p1sl5=#!q
z0xFO8zDg9ZJpf@nTM3VD=Fa@CJ`YkvvS}~_dkKKR)y}9&Cm1>^^D~ouBM&!sG0jzv
z<gvP^p{&(nx?kf^f?6nx26{Hp;XJ)ka_l}%@iBCLt@|gXJ}c{Y!si8advL0+hbFC{
z$?~5mBlq#BKfB<kLSUzi>Uub14F5junn(is0|1U$3NDra8ndRu{S3tP*N;whTTjtV
z<LDeMUORL_!rFK(dZf(8jL)DV@2~a0x0bUCS$?9^dE~Y0Y&DB!23LWQzL5(yvHJWU
zt!g$gM|(gB;8rJXeR6a7fek(kT6qGQo8Qpp$3CE7M_RP{P1NLgA>4lPZK^q{;QpmE
zaLxF?vGL=!O5$p>7U)ITgIqwI(SJks>l;G8xLuDbeKO~-8oEYy?Pu0mR6)7Q3F4R)
zR4(CHIqhG^!vL9nX4)2T9dKzd`O+M7(C6Scgs%?wNgZ#>B3|YHb^53Z*JX8<yo*K5
zeEM?&1?7JuTU`pbl;%;@&$;4ENxq%A11d+W02$Sc`u@=6_*ePWzaLtxjg${nyI8Rl
zOdv?Ui2Hy0x+O)RZz$FZe)^SL<M`L%U-EBm4ob~>zZk8~1uo@XmYZ+MFT_&@$7=KP
z@VuU08F!zAv$#C9B}dceArQ-X^5Iwc4at!HZSI-B_D}$6v_x#u2P6fxw5J#{Gv;{~
zK)z4J2w<Cg>*J$Axi4GZVZPjyKjwM%*IMU6(!v-x)z3GhrkVoRK;`gb`tc>wUkfyF
zXu-06LunYUIM4od$)McINxxChmt4}3rG6dfD(pi99y4E%lP_ikx;btjLDgtTQb45r
zPBXS7r+zL6m>kI}_<6t|RrFF8{gD3!xhOeSdqN<|IKZR%LHcvem(f&KrWyhW&52#y
z)j88W$LxFS9}m!BUCW4f+|H$h_}iAfp6@uEchYoCkU@Sq5!-3g$iv464?cx5g^$=|
zVgQh`Iv987Z~~2V&&Ou^%U%J~Edd~9xV@o^iWwjqU^@n<L(d^4Ibo^=xVDZACpmXz
z1y$H%OzXY&UQg#(^(L<0=y?xbC7OX+>ToL1txt|c4}3RPN7fU_JC8a6fpB$_lO`em
z9q7Ea);%tJ&06GGyCy0|nfDIG*xI0;c|ayDxu+qJ*GgR9mA>7(J~3&#J=boCyDblX
zEBr$Cp5N26MZ)8trR^*NcG9e7HS{FCR?$j-dI*S{uEKy*^TH<C)Qap2!gURlLn*Ss
z_UmKSZa|vEX#vxQS(^iGqqf!=m8rr3XmUJ^`W&#wNVQAmID$lQYocZuUd~Kfe`iw#
zZ0%u20eSEo=r^+kd8y7KpwrCn?GiC3Ob&{blxyi*c^83OTlOZd>BumUO>*a+xccsp
zfm5}!mZs($!?~Hc4x7gQSX!`KZk3?7Z?pK_B@C5sfCd2MuR+vQ7vXSIohtRr{qb6N
zyq5EMaCaj>V;z6{h8DhRy=+x=Uu@Ts*Bm@?$+{|tTO;FVu*n^Mezz9EWH0dBY_r;l
zF;EX`-aHj~64-O+7I?R_>>}pYjjGhVB9`}(-S@!y)Iaw(rULJ)HS%67cT7}ftOs1L
zE)F=7peW!q{O~mAbj3;gi8@SSfGu!1rYj6})9={EM8ban^s}Bb4t{A%ZgTVY=Q#s}
zQ*<~rk>&T0UKb^2rDEO1m&9+LO`+1lS!B{gX$K04#8;3VT;lJWJtbq22bjTeOVG65
zB5K=KJ#bt72BSx1O;HZ@rz?(M|LyESdxl+n&<_wgTxkOE6kX8#9iPhjr-Ix}vw%Rp
zzZhXzJ|Re*3jhn|BNOj2&u^*^+_xT!Gx#hfxVHvd9Rl%V<EdNkJa?K^l5d5?BN4qu
zubB^AtL<D#yH*mmDP)hY)XCSMXRxp=IRo*Jl*3;O;t9$HtrHB$2H=Jl$TytC4OOnr
z$G|E;Rjplk5%d+@ZOAC?o(_;r=7_iHbU}V7HS(N~a$AVC8bRs69CCFE!vqGXv&zF>
zPc>5H!jOLCCI1#-Cu$sgo%)>I(}Ujg{enEN@$BtI^TDr|D?nk!?`A@c9F6&J(dm+5
zX05${bAOr5z-qLC;|BqWzr|`#Mr!`6h9JPD()`)8xcBF78WyPs?*rlENb7Sj`EI!V
zH9O?-yuf%?NzLtk&<W1d%GEB=;zdVL=iQ_KJp{7kp(`l<Gsu&J3hCOpFQShIzxWO1
z>HRHZn$<7jgt`5msgA>hJ+ffI=Z*TLBzcxKo-rL+t#a~KtM{4Z{ufY6Ee%w$P@~uF
zoMb3}jfGjjcooE56)R{3lIvDsfMm2((4a{><<Kt{*y?|SsDkBr<#y;EU;oj66}K+y
z%MgfKKa=Wh<?oj^oc1QXH>%V4v-H5C-aKP2x>&$pzpL(kI*BaGz#ABsOb2W3mG`&}
z>IJgmc_M)~JhA9ad?e~T)p&SahW^ppIPUvFPqIJ-Eg(f8bnodMQb3YLHFUoIjq~)*
z4u|m?RAB(?t<2~0X6oGL*@1^F4V%=wpxDC*D?0oAiULO<HDr}9^d#5;J<xU9b}&nA
z{VmU+J#cVV0iMIp$4m0i5|H(4WcqrbB%i|D5J-7=PZ0;XIBV1DibsYjPF#HV{bU|l
zKN2-*gt!|d`~=wrixbM`xBz|}i=#m94H*FR#>7-zI;i#lB(n_Vgp~riI|dc@uhKH@
zHv0e?@e~2?@d#ALo9LjY(+c$Gs_Wif$&pv40&`67`_jjN1ZfN8)G)@T<TtW`ip42K
z<ihpfG?;if2N)+E3;%9zvj5yIlOtKdTf7j+;K`LTViOI=S2`V#innu98b7-N-#iC5
z*FnxYSM|?34bspBg@Oz({nOPZ9#d*%0P5BZpSHN7sw|6*{j-Y=U{L^yVgebZtXYg)
zzmO4PckN0}u6<vsoUsxFLMv-ylMMhDbiy><?)3Q_+az$ssAFw+0$<84j@{aoKPiDm
zuYNI+e`_mh^urUkyS$~%YqV|&W?%e72G0W<1AJ9Rz#r6($~5+qaa}VC6qi1bm@aV$
zYu+qTi5Cr>X0fgQe)4X)$ucew_nF%y`-3Lhpaz(fkOP+aV5ATbqKAI$GVH8lb)Ka#
z`f^oJ6alnfBjPtI>G-P}m7xSz37|@>0_C^(FERqARs%u}8+b-AHJn`r{(<6FCO{qj
zkJIRcRmi31gD-%d!dI?QkUu?>Z&=;$wZFO?Kt@bskW|)Z7dQWw!A2mekjI0zv~#b^
zzN>P)mvvR1F)m*~bhLa776B#0ogc;a7(w#X7o9e+W;rz-^C3v}?2qh4mlR6H!nnRE
z!@ITVx9sL<$RlgdS3yJp2+HJC&U)YU?HZ=Et?*rBo~zqkLu!i`i3~45hE7-Z|6huV
zQOs$GzfU@Em@5#8sdH0PZy40LX2YmaKkNhb+BB3;<i&>LMYd&uX+VlwZ#}`y%Udec
z^Pt6OYJ076((O7}rcat;9oUb%6Sg9jU6(2uWr^SLFYf9x5z;W<p=~&``82Q%p}y&g
zG+AcJ1#($xV<Jm;fPFrzxZX}a**X;ahE^NE)uQ>%ohlkQpH{_0o?W1Bqds&376$`f
zfANRwTGOZ#a=f5^UtdfGZCUeACDIHhr`!TwnOs!uMuQ!IO`Eyb8SC&Nx>a6_Ziwf^
zcAG|82AT=y7WxW{PG+$}P?+|??s|imc~C99f&;j5hQ(?fl^gSy<-L<E_8i%A-aB2|
zlO#M^-w%sJfX4&xmrqYm2QljJk&F8AJaX*R+HZ}vu9JR*S>?6xBf6anU@@w8S+Jt8
z)D!vID-|Vv1TQ4(c2`6}u`>$0V;OvaQ{2%|rqoUlhw}h1`Ta$_s6z>Gff^H3v6(#h
zpE!vv+M~58{?e;fZInYL6U6@GsDU48jGF-MS@3G-IV%;C)d}y7dUPlsC8V)E`K*XV
z$Hht&^{N$gVUh#63cr&SSz|1A7MWv3Jof_y+;+Gqg-zque<HxSW^%@N-<aUnT`o#K
zS+Bk5Hh4xNCJvs%!lqm18io``0w81r1^^wuy#raTYIXvUl5%o6bF5jujpTtqzVxX@
zez?HZDp8Ehb6X2kE&Wu(J>(^_<p_)o9@($QD*hykId?!=q8rRsNrGL$pVu!3nW!U2
zD>n}yKJaMT8=%{hj><Wy|L6vDK@A}gLmYmlBBJm&WpM?zmiC*ZtiYJc^vT4JT}Gxm
zt#h&t{_3ttRNb6F{$&sw{;W!T+A>+R`uTtH1tKucX2J!S`arR*W#~G>rW-iBi1U=R
zSVS%K2~~?Q1d>|hzF~}=L?WvFMa){yAX#lc`^I<Gh<u{XD>pk%7m-(v3~P>xv!{T(
z9|3T4ya?J<rH#vdRRAdEhK?M);B=2}6)Qm&@w_`?z<)1Dz^92&^8i!fFuEW<i2t9|
zt4=~k_NpM*q;l^AM>Z)RkGfyBUEl6&YilnoxabyHjtbrsy(POi(Cy|67NiGU%-Cm3
z&V6XA{mLJQ<^FUxj71FRqcfOPIXb(^hWfR!>H+;qM+f(@SMpIY6cA;GAg;Z9GJ2)c
z1^}=!Tq<YU`{j3MNjAm?o*}P2A_pNzM8%Z$!{^D374zLDar|oOI22a0sLK2GUD#Rp
zM|;2+$v1kfVnqe0#RCwxe#agR)Xd))y?-`q_4dZGkIV|>dxGLhpJ}J`yu=>`u=622
zli|t(6VTBt1WZ$U-TIg()GS?yiYafxXGh7P-m4r&FY=u-Dj<q7IzapSvlrK?Z|F6O
z|3xOKL7xupOij<rkZWSX+ci&381?go1#6#L%TM=RmkG+1(TS7L)ICLpC_v?NL>_fJ
zt-2)Pze}WTes}39CMV$^h6UI38bO);!Y+Q1O;wgp%{De?MR4*RJ)8YM043YJZ;uj?
zbXKU4sue9W3k%m^+Qp}_f*uX<9QQ7`W7446tLE)Uy)wpd1z?^(<ldq{{ceOru0R!Y
zig*KQiUzuw`;;F%W+*SVb~6(Y_*VYvxd^gU@I-!GQh4z3z1?OYSk4*=t9}!{5~yD&
zEGc{a`HSo4Z~&e;c<+DR$j(@H<&#!>&RnElZcFB(F0%3fr?mo+R}aVt{y7@&)xXh(
zTQTis%T4!7r>=Vi(wk9zVvhKE@q7vx2E-V9&NI1Zsj@RM6$}pM9#u!*HOa<QznX1b
zcTVp)GkB=2Wpomf6$kdg05tIoi-3R{$!4c2|44P%_4Ic?B{K@em{xA#zfe~=Ybc3M
zpzaU3lA&3!ppL!Tp@5Xfi|45TBscNFh<zmR`YY8#*K<}uyhek1EbjcmptwRHx6)FW
zh35hSqTZSOQ9UEx|7PSRiMiB~be2vxSN>3ujtXQv=YDHvRr>R+W%@Ros`NKLj#$i$
zgY>g<8}WSlH^>Dx6|mzOmd@^h-7K}Vj&3T*MJc193^Ik*UH-^cvr3O<$n#ZL{8=D2
zoSlg2NhkI<e*r~mE6w#>&%IEK)J_a2|1?JL_3#17C<PYVp`chb3Hs{WAm6Mp5+j<)
zfjBRKz$7Awo}(oeiauBJ(8k`~4ck$LhX9;WTenAWuCH#HH2(P&!h+XQ4Y`YD2f9d)
zs6-X$JnMq6BP$NIg#A$?#UY!_1k0qOE~`~8=+S8%D2+d5CUefYn@@il<dfyX*7Hx+
z;8k6D=tVOMyXQIxn`uy5C?SLVD;ntyT4dp^DaZR@9gtf=kXuq>!`qrsjfDnHhEDg`
zL3zG*o~%xTN)K)adb^7~tS8(Gg|XY&vlQ41mhl-lMLG>oVL@AS6+o}D5dNCqKsH%i
zFoL7BD!@1>K#$28{fAntZ3?q`+`4<Km;vnq!(|;=zWttXvwWQmVlzy=3ap6CjL9=6
z_(eK?qXEz(s-5}B3rL%P+%ql#n-lxVC|l58aD3}_t;o;kt|8pPM7v@Frcb_<Rn-2H
z(^Uq_=nR$CUx^fu>NJj?8s*#q_AHZhjsehP+{sOemT>!-N76B+uv-@b+Z7GAi#abM
z;=Fs5D|H^2oUXQ<1HuNXkQS14ovcWb#ki&%(2^1b#p-~-aL9Zt!d!s!>0A9xfv|Z=
zW|_fl_zmPFf7KMFd+{PrR>DIbQAyLMb94@5D7mC4Oy@XFHdNRQ+(xoatxno%@2V90
zm%lDTmTiJkMFHSps8Kp7{H(%v{9akIGy9MSq9Og#JR5}D%mq(<dSU7kWW38AL_?=_
z8B94xMMvXM{;w;#g|HqudYLtr61K~Y6u{>%+<s96wx)J;<&0;~!$sZk8u+-tbs($^
zKvJ5f8<UZ!H&o?$H|cpShT+9Sx!K5_n8B;yx)_*WHCa3~TH5&})Z=XSW69Mx=q|Xf
z|I)jfYc5su3Kjsq`e|Kj+V%q_ig33yP~tef902ra@e1rE0+`?*mri3%l}WgDS{L#e
zA-vlR24ZKa-mM6VDaP=_^R*4-&&EEe>&-(`gQYLgBW%`y=civwe<KHPS_C85L*3Yc
z%y1)6H2`3ihL04z43yx#XPwW(&%Yoj_IqTN%WQgOZMOEvOrDTluBc3<?fhW#9h+kj
z5I?FsLE{r{l>~&iq{m;IHP7Z<EV)?WZ@;GJFqH1M>J`Ywb);wq@Hto!v40xMep0ij
z|D_E3)xnpKlLcD|!XOxlR>X*r4}cJqcL7#x4>~mfti!E!+T4;$L|=R=H-tZIvF~LC
z?+v6qfBnZ?>_LSb!)fx2Vi&1YnO5vXrtE-0F^KJ$A!8u5Wl_6cw@fg<_{mDdrvFxJ
z+2dQx^;ZEI5s<t(^HAVM7<dr1J(#&zR~KuVmJU_=y+?H}ifXjGM(iVX9upO?EgMKq
zw1cT~A$dS>rOpM@4Z~p0bNOf3Go@-MbHO{K4FNJdr|kme+a9#J0SG6HcYym5Y^9^@
zVJ1V%Wx5#c83AhYuih4XO?h=PP<a*T+GXHe0UqW5><q~<Z_oBMFXA*=Go&^F?S`RR
z_YDuO{q{(%(WXEeaHCt=47fwDK$5+iNj&o6W3Y7Ayu7?FqYaS<SF(7mPw4bOUQhp~
zD3xOQMLE=rK2ARc95wl*IM6!ybc-4RR9gtp0*4{;fBg8_P4n8OM+3MIsed-9<t9=6
z1VBNmEnlOfM}V3=o3Cxw`l%Sa-yzEX_nMK_P`S)qlYD{wm>XpAQ{*RE(E?>+OL-Mg
zx)MP7k5K;KFOzlvq`_Z6oc1AGor0WD{#NfHP_7K8D3zm?G^83PrZT(sKVx~xTPK+z
zix59?=?cRYVe8L-8S=@wuLWX<`}1J`VjYgtpJixM=K&_53vg~nl)re0s7?P*kjSjM
z<Hah$2)23I8OUpyn+3h`V!d!<og#Is{UAD){txUZ(^reSRV(lY%(NhaJ0e?)!Vb96
zehUZjPtw}|ros1q1dQrC0P!Ap8+}Xi^d<ilXXi}4@ZO)4L-I~XieD7+X?6eI^&{HL
z^J$6;$q(9q#bp3J!avK}M3w$*&YQ<fdBV<1aUyodwvEq4*4_Y{c;zEcEDz@R!$BKx
zG)l+V=HHD#$GKT)z%|D#ZqNPGL;wvv>5Hz<*^EYRFa0b~oH#KlAq~eA59etZm4;=;
zIV4~O<iyK)OcK1;tHB`?>x1-kA!o<x`RKzE4V6bCeg?i*{^<)!TTsjLpCIIE0-e(o
z43He;Qld=f7)|qaBG<QKl5c>U1Z7j%00ule5Xvg@F=;#Rf9?~0EwcdgbX%(FsVxCG
ziY0WKYEJGagiS1+juGqC;^kSXXS&Ak<?x$XgCqXw+MszT&MP(kug*h4ZN3!aKkdV7
z8bF3{$zN<rX>^Xg_c8#+o+S#%Y5kr6*yf|cL&Yy2^qGqI8xBnm<};kr!+y9=`nvn*
z<!a}XX@3O(+I9mOq2-_yrddEf_kcqu4#eZ5^&4H&(tjH#A5kFo0W5xCb^3<W9m8&q
zTc9NP9vuoBQShc~Q{N5BRTQWnBtw?ktyZ?qJ(q6}T{1)*$A(vi^07UvgTp$pcc~yr
zHP@`?;Phu%4TqklgE$9@&?B)kRG-7$?uy^P71$Bi=SOdz18xWT%}Ku~2<i`c5KdB)
z+XPszBZ1Qc97Q7WOP6D+2krNqOCwmiC-CK%B5YU9AoN^;=1}O)M$iku)stymtyOLo
z9BfP?$F55&*%1M4JFbOrb-!`2jL(eaTecM?Tra&3{m8zL)hzV+te`EPXj+j#B^m`<
zqW*WYITiTSZDVOUC^Zp0^z~=Yyg2jy%*xGj-xN%Tj3tMpo#+;SX_HPYoV57!&qe-v
zDJRhxyrl*aZBNX#w3Clt(>-t3&3ar|+&P=P4TAo23P{-1QkpgVCWmLI05F~{*iLTH
zkuF#rHLrLXfJsH0rR9d#VDg+IXJ0N~_%O|VXPh;TzOLE+xVOu)QpjMU*B(n_sIqAe
z+BDLv-utV?<S{!?wYApI0_lQk{Ir0$;@S5d)4rCY3+#-K3Ec~laLG%A#V!Bcy;+&%
zuAiG1`JIe>B%KM+(rl7d#pZ@3c2b0QbO|c1d>ddL58<z!VD@b3oyw^Kx~$Z#TyT`F
z=NUHZYiOit@cPp+lZupK`?X7@)CiII*9iNcyT&ZHPG&lD<G4xz4N$5YSPeve%fE67
zdo%qd(`N)&^XC1~nLG+;OH2VEM<Jmc&<T3MJVgtNSn;yaJlAN9yl<DKl;hBR<cE}Y
zfdpkCEPBws%fWJh<I`T?h%m~Yq)qDkvH@;nTMqbAt)lrZNcCVdjV?HE&HQrPyw*+i
z%xN*0gVB960^@xUM_)UUxA+j4&d_yhE(P6MuqCz;G<(3oj5TpIKMas*q*TQ&jil15
z0K~(`k^`m#=1($Dl-tE1SO#CyRKz<ZI#!g$WAORi6V>B+h|=8_cGsi9E%BJRP{MP2
z^W80IIK6Lj^xeJU$1lMV!z?CO4<|qr)}50W@Ij0efVhm}_OOK7<mf(U8rF87d6QDl
z-dLsMjbUf%aW>9(na-X&lBMS+h2ni+t2MrMPh;1Nm!V#t7}#=dO3-pp&`CF`ebcXU
zPGM7@26J{LV1jNEaJ25%`C1@-l%^}j)G(}N8SOiS!5_G{updv@@A6st3VbN%KLYMz
z1a;WopSPSPw%G3{bwwYDjEWz4=#F5a;%8;S%2mlE5cJFLvSbAGgN8`_Bku|}FNz?G
zfs3Vj4ra4Y+P@Hrrx~=*+>6JTVQNWxTh273&zBOL(^Y1}gC!0VFwG2>*fyat3Lek^
zOm0<&@gy8&D)xV3mk>=!^HK$9+ks82B<AiD3v4&@6~@O-Z}pSB65}s@Z%$w0=sxK?
zkXQ9<YZFEEIOUD^xD?;(O!J-@EIBk;tsj1xl^r*rN=qy!1*BeQ21aDzK#~FEm6LhX
z3~Tp!6A0jK9J*QwgR5(uT{YjoTuKZ`oo2xKwcB^)TMiISDyq!#qU@kL_nV)Civ2mp
zZFPA1B>uag#YcKp;osu!>)+32xW>kjn{s>Q<nw+&7Uc6IB}ll}bfUAO=tNoy!n?G?
z@5Pf!Fy6@fY{Z0*25DYCx81leQS-3mt;FWD+Pi(qWlo6$sYSCE2(u#{QM^W0uAzxn
z8-`$2Sr+83WBJj};wTul8k37rE3KMlm=H4<8DAwp{Upblbh^Zo62WWtA4LK)PaJJ+
z;U(?&U#gVy33V~7KiI0Ojc$9VI$XW`Q!-f`JmkCP%G(09KDaLu922bS>^+oGkh3D#
z9MN$2m;g|3*4WEBH@r1gYgUZOxeo4ln-GrqoZDTK6h+>%MJuzIFR^1Qv(pSu<JOF)
zq2j7S0H(}+!bv%dl(mDik@lc<e46D2gMymcm(VK@`{}o{TfFf5_f=J;Fs0%{r^hN0
zA(+;7%aDopdoHYm7T^O9MD9ycr`u7LR>rrzllY^D;HbCI77w0gQ1t*odLyMcv%+!Q
zHiVh4<ay+6j6VfchtZvfcUXrtVp3wo;W=z+AJqoH$=6}IpunvZ*M;#~<OAXXTd~mA
zF-T3m{DN%oNX*yCI6j|l`*GdU5_;kVh?eu5Ka{Hwyt=s@doMVHb&f+rLB<Avzxk)~
zj332Qc&)jem-~fjO$_f<<7~ce@d=sT3=`lJj34J`e(TB|^Aa7q=U_TSNV*^!2^({!
zX=~Bm66ju#+5ry5>4}__z0DAF<gy*|t{X9X!Lq(bWuh*Q2COE6hnLqS_+YR@*nQp5
zJtL7}_UJl~q3bEtm{c_`*YTL?bIMoQTL)B6+O_?BJn%iUD}xBj`_&$lA)w{c9%G)a
zNVrf5_i&oV7Pkb5OTJh5b1JLmwn~FKZXGTI81#J@JYb+sNuzs+B}Rakrd7&*I(0#T
z9Zw$<8_upW&3B=5bE8%2`*i<Cr)9msUD!t=_g3I#e({O#!C=k~GROc>s~dW9VBU1_
ze0p)Z>&YbjjKS@>;7oHl-^_~*uAxxz6f2eBF6Lvtib4g;jgjGbT~`k!Jb(FlCGTrP
zrgQspN@gt=5ApFI6$*RXTED0Vzg}B(wKQ%IvE<l)pC3}t#&Y70k@iA8EIzb;_OQlB
z)p2iI<*=;T=f_~~)~&DlEbbqvS<+3RRe4tvFBxi1GV=3W*ibmbFD{CuVX2??bI!It
z^C?dK_Jon6&|-)<@eD*H>7Brz2kNv^;=*D;%M+`6gOdUPocH=2PG0ddSzDRHk8uFy
z**67H7f{vo5Xl<4UH%Br_(_A$W*RGo8#Ltw%SeX!o-Ga>LSQo7W~scGU_!ENJMdn-
zwJyuU<K)+4--tF1rQ{bT^x04B6#JGYy5Iw5U)n@gn#T5@U93@f)i6?e+bu=f;k_U1
z1AFEfQMalS&rt$3RmmKN6SZRZt3Dm6nL1x~wJ>!)t?y5pvNWh%f4g3pRBq>eIQoq0
z+tH|cTQb3+AoZXH5xy&ff+|)mas19iTuV?(xfh#>7R&+TyPrve`afhubPA2v0>UXj
z2Yjad67Yp1I)aIskD8xafchTweQH7K(tt~_6<w74+ECw>19s%h&jV74m>K>gJv7-j
z*iKEn0d|>GdI6tc0*!aH&rEi8QnhvRnbB=NHkr)WN_uC+;T^Wj80)*a+Lp3Bt{e8-
zrtKAdO2ZF3``@m6u4vlT<9n|%vr^yWAG2q9{l-fe7|jXP$!hogSta%ud>8=x#rk}3
zQdK15ZNcKe^6oIUk2{KJhyHbz;P4}w2VszNcl~?SxQKo(iI|n%#mL_-C231Nh))Ug
z@FJ<&z>hCOa)SA((~8ozl6H0SWyxYU8Z%(Mz<NP}y%nz8!>H)jcU_8og-z7{o5U`d
zcDw6-M>Y5a+`8xwD75<vR^htgDoz#WCPRY0L<O4S6O%)pRT;d0dIs&M6g*beo4a(T
z+CJo}N_cJ?dgoK!bh1)|OO&r`FQSUpoAf%d+ff9g5Uf%(zQHv5CSvA-#M4l-sSRmG
zV}-Fkp5sG_`6=C0*aR--=Ts_#Ht{3+YyaNBd?pI>!q@W{%`UugWU(;&VN`?TBBD08
z_X~%isEXnles68x<LA41Y%F#*Y}@&|;!kCA!FHZy4_*8rokmAbLr54@|IrAhW?Xqe
zTfXVJ%(JErMuqH;J;MW83oEV#J&P+eWB`pWHcU%h>~Au%3^5*e?DUGRrr<1nop<c_
z4E>I7U!xPBG#qa8x!nYsDQlFy{Wz(WYg^{e<ythfu;dL(gOf#XD=y|P63>7=s6Nl;
z_Ucu&;6lk8Z67VQ>g|b2iQ&BX(bmq@(UFm3n3Q9uL3x=-zL`Z!B%gy>ZFI%XuZ@v)
zq_LH^xS^FrLP4o-LSbo(T=(iTG~JqYxNfmAi=~^maRYNuK~IwS{e11a4zAFutflU)
zz>vpD9EKMe2vezNmuX_?FPskyQRwFt<OrevnJ)WOV?8|7l~%J9gmSX#a-1uxoTNcb
z_~QuuuNNaOnqLI}bhTEx{ycaQ{D)B;!0fej4EU5gY1_6eSk%JdBoh8Ac=KYzpjY}E
zaa3G-2s=RLldxY3yaq78$@J)?O)1A;{ul6#^W&n!5ivUY?FcE$eH_>7CJZ~eJL)w&
zh7U1{?JF71m{7CdAlbj|#_4@gs^!$q7}GVsP`GZ$Uv<J_OJJiUolifSH+KV%s30Do
zqj=N9MJvZuV7dh-D0uWR+nY@D83$z~pT`NdeBxbu3!d|faEYBK@_EjE)2z^{rF-!l
zh6@!cAdi8wkt|H?3p;^|Ia1m=xf7c;Q%TBdCq9268{lkql6oHuR(VwbUIh9oBir+x
zM$goP9jG~jZm~yeJX43>4!Q-OQ$8iF$GjKZZ)WrT&ZCM%`CjN+0;4_deURwJI8()s
zs-N0QaW)|mO6BZp4RdZ42BXHdxe{T;<wha178b$9725)GTP4T6autV7Hw?C{B@B*q
z4GgxP85nrM^74*boDA(k^o;{b_TO+|-a)@I^2h7LqRtv>o~LYTo1f~m8YxDr?B2v|
z&2gTF=hW}kG={m-!XoD{6i-b0IbU`$Fm+aIvjm$@<@(r}TVX;*hdq}tRf52NU`%y-
z)uzjp>rUb&_4-qNjv}vFPywoIO5-jsbT5J7RrarE3Hd0~ALmb`f|1}V=^v?K<Ft2q
zZa)3wOz~9a>6@qNi<1(18~cS-+v|bh!+q$LYUfSj2Et6112OXM(f%vXCCqFmN5u>c
z$s_f6V^);lelVIhNeb^KwiG(7%N~r-APEV4I09mHTi(x0vg>$I`w>pafY{jU0LLOK
z`BaSAcpZ=q@mC2I4pPSZQr;=N-Xlq;`1OO|N^ic>BQ+wU;wLuoPF#c8J+C(l7f0S8
zjhrRTMLzY866bWrrte1)<j|NmiEX3?&&ain$$kd<kf@fM`Wef~qulqamM+4fRkzlX
zYo&;>&y$N%Wwpgcj1v4Qrfz|ZAnm6&VfCKR6X@6V;_aBLsASik8>51DFYD~TX`5m>
z@D-z&=tqc(Zf_8N!#fTJhJ(FP5iG{#M+nb}g-1Ji-A6k@1zo<!FL^x=5#cd-Lua+v
zgQ-IM<-p1q0mgAlEC-S&Wz{FAc+C;vSN(d4sW38E$L*1?+Hu9>o<4@`z@Bz~aLSa6
z<)^6RVZ!SjG?6Gex-|yp>Y$q}&KD^E6ys1>QD&47Mq1nc=CC$4RN>}eS4;D=qo=75
z6Lwv$0@3lI#0fX*X7BLoXezad3dDRw>vZ@;c?p_?+IOq}6}G0kE^rcZiGsHftTX7a
z#|<q6E20j6WUZKZ=v(KrYfXoah{((HT&1Zf?nXUVv>ENRKY;N+)8Cgmz`TWgF1U->
zrJ2tpIV(O+Sm6nVJ-RvZQ4^=TbLg`-ju~06@xbiw!Yh`0k<RQffhF^pSp>}E_Yiba
z)L3EC+RmV+&YG?E;x7gC4HnZ1#x*ko`HQtBX7<HV-BQL2FN*3zv};~FuXS8#;v5%w
z62@N6S4ik{D<fq%9C@=LxPcxAj?qXHb@59Foz(A84#=ppH<aBlY0PP=*9^9PA9U`u
z>v@oR9cC}+jAn2Zyt3#vtHk8A`7LzBi9+2iP>}%NXL7h%bi=N?Sgg^h0LMx>e<H>i
zLul&v@HpL(vc@gG<Y#|C!!fb|9k)$K)J#+$CB|WAAkseoK>G}hmPCnOHS9=~Xk(Vt
zZ=kkohb0zs3N%EN`5ZoVclWrjr}xO-r@F;wx&%%XM2PT|&HajT(1_<<OOxLyBQTv{
z2R#%jO6^1goW8ulcBZ`HBo~<MBxCsha^8`biuDH>Yik!8KeC&st7fZbgFvn^QEH#m
zFSC9LdhC^e;OGOkuofn<zL^Uy{dulPFnNgAh)NmEl3M^tV$T+Q`dzxQgDjA(f|<tk
z3jSjQq@Qmgn38WieIoD7cdwP~tx@o&J4!W_A99vmgg}xd!4p_TY|TN>?sX+9Ae}j1
zlRUItd%WGr{deMMu!uY<drJ4RHE76z;jW%><9|kqjOoGD`33SfsGKPBs1O*@vjdc*
z7|<r17I>E#@ZEnCj_wRrfyNdj`@b)p4lMNltuvti_irT~1qLvGCq;b$e@O?j%?@a6
zl<%@4Y}?A>hu{Gi*|qd_kSlJ`^8J)E0gW}3ysi4|kdZ>wB5E9?z3(UTT&k|sFi)2M
z>V-SEj)NiP-`paAj8NLiU)!a$F;d>?h$Og4fWL0D22Meh0_CF(3%L6qprY9&9nW#C
zfg^Ak;LHU#@siA!<$=smEgd5ZtM9Mgk+sSpz)TO#-X`@TVL5FFLGG(HgqaY55%Lg}
z`y`k;3bIYyoDSv~i9sG)NPu$)_J^C(TSr9fBp8nz2T}u=B$KV3k2bIeb9wVC8D0e+
z*JGa7gB=`!qm8V{<96heMyCsfKChH(mW@X~uaqKIaP#q%V+)ZJDA4hCscw65P`$-L
zlf@T7LIaJYYzO@1p1?J5a8!x3Ux_RSU8hkb0!f~*z3Q{s<ncci+sbv-w&+O*Xf8&|
zJWnQG?B2~+8}0*pk9U$wUS2v1OlKkM;(*)AzI%WFky!U(2XJWuXamHzZ@2SzANO#x
z{tsMMcMdfA0GhRY{Q2+KOkm2|`{|VSw)FFI;>+qj&%Qrp_3T$WwRXj;ef{^m{@-!d
ziJ)w8dYZ0qT)M*5?3Ee2)hFlG{>d%A9$S7BxKYbod|8S0pBXRh%>O-R*y{S}zZJvQ
zrn0)(=J|d8@dXE2%Yd7H%YVPPxEQqX_2~4wz-20V&+YQ=SZHf&cb}ggVqH+0^u5^$
z=;qUxZ0jPH^@}gtuo1Y9rM~RYU*ImuLlxS6QRQ~ucb-2w{b%Xn^Pw02GQE5?xBOn^
z$I=+!AxMW_^DL>-O+2}++UVuA<Mn&9M7f<N?XN?34lqY{`_HfY^)fFm0611J9=~kv
zudUbPUO#(ja0NI4{^;}}>uA|mLEb%wCh;x*Y5nWN=ho><tN$4M|9I%n%LBl9(`Qk~
zYX1Ft@l{))<5hd~%0I{X{L`!U1N#ov9GdL>ay~z;g7;4Ag1F+o*~8~wuj}7^eym<*
z!8VV7@$3u2K9ujta$TA6f<=}MG?zWM_?+d(%7@2yKAV-j1~|L|I?Ss4hQ{5#d-JEI
z^vh3s`}kzK-DgR0hnl+Dtq)!l%v`bWmow|1T@PRSyq~`A-p}Xr<@09(=iWn4U7z`C
zYs%)k%s}7o@3)ga_<3FA=4E$2mCTp^U)XS~$=@!Z`=|AOU}`@OTz$-JUGSh`@4sKK
z*Ih1I0GuPZ23q5PN~pwx|HU`ZaZkCWC1I~8^Qi-u|LynMy_o;L{@uszORIs$2z+=f
z|Nlm*%zWS>Ax`pZ48Ar4bJ*<H=}YZAb)&X)=zo6Qw%mAc{H`j{Mpj$ka)@>PlV8<7
z5}x0o&u#Cv>iVR!W&BH`<^S8gn*a69=JUJ0?*4wS`n0Y;H1+>@!n}3H{?Ebob3ikz
zQYIM*pve^Aw8^pQz+(68zF$|@?{aqKvgdMaod563a^TK}+VW`GwX;n!A4QpNx$L(c
z*{KVR-vehlo<(I`IVAky^=qG<v-5VHlwI`a-}n9RmoeAf{ZO*(yLY(%T4&HU!&v#%
z)8nd6&Rr|cf$Gkh|IPA$4s6xYn$kLb`R_YF`kAkY)qG-9=zkG#d-eK#S@-|GEC1`t
zkR<>d4SvEXd+qn}`aka19b^8k1QyQE!Wjda2eb_STYpneF!XYHMgy=qVDNPHb6Mw<
G&;$U_t*}Y}

literal 0
HcmV?d00001

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-minimum-per-node.png b/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-minimum-per-node.png
new file mode 100644
index 0000000000000000000000000000000000000000..9c7fd5e9994097e8a3bac6ef0f9ac39e882c6f59
GIT binary patch
literal 15636
zcmc(GXH-*Nw{8FxMFBxUK`9nMx*|1nQ9)2ZTBre}_ZoUrK}8f$nv{SdJt6c?2o|J=
z5_$wg2oOS%7K9MEJHGGto%h^x#<=&-x%Urauy^)abImp9GoLl*T(SDPn#@exOdt@5
z`JUEo0}zPb6a=F4JAMp!@{<r)4FW0Q@7-263WBaoo(M8B&N%eB%b0bSH+-J!V!KcF
zD(`c)3|sg7m5~FIe_#FkYd=PER|fk<CS+GHpu{epR#!WF`u1)8hZi2InFO9zmvu1K
z|9bihH#@zNK+V<dgU#%pCZ4OMB}M{rd8um)!B~w+KfTGunrI5buTOdS79hlrVooeg
zJZToXlORy5-4QY1p9HpY;IGo%R(cTV*ZKc<FS3sz8TrDlm;THz7;`MpUT9F+olDvn
z)RFAm-`ym%^F{ijWUHa0Zi*gWX;`~)nXQNprH0?o)U>qjp<=`Q$ist;-?ItbJ?S_7
zHiGG$RgNIVlCgd@n5iToy#U}-l>rKSnFI$jnomkkq9yH&;QgY_^vIpbz`uSDOdk|K
z6lt!x<RhgH?i+ShwC^|_yj;<qS5i`f4Y3;8`}CBtu*PaG!E)bHX`|!Hyh1o-rEcDf
z|00WGCP?k$>GDc_+IN(17rfp@)_LGfoTxj~kzPyIk<{(#+PM8UaXBYR3U@BEEr@`A
z-M)JSsekS2NlvlE4;s(AzObr_eR;;56m#<2H>wHOsbdb<EQO6BL%sBhGu#)eC8lPP
z)|ja*rl6m(LOlUB=bXsP;|1smbZA|Jp1QjF_e1BM6};03>0qd^rM=RW(h#@?y*W=D
z(Bw;b%)r<cx`tj@vI2A}_^8IJ;!(_Q;6Uyj*a)d|MAEuNX*B>2D_)Jvr5HmXnG4c3
ztspLG=ftqB0Zqqn2Z#LNh`l}H=J3k+bmRh=eOQj{!(LH~=v!Z@o0i=fg{mso<l+4X
z1Ng#zJ>GREE~u;G_qYO8Qfnrul%4LXJ{31;9|RhluX~};XqsWzDAJ->1!KPj!(rIM
zl~x{d%XwOU_jyvR^4th|4)MBbY;^o6JzZ789+VWSV)yOTX8rmEeUw!dqZl<|E#@55
zoBF)a;pf-bc{P^-yj^=dtR{4qkY<(e@o-lWZ$^LzPQ}(#@lrCqT4IOIR4B_gt30Qg
zgR#c2ygk#dlDeF?Rb7-d44+#X*6+bLSGSlulLheY^P%MB*d{9{c#Y-sfly;k3on)u
z4h%d0V+mRJT>an6o|s_Nupl%nWFs~ehRatkjyk5Cvkt4!eOEV1!muiDC6aE=+D{g?
z?7S~Ns2vQBh;`QDl5tHY9dJKlxhQ{{Hfi}%5?TTqf*2b$^T)5NNS2|=83=KZyi91T
zd98c8S(!33U@$eiCQU9l!7AkTMAf6+pK+4+;bblM@yfR9$#UDL4eTAe@+NRkYfOxr
z#Y$T_Z+B(Din(FobP!zdL5BTE8^y#UZOKm9O;t1gqHtSV+t1D29y$9`+!RO$+$X~o
zYN7mVi!|C7CJNarlOWZFIa$P2Neol<{4s?&5fjbXdt(z-?_uC$?q6T96+o?3MK8Ko
zEKuQD+poj3ZX;J*`>+`@Zk9QQ;TSOlq)ZlO_wCi2+}z7JhL2^#n|-QYOEq!>4OZdG
zI@;QgwmZkxl9rX7OE9JW+18hJQpIj~)W~U1vtp+CPWq9f(y@M8+pvnd2PRI+df{T>
z_rsTAq>=Q~i|!{uy1l&R-xBz|M)0iqU0{d&X@2p&*Ty6hl%<QCa0Sk~lULKsiZY>N
zGvHOstyGPTh{8R6mR;MAV`pYtt4OZNv8eNWJxr7fD8=FUQopG{;?SisSZ!8L?ZaV$
z3$CDH!aVCQ(<iDA`u_Uy$rQ~ZTf6wFwq-@2#A|u>>Z8fSBt4a4L$7e%ZEB_I8a%tC
zvMPkFM)MoHS0u^qpIdE;HVAQ@%*Ert6yaU}Y>kq#IA4{*AlP2MPTI;PT{C4omcsDI
zkVzLRu{w5zb_Uf@jJSDqp#ao^q&g6k@NqhRTh)nbf<&KNpCA$$N^xFIoXS63CciiM
zd59<J5Gs&h#JPJe9e%YQ9e%Idr$)fn%=-LBkY<i%tmm<{oK99HlpJR>jn{Yd1kAR{
zKKIEXaefL9!|nKl*br7OE-vs8lAr4~y$B*u;NieFCqg&W!ocA_Edt;FEAu|M?^DSB
z9`sy_Hk>@)7P?$nDFv|rdApLM@(YXn(SEHZ!wmL^^Tl<uHN!sK*!BSijpiEy*Z>oY
zNmgp#1b4D$Z`{X1wWTDiT^k|}l0$Q~sS$3c?Vg)`?;NO*w7}KxL{~ST5rwof!$Rf(
z@qIqEI!0@jChPPDe`JMkQeW&S)TrQMU!v-+PE6aguT)jF{OwbwcyE@jK<xzu`JJ0)
z;UchY<=V{ykj>~aUH9Izl4-3Kq*v^o_~4`PkN&m8Uhe?$aL`6%;RXLw@$rS_taAap
z{YWyxq*RKuHDps#$cPITTZj-W(F4$N*4=H}$hl}Ra(lau+&3-@h11j*-c1~_=q9W8
zPFzSSf*Uq&>zXv(MstN^j6ZrkP+S&xH-GPUK<w%)((7*<ACYC@0nb?)YXXXF$mv`%
zEY{f?Gg(Xjmza&(?F!#MbANZ`>$7DBAMS7Vd5E_~UtXA9jB>Q9wSH3_P9d8rF4P(D
z)Y&ReL9D|aJl#yS?|>5s-}`QF6O~5ovph<#JHKwvkaE!eT)V!M)g8M;ve2!YTC%O+
zON1$<RKfikJ^*qmhErEkC9GVRRt!Z=b6ggJ3W5y6!<ugI_>9O6Pn&@IB-zj#26Yua
zv)@eN*%8BF%6X)J_ESIAq~SsXr(W{v#cD6B(?6P3L1O?wRkG+a9Q%sV?l|CUfjXAK
z_IeG<ya#JD<-Fp<DYdHc!-gLrVJ@u$CuD0hyIh@EH8_<W3Z4#@K5clGXOy>TilyE+
z`eO{^BO&Ng9A8evp36VQhnCUf9N-4(?PJcYS+JM5?)H0MT?@-FEv#6?@>cB~)hhGC
z9NW@S92N|+Y~OT2Q-$LGx8=M^P(2u{9<F!^=7Yzp;}T0?At6(5v3}mGPL+E`OVVmf
zl`Y4>uj3+C{rQlXzy&H@D{7n}HU5*9bi_Rj9K3L@617~BCN~|1+m;7kdS3-cn?eT1
z%@|q4!4Hczr5{};Dy14P%pw0a7dUtI%kWp}RUXaY1>fAgy;NN3Xslo<7-7n2FZsvq
znuFhLX+B-qx|!*`D#(1jDPZMg&4car752$?vuPk25|uEwrIVTYRKCL^nI*~4u7B%4
z&6!sWAzya-7^umS)l~biYPeHLX2^N%4cTNdB^-+j(k5-$xKV4TwurdiWG2ASy&ApH
z+o`*(7Kgae!#o&P6x{>G6NTA?D1?3RM_9?=A5%x@ZPQF0!Dv9jV?3)`7?P{74OvAk
zEd+nkwi-hD>K-@A(uf;XJ^E!F+wi?VL<j+g!iy40tD;E@Mxl?E%Rbzh7J_?N>ID*=
z%-fxbE@msG6*_;`Bm@mN-1jIp%CVN>&XaB>E<7x}J#bHZHm1rbN28gx|E}-@50dex
ziMaf-SnPH_I$%Oq^*Ja}D~S>5{^&J&(5pZ(VA&gWmp3l(*PV#UV`CPOS$Z|4BVw_-
z^2H49r8kr}7y1Ha)w8eI5co(xIe7G~A3n4VdANPHN#^&YiWe_Po~=BO{G-@mYjI#3
z+xv81qqR$QJ)&<=B*b+{B^`*hY~@!&Vlv{32M{?~n-}R`Mx{jhyTcFm9>+ITev2g@
za)86*$j)?XQvU;lII-@t@c@0M_ce16==H7EThR5Rm!%wh^idZU(l(#{zCVCBFC=X|
z{2HhgR(3ymkR+LeUO1dMi!OyVvVam*=s7p;`nc45zut106Pa~q)FsnspM*JZ`}`L5
z?0dVYaoZh(kXeoj8-iG)E<SGwfR?mk!@`kboI`0{-d>oYN7|ay3@k%6vSokSNi_-J
zv`$|SK<QCYG0mrs$A15P>!-H^hsQ?`+`t%vw%yva{u{OY<O8BMq{x>Ocx?Egk5Gr9
zmi`V?sX`te?2TePYZu<JO3l<ziF%Q)w@hF#S8M&KFg0LdL4Ls<90lwg9+~k$jP*1!
zm~*ft<TBlY-dY;g>FVybBWdgC5S9>SvZMmN9O%M<b;NGI|Jsz*M2(veKtvjQ-re{z
zbl7*epKz9wGXt->|Lf`g!44*2vhc&cm#$w-@$EbKf?GK{(=FkIj|nPL-Fs^ub(1Cw
z3SckH@1JqL<Z-9Wr&~{so@B2LB?0R<EYvL!Gq2VHP8Mf2xdobX{1o6TV?^qFPrBVy
zl_;wImNr0GNG!Zc*Xq9e#+e1;9>{fm(5NXi-j3)~p&<Q<g90W_)@h3ka$B28?$*n-
z9(cjSoybF>L+bRQIA6qXTcpbPtl)%oY2C{jcVSV{Bm}BaJ7Txnx=XaI`Dch%l;vGO
zGxZ+6R5Zk7pqBU|us;ak*@XNwsFbpNh<?c28_h?gRm@>Tx|G99h4V`u6snATFI*8q
z|2V37{o4h>BSnSTAzkiz53-faj<H-k-=wFJLM7aVBx)N~dx&f`+|QJKaEzJTK6QIK
z%{pS7!*{ukFLe3FI)y6bHKpYDLw9I3J9PENV|8mjX0a=p@zP~pl@x_E+;}{EY7N!2
zDz%p0k^`KItlg~+52yryN8eZ*Z(3_{(@h#*D=gGv1$Zo?s!V6=`-Q#Td$p1Q+@GOA
zGe^%z)U*%0UG_;@Dch8(Rod#;5VTopSt6~5{cFwk^@>^oz~Pl=orT*84l`NCW5`VV
zOAyRUfS0n9qMCr9SHA<9@s_Xk94;~TU8xz(z{`F2ekx{G`E{yVU0Z?*7yUB=M<WIZ
zIjJWloBPGwqQ>ie>^?J;Pu1=mQy3lhvRFZm-m!*I_JZo*-9-0xT~f`0zDsC0t2k!2
z*Q=*CIs0-IBj>_ql^?1~H9$jEwUgYY`;^iWPRSa+$0s*_AlNwB;I}X~E5F0h0Xrf#
z7qi+o1eGzh{%f~>@AgIVUPv%7Ha1?sw*U-`gDGa|yR}~NqFls^ZNK4-5%A<lx>L3b
zi%B6oAmhl>Ph;WSC3)?K4Nr`6a{>RMT!_8hQ!J#+yd7t~|9Lqym!W*KMyDD(;n@ts
z681*&8+jB<M|ZScqAD;sz#%9Ev1sEJx4FKYmEd6Qxws%S-ZC~`XPZV-wO1}aBvSO3
z!oMU9g_ims{o@o@rqnesyA}*+8ENAAvvCoKQE&}#SOV{0_BXnFg++Oq@(M$iNxVTn
z=z{mx+w%k0rYai0jYY1NqWDvaobg7c6a*z`4ZYK~J!)-Ts50&WL^u4lINpmClz*FK
zU{>o)MOiiVc!aM>FPm>st8Yac=B@}YfGNIzt5l=0hPlZ;A=5qb%;d<)i%4E1U*!Hk
z4KsflTY2KS`7-9FKMKLIt-b$Xr{{mYCLS_SAr?3t9_S8_cjHoxXy!`W`1OT#v;o5+
z0j=|dD;&+64O=Fu{Qkj!yYk*Ht69InruJ`x7&%z_&AY<Pb<^=ae9s=(_*l=;I%L@!
z=zs|j8>XH=^91Yw7WOuNGUK}KlM{`c;jbQK%BDlx0B$vGnP-EszKn&D3C|)T-mb)1
z<*0=Byx$~rr;RGSe)qSY^_145cTX+0EY<1(=rIQ7AEhm$<jUnhJp|^Q4&E8>FVCu^
z9jfb(OolQCO~OXg9pZT1tDQ942Nyr}L`3ogl|oLr>P7SZSSD>nG$NJhvWrlu)SWG#
z7-6RY*$G(=U=hQKAr`DZ$p2n~J9Fy@E{Xf@1)5Rh$ou5(FGL;`?gKU`yB2e&UBm^B
zYFf;Vv+qt7hpnc)@Pmgpe8|bMr#vbw^y*VwQ^ILDSgjYoRrai;KJdpkzSM6IBQBU>
z)IhsW0KoTofBEtbI#u4D2=+)S=9Gk9yr8t2vcy2BJUqbE-!c}n97f_~cd=X&iM+}l
z#SjeCuU7_ZtcJa8bE(WZY|q}%l=sjg-%@VG>*dr)W6x`ohdhb_$w1O$+H5lD&5I){
z!PZ?l_14;DYqr1-z*da(CK^N+&y{;apUB{r{zmpQ9gP12A@)DgSML_++{P;%eD{cj
z-FgulXA~&QRSui;y%jLUz|~|<aq}VJ)Yli}v?=73d}D;kV1u8NS%a^GHVGI)>h%I0
z3CO^tDEQ55-MJHUiU(|jRo?kN1}<G2`1rgORtiOj+*4P7oSc@XgNdN#IrU`=mok7r
z9n#s1Vv3k)$#&jQclY4dC^{+UetwHM^9c=O1A|AN=QugF+v9l*%^5+UM3)R{8x9VR
zP5?5vELKNKGZj370Eg^WSjf79uk%VMb;A|Bj{ainr+E6f7HOpPKfYq-lDa*Qg<r5x
zA?797&wP#%6ce{@v1|-n<FyC`VoJNG=4Cd8rJ|1pe@`T4Q)-QYt~RZyIKl42U^N#5
zzxz}WfDopA?W|N?O`3LSse#!-9s?0l27T~B|Jqrmn71Yar)E+FPnd?d{+iG9lC{0Y
zw$cWki9YkF8xDrO{rU5epT*iVkibeFp#y>Jx%(JWb#eVQZjhU;llRK54;en?MghkU
zk?_5(*isU{uIv=Al4+Pq&eqzrb;!;td=Lx*MctnbZUqyP4cW1<{F$X{oNkg`yu!EW
z^2*A}u|{B5?g5lJ&!IbYzC;~P5lMjodz1ccGwLXyy|v>&Mis<+#Rix?=oRhJj~n!y
zz?kj-lP@a275sEfU%#VOyM_orbzP&Ga3aUZzP`W$>w0If4B_pJ%D6GFk8J1pzh2$N
zvSxTYq_E0H!yiZ;qoq{sn}1fiHax0U<wPxh0ursx(YfKnzT5Ad>l<Od`OW0u#2d7g
zF&mp2h(`v=a-&uw(FXLFoZ@<J)AF)hF8FNMh7Irf5a*Bw^<CdDK_vdn<kNz;Qk-9!
zkrNeocV|YMmdRDSJ6?$}m$<;e3`wAt8r(9*a;7KHG$r*-PO&7vy~DYF=`bKa`evwD
z=&e74u=%HwSNm>%8Gau~Z;+Dz_b^p>eItR%yTD_^DtZHWgP~=9G;NrS;fc>8H+_np
zA#AIvR4s*R>UWlPt2Mqi`enxTcPL%#oLapBZQy<}lL+fGsO<P>h=-eQpHr&TIcXag
zb;WZx(Aal<##_eG_Ilyxl*@k}x)M`Ghz6&bA$HTOV93IeK8BG>hwiy8oL*Ya{+tkv
z+jY<PX4;WtJ-=UD!Pljkl$zgLz``8}T`8}jfNNE@|MdDi=wK>siT-8l`An1mSlRZF
zAuX|L@bKX!jpr;WKptGK76q8QfxbRJfj}56vsNXJS2=wg1;kqZ)mcz(86<D{U{5~q
zOUj0l&G;@gLV-MHXV*P(@}Hi30nGyJXbY=cG~vmI0dE-xAJ6Ba!+CUwq9QG<(q_+?
zZ>Frr)r;{5=63w26Guud<U)7=m~f998GVLu$%)BA_!%S}LtfH&)&XRC?7B7i!u^*6
zuCl-R7!NKP0I*1HK4Zt&6svj>RUp}&;GLiGZ&z*s!#wb{Df-v;e!A)<lkdv}z;Rf(
zqQmymFyOwoKImsOyb9l;nAUS|lVwNu?u%wzY972wr=!O_6}H(ccxoKBG<5G}T%4T;
z*nhEq5%4Yk&E_VNs|%w?M8$7H=Jong+BT!|ank-P6T_#x1DF1b4^RI2sH(@5O$u$o
zjdCo-V!ZQ}SWOGFd|y^O59I1rAkAyEX^dXnqE;GmY-!)*wH2^EQtg@Dtj`f2RD##K
z7mvE`cKq?^4V;^f+n3=du-yx&vouGMo){7s@Xp8GXvSQ^eEG{Z?xyd%^hb-r^Qj+S
zM~mK}IRvxp`o{_HZQ^LO=*d5yb^K<{ohi|ItfzvvBv`^nX?Vcz(I@`$86wX0^Khlt
z35f0=Yp>LLz=h_w`8?dFN3m}+`D_fFGy!*htM#BU#1SfO2`fDTLDaIL*e}t{GQ_1`
z<lPx&NZP5L&NS82sJDNf=9Rd89!?w|@P-kOV~}{=`Vv-}5Lb<i#W&`f2E2z?xG?U&
z-*~4m(Y)h@sO1^dG3={nh*g;xS3{qgsuS$|z~G=X@05-+H$@)QH@fFp%dTCu%zsMr
zu%+X}(Fo0HK=N+QT>{=J8sY!PvF~3O8(e!0Ack+Xb<4Cyz3Xw>=-25ly<sfS{4#9Z
zw?}x6jz&DA`4gxZc>=Q2!pRJQB&>In!=n-3Xj3M(vzXkTLwpu#aC4Qm+z!J^s;07|
zxZ{9n)w1^-HES&QUQGj*Fgg^C;Bkl+l{^g~N{1nX)7{Wg<i^2XdDRK-7qlPqX4HVM
zT0I+nhB)cwc@7s!;G)SAJg4t)dk<rU_k&ToIW~U3(l%?1$!T3@2ecEVRI%PJ(m>u_
ze23t@LaqFLLHC3#2kk2b33j$%>Sm$>bJ5IFJVeAkF!<~EDPGz#62EANzZskRu)w<A
z8OO(%|MG*$gLvBf@#Zz9T|FJ1y*;RIc`4dv&z)cSFqkc}QZeYAuWUMz6m#V{?T0J_
z6~^FiT^S+j?NH)*v5RK3-S&-!auh)rUF!!CN4HDVrCDiWm`R-H1T5opCLXAp4DO=(
z!)U|WSF8vO`*!Co3V({rA*XXq4DA1TT)gY{#kcd9bD8nl364q_>!zgrpUpP=#`mft
z(X6KMNKS+#e~Q1Q!`VNB+jpZ}8+^jHl5OhPB6e*UR0ES@{|ppc2Z_$pQLi3ds_o=3
zu<R24bf0G7{9kyAUUYo)x)Zs2w|i{oDZAsbXRk)C(jls=jdWFZ?VW0tzc(0~S35r}
zH2rT7kw#4T(@H0y0?IjYSP$6vHB8unc&EsPAl~v?_wmb4Sw45+zwFa*I>iH7lP_i-
zv?Dqb6H{Juv*q44Nk}=AeBT8Ct%f4-WhvM_EeZL3KRJN<CZieC@gf%WhWc0FKy6AY
zcw?@f&h2l?<5crO*+@V@U_QXs_JjZO*o}MuU*<C2X7Iz-5Ceu!xXTN~STb5;mS=R;
zUss3jcy4+%M-2n;NTX>4pqQ8DhgHz5^_u3j7%g~k;l%TgkXuLS>0BloVKj!;A<&IM
zycNBxsdoaZ{7urD!&m$Ig$Bb!&7Vh+NxI;BoD!DKp9ePx-T9$As}-<+qN>OrNuGGu
z05I{y_h9DnGAqVRm_qfpa1ae-+R$o_a)4M_iMR6vTDms?0L#vF$LSspDzZ|e?Ep_=
z$+Jd>$k5RBnwcS|xS0_8+v?3vOP@bHw;#ge?Txbnk_*HEpna=!ROVJVola<luKY~&
zm~WvjJg>ff?7M`B$Xg&moL9{PigG6pd@J`46%5h-wdWHt-kj7>>Z`tScIfyz{YY_P
zwyQ3)YrT1+e=(5a6RJgdO}9t|{jyo#4I9KnMiM8R0{<xD?&HLc7Y#M4ftzzpbnA@r
z0`Ek>3wK;ur%!!`!09SJh*y|DPn@VhB&Vdbjg<Zqj+vLfLyD1rZQ$MUhT@Ug=cx^u
zs4wACJE9S*f}{0@r-5KD<u?+YPr?mA5t-J=L_RX0=5sUvlBW-Q{NhxWS*W)6TyxZs
z#rm#4&Xh4Ws#rp3tQdH_JejlJEo7a9^yQ&BykM@z$h0NzTZu2ZXp=~|!KEhh%|vBB
z8l*VWQ^MJZJ9oDhJpDKNPw*Y<wa@KfrMae(Z@JXvFOH0PJ4Y~EL4p%*FoH7%Io8!T
zId_5PNW8%T>eppoSarj3A`a7+bWhA*`SaMcQbEk>xh7+!1%Q}YXL=yC!MN2KOI0@<
z{gElDCs|pY`J_aDxW81o1-RFHy3fX!%fy-61ewtQ_&S!IxOYv=V1BmRriI2)5(~<h
z5P74~i+YpJ1CLiihWTx1z@K<|C7m1G6d+5UlDXvOaS3w#^J^N&C|_oKV}{Tew6pg=
z-E^R~Ny>TtZj|W+O=((>XpT=MOyC|Tv=|FFbt&+?n4>xV*AJ@L{qMQ&Ew4*+BT?Z~
zk~($X;M2vlX@2~g`BuI^GrmYvqw;);<vW@$HRpcxDy>5Qqnu9%L3ljswou*ZW}fek
z?^YAdqtUyL&`;$Z$!+R13S|O$MecqAvvs=3?*OPl4T|G?)DmI2<^N+>hL9dir(pVt
zKj2RfKw=u1_f<!0dX1m?cDm7}%$Ev0$GvD96r5iosL}iT@>PHVhL&zwTaARYiqgiK
z8vAXR@?EMpKv#6-(_pq(s~hbp7I(uKT&vw~>Qdfl8y17y&sHey_Xn04l~n*?STcU>
zsEeS_X)xC><35r>iw22F{s$uP_AW3_(I$`)hqS&?16DV87Vcx^1RdoXlQFddT%6A%
zubWAellJ?YKwNi-xT*g%<>1--gVgs21^nK5GzFV^L4t4dh9k)SKUO3m9jR7XEVnml
zTC6mw7t}x>1Zy?2BpjoK94R-L)@6V559xnCbMdfE*~->eEFA71rxV_MgG}V2$&0MS
z2;OGSw4$7mL%ZHeeJ0MIMAL_vx*nw$dPb^{PR0}#J|P5{&b@c;F{fzk++IwXAZH(-
z=9yz)8&ZOVit_ZgxTzL0ylJ2f_-cDjv8Ir|W-AQqRqzNTMRSeBH~zl;aoH$lh<WXr
z-O^EeM!<&oKb}o9>1M#uw$|I(zh}5;m(IzM-%jRUtBAOG3Q(3DHxs`g=b21i!Rr9!
ztUSL3Y^5)u>uwnXXzm!5&XIa)K8`8()6&Mnh;)ps*n!P$?eqvbGvMe{<Iv5iF#GCe
z-kp;>1)<wZ0!NP?HGo1TsC(N<*~+1^06pcWl<v1^d!Fax`5F=Nfa``FKcnbz;|}QR
z*&!{V?4aEH*-8qYt%J~_w{O|~n##-d!2!!-02Pc{Huk-K`Kdd@xEEkR7b5LXD^}(x
z9+eqfoowpGtkawPO@(uV|APwiQ;dw`00Q~e^Gfb4LZWnc$ICkUzH;Kpzd&pR=wje$
z;)%UISM)L7bqfqq3m7-D6b~01#=6LOJF1a+=luD7;}nkuUxl{1;%iHzZ(Z`U2+gf_
zDybl41+0D-25Qs=z<E~tSxR4Oq(H)b@zl-dcb^XP-A(CqJ1N&R@$g!&v9v}|8~lk9
zyQIzEl(=^VsAv=WKWNZS15(qUVYUsA{I~pV(&%%V0sd(zb9_$ZuUIi$=Vi^M6jTl*
z#fj4x%oeaz8f#A{Jx34w?o>}Gl+sRb5n>MSIeY<K(8M&aaZRaq8`T9${w}CfL%XHi
zO+a=(SVZIU8C53jG~4HTj4GrwR=IwMn0+8R0zCNhpt$iyd&L0m@wrpmo$q4Q*N>k6
z8oy5iub@XXlc!j$5L@xqsKj1H08{p9mME?L-<$lUKRrIowE>}k$(sTupEynzA$R&T
zV0G{5$fMCkPZVlYeQ<8KV#0PARDBpsX@;9jbipXNefAyiSmY<8^eA(~`Ik;4l}3U8
zybP;rGT+lJR_6KLk(pBI2blZgAli$({l_m}g{wLjSoYh%dN(7?_L=?6={jjXbRxV`
zSPYU7o6XYf{Z0@1`}#Ew^^nr2J=!~ow*29ZA6qolWtj_4ui5H~@*C5T<$jU&T#A5t
zLlHkWQi6|=2GFisIUI?+fatBJHKp2~7yn_gA}>tTG=Smw`&Jasz7d)(hU1pz?{QSl
zXwF-KxM}1%xCDH8gZwfPh``_%)Iqk0U{YM7(TyP{XK7%>xi@IWD;q<|sPDVlG5f?A
zK%8UEJc(#Vd7k4zF|^O;F5y!io6~AHglQk}>0jJ{H*Z8`lQSEn&Sr`YC1>CrB7ij&
z0B9C<v2Omk$nNG>0QwjBSj>Qp24~X$Iu3l{JA|UL-K_0mG65fbn$4nQ%67x90wm2t
z6XBhjmVMXH_m=zq(x$KrGik)`TkMWS9Nu4P>v|s6EbJcfYCMYxDGUV39wi7UUX1ot
zRB31lAsgaWcDk8LU>Y~-i8fL515i+n6PHs-3z-41A1Qsj2P<me(kMrOU`C1MRh9Rd
z^Stf8dq<BkfNMT!o$pB7Ies%bpf+?AWabFK<1Si_<p1L-PSk;-qRU91PCNgbJ?eYh
zsM-}qmB)xpe$IcaCJ69!wPz=z?-WR!xHmd8U<13?i=n~e3-_b;G}-LS+oq#w{J_V=
z{8<mv^?TP6j{=sG__%hZG?fBHzyoGR(nRbv*sM&{YJo$F+A#%Ft~U#uM+u*8fzjHW
zG0i&yI0?}BGhliywL+_Ye%S7e%Q<NqW$QE5(%y6(DuAIlJCfo`dW2~LQ_CP-tfA=v
zbRCYg7lL3@YOz@jPGZp}fM<w>p8~-DkK;HZ2h@sN3McMdK1e)Q5YG9Qf1Ig<3;00(
ziT@*gIRDU6O~}S%RJz((HBUg1t!(A!JagW6P{ozc;z=U*D***oAm3p&X4C&uW|2RM
zr{q;fJ?oSC_IEO-#DtrDKpcTE(|1^DO560N-_#7*TAV@3hWr;;E&%wV)ElgYOr(b?
z>LQOaPtYg*oL6S&lb>>273Jr<I1nZCck5QwL_crIKY;likZ0?Vz7UCgi@A>i^g9I+
zB~X;_H-YAou5gz(!bpNnIpMVzBlp*Ru?h<vKtQo0O;o#FnepCY&rsv%FSV%C1=zp+
z%kbxyrQ8Ens!xuptflG6`nd2XCd50pg8wfvkiEpXQsa4Po6$n5?>cV4CjU^^>|(N7
z$2hlIi+nC!H>$DGJYI3Ne#{qN>mhLV<$+fo+GxTpr3);?qlF3Cb_LQIE*l$I&CI#C
zGmLi1Cg!UVE@{n&<6wvdkf_|fb2A!}A#UR$IdVcM>$Jt{P;t`PbLTSgckbL7{3}7(
z`o;*zrb$L}BX6dq7)x9r2Ffxf7ShBA(n7t(>dX+GG>H_I@V&1i+bej;F;-qNl^ngj
zoi#~x=nifD(lwI=w)7UUt3c>su^b)TRKT2ys53zESznSHNlux*S;i4n1SnM65*{$&
z;@fkhU27C&m5)S<{i$dTqO25M#w+t1T=f@Pv>kx)VyG=IdH|nmDj3#faSbWHyXycj
zX{0!kUC<Jg*Z~+5D6w<@(+e?kzSIaWqpq0eLdS-4F&y&tCTgjX5CL0oF(?mkPyR9@
ztC-~Y#ni_)87dH<8h_zmopzCk<OJDg4cw>ICII)^h(EaByX0ZKu@y>3B;Q}L+1`A<
zH`g*M;xGlVb+lycr)4pNHJnT%Js;|$LTXnzqUtb~mu|KkPmjGt*Lo6otKb179fOHU
z?=9tOJ&Tr<Kis0Z$xo?>&&Q&6fGK>j0Ez{BxM+EXRIFArjVi6B0bG^PG#M=ddH|#p
z_=S@9E=&12Xsrh2dlof5s<yr>dAy@>#qxmhM+e|i9p)`+w>gm~0nQ@|B+_a=ECG1D
z`LSEH*5n=s+!&NWM|V=q<V5rxm0hqHbsCi%$K<M!G8OUYZoXNe2k5;5;K=q$D=~vP
zAB5kXxsEn8DH?<#7@=j-Xw&B+4fLng<^eeAxCTzuX3W()kiKT^&fHyf@`*2Du@M4V
zk{9Li%J-n-KSLWPTI+$yUW6V{XGeLyt9%J%`@J-n*l_FgAHLSgR)|?BG!*Eeiip{9
z9_ziGW96Z0Xs3Eqo;dsd1Qe9`0MJH8GK>6lbCtPcDNAQZFkQoTKGUXRB=&kf;oCWp
zIj{xmNSw?J6R47n?qrmc$P>2lUv?>6eEAH60B?Hew0C4d7*ptY)c)JcM8F=T3?)oy
z`Q-~Q-_<dxkpYNxKFxgFdicl{W-adItf~TwI}EAE#HqFp%+S5iDDJPoVINq=5Xt7w
z*ZWDo<~I^gWpO25Xm4jV3|U$O5(`qU5v^J5Kz_dG-cf!&+D|K{&%Gf`8>dfi;9?ca
z!c`88!@<|A7z<VFt~nn=klt@!w;P~q1r!+UzV`Tq*rb7gAtxiD0%P38m;IWrz~8s8
zslcQQ$V^l^hmTnf7ve-fYJM-Gr4H%O({m=yPEDUq6?J=pW1bb6d+l(^&td9|mq{1l
z<Im^Ct9`!-G(+5fuD%;&Xv(Csm`d+!byc5;?9v)0I2Z(M)>Q87TkGuF?YxY>8F-4G
z?qmnu<3z227FV;X(yo2?o*{utTnA7!8q31!d2{4&GMiDSillEAN*)M`wK+r!x1MCf
zOq->=DG4~ML)=!*eN2d@<hw4g6i?I`exCM7?VlJ%88kSf5Jt_E)Zc|Iiz1AgEN`BE
zVH_4_Jf<o_S);@uk`H!WtN6&3YZ*E{5dxx*`&0r{@?WX9(o1D!zr-8!zJcKpb6=Qk
z0f4X<To^J80T&wOW)}tJw`=_&j9HxD{i6KBI@sSVWwieE8*$9*e^zEcJ$x?n>EWjj
zdhg0}+qjIXkEmKNGl`n-mpurG;h6rqU}<|tCm5q>W$SPVmuvX^GWD%a<O0*Rap)5S
z#=GSx7eHd9s{mNu=#6*9J>3GRjDn2ZB0Oprjn3}N=ggK6`IRn8*&52$eg59A#Q#SF
zba!WO;nJDU{_K5af&CgW+%x(CTjfJX5UoEG9Ht!>(w`DPIGxNzi(1sxe||}{3XaSc
zMFtHv`5Nj$OveLP@=;I2O;S%r7&-+{%UJbpiZ*SBjFR3HY(9ZTNdb$yY^YI)4xu^F
zYEAP;(vH<yW@^cb>etUj#w9vruqqq-i6cEK$x}fwzoFa<mhgwiP1VkTO}TC`eBLf;
z2I%EH<0}|FHq`A&BGxow=6ay%OURbC3Xi?Y@5v|y_zt!t5ujm}hzZN>=kxi8L`@MX
z)$-dcyop^${qpkgYpyIvr_K-OauUcWq{S@w$I&!#AD)XJ(V~(~EO{;G&TOHS!qP|}
z^dTzK%C>C_<xfFVe&odD&;9gs@5bCvzn_ysf)xpeXk&LXT-MS1Pe?Lkj7;w~)cFL;
zd^Ke4R^~_(unAfYF`HK|z0qKNP%gGYWn9N7^fqw621wqZG%Yw^Af+ini<4#WpEn4s
z#`D0bc1QY=Cy*qC3ZsQg-ifYdsS85~=oTZ>Eo}>K2Sq&W?~%!W+6}wAHA&dz%B~I+
znEJ&3@%H8U_r^Ci9|$)r9(GPiIK{0Er(JE{w%DQb@^~_pVixJgr{&i5>7j-d<0ONg
z@;q40t#f56r7CZ3@Gw?9ZRkkqplX0lSs<Zd=Fgsd53~gKWcChf=Yfv#j4Z^oc&e#=
zH}-nTPFm;V1J-vtcS5}rF~?0i+&+2xhvCTK!}AN~Cho7F3Ba!!GT@?FpUx*|>Y|F#
zy5WLtIW{*R63MTod%RH$ojK{}5`j8K4;gmMpGTh;d<%2zj6%@$*)sOQ@F9jYucfPJ
zOvnMd9uI<oub`(=MrXHB_d}*&{lf+a9g`@At%D{{pBN5Y)1b0u2t-0vPrEVO!UA%}
z=Kfk2x~>5lx6!`lhjug%lS~Lif1B8x36rco0+H}T2Yz@>vZQU})kQkwRFg#)A6m0(
zZ~q~EPQ;=mGmULZ-Ab1nd|&>7s>q!fu$u5L%6?nWMKbBwRb_!fI+qTlvs$B{Yd$f&
zG3350S|_%Pzz|3HDWsE6^3EAYWs`BAX4k^GWG{K(r<TB&($R}ZhS3i`S9;}7Dwpp~
z2Y(4~MF^+x^#t-<6m{(L{<9qeUo3&`(BKW^d0&$}8TMKfx!hEnNovhW$)A@QUZ~pn
zd3X*XT72S}LmhM>gs1wVd+t=qFV<<mte(BSUGg$6Z~ud0-ZEMBp11Kl%jsj4K!TvR
z%lgbM-W;|>#4-0Y#NFkzossC?6kqPQ0A*ddGl=u#e(MjalL@$|@%HAHbl##~(_(GN
zgQDyBk!-<m<iJV#`HF3S_-eP4TbKQpB|ZWk*0#|W{<QZ~^<wUH_lS#E6HCx1LQVrq
zygBz|lW!m&#59(S+AsUdH7YlA`!qw#kb4=wDi5bDtjc1rk+WgF)xQPX0eG-0A)))(
zE!P`J=#w6nBqq^<K!MJvU%z&yI}a#_k3um1%O^qC=uP4$nmp2uh@vxzCX5DddT&yh
z?-&=<Irq*?U8V@jh=cKU&(4Z-n@ZQevyqnNepS6wv~b3PkkMY(#kY5^Ygtvro}~aU
z0oGe>I5cdS{ge;WK5TOAY*lm|5&m)jw)!?LHInQS-k!dJrOrA$oG!E<hf^KKt*8V9
zh4EeG?x%KpyhmMULL~aZOUjgB=;~hFGTI^(f`Y}Qghwu~f`2)=Rb(e+AFEvQ=dZYl
zd^eS1OSQ5k^uH^dw9PLtYLUZnn9%cy`#(=PwuLI{AH86Is2mQQZZX<H_(1G1Pyjw|
zDm+$`Z)(!~tJa<J(`})|kubfMWHr57WcU&z{FY<%u<hdgI;ig(v7Ac%5v+x9_mr7!
zSG%EV3TsY|M;DT<%6=YKHMf$nQTJRhJxXeJ%Gq>4s;195-RH|0ROMoZA_0fk8xqd3
z3Qlrg8ksb%4ZNokKxoow95RCjkHb*1>H5g2ltEJCa09You0#S={<b`jkne*k{~0;U
z0WrOS7PS_G#c;r_+qp~tgzsEnWD2jDux!Y;b1ezrRD>{qGC*_)-ib5S)Z9hkca!I`
z1WvAonxrc4-kQu+7Ch0lf#-c|JUX3G?q2`Xb^QCs(C?M`p?hdyQHin(`l*(%D#Qap
zpl6X~hubQ&IM}Lm&uSDp&m_k9Ol5{i6wDVdiX2LQsX*L9xdUonQf|uPqdUi}3Vt*F
zScvb<(qK5CN6_i=rK*swP}q}Cg^<agOecGdUrOx3MU%ywO6rysFtX)h%?B!GeqTx}
zQKK`yB&!NTr%Ya6{!G5uRF5m|T|0JyS~Htx9QwXG3unr<ahR|Jp+K*{>8Ijc*gY!%
z8En3lIeQN(m;nWZfFsC|<uRjciV{e;yyukiM@wZ>gkW!~anfv>q_y?cX)*Kk^0VPJ
z!?27#ktPg&<~uxj@c`Md>bSfA*w%n}QXWuQl;GV~?N6+T+K$RX!LHFwh&%+Sx7E|K
z82`FOWomK+`Cr>i@~cjOKx*GQUPcWgAd<q@t|e}4_!39Ua<-PoapOloAbvahJFSCL
zh<}{q7M+2y6BQ~i+tj$=?tY#rZ{Rt8BoDYR5f9|TLFrdS>Hkx<tg;lSA9jeDv6WBM
zdWe3|@Ay8#E4DJAZ4X?a*+5uRU(#wAXPE>_bGbf?0>1*omaew74e%9<|5c)p2bxqt
z_VLK$ra*IE3eYSX*SC;#K&9xcO`+irfOk@Nfu;SkN8{x!_&K2T$#3ZJr!Lze2pk;#
z|J^D3_vBxJoS>7jHg||BsDqYAx`FxKCYfa{?9xFsul}`);ghTzJ`Gihu&WywqqO7B
z;*V?`jZ_9b;to;sSfn<;T}vp-c*K|SC{wNFM;T)WT?qe0AmNwg^Nq`KxAifDFChie
zwcgGr3A9``0B^33kb#RxZ&JlAx>WbSsCJk+!3BVeFR>n9M3&+tTN0-a$aTKJ-LkHG
zLO^US)P3#o<sb-45twL6qW&nY(|pY>aCoqG=($P(+I1$(NA}2gF9PO(gqe#zqnik{
zCw^PnKEM^~rA6))M*2=p?@lDArfS!DPR`ZO#wP*!M;$XWGk9$*`C|(uf6x=?kKMo=
zQZT;2?Xj+UpIOVY#{vVJ$Tj6yq45KG>rBAF6xNzI@8i>;A;L4VbVCUkUVg^K$KLzD
z*DE6rBdWrHhR|-H4wzqAId~+2c1>@@<muDe(vp(5K+l~P(4g~(w9IIvys`rbn&|-~
zhs^+kvnYg9*Ozy6YQq(s>H)zNzb<Tc0{8QJWq%Iz%Rl;h+^pXF!+v|@z9tg77P$Zq
zd^x=qI62)=Ml-e>cHcUHbNl^wdnD^a^FohYYSCImadp%7h{c2V!jh6{Q|QnpD1%P!
zg4uK^yIv*Lr$rX%+OK-Wqd0QJ9}RcT1TD2&vnDcZsnr9WSz{Z05#*aEo`0DS09v22
ze7l4zVCSGg9~7b@f6qJ@OdJyczhB}Ha5`VEnjLOcxq{DcR90j@3seqaCYfYxHW$T%
zQX6@&nbSVux`xG2@tC#|1^h&v;WSmOa{?Z=(OE&AuJy=tQx%WRF0^XixteWHnGI{1
z5Os_ZUpS!CVvST*W9etGy~-Xd&ga*2qW~)cRN{c%SB9Onh#f`4!om!bGANIQlj{2=
zqS%VZKzUwaPZpyeWp;d20N(=l3k|?JbWa0~#+lhSgq%VbYT;$CpXuh~eaQji<7tLy
z>&k!-JX6ajoBo=d)Z2YkEq{yPv7A8qt_mW~(Cik=@PV8>BnNwv?U*6$@^-%)v#*21
z0;BgSLx67LYd~wgT;YWzo*sC&$P{^Ha58%j=s0vbBbAl4lH_3#>b>QkKIlOVx)xVe
z8m=%*5pdhV<s3+l+%z^dedn!uM!C;_>WmJs8B?07awD^x92^ZJ3|c(2wR`g(_i9>^
zHERke1&X-oKp!U8c@N@P#m8n~OACbBxD!1G@J)ehvURYiX0i%V_+zGLqcHK)_XvzV
zzD}oBd7+X}f<Q?<{c=tcy3GC5A<Z2RW^wIG7Iw@^iNCi5fT%nCUs45*S_O6{Uef3}
zFXXWk7`YQz0V8`{4ap`p3#9`4(wq?A$E^}pKaRnBVJ2&M)s}vf=zOC#)r#yqB$}3`
zfU9Az{a3%6$$CtjwWtf*_1z^%M!M)Sy8IqEZQn4T;YNep`C66&z_rlC;eH0c%BKy~
zh|XHCH1|-fLmbp<wAfGxck&}zp3{k9j~@{wNHol``|WMy#z{zZb2?d2d`ot8Ms!1;
zM;ub7GjEuD)J%|tkj$3xT3brEU_G%;a(gfzPgvx7+qq1rCbI)}8)N{OGw7mi$Q~KE
zfS7brqQ13(Ni7~Yk+-tt7H%J`^BoRYg5J*-w@_9Uoz8$1o&fpL|0n%$|6R}B@*#u3
X0OLM!ZQ(V5|Dbz!bZ?_>**y7QPOM#z

literal 0
HcmV?d00001

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-new-default.png b/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-new-default.png
new file mode 100644
index 0000000000000000000000000000000000000000..0fea89b9d3a1e5345ed08e27d303055aba7a1fb9
GIT binary patch
literal 17002
zcmc(Gby$?$yY2u2A|Z-^Afcpmw}garNVljo(gR3?N(f3f3`is0Js_e2(m6DuGz>@$
zC2-d3@7w$AYoGYz?CYHK&lfYiYu5X$C+_Ed?)6qnLy`Cz^)(m_My#wPuMLA?8^T~%
z?pN`^CqI|HYGE*0K4tlbx-ZSqbA&H-$B{>_*RaX&XJ$T2oc4LhuJkdn*Dl+52Gx+M
zAAMiZcTEf#>{D82c-B@=F*BNzRNPvBIHGUN9n2Kt(jL+hM0(}(`OR(0U>8kU*{cL^
zOfGmXg|-j~A%PyEsrWv%wyag7>jJ)IQv&fH&bo{pD#qo(K7N$2V6ecy$B3~AVX#j&
zS2)4{WZkF)|MYwG2^$9cP4)loi#EJc$|rt&#Xk!TGX%^PPR$UWCHiI6C8n{N9CTxc
zHAx8xO2)=%M05`f1I}g^zK?y>L9?_~O50dj<-eG$>=?y{#cW+QB)C7avr+52oM^Dr
zmnz^{cVoTj=R-5;P3eo>X#2p+0?jNZk=>AUvCBWJ(x`QJ9N5k13M`IWXV1tu4iBYv
z?~d$HE2o4XnC^Zk&pJf4U(|V@Z_l+X|NI*1w)h#h<t@+Fpq(^6j7b_>A3NfpMI1fv
zx35kmXd6Q#=`-eZbNBDBmF)Y_R!1_Qxla#b!FqVOu_sRUSFPq-z4uNxD|%IVkW9|4
zyP<tq($bdKJDc2BnK(F9FMfwfr+5qg>WUWWl0|AdIh9jUoX+h8*bJOaJ5=<5mr?ii
z_;c*KpO!5b7TUU&DeC%pY;*Oay5r8Wi<Hg7hr#ctg;WCe(-%_iwHnn}r<#*j*tR*`
z*JwdVc%?~SUL3X0sLN)mN_Tw@A?zPiXpg)wKREjJN2=aw&fZ+Wx-Z4PLPs2>v|0aR
z>X|{$+HkHqqOFZ(*l%ZAs>IFQhElP%T_W9o_G~s_P^$u1APeuhp-=D_VY~m05q`g8
zmnQgn+>Ac`CE7WV(0<jl5xJ8~Y1V?!DNs*esdu0E?TVt^=IaWh53t=>=}UcXphvdu
z%eHzPb5HKoblc^{nNthcuIRicb?Ct^c;<8cV`@PiZS7a{2EE}o7}by$1A@2gZ?kc5
z>}RO=F}XQPxc>ZN-=&!)<>)hf;Ncl_5V7K`xM!4TwkkO|{%89I#&yU2EF;_eI!sB5
zn66U4+|+L4Nx+HKRGWWGhNQ24z2l5^=H_lj22DfRJaJ){x&NWwRGmYzU5O;Kk3q`0
z)BvAkJ4W7i=4&Kn%g*x9r|hm;kse{UB_$oNwV``0#c4_ls$y9>tWxw+ev?;jp}B^i
zPZRzMUug;b<yeSx6~|Zh4XN$o)xA^aG$+3QXU=OO@iqSSwE9!A%TrW)+OHCW3So3@
zm~vKyVby2<vH&l1th-c0gMrIbwbe>v04hy>AIW%LN^*9%VISZneD=~2@}`OooQcY(
zooYyALJ%H@<i))2PE%K{qH1)RQO&ne?Y@xO`lH9<FY+7%4ojYZZ@T1t;|~m<KF#(u
z<(Z&Xf_JamzwzN&_8UO@9yNDqAjGYr?4o0G%NO*f(C{_2tj*sJjlu(G8>9uv0;U^8
z0(26deGgE)zb0F~Ys3oL1<nO{cm~US&(ID1e8e(BZ-LQIjc75OogdL&HZ{>G3=J&i
z5A_2JG0CgVk77|h@vQx>2+ChWi}_lPh@hJr{<TNSo#`Y;e|Dn-iKaBdRt{1cycB##
z4<@&!Y9zTFD0+Owy4cy-XP;B=ZPgp>n>l()ptFbRIEkYa6cp~wh)RYnMl=|#BE07L
zx-u-pon}S%O?O5{rG<vrSl`)Im^tR0%n$qNTeZ(~q%9!&rOapCVKRFTzk~Ak-D>AE
zhqezGUix|*xE9rm7j^~EBkzW#^*(QKpWav<;$2mHF=0hqiy)C4XGuG{=D|6(3pr)>
zwBu~!FpWD)(Tropf?{LNAqg$r*mFV(PTs8jz>C$u**n<qoMRJbq!r!fl>o<N1OnYA
zoMGGMC77i*Rbk+9KDW+W<lkDq3JY37{lMy7?--%usQCHwnY-!gPf=(u(=$)oHGO=V
zy~`>6ke@dF5P$yoH6Z*^A4UVv({%+JVR($RbnjM>TZ2^FF9jEbGF;FZZ_fwjLgt03
z`47GA>^`oNXD22nr_b}A&krC%;#t)BJ;Zy=vK%z0b^<Sb$vhdvYy=l1(gusSP$eZN
zbKcIaLt-WvZwFrzm{I@;kc<;?3=OBvUW*sqdx7;?i7I2e`_&7IzB&g@7%fq_M$G8I
z_Pt@T#{*|#$Ok?h@8tz|tO5sIx^hp-7vDG(Za%g9F??9HB|NaxnTbOlMW&U}f{&_r
z;v6N>E0kAIkS2ZT)UE_vI`_O3v#BT8E>Y;Ez7q}??aZFvpZGVg;d;_GJGSYUs^xXV
zho^Qx!NeDNFu?Cvg5=ex2s`r6Xac{Cid<^*KU0fN7#;9^=<#P=GmxJw9YOffE6!6r
z$D8NOJye3O-;21gz*8L6{qd;YHT3*owPL44u0Y(*bTwz)RpS2o9)*u-pwnrgfR~C~
z_|YG6EUB9y)7eUwocoaX?`Z7ojXf7<Dt2EJEZSJ0I%~za+uX0IC%6E|H~a%jb#>xR
zI!-Q9d4BOWZTax>tu0S77PYHBS-{!x>-H&#U4>U)l_{)}PIZPa%I}*G@TL1dNZX;-
zP)EaG4iZ$&3!m<jG;pVe(jh9hmuEvh9!@i^EN^ubR@C?sbwUw!W`stS*amnFn5E4B
zJQ(sGbdW~1s}Atda^u37+Ckz~@uh?FX(CDOc49HN))4;L+~0lFc;M6eVP5<K0{wB<
zFlV-dVFNfLbk~rR_Ti&K6-k^%&!*S464Y1sL|2DBG8xGGeW$W&3Vy`~pj_-7RyjkS
zHVhvP<<r2;<1VBGWvnbMQxbRNh8GZ-&o{<Cjz>v2SWR^~ko6x$t<;42_=5vH?+U_1
z*_oI<HSbI;e{P+H3MfbVQA;88enM4m1&bqA)V%`UxY-@c=qUt)$;e+dym^~@v}G>i
zM9_V8pe`K%4f%IL%zAR-#_+GZX_)UgFjx^WmMXSa*gBn$4=NS;N)$X-dlg_Om=vQ0
z04vAuf^Y$H5x}N^!GZ?=3tzY{jpVBqeE6R49*hlp`z8oiuoCR4XS&XTSwKK1^g6v$
zgw(`yW7KT~#|<M1L#BP<*hO`01^P|CGC4H2X`=-_wpR32Lm3=)Hn!N^UtKL7-?@zo
z9T|302mM%Hyqy?t{l>%GqVR3OoV;`^$77mB`_$~)`#U!D<qbQx*U$P85(Z99%M?`n
zmf>dPd^^7W=bKL|ieXwi(3-<^p#)?sS3=lZY}0Lh85xj8VLB+(lQP0(1~Msnn&Pb-
z$680GgO&#eLvnFhS@iH$Dfv?=kp;gR0wWJ9227hl-VWhiVQ8tTT00%BlxqgHj)Jmg
zrka@#*rZQ~qw{nMHAdP4FYP6tgRHtof4NH!attf7VxjWs>x1=CMRCuq`(6wF4QiPW
zrf4pwQEe>vBs9FyM>`8Us?j|Kmy|RGpUEBX5S(*!7?dXzW(A0^HRjgV>Rz0+U(Wbl
zvS#^dYk<-m6$q-3NBeUCXT1AQ4>$YWCCd-%(*lwf=M`r}6++HZB^;5mA?#;<unl@F
zLfgAwU&Pn67bEK5KPn>JbPm|RLnUONkdT<z13<tM1jtN|BA@(`{q~OPId+f~rp^5I
zC@38HIXRz+j6BiP<209@^cNNbh1%NMONj>Nu20<S3Ouiq{9W?Rz8O>%Q|TDa8mS+=
ztlXNc>h$YcA1!R@gtwogovpwJE4vGq7hX;0n3-izv4sW|qv;$23jW!$!k$3G%+z3~
zB%apg-*eJ>hX2t;VdfFz*w;gjCnpgz4*5tUNuL9k&D!K808v+5&CSibQ5>|z@D2FQ
z3#eA4bx9w0T(<;8e!jqfIp4!2209$3jKPxN)ed}m!9btr5}v@5-fiAelHtScxtRy%
ztuL!)_VX89*M_nSyj0EsQcO5n2$Xigj{cV=!L|%MTU<OmC18h<z>`VQ%ayNn8*?0U
zZ*2VZ*(_^l-uLA;Z?#?dBYIFpr?WbkRe?DL)yErD(Y_)53UlPFxTL{grsVRMw`6W8
zGp`f3u3sseul}yVxOmR(zS74hX@qe-pIUP-T(fldz-$?<Pn4yfI8kQ^W~~3tynvQU
zo0l<Bm+p1h$z?c6ok4G{F4Ex?1zzF&5Nv5>g^T-dhSKvb&5-#(`J2aoUDe6#XnU@o
z&ts`O*1lqArlI1`$zY%`QcS#cx$JD2C(tf*7?0@o54w`b(zAcI^YoIlR*{{RwQ$<?
z{9@6G=@=ke=TKe5&hhcD=-xZdt@jpA2E0m>u!PPz9elEs0$1j{#1}YB5$8y(F&=D+
zAsNr@S*lxkko&&ZqBKA^rHZ=dB!JTS>Gyut<!ssLiD73bv4Eri5Ar~}4&@NtztW%H
zUx^~*Y1JxoTKpVR(8VGtIVY)4DWUV<_jKSSi!2%PH4PM=sdp5R)DvG-VNH>MXQmDW
ztEj6B4c6HxuRcQ_&HFmtsQ{-Ygw)KFc3*Ys6tEdc*$*Mqn=b$G;gdhfhkzTEL3r9m
zMr_~<qH8*y!@|?T)Sg9J(=*xo;Rge?JN`SqD@}5pL71^M-jq<@olTGGx_Q1LBoB38
ztH-Ihe*gfdM}}s)=C@K$>VEKAQ99;2GTzv*$zJ^CYr2{zx%-7|4;b0J?Xb+br`)V%
zw%Pv-lUhG8_hxgVOkhyxeu(zyV0FRK+XI{O&J5~Ic)0d!$Ht(;_^dx)t~`VhzXlF=
z7x7ELVWRYd*7B{gQQ=*72?-Ormp`!1To4(O_xLvhal_aPZ4vcYK`%ic`Sa5}(%0(Z
z&x!RM6W6I>^w$<{v*tIg@#O>TJeO)L;eCPfO#2fu!(BdVo3Oj{|9AUOWlE?MV1rVd
zsV};2q{M({s>!|3#Oq+~vE4|Xa^26#W{(p1#+b5kt?j+J7O!L>hY5LId>G6^wK>S6
zi`Gj?Uq2~B%>9vh;JHT=IL|q8$%}5r=$FO@>kIAeM6}|%Dk>_LLmwWFR6J=9-vE{C
z1^Cg{@4dbG9-9-}`^irNjG$gaGm?E;PS4QLmX2Q3MWz|Pe)BOcsA*guaV9!m<LBE9
zW^V6;ZfTO}j=9&Ihufg!k&?N2rU|M*{Z5n1;wx{{$B*xo8P`P=k$~PkX$)(#4rLxc
zRb$gKIMd+Fv%fkh@|2C0Rq^y-{nrF|hdzH(;8g1A!tej}KrI%Bh=_st%SGI?%1uxT
zN9r9-j=Wnu(Mx|$_E)Mf+IAIsOdi4rrFPK0TnmxS*1Auie?YyRoJV9RE_ghqqnXNk
zD+=?>Eb#nrdms4G_r=bz{^$Pws{;teVo=B{naw_pSW(mY{eCFWF<0Pqdt>NBXvuPK
za_^|7G<t%VMpP@5h>F3=%8LKxZwo433mJJ2V66H)LPJ_{_|=w)#L$wK?PgWu`WJSx
zhOVwvCJmlw<Mqj^TtVmg*;%0?hbIc!|C|ee1Vcmr1u*b`jw^1eczZW3t*m?pXNE3r
zd<fAd1iwIw9TyvWuQTkrh!sc&p7D(`f4|5DF-~k?yfT>OEb^8R;#*>Pt7~dXa7)Wf
z8m85MVncij(;Lu}k`+S*tn<2bLTl@T7UkKy0Q>|sLKYw^fApT392Gx93q4PY5_X!k
z{X7mZmeu9Oxu=II!{5KmcP|w*eSe!z7PB?=+@OmK!b{<*5}sQwtTmgz<Yl4lxGMUV
z)S^^6$CJ2Bwl*3S|9+;hYP9ahL2Mv?$$kS0MVZ+li7SU14~Y$YRxNV=wYbYt_l=rw
ziJ=^3`|PoQ|LAq^;9&A_u41}Neq=a{IP`0_S|K4J{MLQ9$;tutWJpX*^o)Na2mJ<d
zL1Uxg$jFFVqj96lQ|&h#3V%QS3F;-k=awN^ImoxH$=qhu=}e`-8z6wuveRZ#j>H(R
zkC!BG%{GmejgDJLcx*6n8P~=Dex^4~$YH}2I75!t>49BOcQ@~%J$P}q-Jc3A%Ci5f
zz-_)bKkFUJmdnq}lgA^bW;#DTEO7@h7_I@%^c}tQ{F{<g0h{k3gp^w>1U&25Ny!)3
zCJjz#DU|trgi;|1jp$voX86aykIaI|vjX{p#T0~?`T#=0Mnw6VGHoTisyb8Bw|Q`;
z*6vrqQbfcxyYXT@#3rz-<pH(0)%ROu<t&<+FEUw6@<<FTkeD<ol!qV`t)*UUf{xR*
z10W_oc!G+Z3}8ySi;(M2d4WXMRA$Fd-~0O$Da~JIPgeohllr7`WUN$D$D^!<R?<gz
zqRd1Q1njMA%PPa^of!n^j~_p-gbKE(Ke&YqJ!59WNg^SZIvmq^XcleO;+Y8iw8c@}
zYuj{H9C%dbJgunB01a8Wpk-oG(zJS<_6RPg`q%4H#~)IEINcF-`9MU)FaQ1fcgx>D
zI`}O<1&O18Zw|rDN^l7&Qd|-<Go7}-IdjHwTX?JuJxmj{(=HQ*8*E3>N~r9w^!Foz
zo7?ovAPev!YFcfF8OX}v`Iwv>h8AUQa8e+YspmmHQg0lQ#6#pqQIkQ=^m}}7xmUeW
zMOiuac~{ib`1`++a%>HZ>C`ChwiIqQXG;paHHZiP5r^1-Q8DUo+%!MF2StPU3?MJ=
zlw;5{HU=W%P}pd(LREUv{!93cYTqNLmgdKQJ-ejd0mV&LDrn)j&^A}@^tbW&QM@(R
zf+99(R-i40enMsp9K6MfiCyC~z{+NGYkvbkmxNZFDfiKP{zd!4jd4#Q&`<zxbOBWb
z3X~FZ4*kjT##hjX3;?h@*S8J3Bq9)w2A!as!eI6uKfe$t1DLS5@%p+HZ@L)c1L&=b
zhCxTk46w$V5`g!zT*$GYPp@u5fdY7s{}3p5ul)UH9YFWE)Kt6A<E2J5OMtZWBzyBW
zB|QY?$LjMN0v6N$6h1kqeGz#`{Oo2WbUF^8t=cUF0J_v&$a~L{th_)2!49%`O?oy3
zpSpOn--V8*q?PCR#FGJ#<d&ywvV<C5V#9)tf0~6pj0`QUu^F81Ck;-)D+QEVT92#w
zX)8b!<59ryp$*`CMNI96k$A2i&!{W6+b;vCgkPjIA$3^4ty5Dwx1AI~J&dOgNZ>&j
z&|EkL<|-Uf)k-LnHh~2{f0h-HFOt+pnYzE9g^#N5&AJcn65_z_YOJN{H)nnDGIRmB
zg2iQV<EtQa(8u}vCDwzPXpG_V%F495OCnSg1Z8n?aX~tM`gwe^>UlrQz;8`85CFJs
z$3G)SvgPpYhI2y1CR)6lA!cy=Cg8)9X(c=x_sgsYGVCT=U$ujcpJLDs`a$DXhlsig
z_=qon%4JC~*xiYP(3*VJ<mUadB%UV&6C!*!M}zWv1w}V)M6pz}8tg{D%@Dz0Us9ZW
zb0b6TD<Sul^u<i7|Hw_j<3x9i5V$wD0^%DK>t4_sE)Ofx*QEo?-X2bz8in#BwRAx1
zEpqZH^&d6B8gX$qy)RBymy=AKVnNDIv!c%QUZD!80y~Z;z9XE1&=WN6PZx=Hbly-_
z!vUURdz(5BF3CZxPhB|ym>7|VM3Ap4@r!E<KK*=!tXx}1r=RrRh5<0g{KuiH=ZgC;
z0ommC>%9mRsa60w=&OQe8z0eH9zQ8$x}Jv_8PRSb*m$UhqaRHt*%x=#-1Z2d#{RTB
zr@a#~z>)vt_Hva1I@9dc)1EkHYa=|tci>GCljZHRAdRMlJo0#phs=!uJ|7fV%P2=l
zG;WcPpyFJc`wfgNsI>k$Ct4DdG7I3@O3FOlbeV}r2{R1VNDati0h2k~#*s4Tz5RVO
zi!F?g*l@t*2hQ~e7MKUxAPw`ic;di<nn7C?IhAMB2?fCHSL86XE_KAbWVVCT6r54j
z?Dv=n4anh%fcQ+!?)#^7FaW&rp=}+W4pF`PWwpO@s;ftwLh%ydSPrOiGwZ7(cQR>=
zjEwdG&YKK-|4-TI|5@}Jk2o&i{8RzpLmB@OhuC?Uf)4w>6uxTb1*sN-pE54jc4MP(
zqygmK-XqF7n_cbuzFpO7br5>TiMOFJ^qL`0`=9F8(~T0$Q#s$FYlMXTzi{wLQnLG$
z0B$Ve@gW}3%3rhxWyNi8Nf|6C4;CCowPA#yb}O&3aT0E0ujIYoFVasJQso9s2W*Oh
z4u5xER|P%YQuAhcyzh3C;@;lgtoU4zv2<>6QBjP3nepHKmahNK($I7by>htiH@85!
z%OM(atn~Vwr<D&v+(Sib_pPR`1O;I>w*DCg-CvJIo#f``mIvr|C$k#s{@Jcm$|k$f
zf*a#lFj7@<SO0+wF&4x1HyGf5GwP&auXMtrSu`^4LtH~&adk862tbEcKRyK)7;sF;
z;&Sqs#gsYD)Nk*D+SPPPJ!H;~u8YVUC?H!${ZqPB5WUq_y|ecoA}(?w!=@eYUyy^+
zmA`UJTM<L+o2^nh=IMm~+I(@kIkyUGm=Km0?Sq$Epoq~xFuJPpc^65IZBb|mm4LO9
zkx}a071z?0TXCOcaZ4q(8#{@J?Hi5T{F)w|AB;L7Fr~y){9pdy(g99@=r-@&98d=T
z<Vk$6w6Ov1Aob_BoWRDbFE=w}<K&Bi@)tMCTekU4jvpNVcx}ChloQFFc>nRxNfGIw
zg=&k)18}@OL(1P6ntPBCY>db$sdcb@QOs407T!<ZdfK72hz|?;rdF7fm!F^Nl0Wku
z0VX+4uddu2&C7Mrw(A}t_}MV$nGRvfcugrb=l1jZxm&QHM-IQfz2|@S<?7$8Z{t)X
z`z+G#)5u{?Mmy8x#m*%+V6TKCbLRZ^`=Owvrbl)LbiBf4F$8}kF*UizBKAel!vCcA
zNfMh*K}wgn@*lvC@a?C<>BwNP_o)LonY>S55g0%~f!l*A8l;;<4udp*EIlw;GLkf-
zq(?~kH-qdL^zHf1Jkt8w`%n&ac=$4fo9%57iXa!tG`RJC{~p)Zr{+a~XC^u}6+zq+
z0s>t|Qb|+O>vduhIPWR-7<o{2wwS48$-y3R5VdW<iR>5I85ujBLYd@7uwZu|!5LZx
zBru^Ia~F?RE$%fzDeHHtlVeT5xet|?Ti(p`d@o>Dg=S%<xF>2j6CZU7m%dUyNdN^{
zDUyP#uL^XVy`a=X37RPkRFKpM-qqkCUxJ&()LG!Y0C}9&!YtS$v0olae1`=j<XU4e
zJe-8bujrNNHzD<#=lTJZMO)i4f#fk=@5ljqF`;NgQ2t*O=ZFWBkp)0HrNy?WygM^K
zzH^W8y(vhc7>o6b*Qd$gzdU0%0#u`=PK%&}dy|W*16@zc+0~69i-3T(IimMkAb%<=
zzkP7|XWy-tt3jzZiEFta-6_r{)B90GM8sAB*m;6n7)euP=tkv-ZN?&<XE5?n$d=W^
z#AyH-Z)iNr5_Y7f#lH#x`Ma`bM?1+?&%4qr664~YQIL*@$Yb3BtwfM9)TmN$o33Gu
z`!mEw)m}gBY=mnpb>EEDp`Q}kg|LSVF#yVpc6N3whVSVljiG6v$V16y_(Mw{p4i1?
zvcB#W27K#juAey2f}{}a1A|PbigB>?5`Y_?0%J9w4})En6L4Ldc|m1J(!d5ZTCR61
z=vA6_zun3A-e0kP!UD$LiQA%o`+-tWcdS5O^&}IF*~?{MOw-3Lt!u9_`4R?BhfdNb
zMF@f`P`7OTx)&U88mKHXt;1aN*8OSA7-KHO%1@@9q|(A|H?Hb`%(^x8JM5ER>C0Q7
z^g29QpTH95(>h`p)0_1eehfg--OM#aP&04+JXKK#yQHL<)am^w8!Zv-WkvZ%4Fp$8
z86(lt$57dRsB%Q-w^h}()ONNl&;@rcaGGm2;=%$&^y}BJ)*BI{4u^oAQ&La}nIm%j
z@tPj*^Y~dbFd}OKRxcHa-;ZGYJkZ_IfL=PX)Eqf&PXLoSAJIdJyqNsqG>`$hL2qww
zPk}FQ|77$oZainmmEzWJUMPPr{Wp5P<U)?hZv_a%x))RYHL?;vb@RJx1Dp6io;P?}
z`9bKEnixS@ntNZPB2mLc3_xD64eQl4na1zO8QmfLEy7Y?nJk0=hcST-ijjE0pGLI|
z(cvp4Hy9r&X=p?>?OxkO&$7iH+`-0j&@3>!)BY?Ce!%k^U^`}z;RVbp@UPP)*kt)n
zlyX4}43XA7`+Ch?eZ&Q<$<#AA*pPltWBCt1X}R^h1L{iyI4TJ42`RK5c!TFlXaOpt
zAfcDyOifJ%m7wwiw@+F8OzdqH&$sVh+%Pn(b$M-eX8{BhgaK>RI-$W}<I!6()}?-t
zg@iCVpKhmXupnpn7?Xs=4B|_<SKX%2)wfpja>4T@TZQPfV@hyFUUqAw*%(7J_kJO_
zQFW0X_d!X@u@V3#o<PkQ=nRB9RJ=&18eJKY`ULl#HSU_eKVgln2~Nzssqz;Q9X>?W
zjC_^#2uK`t5OQBp6L|INOYY2qS|cNArQ1Ti0~zGyF+;Uo-wE_IDxk)=4<n+amVSBr
zssY(fD^2~tOx@di1y~N#wRYCbUcPVflI#F^kX>4;2HH4NE(>T1>lAv$ZKbh0r9L>w
z!#3C~T@+Ya(9|xO3kD0Asd^q}gy}Lusa%eEln-P|I*2G>8=cDEHSG`lQm)JiyaCGo
zCnyDf4t92avJJ<7(26q1ZF#;&+v69B?sXoppi@0#V|D<&J$*|lI1TSEFE6i%cD{OB
zW}$AO9Qv3`K?7aqK&A@vBQ%xVrY;@CoddO&d9K-mP>g7*Jur|;9A1==kkI|%;p@C7
z?ExO;IIywn#G2v_?99wxuawl*3Qo0%bX0sUaud5VxJJ8%G(L|rOMMAd_APINLq7aX
z2*q6PhWK1Zhm7PiCTK)#fxZpuZL12sa0XKNI?;8;tuOiHf|aeke85qhzw163^>qA6
zpmC2t<0wrVV2gBN$65bEFz(F*sTbP9m#Fe5`J0C8h+yhc0Et=u1`U%au`V^}%It<z
z@H*I-l;2!4>`xPNr*|-LA1zSd1dV?<v6;7-frXb(8QjX#ESt7RG3<(vsrnAHbrCPs
zl|oW_a!Sfx&A?NglPw!*hwb~VATce!Wz8%~MqdMv09dByWIq^JsFqd5w_wBAM#ATy
zsMMq(3ZlIXjNt8`N=rG924s*rE&$d(MBndutlu}uz-XeI)`RXH@wzgOvKe-0d;%E<
zpk_v>Xg8G%PDN_5wgm#UN`3k%x9+En>AI4sW1W9+3e;=|1;W$9xa)p!A}igNRlFkb
z;^MixJ|GR6AIR|oD@mPxVU@a9sA-V(v0%_)18YyUC`icVhYU0{G7^9GAKLE?4Y`C+
zwjCe+fed3N9y6t}Es;s#%1^d`SMfPs4EsCGkP8ui{J1mG^KfI=kdVBxcBTo0jCG^-
z4$;_Q*@iJbtSB9H&fUkmztk(KL8&!z&{C9)nS~Q(D4StpsWyC57KWgVxL^@dx?$d@
zr1r(sNZ(hVl~kKPSD4JN0<wu@E|V3FXD9;nK%A&jK=a!gP{zlMM7%VF|E9S&IjUT1
zafH;RZ~ze^9x93tiDqz-QtfL72PKMhm8+A0-dqMb{Pm$ntX3gPh4T8ig8Xo!r8MnT
zgMGSchd4#3Q?Z7`2L=)agRA}N2I$+cyC>`Q!t3knAnQckX+{(K;tNZK+`&F0j(TxV
zySleroeunVb3lUA=k<Jt)HP3GfMFhrJezO`9(BmSBeeOg&o;w){>~cm`$@i8yeUXg
zZNEc!y0b10SlRC1cR_Xd>>!Vpz|biNl=GN3V0vJ;P3J{HGzUU??#lb_%s!b$mG*~A
zvurKGO#oz}=aD9KzFT~w@gDs`sP01Pb2~7QXzScwg~cq@hS>wC49X{9S^JG&*|u^g
zL|XcBlU900)jPz4#*_l~!F5<nPrSkYU~QPiFh4)P2M|bG*0ygZF1Sg{3(g~%`U74I
zLA-|FV{L5)FeZTemQipSTW(WdQ8|jtGxZg-@K;+pR%sCy16?r$=FR<f71oEcU)S0W
zf2P@-YiW1^=nYVylysW|z~nZ6)5xxpTEeq*YoUF?DfH3Sc^3}Sfd0==xw1Jh9cbng
z0jk@l&#Lk02hx)~0EYm?lwlZ2Pln@q7NP+CKT|qHA{xa>@}^|iQT}`MWL*zO0agh>
zd`?G|WR(Zr{x2{@uyES*u$t}BVqbjw%8@`dNHzn0t$Z)1dx-}Rd*YkO*7Onu$nuhg
zO-)VK$#7yrz<Y_zb^n8;V(x<0?=Qz@2oan5rG`&0E=eZqFN8?Tzb$aPRedg3cLMtr
zU)()e%}O?LYWn&D;|Iz_)sz5?>Hc|_8z_SWder4mW6~8(-;j>=ZHkQH<0Z{i!!sMO
zWu5{k`A@>p>~j(>AdI(H`ouXKeGctwf&@ti!la4cl!#s0qXhqYsp0%r**djUeg)9A
zp{-?v6w(zQ36fDwnJ!r}nu*>8C1QOfe+25O4O!*pU;cVO((3KL&vOqZ<2Q;ci&&Jg
zY130sU`$tfUBbV42Nb!)%dT>}2f+J$4%Y6)vuX<8@dsdRx->SYVc)(R8}^0OtW!(G
z5`!_dGpe&soV#^(Z#WNlUW@tCta3~JZa4t?Z_(n9+Fcf9Yle!rhd;zK5g5Wq1L5l-
zhnuJt!q5$25y0>BBlWi!!<9@$8RJ}4?^-z0JE4TRf!P36@bvNA?~}jq=UX&A4=5Ei
z02ot`05IHd7Odes9>=UYxq|oD<kJ4GsXEdxwW8JXU(f!l6Tb_1mK8$)Py6Or0ryjQ
zPo*;fkZG27lh`>P;+jnPdKT>+&wIC~zX8ld2qSHWA8UqT2|-|i<oX8hJr^Mge~}^I
zy5sh(v~O<#Hhtd*@n0Mqy<kv7fEKT!Z8TP_!I3mzD^t**uXVV?3h<raO`p+Nuggyd
z2k@F(I9inADEseoz?_He4Gwp}xDO_X-F%~F-g2qb20~U7wXb;UFBwV8`JIt8Kbv?y
z1MWG9$#bQTs%HGX08NntS#{vuKiZEu<0e2*V$`b~?udXzm_DLs8dUA=iwX4E*x0IF
ze?4NU>NMcUy#A)d=x9a=u=6r;Z0ziDpxbOj>I3p59%4$Uv{=8IC_FMJyRXpX$pyHm
z7$$fjk(td<>K7?Mbf2u{MsHaM@mL26fVcMhV21N|Gcn1@tN=u9Ghv`%36KXue}mC%
zuU`03D9;|TWqcpnQ03m9Tg^fV*s_GJsDury%B4!y(l1Qr(=;a2j1V8#_ofykjht)N
zgJ$Kg#(|=bSwsXyga6E~(;?VJ=%l<i@H)?QoeLl}?{?gxp!i;EH#%z$k+|J}YeriK
z?R+PReCI@V)le~MvhFv4pfayS120-jO`Ap#Uorur1(JZubS%D_<FjCwy5AC>#4kYp
zR)T?UL?l?{bs}CVG{|TSI(75=ns|;^K`y3VUO^6a_A`a#e4X@z0F9{sDO}9;=bJgA
zaJD&T7yD?Lo$=`oPcB(IU93&8VZeOE+kefDSNKm{KOk&^42Q^3BF^(KSSlPUM|!qq
z>K&iol%W0+^*Goi(Y2;K#I1!QTd+6?%pI7cAMAzuPp<t>$8(>YPfkww0TJJTQb~R~
zw0t`#)TLaW>3lResLtz^S)>cK-Y1`v<>cjYgC}*@?@Y_(d#&6@2u=gq4-EG{@ig-m
zag!DkhJch7B6pqcfvpJ6hTZ@n*n~%x+3Pg0ga6FObd~yT*^U;xpR$(K)74c1Dp!bq
zl3q&^ZmxST@YbxM)%BtsM=&8?LjI93CDpLn(w9dq6hgoxB_I{^2VVH?OLHM{3jaG7
zBi@z$FD~ZOxLcB`%Zia*s+fDhElSE6^<X@{qZtqmR)dp5Me4cN49&%ZYyX{jX?Wnk
zlZY`^(6$+UdjN>MT&?>F)V;G!?sHoC3Sqd1^g*5y*YdN!|7<t{#Qq2-r_{KXtw@S0
z(!BG0#1^!?|9Sj}*dGE83k-8t8|X?3j%KN@9V7u$P4@@mxvyt*zZt~$si<#tKr!5W
z&u%g2+C{q(=tNx(XITH=3<b5~0nYsnVR4qec^PN~G8ze{4BX(;74C;$h=~mx0?4i!
z#J9Pei0NQesDQVmF5hn6<hGlt&WBi<@fERBvle|w(*pP@5ijD6X@l4?tRVHmyKCP!
zn`Me>%HAi9jp?2M=B%HeNalff6VhH8j|+cwhKuy$BXSTRNpP`bK;lCZ<U7TJ7GRmd
zS>~5uzI4Vc^O|jnIZnic>4+=#dLRSH<_v6Q#h(+CIwQ9X?rDRND8iwg9wkSyf)2s)
zs#ezKE-2cQJXjm*3b9H7QQZT>3?%`~)jt++Is*Wtysn-7J-mS7E77E>5QubnW#61y
zMF2}%<$}bsRFchIC|K||UJt~w&$CnqHg^|@C{$<NOdU31LhE#7_n7cYvGT8)FmMF0
zR4?-|gsnto%u=oOr|ph^!iYBdfZc=-0l88?4f`A=nCu;2ob9BW(ZRRLNjYqyB5BOn
ztIz3!$H!MCIr*zbmn#pde*9ia;B!<cIJ{-_=Ly4RSh$~{^3oR;3|Z-Q=+!zvuCM}n
z3I3;_-`L9q0X!}s(z<5$D(DG!#tpV<Ke4Oo6jQ&amn{yEy;$o{xbgEhUv<Ves5Sm_
z`*A7~n|NtpIkTV;<#$&*pifF-gAAkx&gO((z|8jV5e&2i8N<(uL2pnsB3}Nz$|^X!
zMeKSwjTwWRZE*KQdqn9=smf<Q-?%zDdQ7x0jUdh<Uo-s0X&}Q{A?}LOdiAw%X|T&i
zSp(MzTxp~UDladu8_Y%e89JNwC`do<=QD(C%44D^jm{)u6Qc3MSX$n-KC;xNjK%d=
z&_~`*!T0dX@17#VOx*y&EEshiNb5BUkF2e&>+Z?Sk+}d~+HIR=4yVYdXPcv!wv}sd
zv4){$o07`+xy#Evin#}3n{A)y0@E-3P7Z6Z$@)TwvIL=ZXy;6HJ9YH+_3N|}!DNDh
zLds(!;rync8~Im;lM;E)_cx3rm6p!C<XODRyqjJpIPf$ysah_2VRPj2Tm)FG<Dh#+
z#PpS%z`MPFMY011=G{a`>y=qvSD^;Q4a{fHm~AcLO*m#fewReC{eic7E_Ob-;o6}g
z<G*WBwj5}W;0)xhbYAH2X2?H7*Wj;JW@}g~?g5pZk~nn%=<ThObSGQ9Dgc>b3_3A`
zvIhH!Qln}xAQQ-@eczk<=hGYan%NE>`IVy^sgq(uEtX-dh3_ujbdS+7L|*7vp6@6~
zrQLUX_G`IP*E);#DyWf4?BwL+aR`JNmztQ>pX1$XK<U*SV8`|Dk~3_Y6O@wWb7vBB
zdR00{bbmuBNF8@1E|Xlai9Yb|J&rO+k~o%Tm<fGLW7Ow{-v~|d2vk?K*Aaou%>7{A
z{+gv&0uq_HZQVBLvD6Kax7=L5D>yrPCRp$9;<A@CrWv7j8POegk=%(I>b>`3W0|);
zWSQg#fCxcvK9uBbQV5D46sodK`d*4DBpap(+Qqd5i~~Is6`q>Qs%GS^^7iW44vScY
z1@hEsbta(Odg&Iy?ZvyR5sMogvGhmVvMXGM2W8~RCo2iSdAKTwcEL#ha>FWFaOr>>
zj0Ue=(`i=k2eZ3=(-NS`S9$z6_UshQbZY$HW8CiXWlVF#i6~n3N-)r0=vrbf%aJ1N
zpbC{)2x_HTjLR;4B8pW3l@SLVkgW?)O;iV71_)4@8E77DAFgsu3qb5tH%O8Y3-zM;
z-Ir%c5{6vW9O{;bs*vq+x{H!J7JJxorRWT|f1G#mw6CBTTDl@`mEI8Zs@`ZVl)A>5
ztyNvJaeF8Rc<4r=hAc{N*dwqV8tS5Lw(jOD?3|9Cg6Vb-pz@7=3k2($4<K2+!f8^d
z47V+&q7|&?8RI<tf!illWf8n!tnvE+j&CI*VY_CKgb5FrIc2y>6X5RT*;!MgTHD7%
zp*<R4=9vfzMw)_@hv7~i6~(m(*1~=4_)m^Dgz`~blv7d<cn9q+7{LqJQqW{(@HfBj
z9@`FHCOIf?N0P~36RDiVio1?Q2*$qXk7TSG-GKMC0wW+$&lBwLFiR*<V#XY8A?g1_
z(X;UbQGKdO-AN;Qm7UhJA7ROtf82g(Jdl9gi-cjH?xxYMd#vNmTN?BG+5uw$ICs4P
z^(?Qznps#_*y5mKr<KO{{88QbFd`>@NXXXi$4Hr-U{KXlx6V<$Z-f(g`ZNoP?9~BE
zcdxGNbJw)p<FATWnl5}L7jFjqHMw&lj{fZnzhB?o@S7MYIkvp6P}2jG!~mkR|92*a
z9}<|)ek|;K=^4I9L5n?BW(&XB+?KR_V<Vd6*Sa=d7{wLY(NL7U{>6e!bUcB&*F@X0
zYEj%s@kSNNj^ml4g`rj$KGqx57b(y`-sj>HI@?+I<eMhTcTioY^_v#Rm(=upc})+#
zoe;`1_bXa?ZFuxvO<5qBSoN23g8LG;CZiO>P=bPXJdXi(p<^Ugk8i$`#8xTy*pc~{
zd$30yT=pamD_CORZQ<q=g6^2JnLdl`1KcDP6uj!nh2_EOkJDW^S~%DgF>l}}*k+0<
zucJx&Au^29`Gb2FKR^GgSK386ok7hP3FR?>G-m{~mJr#{;dVP9nnq0$!A!heNVe$y
zHKN{ic~@fIuzAWU%+bbvO7%A3n}QxQg>Un>X(H@7eo1lgFFVCfEwtWDGru|Yr%;A>
z^oVobM~suULF#r;irq7M80lqggA(O<UvIBKhayf4-aTS@>UUd}w~B3tMn2_tsN$sH
z@ex~6_r*Q)|M<PRV!G^X%8qv=A6qcbc1nPo)EIt(g(Ms}xNk-x7<tJ-8dGaIPkmpg
z41G&^*oqK-UTAcLKmUBZLS7i@%`E6onzHldi|bt}p{nbED{dx#7fNe(seCy$pAG5i
z{4sDLcQY~-)_0qg8MH}TIdXpDV<HX{oB{_8Kv*Skt4QvZxM0fGo`K#WcK-=V=Ju4d
zB&pg#lrZrlhrl~mxqvd-#im>R^<zh`ZUvJAKOb|+_O|G@g`6E+iXr$kr$0kwRi%?w
z>DeZh(hK!1959026tnv<{5}+MqA{(L7i<GG64jPHH_0*tui8~szt(Qd@!DE1UJ+k6
zWzE`rPz2^5DQ}mX*?l+>63hTH1drExJnSjbHDABctPOV-Ewow7?FokEDNv@4k>)9c
zHD}yi>XUT)ejKHTRG9CX3?N4byAABL7GiYQZH6;B&iw{>XEWaw@8n3DpPtv^m$FQ2
zh};=Sw?e^`;9!F?)gzMYaPnQ-bq7HvyXd%3CSrc-1VN_tp|nsY+RV|IytAKH*4Amn
zVQ8&ek55!1h%WnesV*9B3A`y>RQ0WZXKSGQNBW}%Gs~8XX>rkPyLfcy6Ia<+N&Y&;
zve8Mi4Zv4)$z@nP%C1T8pXr9ge3UGHrR?b2^EKyPZRiU8oMrC7K)O(4a>AnaV!U`K
zKfW8`t#ax<B&Gw?qJ(zHKjN*zc$vn+IIoeswe<q()6|qk2xk6nvoa%;3DK2zPnp#X
zANRxk$bqmC_jU2dK2HAh{+Ag?B0a@oGnV`KXO=V7ud8jwU8fR^85l25N(rvymP<2A
zjB@J}iug37j+T&()d+mBCuS_P^hdHUiGDTWt-cp|wBL7ZKfXHdzml<2{nJKoL1!mp
z|AM9!tJ2a-PxPStO1bZt|L@nI{^Zj#7DwU8_(Kj~{%x1m%B}pt^lr`&JY3cH9lW{@
zbKA}pdl(3j)bEbukhKU^+5#<86ag=_rQlGCd0u;T;$npj-gh$k?%xjFJ-?&%zW;73
zu{!3du{`Fn#{K^3gx~K|+{W@Q4b{92f-U#dDS<C~Rb?9IjQKo}KB3Q<HgR`BibdxF
z{l*e=Kk@Ao?quaBVvIUI2Hi_^l$Nvo$xOeJR7B*DC9}E)bK;AT!HSgc4?+c<*Z4YC
zSA$LdAW(xR)_T9iV)V%U;5SrRk9o7M$~+(YA{BHTC$ap7^W>aQ%tP=ryUb9utxPS-
zv5Y-TIPrT*%eB6*o?kp{EZ4KH_nhu_SsqTx6>$1J&*FS()!uhLXP$a8LZZVWS!2fE
z-k{2V;ZR7xZLEFa7)f-wQNEFnT6XJ-{oy9}mgrK~?r?8+|KVb`@rk9;_%CbfTG`r<
zT{#YvQ%KeL?b3N`pPh}xmCh{vosMc>Pq;=xgV*ZX$VO+NaZaWH`R9{S07h^zF(rTl
z!G`IQoxy%~#YxkYH2<jQNTkxFjVq<6ckRt<3(ic?vU;)Or+ohNZ47h%^Qw2PZJd@=
zyFGg!c(tB4HC3MO5Bf^E<0L0c=q+05rW0=O#-hxNCscFY!&)CcQXSwa4x{1{A6p_8
zY#AxWr{+2l>&Pz1Y25HKPUqSQ@ADNUwSd9imb~?c?J^<_0uG0U+C=Zmk9koI4_vdN
z-N)&4((pgRiSsmweTO{DV<T%fV$wOyi1`?OtEaC^BbEQMN84yGQpRX^^P0}Y#iH!t
zZ@2tOtZ#iSQ{*(y22j;|K?CE%$^*@rF&ayFpb<)&#3z-eXnk4BK5Odr$ohdtrSbKN
zoCVs%t?Vw@q;bZ*{@>4vsvRD>);*PSW}7r~3Vdg5)$XeH$V=>AJiP?Fjp`J*as<QH
z&oDVj{>6WEl54#UM$k$`0MY%2>!%Sx+}cwgbyy*F4t!^Ru5_LlXwyirIIz#pj*`J0
zNFb(pOGGWG1a1}BhyV$b%Z*9~h&sp55O?_z1YaNdY7aiu3JD?)7IvKO4j~L)#)tn}
z0P+VTFo=NxEf>R3sgb~uD_}{0(r!$L5d1YQSRY7W;(;P3y=(e)zNGOY5xtZtpyVF@
z)zdL|M1a;;_EUrmm|rgcUhG`ig~YmG_O1^e4`RPkdX?yZ5Vi)*T>%nZg-;Qm!0nQJ
zK)FLypu1vrc_dKGfL8)f{(ruF`|qZgM+06OlO1k~22$){zzoTw2PAfCuPZFso1^mH
z241G`?VB2OMjusdifx>pYCUt+xI4W21UIP242^qe|711!+r<StMb<rv)hjn?FZE#W
z!_BXT0huo#69on}5#r2{zQ+^@nnxO(pRjRpdCX`4y=0n*GdKO^an~|*hl10jzE3ht
zXAHD`d0sp7Bh4NTb_;DtAeU%b{oR&z-t4m4;LS6CdR*2pA2;LF(%<R{$lA;#J<pwa
zt|!NzDVM-4+hj-y-F0{fh_t<rn*Qu-hnT^Fq9P@_fa9ljGxcTA9hZp6$dWqZBQbkl
zGbXe~hUmS8<8LBMV5$`ZWZgV#Hb1T&NjjV%-e`}mRs{+JHLKg@`B8d3fbzwj18El;
zQ>$2UMr)TNFeYZ?Cm_I5)5v^amkHf0h9It(FQ$}$j;HN7XGZ_^>w4tN-5hY4#t4uQ
zYZKl)MdDi`fOK+?N=Ue62Yji{bN*<*t-N60cWUux(`sgXbv1vgxJR*=;(eds%U|@D
z_kl|$&p5ZwNtRb!P7MaIfQjG3iU#S;Pr*3Qa3^uJP&1wPa5U?p)_BGxE4Ln{FtXhx
zeNjcgz|71H$uvJ?1vAbbm7=|Fs;FmmT}(Xy0?@sN_VfNXZ2nu4HtK<eTl=sc&VxWZ
zSX`X>4?wohtv1ZMMVdCcbUbJSw|n7hLmg$lV9?!%>o=UEz!LK^q(y0y$y0*p<-(we
z!RQH+K{6{DFXGiJ?6XQc=cB%t^uB}s(Df6?I<M85tn*S6n});8!g`dLy}cJ8=9{tt
z7ux(EW{uw1_Vo!l{g<WND=-ma_j)e;gw7GwgE&kzLznqjN-93VC8eeCtOhW0qH$LN
z!_ZlAq|3rzp%{q}P)`q(?VD?Ph^qRU2y(8+r26w6wPiK@wdd-7b(TbV(+c&dfOXBx
z%xZn0Fg0mHX74t7Z%-=vz(c5Rv`a%t49H)HR^e~XGV9JYWIwL&PfFj}Ih)R^C}`Kg
zcn4WhoVE+XlzZA5?KPDhRaw`x27%;y`P&_5c(nJRJD3oC=cs69fJ8WQazbW(=vDTy
z6J(BL*6Bf^w4-cjztfY^raFAZu-=4B)m1sMt@`=ZSa9B+(50;z0S_RJs>~9YJ$kp|
z^|J{4c*StL$iNvSNHX^S=Vacsqh%PMJ^2BN{=luScwJrHZg8#rx&YtwaK0)fbc<zO
z*_9<v;$Rmdc%CErN|Bo4mIq7mniDU9IUr+<!==uee(iSAi^O-<)YQCQvG5*;J0b9e
zfKFRrP-T_raA#qmtY*e1OYyWhZCVm2RQAC2^Hed7>FwwAXDKGDl8TKxRQ)?&9)qBG
zlDl66-GARd$@Ire*&qIMVgeWSIPb&#gGZZ$q0tSXl^->G?QjEz)_oI*$d*)}oW@a+
zjQq~M*S!mFxEmPP*@JttmK%^JFOv|-i-P~h-OBBhZ-T+;ddRRjP1sypf%_)H?YiVa
z3{~5oiH0_-Oo@Lt<+Q}XVMX9vUzHDZJ9*BBWJm0?|DbIEYgC$4^f@)c54xK^b0BVi
ze}4jX;PqYVdQ9K(3<=CtC2aa)FS)&2r2Ry_<(f<eXt8B7hMyue1NP#rUo{RCPS@B(
n&t3WZ#sB$Lf&c2I#k0$9^&5U!gK|I-34<vsXvmk#TD<yiMWZ6u

literal 0
HcmV?d00001


From a31f622aa297e32d19a6d97ac20a078da901cd1b Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 12:24:26 -0700
Subject: [PATCH 16/36] Add conflict resolution table

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../sig-node/4603-tune-crashloopbackoff/README.md | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index ac58e1777816..2df2fb86a977 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -1253,8 +1253,19 @@ lower than 300s, it will be honored. In other words, operator-invoked
 configuration will have precedence over the default, even if it is slower, as
 long as it is valid.
 
-<<[UNRESOLVED]>>TODO: a table describing the conflict resolution would probably
-help <<[/UNRESOLVED]>>
+scenario | ReduceDefaultCrashLoopBackoffDecay | EnableKubeletCrashLoopBackoffMax | Effective initial value
+---------|---------|----------|---------
+_today's behavior_ | disabled | disabled | 10s
+_new default only_ | enabled | disabled | 1s
+_faster per node config_ | disabled | 2s | 2s
+" | enabled | 2s | 2s
+_slower per node config_ | enabled | 10s | 10s
+" |  enabled | 300s | 300s
+" |  disabled | 11s | 11s
+" |  disabled | 300s | 300s
+_invalid per node config_ | enabled | 301s | kubelet crashes
+" | disabled | 301s | kubelet crashes
+
 
 ### Version Skew Strategy
 

From 5a502012133333a68751cc2ac11a40fc4d8ff291 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 13:07:00 -0700
Subject: [PATCH 17/36] Fix napkin math in risks and mitigations

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 93 ++++++++++++-------
 1 file changed, 57 insertions(+), 36 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 2df2fb86a977..62585271c854 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -495,12 +495,28 @@ at least nontrivially slowing kubelet, or increasing the API requests to store
 backoff state so significantly that the central API server is unresponsive and
 the cluster fails.
 
-During alpha, naturally the first line of defense is that the enhancements, even
-the reduced "default" baseline curve for CrashLoopBackoff, are not usable by
-default and must be opted into. In this specific case they are opted into
-separately with different alpha feature gates, so clusters will only be affected
-by each risk if the cluster operator enables the new features during the alpha
-period.
+Some observations and analysis were made to quantify these risks going into
+alpha. In the [Kubelet Overhead Analysis](#kubelet-overhead-analysis), the code
+paths all restarting pods go through result in 5 obvious `/pods` API server
+status updates; when observed empirically in an active cluster, while we do see
+an initial surges in `/pods` API traffic to ~5 QPS when deploying 110 mass
+crashing pods for our tests, even with instantly crashing pods and
+intantaneously restarting CrashLoopBackOff behavior, `/pods` API requests
+quickly normalized to ~2 QPS due to rate limiting. In the same tests, runtime
+CPU usage increased by x10 and the API server CPU usage increased by 2x.
+
+For both of these changes, by passing these changes through the existing
+SIG-scalability tests, while pursuing manual and more detailed periodic
+benchmarking during the alpha period, we can increase the confidence in the
+changes and explore the possibility of reducing the values further in the
+future.
+
+In the meantime, during alpha, naturally the first line of defense is that the
+enhancements, even the reduced "default" baseline curve for CrashLoopBackoff,
+are not usable by default and must be opted into. In this specific case they are
+opted into separately with different alpha feature gates, so clusters will only
+be affected by each risk if the cluster operator enables the new features during
+the alpha period.
 
 Beyond this, there are two main mitigations during alpha: conservativism in
 changes to the default behavior based on prior stress testing, and limiting any
@@ -511,42 +527,47 @@ persona.
 The alpha changes to the _default_ backoff curve were chosen because they meet
 emerging use cases and user sentiment from the canonical feature request issue
 and research by the author, AND because they are indicated to be safe changes
-based on initial benchmarking and analysis, described below in context and
-<<[UNRESOLVED ifttt benchmarking: add benchmarking link]>>here more
-broadly<<[/UNRESOLVED]>>.
-
-<<[UNRESOLVED fix details for new proposal]>>the proposal maintains the existing
-rate of 2x, reduces the initial value to the point that introduces N excess
-restarts per pod, the first XYZ excess in Y time window and the last ABC excess
-following in the next Z time window (see [Design
-Details](#front-loaded-decay-curve-methodology)). For a hypothetical node with
-the max 110 pods all stuck in a simultaneous CrashLoopBackoff, API requests to
-change the state transition would increase at its fastest period from ABC
-requests/10s to NNN requests/10s. <<[/UNRESOLVED]>>  <<[UNRESOLVED ifttt
-benchmarking: add benchmarking details]>>This has also been empirically observed
-in benchmarking analysis described XYZ HERE XYZ. <<[/UNRESOLVED]>> In addition,
-by passing these changes through the existing SIG-scalability tests, while
-pursuing manual and more detailed periodic benchmarking during the alpha period,
-we can increase the confidence in this change and in the possibility of reducing
-further in the future.
+based on initial benchmarking and analysis. The reduction of the initial value
+from 10s to 1s and the reduction of the backoff maximum from 5 minutes to 1
+minute introduces 
+
+* 5 excess restarts per pod in the first five minutes
+  * the first 3 excess in the first 30 seconds
+  * and the last 2 excess between 150 and 300 seconds
+  * an excess 5 restarts every five minutes compared to today given the change
+    in the backoff maximum
+
+For a hypothetical node with the default maximum 110 pods all stuck in a
+simultaneous 10s CrashLoopBackoff, at its most efficient this would result in a
+new restart for each pod every second, and API requests to the API server to
+change the state transition would increase at its fastest period from ~550
+requests/10s to ~5500 requests/10s, or 10x. In conjunction, the lowered backoff
+would continuously add 5 excess restarts every five minutes compared to today's
+behavior, so each crashing pod would be adding an excess of 25 pod state
+transition AIP requests, for a total of 2750 excess API requests for a node
+fully saturated with crashing pods.
+
+<<[UNRESOLVED ifttt benchmarking: add benchmarking details]>>For more thorough
+methodology and results from the manual benchmarking tests, see the
+[Benchmarking results section](#). <<[/UNRESOLVED]>>
 
 For the per node case, because the change could be more significant, with nearly
 trivial (when compared to pod startup metrics) max allowable backoffs of 1s,
 there is more risk to node stability expected. This change is of particular
 interest to be tested in the alpha period by end users, and is why it is still
-included with opt-in even though the risks are higher. <<[UNRESOLVED update with
-new findings]>> For a hypothetical node with the max 110 pods all stuck in a
-simultaneous 1s maximum CrashLoopBackoff, API requests to change the state
-transition would increase from ABC requests/10s to NNN requests/10s, and since
-the maximum backoff would be lowered, would exhibit up to NNN requests in excess
-every 300s (5 minutes), or an extra A.B requests per second once all pods
-reached their max cap backoff. <<[/UNRESOLVED]>> <<[UNRESOLVED ifttt
-benchmarking: add benchmarking details for this case too]>> <<[/UNRESOLVED]>>
+included, but only by opt-in. In this case, for a hypothetical node with the
+default maximum 110 pods all stuck in a simultaneous 1s maximum
+CrashLoopBackoff, as above, at its most efficient this would result in a new
+restart for each pod every second, and therefore the API requests to change the
+state transition would be expected to increase from ~550 requests/10s to 5500
+requests/10s, or 10x. In addition, since the maximum backoff would be lowered,
+an ideal pod would continue to restart more often than today's behavior, adding
+305 excess restarts within the first 5 minutes and 310 excess restarts every 5
+minutes after that; each crashing pod would be contributing an excess of ~1550
+pod state transition API requests, and fully saturated node with a full 110
+crashing pods would be adding 170,500 new pod transition API requests every five
+minutes, which is an an excess of ~568 requests/10s.
 
-For both of these changes, by passing these changes through the existing
-SIG-scalability tests, while pursuing manual and more detailed periodic
-benchmarking during the alpha period, we can increase the confidence in the
-changes and explore the possibility of reducing the values further in the future.
 
 ## Design Details 
 

From 154a5c9c96c4b715a1db52e7435c7ec6582f4ace Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 13:27:00 -0700
Subject: [PATCH 18/36] Address free restart issue in design details

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 59 ++++++++++++++-----
 1 file changed, 45 insertions(+), 14 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 62585271c854..afb1ae1045f5 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -835,20 +835,6 @@ and Container Runtime restart code paths")
 ```
  <<[UNRESOLVED answer these question from original PR]>> 
  >Does this [old container cleanup using containerd] include cleaning up the image filesystem? There might be room for some optimization here, if we can reuse the RO layers.
- 
- > RE: The exactness of the current behavior
-It's because of the way we handle backoff:
-https://github.com/kubernetes/kubernetes/blob/a7ca13ea29ba5b3c91fd293cdbaec8fb5b30cee2/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L1336-L1349
-
-So the first time the container exits, there is no backoff delay recorded, but then it adds a backoff key at line 1348.
-
-So the actual (current) backoff implementation is:
-
-0 seconds delay for first restart
-10 seconds for second restart
-10 * 2^(restart_count - 2) for subsequent restarts
-But those numbers are all delayed up to 10s due to kubernetes/kubernetes#123602
- <<[/UNRESOLVED]>>
 ```
 
 ### Benchmarking
@@ -962,6 +948,51 @@ completely different pattern, as unlike with CrashLoopBackoff the types of
 errors with ImagePullBackoff are less variable and better interpretable by the
 infrastructure as recoverable or non-recoverable (i.e. 404s).
 
+### Relationship with k/k#123602
+
+It was observed that there is a bug with the current requeue behavior, described
+in https://github.com/kubernetes/kubernetes/issues/123602. The first restart
+will have 0 seconds delay instead of the advertised initial value delay, because
+the backoff object will not be initialized until a key is generated, which
+doesn't happen until after the first restart of a pod (see
+[ref](https://github.com/kubernetes/kubernetes/blob/a7ca13ea29ba5b3c91fd293cdbaec8fb5b30cee2/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L1336-L1349)).
+That first restart will also not impact future backoff calculations, so the
+observed behavior is closer to:
+
+* 0 seconds delay for first restart
+* 10 seconds for second restart
+* 10 * 2^(restart_count - 2) for subsequent restarts
+
+By watching a crashing pod, we can observe that it does not enter a
+CrashLoopBackoff state or behave as advertised until after that first "free"
+restart:
+
+```
+# a pod that crashes every 10s
+thing  0/1  Pending  0 29s
+thing  0/1  Pending  0 97s
+thing  0/1  ContainerCreating  0 97s
+thing  1/1  Running  0 110s           
+thing  0/1  Completed  0 116s                       # first run completes
+thing  1/1  Running  1 (4s ago)  118s               # no crashloopbackoff observed, 1 restart tracked
+thing  0/1  Completed  1 (10s ago)  2m4s            # second runc ompletes
+thing  0/1  CrashLoopBackOff 1 (17s ago)  2m19s     # crashloopbackoff observed
+thing  1/1  Running  2 (18s ago)  2m20s             # third run starts
+thing  0/1  Completed  2 (23s ago)  2m25s
+thing  0/1  CrashLoopBackOff 2 (14s ago)  2m38s     # crashloopbackoff observed again
+thing  1/1  Running  3 (27s ago)  2m51s
+thing  0/1  Completed  3 (32s ago)  2m56s
+```
+
+Ultimately, being able to predict the exact number of restarts or remedying up
+to 10 seconds delay for the advertised behavior is not the ultimate goal of this
+KEP, though certain assumptions were made when calculating risks, mitigations,
+and analyzing existing behavior that are affected by this bug. Since the
+behavior is already changing as part of this KEP, and similar code paths will be
+changed, it is within scope of this KEP to address this bug if it is a blocker
+to implementation for alpha; it can wait until beta otherwise. This is
+represented below in the [Graduation Criteria](#graduation-criteria).
+
 ### Test Plan
 
 <!--

From ea3988f485ebe988057bfaa9c359a4fcde1b5eeb Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 14:26:41 -0700
Subject: [PATCH 19/36] Fix some lingering unresolveds

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 34 ++++++++-----------
 1 file changed, 14 insertions(+), 20 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index afb1ae1045f5..534c014236f1 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -783,8 +783,8 @@ and [`kubelet/kubelet.go SyncTerminatingPod`](),
 killContainer`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kuberuntime/kuberuntime_container.go#L761),
 [`kubelet/kuberuntime/kuberuntime_manager.go
 killPodWithSyncResult`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L1466),
-and [`kubelet/kubelet.go
-SyncTerminatedPod`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kubelet.go#L1996).
+ [`kubelet/kubelet.go
+SyncTerminatingPod`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kubelet.go#L1996), and [`kubelet/kubelet.go SyncTerminatedPod`](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/kubelet.go#L2143).
 
 !["A sequence diagram showing Kubelet and Container Runtime code paths
 responsible for behaviors common to all pod
@@ -835,6 +835,7 @@ and Container Runtime restart code paths")
 ```
  <<[UNRESOLVED answer these question from original PR]>> 
  >Does this [old container cleanup using containerd] include cleaning up the image filesystem? There might be room for some optimization here, if we can reuse the RO layers.
+ to answer question: looks like it is per runtime. need to check about leasees. also part of the value of this is to restart the sandbox.
 ```
 
 ### Benchmarking
@@ -1282,10 +1283,6 @@ initial value 1s, depending on whether they've turned on the
 
 #### Conflict resolution
 
-<<[UNRESOLVED]>>
-TODO: consider making one feature gate dependent on the other to minimize the matrix multiplication
- <<[/UNRESOLVED]>>
-
 If on a given node at a given time, the per-node configured maximum backoff is
 lower than the initial value, the initial value for that node will instead be
 set to the configured maximum. For example, if
@@ -1334,25 +1331,22 @@ enhancement:
   CRI or CNI may require updating that component before the kubelet.
 -->
 
-For the default backoff curve, no coordination must be done between the control
-plane and the nodes; all behavior changes are local to the kubelet component and
-its start up configuration.
-
-For the per-node case, since it is local to each kubelet and the
-restart logic is within the responsibility of a node's local kubelet, no
-coordination must be done between the control plane and the nodes.
+For both the default backoff curve and the per-node, no coordination must be
+done between the control plane and the nodes; all behavior changes are local to
+the kubelet component and its start up configuration. An n-3 kube-proxy, n-1
+kube-controller-manager, or n-1 kube-scheduler without this feature available is
+not affected when this feature is used, since it does not depend on
+kube-controller-manager or kube-scheduler. Code paths that will be touched are
+exclusively in kubelet component.
 
-<<[UNRESOLVED confirm the following have been answered fully]>>
-- How does an n-3 kubelet or kube-proxy without this feature available behave when this feature is used?
-- How does an n-1 kube-controller-manager or kube-scheduler without this feature available behave when this feature is used?
-- Will any other components on the node change? For example, changes to CSI,
-  CRI or CNI may require updating that component before the kubelet.
-<<[/UNRESOLVED]>>
+An n-3 kubelet without this feature available will behave like normal, with the
+original CrashLoopBackOff behavior. It cannot ingest flags for per node config
+and if one is specified on start up, kubelet flag validation will fail.
 
 ## Production Readiness Review Questionnaire
 
 <<[UNRESOLVED removed when changing from 1.31 proposal to 1.32 proposal,
-incoming in further commits]>> <<[/UNRESOLVED]>>
+incoming in separate PR]>> <<[/UNRESOLVED]>>
 
 ## Implementation History
 

From 97cb4772fd21c5bd0229b6a8acd8d1a01bb89297 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 14:28:51 -0700
Subject: [PATCH 20/36] Remove benchmarking ifftt, can add later

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 63 +++++++------------
 1 file changed, 24 insertions(+), 39 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 534c014236f1..4275d8f39aa4 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -330,14 +330,13 @@ This design seeks to incorporate a two-pronged approach:
 backoff for all containers on a specific Node, down to 1s
 
 To derive these values, manual stress testing observing the behavior of kubelet,
-   API server, and overall cluster operations and behavior were performed, as
-   described below in <<[ UNRESOLVED ifttt benchmarking: link to benchmarking results ]>>
-<<[/UNRESOLVED]>>. In addition, part of the alpha period will be dedicated
-entirely to systematically stress testing kubelet and API Server with different
-distributions of workloads utilizing the new backoff curves. During the
-benchmarking period in alpha, kubelet memory and CPU, API server latency, and
-pod restart latency will be observed and analyzed to further refine the maximum
-allowable restart rate for fully saturated nodes.
+   API server, and overall cluster operations and behavior were performed. In
+addition, part of the alpha period will be dedicated entirely to systematically
+stress testing kubelet and API Server with different distributions of workloads
+utilizing the new backoff curves. During the benchmarking period in alpha,
+kubelet memory and CPU, API server latency, and pod restart latency will be
+observed and analyzed to further refine the maximum allowable restart rate for
+fully saturated nodes.
 
 Longer term, these
 metrics will also supply cluster operators the data necessary to better analyze
@@ -365,10 +364,8 @@ earlier by changing the initial value of the exponential backoff, and to retry
 periodically more often by reducing the maximum for the backoff. A number of
 alternate initial values and maximum backoff values are modelled below. This
 proposal suggests we start with a new initial value of 1s (changed from 10s
-today) and a maximum backoff of 30 seconds (changed from 5 minutes today) based
-on prior research <<[ UNRESOLVED link to benchmarking results
-]>>here<<[/UNRESOLVED]>>, and further analyze its impact on infrastructure
-during alpha. 
+today) and a maximum backoff of 1 minute (changed from 5 minutes today) based on
+prior research, and further analyze its impact on infrastructure during alpha. 
 
 ![A graph showing the change in elapsed time for observed restarts with the
 CrashLoopBackOffBehavior of today vs the proposed new
@@ -547,10 +544,6 @@ behavior, so each crashing pod would be adding an excess of 25 pod state
 transition AIP requests, for a total of 2750 excess API requests for a node
 fully saturated with crashing pods.
 
-<<[UNRESOLVED ifttt benchmarking: add benchmarking details]>>For more thorough
-methodology and results from the manual benchmarking tests, see the
-[Benchmarking results section](#). <<[/UNRESOLVED]>>
-
 For the per node case, because the change could be more significant, with nearly
 trivial (when compared to pod startup metrics) max allowable backoffs of 1s,
 there is more risk to node stability expected. This change is of particular
@@ -653,18 +646,14 @@ the first time window, 1 excess in the second time window, 3 excess in the
 fourth time window and 4 excess in the fifth time window for a total of 10
 excess restarts compared to today's behavior.
 
-<<[UNRESOLVED ifttt benchmarking: include stress test data now]>>TODO: stress
-test data paragraph<<[/UNRESOLVED]>>
-
 As a first estimate for alpha in line with maximums discussed on
-[Kubernetes#57291](https://github.com/kubernetes/kubernetes/issues/57291) and
-the benchmarking analysis <<[UNRESOLVED ifttt benchmarking: include stress test
-data now]>>here<<[/UNRESOLVED]>>, the initial curve is selected at initial=1s /
-max=1 minute. During the alpha period this will be further investigated against
-kubelet capacity, potentially targeting something closer to an initial value
-near 0s, and a cap of 10-30s. To further restrict the blast radius of this
-change before full and complete benchmarking is worked up, this is gated by its
-own feature gate, `ReduceDefaultCrashLoopBackoffDecay`.
+[Kubernetes#57291](https://github.com/kubernetes/kubernetes/issues/57291), the
+initial curve is selected at initial=1s / max=1 minute. During the alpha period
+this will be further investigated against kubelet capacity, potentially
+targeting something closer to an initial value near 0s, and a cap of 10-30s. To
+further restrict the blast radius of this change before full and complete
+benchmarking is worked up, this is gated by its own feature gate,
+`ReduceDefaultCrashLoopBackoffDecay`.
 
 ### Per node config
 
@@ -695,15 +684,14 @@ manifest permissions in their namespace but not for other namespaces in the same
 cluster and which might be dependent on the same kubelet. For 1.32, we were
 looking to address the second issue by moving the configuration somewhere we
 could better guarantee a cluster operator type persona would have exclusive
-access to. In addition, <<[UNRESOLVED ifttt benchmarking: linkies]>>initial
-benchmarking indicated that even in the unlikely case of mass pathologically
-crashing and instantly restarting pods across an entire node, cluster operations
-proceeded with acceptable latency, disk, cpu and memory. Worker polling loops,
-context timeouts, the interaction between various other backoffs, as well as API
-server rate limiting made up the gap to the stability of the
-system.<<[/UNRESOLVED]>> Therefore, to simplify both the implementation and the
-API surface, this 1.32 proposal puts forth that the opt-in will be configured per
-node via kubelet configuration.
+access to. In addition, initial manual stress testing and benchmarking indicated
+that even in the unlikely case of mass pathologically crashing and instantly
+restarting pods across an entire node, cluster operations proceeded with
+acceptable latency, disk, cpu and memory. Worker polling loops, context
+timeouts, the interaction between various other backoffs, as well as API server
+rate limiting made up the gap to the stability of the system.Therefore, to
+simplify both the implementation and the API surface, this 1.32 proposal puts
+forth that the opt-in will be configured per node via kubelet configuration.
 
 Kubelet configuration is governed by two main input points, 1) command-line flag
 based config and 2) configuration following the API specification of the
@@ -890,9 +878,6 @@ container before restarting, and the number of container restarts, to articulate
 the observed rate and load of restart related API requests and the performance
 effects on kubelet.
 
-<<[UNRESOLVED ifttt benchmarking: link initial benchmarking test data]>>TODO:
-link benchmarking data<<[/UNRESOLVED]>>
-
 ### Relationship with Job API podFailurePolicy and backoffLimit
 
 Job API provides its own API surface for describing alterntive restart

From d81363db8541a6c21f71d3a4604d0d3caa00f1e9 Mon Sep 17 00:00:00 2001
From: lauralorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 21:33:31 +0000
Subject: [PATCH 21/36] Update toc

Signed-off-by: lauralorenz <lauralorenz@google.com>
---
 .../sig-node/4603-tune-crashloopbackoff/README.md | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 4275d8f39aa4..6efcc421cdfc 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -83,7 +83,9 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Goals](#goals)
   - [Non-Goals](#non-goals)
 - [Proposal](#proposal)
-  - [Existing backoff curve change: front loaded decay](#existing-backoff-curve-change-front-loaded-decay)
+  - [Existing backoff curve change: front loaded decay, lower maximum backoff](#existing-backoff-curve-change-front-loaded-decay-lower-maximum-backoff)
+  - [Node specific kubelet config for maximum backoff down to 1 second](#node-specific-kubelet-config-for-maximum-backoff-down-to-1-second)
+  - [Refactor and flat rate to 10 minutes for the backoff counter reset threshold](#refactor-and-flat-rate-to-10-minutes-for-the-backoff-counter-reset-threshold)
   - [User Stories](#user-stories)
     - [Task isolation](#task-isolation)
     - [Fast restart on failure](#fast-restart-on-failure)
@@ -92,11 +94,14 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Risks and Mitigations](#risks-and-mitigations)
 - [Design Details](#design-details)
   - [Front loaded decay curve methodology](#front-loaded-decay-curve-methodology)
-  - [Rapid curve methodology](#rapid-curve-methodology)
+  - [Per node config](#per-node-config)
+  - [Refactor of recovery threshold](#refactor-of-recovery-threshold)
+  - [Conflict resolution](#conflict-resolution)
   - [Kubelet overhead analysis](#kubelet-overhead-analysis)
   - [Benchmarking](#benchmarking)
   - [Relationship with Job API podFailurePolicy and backoffLimit](#relationship-with-job-api-podfailurepolicy-and-backofflimit)
   - [Relationship with ImagePullBackOff](#relationship-with-imagepullbackoff)
+  - [Relationship with k/k#123602](#relationship-with-kk123602)
   - [Test Plan](#test-plan)
       - [Prerequisite testing updates](#prerequisite-testing-updates)
       - [Unit tests](#unit-tests)
@@ -107,6 +112,7 @@ tags, and then generate with `hack/update-toc.sh`.
     - [Beta](#beta)
     - [GA](#ga)
   - [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
+    - [Conflict resolution](#conflict-resolution-1)
   - [Version Skew Strategy](#version-skew-strategy)
 - [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
 - [Implementation History](#implementation-history)
@@ -122,6 +128,11 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Front loaded decay with interval](#front-loaded-decay-with-interval)
   - [Late recovery](#late-recovery)
   - [More complex heuristics](#more-complex-heuristics)
+- [Appendix A](#appendix-a)
+  - [Kubelet SyncPod](#kubelet-syncpod)
+  - [Runtime SyncPod](#runtime-syncpod)
+  - [Kubelet SyncTerminatingPod + runtime killPod](#kubelet-syncterminatingpod--runtime-killpod)
+  - [Kubelet SyncTerminatedPod](#kubelet-syncterminatedpod)
 - [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
 <!-- /toc -->
 

From 40073eb41d44800a2bf5c9581982c110d3cae096 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Mon, 30 Sep 2024 14:34:18 -0700
Subject: [PATCH 22/36] spelling

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 keps/sig-node/4603-tune-crashloopbackoff/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 6efcc421cdfc..e45c5650211d 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -1013,7 +1013,7 @@ increase confidence in ongoing node stability given heterogeneous backoff timers
 and timeouts.
 
 Some stress/benchmark testing will still be developed as part of the
-implementatino of this enhancement, including the kubelet_perf tests indicated
+implementation of this enhancement, including the kubelet_perf tests indicated
 in the e2e section below.
 
 Some of the benefit of pursuing this change in alpha is to also have the

From 5997b34bd3df00ce8794dca66a2b9f2c8a6f70c9 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 1 Oct 2024 10:13:51 -0700
Subject: [PATCH 23/36] update some grad criteria and version skew info

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 90 ++++++++++---------
 1 file changed, 48 insertions(+), 42 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index e45c5650211d..9e9fbc1e4b0b 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -560,17 +560,19 @@ trivial (when compared to pod startup metrics) max allowable backoffs of 1s,
 there is more risk to node stability expected. This change is of particular
 interest to be tested in the alpha period by end users, and is why it is still
 included, but only by opt-in. In this case, for a hypothetical node with the
-default maximum 110 pods all stuck in a simultaneous 1s maximum
-CrashLoopBackoff, as above, at its most efficient this would result in a new
-restart for each pod every second, and therefore the API requests to change the
-state transition would be expected to increase from ~550 requests/10s to 5500
-requests/10s, or 10x. In addition, since the maximum backoff would be lowered,
-an ideal pod would continue to restart more often than today's behavior, adding
-305 excess restarts within the first 5 minutes and 310 excess restarts every 5
-minutes after that; each crashing pod would be contributing an excess of ~1550
-pod state transition API requests, and fully saturated node with a full 110
-crashing pods would be adding 170,500 new pod transition API requests every five
-minutes, which is an an excess of ~568 requests/10s.
+default maximum 110 pods each with one crashing container all stuck in a
+simultaneous 1s maximum CrashLoopBackoff, as above, at its most efficient this
+would result in a new restart for each pod every second, and therefore the API
+requests to change the state transition would be expected to increase from ~550
+requests/10s to 5500 requests/10s, or 10x. In addition, since the maximum
+backoff would be lowered, an ideal pod would continue to restart more often than
+today's behavior, adding 305 excess restarts within the first 5 minutes and 310
+excess restarts every 5 minutes after that; each crashing pod would be
+contributing an excess of ~1550 pod state transition API requests, and fully
+saturated node with a full 110 crashing pods would be adding 170,500 new pod
+transition API requests every five minutes, which is an an excess of ~568
+requests/10s. <<[!UNRESOLVED kubernetes default for the kubelet client rate
+limit and how this changes by machine size]>> <<[UNRESOLVED]>>
 
 
 ## Design Details 
@@ -1094,41 +1096,42 @@ https://storage.googleapis.com/k8s-triage/index.html
 We expect no non-infra related flakes in the last month as a GA graduation criteria.
 -->
 
+- Crashlooping container that restarts some number of times (ex 10 times),
+  timestamp the logs and read it back in the test, and expect the diff in those
+  time stamps to be minimum the backoff, with a healthy timeout
 - k8s.io/kubernetes/test/e2e/node/kubelet_perf: for a given percentage of
 heterogenity between "Succeeded" terminating pods, and crashing pods whose
 `restartPolicy: Always` or `restartPolicy: OnFailure`, 
- - what is the load and rate of Pod restart related API requests to the API
-   server?
- - what are the performance (memory, CPU, and pod start latency) effects on the
-   kubelet component? 
- - With different plugins (e.g. CSI, CNI)
+  - what is the load and rate of Pod restart related API requests to the API
+    server?
+  - what are the performance (memory, CPU, and pod start latency) effects on the
+    kubelet component? 
+  - With different plugins (e.g. CSI, CNI)
 
 ### Graduation Criteria
 
 #### Alpha
 
 - New `int32 NodeMaxCrashLoopBackOff` field in `KubeletFlags` struct, validated
-        to a minimum of 1 and a maximum of 300, naturally ignored by older
-  kubelets/on downgrade and explicitly dropped by current and future kubelets
-  when new `EnableKubeletCrashLoopBackoffMax` feature flag disabled
-- New `ReduceDefaultCrashLoopBackoffDecay` feature flag which, when enabled, changes
-  CrashLoopBackOff behavior (and ONLY the CrashLoopBackOff behavior) to a
-  2x decay curve starting at 1s initial value, 1 minute maximum backoff
-  for all workloads, therefore affecting workload configured with
-  `restartPolicy: Always` or `restartPolicy: OnFailure`
+  to a minimum of 1 and a maximum of 300, used when
+  `EnableKubeletCrashLoopBackoffMax` feature flag enabled, to customize
+  CrashLoopBackOff per node
+- New `ReduceDefaultCrashLoopBackoffDecay` feature flag which, when enabled,
+  changes CrashLoopBackOff behavior (and ONLY the CrashLoopBackOff behavior) to
+  a 2x decay curve starting at 1s initial value, 1 minute maximum backoff for
+  all workloads, therefore affecting workload configured with `restartPolicy:
+  Always` or `restartPolicy: OnFailure`
     - Requires a refactor of image pull backoff from container restart backoff
       object
 - Maintain current 10 minute recovery threshold by refactoring backoff counter
   reset threshold and explicitly implementing container restart backoff behavior
   at the current 10 minute recovery threshold
-- Metrics implemented to expose pod and container restart policy statistics,
-  exit states, and runtimes
 - Initial e2e tests completed and enabled
   * Feature flag on or off
 - Test coverage of proper requeue behavior; see
   https://github.com/kubernetes/kubernetes/issues/123602
-- Actually fix https://github.com/kubernetes/kubernetes/issues/123602 if this blocks the
-  implementation, otherwise beta criteria
+- Actually fix https://github.com/kubernetes/kubernetes/issues/123602 if this
+  blocks the implementation, otherwise beta criteria
 - Low confidence in the specific numbers/decay rate
 
 
@@ -1138,6 +1141,7 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
 - High confidence in the specific numbers/decay rate
 - Benchmark restart load methodology and analysis published and discussed with
   SIG-Node
+- Discuss PLEG polling loops and its effect on specific decay rates
 - Additional e2e and benchmark tests, as identified during alpha period, are in
   Testgrid and linked in KEP
 
@@ -1237,13 +1241,13 @@ To use the enhancement, the alpha feature gate is turned on. In the future when
 made, and the default behavior of the baseline backoff curve would -- by design
 -- be changed.
 
-To stop use of this enhancement, the entire cluster must be restarted with the
-`ReduceDefaultCrashLoopBackoffDecay` feature gate turned off. In this case, all
-Pods will be redeployed, so they will not maintain prior state and will start at
-the beginning of their backoff curve. The exact backoff curve a given Pod will
-use will be either the original one with initial value 10s, or the per-node
-configured maximum backoff if the `EnableKubeletCrashLoopBackoffMax` feature
-gate is turned on. 
+To stop use of this enhancement, the entire cluster must be restarted or just
+kubelet must restarts with the `ReduceDefaultCrashLoopBackoffDecay` feature gate
+turned off. Since kubelet does not cache the backoff object, on kubelet restart
+Pods will start at the beginning of their backoff curve. The exact backoff curve
+a given Pod will use will be either the original one with initial value 10s, or
+the per-node configured maximum backoff if the
+`EnableKubeletCrashLoopBackoffMax` feature gate is turned on. 
 
 For `EnableKubeletCrashLoopBackoffMax`:
 
@@ -1259,13 +1263,15 @@ with the `NodeMaxCrashLoopBackOff` kubelet command line flag set.
 To stop use of this enhancement, there are two options. 
 
 On a per-node basis, nodes can be completely redeployed with
-`NodeMaxCrashLoopBackOff` kubelet command line flag unset. <<[UNRESOLVED is this
-true if kubelet restarts tho]>>Since the Pods must be completely redeployed,
-they will lose their prior backoff counter anyways and, if they go on to be
-restarted, will start from the beginning of their backoff curve (either the
-original one with initial value 10s, or the new baseline with initial value 1s,
-depending on whether they've turned on the `ReduceDefaultCrashLoopBackoffDecay`
-feature gate). <</UNRESOLVED>>
+`NodeMaxCrashLoopBackOff` kubelet command line flag unset. Since kubelet does
+not cache the backoff object, on kubelet restart they will start from the
+beginning of their backoff curve (either the original one with initial value
+10s, or the new baseline with initial value 1s, depending on whether they've
+turned on the `ReduceDefaultCrashLoopBackoffDecay` feature gate).
+
+<<[UNRESOLVED]>>Say what happens when `NodeMaxCrashLoopBackOff` exists but
+`EnableKubeletCrashLoopBackoffMax is off, log a warning but drop it (because
+peeps might set it and be like why it no work)<<[/UNRESOLVED]>>
 
 Or, the entire cluster can be restarted with the
 `EnableKubeletCrashLoopBackoffMax` feature gate turned off. In this case, any

From 8b08e002e84c12f15a79a4b2a98b6706479613e4 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Tue, 1 Oct 2024 21:44:38 -0700
Subject: [PATCH 24/36] Specify when node is set but feature gate is off

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 keps/sig-node/4603-tune-crashloopbackoff/README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 9e9fbc1e4b0b..a35989ff8977 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -1269,10 +1269,6 @@ beginning of their backoff curve (either the original one with initial value
 10s, or the new baseline with initial value 1s, depending on whether they've
 turned on the `ReduceDefaultCrashLoopBackoffDecay` feature gate).
 
-<<[UNRESOLVED]>>Say what happens when `NodeMaxCrashLoopBackOff` exists but
-`EnableKubeletCrashLoopBackoffMax is off, log a warning but drop it (because
-peeps might set it and be like why it no work)<<[/UNRESOLVED]>>
-
 Or, the entire cluster can be restarted with the
 `EnableKubeletCrashLoopBackoffMax` feature gate turned off. In this case, any
 Node configured with a different backoff curve will instead use
@@ -1304,6 +1300,11 @@ lower than 300s, it will be honored. In other words, operator-invoked
 configuration will have precedence over the default, even if it is slower, as
 long as it is valid.
 
+If `NodeMaxCrashLoopBackOff` exists but `EnableKubeletCrashLoopBackoffMax` is
+off, kubelet will log a warning but will not honor the
+`NodeMaxCrashLoopBackOff`. In other words, operator-invoked per node
+configuration will not be honored if the overall feature gate is turned off.
+
 scenario | ReduceDefaultCrashLoopBackoffDecay | EnableKubeletCrashLoopBackoffMax | Effective initial value
 ---------|---------|----------|---------
 _today's behavior_ | disabled | disabled | 10s

From 6f13d3bd18e4aa900679bc9d4e8c9d444b2018a4 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Wed, 2 Oct 2024 11:26:49 -0700
Subject: [PATCH 25/36] Change from kubelet flags to KubeletConfiguration for
 per node config

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 89 ++++++++++++-------
 1 file changed, 59 insertions(+), 30 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index a35989ff8977..07c607c0dfaa 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -584,7 +584,7 @@ required) or even code snippets. If there's any ambiguity about HOW your
 proposal will be implemented, this is the place to discuss them.
 -->
 
-### Front loaded decay curve methodology
+### Front loaded decay curve, modified maximum backoff methodology
 As mentioned above, today the standard backoff curve is a 2x exponential decay
 starting at 10s and capping at 5 minutes, resulting in a composite of the
 standard hockey-stick exponential decay graph followed by a linear rise until
@@ -702,7 +702,7 @@ that even in the unlikely case of mass pathologically crashing and instantly
 restarting pods across an entire node, cluster operations proceeded with
 acceptable latency, disk, cpu and memory. Worker polling loops, context
 timeouts, the interaction between various other backoffs, as well as API server
-rate limiting made up the gap to the stability of the system.Therefore, to
+rate limiting made up the gap to the stability of the system. Therefore, to
 simplify both the implementation and the API surface, this 1.32 proposal puts
 forth that the opt-in will be configured per node via kubelet configuration.
 
@@ -715,17 +715,13 @@ Since this is a per-node configuration that likely will be set on a subset of
 nodes, or potentially even differently per node, it's important that it can be
 manipulated per node. By default `KubeletConfiguration` is intended to be shared
 between nodes, but the beta feature for drop-in configuration files in a
-colocated config directory cirumvent this. However, it is still the opinion of
-the author it is better manipulated with a command-line flag, so lifecycle
-tooling that configures nodes can expose it more transparently.
-
-Exposed command-line configuration for Kubelet are defined by [`struct
-KubeletFlags`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/options/options.go#L54)
-and merged with configuration files in [`kubelet/server.go
-NewKubeletCommand`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/server.go#L141).
-To expose the configuration of this feature, a new field will be added to the
-`KubeletFlags` struct called `NodeMaxCrashLoopBackOff` of `int32` type that will
-be validated in kubelet at runtime, as a value over `1` and under 300s.
+colocated config directory cirumvent this. In addition, `KubeletConfiguration`
+drops fields unrecognized by the current kubelet's schema, making it a good
+choice to circumvent compatability issues with n-3 kubelets. While there is an
+argument that this could be better manipulated with a command-line flag, so
+lifecycle tooling that configures nodes can expose it more transparently, the
+advantages to backwards compatability outweigh this consideration for the alpha
+period and will be revisted before beta.
 
 ### Refactor of recovery threshold
 
@@ -1112,7 +1108,7 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
 
 #### Alpha
 
-- New `int32 NodeMaxCrashLoopBackOff` field in `KubeletFlags` struct, validated
+- New `int32 crashloopbackoff.max` field in `KubeletConfiguration` API, validated
   to a minimum of 1 and a maximum of 300, used when
   `EnableKubeletCrashLoopBackoffMax` feature flag enabled, to customize
   CrashLoopBackOff per node
@@ -1258,12 +1254,12 @@ To make use of this enhancement, on cluster upgrade, the
 `EnableKubeletCrashLoopBackoffMax` feature gate must first be turned on for the
 cluster. Then, if any nodes need to use a different backoff curve, their kubelet
 must be completely redeployed either in the same upgrade or after that upgrade
-with the `NodeMaxCrashLoopBackOff` kubelet command line flag set.
+with the `crashloopbackoff.max` `KubeletConfiguration` set.
 
 To stop use of this enhancement, there are two options. 
 
 On a per-node basis, nodes can be completely redeployed with
-`NodeMaxCrashLoopBackOff` kubelet command line flag unset. Since kubelet does
+`crashloopbackoff.max` `KubeletConfiguration` unset. Since kubelet does
 not cache the backoff object, on kubelet restart they will start from the
 beginning of their backoff curve (either the original one with initial value
 10s, or the new baseline with initial value 1s, depending on whether they've
@@ -1291,8 +1287,9 @@ configured to 1s. In other words, operator-invoked configuration will have
 precedence over the default if it is faster.
 
 If on a given node at a given time, the per-node configured maximum backoff is
-lower than 1 second or higher than the 300s, validation will
-fail and the kubelet will crash.
+lower than 1 second or higher than the 300s, validation will fail and the
+kubelet will crash/be unable to start, like it does with other invalid kubelet
+configuration today.
 
 If on a given node at a given time, the per-node configured maximum backoff is
 higher than the current initial value, but within validation limits as it is
@@ -1300,10 +1297,11 @@ lower than 300s, it will be honored. In other words, operator-invoked
 configuration will have precedence over the default, even if it is slower, as
 long as it is valid.
 
-If `NodeMaxCrashLoopBackOff` exists but `EnableKubeletCrashLoopBackoffMax` is
-off, kubelet will log a warning but will not honor the
-`NodeMaxCrashLoopBackOff`. In other words, operator-invoked per node
-configuration will not be honored if the overall feature gate is turned off.
+If `crashloopbackoff.max` `KubeletConfiguration` exists but
+`EnableKubeletCrashLoopBackoffMax` is off, kubelet will log a warning but will
+not honor the `crashloopbackoff.max` `KubeletConfiguration`. In other words,
+operator-invoked per node configuration will not be honored if the overall
+feature gate is turned off.
 
 scenario | ReduceDefaultCrashLoopBackoffDecay | EnableKubeletCrashLoopBackoffMax | Effective initial value
 ---------|---------|----------|---------
@@ -1315,8 +1313,8 @@ _slower per node config_ | enabled | 10s | 10s
 " |  enabled | 300s | 300s
 " |  disabled | 11s | 11s
 " |  disabled | 300s | 300s
-_invalid per node config_ | enabled | 301s | kubelet crashes
-" | disabled | 301s | kubelet crashes
+_invalid per node config_ | disabled | 301s | kubelet crashes
+" | enabled | 301s | kubelet crashes
 
 
 ### Version Skew Strategy
@@ -1338,18 +1336,25 @@ For both the default backoff curve and the per-node, no coordination must be
 done between the control plane and the nodes; all behavior changes are local to
 the kubelet component and its start up configuration. An n-3 kube-proxy, n-1
 kube-controller-manager, or n-1 kube-scheduler without this feature available is
-not affected when this feature is used, since it does not depend on
-kube-controller-manager or kube-scheduler. Code paths that will be touched are
-exclusively in kubelet component.
+not affected when this feature is used, nor will different CSI or CNI
+implementations. Code paths that will be touched are exclusively in kubelet
+component.
 
 An n-3 kubelet without this feature available will behave like normal, with the
-original CrashLoopBackOff behavior. It cannot ingest flags for per node config
-and if one is specified on start up, kubelet flag validation will fail.
+original CrashLoopBackOff behavior. It will drop unrecognized fields in
+`KubeletConfiguration` by default for per node config so if one is specified on
+start up in a past kubelet version, it will not break kubelet (though the
+behavior will, of course, not change).
+
+While the CRI is a consumer of the result of this change (as it will recieve
+more requests to start containers), it does not need to be updated at all to
+take advantage of this feature as the restart logic is entirely in process of
+the kubelet component.
 
 ## Production Readiness Review Questionnaire
 
 <<[UNRESOLVED removed when changing from 1.31 proposal to 1.32 proposal,
-incoming in separate PR]>> <<[/UNRESOLVED]>>
+incoming in separate commit]>> <<[/UNRESOLVED]>>
 
 ## Implementation History
 
@@ -1372,6 +1377,8 @@ Major milestones might include:
 * 06-06-2024: Removal of constant backoff for `Succeeded` Pods
 * 09-09-2024: Removal of `RestartPolicy: Rapid` in proposal, removal of PRR, in
   order to merge a provisional and address the new 1.32 design in a cleaner PR
+* 09-20-2024: Rewrite for 1.32 design focused on per-node config in place of
+  `RestartPolicy: Rapid`
 
 ## Drawbacks
 
@@ -1638,6 +1645,28 @@ situations, while the goal of restarting successful containers is only to get
 them to run again sometime and not penalize them with longer waits later when
 they've behaving as expected.
 
+### Exposing per-node config as command-line flags
+
+Command-line configuration is more easily and transparently exposed in tooling
+used to bootstrap nodes via templating. Exposed command-line configuration for
+Kubelet are defined by [`struct
+KubeletFlags`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/options/options.go#L54)
+and merged with configuration files in [`kubelet/server.go
+NewKubeletCommand`](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/server.go#L141).
+To expose configuration as a command-line flag, a new field would be added to
+the `KubeletFlags` struct to be validated in kubelet at runtime.
+
+**Why not?**: Per comments in the code at [this
+location](https://github.com/kubernetes/kubernetes/blob/release-1.31/cmd/kubelet/app/options/options.go#L52),
+it seems we don't want to continue to expose configuration at this location. In
+addition, since config directories for kubelet config are now in beta
+([ref](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)),
+there is a reasonable alternative to per-node configuration using the
+`KubeletConfiguration` API object instead. By using the API, we can take
+advantage of API machinery level lifecycle, validation and guarantees, including
+that unrecognized fields will be dropped in older versions of kubelet, which is
+valuable for version skew requirements we must meet back to kubelet n-3. 
+
 ### Front loaded decay with interval
 In an effort
 to anticipate API server stability ahead of the experiential data we can collect

From e4c8ce485805ef0027e4bb946ddbcca07dccbdfd Mon Sep 17 00:00:00 2001
From: lauralorenz <lauralorenz@google.com>
Date: Wed, 2 Oct 2024 18:32:56 +0000
Subject: [PATCH 26/36] update toc

Signed-off-by: lauralorenz <lauralorenz@google.com>
---
 keps/sig-node/4603-tune-crashloopbackoff/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 07c607c0dfaa..52f8485a145b 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -93,7 +93,7 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
   - [Risks and Mitigations](#risks-and-mitigations)
 - [Design Details](#design-details)
-  - [Front loaded decay curve methodology](#front-loaded-decay-curve-methodology)
+  - [Front loaded decay curve, modified maximum backoff methodology](#front-loaded-decay-curve-modified-maximum-backoff-methodology)
   - [Per node config](#per-node-config)
   - [Refactor of recovery threshold](#refactor-of-recovery-threshold)
   - [Conflict resolution](#conflict-resolution)
@@ -125,6 +125,7 @@ tags, and then generate with `hack/update-toc.sh`.
     - [On Success and the 10 minute recovery threshold](#on-success-and-the-10-minute-recovery-threshold)
       - [Related: API opt-in for flat rate/quick restarts when transitioning from <code>Succeeded</code> phase](#related-api-opt-in-for-flat-ratequick-restarts-when-transitioning-from-succeeded-phase)
       - [Related: <code>Succeeded</code> vs <code>Rapid</code>ly failing: who's getting the better deal?](#related-succeeded-vs-rapidly-failing-whos-getting-the-better-deal)
+  - [Exposing per-node config as command-line flags](#exposing-per-node-config-as-command-line-flags)
   - [Front loaded decay with interval](#front-loaded-decay-with-interval)
   - [Late recovery](#late-recovery)
   - [More complex heuristics](#more-complex-heuristics)

From 6ab6e96192870e1102f96bf72e44319a36439817 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Wed, 2 Oct 2024 12:26:32 -0700
Subject: [PATCH 27/36] PRR and welcome back to soltysh as my reviewer O:)

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 keps/prod-readiness/sig-node/4603.yaml        |   3 +
 .../4603-tune-crashloopbackoff/README.md      | 504 +++++++++++++++++-
 .../4603-tune-crashloopbackoff/kep.yaml       |  11 +-
 3 files changed, 501 insertions(+), 17 deletions(-)
 create mode 100644 keps/prod-readiness/sig-node/4603.yaml

diff --git a/keps/prod-readiness/sig-node/4603.yaml b/keps/prod-readiness/sig-node/4603.yaml
new file mode 100644
index 000000000000..222473fbd251
--- /dev/null
+++ b/keps/prod-readiness/sig-node/4603.yaml
@@ -0,0 +1,3 @@
+kep-number: 4603
+alpha:
+  approver: "@soltysh"
diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 52f8485a145b..fdf7f3141c9f 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -508,10 +508,10 @@ Some observations and analysis were made to quantify these risks going into
 alpha. In the [Kubelet Overhead Analysis](#kubelet-overhead-analysis), the code
 paths all restarting pods go through result in 5 obvious `/pods` API server
 status updates; when observed empirically in an active cluster, while we do see
-an initial surges in `/pods` API traffic to ~5 QPS when deploying 110 mass
-crashing pods for our tests, even with instantly crashing pods and
-intantaneously restarting CrashLoopBackOff behavior, `/pods` API requests
-quickly normalized to ~2 QPS due to rate limiting. In the same tests, runtime
+an initial surges in `/pods` API traffic to the kubelet client side rate limit
+of ~5 QPS when deploying 110 mass crashing pods for our tests, even with
+instantly crashing pods and intantaneously restarting CrashLoopBackOff behavior,
+`/pods` API requests quickly normalized to ~2 QPS. In the same tests, runtime
 CPU usage increased by x10 and the API server CPU usage increased by 2x.
 
 For both of these changes, by passing these changes through the existing
@@ -553,7 +553,7 @@ change the state transition would increase at its fastest period from ~550
 requests/10s to ~5500 requests/10s, or 10x. In conjunction, the lowered backoff
 would continuously add 5 excess restarts every five minutes compared to today's
 behavior, so each crashing pod would be adding an excess of 25 pod state
-transition AIP requests, for a total of 2750 excess API requests for a node
+transition API requests, for a total of 2750 excess API requests for a node
 fully saturated with crashing pods.
 
 For the per node case, because the change could be more significant, with nearly
@@ -1123,8 +1123,13 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
 - Maintain current 10 minute recovery threshold by refactoring backoff counter
   reset threshold and explicitly implementing container restart backoff behavior
   at the current 10 minute recovery threshold
-- Initial e2e tests completed and enabled
-  * Feature flag on or off
+- Initial e2e tests setup and enabled
+- Initial unit tests covering new behavior
+  - Especially confirming the backoff object is set properly depending on the
+feature gates set as per the [Conflict Resolution](#conflict-resolution) policy
+- Test proving `KubeletConfiguration` objects will silently drop unrecognized
+  fields in the `config.validation_test` package
+  ([ref](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/apis/config/validation/validation_test.go)).
 - Test coverage of proper requeue behavior; see
   https://github.com/kubernetes/kubernetes/issues/123602
 - Actually fix https://github.com/kubernetes/kubernetes/issues/123602 if this
@@ -1239,7 +1244,7 @@ made, and the default behavior of the baseline backoff curve would -- by design
 -- be changed.
 
 To stop use of this enhancement, the entire cluster must be restarted or just
-kubelet must restarts with the `ReduceDefaultCrashLoopBackoffDecay` feature gate
+kubelet must restart with the `ReduceDefaultCrashLoopBackoffDecay` feature gate
 turned off. Since kubelet does not cache the backoff object, on kubelet restart
 Pods will start at the beginning of their backoff curve. The exact backoff curve
 a given Pod will use will be either the original one with initial value 10s, or
@@ -1354,8 +1359,486 @@ the kubelet component.
 
 ## Production Readiness Review Questionnaire
 
-<<[UNRESOLVED removed when changing from 1.31 proposal to 1.32 proposal,
-incoming in separate commit]>> <<[/UNRESOLVED]>>
+<!--
+
+Production readiness reviews are intended to ensure that features merging into
+Kubernetes are observable, scalable and supportable; can be safely operated in
+production environments, and can be disabled or rolled back in the event they
+cause increased failures in production. See more in the PRR KEP at
+https://git.k8s.io/enhancements/keps/sig-architecture/1194-prod-readiness.
+
+The production readiness review questionnaire must be completed and approved
+for the KEP to move to `implementable` status and be included in the release.
+
+In some cases, the questions below should also have answers in `kep.yaml`. This
+is to enable automation to verify the presence of the review, and to reduce review
+burden and latency.
+
+The KEP must have a approver from the
+[`prod-readiness-approvers`](http://git.k8s.io/enhancements/OWNERS_ALIASES)
+team. Please reach out on the
+[#prod-readiness](https://kubernetes.slack.com/archives/CPNHUMN74) channel if
+you need any help or guidance.
+-->
+
+### Feature Enablement and Rollback
+
+<!--
+This section must be completed when targeting alpha to a release.
+-->
+
+###### How can this feature be enabled / disabled in a live cluster?
+
+<!--
+Pick one of these and delete the rest.
+
+Documentation is available on [feature gate lifecycle] and expectations, as
+well as the [existing list] of feature gates.
+
+[feature gate lifecycle]: https://git.k8s.io/community/contributors/devel/sig-architecture/feature-gates.md
+[existing list]: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
+-->
+
+- [x] Feature gate (also fill in values in `kep.yaml`)
+  - Feature gate name: `ReduceDefaultCrashLoopBackoffDecay`
+    - Components depending on the feature gate: `kubelet`
+  - Feature gate name: `EnableKubeletCrashLoopBackoffMax`
+    - Components depending on the feature gate: `kubelet`
+
+###### Does enabling the feature change any default behavior?
+
+<!--
+Any change of default behavior may be surprising to users or break existing
+automations, so be extremely careful here.
+-->
+
+Yes, `ReduceDefaultCrashLoopBackoffDecay` changes the default backoff curve for
+exiting Pods (including sidecar containers) when `restartPolicy` is either `OnFailure`
+or `Always`.
+
+Since we currently only have anecdotal benchmarking, the alpha will implement
+more conservative modeled initial value and maximum backoff, though less
+conservative from the 1.31 proposal as initial manual data indicated faster
+maximum backoff caps were safe. The new values for all CrashLoopBackOff behavior
+for all workloads will be intial value=1s, max=60s. (See [this
+section](#front-loaded-decay-curve-modified-maximum-backoff-methodology) for
+more rationale.)
+
+###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
+
+<!--
+Describe the consequences on existing workloads (e.g., if this is a runtime
+feature, can it break the existing applications?).
+
+Feature gates are typically disabled by setting the flag to `false` and
+restarting the component. No other changes should be necessary to disable the
+feature.
+
+NOTE: Also set `disable-supported` to `true` or `false` in `kep.yaml`.
+-->
+
+Yes, disable is supported.
+
+For `ReduceDefaultCrashLoopBackoffDecay`, if this is disabled, once kubelet is
+restarted it will initialize the default backoff to the prior initial value of
+10s, and all restart delays thereafter will be calculated against this equation.
+Since changing this configuration will at minimum require a restart of kubelet
+to take effect, restart delays will begin at the beginning of their backoff
+curve since the backoff is not cached between kubelet restarts.
+
+For `EnableKubeletCrashLoopBackoffMax`, similarly, if this is disabled, once
+kubelet is restarted it will initialize the default backoff based on the global
+default -- which will itself depend on whether
+`ReduceDefaultCrashLoopBackoffDecay` is independently turned on or not. For a
+complete workup of the various conflicts possible and how they will be handled,
+see the [Conflict Resolution](#conflict-resolution) section in Design Details.
+
+###### What happens if we reenable the feature if it was previously rolled back?
+
+Both features can also be reenabled.
+
+For `ReduceDefaultCrashLoopBackoffDecay`, if this is reenabled, once kubelet is
+restarted it will initialize the default backoff again to the new initial value
+of 1s and maximum backoff to 1 minute, and all restart delays thereafter will be
+calculated against this equation.
+
+For `EnableRapidCrashLoopBackoffDecay`, if this is disabled, once kubelet is
+restarted it will -- again, as above -- initialize the default backoff based on
+the global default -- which will itself depend on whether
+`ReduceDefaultCrashLoopBackoffDecay` is independently turned on or not. For a
+complete workup of the various conflicts possible and how they will be handled,
+see the [Conflict Resolution](#conflict-resolution) section in Design Details..
+
+###### Are there any tests for feature enablement/disablement?
+
+<!--
+The e2e framework does not currently support enabling or disabling feature
+gates. However, unit tests in each component dealing with managing data, created
+with and without the feature, are necessary. At the very least, think about
+conversion tests if API types are being modified.
+
+Additionally, for features that are introducing a new API field, unit tests that
+are exercising the `switch` of feature gate itself (what happens if I disable a
+feature gate after having objects written with the new field) are also critical.
+You can take a look at one potential example of such test in:
+https://github.com/kubernetes/kubernetes/pull/97058/files#diff-7826f7adbc1996a05ab52e3f5f02429e94b68ce6bce0dc534d1be636154fded3R246-R282
+-->
+
+At minimum, unit tests will be included confirming the backoff object is set
+properly depending on the feature gates set as per the [Conflict
+Resolution](#conflict-resolution) policy.
+
+In this version of the proposal, there are no API schema changes or conversions
+necessary. However it is worth nothing tere is one addition to an API object,
+which is a new field in the `KubeletConfiguration` Kind. Based on manual tests
+by the author, adding an unknown field to `KubeletConfiguration` is safe and the
+unknown config field is dropped before addition to the
+`kube-system/kubelet-config` object which is its final destination (for example,
+in the case of n-3 kubelets facing a configuration introduced by this KEP). This
+is not currently tested as far as I can tell in the tests for
+`KubeletConfiguration` (in either the most likely location, in
+[validation_test](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/apis/config/validation/validation_test.go),
+nor other tests in the [config
+package](https://github.com/kubernetes/kubernetes/tree/005f184ab631e52195ed6d129969ff3914d51c98/pkg/kubelet/apis/config))
+and discussions with other contributors indicate that while little in core
+kubernetes does strict parsing, it's not well tested. At minimum as part of this
+implementation a test covering this for `KubeletConfgiuration` objects will be
+included in the `config.validation_test` package.
+
+### Rollout, Upgrade and Rollback Planning
+
+<!--
+This section must be completed when targeting beta to a release.
+-->
+
+###### How can a rollout or rollback fail? Can it impact already running workloads?
+
+<!--
+Try to be as paranoid as possible - e.g., what if some components will restart
+mid-rollout?
+
+Be sure to consider highly-available clusters, where, for example,
+feature flags will be enabled on some API servers and not others during the
+rollout. Similarly, consider large clusters and how enablement/disablement
+will rollout across nodes.
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+
+###### What specific metrics should inform a rollback?
+
+<!--
+What signals should users be paying attention to when the feature is young
+that might indicate a serious problem?
+-->
+
+This biggest bottleneck expected will be kubelet, as it is expected to get more
+restart requests and have to trigger all the overhead discussed in [Design
+Details](#kubelet-overhead-analysis) more often. Cluster operators should be
+closely watching these existing metrics:
+
+* Kubelet component CPU and memory
+* `kubelet_http_inflight_requests`
+* `kubelet_http_requests_duration_seconds`
+* `kubelet_http_requests_total`
+* `kubelet_pod_worker_duration_seconds`
+* `kubelet_runtime_operations_duration_seconds`
+
+Most important to the perception of the end user is Kubelet's actual ability to
+create pods, which we measure in the latency of a pod actually starting compared
+to its creation timestamp. The following existing metrics are for all pods, not
+just ones that are restarting, but at a certain saturation of restarting pods
+this metric would be expected to become slower and must be watched to determine
+rollback:
+* `kubelet_pod_start_duration_seconds`
+* `kubelet_pod_start_sli_duration_seconds`
+
+
+###### Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?
+
+<!--
+Describe manual testing that was done and the outcomes.
+Longer term, we may want to require automated upgrade/rollback tests, but we
+are missing a bunch of machinery and tooling and can't do that now.
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+
+###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
+
+<!--
+Even if applying deprecation policies, they may still surprise some users.
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+
+### Monitoring Requirements
+
+<!--
+This section must be completed when targeting beta to a release.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+-->
+
+###### How can an operator determine if the feature is in use by workloads?
+
+<!--
+Ideally, this should be a metric. Operations against the Kubernetes API (e.g.,
+checking if there are objects with field X set) may be a last resort. Avoid
+logs or events for this purpose.
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+
+###### How can someone using this feature know that it is working for their instance?
+
+<!--
+For instance, if this is a pod-related feature, it should be possible to determine if the feature is functioning properly
+for each individual pod.
+Pick one more of these and delete the rest.
+Please describe all items visible to end users below with sufficient detail so that they can verify correct enablement
+and operation of this feature.
+Recall that end users cannot usually observe component logs or access metrics.
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release.
+- [ ] Events
+  - Event Reason: 
+- [ ] API .status
+  - Condition name: 
+  - Other field: 
+- [ ] Other (treat as last resort)
+  - Details:
+
+  <<[/UNRESOLVED]>>
+
+###### What are the reasonable SLOs (Service Level Objectives) for the enhancement?
+
+<!--
+This is your opportunity to define what "normal" quality of service looks like
+for a feature.
+
+It's impossible to provide comprehensive guidance, but at the very
+high level (needs more precise definitions) those may be things like:
+  - per-day percentage of API calls finishing with 5XX errors <= 1%
+  - 99% percentile over day of absolute value from (job creation time minus expected
+    job creation time) for cron job <= 10%
+  - 99.9% of /health requests per day finish with 200 code
+
+These goals will help you determine what you need to measure (SLIs) in the next
+question.
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+
+###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
+
+<!--
+Pick one more of these and delete the rest.
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release.
+
+- [ ] Metrics
+  - Metric name:
+  - [Optional] Aggregation method:
+  - Components exposing the metric:
+- [ ] Other (treat as last resort)
+  - Details:
+  
+<<[/UNRESOLVED]>>
+
+###### Are there any missing metrics that would be useful to have to improve observability of this feature?
+
+<!--
+Describe the metrics themselves and the reasons why they weren't added (e.g., cost,
+implementation difficulties, etc.).
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+
+### Dependencies
+
+<!--
+This section must be completed when targeting beta to a release.
+-->
+
+###### Does this feature depend on any specific services running in the cluster?
+
+<!--
+Think about both cluster-level services (e.g. metrics-server) as well
+as node-level agents (e.g. specific version of CRI). Focus on external or
+optional services that are needed. For example, if this feature depends on
+a cloud provider API, or upon an external software-defined storage or network
+control plane.
+
+For each of these, fill in the following—thinking about running existing user workloads
+and creating new ones, as well as about cluster-level services (e.g. DNS):
+  - [Dependency name]
+    - Usage description:
+      - Impact of its outage on the feature:
+      - Impact of its degraded performance or high-error rates on the feature:
+-->
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+
+### Scalability
+
+<!--
+For alpha, this section is encouraged: reviewers should consider these questions
+and attempt to answer them.
+
+For beta, this section is required: reviewers must answer these questions.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+-->
+
+###### Will enabling / using this feature result in any new API calls?
+
+<!--
+Describe them, providing:
+  - API call type (e.g. PATCH pods)
+  - estimated throughput
+  - originating component(s) (e.g. Kubelet, Feature-X-controller)
+Focusing mostly on:
+  - components listing and/or watching resources they didn't before
+  - API calls that may be triggered by changes of some Kubernetes resources
+    (e.g. update of object X triggers new updates of object Y)
+  - periodic API calls to reconcile state (e.g. periodic fetching state,
+    heartbeats, leader election, etc.)
+-->
+
+It will not result in NEW API calls but it will result in MORE API calls. See
+the [Risks and Mitigations](#risks-and-mitigations) section for the
+back-of-the-napkin math on the increase in especially /pods API endpoint calls,
+which initial benchmarking showed an aggressive case (110 instantly restarting
+single-contaier pods) reaching 5 QPS before slowing down to 2 QPS.
+
+###### Will enabling / using this feature result in introducing new API types?
+
+<!--
+Describe them, providing:
+  - API type
+  - Supported number of objects per cluster
+  - Supported number of objects per namespace (for namespace-scoped objects)
+-->
+
+No, this KEP will not result in any new API types.
+
+###### Will enabling / using this feature result in any new calls to the cloud provider?
+
+<!--
+Describe them, providing:
+  - Which API(s):
+  - Estimated increase:
+-->
+
+No, this KEP will not result in any new calls to the cloud provider.
+
+###### Will enabling / using this feature result in increasing size or count of the existing API objects?
+
+<!--
+Describe them, providing:
+  - API type(s):
+  - Estimated increase in size: (e.g., new annotation of size 32B)
+  - Estimated amount of new objects: (e.g., new Object X for every existing Pod)
+-->
+
+No, this KEP will not result in increasing size or count of the existing API objects.
+
+###### Will enabling / using this feature result in increasing time taken by any operations covered by existing SLIs/SLOs?
+
+<!--
+Look at the [existing SLIs/SLOs].
+
+Think about adding additional work or introducing new steps in between
+(e.g. need to do X to start a container), etc. Please describe the details.
+
+[existing SLIs/SLOs]: https://git.k8s.io/community/sig-scalability/slos/slos.md#kubernetes-slisslos
+-->
+
+Maybe! As containers will be restarting more, this may affect "Startup latency
+of schedulable stateless pods", "Startup latency of schedule stateful pods".
+This is directly the type of SLI impact that a) the split between the default
+behavior change and the per node opt in is trying to mitigate, and b) one of the
+targets of the benchmarking period during alpha.
+
+###### Will enabling / using this feature result in non-negligible increase of resource usage (CPU, RAM, disk, IO, ...) in any components?
+
+<!--
+Things to keep in mind include: additional in-memory state, additional
+non-trivial computations, excessive access to disks (including increased log
+volume), significant amount of data sent and/or received over network, etc.
+This through this both in small and large cases, again with respect to the
+[supported limits].
+
+[supported limits]: https://git.k8s.io/community//sig-scalability/configs-and-limits/thresholds.md
+-->
+
+Yes! We expect more CPU usage of kubelet as it processes more restarts. In
+initial manual benchmarking tests, CPU usage of kubelet increased 2x on nodes
+saturated with 110 instantly crashing single-container pods. During the alpha
+benchmarking period, we will be quantifying that amount in fully and partially
+saturated nodes with both the new default backoff curve and the minimum per node
+backoff curve.
+
+###### Can enabling / using this feature result in resource exhaustion of some node resources (PIDs, sockets, inodes, etc.)?
+
+<!--
+Focus not just on happy cases, but primarily on more pathological cases
+(e.g. probes taking a minute instead of milliseconds, failed pods consuming resources, etc.).
+If any of the resources can be exhausted, how this is mitigated with the existing limits
+(e.g. pods per node) or new limits added by this KEP?
+
+Are there any tests that were run/should be run to understand performance characteristics better
+and validate the declared limits?
+-->
+
+Based on the initial benchmarking, no, which was based on manual benchmarking
+tests on nodes saturated with 110 instantly crashing single-container pods.
+However, more "normal" cases (with lower percentage of crashing pods) and even
+more pathological cases (with higher container-density Pods, sidecars, n/w
+traffic, and large image downloads) will be tested further during this alpha
+period to better articulate the risk against the most aggressive restart
+characteristics.
+
+### Troubleshooting
+
+<!--
+This section must be completed when targeting beta to a release.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+
+The Troubleshooting section currently serves the `Playbook` role. We may consider
+splitting it into a dedicated `Playbook` document (potentially with some monitoring
+details). For now, we leave it here.
+-->
+
+###### How does this feature react if the API server and/or etcd is unavailable?
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+
+###### What are other known failure modes?
+
+<!--
+For each of them, fill in the following information by copying the below template:
+  - [Failure mode brief description]
+    - Detection: How can it be detected via metrics? Stated another way:
+      how can an operator troubleshoot without logging into a master or worker node?
+    - Mitigations: What can be done to stop the bleeding, especially for already
+      running user workloads?
+    - Diagnostics: What are the useful log messages and their required logging
+      levels that could help debug the issue?
+      Not required until feature graduated to beta.
+    - Testing: Are there any tests for failure mode? If not, describe why.
+-->
+
+###### What steps should be taken if SLOs are not being met to determine the problem?
+
+<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ## Implementation History
 
@@ -1380,6 +1863,7 @@ Major milestones might include:
   order to merge a provisional and address the new 1.32 design in a cleaner PR
 * 09-20-2024: Rewrite for 1.32 design focused on per-node config in place of
   `RestartPolicy: Rapid`
+* 10-02-2024: PRR added for 1.32 design
 
 ## Drawbacks
 
diff --git a/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml b/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
index 719fe630b37a..0d89c86a4f58 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
+++ b/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
@@ -10,9 +10,8 @@ status: provisional
 creation-date: 2024-04-29
 reviewers:
   - "@tallclair"
-  - "@pehunt"
 approvers:
-  - "SergeyKanzhelev"
+  - "dchen1107"
 
 # see-also:
 #   - "/keps/sig-aaa/1234-we-heard-you-like-keps"
@@ -39,12 +38,10 @@ milestone:
 feature-gates:
   - name: ReduceDefaultCrashLoopBackoffDecay
     components:
-      - kube-apiserver
       - kubelet
-  # - name: EnableRapidCrashLoopBackoffDecay
-  #   components:
-  #     - kube-apiserver
-  #     - kubelet
+  - name: EnableKubeletCrashLoopBackoffMax
+    components:
+      - kubelet
 disable-supported: true
 
 # The following PRR answers are required at beta release

From fb7ed3fab87e624a640ec81d367c873706808aa7 Mon Sep 17 00:00:00 2001
From: lauralorenz <lauralorenz@google.com>
Date: Wed, 2 Oct 2024 19:30:03 +0000
Subject: [PATCH 28/36] Spelling errors and TOC

Signed-off-by: lauralorenz <lauralorenz@google.com>
---
 keps/sig-node/4603-tune-crashloopbackoff/README.md | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index fdf7f3141c9f..56cfa401432e 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -115,6 +115,12 @@ tags, and then generate with `hack/update-toc.sh`.
     - [Conflict resolution](#conflict-resolution-1)
   - [Version Skew Strategy](#version-skew-strategy)
 - [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
+  - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
+  - [Rollout, Upgrade and Rollback Planning](#rollout-upgrade-and-rollback-planning)
+  - [Monitoring Requirements](#monitoring-requirements)
+  - [Dependencies](#dependencies)
+  - [Scalability](#scalability)
+  - [Troubleshooting](#troubleshooting)
 - [Implementation History](#implementation-history)
 - [Drawbacks](#drawbacks)
 - [Alternatives](#alternatives)
@@ -718,10 +724,10 @@ manipulated per node. By default `KubeletConfiguration` is intended to be shared
 between nodes, but the beta feature for drop-in configuration files in a
 colocated config directory cirumvent this. In addition, `KubeletConfiguration`
 drops fields unrecognized by the current kubelet's schema, making it a good
-choice to circumvent compatability issues with n-3 kubelets. While there is an
+choice to circumvent compatibility issues with n-3 kubelets. While there is an
 argument that this could be better manipulated with a command-line flag, so
 lifecycle tooling that configures nodes can expose it more transparently, the
-advantages to backwards compatability outweigh this consideration for the alpha
+advantages to backwards compatibility outweigh this consideration for the alpha
 period and will be revisted before beta.
 
 ### Refactor of recovery threshold
@@ -1352,7 +1358,7 @@ original CrashLoopBackOff behavior. It will drop unrecognized fields in
 start up in a past kubelet version, it will not break kubelet (though the
 behavior will, of course, not change).
 
-While the CRI is a consumer of the result of this change (as it will recieve
+While the CRI is a consumer of the result of this change (as it will receive
 more requests to start containers), it does not need to be updated at all to
 take advantage of this feature as the restart logic is entirely in process of
 the kubelet component.
@@ -1420,7 +1426,7 @@ Since we currently only have anecdotal benchmarking, the alpha will implement
 more conservative modeled initial value and maximum backoff, though less
 conservative from the 1.31 proposal as initial manual data indicated faster
 maximum backoff caps were safe. The new values for all CrashLoopBackOff behavior
-for all workloads will be intial value=1s, max=60s. (See [this
+for all workloads will be initial value=1s, max=60s. (See [this
 section](#front-loaded-decay-curve-modified-maximum-backoff-methodology) for
 more rationale.)
 

From f721bd307b3cbf8d5627b3c3c7e067d57e26e42d Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Wed, 2 Oct 2024 12:31:47 -0700
Subject: [PATCH 29/36] implementable, come at me bots

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 keps/sig-node/4603-tune-crashloopbackoff/kep.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml b/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
index 0d89c86a4f58..a0048b37426f 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
+++ b/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
@@ -6,7 +6,7 @@ owning-sig: sig-node
 # participating-sigs:
 #   - sig-aaa
 #   - sig-bbb
-status: provisional
+status: implementable
 creation-date: 2024-04-29
 reviewers:
   - "@tallclair"

From 53356d7cd05df6bfac95a06eb96bf3e963e7c0a7 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Wed, 2 Oct 2024 12:35:04 -0700
Subject: [PATCH 30/36] Fix incorrect purple line in graphs

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../restarts-vs-elapsed-all.png               | Bin 20140 -> 19500 bytes
 .../restarts-vs-elapsed-new-default.png       | Bin 17002 -> 16381 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-all.png b/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-all.png
index 90aa3d6e50c6c52224d27126083f16bf2fc0b224..3850370af91cd8ea95777296247b1183c4a202f5 100644
GIT binary patch
literal 19500
zcmc$`Wmr`0`z}0yh=PEMh=PQHG>8&PBP!iPr&7`(9W#WAil9<T4oY_q%}|meIdmi4
zF~rQk?0bBk-@E_&-TOG+FZ<p5Ba2yU-EqZvo#%D0_Zn*Q)Rc^r5D0`?QQ?Ue1VXA0
zfsnj9cNSckTktA_K$Q0spU6VJO*babe}kfv2=E`lba##r*FQ4SRor`VPViFFleQ<!
z57d50zi+ktbtmq8mc_?L!RyqQMO!Y?AF_XGpIR?zum3O>=uo0m+Ep*mP18*?EsfBg
znmfo&&#iXuLr-oE?<HogCHrk^RphL}wjM1d8+C#AU(7ay5y!#(7D5Gqu)R0~h6cHG
zyMYt}d3TNEDg+|aa;^wmy7erO9Q<04lotXCe0Ry51Oj>T@qhm<S8W5)IXby{TG4LB
zzdukO*kborPV*}LC$^y6)rB>l8zn4~zWNCwj_Vy9h%&F~fMJ2l=i$<ySf!m_E&e(m
z(=Kp&nz5HDebQ0wzVaef{u9z;ZRog^dBMKEGuvNZWSo*`%dK4+y;G`kFs{Ws&5?7J
zH17uGLAK*K5(y{3;K-;?xFn^ghnS6uX@1Nx?e+UDf8Su{vk*hM;Z<;qOHeyH^4J(d
zBQ`jtjrn;EOz(Eq+}Kt3!1G3(AfauC?{nDuAv|%~7<Or$@s76yT7-(!rWZH;<Zv5{
z-!DGGN+x2gFI9e{{mX6G7lk9-iuzK5!+`)NZoRZ;j80u*Hp1dtM$B}9Nlo5RSbVA&
zOh66oO!b-i?>JX}GMJSO<r|H+hBKYq@~N86hPs=DETApFDxboz1IKq0PN+H$)`ojd
zOsd?hvX6Om^IVPtu=^c$by<&c<`3tfCrHR>dl+PGd$w7``qwqT&8nsKPjGyyBmuuC
z;<-MOrgt-xhPh<6IdmLBz}pND70`w6MmlC@Wwq-tOJfGLo$9JrSw$Sa@dzY{I(v4N
zIZsQiNG~EC$0z(Z)P2t2$}BrBA09fxaS3L3R$yzC4)~)TCsf(A7{8cQ<Boojd5}?t
z-{EF@EFDI;zxH@<30InDRN>^59IMWeU|~E|uT+$XAhilmBY{^zk7sS+2_3QOcgF+9
zsy%Yo_V$nFKh@lwy>$E8ok4!9SH{}sJ7M^pw#}_d*LkJx;j-OK)r460I+$q&4q;bi
z(H2p4xW7N3KK`Ib!h+R*J17A@(?D`~>W<%smDgKNpGP3f`Zm%o=jm;^_NK@>`Jl1c
z83t?nR=bj4&FjRyHp_<1;FHWf!NI{=R{n9Yvyr*eohs92Vq#8M*1iL1>i&?CGy4X|
zw-vwkKb2>!@K=%<Jhx|LD?VZKFmbdu9`-tl8W^Pf;FfIYm;OLXOJIGH4F<ItDx5M5
zKUp)Q>m(17^A^VzZ+DT~ZqGFCxHTdf1Wa%AQ2Foo$vaJDX{O>0uAkqE3cgu)`X@?V
zEA|q(FN`&w&0}@2qkC9zfHoYKc(5_fV3<%9k<2}gf)lik!RmUHzcl<!=%eXcyk=8U
zIM+i}$T85vRm*}vuqGc2$2s_z`5bUf++j#NobnSe<xiN8SJMzVcUu0t$ehUt>7ZC`
zDlPDh-=3h&mpMNxkjZAop(ibU;{tX~Ip*(rMN@mdrRh&_t~Xfq;uzTS@viF}o|b0~
z5SkUAr;6oTd(e({wi4MApeN@ltjF3l?NYw*+?rw*_}cAvZg+s0L0Vd2)`uiteDpBg
zYisJfRS+lCH&EDP6)I|`ml1ZA&rMI3ih<vKpmR9JTgGdiOI@!>`76JNm5z3*xIBL2
zjE^CzU<|6OSJ#LnrSy)@<hf(E^gC&?)>7|z+_|kNwRhDy1L&lJnaG$g2Bp?jE22~0
z%|ityYn=sVsHxN4uc%6YwDG$F6=6xM&gi2OUqp2$RfOhIsB3?kBEOlQ^NQuGj}In?
z15ve>*hh*b3sDPSg-v32*Q3Px*Xnp?(1N<jc4VZZH-_DttUTs4d-HPL`li|59dw<=
z*Qy*!qum5*w}WwnUZhTGiUfwlZzcV!aeai@#T(gqsM?;M!evjb^Fz7uNu#AU9Qe)G
zTlnrpKbAbbw$jSVhsg*v?>KjaYypg?)CZn@1|^Ua-oK=&rFEHhv5CZ5Wb5X@{AK<G
zegSX9SS&Kzu_r;ahdc;oz(yIvV(zir+t_^=djDMfL-(JTdg&u}t$%&H#BIB?80kL#
zC52mGFNVYfz5FD-cANGG%<{^`Y{r^ee1KMYWrhxOa*oP2iw+;l)j|C;-5)`ebsNB5
zy0F}K>!CHa#=1NHsCL-YuX|x7lsm~G!ZicOxcya~eRSzgcI@F^S3Lixk^|f0-Gv<q
zlVToq;g3NM5%yxUC9={yNxV<s!jq*oJ+Dhhqy+{})XNjqB7-FT4qEomqYqP}91Z?s
zSG;EW`ug0`N0WU^^zDm&$qw+Y%e>k{HlKmpIZT;x%jQSN50M!ncAHFiOMGbKSQvJu
zwM!&Sp4f}sXi@CdniZghLenYq8|h<O1<z}<o?Td5y_LeVXK57zueKcTLr0&+dC;fl
zPFgNNC-Z7uHX>kbF`{mN+BG`XkH-6TJbR^|;|?|yyUysjWk)Vj47SPn$eLe+daR|T
zq9~W|oNIMw*N+907r}9#?mmz6SL@h~1h$cs?Qp=A_4G3N25j`7X*Viz9Zk_Niw&x-
zy`KF_edH6j3D2=57bZb}J9|6}Q<=pFN+)rnevB)!b28vr&jwE?rCil0IZmeVfei$R
zHQu)hI9r9y|Fw9MemPIB(OGP?Hq;zv#mvxgN4?yq16c>c$m<fBD<HCHMZI0bG2aMb
z4B3wPV9LRh>lpwS$KF&NqG%Lgh(^Pf5#q}&H$JBR;NII+LgrV!TB?@7bSUZGeaP~6
zjuKfCm`8nrno)`_<ymT@t8_PIqdHsO)6I8fM0N}Qwl@1|W?FKb7`ebMo*fI^;KQbN
z3I0EuoBP!aHmbT-m=RK=6O}*QvzMv8kQsk~TRK|MTEGoNZkF<H0b}nxM#z^;CppwF
zWgmzpL2>I#ORE+46Ar&B6-Bt8h_fdg&TQFK<5hM$$B-xq4NYLm<a$EY!RM(8xZTm0
z&K1buOR8_}RHRy8R^^$|2>gC<=+b6Jpt#2={c2G~R9!WM-j?MG96>7U;p^h{yi%o?
zH6@Qnwoj+du6ds&M4XD^!nK*j?5LUyk2eK<wV3(H4zbclt)uI?M_tMy2<^`do9A*F
zFTm@pRKKQ6;Qs9Gl|Cw1IkF0grzF?G<`Oc^3HXwZUHl64*h<wVfmOu@XAmno%@D1u
zlknY%EC@_2&PkdVeIEw<kKeBKb_=ao?y=xcRK6k<O>-P6%56?}WuEHz2GZ{{?2i8l
z`TcqJfRHlaQ)yAb$+=sRI(9=fbjw^5k(QDOr%&}fHTRR{i&86~pWV`y;gBPjU}WtQ
zpu0hf+Iqq*d+*|eWEM@$<qN|pMlBdobk=k|FiRwERX||WU#(Hc=SW`SB@K09Mczt@
zWvP1h(8iL@E8~HkuCoYuFDp;hbyZyvgJhx!=B+sFb^SY=fgRce37?WKTH5^2-G>qb
z8=>ijtvx;e2J=auY>(HWfqg%dcAEl<fd8GsGP-*12wdBk+$v+8xH$74@1q?XQ0GA9
z-ocYyIzwH3xsO?pJJ&E}#*VKxX{OVZBvkDk<7Z7_E!nE=jt41suX?<of#I8zTDqF2
zGw%_QdosQ2nTLgkS$CB^M0CvVE#QJ8-+tAoKQMxa@VF&aHm&JV9I1c^T{@`;_vu)C
z)t@BSsU4Mtwc^yEj{n)ThRF=c2r3afq9_^VfE#7+{=1a~#Ehicw|h6OMlF3#-E;6I
z8KvC<TQ&w${$?6#ZDxoN_*WC}8&&`FR{9^!h8E;ux$XRAF|t(rn@#G)?TeB}xHx|4
zC<*e<@k4^WTN(9UW1%yINi&wLEG62aL2E<~Dy+a7zw<I!T()T?$!kh+B;xGny{<Rf
zE=xN4+j6OCQYx?qKaR!~IZO<Mx5%ZrXYc!>vRmKxeM%S03nllGwX3&lX$rR4wta+Z
z<&XKVyKC}o_6q)8=<u5QTIq#dd?+hNRJYXexKa$F+f}tqfJun@EZ2lhuRsEC4?-=*
zY{(sXyl}$Xm9RzC$<D-}Sl;-2)W7G!BuqcY3XeBF(Y4+?)zZ|sTJVK7GWe?tAIRK|
z(>?CTaevYoDR>l4nVbGvEjxB;&^%e}QqF;bUPX1OfPqGe#K}X7o)>H56@^S%jnfeY
z9|vg_2{YI)z0&2awcNbC?hDX2n^e=M`K}p}I~7rC23FeP$o#|9?>C_31@qq_N~$u|
z_f?*?sjc;<yno)PZvcZC+?Q;P?5@9SB$d#kDE+%SN7o?SERC+DAo>J@9jG=$e?lFo
zZ)Nk2u1BHr-H$;IhT==azMKuJ9x@m@-}yHHfq?7?^O5e_UBm^uRrmHGg<**>FDM<I
z)Y~8x)W4qEvHNPrh%2rh<$gthD{$aYGeAyQ!M0?Eci`}|gS7U7O?)Q7v79CAs&d<t
z=83E!wS|4jGe4sDAi3P<v8F3Z*3ECJPaWh5DYHiJNuZJ)YV}!h!88Yrla(^ib49#E
z#+fv6vaFv0*2g`a8*KaO{1~E9e$gB)(b&zissWH1OfM|w?m^0)pMiQ6q~vL!6$jiQ
zMrh8by4YA~)zzTl7FoOV8GYeTa0|_c*|tIw-}o+)lk$d5_N7T(t2Sz7WuTD3$OY=`
zWjQBd>vE=bdev1>CyWvD!iF+~|GyM%?PH)UILTw&+Gdfah>4&jmtnuv@c5aC!-zSt
z)Z#a()^Ceoo-|YCL1m0-ycEG+E#<d~_sFBi<=QUXejp!lW2cn+Ex0Y2t>JN;_3y-$
z;2fyp-UCd!KmeCjr>;-z`_5mPFP65z#nSJG{WV_B(zxilHkFFh6zq>M{u0lPvE$PF
zSEq)kMJHU`o;`hv|L#w~O;>=TFuHS~Y?myKr9!0(?SAZ%*fhQ4Kf($%Iis&&zccsq
zJc&+8n%ij3@+ZBgUj+((CSC5C?1=2NQrcPo2)>-p2zloZf-=r&sfkL!og)P#*S{~)
z%^2s?rjfd`F<w4wY7daXs{t&ohk)<t+jwyKPjhkjoH&gFpETLItm9{T>#%z<yxGRc
zZpjXqir40ZEeeY+%+pMLHdO2LYP{TD&wmO)^$qFMdFhGT`T$(4A?$bJqoF*52lgXH
z-vic+rb~jzD5~*W0b71ZUyR+MFQ|p-3j`l&y%<WBo%0bl(0UZp^LnalFk5@09=EC7
zPP;x@+IG4GKW(ccfJ(0IU~_V9m#|=V%6`fc_Tj_CeSo<<0f_cDtG0-<6X&M8qv-J~
zq~v)=FgHA4AvTrvDGps?rHq>ip`9o@oq`ii6sMK9tF<%LJiCR5E2H+m30i2yu1%v*
z!nXY_>8|sw2G5^=7k|4FyO&vNp#CkENy@(x=MTrvvl_X&y84^u^hoJ%VusBs;Dkf?
zr=>Sb>AqVFCkV9)f#*DW1!eG)VR*T-|2)&dDQ>H6Z@^I$eR_7f&0M+(S8CBlgX>U-
zy_m)?isq-Ju+5f|_?P1^u%$$mvMQu2H!4bLcfe9u;CR<zlyW&amc)O(xNUBa#plnZ
zwW+!q+$?%+dzUitS;P%n3R;#j*a^0ZE&_kt1NU5u0>!l9IMQ*xE4poU_WjbjyW+xw
zOSNA?!7^wfi97DkP-W87&N_T(+5Xx4!DN)Wlx>|a#;uTWP=OlNLt%CN=EFrN+$)?W
zCj>F+;<4Gt+i^Eup%SH&Rz0c~mgV~DG3%oP$v%tMMe|W&$=L^Hg$VDt^E_N!#bEcV
z=)7{=P=u2$lZKS}%)o^hJyX}|WB0D(fzdn;l`hHsUb)TEVZul=t@I6q-jGcpRrX|!
zSKD6Go>txA?x}j__}6>n&#_ZHmC$etwn@){jY9ZGGVC-oFgpP4dMM4*px4y{A>CW-
zRzCNmpFO7MSqW>_mj9CY4v(rykf{e+XUC`dJ}qowIL{!;-A7Z^@Sgff^XZ;6VW94`
zkbo6P5VF;(d^xmO7wuiI_7y5c*Lb?xhKn_Fa)mb^?`}B5#Z8s77Q<#Nf5gY6EGlmm
z2jC70bY)I)D8l%Z-&WlS<>P+lF6j6dm53^U`nvbJVw59@J`>5VyuO&=>^VSbewA1M
zvl{^;X3X@bhYCg0N#3S9joHRq7M`p)4AEuyqZdDPuGL)RTq~tTq3*#=y~qDG8_M+x
z$MHp*%t@!}6ID#L?LfxP#u1M4jy7@5c22t?Szt3uzpPWN&V>m?90ok}-G7<Qqg<z(
z{4(p^_HIu7Fgm@!T4#gx*FbdvC`AvOy?@f{jeM62o$HF0@3ViuwD#8;U;@=YhR`L5
zLW|TDw(Q#lHy*k)6x8l29ZtD7X}M%rUphG%8?L{)C3huuQ$J%Y!qV;6i5ox>!~eLE
zC;rHFct6dWlUX?cp|yb`m}+%X4J9}vOPdVUstnU*;LWq>$?we)ic6$$+Xqc}$2XZ>
zIO!xOv!<rCbIKKy?zn{2@>p6@DY#jXrQPv$85y~IN3ziB=#9_R!0z2+uAez07L<#U
zlhOO!N$1E@i)Z$ln2nc*CZt-w*{+qw&(aoL&wm<rb*FZBY+H8jSj<H0Smmhgv9Q)a
zhAK}?;UOXiF)jc<Rvx}^xmF%S?{j**v;mm1Y`yz;CyP}ol2ktV9F=27)8dy<TW%eF
zp_kVaB31||(}XIE8^6^L#}I0m>bw<|PZoCvNEV#O$~x+Xykr>If>fma5Yhq?CR2nJ
zciiO+s!Vg{=PSqrC%AUq5H*b~^-#6P+T|gVqra2VgRgq8QfLuFuivn02`eXhB5S??
z`;624XmSh2fXI}(!Yt<QBK&|DQ<V7%8JUDNbE;$ml$!QhKe28VNTCrKKO&Nj>bCq8
z=N|nV5#hY<qTe^UFD$K%@ETY4qM_M6F=F2+28W-hvakB{<QQm~<yB1i@|fP`{dcBS
z5f#|TjcL?$z5rTLc>(D($%x?pdLw|d5tal0WG5F4bIhI!BV5mj|5^ate8u&brC5qT
zMqO(<zhW9TZsLFD{>gg4Y3;VV4<U14L-`y3v;DeZa>dH)f<y;(&KXvh#6;t0UYeC}
zQt?-^Nzp1~#3D#u=bO|Fojg1y(RpZF-)YrF_(Errp3C}WQw8@^05+RJhJCKh7aZTX
z-+bNFG|AtiEv3M>Tzb~WP;H=k^<&dmpLLR&x`bC~)MBo2MkF&;613@fRo?Az(raA$
zWI%e97Pd`hRPAo-pB!HV6{+kq2g$|BkR!_y_^11L$No18=1_EAMuP}iaZMC;98PtH
zhnIp?sR&VRq*draO1qTlx1pZtYck}X(IyzR61a<j=l19!UiD6^|G(y2j}x7AkIMZ{
zxp@@rKCW7U$~L9&y0rTE*|e95Ib`Lc`FEABSiV<YGsi(Ok-Ngu2-U=gf>WB0xVwB4
zJWl-Q9vLeh$A8lPNXvd3<`T4?HL8X3lg5qq;0<KB&gi$li>GrZmwwsHHhd!s6|W{N
zqAF!OQR&(*zQS#{WmswpzsIz%T3XN0c4}vMoOQ>a)9O|OH>+?+?p@8K4K(3iB^{l@
zoB#dv^#4GD>(oH(R|m5X@|^>^qzK17<HEzn7Rs@_?|a58T~moPHk6WAzo>yx*v=Br
zb;TK~31c6xKe!)H0fEfqdXfxTeKoOe4yCO)!5xmj>XEdWKH2n|--{-svYv24v1yCl
z2}S^MI1U$>02i{aSu3ddf9}=QS5$nT<S}Hh1L$Pf7)U*F8t<c^ayrJw>!yXKbz_X8
zPKkXIfVej+rzrx=m%W}@fQLU8IqvkT`>hQk0BPbi>4E&q>G)z+N59;bpI8f_pf#MV
z_IU8m0EbA1N_(X2Z_7t~R7b#1j{!NX&%mpiAkrN#Y=0Hug<Z*PGh>y8O{j@)lzm(T
zg1}LZW1tQcYDp`NFG4VTt&a%inxSC+)v_UHJ&(4Z9~zcJbILm{lhv75Y`Wv0-uj|&
z=W_N3_N3-iEj}_{VQOM7;lHNzv|N8F@s*l?wPMs=B<#fZ(6Gx4cD!)Cn+yWk28*uT
zEHvTP#a9qgqwaMr$5x{e{ih>}h=;;@>_<z|%k77M1DIvwI967CmCw*ph!z5A(Ayx*
zQx>QbTF}>{EGVd)qZHr!^}ysJ65za}+PDWch5*aw19Z7rAR8VK)A7&3Q4xg?Zl?e9
zD#%|m%ZZMRyv)PRT>>VAE!{m!97fjth#QYy06xDsf?2$}%w_g5O2L$kDAwq-0##tX
zF{Xc{*a8RxK}6e!UZ>+w<E1y}14bwi$v`X#WMb|)jtMb9i2{ZccKNnZsdc#79p{Tc
z&k3v*1xyNqvBye3d!cv*#owQsCWw0#P!))IZ93%Y=I`1pu@eQL&lQ7hN{u?1YDo^G
zC03{FwNHuS&~E?S&#?KVQA{=WP2!Mz<jZw(%C%gC;ivv^&#AwflF!qVyuoRu#u%)b
z&Qqe+#OAzABRk2JHKXK3qpS1xih#pNQDeAk`izo=sg4!#QcAz$Xvt5IMizs4sBamf
ziSkpR60mg#0F=BMbpR%128Jl0weWW$N<=KV)|VPeRRD5^8DB8Z-|@t}INY2Z%GDEK
zFb==|pcSm(B13jbj>%u%88=i>Zv_O8rHy#|f?{^%*p?+*p^<0dj0Q<!9(e$Dh*-3K
zr0fAEI67YARft&`Xd~AHzEK7WAMDedGCKxy6VFjA5&t6>K*FOW4<}w7fP^M0Rp_&~
zI8-0t2k`&ba;M3$&FZy+f1bky;2{yE&e)9<J@@?6ehH-zL$uR-0f9D29=iU9<r=FB
z9JzXhNFes;d9y$u?GvCraA*i5;jd(r@Gb(0vRy!n54r|X4v8@dz@T?lfG__{{qwIQ
z^GE>Gw|utL3mg!<Wu_s>sk%DnAHQB3^B@C}!xvw^sr7K9Y=E2i+vp9VDrDJyk--?V
zH9hUIkp26=yR=Jo?OAHZN?QFZ!nxKtKlc2YM4ie2xlZ)r_fN3AD~m-ba(=S1K{YqK
z1)^vbm$tK@T@Yo}5Fjx)KSo<b-Boos!D4pq1H#bf%@WwbL3ghiAaEGFq_f%gBum1+
z*kzBA>woy*T(xj@xN&kAR3`Sr1xXv@6+L5RwibMbWm((6Ge0M`mJ`DpRe|rp`pRZ&
zAs5&~55TY+<{OqPr3WT=P8L0v%QdM%);!RdH_~wjE2oeq)wP8p)Ke7*X@QtJesT+K
zSWfhBnT3RV&x5H7_CGe7XQjr!Ci=}2yWKw>{FSR?<+&h;bRbM_|23<26@-)|i?JiH
zPK1fY-%AQFv&hKxlEl4`!uCT)rS?~d-l6dvK=CjNJy7uM+YCSaYrv1M@*6J)=c*-%
zje=EQ?J4;3*S)IvOsWUTbt#KLp!(BOQ2ftDUbA`$7UPvm9uMCWhhyo8Sw$D1VuEuY
zy;=k>k@)L^F+kWf_{wi$?1I^8W5ty||LZ$cU{l;JjJYb~?^}J4W<vZm{OiC;!~FKc
zgLB{0abQa?Jtlf<XPM);2oEQxOCvgz6}HT>`0+1iAY(`ry^<yUs%KW~4ySHcc0!1O
zN5PipJD?u_FTNvt`R^;U>--K4r|SbuT!de=oD=um&oVp1^>=m7u(Put{1)G;oUvQ(
z{r=a&&-J$}2I_!Na-R;Evot8w+~<v{flNlOw^ffT_-oN`@Bb0%@7q2Gc2nq=gOo}H
z0dS0rR$|6!=L`gL%r0>uBr-UUjDqIq=jWirv-+5|VXvh5CZPZTXuoy>4~^M6Ih_7P
zp{L|K#Ma4?Niw7=I%!Enl@(q&7KyFB-a9`THbB*n2_pqzq|6STb2RT9y`LzHiaZn7
zWgAFLqVeZ+EIeAT+l-Ji7@N~d9kH=q0}<`9h2e@%@T_%Xu|->TAl1Ux0pbSz5x^8O
zK610HZOs8HsX(yXEfD@v&JqR7f8qqOn51=m=I+L5p3PMRrte9#RuEW>r--xy(7Se(
zz)-ZU08z1Xsta<_D+|+`hL5O=HY?|8L`n1BqG?;}wK5NL3+u;t&O;z>s-lUifXSSi
zCYq`Q_O3j5wC%UI=J=0n4gK!meN8`sZAYvWi!us9gLD9d01?y*cIgRcCP}Pa(cp8n
z<~5!MG5@2Y?j-SHC)9~2iW6+erSM-<sq(bI{egsxbe`U1kZl1^-WV(IV)0$RS+o2j
zZ2i}R9(Ry|0axG;{3r1i(A{0tbv0dtftt+X_v*tRA!6{4kqe4$E!8qlhu9yikHRkf
zxkxl4^hd)FQ$9<~494_Vu2kNAoJgFbd*)*><H<FUhR1xCl5D_sBX7#R^=2o5$Xprp
zF-aPsH_q0^0h`3%dPok2V**NAr}lvGLf0V!n<_!k{pURG;FW!SE>zkXD(`6<HT3nD
z-&)BmwA%)zM{HnS+Cb%SmJxlCx;phU*s#FmtXpzqZ@G)Ktj?18>eT}qqD&JiS_T}g
zEs%Tbx&}7B>zVqb>s<yRu?@hsiBzX6#w&fIKpEW$OSueYNEuJ&Tz_nR`0F-+rNw@B
zq98Ya16p=Xs1Q#jqu`4t{w~f?;)7$Jda1ws#fM<A%qCH9<|;C8B()#R`eNVdFjkh`
z{Y~(8st;I1yH%&XMheyzoKg1N+|kZFOc445WE5g_5SD!#lGy;_@`k)L_6uS|$a!jF
ztipNgti0o7b@`;nun7?u%|QFB6huFB6|Dj)B;UBIUm#fG^R+im6gC<_lZ2PQ_uE4M
z1s*5ML*uFYzCiM?9@mZ{*H@Q5DU$?12!>2$%$b{eaR|}}x`69J6md-4Via6iAbXoP
zK*p<HWtyGwxg|*XzW1>HP}1)NGwcYMz5+3A+0HP5`sHNJZ#=|q062JP#iVC~$*XQ*
z&x28$aWFg^`=Pw|Jp*J}<)7SuGM)>x{%3o@)`W!#*?vmBcd}~sF#cwL3R^huJf^gS
z##~4G9XjEf80s~+1sEd9^_LLvdOwH2;B=6LLAvRl+f$Q1**~%m_@e$V@cgX2S}A2W
z$jP9eEr+Z1*~8yzmwT_N@EUu#<xHgDCbCL=@AhLcYx!1Pu?4z3!{DjU89(QP<h!#1
za#~B_S*UWlVXn&J@!%I2D4B=}?Uv3%)p#MUsXJMl0*n%a0&*YtS8lMx>}x8JAA7B{
zD_3a^RqKR#{C>35k_iZuIZ_#e8qa)_e}O6+!&L#(^|RDEF2e518sint2(W&<0avu%
zuu~QB*R0<k7Rs6-`mX16z~RrOY->;$dTvrp03yo1@5fW(0=<h&4!rL=*WwM&{Un8L
zFRxCqQ~dZi=e;FKY;Z15L1mL<(-M)RN!lXwy;jbml3&B@F`Uv`-)RZ*o#rS2Dby?y
z55f4qhiVA3Kf8Hpbtpe!4fRKq>Mj)wm}|!%eY*T77XHe9iv`fVvB)4xA32~PZ=uE2
zu0^q<%wN^=;lqb@&@fa?6nzCKAu{2@UYo{igV|94SAD!b@09fz9XkL~o_|Vi7RgFD
zY7+s}izw&V8wS(mm@|-+#XjbP`PT4PK{2GflO3(MopVBgLrk9@R5*fGi_LPe_kh_M
z!q{j@--STz?qkScOG#eFE;<?-Gn-oSm@fl=%d5?*z!Hx&T~Xiav#iYbE#CpB42-t`
zGIIe{crcI7lRvwc+_G+fFaqM;N0tR500VM_v;VoX)HfI<K2W2nh=C_l1^|rtpqT!q
zH&iFLvYxqJHb0iTe@7Vt89cLEb_$w_qA3eNuhBe%oUmLP83>(Ow`;J>p&>kyr_Tb4
zH0p?u^P-^Sm^FxILqI|G4v*QqJlOk`k?AtpOpPoL08t~5*4F!#1<J)dRx4}m3+sl6
zS)I5NzMTC0NC4eh?eq3|WrK6#iAjk_-)zQe++p3XS?&EELd0*TiV#SSh-8`%7|D(y
zkL0E`SU;HH;6*UK)!{;C3Yr@(g&`2-0pO-o3}lcLrSURbZU0`4@OCKx>))DX%@R}0
zS>+zq!LKSLu{jEu+VpW})Fg5DVp8|UK%q3>a|t>y6U%3We~}gRzliN+fUaoRL=j-)
z^#L_zS0I7hR-h)_k(ER9W-Xn|QNF<TcdfIW_5&Bs)7@<mFQ#RY`1XP94zUbjlLKo|
zVp`{0)sO?An-fHn`VQq05!G-upPt|xK`YRXVea$hw^dH}WVng&A+6Y9^!{J0o(J%~
zHPuz#?J&rB;vEVv0H^>hO5eQm(EuenY)#d{1lh8I39X(1fLZR)ckx%8C&(rSAU#dK
ziUT1<&v#A%;1m;cU_<7hUj!2dv0V^qs9w#<o%qHE(1<57VNe)@TCs*7qzty{<x9@D
zpM88cY#7cY`a7vP&;k6se?-sMJy7iIs=;f<pC%y@m%-NWzTZ4E*f3K4KqE*8Sd!z<
z5A<L#7GNo^D6EWzcuo0an!rym{OUc{)w`WMb&;U@0tJR=WdV<DJ`rHO1W;!`jKrYB
zHjrM3V#<H78+4}WejToKwZMUvCgKf=hKwEoKoHmoeQ*fM3lN9q8OS=>Gl}+loK;yl
z0z%c5!t!__+eoJG%<m|{^^{f(lzI7&Gv&Ig$dc#HXHnNQo<BNY1Q3mmH7Q66W3@h|
zL?lnH3&2JR2%uF=g@MNHwrQyX+W_6!1BmLbQwVmdoPx!>A)JpC(vY3PX4e_bwV9YU
zV+Se?q*d2d)U}JmWhde+ix01DvG~0nffx#i41XSIrokR;tda5vQ`z;}dpJ?J@%;n0
z{=Bsv0ZGIDa0=;|P<J#J=DC(%fqhB>dH2y!^{!gtwXK$dnlTR=QneWH<Z5L()z>-2
zV)Gv#tOrx^7g4bK-}|l$5_MJ{pfW&GS|H_-l(pQPs2Vh!jRpvfoH)*%JR$uotR8v!
zU%<r2DPu)6L8xs`F=cR0%8=bD{&;goRK^M{xv=-PxoBjK^b@jXAqeD05$IWCdgx-F
z4Y3D-3??`Oo|%?9qojib;NKB|FsBiOxiQZP`k@|hx$Q90Ok?2U#E@uWl4u8_ix=~1
z05H{}|56{O7r1qb(?VSAHh?4pM2PE!#l#{dCOW#(Kc4)H0C2TB>}u|2L8JDgl=1#_
z<&93BLY1)#qd*(7pRTVXVl2Z7Cr3cb=n<<UHEMG8RU<S|jTrPX%YDtU0%n^GWV?@F
zT)BJ`HI2?*4)Gx7ad^GuxCUSJ+lY%E9~=NfM!eNc-HQx#o(P%RV*se=z4ER$_Sze$
ztM5?s9jc;LbS?vYbFeXlBHwAUnm(BV(#{-imhPJ8Zj(ZqJ5}d54(J{H3z?~Zlg$ty
zm{{QXIg0~o;`vP=FI9d2GAvB$r(vJ|WmNdFxCZ?lkXy!zEkaL#T2c-O=B~|%roG?d
zJ)6MIw0A3mElG4k&Qh-f2(wvk_XGMsr_ZMzxZ7BsK`F6xg#J!jBBx=Ml7QKyY+m8z
z<yGO7zx6c9o#vAgnCo{yQH_FFy12PYmHad-Vv9(0pZxfueAS#NNl6}Q6UnXrl$1YG
zomd#{ZeH_!4v4uOenuIcNC1MCsmzXoHzsQ;pvf5nXvkA`gFvF{MXW8E#C`xqYv{+*
zFk(#(O$_EF*Ph+U3zjOE(TOJB3J9}OV)K|VeNO5RkZ&;D(nR=><LLw>JNtscq#(v=
zPz*yL^rgW6)`klaRC$0cS#M>8=2B?H5c96qK#Colzy9dOU(U%a54VMyULb?miFoKE
zfbvpHS0h$NAvXunF;OD}<zr-@1{I^5Y*5Tw^InY$b}Nt^Dp2q>aHTfN3M;$>%ibs_
z{Eky&5}?q2N2J-ws-E(Kt?#dIg6X>eU?W)U2TE<!8T41)Gx@Gl_s~4?h#}@^`IVcA
z&l$U(d@3b@3|{cPSo)h>Ha~`CFpuH^8QK6?cOhs;JlO3L7$@>b^X7G!A)|wEXa8o9
zI<nrz@*2!-ve2HrU{dQ{Y<4Cq7FcrtAOJl<#;%Ufd+_^VbN$gzfiZPBRy!F+13@R+
zWdYxyFDz#i_snBbzL>=Y?jV8KUBzT;P3Hi^0|^3v4<rcwAZBe4v+J#5`(b`25eNO+
zp;b`7d3jNj3Tys<WLBsSBT8vr-&TT$To)8QC7`rA{u#&!VkR-YJ_kCL2f@EF)n3ef
z*&Gm{<p4Zr(621Ahc~bc8UjYTFT9s#(EXq6%38=mL&~d)_z)^d262;T`0cBfo6MZm
zpu{i$w)HTKL|7N>589lbp1vwG?VsW)_gVeP!T8A!kR@LLx?2QbWd?m>Yi5Q@+#GD0
zBrzJSJu?gIzqQjubFx6?3@OXO1&B^Ge=KNKT@2<X*8}`-MR$TI?k7Y)0$6|yI-@vu
zf4u?JKrO7l^Q;>`NuQ2Tvr)4>0(KyyG~4(%24n)upFe-X1R=>FeA3-jDSAuIR6V?U
z!RJ5uFy<nJ4P_hHoAT)1va<)k-KcAUcfcMHYbOzx8JWYBp3>i9UEyDTjQh}Af&>@U
zdT)>{u31=5X&_VmFpN~;Ca4s}kh$S7V*hT6CUswmS|rHWpW#CLO+a>@CwsdpC`xR~
zEZ3Egzu2w@7KdDmQ6Ea{Uw?{SGciTMPS!z)+Xs~`_W)q9CQX859RXE$^HUWGH(Mr&
zZto56y>3yWy_uK-oHIGe0SWBPWK(K{UepH|w1_<A#b2Y@{TfdgyZ|<$JJ^l|`ru~Z
z2S6nTGFpR%Pk{Eez4K$l%5p8l1D65mAVd8<A)={=sEcPZeISw92S_62Y;VXnk0{N1
z$>=o2sA~h1?Ki<fX0;w{O>ePy&<Ro4IXq5gJ@<zNBvhz2D8@^IgGs?Q0*Z9;cak!P
z=gbvAqXgPn1L8=;eYqFl5g>~@5E&~$$fGA98KGY%M}K!c8=|&OG(vhF-J_q7L{hL=
z8q^@jwSpAMwACWzvui2tzWmwjLIW3(fzcsS_<mFNy*IKrUY=3^4bku+4wh03hOZ<t
zw$)x+o20qGRSYyWzjRS(925WhfeRo>5WCy#^TCqZfKFdb7)jO>;;WwCkn$hNP)lOm
zYMIJZXEmzxEjPO$!vb<*Ah$UH1pFy~t8u`j@z0QcMu4ZWeac=@R}GYXHS_tVoWnTM
z5zNOY;~BX=k=ZjWw~J9C@wn;;s#SEhc3ZrNqum4RU+phhAb*0N86!lUlh<ks8kCYo
z8TgGAI6PB6WNDHN{ZDnOGqGo%*su=th8Q47yc+}1(*fXrfN!arQ)aJ0T5gQkA!iD$
z*V=HecICq<i;`hjTffCP8@z+OFtqxC{Ge?aXgmN_ZeZ3+a}DZ?IYE!<^=)T*iM;sF
z!1%Sw(E}fA$sXY~eV*8>9{W@ap^WtAlb+*_#2$u`Q5%Hgu!&a^)A2)%LQ~1ZZ|5I*
zZ>OO1jYL7^eUV(U|Jf(xd9mWPFQScGG#UdpMy!!OIiqv@)&s1<OkSa*fvwg__J|94
z!9pTF&Cv8*Fv;U3gfkEhJfsb)$udDny5sW?lZt(q=s9Lf9Oy3PTjO(B11@SNkzb&v
zewKkeC&?nT+mrX6k#Ng;6vMB(6OJN(7)x0Q->yA*qm7{Iu1@rE^F3WVjo*_4OVBhJ
zL~LOAr#f}^(dCP=%fBDDq%DvAhj7&z6Y||(_SQ&Gvz9f1U>6k9a*{JpqCJ%2{N;k5
z@{4bxMjW>Moxjo>d$Zkiq0HpRL>O+hvWskojytwE504))=#He-Q#rOqKXOVMc*Zc=
z9y&CN6W~)HF?|~OdsZ{M7_daeptemsa{rgN-7LpS82?k<2C6tt*H5C8DO7`Ig`PK^
zK|R#4y1^wle(-+u1BvykQ-_1bp6;_|jze{@7u#3V5fA*9?w1Ny#Hsp?ILuD}5=lN1
z9YKwn`Jthyq<LNZHNQ?Oxhl2f`vEE!kSYW<I!Ni_#G1L>cA(X;?By3=HwsG)L1ZF8
zNjSW?=putg!QpygXprcb9=YA|I)BUghPWltISIj3>XkoQU2MHKEtIf}vQC9vv@cOU
zm;6{!6((0GoZzCK$EBefEPk~${#<S;FcYrI>bVa*L{6*B$f+tFDjoX25`(t0se+%G
z4nw{-S~x~iQc|v`ev)!)z6Uvexpb>EdFdx<YLMQy0Q|SnBf?)@vcQ8bB$F+B?>Mlq
zO)NE68yi_*ZItm-EO!_x%nkg}xZi~zFjd8%ZK)-Mn_M4A3$9-0!C!+Qw+hw7#^+zR
z)!ok-l}8COxmsY^loXq9XC-#pR|(&Ku_k+q7`-6E8@4SNP*cX*kq(ya9)egVK$>`;
zqN2?%GS(gEP#MD7W*09utau^$a{tn=yC-7~24<!C54veK4u&J#iQccA^Ij`F+AgC>
zHE>lu{X0W&(EA|m*^w{$h`XW_jbYYwTj3ZV?pKu|g)LZ(Y=IaoG}{^do4t4}`#a$>
zQwZgPJcwe~i6zFGT>28}+XTq8-<ITIGzF%P)a|L)@Ctv;Q|GqL>VZkG6Q-Yb@%R}o
zh3YVMuf3Im`q7OSUdJm=(vz6b3BZ;H3W3fgd%z?X6Duhw-ONm5$RxEuwerPxonKCh
z<s0*^y%bp*r3>m4P&=bQ@V})YCNAhr$pOYmc#wdF7thj&_`lRG=`a&lBPvweFFC&g
za%+$paZ!RnLvdbD6(N=MWk{1h;qK4)&1aJi$l_jy$%m!naKVJ#&!fw%@t7)3LEtFC
z@OR<v1($jzT_{2<ZhyDeC;!6=o_F-|nd?v>Vpe|GohY0g&5((<7qP^UTdr=il+GDg
zcj4l?{X6s4rrFP`!dCsCt;hK}Rfgym!!&&FnyIpErsRN0YNQfN1Ib&d&eQej@eqtk
z!_P2=@$Yg_TDCe91WaV2(cYR>(p+TjZmB6EoIQryLu}IF2xA?!DVlJo<WNcGaZmKc
zkzELcN+vwjCXCygQOe&tJ0(XQA?0K~J6Ti3%AC$T@f>MYJ=(u%%~~Pix20AZq}osG
z)r;9HZWL=H3_7&VTeISKpO||X=G|2e$otD{WL+Ap1+7hD!xNd-C>J_&pr#Qu4zn}D
zAK!}iDlF!{jqmpBaF`>syyaQ$V*~4+ImPfT9P3ruK^xx<Z+6(YRw|i`FK^2l)nFdg
zJON-X%kzo~ALzuO&Mxvlb|V(J`QVsGx?S$GkJp|PF$43MX6gF$<u#Yhx8mL{4h|1W
zPrtU=eI=U6WWD*prjGR%A#-$HIxc_N8R@wB-rN>}@?-;N)MUzuBx1rt*B9C5+zLQX
zDg{R<YQ8gQ)Hx)-5Xp6PNaTFv%Ldl6Q`Y(w;sI_OCB?KkLr}hu+>~wB-1AoasBW~0
z#+pgWypk-MmgH(6w{k$X`x1gh@c{rjuOn7viHOy4ti_;2jC<4^IrD^VP!Nh6T*J3C
za3xZnPC2xD{h~}joU0#0oNJnry!5f#rjqPQ7#LYhie^9N9Ha1wEhjl)6fWC;k&5i>
zg?FFKh|wyZB)78Juls`yTx3F)sq_$TeXtp0ZPKH3Avrj0mIe#&c9__(9ym2eR%++P
zu0hlVn}{fZO<-f9YJmFSkyYmvCcu6X#o3$R`Yr6H0uD`vhwVBd*^vO{9_@lO>-MQo
zlaC?i?POQ?(8v1;glZ5!gqe;{O6*g8VS)#o*T|v#ML8Bo->gyBWW(1=KxIzpCyHyj
z`GyN(srLK(+oh*Xio)8gu%qwY2<d6i6|>4x{W0e!wbyp>Xg`ZJD`BT}mZtvs(88}4
zuu~?d{9vK|q#qUkvam)R+#eTfUhn-KwKiFIOXPJ^K|04?U?+e_GtpWc?%^K_mT*Lp
zMH1FZn-=Xpj97&4c5o2&{j>PI#}SBkeqQ_{Mv}bXiD_mD)HT2J+8(`c)P9J;YOM?2
zk1`_q$IDVlo|AGi9Wt<QiJH@y05lr`a8yS)#hs^Bq0s{3V>pZC81-(pb=?W>IwvP$
z-GpxK%%*q|+F`)5^eMB&Nn-2iGMIy!I#~C?{N&LZRf}fk<pR{g);Ic|=apnoX@I3}
zeJ{=gl&Cck3xXzu(G=MbB}vXl3XCJ#pT5V5dE_vqe$X7)8`&9=dlRzr-F;~?ln^kt
zRbk;ZcT5~|&7i}td~0o(4RV{W6f@tgB!XpvaL+8uN^=wfklOx1EctMK^np}HG-*0$
zM2lr)mQ+}MT_B@O@|8t374nhduAWr*{dx~;hnAgma_iFZpQJY>JFQy6txuTZFh^}I
zDIMw{zR)%5&KCY!lp>6}P(1a4Ps!blh(3CB{Iq$|3!i9!po-EfTqFU}OOZ%IEJ~v9
z6Sbbn>`ZG3>35VI!X&GjLg1}d*I8x<H6J9uy{|9Ie^sd4XUJid@Y62QxOcz2g!MR*
z*CXF=w><vvYCW_4Rp=gDr|j*N)i{Y`r9Ll2*bCOmF@N-VHJ^mcct=j&Bwgx=fYByJ
zbc`L2Ix|i^`CXIIos2Jpt2no}1A&DJn7T@L?xWBa0qcj^b&qJ#yAMDy>UXg2+A}>c
z{{l*vUYzbufw0Sf?){-q?})^zaUJzPI9-07EGZnvcVxeA9P_K*qqwa&%SUyIAAMQX
z@1d^6pWjczEt;<!EhUs_Aqrbszi5TJB`vwznD*rYqx`rLmfXg0M#DGn7crZ{hu;Sr
zrwwi{AhsRf94lxRwnk|TR#(2_b<u>bQ}EkAyL*<Ody9f!iEc~vg7Kip8U;VL;iMrw
zPw-xjQoOfWc5|Wt=wpNANKu=mxTak>%CdC=6q1uS875#A6i$y*qIt8gYs{<LzTO9P
z+h{O3l`)0;<jF8l)%1+Y0htCLP?(!J7^#BtT^EBF_-(bkIh|HIv|xk<tV=vB>Uh65
z<@0{&bBWfLKms*ZH&3g9Too>qaOk!^k>|Ln?{Z6jY<)vNL#U-HSu3&dpdeh5Q-k6~
zgXoKm=*C8xOg1e{6bt_{1wX6g=WCT8ajq|B?*EBzX<*MH$)QoK@LZK#3BYcdv^7gV
zV{G^(9cveI@Tn?Nik9%8pFxMfJDUb)L!1V=%fAWkkO+v?1f9(?r`nER&Z3P$qX?D%
z6$sZwEt#~2cG}oTc5*|?$}8Sn5N)=MK$Rea@@r<R-aq9xbnPQ>;buO&hj4?fkt*3{
z+U1E^yJ)pUJ*lJPjy*M(WK~h5_GjNg9%KYUJoz(g;<(W1z`KMO<KIrRMmYpvSA_zu
zh23@=b2XOB5?Hy)bl*gBvYf0&N>zf3+t!?ia3+Uk_q0Qo_LvIsIYvmR2EMD?vI2ID
zQE^aOL+9?B<fVb*Un96azL-<L;pU4c7HRR^1buG4%}DPFVZ&U)aaP7JTI0w7A1GB;
zj~w&P{_*z-;+ArUvXG~m%g;-%6xxOA78tK2muB|;622QP_A%GsH*G9F?XHwCCj6RU
zlkf>>f$9<_&r#G+4M9)Fu2|Qh+y{MO&%?s8hx+$Q>=f1~=-e-z_oC{1H!D_{-J!Zv
zTeA7NOT;$7uyCkw<755tXVrSYay}G6+9W7Iz}URhNDVpnh0dWz{*7l**7l$Gn)BC=
zIC_5!Usf-pgyEyydSjO}y-v9VT{J0p;BC1|s|RoT2UZ<2>LpHbG&zTOp}p*u`D}p?
z@Co!%JFPKNMfrm9LBZ*I!m<GYmY3l;a`>W8FsB@x^$uKqDZxQ5<lF1gJFO`El+rsx
z9pUum%^Q9fEw;3VPTFWK_Q~Q*&2IFHaZ(SO)(*(V1r}A$p7x~6)pTF2t7?wLaJ!Nz
zSuc36?0rtAW=PD`y&&PkGQbwq=%c1;l0EkZMy=jTA#1ZPMW`G*Ylbh5slB#lRx(##
z<IwOm%%R2VO?rPN4~5ZeIeB`&yr_GTK}C6Z=BQU$`7z43Q@70FxxG<af2)n*NQNh$
z!*DLa+V9jYbz{RNHO9TZ@4&07FXD<&aq1*L(n8Xr18bZ(y5W5sf5qM77~f%wezB5*
z3kr*rx*_eN*}Fu+Pf2sq@KiR9wbCIGI0Pqqz^%QV5gB8<`|-OP4r$sckst;It}6AU
z4RFql_TQ(Bgr=skDF%HcWhYm(Gt~Z^w)lu#(U;#8Xc3cSp(iPvsr%M?YXgfd(<o05
zRd33As9$=Jm`*}^C^IYQ7@q#=#xtscok)*IY(H{ZNQqi%pq~^SiyYQ7=o3g5^25FI
z{3GDuh-H>^+?0F6-~CearS=wg*(bPEr}ar~LxylzI#<P&k(RaUXiDSYvLn62vHnFq
zrF3E1Q|a;T_V9GA9XeIVo>vTCm1H3?yp93ut6Bqo<8b!xD(QEHUt#J~+)WQl)jeB4
zd>=jv3X31bH&{90S{j~qd%|XZq*+TzyC|aDl&sK9rnLA0z7LT5TA-0S=Qc*0`>1Pt
zXs?_`#C7h8QSpm6RFQ+vje;VB?+ABsDFBU*TyeEM=_14`Zje=Jt^c8>VFfaEL)~wS
zE<wufdpFJ{osWyR1RZ5PHuqcG(Wa)bDry6X)EkLcn|Cm&X!15hKd;UA{mz!Gi?3?9
zTESfuqh403qmC?(`BYJ!PTSg_BaI(IBeNFS71mfziyiTDD-Bk!*6is>8PZ<|&Xl?@
zV@fxU#yN0b*8LZEU*C^O#u{77i-#gQcB}NaoTXi^d&$3;`4Q0#rb*L#K1f-1m!^7E
ze}jUb0-1!rg}v(a!J`DbjoKy9JcJlzFW5j9H1Qpm#mhM2gH{Gx(iv}iAa%pPXkEO>
zXHe2Y{zPeYBtP(}?O>KBf1oB?YT&c%;b}3W=>zA={pY!D8zV*@#xC1Cw^8M@>XJ6M
zlkvQg*tz$|pA4SoN++ujaM7xS6FHH!FJ|NG()iXzDQsZCZq4-g5BbwJU5V3Dy2f8U
z4j4M=3VK>X|4`W}?Kt)qrg-q+>^Q!K8oBUf>~QWU|Ar&{zDu9foik?;>D06Y`|OqQ
zPZOUtGVTw2M<qH_5PbXIv*p4hoZB8uyL4M9QBXRSh199xHv)2*uZ=X(e0rCDJJm34
zC1w1Ppi3X$Dr_dQEM)WTk=NazV0vMLl_7Tz(zAg8Z6bp3B|oO`8SU<NA#GG6Yb3d4
zcM_i>J%*aR#~$Xli%9r{h>ynB`WJNjWrqcft(h1Z-)l(!p*K}_EKuvPmkjS)#2@>7
zU6jInqnA8DarB4qyJ*G_ud*18t^V#`=@WNo)*il_X3`^4Cb=QN8$*Md^>D-VZ!YnN
zqjW#N%9C4_S%PND6%s<IT11doST^3{)5LRev+5m7-vu0Uqx|Yl*-7_RWX;}tlnJ8D
z(PV54>E!6xlcGN+yw5lOD6fG=<x$*$I(#^ykcXGK^5wP+@P4KF_FdZiKO6AkfXVpL
zog^OoC<Jo5q0?U36vhrKnLNR>BWF5vk$+a?=WLJZx=mD-O3Ds8SjRF%hS^nrIu@2m
z3K&NVZTPJypC^&2E}MJL8k>A7R|-roCZg6yxAtoGQAfs(KW1`tXtULO>~ta=dE7(T
z5aXw?T?^wlt>4XZ^saK0p!agHH>#<(OQ^ouqE$i4(6WAQss|a)?QXkt^q40u;8u5>
zIqqt{+e&Y>4hPv+_nwQ7V84*{82RzhQ*k85*%4m_=;buxE){RSXN{)3HdJ<E`uL)2
z&VVWU+8ff6m`{WhC?fF<?Mc6gWB@q$hOObx57?zKI{DLMVmQ9|l|LW0NMeMUumG25
z6~7ME?M`$wutx_suqPh)mk6=co>|$BxWeo%UAh#d?%0KJs+g0Wv=o<0-0V3EVbcPK
zaQ=K^2ScXdXBSAap-Sd72`T^cX34Q5*ZGbr!gGB#o*^n-__h=$`WJ)R_@cm`SE`D#
zX~3jNMOAC8v}*-3=j~n+NXlKdhR#>Y)2o)sr~8#_IMB<La~7b}|MEEz9x}$X5^!Qh
zH&cz-9`wgB)iFUJZ1kjg7yj*f`LAr^0t09{eg`%*(5`U*!b1bVcM3aAjPQV~E|*Dk
z&jO*#2Anu^EyT=B18Lcp9W?W*-D>D;_$z1yfb$xlePrPAEAV?I@D!Q<u2B_1Q)84s
zd&@>nZo%Is<@eB^L{{u3_|<>dFw9uF{RWUr4wb-T6Q2ae1OZ;t5L96fAX5ze)5h_}
z49t-&0>VS~z~*-uVCW5rN;UHvMh4I{2B!5t%$<1Y|LWIQpd)_|_kE1^dIV|r0#y+A
zy1f}L9uf0pmsc-W7mXeL@B+?L9r1x5p~63O9?F3ag=7`&COdT180$pRZV58rK8Jab
zqR$g<%1~!SS%S47^8fAwHC|gt@vYi{-%>b-n)wKEB6Ge|0(w-DU=7EoPbQ~Fz3TUv
ziKmeKnPnqa1~UI1wgWw|u}Prsd<b;d9*H%L?|oG+hnXF<6byqeO5~Whb+9{)0*U0c
zQu03WlPbfgQx9>_H}3GK{mYI&;RKK@lTI}oBA^Am9yDhXX;{r1haAV4a^t(ieiv(?
z>ZK-uLvshjFL>1U$mASq4Y{h{ojg5i%K&1#Q}xPSJtW{N(ud+U{pJfPvbZ7%!z5Xk
z+;`VNy9Ti=S0!wEp-O-JxFzl~6NuRu9|oK`y+CftW2;Xrl6Ig$k+|orOK;SXb_YyC
zFFzZ}gFd``(2Sej`KE%wlz$T2jBl6+5^WhM;YVw>>eq(8d{jFXsN0VWXBHo-2dzu3
zdnYHhpsBrXr<DomwPnhnLR4A#bVSg|PDB1EH`FPn(1fi7C}+gBp(fmgG+zNL=0nT=
zjZbig&ALNV+?p9-HJGc8rtrb!VXGOfhV~soA(_VQ<v$gGXg%70%3xyo*GoPzi(7v+
z^|ke%>K2_|SKB0Z%YwSGWse<w-Z*LGMCN8~-FB_}8f}+*z;j9wA~#^e!3zhilx_B|
z(3-sk0r(@S9s#B)U4t(2{+ODXV5&J>rQ1U1>%;2`7}KW6e?~=s>F``Vqj-9nj+;7K
zBeDDNhu{IRJClTuV3lS;ND;g8O+N$imJX2_g#`x*w{{0FfbGjWs@?9;RW-?ZuUV9~
zC`5R|I%Vo@T8#-kUZdK}B(q6$eVcoI?--YQSO}4YN*OCJ6pBkEt+=gpu6SHbyCLSz
zxqwr_n0AV7cBGB75=LHEtZkW9Z-t{+QZf`y%_vfyZL8PjJms=qJ|j%#u{kjc+E#15
zO}!<FXEO4^$AO5wO~Ve+n@_gXl}j+8Ry9(`a}20u(u)W)Q{jhp{B$vT@T@>Hk$+xl
z;ywFjCq5gUtC#7I$evObX_Nfy1jk$LPo6^pzZlcn8wha5V<5uh)BY)E_tasB({NM(
z;6sStj`727RG4J0$N)_&A5J(eh-F{?%+k9C$c~!f)#bb~4q=W-a9qSzeSdbLKVO=6
z5{qAHP>1c(4ZHf!wY)zc0OSMO93Tx9AY!n0gq^1(i2IWK+r7$tf!M|A2O9HCSUF;F
z6H8JI2nJL6oWsa&S6Z+x@avc!U$CQ-r;^(ZWa*2U|LhTE{jm)7A_6~1yL2$_Tmkwq
z48V~x$JwSgJO6E!K*r|$y3e!Mt@Jq9-?ZSs`MPh$z$Jd`s@L{i>y<Js+A3w0x!n3<
z`*iQ^|2CAo2FBH{&+C9=D(l+ZOl=tV?|C<6H*lsoR`@As>yo+bhtqA#jbrs<EwA$3
zEjY}(uKy}{?*AHh%k_z`_NElyVSf4Tc)Z)(_w_#x%kP@y%9{G{=gWQO|Ed~hHRane
zJP|bAy7%X^+28X2f6M=;!w|{=oYQ;4X!`mua2wm+*9z<Yg#f2%KX)^%Z~~5i)9q9%
jlx;(xxo!rRH~-lKirQoUEuC>5=ne)?S3j3^P6<r_O<&hC

literal 20140
zcmce;c_7s9`!_mBiqM84X_FAjTF8*3$iA;5`%W=-MkJL`gpfV^zVF6TWY03j*!OMh
zyBRa{+|&2-{VmUPo<Gic&N=^lmYI1k_jO;(>-D;>+Xq!;d3st_S_lL}|NPk#bqIt~
z7XqPhIdu|zGBfX927xHMJbxmi>0!J!e){{x`2^Cd)PU3H$Eea;pM<{rb=LGo+!Gx$
z!wZp1u(bPnr5Jn4R(NQWh~5QG<M-EjwuYXhey2M1`}zU*6y$X~cMIR^$unYS#EywR
zNfmK%nc>Tc*_K{jQX6Qjr;-k8U>t>dWHjlwlAXD73B14!t+pfz2*f|<x(WE#lTZHC
z5Xjm4l*|x_^v_e^Jt60A{{QyH-G2YQsX#_ct<<j}ZFxB+2^lI$>jED;+xC>xbFeio
zi^|xE`r2}vf!3?utM|R}Yn23^FPrF{;bJpUtDf(wp~o|YPT~mMKvJH|Vvp$Sxn~Bo
zZu!XJJ|8}vM<~Y5h3aM=Z|GdoV;_M?-^z<K*eBhO8#_`=5=JT<?C|?*J1i1MRTJ5o
za3dIku=jd{lq?f?{Pzh#EXG;=UW;+ahUK@Fuo!-$<6mJ5!Pp?q_?QnJ6O2chXD2(&
zC;5U7#nnomuogu;)Z^HW+>^v?lBOfu|MmK~%@)R5JmPRV*lq6jISHS`A{gg+q8D!9
z=yv=b-HO!SpvL}ET6oRcr3{;HCv<_4c6i80+F2+I7q*uA_el!g-~hPSKE^5^jvcCa
z*>V!8U|itNqh*AiB8r>GDE{Z2_Lm3R2u8)Ga@F&lF#_&8-g_%isM*y0J3o7Wwc{Kq
zO1`jAVE?4ZirNm|@y0D@u7x9x(;n?~35j~`F8x40X1FS8EgQ^G4kaD+uItvi3CG2(
zdMYR=7!GXBhC|n{>L78!XD-jIbY>{UkNJ*NIwkFLxL}9!9jk{j1q0yvCFURS_yZ(q
zyfDJGevi(6b-38EzHDNIe?+QjU$@BQO|43$<9Nro${_k#=R$ANhCoSyQEiPy4MH4a
zKl^b=D*%7QsoICXxVaHy>*q0o=rKP~xjhOWDX|E_?(F`)8D1sZ-13fI(b}lPvNq%V
zpf8DVFg|(Tto5rwflYUksDplg+uou@4KaJ&eRoOiATH5k=Ct>AJD0=p;g;hOk$@k^
z4(tzLQL~)*7l+43TE2;z0c|L|EB8$NYmxed!T!9qU5o99F;lPHSBGB;AdgE%6XoRO
z=2s2{eHm}*Oh&~vG`N<H??O`-HA4FB3hSfGl1wrRuSc$(AKX&(&>Mb3MKdP8Qa|K9
zfkYq<>e^Q*wY1hK6iIhzuM(l}JJ_7+rW<srY6z7`0$+;p*(=SxX##XeW7U%kS1uK@
zNFL1m3Yp!Z+^9cDG!QlYc?zNSv>E&3-j7iZpG}z#@zmtSgOt+>ZDH)=uN{PZ`<6Ow
zHYVy*<b}|E8gSso29CtUN8X0KaqEi+n_!F5P$4~?t(YJVu7LyY;|Ed*vQ4|p4-T{}
z6PknP0=9c3Hhy9)N{t3iubiBQg<octY+LA#kCZBa3VbWDCTNVSjJ6<?9yhoZ5RaWN
z?Q#g9j&r0`cx1+%t(KDOa4Wg<4eo-3@4*~8J9`Hy!B-UyyAA{Jn!8u$R%!*~(J>z%
zcZ3Kud~-$weKV?c`-QdGVGTH1t_Xob?@U`zJaQ}P?TmM7h*f2I|G1ncFIywCW*%oz
zW8HV-fY*AuIml6eXHQWwxpYfd1!)38Z)GJX{i#*hVef^mfmy6h{K|@s)21N>_0{eH
zfm^Ul<%F>kb7ZsNIb*K1vwOM9$n{-1em(YB5xeMkzxgN~`|dcAg7q3WcC`>e$c-<I
zrt1^XP*RB%<n)8pD-$~CD%1``UiJTY?%3d0pB~vQ+T&_OMI>+z96XO0hhmODX7H-V
z!qw%y>fNY~9n88l?4+;7uf-`>6}U;#cH^}8acpm`k&cZ?G0V8jnn@UOo8^F%vZ&n|
zu#n9-?9%&aalsBxJ^c($z~lezds>}6tC-RY4erfWM9ZCrj8}C=OUufHrJxC$zWwzy
z)wqJLg}wCiKFBN)g$;Q<Jw3^;ASz4I!s`QT=L_N;jW@;j484>e9n^X57@pe2QmSR`
z`=e51X)4D!I<7tVnF6~)L1^x)yDVh+)>i-6`FYLamt<~TBo7r%D~&yBAqaVPk26jB
zhvjO=Hu`z@Oq{lhM~--too1<r?jO^0S1iY>UZuqk#h6ILn43fgCQ-RMZ87z`{fdr>
z4O#u|mTXov1r#J=_AT$ETPOnIh)GH3sT_8<PoCq~;xbF^LUz#o&)sfHT!vyxR_O^r
zONANUyGvhG#in{YUCHhx(cZW|UOT&k!aPV$aF7cJVXu|M6*Wct_3PLC0?nj^7m^a=
z(-WERB==waO5qPrx-6FBQQ|^St*-eFtKc~Q3^K!fXZNQ5!1P(JrZ2Q4qO_KlcO$Kz
zn$4BSdwVbc_z-GNEyZ}2)HFejN*4PHxd}p8ov(gtw{tTWEW7C{*O%zjciu5_T+NAP
zCsptAN-QN6IgD2PfCs={XMc>Q8Eli?2{5@N47bZnL(;mQe|w*BKJS_6=!1AT6N&gT
zwoavefioV~=bBNXmzm7;{Nf0q24jzQZH5OXsBc!YOL`Q=4>7b9vTgp&PZ><Ml(zTj
z7lQHkgBEFymo;~Cagy05_5w&P(wp@c$|w~?lXgrJ5ld1DQ&LR-=?IeVnw`Wkb?>H*
zct`jn+9k^uIK9``Mk~1nsZ&)!q6ro*8{3$=RCehtB74cLq(;180~+4&EMiY)6H5&*
zzlvLA5Wi0|o0ZjGR}%3EJyz{9F1gpPpv^UWmApz<57nK)#V4arf?ou{LRP-!OPxD^
zMLqVxE7RkKZ1d94QjkwJ1TcRWJDRO6Z1g3kK%?a7pN0Bq_d-c^@k1~r8mrvf-iC-o
zXo9U@jtvqK1`|N}AoTm|W1`3@*Nce%vg*wh-|LyPr^JO4$M3l88O3&E6*)aVxe_Ee
z<Iz)vRy9YlUAaru1UwZvh4LQCrNQpKY$~KBteiT5ls>M($<08+86vIq-^fzPwoSIM
zBM1VG$;7T$p>aWW*1V2snJqN;S>a3?E0%ZI69ft#9OoUJR^iaS`qrtgW<LV1+G1s{
zz=rS`Z9Rc|-9C4}6w`{y%RM}Zv7g8^F|N9qr+@FbE#JE4MwA{`5)=wTJq#vhovoVH
z4<kUSv5ROW(cUCw5oGGJ{UXf(rXeOOVS{cZ-L_k`@{Kguz86W*yC~n|qkjjn<U8ez
z=Uo4>HpRU$8Eh;9k(`tB$b^~@bZoXQWA%G;i<CUzS!Gsv=i*Us+RzoH;9e88q#wzN
zB;KcOM}doU`mtp$`Lu`x%8|=Fo7O&ek;+AnjvFpypLlugfwwBV8|S40nauZCryMn;
zFQ}^aXcQ7@z9U7A>}Y|_G)@26oF#9Y{SY_G48K!~DOf&)2OdC|!kNlG-Oi1-|GQ;!
z1DKw|Rc}4aQA2WK1!8!vJ#zeb^A9ZuMIm2ek><hH;^IFUzNc=`>}{}rU${g!-9b~w
zg2*8@*3s|wPC(xTK^fn4nu17plasUW&*YQxXzR&#sX{aCtc>*^fpZDx(rRp}Y5nqp
zlDG~n3L8_{Q%{;}hG?n^)a{&EIvWDq6h@p@o{5?+)cA%N@x1n6H4|Nk&XSE@vCnBR
ziQAyzq!&mz(sv@z`+c!%WAgKX`}aNp0XYia`|G0OF3)ycpJ@^VFKPz1m`=CtWd_Pp
zF~K((%}bSuF6nVeAThNSvK^C76uxSHdzu@2JAP3mGY*7s#SSmtSlg{ZAS-jN@Sq9W
z$uAjZ_`h!G_Im9`P0dPf))qC2hVSqdOT$Mw(ZVKJuj`IbY$hbz#(~P$X~iWIeu_Bx
zj~6Spt!nJK_Z417NXAXQ`0VV7&96M4C{OkKXs?;`!4A*e!&Egjj@zVrsfWFh$~86O
zbu2#FZ?Q{z8LV7SVbLo^SDC+4XV2T7qoXTm%ETY>x&4hwBOMYkq8oqld(dV6rWlXI
zR|K2-m?lZmOk4YZU+fjuGYVC`$uKdDBtjeoDq3j*40BLYvg0dLZ$5h?TjarA5R@6c
z9MLOM#A8EW9m^e@y4oGO%HK3{)0|@pvE6o?Xrb}r7YpgEG`x3+mz)2l+4BS!+j}Z&
zr%+x$V3p#f0(y7;NcujcL7QU7Yb)8*n-EtCg6hy)gg~s~W6~h&PEJ+TFiPV>jerlX
zvNcwr6_M!5lM`=S=1_l?em*$^?!ZWWhn=!tpvAmwZTAwZ@cp}&csr9|UtUxeo0k@}
zuP1fme+XC+a<q*?VL#YQ{J8PqSQRWfr{TEV&r6A^-7?{LQ9+Cxu^(YN68+b*u=jaK
zWR7;od6qY>$IZ`Tva_S-fO>CNR=ziXYj(FjE&AK0=oxd|!`|Ja7WHv1%(0=5jzUJE
z06R4|^#k9lC^5~zuea%}VjJF>V`FXoGIn;6`Drw^zxqY{?upr!YdrF0cyni7(gbx&
zW|Ef>p@;OV2lNAKeW+;)5m6~g5U|Zm4)k>v<v+_r8U2d^oh@tmhsJ#F_ZPpY2Yau!
z7_URJ^iJuPt2l3e6d&9et?VsNT{-Lh=cqn4*ARlaVS@P}V89gWk?44rCDhBXFZ(xS
zn~frOe@o>qEeks<J)<SvlQ;er#X@m|G_qEmhqE(~JCY~zM&y05gBx0ef&f2L+&bD>
z(zcH>^=Ts|1oHk81sw!(&Gf`wKmp&MD<TuZ|AQ~|BwUw1Lvx2D%0`m{ZQJ50lUdId
zeg3kCMUVdeax)*0vi(*zrz&LJ(D8_^Z!zXKTeo<U<NnixVVIJgl%UJu=1YV&YBK}!
z`@)I4n$`<lvHY6pJo<^*y?*<p+=>-EE=gHkK9UtAWvwzvHZMM>hNBE9{zrZ5izN9J
zTmT(^k=xqHQHUV3Ux5<>Kgz|dsrA#T!@XgL9S}$FYEST7>5Ngn0k3i+Df`S#D@l$a
z8W9!>IvYOYx(C-)IeBwp@^kz=wf2Zn<yB@g4H9~4^)Hso$6N=LDm-@<-X3wuX7suc
zj}~j$|MaEF6XY(_L3J{E4N|VuaqCy+7Swd?ua9Fh_71Qxl9wy?(}|-ZhqS{_RO*0Z
zpKv{ViX0}~i^|I~t_b#y@Qqy`E^hHV>V)Y>-d4(!3t_GR_Bkv8a07!R;gPi#_1*{k
z?xcq<3&VVsW2T{OVikqHYj#6`QizcZCUMdE`sE$t#?`Maq6}Uz#Kgj#zE({tYip|P
z38kO~;VYW8`1RTg3p8#U6AmQ8Bx%i<ROq+IJ6dWL9#1MH;R?6Vy6WmP>q6f9_G0-*
z`s<37d>W6!S5C;OJM1Jo>XxX^Lygntmz4Uv%56~{t>GLSU}cHk>(6oe0i)~^Ze_fM
zb^U8U<U?7bN{lBPeDn26Eek$f7Ha(%5;89O!X1hbk8e9YKzPT%zA`b%L0FR4*4JkR
z`Kz9B{b0LOVDzBjp#HFKvqZD7zJxTeJj7}L>m$>?6KUURKdR8@S8FI6OH$Ihr$)Zh
zrstWVn{`s7l}?o$q{Fs-RG}a0<HwKZC)gTw$hIwW*$>pLIlnq56tzmX@<smYD?;s{
zezHJgFo)lRhE>2u>j7=<_T5@>J0#L7w*)g*QqeHzCQ12@F~}2-7ooLnk^DwAx}y~i
zvj^Fqv}7+FV3t3wSl#g8V|=vx8NavM8zbs4QWgEUzEvjh<S)j7NBhHOL#0+K?)VJ^
zsn&NZ1XiYF?D<Q{eQgBgpaH9Kh+Xl#73r{!-pSM$FDScG4;<v`Bd_5|6{+QnJ)Kb@
z6b`$e7A|FLVPQe$c$KrtS{v?2d;;B>5kK0y0(F}K_^!;_BxpkS?Av9(gGmI^dt(o}
z-$=#yGe&E70vkLCSo6$IbEkU!eg{z{(;((v&^_OECVte+rDq3q%R}hNRtka>kBO~O
z`8eU=<R)s%3i1YcG3VPXSGm2?FThaolgF0FF&TbujQx)0w=8fLSAD7rjqAmi337Zk
zO@e!j_;Au8qdOi+#3JnhC7RCBi$5@&A&MKR5ni0Y<_c^8D%(e(?~QTtnPuD3e$3u*
z%I&tT-f8`YT~@GJ8~W69EXc#4`kfw$VwzLW|2mj?N%yb97~5D_q5A9H4D0deyLzT#
zW6pu`+WvY)CNdp+=rw1%&&azz5?L(vV!lHyosr}FnWdiJ?{(|g6=XF?(Y^UNf#1Z^
z?ZgBn)&9$IUNrdu1%kL*)*J8Wt1<34QRjK=c?_qH$e!(mP>PSu1^>sIo9P5T9r!)~
z;!rg#x+dQ<HRVS0fzD37pV10BFOCps;g!c*P}S^v-`Hz8-EDKK>Cl%aZ7%&M0bY}e
zi#>&8CZrA(S|A!KLNfwW!>URUB){6#lFl)^0S3kC7r}D72Z}J9dL5&h?*F9^n6-sf
z%c_W<Nq5NZ)yUa9fGOr!G|k>NSWwX^yE_2F<=7;PiTc|nNmp*e_wcCsc#&2`XCEOx
zUh_7H<L2G*oeYCX%}O}w+U60K_Lc_O`Grpea-{Z0*$3M{+ow*4#mZd!!(d2Yr^Hcb
zd!{bZPLe7{9bJOu2jkLOXs0a@hb<gqFUz9&3|bephHzUS@L1puLeoxk<<FGjMf1me
z>WP|!F+bu?Qf<pMKmuW3tP(w2{k9{MJVea;9XefmBbP-PC$*vRnw`gJBkqS@8UgSD
zQ36O>(8|!3odK|0z~!yQ2iCr|yGrkfIgTwkVug}9uDy9N>79hUD`|uwExTgRXK*Mt
znY~T-o^Zv+uT&^IpVBWHDlm%QyyRaP2BkW+giaDq#L4i09BkiP^BgQKnhidtHF=8q
z-6V0pa?4^xwhwSzwBSw~lvq4QK$)h=eia`}mg1bY09J-0rBF#3Ibl~x4I6}@pT2G-
zsa`orrx6BA_Ky>^E+rN^lsZp8Mysbw>8zMsRfSz(=TTcUQ0t7qnbz-**lmfwT&}RF
zS!{QWxAV>wz%=;c$7a(<Y_cbS<z@z=BGSY-byfB@)a;)9Dda=hZB4dlcJ`xoGKI#&
zVqee*!w8Xs?$|vv%pEF48QX9mh0yb;`NvtIPj{=)j1ikJf4ct5U;U1^+QzM<u{mv0
z8+AJ~o&M%4heG~EB6dSn0$fnlppfWX<BDT}hkb>vdpG-IZAeE+q~#1MoT&zH07Kw%
zh>#BgzKyyZh(qP>ofa4%2<O8R)O3aV^JcR@;Mbk|UZXlSOB_-X6g(PmU&cHa6ZQp2
z+XDN94a8(LzY!}eLsmD3?Ys3oyP>;c`Rtm4|6Vx_doWyAsYw*2j71}f<#YjB(ShV;
zC-7yDj=Tw8%&c8g$*eH~ba(WA<g)()mZZH=II)<FOftt!;Eye)m;cF3zWaqpq8Iux
z)Audz<wUV@Tt*H1ceyMML0lb{=HzDv3OXkJ3j0_Is$NEIp18vKBm0@3AGX3e)b#c<
z^kP&v*ITrNVV$ocwld6rGP3**V=!3p-pGU!vXQ6m1p5blT5=BXYht`~uaTW$5T=yL
z8h<-U*kMF?Io4IH+$t1P2K`2Vn4`BrXNC~TKgzmY$IW!ZL@SITFqcy;VGTvP_u#^X
zXF>m;O5eOy{vx0z<44d9mPxq5%+(Iw!ZJ?9=$|nT!$nOigV`DdCz$W*nkdBy7kllk
z=<O_YJG6efe3_350@-9TY^*t)32|8ZlTzU{DfL&ijk7EGATV&uLEH>Z8R06k?rR28
ztdoTMdf8CE!6>`?*q1&*0Ow#$)OkfEC4v&OpM+)xR3x|FK02C<Okw593d$)f8yq(-
zw~Z13rb@E_KW+$M(6t-ND+UShhLrD4w^(h<I}rRCM!tKf3h-8kB`4`who@VD$JfZ^
zlYrY3(g$6PDc&W2AYZFsHm6%=2Nn~(3qr3x8VO3b8OXo@=yD$B2D%NcP8<?$UCIyV
zzkZ4aorXhNQIn{zUx%p}C8v7BB)oRBMC^y}NsVWz-6Vs^+I(%Ea(#=EuFSCAQp@gC
z)jJnygVb9-?oX?6|MpLp4Rjxe$I!`UXE9;(N_#%4h}jKwfpsrBVu>+^ub)5d1gr6(
zW+@VW(Gn^)u_RuFcYT+_K+j{SlqiW=Z@{k~mT2ee>(#og*#qr#C_{<O4pU<BAD8jh
zETw)mGvYQhA{PN5lGmQC@Wt;Rmc$BK>Cd)?<~xqptmnyu`bM??V`MUbUim+O&i~I*
zxN6$hs3^VX&p!bC)e8G6M()}qw>|(3hP@S3=Y+>By$&<K;gU`}9U0}Tn%QGYIIk9H
zJ`KOR_8*_U`2L{Suu&g~^Ds_<vw#Ljhu#BD!ID$sx@=0;q4SOFM+zhU-uv1{_xFbb
zLAgB%5{vM~eF&LB%#~NWEY>)qvNgC2s$Zug9|(}Sg!F_u2X9br7`p_}?mLfvd4`Zf
zY`dQ<Zzo{jwYSMVC;z&%A+XilhTTcfN!a%T^6OtK%u0&F8E_kBleCnckco<?tktQN
z7cxP-2@iEO{@&YI7mzEqS%ql@Gh>wb-=(dII!)LEi5Whv5cqz`_3vl-3W|#P29=Kd
zhD<Chqs3-z$2=k+-9R9k@jx&$I9MMys$!LJvzK|x`}b{Zi|x?-SWIaqole@*(2_Ly
zaGaKHUI3l0My7H(8Gr9*tN3;l)NLyml$byFiG3RA(EsBDP(*v<#GD+3EW5I{fk%9<
zf8@Qd3!s!?6|0m_75l^2KMU2<{<mRl*OwYp?ld{!wmxP9UbaGFy(+B(xUjTaM@L7V
zN|F@6A^l~+p9~yQt2)_RwEQMP%k+|e1KKu7U0z)8Uol+v_mYMEjY%gEnJ&||Q;lx`
zfRRBe$lO`-PjBidsG9kB=o)yEeun#~@eP$W(vQF+0P;(0pOkB(KLx+x-p1sl5=#!q
z0xFO8zDg9ZJpf@nTM3VD=Fa@CJ`YkvvS}~_dkKKR)y}9&Cm1>^^D~ouBM&!sG0jzv
z<gvP^p{&(nx?kf^f?6nx26{Hp;XJ)ka_l}%@iBCLt@|gXJ}c{Y!si8advL0+hbFC{
z$?~5mBlq#BKfB<kLSUzi>Uub14F5junn(is0|1U$3NDra8ndRu{S3tP*N;whTTjtV
z<LDeMUORL_!rFK(dZf(8jL)DV@2~a0x0bUCS$?9^dE~Y0Y&DB!23LWQzL5(yvHJWU
zt!g$gM|(gB;8rJXeR6a7fek(kT6qGQo8Qpp$3CE7M_RP{P1NLgA>4lPZK^q{;QpmE
zaLxF?vGL=!O5$p>7U)ITgIqwI(SJks>l;G8xLuDbeKO~-8oEYy?Pu0mR6)7Q3F4R)
zR4(CHIqhG^!vL9nX4)2T9dKzd`O+M7(C6Scgs%?wNgZ#>B3|YHb^53Z*JX8<yo*K5
zeEM?&1?7JuTU`pbl;%;@&$;4ENxq%A11d+W02$Sc`u@=6_*ePWzaLtxjg${nyI8Rl
zOdv?Ui2Hy0x+O)RZz$FZe)^SL<M`L%U-EBm4ob~>zZk8~1uo@XmYZ+MFT_&@$7=KP
z@VuU08F!zAv$#C9B}dceArQ-X^5Iwc4at!HZSI-B_D}$6v_x#u2P6fxw5J#{Gv;{~
zK)z4J2w<Cg>*J$Axi4GZVZPjyKjwM%*IMU6(!v-x)z3GhrkVoRK;`gb`tc>wUkfyF
zXu-06LunYUIM4od$)McINxxChmt4}3rG6dfD(pi99y4E%lP_ikx;btjLDgtTQb45r
zPBXS7r+zL6m>kI}_<6t|RrFF8{gD3!xhOeSdqN<|IKZR%LHcvem(f&KrWyhW&52#y
z)j88W$LxFS9}m!BUCW4f+|H$h_}iAfp6@uEchYoCkU@Sq5!-3g$iv464?cx5g^$=|
zVgQh`Iv987Z~~2V&&Ou^%U%J~Edd~9xV@o^iWwjqU^@n<L(d^4Ibo^=xVDZACpmXz
z1y$H%OzXY&UQg#(^(L<0=y?xbC7OX+>ToL1txt|c4}3RPN7fU_JC8a6fpB$_lO`em
z9q7Ea);%tJ&06GGyCy0|nfDIG*xI0;c|ayDxu+qJ*GgR9mA>7(J~3&#J=boCyDblX
zEBr$Cp5N26MZ)8trR^*NcG9e7HS{FCR?$j-dI*S{uEKy*^TH<C)Qap2!gURlLn*Ss
z_UmKSZa|vEX#vxQS(^iGqqf!=m8rr3XmUJ^`W&#wNVQAmID$lQYocZuUd~Kfe`iw#
zZ0%u20eSEo=r^+kd8y7KpwrCn?GiC3Ob&{blxyi*c^83OTlOZd>BumUO>*a+xccsp
zfm5}!mZs($!?~Hc4x7gQSX!`KZk3?7Z?pK_B@C5sfCd2MuR+vQ7vXSIohtRr{qb6N
zyq5EMaCaj>V;z6{h8DhRy=+x=Uu@Ts*Bm@?$+{|tTO;FVu*n^Mezz9EWH0dBY_r;l
zF;EX`-aHj~64-O+7I?R_>>}pYjjGhVB9`}(-S@!y)Iaw(rULJ)HS%67cT7}ftOs1L
zE)F=7peW!q{O~mAbj3;gi8@SSfGu!1rYj6})9={EM8ban^s}Bb4t{A%ZgTVY=Q#s}
zQ*<~rk>&T0UKb^2rDEO1m&9+LO`+1lS!B{gX$K04#8;3VT;lJWJtbq22bjTeOVG65
zB5K=KJ#bt72BSx1O;HZ@rz?(M|LyESdxl+n&<_wgTxkOE6kX8#9iPhjr-Ix}vw%Rp
zzZhXzJ|Re*3jhn|BNOj2&u^*^+_xT!Gx#hfxVHvd9Rl%V<EdNkJa?K^l5d5?BN4qu
zubB^AtL<D#yH*mmDP)hY)XCSMXRxp=IRo*Jl*3;O;t9$HtrHB$2H=Jl$TytC4OOnr
z$G|E;Rjplk5%d+@ZOAC?o(_;r=7_iHbU}V7HS(N~a$AVC8bRs69CCFE!vqGXv&zF>
zPc>5H!jOLCCI1#-Cu$sgo%)>I(}Ujg{enEN@$BtI^TDr|D?nk!?`A@c9F6&J(dm+5
zX05${bAOr5z-qLC;|BqWzr|`#Mr!`6h9JPD()`)8xcBF78WyPs?*rlENb7Sj`EI!V
zH9O?-yuf%?NzLtk&<W1d%GEB=;zdVL=iQ_KJp{7kp(`l<Gsu&J3hCOpFQShIzxWO1
z>HRHZn$<7jgt`5msgA>hJ+ffI=Z*TLBzcxKo-rL+t#a~KtM{4Z{ufY6Ee%w$P@~uF
zoMb3}jfGjjcooE56)R{3lIvDsfMm2((4a{><<Kt{*y?|SsDkBr<#y;EU;oj66}K+y
z%MgfKKa=Wh<?oj^oc1QXH>%V4v-H5C-aKP2x>&$pzpL(kI*BaGz#ABsOb2W3mG`&}
z>IJgmc_M)~JhA9ad?e~T)p&SahW^ppIPUvFPqIJ-Eg(f8bnodMQb3YLHFUoIjq~)*
z4u|m?RAB(?t<2~0X6oGL*@1^F4V%=wpxDC*D?0oAiULO<HDr}9^d#5;J<xU9b}&nA
z{VmU+J#cVV0iMIp$4m0i5|H(4WcqrbB%i|D5J-7=PZ0;XIBV1DibsYjPF#HV{bU|l
zKN2-*gt!|d`~=wrixbM`xBz|}i=#m94H*FR#>7-zI;i#lB(n_Vgp~riI|dc@uhKH@
zHv0e?@e~2?@d#ALo9LjY(+c$Gs_Wif$&pv40&`67`_jjN1ZfN8)G)@T<TtW`ip42K
z<ihpfG?;if2N)+E3;%9zvj5yIlOtKdTf7j+;K`LTViOI=S2`V#innu98b7-N-#iC5
z*FnxYSM|?34bspBg@Oz({nOPZ9#d*%0P5BZpSHN7sw|6*{j-Y=U{L^yVgebZtXYg)
zzmO4PckN0}u6<vsoUsxFLMv-ylMMhDbiy><?)3Q_+az$ssAFw+0$<84j@{aoKPiDm
zuYNI+e`_mh^urUkyS$~%YqV|&W?%e72G0W<1AJ9Rz#r6($~5+qaa}VC6qi1bm@aV$
zYu+qTi5Cr>X0fgQe)4X)$ucew_nF%y`-3Lhpaz(fkOP+aV5ATbqKAI$GVH8lb)Ka#
z`f^oJ6alnfBjPtI>G-P}m7xSz37|@>0_C^(FERqARs%u}8+b-AHJn`r{(<6FCO{qj
zkJIRcRmi31gD-%d!dI?QkUu?>Z&=;$wZFO?Kt@bskW|)Z7dQWw!A2mekjI0zv~#b^
zzN>P)mvvR1F)m*~bhLa776B#0ogc;a7(w#X7o9e+W;rz-^C3v}?2qh4mlR6H!nnRE
z!@ITVx9sL<$RlgdS3yJp2+HJC&U)YU?HZ=Et?*rBo~zqkLu!i`i3~45hE7-Z|6huV
zQOs$GzfU@Em@5#8sdH0PZy40LX2YmaKkNhb+BB3;<i&>LMYd&uX+VlwZ#}`y%Udec
z^Pt6OYJ076((O7}rcat;9oUb%6Sg9jU6(2uWr^SLFYf9x5z;W<p=~&``82Q%p}y&g
zG+AcJ1#($xV<Jm;fPFrzxZX}a**X;ahE^NE)uQ>%ohlkQpH{_0o?W1Bqds&376$`f
zfANRwTGOZ#a=f5^UtdfGZCUeACDIHhr`!TwnOs!uMuQ!IO`Eyb8SC&Nx>a6_Ziwf^
zcAG|82AT=y7WxW{PG+$}P?+|??s|imc~C99f&;j5hQ(?fl^gSy<-L<E_8i%A-aB2|
zlO#M^-w%sJfX4&xmrqYm2QljJk&F8AJaX*R+HZ}vu9JR*S>?6xBf6anU@@w8S+Jt8
z)D!vID-|Vv1TQ4(c2`6}u`>$0V;OvaQ{2%|rqoUlhw}h1`Ta$_s6z>Gff^H3v6(#h
zpE!vv+M~58{?e;fZInYL6U6@GsDU48jGF-MS@3G-IV%;C)d}y7dUPlsC8V)E`K*XV
z$Hht&^{N$gVUh#63cr&SSz|1A7MWv3Jof_y+;+Gqg-zque<HxSW^%@N-<aUnT`o#K
zS+Bk5Hh4xNCJvs%!lqm18io``0w81r1^^wuy#raTYIXvUl5%o6bF5jujpTtqzVxX@
zez?HZDp8Ehb6X2kE&Wu(J>(^_<p_)o9@($QD*hykId?!=q8rRsNrGL$pVu!3nW!U2
zD>n}yKJaMT8=%{hj><Wy|L6vDK@A}gLmYmlBBJm&WpM?zmiC*ZtiYJc^vT4JT}Gxm
zt#h&t{_3ttRNb6F{$&sw{;W!T+A>+R`uTtH1tKucX2J!S`arR*W#~G>rW-iBi1U=R
zSVS%K2~~?Q1d>|hzF~}=L?WvFMa){yAX#lc`^I<Gh<u{XD>pk%7m-(v3~P>xv!{T(
z9|3T4ya?J<rH#vdRRAdEhK?M);B=2}6)Qm&@w_`?z<)1Dz^92&^8i!fFuEW<i2t9|
zt4=~k_NpM*q;l^AM>Z)RkGfyBUEl6&YilnoxabyHjtbrsy(POi(Cy|67NiGU%-Cm3
z&V6XA{mLJQ<^FUxj71FRqcfOPIXb(^hWfR!>H+;qM+f(@SMpIY6cA;GAg;Z9GJ2)c
z1^}=!Tq<YU`{j3MNjAm?o*}P2A_pNzM8%Z$!{^D374zLDar|oOI22a0sLK2GUD#Rp
zM|;2+$v1kfVnqe0#RCwxe#agR)Xd))y?-`q_4dZGkIV|>dxGLhpJ}J`yu=>`u=622
zli|t(6VTBt1WZ$U-TIg()GS?yiYafxXGh7P-m4r&FY=u-Dj<q7IzapSvlrK?Z|F6O
z|3xOKL7xupOij<rkZWSX+ci&381?go1#6#L%TM=RmkG+1(TS7L)ICLpC_v?NL>_fJ
zt-2)Pze}WTes}39CMV$^h6UI38bO);!Y+Q1O;wgp%{De?MR4*RJ)8YM043YJZ;uj?
zbXKU4sue9W3k%m^+Qp}_f*uX<9QQ7`W7446tLE)Uy)wpd1z?^(<ldq{{ceOru0R!Y
zig*KQiUzuw`;;F%W+*SVb~6(Y_*VYvxd^gU@I-!GQh4z3z1?OYSk4*=t9}!{5~yD&
zEGc{a`HSo4Z~&e;c<+DR$j(@H<&#!>&RnElZcFB(F0%3fr?mo+R}aVt{y7@&)xXh(
zTQTis%T4!7r>=Vi(wk9zVvhKE@q7vx2E-V9&NI1Zsj@RM6$}pM9#u!*HOa<QznX1b
zcTVp)GkB=2Wpomf6$kdg05tIoi-3R{$!4c2|44P%_4Ic?B{K@em{xA#zfe~=Ybc3M
zpzaU3lA&3!ppL!Tp@5Xfi|45TBscNFh<zmR`YY8#*K<}uyhek1EbjcmptwRHx6)FW
zh35hSqTZSOQ9UEx|7PSRiMiB~be2vxSN>3ujtXQv=YDHvRr>R+W%@Ros`NKLj#$i$
zgY>g<8}WSlH^>Dx6|mzOmd@^h-7K}Vj&3T*MJc193^Ik*UH-^cvr3O<$n#ZL{8=D2
zoSlg2NhkI<e*r~mE6w#>&%IEK)J_a2|1?JL_3#17C<PYVp`chb3Hs{WAm6Mp5+j<)
zfjBRKz$7Awo}(oeiauBJ(8k`~4ck$LhX9;WTenAWuCH#HH2(P&!h+XQ4Y`YD2f9d)
zs6-X$JnMq6BP$NIg#A$?#UY!_1k0qOE~`~8=+S8%D2+d5CUefYn@@il<dfyX*7Hx+
z;8k6D=tVOMyXQIxn`uy5C?SLVD;ntyT4dp^DaZR@9gtf=kXuq>!`qrsjfDnHhEDg`
zL3zG*o~%xTN)K)adb^7~tS8(Gg|XY&vlQ41mhl-lMLG>oVL@AS6+o}D5dNCqKsH%i
zFoL7BD!@1>K#$28{fAntZ3?q`+`4<Km;vnq!(|;=zWttXvwWQmVlzy=3ap6CjL9=6
z_(eK?qXEz(s-5}B3rL%P+%ql#n-lxVC|l58aD3}_t;o;kt|8pPM7v@Frcb_<Rn-2H
z(^Uq_=nR$CUx^fu>NJj?8s*#q_AHZhjsehP+{sOemT>!-N76B+uv-@b+Z7GAi#abM
z;=Fs5D|H^2oUXQ<1HuNXkQS14ovcWb#ki&%(2^1b#p-~-aL9Zt!d!s!>0A9xfv|Z=
zW|_fl_zmPFf7KMFd+{PrR>DIbQAyLMb94@5D7mC4Oy@XFHdNRQ+(xoatxno%@2V90
zm%lDTmTiJkMFHSps8Kp7{H(%v{9akIGy9MSq9Og#JR5}D%mq(<dSU7kWW38AL_?=_
z8B94xMMvXM{;w;#g|HqudYLtr61K~Y6u{>%+<s96wx)J;<&0;~!$sZk8u+-tbs($^
zKvJ5f8<UZ!H&o?$H|cpShT+9Sx!K5_n8B;yx)_*WHCa3~TH5&})Z=XSW69Mx=q|Xf
z|I)jfYc5su3Kjsq`e|Kj+V%q_ig33yP~tef902ra@e1rE0+`?*mri3%l}WgDS{L#e
zA-vlR24ZKa-mM6VDaP=_^R*4-&&EEe>&-(`gQYLgBW%`y=civwe<KHPS_C85L*3Yc
z%y1)6H2`3ihL04z43yx#XPwW(&%Yoj_IqTN%WQgOZMOEvOrDTluBc3<?fhW#9h+kj
z5I?FsLE{r{l>~&iq{m;IHP7Z<EV)?WZ@;GJFqH1M>J`Ywb);wq@Hto!v40xMep0ij
z|D_E3)xnpKlLcD|!XOxlR>X*r4}cJqcL7#x4>~mfti!E!+T4;$L|=R=H-tZIvF~LC
z?+v6qfBnZ?>_LSb!)fx2Vi&1YnO5vXrtE-0F^KJ$A!8u5Wl_6cw@fg<_{mDdrvFxJ
z+2dQx^;ZEI5s<t(^HAVM7<dr1J(#&zR~KuVmJU_=y+?H}ifXjGM(iVX9upO?EgMKq
zw1cT~A$dS>rOpM@4Z~p0bNOf3Go@-MbHO{K4FNJdr|kme+a9#J0SG6HcYym5Y^9^@
zVJ1V%Wx5#c83AhYuih4XO?h=PP<a*T+GXHe0UqW5><q~<Z_oBMFXA*=Go&^F?S`RR
z_YDuO{q{(%(WXEeaHCt=47fwDK$5+iNj&o6W3Y7Ayu7?FqYaS<SF(7mPw4bOUQhp~
zD3xOQMLE=rK2ARc95wl*IM6!ybc-4RR9gtp0*4{;fBg8_P4n8OM+3MIsed-9<t9=6
z1VBNmEnlOfM}V3=o3Cxw`l%Sa-yzEX_nMK_P`S)qlYD{wm>XpAQ{*RE(E?>+OL-Mg
zx)MP7k5K;KFOzlvq`_Z6oc1AGor0WD{#NfHP_7K8D3zm?G^83PrZT(sKVx~xTPK+z
zix59?=?cRYVe8L-8S=@wuLWX<`}1J`VjYgtpJixM=K&_53vg~nl)re0s7?P*kjSjM
z<Hah$2)23I8OUpyn+3h`V!d!<og#Is{UAD){txUZ(^reSRV(lY%(NhaJ0e?)!Vb96
zehUZjPtw}|ros1q1dQrC0P!Ap8+}Xi^d<ilXXi}4@ZO)4L-I~XieD7+X?6eI^&{HL
z^J$6;$q(9q#bp3J!avK}M3w$*&YQ<fdBV<1aUyodwvEq4*4_Y{c;zEcEDz@R!$BKx
zG)l+V=HHD#$GKT)z%|D#ZqNPGL;wvv>5Hz<*^EYRFa0b~oH#KlAq~eA59etZm4;=;
zIV4~O<iyK)OcK1;tHB`?>x1-kA!o<x`RKzE4V6bCeg?i*{^<)!TTsjLpCIIE0-e(o
z43He;Qld=f7)|qaBG<QKl5c>U1Z7j%00ule5Xvg@F=;#Rf9?~0EwcdgbX%(FsVxCG
ziY0WKYEJGagiS1+juGqC;^kSXXS&Ak<?x$XgCqXw+MszT&MP(kug*h4ZN3!aKkdV7
z8bF3{$zN<rX>^Xg_c8#+o+S#%Y5kr6*yf|cL&Yy2^qGqI8xBnm<};kr!+y9=`nvn*
z<!a}XX@3O(+I9mOq2-_yrddEf_kcqu4#eZ5^&4H&(tjH#A5kFo0W5xCb^3<W9m8&q
zTc9NP9vuoBQShc~Q{N5BRTQWnBtw?ktyZ?qJ(q6}T{1)*$A(vi^07UvgTp$pcc~yr
zHP@`?;Phu%4TqklgE$9@&?B)kRG-7$?uy^P71$Bi=SOdz18xWT%}Ku~2<i`c5KdB)
z+XPszBZ1Qc97Q7WOP6D+2krNqOCwmiC-CK%B5YU9AoN^;=1}O)M$iku)stymtyOLo
z9BfP?$F55&*%1M4JFbOrb-!`2jL(eaTecM?Tra&3{m8zL)hzV+te`EPXj+j#B^m`<
zqW*WYITiTSZDVOUC^Zp0^z~=Yyg2jy%*xGj-xN%Tj3tMpo#+;SX_HPYoV57!&qe-v
zDJRhxyrl*aZBNX#w3Clt(>-t3&3ar|+&P=P4TAo23P{-1QkpgVCWmLI05F~{*iLTH
zkuF#rHLrLXfJsH0rR9d#VDg+IXJ0N~_%O|VXPh;TzOLE+xVOu)QpjMU*B(n_sIqAe
z+BDLv-utV?<S{!?wYApI0_lQk{Ir0$;@S5d)4rCY3+#-K3Ec~laLG%A#V!Bcy;+&%
zuAiG1`JIe>B%KM+(rl7d#pZ@3c2b0QbO|c1d>ddL58<z!VD@b3oyw^Kx~$Z#TyT`F
z=NUHZYiOit@cPp+lZupK`?X7@)CiII*9iNcyT&ZHPG&lD<G4xz4N$5YSPeve%fE67
zdo%qd(`N)&^XC1~nLG+;OH2VEM<Jmc&<T3MJVgtNSn;yaJlAN9yl<DKl;hBR<cE}Y
zfdpkCEPBws%fWJh<I`T?h%m~Yq)qDkvH@;nTMqbAt)lrZNcCVdjV?HE&HQrPyw*+i
z%xN*0gVB960^@xUM_)UUxA+j4&d_yhE(P6MuqCz;G<(3oj5TpIKMas*q*TQ&jil15
z0K~(`k^`m#=1($Dl-tE1SO#CyRKz<ZI#!g$WAORi6V>B+h|=8_cGsi9E%BJRP{MP2
z^W80IIK6Lj^xeJU$1lMV!z?CO4<|qr)}50W@Ij0efVhm}_OOK7<mf(U8rF87d6QDl
z-dLsMjbUf%aW>9(na-X&lBMS+h2ni+t2MrMPh;1Nm!V#t7}#=dO3-pp&`CF`ebcXU
zPGM7@26J{LV1jNEaJ25%`C1@-l%^}j)G(}N8SOiS!5_G{updv@@A6st3VbN%KLYMz
z1a;WopSPSPw%G3{bwwYDjEWz4=#F5a;%8;S%2mlE5cJFLvSbAGgN8`_Bku|}FNz?G
zfs3Vj4ra4Y+P@Hrrx~=*+>6JTVQNWxTh273&zBOL(^Y1}gC!0VFwG2>*fyat3Lek^
zOm0<&@gy8&D)xV3mk>=!^HK$9+ks82B<AiD3v4&@6~@O-Z}pSB65}s@Z%$w0=sxK?
zkXQ9<YZFEEIOUD^xD?;(O!J-@EIBk;tsj1xl^r*rN=qy!1*BeQ21aDzK#~FEm6LhX
z3~Tp!6A0jK9J*QwgR5(uT{YjoTuKZ`oo2xKwcB^)TMiISDyq!#qU@kL_nV)Civ2mp
zZFPA1B>uag#YcKp;osu!>)+32xW>kjn{s>Q<nw+&7Uc6IB}ll}bfUAO=tNoy!n?G?
z@5Pf!Fy6@fY{Z0*25DYCx81leQS-3mt;FWD+Pi(qWlo6$sYSCE2(u#{QM^W0uAzxn
z8-`$2Sr+83WBJj};wTul8k37rE3KMlm=H4<8DAwp{Upblbh^Zo62WWtA4LK)PaJJ+
z;U(?&U#gVy33V~7KiI0Ojc$9VI$XW`Q!-f`JmkCP%G(09KDaLu922bS>^+oGkh3D#
z9MN$2m;g|3*4WEBH@r1gYgUZOxeo4ln-GrqoZDTK6h+>%MJuzIFR^1Qv(pSu<JOF)
zq2j7S0H(}+!bv%dl(mDik@lc<e46D2gMymcm(VK@`{}o{TfFf5_f=J;Fs0%{r^hN0
zA(+;7%aDopdoHYm7T^O9MD9ycr`u7LR>rrzllY^D;HbCI77w0gQ1t*odLyMcv%+!Q
zHiVh4<ay+6j6VfchtZvfcUXrtVp3wo;W=z+AJqoH$=6}IpunvZ*M;#~<OAXXTd~mA
zF-T3m{DN%oNX*yCI6j|l`*GdU5_;kVh?eu5Ka{Hwyt=s@doMVHb&f+rLB<Avzxk)~
zj332Qc&)jem-~fjO$_f<<7~ce@d=sT3=`lJj34J`e(TB|^Aa7q=U_TSNV*^!2^({!
zX=~Bm66ju#+5ry5>4}__z0DAF<gy*|t{X9X!Lq(bWuh*Q2COE6hnLqS_+YR@*nQp5
zJtL7}_UJl~q3bEtm{c_`*YTL?bIMoQTL)B6+O_?BJn%iUD}xBj`_&$lA)w{c9%G)a
zNVrf5_i&oV7Pkb5OTJh5b1JLmwn~FKZXGTI81#J@JYb+sNuzs+B}Rakrd7&*I(0#T
z9Zw$<8_upW&3B=5bE8%2`*i<Cr)9msUD!t=_g3I#e({O#!C=k~GROc>s~dW9VBU1_
ze0p)Z>&YbjjKS@>;7oHl-^_~*uAxxz6f2eBF6Lvtib4g;jgjGbT~`k!Jb(FlCGTrP
zrgQspN@gt=5ApFI6$*RXTED0Vzg}B(wKQ%IvE<l)pC3}t#&Y70k@iA8EIzb;_OQlB
z)p2iI<*=;T=f_~~)~&DlEbbqvS<+3RRe4tvFBxi1GV=3W*ibmbFD{CuVX2??bI!It
z^C?dK_Jon6&|-)<@eD*H>7Brz2kNv^;=*D;%M+`6gOdUPocH=2PG0ddSzDRHk8uFy
z**67H7f{vo5Xl<4UH%Br_(_A$W*RGo8#Ltw%SeX!o-Ga>LSQo7W~scGU_!ENJMdn-
zwJyuU<K)+4--tF1rQ{bT^x04B6#JGYy5Iw5U)n@gn#T5@U93@f)i6?e+bu=f;k_U1
z1AFEfQMalS&rt$3RmmKN6SZRZt3Dm6nL1x~wJ>!)t?y5pvNWh%f4g3pRBq>eIQoq0
z+tH|cTQb3+AoZXH5xy&ff+|)mas19iTuV?(xfh#>7R&+TyPrve`afhubPA2v0>UXj
z2Yjad67Yp1I)aIskD8xafchTweQH7K(tt~_6<w74+ECw>19s%h&jV74m>K>gJv7-j
z*iKEn0d|>GdI6tc0*!aH&rEi8QnhvRnbB=NHkr)WN_uC+;T^Wj80)*a+Lp3Bt{e8-
zrtKAdO2ZF3``@m6u4vlT<9n|%vr^yWAG2q9{l-fe7|jXP$!hogSta%ud>8=x#rk}3
zQdK15ZNcKe^6oIUk2{KJhyHbz;P4}w2VszNcl~?SxQKo(iI|n%#mL_-C231Nh))Ug
z@FJ<&z>hCOa)SA((~8ozl6H0SWyxYU8Z%(Mz<NP}y%nz8!>H)jcU_8og-z7{o5U`d
zcDw6-M>Y5a+`8xwD75<vR^htgDoz#WCPRY0L<O4S6O%)pRT;d0dIs&M6g*beo4a(T
z+CJo}N_cJ?dgoK!bh1)|OO&r`FQSUpoAf%d+ff9g5Uf%(zQHv5CSvA-#M4l-sSRmG
zV}-Fkp5sG_`6=C0*aR--=Ts_#Ht{3+YyaNBd?pI>!q@W{%`UugWU(;&VN`?TBBD08
z_X~%isEXnles68x<LA41Y%F#*Y}@&|;!kCA!FHZy4_*8rokmAbLr54@|IrAhW?Xqe
zTfXVJ%(JErMuqH;J;MW83oEV#J&P+eWB`pWHcU%h>~Au%3^5*e?DUGRrr<1nop<c_
z4E>I7U!xPBG#qa8x!nYsDQlFy{Wz(WYg^{e<ythfu;dL(gOf#XD=y|P63>7=s6Nl;
z_Ucu&;6lk8Z67VQ>g|b2iQ&BX(bmq@(UFm3n3Q9uL3x=-zL`Z!B%gy>ZFI%XuZ@v)
zq_LH^xS^FrLP4o-LSbo(T=(iTG~JqYxNfmAi=~^maRYNuK~IwS{e11a4zAFutflU)
zz>vpD9EKMe2vezNmuX_?FPskyQRwFt<OrevnJ)WOV?8|7l~%J9gmSX#a-1uxoTNcb
z_~QuuuNNaOnqLI}bhTEx{ycaQ{D)B;!0fej4EU5gY1_6eSk%JdBoh8Ac=KYzpjY}E
zaa3G-2s=RLldxY3yaq78$@J)?O)1A;{ul6#^W&n!5ivUY?FcE$eH_>7CJZ~eJL)w&
zh7U1{?JF71m{7CdAlbj|#_4@gs^!$q7}GVsP`GZ$Uv<J_OJJiUolifSH+KV%s30Do
zqj=N9MJvZuV7dh-D0uWR+nY@D83$z~pT`NdeBxbu3!d|faEYBK@_EjE)2z^{rF-!l
zh6@!cAdi8wkt|H?3p;^|Ia1m=xf7c;Q%TBdCq9268{lkql6oHuR(VwbUIh9oBir+x
zM$goP9jG~jZm~yeJX43>4!Q-OQ$8iF$GjKZZ)WrT&ZCM%`CjN+0;4_deURwJI8()s
zs-N0QaW)|mO6BZp4RdZ42BXHdxe{T;<wha178b$9725)GTP4T6autV7Hw?C{B@B*q
z4GgxP85nrM^74*boDA(k^o;{b_TO+|-a)@I^2h7LqRtv>o~LYTo1f~m8YxDr?B2v|
z&2gTF=hW}kG={m-!XoD{6i-b0IbU`$Fm+aIvjm$@<@(r}TVX;*hdq}tRf52NU`%y-
z)uzjp>rUb&_4-qNjv}vFPywoIO5-jsbT5J7RrarE3Hd0~ALmb`f|1}V=^v?K<Ft2q
zZa)3wOz~9a>6@qNi<1(18~cS-+v|bh!+q$LYUfSj2Et6112OXM(f%vXCCqFmN5u>c
z$s_f6V^);lelVIhNeb^KwiG(7%N~r-APEV4I09mHTi(x0vg>$I`w>pafY{jU0LLOK
z`BaSAcpZ=q@mC2I4pPSZQr;=N-Xlq;`1OO|N^ic>BQ+wU;wLuoPF#c8J+C(l7f0S8
zjhrRTMLzY866bWrrte1)<j|NmiEX3?&&ain$$kd<kf@fM`Wef~qulqamM+4fRkzlX
zYo&;>&y$N%Wwpgcj1v4Qrfz|ZAnm6&VfCKR6X@6V;_aBLsASik8>51DFYD~TX`5m>
z@D-z&=tqc(Zf_8N!#fTJhJ(FP5iG{#M+nb}g-1Ji-A6k@1zo<!FL^x=5#cd-Lua+v
zgQ-IM<-p1q0mgAlEC-S&Wz{FAc+C;vSN(d4sW38E$L*1?+Hu9>o<4@`z@Bz~aLSa6
z<)^6RVZ!SjG?6Gex-|yp>Y$q}&KD^E6ys1>QD&47Mq1nc=CC$4RN>}eS4;D=qo=75
z6Lwv$0@3lI#0fX*X7BLoXezad3dDRw>vZ@;c?p_?+IOq}6}G0kE^rcZiGsHftTX7a
z#|<q6E20j6WUZKZ=v(KrYfXoah{((HT&1Zf?nXUVv>ENRKY;N+)8Cgmz`TWgF1U->
zrJ2tpIV(O+Sm6nVJ-RvZQ4^=TbLg`-ju~06@xbiw!Yh`0k<RQffhF^pSp>}E_Yiba
z)L3EC+RmV+&YG?E;x7gC4HnZ1#x*ko`HQtBX7<HV-BQL2FN*3zv};~FuXS8#;v5%w
z62@N6S4ik{D<fq%9C@=LxPcxAj?qXHb@59Foz(A84#=ppH<aBlY0PP=*9^9PA9U`u
z>v@oR9cC}+jAn2Zyt3#vtHk8A`7LzBi9+2iP>}%NXL7h%bi=N?Sgg^h0LMx>e<H>i
zLul&v@HpL(vc@gG<Y#|C!!fb|9k)$K)J#+$CB|WAAkseoK>G}hmPCnOHS9=~Xk(Vt
zZ=kkohb0zs3N%EN`5ZoVclWrjr}xO-r@F;wx&%%XM2PT|&HajT(1_<<OOxLyBQTv{
z2R#%jO6^1goW8ulcBZ`HBo~<MBxCsha^8`biuDH>Yik!8KeC&st7fZbgFvn^QEH#m
zFSC9LdhC^e;OGOkuofn<zL^Uy{dulPFnNgAh)NmEl3M^tV$T+Q`dzxQgDjA(f|<tk
z3jSjQq@Qmgn38WieIoD7cdwP~tx@o&J4!W_A99vmgg}xd!4p_TY|TN>?sX+9Ae}j1
zlRUItd%WGr{deMMu!uY<drJ4RHE76z;jW%><9|kqjOoGD`33SfsGKPBs1O*@vjdc*
z7|<r17I>E#@ZEnCj_wRrfyNdj`@b)p4lMNltuvti_irT~1qLvGCq;b$e@O?j%?@a6
zl<%@4Y}?A>hu{Gi*|qd_kSlJ`^8J)E0gW}3ysi4|kdZ>wB5E9?z3(UTT&k|sFi)2M
z>V-SEj)NiP-`paAj8NLiU)!a$F;d>?h$Og4fWL0D22Meh0_CF(3%L6qprY9&9nW#C
zfg^Ak;LHU#@siA!<$=smEgd5ZtM9Mgk+sSpz)TO#-X`@TVL5FFLGG(HgqaY55%Lg}
z`y`k;3bIYyoDSv~i9sG)NPu$)_J^C(TSr9fBp8nz2T}u=B$KV3k2bIeb9wVC8D0e+
z*JGa7gB=`!qm8V{<96heMyCsfKChH(mW@X~uaqKIaP#q%V+)ZJDA4hCscw65P`$-L
zlf@T7LIaJYYzO@1p1?J5a8!x3Ux_RSU8hkb0!f~*z3Q{s<ncci+sbv-w&+O*Xf8&|
zJWnQG?B2~+8}0*pk9U$wUS2v1OlKkM;(*)AzI%WFky!U(2XJWuXamHzZ@2SzANO#x
z{tsMMcMdfA0GhRY{Q2+KOkm2|`{|VSw)FFI;>+qj&%Qrp_3T$WwRXj;ef{^m{@-!d
ziJ)w8dYZ0qT)M*5?3Ee2)hFlG{>d%A9$S7BxKYbod|8S0pBXRh%>O-R*y{S}zZJvQ
zrn0)(=J|d8@dXE2%Yd7H%YVPPxEQqX_2~4wz-20V&+YQ=SZHf&cb}ggVqH+0^u5^$
z=;qUxZ0jPH^@}gtuo1Y9rM~RYU*ImuLlxS6QRQ~ucb-2w{b%Xn^Pw02GQE5?xBOn^
z$I=+!AxMW_^DL>-O+2}++UVuA<Mn&9M7f<N?XN?34lqY{`_HfY^)fFm0611J9=~kv
zudUbPUO#(ja0NI4{^;}}>uA|mLEb%wCh;x*Y5nWN=ho><tN$4M|9I%n%LBl9(`Qk~
zYX1Ft@l{))<5hd~%0I{X{L`!U1N#ov9GdL>ay~z;g7;4Ag1F+o*~8~wuj}7^eym<*
z!8VV7@$3u2K9ujta$TA6f<=}MG?zWM_?+d(%7@2yKAV-j1~|L|I?Ss4hQ{5#d-JEI
z^vh3s`}kzK-DgR0hnl+Dtq)!l%v`bWmow|1T@PRSyq~`A-p}Xr<@09(=iWn4U7z`C
zYs%)k%s}7o@3)ga_<3FA=4E$2mCTp^U)XS~$=@!Z`=|AOU}`@OTz$-JUGSh`@4sKK
z*Ih1I0GuPZ23q5PN~pwx|HU`ZaZkCWC1I~8^Qi-u|LynMy_o;L{@uszORIs$2z+=f
z|Nlm*%zWS>Ax`pZ48Ar4bJ*<H=}YZAb)&X)=zo6Qw%mAc{H`j{Mpj$ka)@>PlV8<7
z5}x0o&u#Cv>iVR!W&BH`<^S8gn*a69=JUJ0?*4wS`n0Y;H1+>@!n}3H{?Ebob3ikz
zQYIM*pve^Aw8^pQz+(68zF$|@?{aqKvgdMaod563a^TK}+VW`GwX;n!A4QpNx$L(c
z*{KVR-vehlo<(I`IVAky^=qG<v-5VHlwI`a-}n9RmoeAf{ZO*(yLY(%T4&HU!&v#%
z)8nd6&Rr|cf$Gkh|IPA$4s6xYn$kLb`R_YF`kAkY)qG-9=zkG#d-eK#S@-|GEC1`t
zkR<>d4SvEXd+qn}`aka19b^8k1QyQE!Wjda2eb_STYpneF!XYHMgy=qVDNPHb6Mw<
G&;$U_t*}Y}

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-new-default.png b/keps/sig-node/4603-tune-crashloopbackoff/restarts-vs-elapsed-new-default.png
index 0fea89b9d3a1e5345ed08e27d303055aba7a1fb9..d468567898309a8401769732e3e1805d8af0f471 100644
GIT binary patch
literal 16381
zcmd6OWmwehx9$Ln0uF)-yfh+$v`Ps`NOwp#3ewF00#XK|2nZ6=J#<JjFodXdcMOQc
zkb`s#1Lqmv_rLc(d!Or^FK3_Yd@+7CPpoyXd);e2@3b@&p`>)A5C{aStR(js0wFYn
zKnOf96N4+imVBxp5UFp<a*uSMn{T4XUg(Y@4}(Yvd9_XtIrT+r%s-Moc39e}(kj`U
z%ahcLx})g-0KK<&Bi5?q>E`Z)aaEo?ula+T{UNS+RTdHoOsyNu$8hO73qk_I%WS6C
zl`h{5p<ro#J4biW*O!!N9lD{+{;40kZ_ICVVD72fa*P<8Y95sXBl%gxen0^J9w8?n
zgFsqrFYti>q*IoIKVK-c5JDioY5(8dXd*7Av3PN>a5>NLp>5;)y-G3MSgDy~x`+IU
z>2^lVR&{>9(&NXEtvf#6+`-PBo5MBJU3|9R;3T=ZxU6@Vd()U8!E%Z%4#BLrVvS}4
zivYd8GzrIaVb*}s=UUT;Cx^}F$ga8OL;>3=vlmaA`<qXf_^bWqAi<&S<H1z#anG)E
zd+m#DvkdjqDSr;ztN-=Ld2YR%zuAeY*|wjl{`q#6X`Ndu<`)?@VCs+n@-8ZP6e53O
zlp5&TjH|iA^w2PpNy5SB-O-;Hi*}!<R)pXF=TUw>LVaJ~dLF}a>Dd>%>b|SF35zAQ
zvoUYTXhIpDJP0~#%*o5^UN38Q85>kfc`(R8wl9{Lm}q0Xay97amG7*`>~mS0{xs*4
zqJ{RT<n}A{!aR!!n9ffey}kibLItbU41L(1{{Do)Y{l-az(a9?HzKxu3<8C}sCsRo
z-&bq>4_$WAip&AlJ|xGcCz90s=1zfpCq{dRS<TGo!!K6t<h!52pZdNjL)8j?F4%+3
z15R22n-8LSQDqu}=?(D1!j$&OUdqj_J{#u4*;)&Mkp-{<d9y_EfsfW`nsK*toWF%p
zdaMrJt}UBA`}ykX%M($Hnc49{ezS)3VVj=M^9P>h{^O-)n0xJc>46S?y~!f|l6vwv
zWw|K}vTw<uYuN2}<_28Waq;|fto>g@(<Zep&}l{c0W}pBQa>~2TZ)l_=zSk}rdFGh
zvhq9h<ToDH@up84nx!76J&6J~H`JMJFDaMVN&2vD=}n>=`#pu4#ghYO{O1Duw4yFS
z*wXy28aj>@-$PsYE>TU^d*-Ex`)E{DRP+Q$q(w*1AB+~w?@c(CA=xJ<C*ft0u`7B{
z4%Q#E?;U%w$zb`+5F-J+Z;8nz;MvMG+Sv+;o^Qz+D>U^eR~<Rg0c&5;ZEvq82WMs9
z_ES@Q!Z7$^%&idz6Vw=IS<U|#`B&&#wy?{L9j5vG3>%Z2?0B+<J)NFAvxzJ-sqNbv
zresGp`|Ud%emR-+lI!!Go7HZO<2FcII58@^-iwahLyB#*7Zn|&CN~y@P+%%eU@GAE
zM9`a$3F(UWj@~i{t}qQ#@=DYM;`}r<?^)ysAtQ(EZ*A^^9~qN?-(nX_%4yd~c`(m3
z&hH3i6I+4_$sprBX3<Rn*cq!l&2-^*m|TbUbbsMSpqLl@(Cb9Vlo{>iMLOJ_$ma#8
zjbaqH!8m?)cbcy0Wf-1IJWKraX(7%35arW*4=O$SZrM}u#GLV9p{-!m$F?$R9L5a!
zc(f*ADSGR&adyZ0NP*6BU1_-c%HHGrCJkwleKE0<oO$&;|FgY3sW%&WI-Y(#;)twl
zdp{@4Onq9~X!v4viq*4c&oK9(zTR_1$Hl@8>5&5~m*a`sU%q_#F(4(n&8=6waCg>!
zE73~hE~8XnV||&y>S{XOO6>I?u#r;s!50|2*`f;OEvjC;$(F53LRhv({ac2-MEz#X
z2QVL4pDTLpdFMAF;O&8oI2rQl_;w6>Z}c$pNuSX~@iS;ux`xCkThchG7thGHouuP~
z%oFFyith}b)cMl^DRYW-a5STsM1DIpud($kItVu&R8MnZMP}P)*0+6T?BeN^>-YCm
z7^^n?+U%Og;hyVF&!uX-nre4MT!kpT*k>wFq2yuwvctv0BiQc68!7AhcC9Fz@nAg%
z4o||KyeYHzjWFln=kMRNwGdj_n=60vN;FUBRkX%cg<azV>=mDfN&R#hb%A|f1JP?T
zuFTLxzvjBSiQTXP6;;(<yU&3x=&rAvI`Ge)hz_%@b)`w>^CQLU-mJcTz(oXsi$ob1
z>^AJ0KhJcm*+7^4YkfS%)+ZdxQ@(G_dI|Prd2W4m$j$5sWMoty#EQwx4+uTdkn(>m
zH!deyhW@a#LgT`g<;#l=2o+}nIKyEoRq{4BL~-3}60Fc$Brz8QN5%t#t1eSjoeVx*
zLTnry$x{0c%}R2+_1OVs2Mc<F&EmE&^|CP7gW=5Ce;<T#wL_d}+4?gXGx-%<mRD1i
z*NAEv&v26%>B0xU=N9co-PsmLC%5Z^&I1Klm-co8GsVtM(Nf88di!V!e4@R*{==a1
z5P^uX4$-a61vTtyzlDWCo|@NSU8(%=g16St4z-_YkjqJ4rMHS~*x|7k!3(ym<C(!G
z1MD_e(p;+fQb9XRMR$C_UTd^j;9z&^Ftwm3iTa2La!nC=iO0<3x(oC}B)e~(6%3)!
z%{hT%S5LaJC#I990bN5o)BSSlqp1-#leN~o6?(nbQMBFZ;EyGZ?hmg@aD4N_uJntW
zn%##=AS_Yc^`tue>tUZ0Dler=_A%YN!jaU^xanWbT$Xi=5;b_@mn<NI4lu_yotb$=
zuEIF~w&urTI~m^}?uRQWM!|BV%QndNbBo*e!ZomKdm6^ZNt^|i&5@BWR>W8sGY9xh
zpzg-I4wDtn;OQFjlQ7<>-G|0#&c}m|@i@sMai&#UXdXOJgY!y5R8wfY$AFje33dP?
z^yKRWony%xIMk}ATDl~%%RNs&KA`b$|8mT4SKMtFKBpZRyti3IwJc<6&nSTP-NcG@
z<;@QlT*Djsy{m@Mca;Y!c@2>aqEFKS{Rz8Fph`IW%&$7RGR@}f^w^sQ0tpVIEYI;!
zQB2lnD03-$2reX1l(V^cea2+w8Kh29eFG#VOa8xskc8bz-~(F_$Cr9l5Mrlv*-%<S
z97JQMiSkE7LqpaeromU8CE#ef>|J?Q`p~c(6xaPM<%~bqv?|GH_$J;$Ms5;PYel_(
z|K9r7w|6e(70GGClF>(RgO1*o^BNoM{?&YAlQQwS$+Lg%4E5g+JbjLJOAYv;WMK;y
zz+<;pq<bJ!c2kFPw`mNp6kOMJ$QlCySw4r@*Sq#ZIT>2dL^iK)+R5cutj&)cY#Xf0
z6m;a2U3$yaV9&fsPlDsQDzW!*acSuyV;Na=Q=hsB%34O>86Ji#qgq`j41<F4Y1X))
z=x)Hj3T@IyXjzozX{5%a<2G!E3UoMD=bD4!qQAU+NqCG7I<xiE$m2jp%{BT~?yU|h
zig|C`@j-bdsHKXHGMvvIHgR0K$|P8OmEpn9?y%0Wb8>Q>`J{u0*Maduj$<7<ni5p7
z8EsQjp7Z1Mb9>42PnwdPwtXr0+MBVcEkyb~0fFI%Hp6iB<tC=_-I}$)_<3_h>;v^T
z*hKLFq|6&G>@j3S0zX_p?wD@m{4?BQ{M*)hD}#Xku>vL#n_v+*DRH=Nac=x0lF^Yc
zc=kZj{MGPGy=QK5agUmj_vX|nLlAC%ymz-CCx^{<f7AfgZd$U6di6@T4jyo8{zd%U
z*+H$%>ki4%&?~g84c?pg)7_VQ5;20Pt)O#%S`n9&dfcEQbEk7HihZm3ys2KwrsuC+
zfoi?O$}5LrTruhOsQxBqjBqeQv4wE$UFbD&r8kaKB6OKerp>#lTXos`Vo9UfidPR)
zB4bh{1EyyBIy*^@pXcht^@*CjJ})~zDO*0!3_8&<s`tpPUDs1~U}X3+TM{(R;ivEK
z)=RzVvkPk=e%FXYi*#T}|3l$gV5)18FIH_Cgq=RqranI3W<I~k9CYgbljLC`)+p4U
zk*c%bbQ1S9wGvB^Z*qYrBW>l*TgHDaVrlJ+M|eXM`q%exo8Bl{*Y$gP=H}*0+i%{y
z*}(_Wf)aD2Up;!S-tS<8lS4BtR(z{*IDwm~-JJfPp>5eFinylHc2-2K_bY6PtJ5SG
zd7}H2Yh6%1w!=Sj=GF2J_xi;#b!{Jrr~Yj~GZ@>st3LG7s9Tl<`)m>t5_kS>rM$j%
zkz6>rcvj*X&@C~J^!M>pV-)qs=~@8%lRN0R+oH!VQp44^AGa*hd~eu}i1><I)TqJ<
zvh@*{>2OnYc@VW2Yg}}+_EKHonH$ZuQ*85jL*ipE$%Ta|DLz-^e*EcCyHt%IvF>4I
zF~*A(m+0@h?pNl9-sp#BxKNe{`&IZKVlr5$O6}+DUY~f3MkfPCt!i&yKysz|WVCF?
z6T#$o^n2dMdO0`2ym03^<Cn=A=j6l#zxg*bg()VD&%e-qQC3&?iW>ca$@%%`J4zE$
zWXL3~GOj(Q@pN^4{dn4fAt3`q%S`5a4-Bg7;Zadvc1smOz20_J3Wj|S%<1oui5t+T
zN%)UFw5Zd{#qI3wqOg!PYCHl^QBmFZKiJ5)3m_mnAp6N%(%fuDM5I!g8n#n2@F_-I
z@XCr(gvKlT%e#{1G$!j*uf$HWT6_F8nDY*=GKwuS6-B%cXRU0eVSsPI1FBrvWN<u!
zGtZ;eld3q<p35|y?U!{&1@7JI?CbOH-<)fn+w&@ApQ&@tt}lDU84DbA6seIT<(axX
z@;gT-md>f|VzI^PFB<mCg!#<C!kAX+(nUR&FTCN(TNT~BUZ!7cc=K>Bs5ziczc2Mh
z;_f*BDf}HG$o7Zei{C;5um_!A-;k-J*qr@LqP{l(V*R=?rgV&p?_7=j9nT9nw#|6y
z;b}j$egf%6U@;KL5qJ+Isse=6AS(1<23a&j^8d<>YkZa^MwJQ}#5&*cSDGdkq~CrF
zs==oL4bnI+^(4W9AqH{pjgK0sV#?vvyg9&BDgtpQVSQjs6X0D`Aa*k*Esf8%KP^sV
z?u8Df9?f)^!W6U^t@sehy}vbQ5elVemzS5n|NOV*>Uf!j92yMWiG-%S5iqn|uk|qu
z&cNJP-rRpvNHa=BOvdZiHxf_m&(>E%xvB~O{EV38((<xOf0_gedsXVRJW;suV9Id`
z)36nvlEQFknk?+R2v&31+sG)f%3+i%%M<)W&1-T)*T(J8o>cL1<XlsLzfqlACW$I7
zE$vXACi9_brA_b5G%%~7D*NGoen!~xnT<^s8GoZCv$q)nraV>SygutXUYZ)4kdQnr
zrjnbjADvRUDsvJ+FEV5&NEe~tXsO=ZhKu<~pqfW~iJZaitJVXt_g*Nk@%lpmrd)5Y
zG7H!4Z>Ng;M6NJ^edC=cjE}c}j)yfupJekV`8u!YO7%;OZ)-~I$NIYrWIVbLThZd=
z<cz*48`=>}K*TC`2?DWHtqUH_lzm%XT`Fjb@<pc(RXkI@{*{!B4CP5L?DR2`QCtP&
z{k?jxjImrXf6tu^Zy@^-|4laYzcs&%N1VL8aXme1oxQ!)n%_axg+T1?@|o7LTxVDN
zNO?=)b9`LfGoN>4c$H<qauJPgm{*ww`?tyG9)ce*-3KaeeO(emV0PsV-!A@npW^=g
z`)c_rDk?FWQaFGg9vgh_uka85ng#ZyR!1k{2Q%e&@u2{kjkM`>#j|h{gKUL}7@|w$
z6L|~Q@aoMsUNfuQd56W0=n9`Lb1ZCz75G(fU6tcFpU=I9Sr@>1AP^SJid|f!v3=cC
zQ$Rz27zVEaNt+IO=_6)U+Tu!^9m4)R<+4Kc(l0k7lpE<$p85B8+!i}1br!%wV~q|S
z_=hrPmzI_~Ki{)bs~cj?f->UAFj91#L!)Eji<Nqvag9@=uCDHc865+DhWR2O0L8?_
zJpDQfBGYwNQ_eqEX+TyQ@4oOO(XHCDm9QSR8iUGhRjCWEw&|s-UoUM~B(perxwkf|
z>b*6)nKtZDo+{=Q1ClYNLk#K}?qt7O5*SdH&vFlK;@u}NNen=siVLUVpE9GXdQE0n
zI~Ul1S6n75ZI^mQ=3@OZ_3aYl%|Su5Ahh0~qUr>0m}}7-`1e<IjE%X#@CD}`4mKt|
z=D%KSP<@r)M$oMq6jEYR>%FypCzdZq2k@d;0B0j7z~I9G6+v5f#d5Nn_I|!6+m|lo
z>Z5#_gt5HJ(CCjhJ5N=)>v;U_wuNH=8KkZE#9>oa_UxwWfN9NW>Vk)7pD#cK%GT}1
ziWB`!${yQ++a>*A>yqLU61sutp<b8t(6_><>r=<IfAe6iB}3qVJ^Y6D4r9>;Q)!iq
z5`MZsd{D|B1dh9@G92EPa&fb>vvc{SV1wpEK^*y^sthqtDjmZEH_L$mD<IJ<{hn`g
zN$&&jfuG7{%`);75cWw7=qlcahi~$cZ~|wB|GLEdVt~i37D^|m6iUv>b^G@1`_>&4
zw0A9~|BP{<s&q6<K3uI%MO|IUU_pc$0G}9ah2?KxMR5DHM>6L6?k+EPNtd|lO#|m;
z`CMvbUSa)?#K5=!nUT?gi5UPe3#NNg`{LN+dMPaGQQnBQl?*-$Xu_w6BnHaL${rgN
z_pq>R=|5ME8oW#BOaCMqE`oSdY@sn;lWrT$*UkpXXS*aS|BsuLI0GF6YJff5s?`(`
z!+WC^w~>(%yJ-Z2=wq<OR_QLW__u!+KC`t=w#+4PME9j0tSW@#{jRhNFPgaJnv7)r
z@h-VdU@JDrxX>aXX-((R1NI8`zYD+?p0Ki;0t@Mrgx<tY<PL*`-^fVakXtoSd$59~
zEclCIfVU@>xC)w<7=HOG3BCHq`Ue3Kxh*O>`MO9`^7xz6@`vAl9LpF_+eb!pua`=m
z9a(+VyMVvSQaqfe*?qLV09>owGQ<=C>%_dI_;V*mz_w2bB!a;FmwTfBm_G$E-W@OC
zkxKa!d!id)?L75v^Dj{sN5hm`9ENg~BcK2>(km+N>!2OhMhbvIrc0Xrv0z!~(<E5c
zi?fyxqTbS}lWu@>akgo`KTLm-06Yq>z4A&JY6O<5vf(D-J*XjAWufqe#=Ss5=ZYAJ
z04%$9#@u$P8-n{of31BJv_$#L1>Ape<mTy{$M<2Fjt;M*KHM9S^)>)I5=9PD440s6
z^+VdKOUe}WpNWfs4}Rv9Vf=zvPI6rQLGK!iPV<kn_zMDYmvJ;+4SYFk-wFiPq?R{D
zG{b)&GNH6AN!+JY{ApZbqP<V69v-j;E-#_c-LFZm1MCDefASmc**p7|p@J5mJ!|7F
zl-IcGZoA(hhF9DNQ{_hp2}V@lkrFw&F<GhJ%YDQRCn$2AYl0IN$B+6rSgd9p0_J8c
zK>(31UcG4BoxtxiZc<`g{l3KYDI1(XwOjDPzCcQF?%{Nm{lX^5f1j$=A_ucF>52j9
zS#QlEy=ji_faes;VXZ0g<Kw}AmGha@I7I`wb_4?o2v6m>EAw)4KD!CI|B~apbEmwa
z#TKkCU=};4yZzk&zIb>|Y6PFrr3IeY2Yvxq8x1TmIaN>4l-IC4*x7YWNsR~(w9Irl
zRcUd=+)zWn8!8%DLh&}j_E#!rlAwJIi2=X_oA(r6V0x-$x+@c3vg?sg+KB7tL+NvX
zpWgReRx9EF1%X$5=Hv1kbfqwDe|PsUsEb}KU_BJ0nBa>|W8-!xM0G)ZX0sF22sodV
zvCEVFwNV$6&}ZH8i4|A!nZdXb<z_+kz!ZhwC{)Y6GS^lDp4%cN_A&FKtdQZVCGkb%
zx`i51JTWIP&&h;UR44Lq)-iH*DHDb8s>JU`kvs7C%F&2WZqx}o(8n+@{V0Zmm((uJ
z2A$(<`frWqs?t<Cih%j1Zcf)Gt0xJW_9hCn^I{@SfK}*O?5&ZM)IS@J;HmyuP%G-a
zF>w<_j{7=^fchouua7Ij$ia@oyPe}fvQ=6;6cYaaJ!u2|n)cU=#Ty$=0vA`Invr{Z
zFkis)Hrf=<&v4Hs%Add=to;))C{u|b8GNfg(dN?dR)>v=FBL$gY9RY1?MAvC-A5#~
z{q4GoZ)jP-rX#$<pNF3od3LhiyHt=#IL2Mp$XbRxND7!3pe)3j`ZPY%)=7*`0beX#
z@%b3a1vSutt3?BSY0`{><E2hmRMR1HtJ8lA$pK=h%>y0Tu4&h1=Yu;R;_zhxDcOs~
zKpHmm+h4mqZth<)6L5%%!3(#;(ENRgLg3-{qlJ2SS{f#ldN#bo*%zB(o?3>*vIbtv
zqhPlGIGCwchQ}6~=A-Xi?N4v&wm8f+At!~U+a4<@gaUN{#LQwNfy0_Jd7$yx|M}8w
zvpPxF*@xGQVUMsi&eI!wVY029-xPsRACK1?;DyDQcd(=1PiO`0KGKf9uhs%#l&qrK
zd3p>vS867Hcuow9RZ%Qq6}26HvqvxDl7kOhC1cJ@U2&M$48EYjUzy&_NkMq_`8a^I
z;5PO>Qj1sL!Ow;9I|5Mo8LU}@w-A9Ao;Cv{x&>&YG|$FVb@vVE=pU>D9P>*9OQc@9
z3|+Yv!TQ0ptH}SvMKu)1Ksa+aBfLs`Uyk_7UlfC)5Xfncct$aRXEWFR)x7j1BN{=T
zR!+7@uSpH*N->SQ8kKMQUtN{7qn;Co2{@oW8<%;H6cJY+=&^yd{oM@;PS!s@(1PK|
zGs(2wNRfFV2*iZSz|J)4D^!7iBlf^J0l|AuVt^=_0l>e>XD5vZTK2e59y6A}^^#f@
z8yon;<Hb)qfca0E5kTy!YMdtVLI|KFtuHSwzvL2h0<LAu-*v3Iqj|okc|Yjvh0cvl
zc(O|c@R@<56{-V}!`yFGA&NKe{1Gqm?k1dI9WO4ZB@6e?jLH8hYdR@3>d#sK{AW0f
zzjKs7fzYj?A#6}^%N;;9$drC;kmZBSRDB=DD=GF58bq{%VAykw4r(AqLD|i_s3rB3
z4o@6|U6$fOZe(w7??OV%%dqD3J@gwsaA%MMc^lEHVgfQ_)I}0Dc7krcPKrW+%73k7
z?SoLMPhtSba(Tne){ih?my~85rR$N%d6nAcK_NpWCw#1a0XLa;nyOM(h@e}FG+fnt
zX^c>Elx5xiE@+u58DMPwVq1Q7AoEp~-QZV-byP#`#!UV28VN-D=>zv)ukkV#<Ch`i
z1rogoO*JBYkRSDqUQ1d`^)dhzm4ttg+-?H)X}Q{Q9FeV$K=p#6+NO&g8<-i$i@1SR
z3Dl<kJDy9w0vK|y)-GS)y1%0%<5cDrfSKG|hKTcwv)kZbvN?#kq3kG02cL_OjMl-e
zYP}-;dhF%35leIPG!!&K3yeZrJNn`I=`LOfRPB!EUBbsUP$e@aB_-V`g+K)FfMSzJ
zc<5SH2If}2>Qe|6KD<e14MLL=_$@GePt)&N5ffdyj9+0E8IX>B#1m)BxY$^0(lCdc
z+Aa7}ZU!+vQ~e%J(~zxSY1=Q{Z5ix_4*<GWAO_+2_sda0*{uOB^QK|B3`jyS1u#l$
zU|yK~(MI3hML;;cMObn^6Z4o|07PEV)4weg>d^)jQNrh7O=^HOaHHI<0pzh8-sa#?
z_4ckoUCh@9(~Dw~P*eXnH1yaWgonwW9w&RN?A8Pj3RhToEf5cYScW&wxhK+9V2!H|
z;#?Rr$cVi7WlDaP$}5r>LV}-X84x-=aYEkLdZp*!Q263t(iRNmDKL4u9N1QCJCnZ}
z26<@isdi|yHdc~6dL58PZ9_x5_|ga2`spur-o?hnO`?MHfgy_yhv4-IkbEUufmAmd
z<l#mjcITTIdj)`bV3vFE$r{M68|dBi{upzZB8NuGNBd!TeYQTgL8&0s6hSkdMn;5|
zl8qVNupLoJC}9xw_=X`KF;*kg|HQ8D-~@tjE`Z?f#m-Oa<#a&PvbMJVOjZ_b7-l~-
z*xUk=vsfJVFgbI4X2#TaInh?lnGyn7dl{NPT4a#C#r8MOH#R<Op#NC}hz|hLq$E~z
zzh)qx=tY8+BLfL`d{vbofLUX$aP#$F-YjEaumBz;b>Q=$-exn41;4!m;H_Kss)RML
zy%rHM$BL)lNqs0A%tuS-9!Z<wX-|<L?7fy^acTWBUH$eC`lWhw8X4Uvh{*i-bmos4
z<%)+nO;)_o<{kkY4EW#L%dyI#r<sVRF52oO3ICeJM+9p`z+MJ2R>R`17p7<z;p6V6
zYw*dn;b0-FA6IlbQGA2aiNug#X1qlKPN_#YcCx>|=^~vP4%WjhSGES|JkB8XfNw<U
zjH{fFh#CB$k%V4+0H?-GT!qekw8w!r^t|+&23da&2!TUc@?@*CNdLI=?)oWD5VQ4w
z>I||xFU4Yz2D0Vm<}N=Nei=psjAW~EH?rQLoR16v_`E8RD`hlf5B{q_gU?&mLPI&s
zOz@ubQV&4##&m5zhWOi?pErKp@<-{J6}KYr@mi`$t1L5H%UDciHLK&FoR8&T&!NSr
z(gs+GY69OgE(&+v2X6%35aY3=ROKK#E?~s<^!3>RGc4Q}g-CDM;kZhyat(+b%IQG)
za&d8S0u@|$Jw@i4Tz>HApQuVMBm&Yzd~*0DGj6<^utC5fH*T_8Mtp$c0*KF4)YM&-
z{gT`kxHW@bsy8AtZm%8!cHvcF_6U3d#8OUvevw))HWfv<gMXj*-ir2Qo%^i_h3vu7
ziq*i7)zwu@T!>%p&x&W=FHZ*T0!8qtAYdul>5>79fSL;#?2GzSu6;ec#Pqxcv(}(R
zP~<pXYO|mjmz>NEl$}yAjo=_y;@fy*Hx>S35FpI52n5;i(H^f5E&;sIi(JL6DFmNh
z<FfoGPjpaGyz+No)mjIeHZ@F<`=raHzspF6Oi&L0DqiMl1Z8rYLM<9Dhq|Fma|tHL
zOu~3_ai5KeK{bQ5xDeyH!WytB)t*3jNPOU)MWPP`kNefcUSmXd9e7p*bI?)@a;aaU
zwx6uXH45L~8`ex-fCT?grztKotsgS`R!TON8uLI}_D`B1eaG10kt&~E`Ovj1#_u25
ziUrF(0(dz>%S&D;FO#ax&C66MFBc+r9e{bl<gE9!Gk#hZ$*6Tji9vx2QKAkYi9{c<
z5bEOJHXEX(i;u)oDkAfHL&ofgR463FeIVlVenSgw^-x5Tmz51mGze7z3-ogzrOuE0
zW75;N##&E)w_ROIo;!u3s30GMfu`YH%H%^DiUG_8L&yd|w^+jepu;Lk!bYJ2@2tmN
z22HF|XWLPeI0neIlt?XnKLum8F_8KSZeJFp24esdmLJz$ohrO%_2aW;TuclrkT9zo
z2uPwp@c1ncVopz*#58yZ<lOZR6m}l~fM}#k^71zwWx-Yk9vN5JJ&D}MpiI0mGxqxz
zAcDHa%_{4L_7dDs{e>S9pYRG3Dp=w6-|0|He7w!swy4SY6=q3OP(k?fhMeDajJ~Ch
zLJ5$CpKw(XMVNtTFkRz}nt#G!xr#$fY|ug|#80I95Sm38#{5>5bK4UjK6r~{488~8
zL|F{Pv`SS3aq-TMhrox^mFy@y`+>@V$f=fi|NDia=v#_iYokTIL30GU_%|*_^-G;M
z&b-*|wW&nYyEaDmrV(U>44oVGb#&a#RB0OpptuB5Wp5G4wFR&Yb`w?JaTvx2fX?`M
z+N4sO*1Du}vOrk`K^D%!<N8I*8Puvi0Wv;;f*6AJiRZWAV-)umto6FL2o;%O0jn-@
z&T#<}=4#9`l1L64Gl|1T8pvyqlHkifiDF)blPi@V$iNleoA(vnB!f_-SA}M}bZjuz
z57l^Y8aHqU-vu9rJ!$A0<Tr1exIs614T?~T0fXCCROJUmr<3=u!s!`nphReMA5dP%
z!rS2^6|(TP(Eh_&|1wcwkQT1~9rd)*@hwQDq%eh|cwUnq!XnbV|25>@Ge`#@o*sG!
zs-sap^fC7dne--jiU9H}LF0T?FoT#om3n0LQ7ZcdEq}nb?5u$TejAS#`Eh)9<8L-0
zr?M@C!3r|`Vmlb-&q+xRD)%72nLz-cBS3{2@!$7YGb%Byk4e&(z5+x<mXK6X*KqP$
zP`l*dEOT)6!c)BYkvIT+k4Z^!da3vLaST4Z$Ztq90+B@eCCG3;{tcsK)I1-5{d(F!
zAN&_c+@)U*q~5RU%cu+s0Og6DN!xU=&Lae1qu7E$xK>tG^`!YyW?ZfEN2(ywQUv5?
zAUG~QJ_%=@x+;x&)HW$fB#p!W29d6|_D#ID4_cm*EQJ6W@9gOjY$q6z0$&rnix2mp
z`RQ+35(6X@u=yjm@V6*{uvq~FNFPcp5D*qY$_EU|Js3;~3N(>RY8gX7EaJX(tL*|G
zWcwYs?5>t~1|uCvBu^3bgr_|89l{W^^a&OQdjT{Cg<a*i<$>>6|4F$78Dy~G!25OJ
zCj#N)ASZr$P+ZJI{e=iBmrZI2He#paR@B7Xh%+3vyZlL84(N&_zRJV{G|zCLwIA{F
z^J~J@lb3;(OH0h#4q^Fe+SCzwRgRp$rvF=%0#&&==zsFvtRCNJ3ysuTjT2R&iSPz}
zTcCFElZN+7;YFEht$bo`UWO#lsN_RLS4JBB(wVhjJp6;*H9K*|iPT@RU>JCq#;dQT
z$OGegET%zy$x0EZ3O&Nt3yX`@fI3G7@}}RfT<o(=rXPe)cy-gGo5iKAJTW;P+d`}j
z3gN}Ll8&q<Rvkpx2M2T7;*^@Zd*5`Cj=BUzfa6rS&CBdE^CAg>2rP-Ix9Lr)ul0(M
z1-^(+=nT3!>wgwk4hj1oIC1juR5cKipdZ&O&67tH3CP!+)pqP~$k`lRQ$F@^3)`t7
z5qbB)#mF}Z>wh57{ua!?5k_E-#~|$HRJA9+@0d0hWA*#R6m^;**O|I#5FQJichUVm
zvT?$|56%gyu!D9`WC`whG7o(;FPV8?bfT0f-=`)6woZ{$GE$9MVMMPy?Od)dTvCh0
zGfjdg{2VJ_lo)?|-N042Kk=TF&az~XQv9jC#lZR~eATDUg3h^RNV^zl*nP;kYDWXn
z7f0pwC5}vDJ{ShDXkogK9)-|K_`nH~&c{1T-aZ+vby{2=9z`9tI&#9zd=-0hayEN6
zXs3lAJgndJWc}nqWAwXR=?59B5%W6+<Z1uU4R`D$Jsix`r5WeF%PaylKz!UQ$V>C+
z|6ho;AZgDK1J3yAk67{<8RD?B*lBZvTS!Q6xi7U_?`0T$LSJ|+Lq!yEN+*?Qm6kQu
zLSFy;vGr^ep^o>X`OaZjm#e;O^pYkqoX|_9{4V!h`Oh76dM!h4Ug%UG6?{6=dWpHX
zqVEYv7luIIU_aYfU+<vhXd&-G4sk+Uc*I@i7@}osLhlR|s2zNMegBH|L$PWdw*64)
zyGed|9f$;Z>hsEuD%W>x)uiN_8pGewI!%;@A4<cAd^p}MKD$6&B%&X|1w5O_UNiwv
zXjMSn=nDlcf&SHEdi(kIFL~@uX(VSCb!Q@X%yDE#UNc4F?yEJ~SYh6%3|v*SB%iIu
zPhSdrrLj6g$KTjJ08dikko_hmDgT3F97RT7EY$^t81Jb1$C#h#gtyeQjW4{-%Qz5?
zj+3I9OlFU1ezbUMkDb(J1TZ0|te6Fp1GKAACm4~YqRRi^&ASkU+p3JE`X^4G-!&cY
zLqdc!h2q7Jj4h#YrMW{wdWf2}5lqX<Nbwf2gVy{S9yev$qnJe;^I;a!TQ`2TGY2_&
z`wmnaNEfe+dilkn`kF75B8H2$*nLPp2u{v-+WS$ZoA>4!>^sxZ)pco>9Sj$pQGgZz
zNd6DJ`~WhW`v7mabb<wJdhXIRuIRlCw%|*FI$hkI)Q#?SH6>S&s%Q9khF;2mIlDdI
z5!S){WR@R0os+JAbt^qAmZ>tG(F+e~)Vxa-pcz(2vUQS1D|xKUxWSt@Zp>XTvgC>y
zs<**napiurY`C2Fsk-(4F6%BcMWUOho7+y!;yGnLtdy!>z5W$#h{}qwKEd`|@HqoJ
zDqG&8RTP4qlT#TeZVvCStm_*|=X8b3YdGDQ6w$VBW0s4NWM)X(5ME1aN%M!#w1$Ux
zX(2c)toVEew7^0MI(+~B-6s4)RaF(39)ja%saeC~sc+~dEo7F2K^J2q_s*&St0(3<
ztxs;eZk=#NqS6VHl{=k!@*qLFp2*CS&-&;!AbbNWE3;X2X+y)qMXw7<uCsss`ZZ6}
zQ$nnei~B~W33rTyzBS4+I*R#v;#BpC$0cQp%Qx0dPpzW&o39(4Y$d$X8*WjGFa09(
z6cnfJZovGuKu3=aLNgBstN=K{C!p3$Tzzyadx^X%<~YQNb^460;+GWB66xcqi*Gqx
z>4UO68qawv)<mN>x55|sC^#i8rTl|6=+|Vt*(3?6gI{Mq;o|1*j@6y0bxkiesnz%q
z#cc7c%AqesG$u9GnYt?5T{M}-(9NZb@zmJ*33GI3Dp9to_j8Y_&;0Mzwr*A|TF49I
zv==KoSvhJ=$yIM3R1y&Y10ew|GirdJY2Q{8bp{Pg752mII(`K2mW~{vBg%-^<O;&k
zgiGWHn%5_H;2j)NNZ<kIWaOH&!e18RJT9FpvN_guMCZnew~T_=YF7^9jWa*aGa2GB
zZ+u{vi5RBlGriLuxy_pxrV<slQOEFF;kiQkkLs)B8nf}Ix1$s1D2>L>J&x$SMPI8o
zGyJI0!9dPHxVNLIQbD*p%GL=oR%xBZ_S+jjeFExfF1SLVkO@F1TH?|vMZc`7)W5pP
zs(L1G?I#kQGu8?m!5Cw?!^j%WMAdl|(NP*5qFw5_@$|JA&_*Z{0F!z4KA_YbX>8M%
z!kMiYMNX=NQ11mwX0LG(5P($y^kR>)vREqvA|gF9pFBWnve~9}9309?2IyO3&I^47
zx%Rn3N-PDn5-mq%7Ju?YlX~;YNPsQR_W>0!kDo0Bm4BHP<@q0;><Tj`o-BUSv<B4=
z!0}y$%@o?6b}<%T@6@0)IvfH^H+O>;b^pObQRh80(Gt02;OUN)IrXG~23rua<5(xI
z-~Xgin&eH^MwgXz09cWH9mHj`qOA3^K)hNq-9Pb2CE0vG4-N8Je7zn1)0XJ5yXaxs
z)NKzp?~Iw&uJrJpCKI+L#LwT0&I@NZ%OiRU9|4Exq2Zi$l@cGg3q*`>A4&tn0#EC#
zLHR%Cw(3h^HE(0kqtcTuHFx89#2#5`%X#C5X5Zok>X7NarEmt5+ZCR2mZ`&E6-#5q
z?Wh^jQiS0V9ebD%k4t`|b4|*u8~`~W?|^HA%A5ZhVA~a*XbpUi6A&6px)eG!hQFpE
zpuI^#j%pEHh4A(-?_1zsH3IG+cQBvM>rT<NL<YYAoK3TPQyBgJ*s*5u&N|?Z$MY{r
ztJ>I$!QVg&AO)4#^R%R-wXxWt3_;M)%{4lh3J)I;va|m=RAMg}{N;%UZkTJ~n4XZT
zz4DX1Fcf;>CaUXM-&HwwpFf<yt|FP!$4%6U7n|4-Ukm2ZaiiYQrkQo%2rS5JU1MVh
z_#rIT9{B9CibU#<O4-=j)f*Wu^4Z}7`(I)e^Tov?@^Y_`^OC-X_qv7^A2)|ka$HZs
z<ok9fXz>>4Ejg#ocAxlL8f)cUB6vOiO%mjPclh{(v0JO&_r$K{R_E@KN-`!6MRSNh
zeB*%dR%uJXY`3%St*pjQ0-6@dQ`vtZmVwl%J!{yJE(sQUXW>mtSac|y(~R&L>4uiB
zPV(<+X+};nttKbwpIwbTK5_>+#Ixa;cJzfiDE;MOi!dIH&oR=eWaj{)3pxeZSa>Zm
zymADORz_xk=%VgRWQG-d^7VB_#*IS2_Q%qPNLN8`NCh|pPzf<BJ5yCwzL%}%>+5@<
zdh2z?%a*DXz8m8Z&lRia;;6z>E0tyuiX^x<6|Ik~+nvIKi1WgZss_2`v)?Lqe#+L<
z=|rt+7L{)8OXaW`KP$*n_`3jz^y%;*D{mp_8Mk^FMa%+~p$ilIYw`)F?r=tK2&kkJ
z--SM<>k#~WTP~pB{glDx7;Z!GFZ%)rlymAJ^6G19Ua1U&)<nwO?hu>R=8J?eHB}~r
zC5S1FXhB|+jQ#ZG8Jg!2)y-6sCkJr@d&-u`>tyXAM<e)!4_wi|OXpp6_UWu3TNadi
zMX($8LY^fgxnw`QjQhw{y@xp^Q`eFOY$Fp-ra{kBBIyX{qf|OIn6D$ZV#qRXOZqR-
zy8;wyd+&vz3iN@@mwBhEp4JI0!CUj;+>2SxCofJKPfkz7PW)5@uieR5-7`9qv$T4G
z$}l_}CmJXh`f?TWJ8H~xNIIJyD!!fy%TXfgpQ?6z2AXi$AJ|h2Sw6dz>!w~dF<iKe
zSTUtZUl+><jebdQmW-(+;`=~|IvbZ3a^}558~2|3mW)9X28#Z0B|un+BDl&vS{eFi
z3Rc)nBGWf@D^GpHP}F$Q?8BzPFy$Teaq9R;G*<w>m`Cnbe`4sgc;-&!N?1amBqKpl
z<iT)nsOR#8EkqEezCk3NH6*cG_5OL)-aWb)n4Gd~3^6TK1^m-NT{cFe-(G1bU>kJ8
z_Jp>1-+7;p6H-<<bwPYMV(C<yw?7&h<mMeI$TmVuZr6JXy>L`~q^QyuqNo^{@-f5t
zysB#;n|IeN+FeAS_#>wocU%8g$+(-=eo<YPkB7}YzSw0K7l@Y3<s_f2VMi`b(|r&|
z>L1s`DC;XVl!M3-Hlz@TY+yc0atICkk-5j#iwy;M0rPmHvR_SU2)qz0$hKOQ63S-Q
zo^w-~#^ch(j62DtZ->xBV%jG&U{_9PnO)<mcPp%?Ik2}KpOtQy`J2|T({$#ayZ2pq
zIXIpghvK9udQFd<>Y*Jap_`=DGHUCvU!5zvBC6p@sxW4|+mvoJSMs76(Vwzwq<>zq
z<GB{+Ih+1U1VX)8aOLf+%1?wMibD!oY%wKNvGV{j5(kb`{d8cM(_=-eW~cI#s^`_g
zzA1sWys&6t4vNiL<n#qrXGFOPQFslgsU||QA1M$;(8{0KrF?iUz&nt3B&T5NsjTp#
zR7PRXjN?||C%#*O5*!1>ys?x-@p{ftwjE)T^y>5|pYRU>4|N`6q*w~hxebN_VY=*+
zZfbDcg0k|uHqWPKGcKJbPks14-=_izzK)}0zRuUl+%pvOhki^_$$VJ{#7w+&t5Eyd
z0jrn&WrPVw;!){`ZCyV-?;`IX*-@%;9F?bCmbL;u6nqpTx|zd+UAQM2Ab3(xV)!6U
zkG0)fw?@_^{Mkn8@p8BKVzuqFV+-<5_`7y%RGloGH_)+}$8SHl=e$ia5jVs)41b8!
z848Tyy?*9gOTsr5bLQUg;mE~%bZp(D0jK2F(4?gBqQ1@n`@&c2dHzt7?qlDEMB);P
zfVFb_O;&%HeHWu1wr9gkXy(O<(<mj6zqR7HoUfu!Bwv{rE{}IjNatp3I%Ovv(}Zm4
zub2R8NJi4cB?_r{WMJ_QS*_WZ9=hjBLqUPxoOMo!6&}k}yCZkmj*~fLYjPsr++Rb)
zd~{w+P<i!Lx_T3SU2iK0wVSqHf4jQ$3V-&rsasUk$=6)2Y(a!~2fcOGvr~k_=RvrR
z`mFS))W<>tcHP~V$%UT1iEAECathM4Zfy&J5JBwf{tV!;|B@aQx=Hp*M$W7@db3z-
z>>mH!&E=G>K&{6Zo{#Q6srQ|Cu98_Br+>PSizZCOP1p}pOB(TX2Qu0fS?~!sx2@9@
zh9+?LlHavKse8MHah7H71ecBu%J&&-D$#flK`2y#1BWq(n?E$Bbt#qLt|VU8r)@Rf
zd7EAFbmGfLXH>^S0pwqW&-l5D@AsmekNs6PYqhhfTp2&zGt=lAX^-rxe|nHc1PKnN
zLXVy9*YyOQ<r`ryfJQW8kjDInZcBOTa9!`U5oI6=-UKvBWV8V^L4LhyDW4H^es<q!
z;w~o_S4``xORCL*xD7tgfCrAdU4ZSW90vcZE6Pv;T;-xHXB~j6)7QJ*)C!aqIddK@
zj2i`gAsN>QxCsF#@N_lM)l~vnzJx9KejzLPKB(qCHaB;1S-%_~Y4=9p>9@<PgV~qx
zBDP%>@z|dD4F84V%dpKUJ#uDACl~bJRo@aO@MCe84JrQuMdmAvV!HUU12{E!-?9bL
z0J>j-!-J_pp!C8@|LQ?{FH;f@T6-w|e>eq+FLC}kf+<(h*f=A3Bf2Pn0U{^}E^9X|
zM2c_7Qr0K63)%mg3xc1%C@q?AUmrgZb-*5JJ>5=`mThk)1<y_Kj}!%@SkPhDiwqmz
z8b0J07}zc&w3FKlcUu|A94avp@jM5lcL(2JQ9W+X4J4O1ptRL)eV`S<H+$?H_Xn9b
zfj;(*t~hQK+ARsBc_n*53O25F;RQlLLTv1fL(#@ETPePo-RVY)SwC#5&up}bD{}Oq
zH)x|zON#?-RJZ1ieuyk0)=NKuW;jIq{x&EF?=0~LiLPuP^useUq?rPbo&YJP1PnzH
zG<6p3K@TMz{7l(!8fgzXrH)#!E}pEHB><`E?uzZt%ZH+lC#kO=qp)9sgz*v`P@Ves
zKzAD~4qc4dip4#YW+lV%L#1Vg`0M7|-gX!0<n`e2#gUlAL{5Cwwsqk<jRg$r;5N`i
z!*3o7?yCR;KzYvc>!uz6@hZtT5*!w=2W6<Zz}fL#$x;ORu%hj|XTJmozPl~p1h&hN
zxk7WAezwPf@2Q;ur2ve3z$t&wu`1}Ng8DV$%r8Od*zo5CfZq4xb%AYqK#j_r+g3Kb
zU4Cc_Ep=W`!iw(*wrmN`NDsL+gDzh6xu)W^)qXa4h2epg<k3%}>+rprL(w9v_%o@i
zA3J2uRf#@++#}-yjV{O_{5cWO;MB7T3QWqNBs}AZFJ&GRTHw3p*v#jfa=a)T7>OIp
z&=LlyU4QwL7v^+#K*@fy4c;tqe*w7}fH85Y|Grt2EskFol&81F*6zsO14S>KOXIe}
zA#Q7~S!yLf>}!BVnO5^BtwMjP1N5l&Jr1_XtujQj&cQC^9nW5~AcRD@`6m|_*9;cl
zc+{RU21;><DS_^Dpc7^JvxboKOx>Ua8YeTl%ERb9Se~O}bC6JfxZj8_^bh369ye}a
zBOOcYe|-2bxp8*jIW0vGy{wYn&9u3*GaI$%4vt4nYbc3=4u%0N>@_w;2&W-afWb{j
z(QmC!{iktso`J6Ym?RaB72ST&<hK|~@8TBan-2QIFwyt}z{~yVuJF)8?ETuUBCY-{
zs?FVkvKLF-?A8+-XQL9ekv~^piGVNcYmqmU9R}t^6_w6`!!wJKYK#w`-`&7oITX!4
zPJMu12dllUh+RZ|eZ5|v!J$uAAQMaUb}gfw+y;LgzETfP*KmOYi#y=-4vOc4H*9rC
zo?SD|N#SwI#Z_`-!0C~@rwNU~`pPE_S_#m|F&dcY&y3$Ay~7s=0qx+tf(!NAGQ%&d
zcF=eOul|zt4E(v4F{9O_93b;Hpf{RkvC+UF1M%gJMo_4=iTHGYok2^Y({?2l>-uSX
zx4vlu&tT48ubd6UI`5vPfwD3e`d@Z*G)*qZdO(v>TJ5_xsF<ssEIb5`TXc4HdGtTC
zw(h8H+UFHu%$Zk|{kULpwq%h5dK8vx_~4k4f={&d1N_TtO+Cn{BFr(e&|ebUBwJRx
zK2=>r`({v^;Vr5efga;tV)9$LDG+d+&5Y}q@tFuf9^MKt^}@kmE8wJdlabXvC`~67
z?K8}xfgk_dn!>hmL{}eLDliJg`u6{aWrh5T)u_hpmj%T!pZ$J&zzK1W1Y(i9Lf(GU
zUM_#)#b1athd-Tjf8Y4;I30j*jrczvG}t&Nkcxi$nq7KX2s{l@me-Igm9c#JKLBn0
BrP=@h

literal 17002
zcmc(Gby$?$yY2u2A|Z-^Afcpmw}garNVljo(gR3?N(f3f3`is0Js_e2(m6DuGz>@$
zC2-d3@7w$AYoGYz?CYHK&lfYiYu5X$C+_Ed?)6qnLy`Cz^)(m_My#wPuMLA?8^T~%
z?pN`^CqI|HYGE*0K4tlbx-ZSqbA&H-$B{>_*RaX&XJ$T2oc4LhuJkdn*Dl+52Gx+M
zAAMiZcTEf#>{D82c-B@=F*BNzRNPvBIHGUN9n2Kt(jL+hM0(}(`OR(0U>8kU*{cL^
zOfGmXg|-j~A%PyEsrWv%wyag7>jJ)IQv&fH&bo{pD#qo(K7N$2V6ecy$B3~AVX#j&
zS2)4{WZkF)|MYwG2^$9cP4)loi#EJc$|rt&#Xk!TGX%^PPR$UWCHiI6C8n{N9CTxc
zHAx8xO2)=%M05`f1I}g^zK?y>L9?_~O50dj<-eG$>=?y{#cW+QB)C7avr+52oM^Dr
zmnz^{cVoTj=R-5;P3eo>X#2p+0?jNZk=>AUvCBWJ(x`QJ9N5k13M`IWXV1tu4iBYv
z?~d$HE2o4XnC^Zk&pJf4U(|V@Z_l+X|NI*1w)h#h<t@+Fpq(^6j7b_>A3NfpMI1fv
zx35kmXd6Q#=`-eZbNBDBmF)Y_R!1_Qxla#b!FqVOu_sRUSFPq-z4uNxD|%IVkW9|4
zyP<tq($bdKJDc2BnK(F9FMfwfr+5qg>WUWWl0|AdIh9jUoX+h8*bJOaJ5=<5mr?ii
z_;c*KpO!5b7TUU&DeC%pY;*Oay5r8Wi<Hg7hr#ctg;WCe(-%_iwHnn}r<#*j*tR*`
z*JwdVc%?~SUL3X0sLN)mN_Tw@A?zPiXpg)wKREjJN2=aw&fZ+Wx-Z4PLPs2>v|0aR
z>X|{$+HkHqqOFZ(*l%ZAs>IFQhElP%T_W9o_G~s_P^$u1APeuhp-=D_VY~m05q`g8
zmnQgn+>Ac`CE7WV(0<jl5xJ8~Y1V?!DNs*esdu0E?TVt^=IaWh53t=>=}UcXphvdu
z%eHzPb5HKoblc^{nNthcuIRicb?Ct^c;<8cV`@PiZS7a{2EE}o7}by$1A@2gZ?kc5
z>}RO=F}XQPxc>ZN-=&!)<>)hf;Ncl_5V7K`xM!4TwkkO|{%89I#&yU2EF;_eI!sB5
zn66U4+|+L4Nx+HKRGWWGhNQ24z2l5^=H_lj22DfRJaJ){x&NWwRGmYzU5O;Kk3q`0
z)BvAkJ4W7i=4&Kn%g*x9r|hm;kse{UB_$oNwV``0#c4_ls$y9>tWxw+ev?;jp}B^i
zPZRzMUug;b<yeSx6~|Zh4XN$o)xA^aG$+3QXU=OO@iqSSwE9!A%TrW)+OHCW3So3@
zm~vKyVby2<vH&l1th-c0gMrIbwbe>v04hy>AIW%LN^*9%VISZneD=~2@}`OooQcY(
zooYyALJ%H@<i))2PE%K{qH1)RQO&ne?Y@xO`lH9<FY+7%4ojYZZ@T1t;|~m<KF#(u
z<(Z&Xf_JamzwzN&_8UO@9yNDqAjGYr?4o0G%NO*f(C{_2tj*sJjlu(G8>9uv0;U^8
z0(26deGgE)zb0F~Ys3oL1<nO{cm~US&(ID1e8e(BZ-LQIjc75OogdL&HZ{>G3=J&i
z5A_2JG0CgVk77|h@vQx>2+ChWi}_lPh@hJr{<TNSo#`Y;e|Dn-iKaBdRt{1cycB##
z4<@&!Y9zTFD0+Owy4cy-XP;B=ZPgp>n>l()ptFbRIEkYa6cp~wh)RYnMl=|#BE07L
zx-u-pon}S%O?O5{rG<vrSl`)Im^tR0%n$qNTeZ(~q%9!&rOapCVKRFTzk~Ak-D>AE
zhqezGUix|*xE9rm7j^~EBkzW#^*(QKpWav<;$2mHF=0hqiy)C4XGuG{=D|6(3pr)>
zwBu~!FpWD)(Tropf?{LNAqg$r*mFV(PTs8jz>C$u**n<qoMRJbq!r!fl>o<N1OnYA
zoMGGMC77i*Rbk+9KDW+W<lkDq3JY37{lMy7?--%usQCHwnY-!gPf=(u(=$)oHGO=V
zy~`>6ke@dF5P$yoH6Z*^A4UVv({%+JVR($RbnjM>TZ2^FF9jEbGF;FZZ_fwjLgt03
z`47GA>^`oNXD22nr_b}A&krC%;#t)BJ;Zy=vK%z0b^<Sb$vhdvYy=l1(gusSP$eZN
zbKcIaLt-WvZwFrzm{I@;kc<;?3=OBvUW*sqdx7;?i7I2e`_&7IzB&g@7%fq_M$G8I
z_Pt@T#{*|#$Ok?h@8tz|tO5sIx^hp-7vDG(Za%g9F??9HB|NaxnTbOlMW&U}f{&_r
z;v6N>E0kAIkS2ZT)UE_vI`_O3v#BT8E>Y;Ez7q}??aZFvpZGVg;d;_GJGSYUs^xXV
zho^Qx!NeDNFu?Cvg5=ex2s`r6Xac{Cid<^*KU0fN7#;9^=<#P=GmxJw9YOffE6!6r
z$D8NOJye3O-;21gz*8L6{qd;YHT3*owPL44u0Y(*bTwz)RpS2o9)*u-pwnrgfR~C~
z_|YG6EUB9y)7eUwocoaX?`Z7ojXf7<Dt2EJEZSJ0I%~za+uX0IC%6E|H~a%jb#>xR
zI!-Q9d4BOWZTax>tu0S77PYHBS-{!x>-H&#U4>U)l_{)}PIZPa%I}*G@TL1dNZX;-
zP)EaG4iZ$&3!m<jG;pVe(jh9hmuEvh9!@i^EN^ubR@C?sbwUw!W`stS*amnFn5E4B
zJQ(sGbdW~1s}Atda^u37+Ckz~@uh?FX(CDOc49HN))4;L+~0lFc;M6eVP5<K0{wB<
zFlV-dVFNfLbk~rR_Ti&K6-k^%&!*S464Y1sL|2DBG8xGGeW$W&3Vy`~pj_-7RyjkS
zHVhvP<<r2;<1VBGWvnbMQxbRNh8GZ-&o{<Cjz>v2SWR^~ko6x$t<;42_=5vH?+U_1
z*_oI<HSbI;e{P+H3MfbVQA;88enM4m1&bqA)V%`UxY-@c=qUt)$;e+dym^~@v}G>i
zM9_V8pe`K%4f%IL%zAR-#_+GZX_)UgFjx^WmMXSa*gBn$4=NS;N)$X-dlg_Om=vQ0
z04vAuf^Y$H5x}N^!GZ?=3tzY{jpVBqeE6R49*hlp`z8oiuoCR4XS&XTSwKK1^g6v$
zgw(`yW7KT~#|<M1L#BP<*hO`01^P|CGC4H2X`=-_wpR32Lm3=)Hn!N^UtKL7-?@zo
z9T|302mM%Hyqy?t{l>%GqVR3OoV;`^$77mB`_$~)`#U!D<qbQx*U$P85(Z99%M?`n
zmf>dPd^^7W=bKL|ieXwi(3-<^p#)?sS3=lZY}0Lh85xj8VLB+(lQP0(1~Msnn&Pb-
z$680GgO&#eLvnFhS@iH$Dfv?=kp;gR0wWJ9227hl-VWhiVQ8tTT00%BlxqgHj)Jmg
zrka@#*rZQ~qw{nMHAdP4FYP6tgRHtof4NH!attf7VxjWs>x1=CMRCuq`(6wF4QiPW
zrf4pwQEe>vBs9FyM>`8Us?j|Kmy|RGpUEBX5S(*!7?dXzW(A0^HRjgV>Rz0+U(Wbl
zvS#^dYk<-m6$q-3NBeUCXT1AQ4>$YWCCd-%(*lwf=M`r}6++HZB^;5mA?#;<unl@F
zLfgAwU&Pn67bEK5KPn>JbPm|RLnUONkdT<z13<tM1jtN|BA@(`{q~OPId+f~rp^5I
zC@38HIXRz+j6BiP<209@^cNNbh1%NMONj>Nu20<S3Ouiq{9W?Rz8O>%Q|TDa8mS+=
ztlXNc>h$YcA1!R@gtwogovpwJE4vGq7hX;0n3-izv4sW|qv;$23jW!$!k$3G%+z3~
zB%apg-*eJ>hX2t;VdfFz*w;gjCnpgz4*5tUNuL9k&D!K808v+5&CSibQ5>|z@D2FQ
z3#eA4bx9w0T(<;8e!jqfIp4!2209$3jKPxN)ed}m!9btr5}v@5-fiAelHtScxtRy%
ztuL!)_VX89*M_nSyj0EsQcO5n2$Xigj{cV=!L|%MTU<OmC18h<z>`VQ%ayNn8*?0U
zZ*2VZ*(_^l-uLA;Z?#?dBYIFpr?WbkRe?DL)yErD(Y_)53UlPFxTL{grsVRMw`6W8
zGp`f3u3sseul}yVxOmR(zS74hX@qe-pIUP-T(fldz-$?<Pn4yfI8kQ^W~~3tynvQU
zo0l<Bm+p1h$z?c6ok4G{F4Ex?1zzF&5Nv5>g^T-dhSKvb&5-#(`J2aoUDe6#XnU@o
z&ts`O*1lqArlI1`$zY%`QcS#cx$JD2C(tf*7?0@o54w`b(zAcI^YoIlR*{{RwQ$<?
z{9@6G=@=ke=TKe5&hhcD=-xZdt@jpA2E0m>u!PPz9elEs0$1j{#1}YB5$8y(F&=D+
zAsNr@S*lxkko&&ZqBKA^rHZ=dB!JTS>Gyut<!ssLiD73bv4Eri5Ar~}4&@NtztW%H
zUx^~*Y1JxoTKpVR(8VGtIVY)4DWUV<_jKSSi!2%PH4PM=sdp5R)DvG-VNH>MXQmDW
ztEj6B4c6HxuRcQ_&HFmtsQ{-Ygw)KFc3*Ys6tEdc*$*Mqn=b$G;gdhfhkzTEL3r9m
zMr_~<qH8*y!@|?T)Sg9J(=*xo;Rge?JN`SqD@}5pL71^M-jq<@olTGGx_Q1LBoB38
ztH-Ihe*gfdM}}s)=C@K$>VEKAQ99;2GTzv*$zJ^CYr2{zx%-7|4;b0J?Xb+br`)V%
zw%Pv-lUhG8_hxgVOkhyxeu(zyV0FRK+XI{O&J5~Ic)0d!$Ht(;_^dx)t~`VhzXlF=
z7x7ELVWRYd*7B{gQQ=*72?-Ormp`!1To4(O_xLvhal_aPZ4vcYK`%ic`Sa5}(%0(Z
z&x!RM6W6I>^w$<{v*tIg@#O>TJeO)L;eCPfO#2fu!(BdVo3Oj{|9AUOWlE?MV1rVd
zsV};2q{M({s>!|3#Oq+~vE4|Xa^26#W{(p1#+b5kt?j+J7O!L>hY5LId>G6^wK>S6
zi`Gj?Uq2~B%>9vh;JHT=IL|q8$%}5r=$FO@>kIAeM6}|%Dk>_LLmwWFR6J=9-vE{C
z1^Cg{@4dbG9-9-}`^irNjG$gaGm?E;PS4QLmX2Q3MWz|Pe)BOcsA*guaV9!m<LBE9
zW^V6;ZfTO}j=9&Ihufg!k&?N2rU|M*{Z5n1;wx{{$B*xo8P`P=k$~PkX$)(#4rLxc
zRb$gKIMd+Fv%fkh@|2C0Rq^y-{nrF|hdzH(;8g1A!tej}KrI%Bh=_st%SGI?%1uxT
zN9r9-j=Wnu(Mx|$_E)Mf+IAIsOdi4rrFPK0TnmxS*1Auie?YyRoJV9RE_ghqqnXNk
zD+=?>Eb#nrdms4G_r=bz{^$Pws{;teVo=B{naw_pSW(mY{eCFWF<0Pqdt>NBXvuPK
za_^|7G<t%VMpP@5h>F3=%8LKxZwo433mJJ2V66H)LPJ_{_|=w)#L$wK?PgWu`WJSx
zhOVwvCJmlw<Mqj^TtVmg*;%0?hbIc!|C|ee1Vcmr1u*b`jw^1eczZW3t*m?pXNE3r
zd<fAd1iwIw9TyvWuQTkrh!sc&p7D(`f4|5DF-~k?yfT>OEb^8R;#*>Pt7~dXa7)Wf
z8m85MVncij(;Lu}k`+S*tn<2bLTl@T7UkKy0Q>|sLKYw^fApT392Gx93q4PY5_X!k
z{X7mZmeu9Oxu=II!{5KmcP|w*eSe!z7PB?=+@OmK!b{<*5}sQwtTmgz<Yl4lxGMUV
z)S^^6$CJ2Bwl*3S|9+;hYP9ahL2Mv?$$kS0MVZ+li7SU14~Y$YRxNV=wYbYt_l=rw
ziJ=^3`|PoQ|LAq^;9&A_u41}Neq=a{IP`0_S|K4J{MLQ9$;tutWJpX*^o)Na2mJ<d
zL1Uxg$jFFVqj96lQ|&h#3V%QS3F;-k=awN^ImoxH$=qhu=}e`-8z6wuveRZ#j>H(R
zkC!BG%{GmejgDJLcx*6n8P~=Dex^4~$YH}2I75!t>49BOcQ@~%J$P}q-Jc3A%Ci5f
zz-_)bKkFUJmdnq}lgA^bW;#DTEO7@h7_I@%^c}tQ{F{<g0h{k3gp^w>1U&25Ny!)3
zCJjz#DU|trgi;|1jp$voX86aykIaI|vjX{p#T0~?`T#=0Mnw6VGHoTisyb8Bw|Q`;
z*6vrqQbfcxyYXT@#3rz-<pH(0)%ROu<t&<+FEUw6@<<FTkeD<ol!qV`t)*UUf{xR*
z10W_oc!G+Z3}8ySi;(M2d4WXMRA$Fd-~0O$Da~JIPgeohllr7`WUN$D$D^!<R?<gz
zqRd1Q1njMA%PPa^of!n^j~_p-gbKE(Ke&YqJ!59WNg^SZIvmq^XcleO;+Y8iw8c@}
zYuj{H9C%dbJgunB01a8Wpk-oG(zJS<_6RPg`q%4H#~)IEINcF-`9MU)FaQ1fcgx>D
zI`}O<1&O18Zw|rDN^l7&Qd|-<Go7}-IdjHwTX?JuJxmj{(=HQ*8*E3>N~r9w^!Foz
zo7?ovAPev!YFcfF8OX}v`Iwv>h8AUQa8e+YspmmHQg0lQ#6#pqQIkQ=^m}}7xmUeW
zMOiuac~{ib`1`++a%>HZ>C`ChwiIqQXG;paHHZiP5r^1-Q8DUo+%!MF2StPU3?MJ=
zlw;5{HU=W%P}pd(LREUv{!93cYTqNLmgdKQJ-ejd0mV&LDrn)j&^A}@^tbW&QM@(R
zf+99(R-i40enMsp9K6MfiCyC~z{+NGYkvbkmxNZFDfiKP{zd!4jd4#Q&`<zxbOBWb
z3X~FZ4*kjT##hjX3;?h@*S8J3Bq9)w2A!as!eI6uKfe$t1DLS5@%p+HZ@L)c1L&=b
zhCxTk46w$V5`g!zT*$GYPp@u5fdY7s{}3p5ul)UH9YFWE)Kt6A<E2J5OMtZWBzyBW
zB|QY?$LjMN0v6N$6h1kqeGz#`{Oo2WbUF^8t=cUF0J_v&$a~L{th_)2!49%`O?oy3
zpSpOn--V8*q?PCR#FGJ#<d&ywvV<C5V#9)tf0~6pj0`QUu^F81Ck;-)D+QEVT92#w
zX)8b!<59ryp$*`CMNI96k$A2i&!{W6+b;vCgkPjIA$3^4ty5Dwx1AI~J&dOgNZ>&j
z&|EkL<|-Uf)k-LnHh~2{f0h-HFOt+pnYzE9g^#N5&AJcn65_z_YOJN{H)nnDGIRmB
zg2iQV<EtQa(8u}vCDwzPXpG_V%F495OCnSg1Z8n?aX~tM`gwe^>UlrQz;8`85CFJs
z$3G)SvgPpYhI2y1CR)6lA!cy=Cg8)9X(c=x_sgsYGVCT=U$ujcpJLDs`a$DXhlsig
z_=qon%4JC~*xiYP(3*VJ<mUadB%UV&6C!*!M}zWv1w}V)M6pz}8tg{D%@Dz0Us9ZW
zb0b6TD<Sul^u<i7|Hw_j<3x9i5V$wD0^%DK>t4_sE)Ofx*QEo?-X2bz8in#BwRAx1
zEpqZH^&d6B8gX$qy)RBymy=AKVnNDIv!c%QUZD!80y~Z;z9XE1&=WN6PZx=Hbly-_
z!vUURdz(5BF3CZxPhB|ym>7|VM3Ap4@r!E<KK*=!tXx}1r=RrRh5<0g{KuiH=ZgC;
z0ommC>%9mRsa60w=&OQe8z0eH9zQ8$x}Jv_8PRSb*m$UhqaRHt*%x=#-1Z2d#{RTB
zr@a#~z>)vt_Hva1I@9dc)1EkHYa=|tci>GCljZHRAdRMlJo0#phs=!uJ|7fV%P2=l
zG;WcPpyFJc`wfgNsI>k$Ct4DdG7I3@O3FOlbeV}r2{R1VNDati0h2k~#*s4Tz5RVO
zi!F?g*l@t*2hQ~e7MKUxAPw`ic;di<nn7C?IhAMB2?fCHSL86XE_KAbWVVCT6r54j
z?Dv=n4anh%fcQ+!?)#^7FaW&rp=}+W4pF`PWwpO@s;ftwLh%ydSPrOiGwZ7(cQR>=
zjEwdG&YKK-|4-TI|5@}Jk2o&i{8RzpLmB@OhuC?Uf)4w>6uxTb1*sN-pE54jc4MP(
zqygmK-XqF7n_cbuzFpO7br5>TiMOFJ^qL`0`=9F8(~T0$Q#s$FYlMXTzi{wLQnLG$
z0B$Ve@gW}3%3rhxWyNi8Nf|6C4;CCowPA#yb}O&3aT0E0ujIYoFVasJQso9s2W*Oh
z4u5xER|P%YQuAhcyzh3C;@;lgtoU4zv2<>6QBjP3nepHKmahNK($I7by>htiH@85!
z%OM(atn~Vwr<D&v+(Sib_pPR`1O;I>w*DCg-CvJIo#f``mIvr|C$k#s{@Jcm$|k$f
zf*a#lFj7@<SO0+wF&4x1HyGf5GwP&auXMtrSu`^4LtH~&adk862tbEcKRyK)7;sF;
z;&Sqs#gsYD)Nk*D+SPPPJ!H;~u8YVUC?H!${ZqPB5WUq_y|ecoA}(?w!=@eYUyy^+
zmA`UJTM<L+o2^nh=IMm~+I(@kIkyUGm=Km0?Sq$Epoq~xFuJPpc^65IZBb|mm4LO9
zkx}a071z?0TXCOcaZ4q(8#{@J?Hi5T{F)w|AB;L7Fr~y){9pdy(g99@=r-@&98d=T
z<Vk$6w6Ov1Aob_BoWRDbFE=w}<K&Bi@)tMCTekU4jvpNVcx}ChloQFFc>nRxNfGIw
zg=&k)18}@OL(1P6ntPBCY>db$sdcb@QOs407T!<ZdfK72hz|?;rdF7fm!F^Nl0Wku
z0VX+4uddu2&C7Mrw(A}t_}MV$nGRvfcugrb=l1jZxm&QHM-IQfz2|@S<?7$8Z{t)X
z`z+G#)5u{?Mmy8x#m*%+V6TKCbLRZ^`=Owvrbl)LbiBf4F$8}kF*UizBKAel!vCcA
zNfMh*K}wgn@*lvC@a?C<>BwNP_o)LonY>S55g0%~f!l*A8l;;<4udp*EIlw;GLkf-
zq(?~kH-qdL^zHf1Jkt8w`%n&ac=$4fo9%57iXa!tG`RJC{~p)Zr{+a~XC^u}6+zq+
z0s>t|Qb|+O>vduhIPWR-7<o{2wwS48$-y3R5VdW<iR>5I85ujBLYd@7uwZu|!5LZx
zBru^Ia~F?RE$%fzDeHHtlVeT5xet|?Ti(p`d@o>Dg=S%<xF>2j6CZU7m%dUyNdN^{
zDUyP#uL^XVy`a=X37RPkRFKpM-qqkCUxJ&()LG!Y0C}9&!YtS$v0olae1`=j<XU4e
zJe-8bujrNNHzD<#=lTJZMO)i4f#fk=@5ljqF`;NgQ2t*O=ZFWBkp)0HrNy?WygM^K
zzH^W8y(vhc7>o6b*Qd$gzdU0%0#u`=PK%&}dy|W*16@zc+0~69i-3T(IimMkAb%<=
zzkP7|XWy-tt3jzZiEFta-6_r{)B90GM8sAB*m;6n7)euP=tkv-ZN?&<XE5?n$d=W^
z#AyH-Z)iNr5_Y7f#lH#x`Ma`bM?1+?&%4qr664~YQIL*@$Yb3BtwfM9)TmN$o33Gu
z`!mEw)m}gBY=mnpb>EEDp`Q}kg|LSVF#yVpc6N3whVSVljiG6v$V16y_(Mw{p4i1?
zvcB#W27K#juAey2f}{}a1A|PbigB>?5`Y_?0%J9w4})En6L4Ldc|m1J(!d5ZTCR61
z=vA6_zun3A-e0kP!UD$LiQA%o`+-tWcdS5O^&}IF*~?{MOw-3Lt!u9_`4R?BhfdNb
zMF@f`P`7OTx)&U88mKHXt;1aN*8OSA7-KHO%1@@9q|(A|H?Hb`%(^x8JM5ER>C0Q7
z^g29QpTH95(>h`p)0_1eehfg--OM#aP&04+JXKK#yQHL<)am^w8!Zv-WkvZ%4Fp$8
z86(lt$57dRsB%Q-w^h}()ONNl&;@rcaGGm2;=%$&^y}BJ)*BI{4u^oAQ&La}nIm%j
z@tPj*^Y~dbFd}OKRxcHa-;ZGYJkZ_IfL=PX)Eqf&PXLoSAJIdJyqNsqG>`$hL2qww
zPk}FQ|77$oZainmmEzWJUMPPr{Wp5P<U)?hZv_a%x))RYHL?;vb@RJx1Dp6io;P?}
z`9bKEnixS@ntNZPB2mLc3_xD64eQl4na1zO8QmfLEy7Y?nJk0=hcST-ijjE0pGLI|
z(cvp4Hy9r&X=p?>?OxkO&$7iH+`-0j&@3>!)BY?Ce!%k^U^`}z;RVbp@UPP)*kt)n
zlyX4}43XA7`+Ch?eZ&Q<$<#AA*pPltWBCt1X}R^h1L{iyI4TJ42`RK5c!TFlXaOpt
zAfcDyOifJ%m7wwiw@+F8OzdqH&$sVh+%Pn(b$M-eX8{BhgaK>RI-$W}<I!6()}?-t
zg@iCVpKhmXupnpn7?Xs=4B|_<SKX%2)wfpja>4T@TZQPfV@hyFUUqAw*%(7J_kJO_
zQFW0X_d!X@u@V3#o<PkQ=nRB9RJ=&18eJKY`ULl#HSU_eKVgln2~Nzssqz;Q9X>?W
zjC_^#2uK`t5OQBp6L|INOYY2qS|cNArQ1Ti0~zGyF+;Uo-wE_IDxk)=4<n+amVSBr
zssY(fD^2~tOx@di1y~N#wRYCbUcPVflI#F^kX>4;2HH4NE(>T1>lAv$ZKbh0r9L>w
z!#3C~T@+Ya(9|xO3kD0Asd^q}gy}Lusa%eEln-P|I*2G>8=cDEHSG`lQm)JiyaCGo
zCnyDf4t92avJJ<7(26q1ZF#;&+v69B?sXoppi@0#V|D<&J$*|lI1TSEFE6i%cD{OB
zW}$AO9Qv3`K?7aqK&A@vBQ%xVrY;@CoddO&d9K-mP>g7*Jur|;9A1==kkI|%;p@C7
z?ExO;IIywn#G2v_?99wxuawl*3Qo0%bX0sUaud5VxJJ8%G(L|rOMMAd_APINLq7aX
z2*q6PhWK1Zhm7PiCTK)#fxZpuZL12sa0XKNI?;8;tuOiHf|aeke85qhzw163^>qA6
zpmC2t<0wrVV2gBN$65bEFz(F*sTbP9m#Fe5`J0C8h+yhc0Et=u1`U%au`V^}%It<z
z@H*I-l;2!4>`xPNr*|-LA1zSd1dV?<v6;7-frXb(8QjX#ESt7RG3<(vsrnAHbrCPs
zl|oW_a!Sfx&A?NglPw!*hwb~VATce!Wz8%~MqdMv09dByWIq^JsFqd5w_wBAM#ATy
zsMMq(3ZlIXjNt8`N=rG924s*rE&$d(MBndutlu}uz-XeI)`RXH@wzgOvKe-0d;%E<
zpk_v>Xg8G%PDN_5wgm#UN`3k%x9+En>AI4sW1W9+3e;=|1;W$9xa)p!A}igNRlFkb
z;^MixJ|GR6AIR|oD@mPxVU@a9sA-V(v0%_)18YyUC`icVhYU0{G7^9GAKLE?4Y`C+
zwjCe+fed3N9y6t}Es;s#%1^d`SMfPs4EsCGkP8ui{J1mG^KfI=kdVBxcBTo0jCG^-
z4$;_Q*@iJbtSB9H&fUkmztk(KL8&!z&{C9)nS~Q(D4StpsWyC57KWgVxL^@dx?$d@
zr1r(sNZ(hVl~kKPSD4JN0<wu@E|V3FXD9;nK%A&jK=a!gP{zlMM7%VF|E9S&IjUT1
zafH;RZ~ze^9x93tiDqz-QtfL72PKMhm8+A0-dqMb{Pm$ntX3gPh4T8ig8Xo!r8MnT
zgMGSchd4#3Q?Z7`2L=)agRA}N2I$+cyC>`Q!t3knAnQckX+{(K;tNZK+`&F0j(TxV
zySleroeunVb3lUA=k<Jt)HP3GfMFhrJezO`9(BmSBeeOg&o;w){>~cm`$@i8yeUXg
zZNEc!y0b10SlRC1cR_Xd>>!Vpz|biNl=GN3V0vJ;P3J{HGzUU??#lb_%s!b$mG*~A
zvurKGO#oz}=aD9KzFT~w@gDs`sP01Pb2~7QXzScwg~cq@hS>wC49X{9S^JG&*|u^g
zL|XcBlU900)jPz4#*_l~!F5<nPrSkYU~QPiFh4)P2M|bG*0ygZF1Sg{3(g~%`U74I
zLA-|FV{L5)FeZTemQipSTW(WdQ8|jtGxZg-@K;+pR%sCy16?r$=FR<f71oEcU)S0W
zf2P@-YiW1^=nYVylysW|z~nZ6)5xxpTEeq*YoUF?DfH3Sc^3}Sfd0==xw1Jh9cbng
z0jk@l&#Lk02hx)~0EYm?lwlZ2Pln@q7NP+CKT|qHA{xa>@}^|iQT}`MWL*zO0agh>
zd`?G|WR(Zr{x2{@uyES*u$t}BVqbjw%8@`dNHzn0t$Z)1dx-}Rd*YkO*7Onu$nuhg
zO-)VK$#7yrz<Y_zb^n8;V(x<0?=Qz@2oan5rG`&0E=eZqFN8?Tzb$aPRedg3cLMtr
zU)()e%}O?LYWn&D;|Iz_)sz5?>Hc|_8z_SWder4mW6~8(-;j>=ZHkQH<0Z{i!!sMO
zWu5{k`A@>p>~j(>AdI(H`ouXKeGctwf&@ti!la4cl!#s0qXhqYsp0%r**djUeg)9A
zp{-?v6w(zQ36fDwnJ!r}nu*>8C1QOfe+25O4O!*pU;cVO((3KL&vOqZ<2Q;ci&&Jg
zY130sU`$tfUBbV42Nb!)%dT>}2f+J$4%Y6)vuX<8@dsdRx->SYVc)(R8}^0OtW!(G
z5`!_dGpe&soV#^(Z#WNlUW@tCta3~JZa4t?Z_(n9+Fcf9Yle!rhd;zK5g5Wq1L5l-
zhnuJt!q5$25y0>BBlWi!!<9@$8RJ}4?^-z0JE4TRf!P36@bvNA?~}jq=UX&A4=5Ei
z02ot`05IHd7Odes9>=UYxq|oD<kJ4GsXEdxwW8JXU(f!l6Tb_1mK8$)Py6Or0ryjQ
zPo*;fkZG27lh`>P;+jnPdKT>+&wIC~zX8ld2qSHWA8UqT2|-|i<oX8hJr^Mge~}^I
zy5sh(v~O<#Hhtd*@n0Mqy<kv7fEKT!Z8TP_!I3mzD^t**uXVV?3h<raO`p+Nuggyd
z2k@F(I9inADEseoz?_He4Gwp}xDO_X-F%~F-g2qb20~U7wXb;UFBwV8`JIt8Kbv?y
z1MWG9$#bQTs%HGX08NntS#{vuKiZEu<0e2*V$`b~?udXzm_DLs8dUA=iwX4E*x0IF
ze?4NU>NMcUy#A)d=x9a=u=6r;Z0ziDpxbOj>I3p59%4$Uv{=8IC_FMJyRXpX$pyHm
z7$$fjk(td<>K7?Mbf2u{MsHaM@mL26fVcMhV21N|Gcn1@tN=u9Ghv`%36KXue}mC%
zuU`03D9;|TWqcpnQ03m9Tg^fV*s_GJsDury%B4!y(l1Qr(=;a2j1V8#_ofykjht)N
zgJ$Kg#(|=bSwsXyga6E~(;?VJ=%l<i@H)?QoeLl}?{?gxp!i;EH#%z$k+|J}YeriK
z?R+PReCI@V)le~MvhFv4pfayS120-jO`Ap#Uorur1(JZubS%D_<FjCwy5AC>#4kYp
zR)T?UL?l?{bs}CVG{|TSI(75=ns|;^K`y3VUO^6a_A`a#e4X@z0F9{sDO}9;=bJgA
zaJD&T7yD?Lo$=`oPcB(IU93&8VZeOE+kefDSNKm{KOk&^42Q^3BF^(KSSlPUM|!qq
z>K&iol%W0+^*Goi(Y2;K#I1!QTd+6?%pI7cAMAzuPp<t>$8(>YPfkww0TJJTQb~R~
zw0t`#)TLaW>3lResLtz^S)>cK-Y1`v<>cjYgC}*@?@Y_(d#&6@2u=gq4-EG{@ig-m
zag!DkhJch7B6pqcfvpJ6hTZ@n*n~%x+3Pg0ga6FObd~yT*^U;xpR$(K)74c1Dp!bq
zl3q&^ZmxST@YbxM)%BtsM=&8?LjI93CDpLn(w9dq6hgoxB_I{^2VVH?OLHM{3jaG7
zBi@z$FD~ZOxLcB`%Zia*s+fDhElSE6^<X@{qZtqmR)dp5Me4cN49&%ZYyX{jX?Wnk
zlZY`^(6$+UdjN>MT&?>F)V;G!?sHoC3Sqd1^g*5y*YdN!|7<t{#Qq2-r_{KXtw@S0
z(!BG0#1^!?|9Sj}*dGE83k-8t8|X?3j%KN@9V7u$P4@@mxvyt*zZt~$si<#tKr!5W
z&u%g2+C{q(=tNx(XITH=3<b5~0nYsnVR4qec^PN~G8ze{4BX(;74C;$h=~mx0?4i!
z#J9Pei0NQesDQVmF5hn6<hGlt&WBi<@fERBvle|w(*pP@5ijD6X@l4?tRVHmyKCP!
zn`Me>%HAi9jp?2M=B%HeNalff6VhH8j|+cwhKuy$BXSTRNpP`bK;lCZ<U7TJ7GRmd
zS>~5uzI4Vc^O|jnIZnic>4+=#dLRSH<_v6Q#h(+CIwQ9X?rDRND8iwg9wkSyf)2s)
zs#ezKE-2cQJXjm*3b9H7QQZT>3?%`~)jt++Is*Wtysn-7J-mS7E77E>5QubnW#61y
zMF2}%<$}bsRFchIC|K||UJt~w&$CnqHg^|@C{$<NOdU31LhE#7_n7cYvGT8)FmMF0
zR4?-|gsnto%u=oOr|ph^!iYBdfZc=-0l88?4f`A=nCu;2ob9BW(ZRRLNjYqyB5BOn
ztIz3!$H!MCIr*zbmn#pde*9ia;B!<cIJ{-_=Ly4RSh$~{^3oR;3|Z-Q=+!zvuCM}n
z3I3;_-`L9q0X!}s(z<5$D(DG!#tpV<Ke4Oo6jQ&amn{yEy;$o{xbgEhUv<Ves5Sm_
z`*A7~n|NtpIkTV;<#$&*pifF-gAAkx&gO((z|8jV5e&2i8N<(uL2pnsB3}Nz$|^X!
zMeKSwjTwWRZE*KQdqn9=smf<Q-?%zDdQ7x0jUdh<Uo-s0X&}Q{A?}LOdiAw%X|T&i
zSp(MzTxp~UDladu8_Y%e89JNwC`do<=QD(C%44D^jm{)u6Qc3MSX$n-KC;xNjK%d=
z&_~`*!T0dX@17#VOx*y&EEshiNb5BUkF2e&>+Z?Sk+}d~+HIR=4yVYdXPcv!wv}sd
zv4){$o07`+xy#Evin#}3n{A)y0@E-3P7Z6Z$@)TwvIL=ZXy;6HJ9YH+_3N|}!DNDh
zLds(!;rync8~Im;lM;E)_cx3rm6p!C<XODRyqjJpIPf$ysah_2VRPj2Tm)FG<Dh#+
z#PpS%z`MPFMY011=G{a`>y=qvSD^;Q4a{fHm~AcLO*m#fewReC{eic7E_Ob-;o6}g
z<G*WBwj5}W;0)xhbYAH2X2?H7*Wj;JW@}g~?g5pZk~nn%=<ThObSGQ9Dgc>b3_3A`
zvIhH!Qln}xAQQ-@eczk<=hGYan%NE>`IVy^sgq(uEtX-dh3_ujbdS+7L|*7vp6@6~
zrQLUX_G`IP*E);#DyWf4?BwL+aR`JNmztQ>pX1$XK<U*SV8`|Dk~3_Y6O@wWb7vBB
zdR00{bbmuBNF8@1E|Xlai9Yb|J&rO+k~o%Tm<fGLW7Ow{-v~|d2vk?K*Aaou%>7{A
z{+gv&0uq_HZQVBLvD6Kax7=L5D>yrPCRp$9;<A@CrWv7j8POegk=%(I>b>`3W0|);
zWSQg#fCxcvK9uBbQV5D46sodK`d*4DBpap(+Qqd5i~~Is6`q>Qs%GS^^7iW44vScY
z1@hEsbta(Odg&Iy?ZvyR5sMogvGhmVvMXGM2W8~RCo2iSdAKTwcEL#ha>FWFaOr>>
zj0Ue=(`i=k2eZ3=(-NS`S9$z6_UshQbZY$HW8CiXWlVF#i6~n3N-)r0=vrbf%aJ1N
zpbC{)2x_HTjLR;4B8pW3l@SLVkgW?)O;iV71_)4@8E77DAFgsu3qb5tH%O8Y3-zM;
z-Ir%c5{6vW9O{;bs*vq+x{H!J7JJxorRWT|f1G#mw6CBTTDl@`mEI8Zs@`ZVl)A>5
ztyNvJaeF8Rc<4r=hAc{N*dwqV8tS5Lw(jOD?3|9Cg6Vb-pz@7=3k2($4<K2+!f8^d
z47V+&q7|&?8RI<tf!illWf8n!tnvE+j&CI*VY_CKgb5FrIc2y>6X5RT*;!MgTHD7%
zp*<R4=9vfzMw)_@hv7~i6~(m(*1~=4_)m^Dgz`~blv7d<cn9q+7{LqJQqW{(@HfBj
z9@`FHCOIf?N0P~36RDiVio1?Q2*$qXk7TSG-GKMC0wW+$&lBwLFiR*<V#XY8A?g1_
z(X;UbQGKdO-AN;Qm7UhJA7ROtf82g(Jdl9gi-cjH?xxYMd#vNmTN?BG+5uw$ICs4P
z^(?Qznps#_*y5mKr<KO{{88QbFd`>@NXXXi$4Hr-U{KXlx6V<$Z-f(g`ZNoP?9~BE
zcdxGNbJw)p<FATWnl5}L7jFjqHMw&lj{fZnzhB?o@S7MYIkvp6P}2jG!~mkR|92*a
z9}<|)ek|;K=^4I9L5n?BW(&XB+?KR_V<Vd6*Sa=d7{wLY(NL7U{>6e!bUcB&*F@X0
zYEj%s@kSNNj^ml4g`rj$KGqx57b(y`-sj>HI@?+I<eMhTcTioY^_v#Rm(=upc})+#
zoe;`1_bXa?ZFuxvO<5qBSoN23g8LG;CZiO>P=bPXJdXi(p<^Ugk8i$`#8xTy*pc~{
zd$30yT=pamD_CORZQ<q=g6^2JnLdl`1KcDP6uj!nh2_EOkJDW^S~%DgF>l}}*k+0<
zucJx&Au^29`Gb2FKR^GgSK386ok7hP3FR?>G-m{~mJr#{;dVP9nnq0$!A!heNVe$y
zHKN{ic~@fIuzAWU%+bbvO7%A3n}QxQg>Un>X(H@7eo1lgFFVCfEwtWDGru|Yr%;A>
z^oVobM~suULF#r;irq7M80lqggA(O<UvIBKhayf4-aTS@>UUd}w~B3tMn2_tsN$sH
z@ex~6_r*Q)|M<PRV!G^X%8qv=A6qcbc1nPo)EIt(g(Ms}xNk-x7<tJ-8dGaIPkmpg
z41G&^*oqK-UTAcLKmUBZLS7i@%`E6onzHldi|bt}p{nbED{dx#7fNe(seCy$pAG5i
z{4sDLcQY~-)_0qg8MH}TIdXpDV<HX{oB{_8Kv*Skt4QvZxM0fGo`K#WcK-=V=Ju4d
zB&pg#lrZrlhrl~mxqvd-#im>R^<zh`ZUvJAKOb|+_O|G@g`6E+iXr$kr$0kwRi%?w
z>DeZh(hK!1959026tnv<{5}+MqA{(L7i<GG64jPHH_0*tui8~szt(Qd@!DE1UJ+k6
zWzE`rPz2^5DQ}mX*?l+>63hTH1drExJnSjbHDABctPOV-Ewow7?FokEDNv@4k>)9c
zHD}yi>XUT)ejKHTRG9CX3?N4byAABL7GiYQZH6;B&iw{>XEWaw@8n3DpPtv^m$FQ2
zh};=Sw?e^`;9!F?)gzMYaPnQ-bq7HvyXd%3CSrc-1VN_tp|nsY+RV|IytAKH*4Amn
zVQ8&ek55!1h%WnesV*9B3A`y>RQ0WZXKSGQNBW}%Gs~8XX>rkPyLfcy6Ia<+N&Y&;
zve8Mi4Zv4)$z@nP%C1T8pXr9ge3UGHrR?b2^EKyPZRiU8oMrC7K)O(4a>AnaV!U`K
zKfW8`t#ax<B&Gw?qJ(zHKjN*zc$vn+IIoeswe<q()6|qk2xk6nvoa%;3DK2zPnp#X
zANRxk$bqmC_jU2dK2HAh{+Ag?B0a@oGnV`KXO=V7ud8jwU8fR^85l25N(rvymP<2A
zjB@J}iug37j+T&()d+mBCuS_P^hdHUiGDTWt-cp|wBL7ZKfXHdzml<2{nJKoL1!mp
z|AM9!tJ2a-PxPStO1bZt|L@nI{^Zj#7DwU8_(Kj~{%x1m%B}pt^lr`&JY3cH9lW{@
zbKA}pdl(3j)bEbukhKU^+5#<86ag=_rQlGCd0u;T;$npj-gh$k?%xjFJ-?&%zW;73
zu{!3du{`Fn#{K^3gx~K|+{W@Q4b{92f-U#dDS<C~Rb?9IjQKo}KB3Q<HgR`BibdxF
z{l*e=Kk@Ao?quaBVvIUI2Hi_^l$Nvo$xOeJR7B*DC9}E)bK;AT!HSgc4?+c<*Z4YC
zSA$LdAW(xR)_T9iV)V%U;5SrRk9o7M$~+(YA{BHTC$ap7^W>aQ%tP=ryUb9utxPS-
zv5Y-TIPrT*%eB6*o?kp{EZ4KH_nhu_SsqTx6>$1J&*FS()!uhLXP$a8LZZVWS!2fE
z-k{2V;ZR7xZLEFa7)f-wQNEFnT6XJ-{oy9}mgrK~?r?8+|KVb`@rk9;_%CbfTG`r<
zT{#YvQ%KeL?b3N`pPh}xmCh{vosMc>Pq;=xgV*ZX$VO+NaZaWH`R9{S07h^zF(rTl
z!G`IQoxy%~#YxkYH2<jQNTkxFjVq<6ckRt<3(ic?vU;)Or+ohNZ47h%^Qw2PZJd@=
zyFGg!c(tB4HC3MO5Bf^E<0L0c=q+05rW0=O#-hxNCscFY!&)CcQXSwa4x{1{A6p_8
zY#AxWr{+2l>&Pz1Y25HKPUqSQ@ADNUwSd9imb~?c?J^<_0uG0U+C=Zmk9koI4_vdN
z-N)&4((pgRiSsmweTO{DV<T%fV$wOyi1`?OtEaC^BbEQMN84yGQpRX^^P0}Y#iH!t
zZ@2tOtZ#iSQ{*(y22j;|K?CE%$^*@rF&ayFpb<)&#3z-eXnk4BK5Odr$ohdtrSbKN
zoCVs%t?Vw@q;bZ*{@>4vsvRD>);*PSW}7r~3Vdg5)$XeH$V=>AJiP?Fjp`J*as<QH
z&oDVj{>6WEl54#UM$k$`0MY%2>!%Sx+}cwgbyy*F4t!^Ru5_LlXwyirIIz#pj*`J0
zNFb(pOGGWG1a1}BhyV$b%Z*9~h&sp55O?_z1YaNdY7aiu3JD?)7IvKO4j~L)#)tn}
z0P+VTFo=NxEf>R3sgb~uD_}{0(r!$L5d1YQSRY7W;(;P3y=(e)zNGOY5xtZtpyVF@
z)zdL|M1a;;_EUrmm|rgcUhG`ig~YmG_O1^e4`RPkdX?yZ5Vi)*T>%nZg-;Qm!0nQJ
zK)FLypu1vrc_dKGfL8)f{(ruF`|qZgM+06OlO1k~22$){zzoTw2PAfCuPZFso1^mH
z241G`?VB2OMjusdifx>pYCUt+xI4W21UIP242^qe|711!+r<StMb<rv)hjn?FZE#W
z!_BXT0huo#69on}5#r2{zQ+^@nnxO(pRjRpdCX`4y=0n*GdKO^an~|*hl10jzE3ht
zXAHD`d0sp7Bh4NTb_;DtAeU%b{oR&z-t4m4;LS6CdR*2pA2;LF(%<R{$lA;#J<pwa
zt|!NzDVM-4+hj-y-F0{fh_t<rn*Qu-hnT^Fq9P@_fa9ljGxcTA9hZp6$dWqZBQbkl
zGbXe~hUmS8<8LBMV5$`ZWZgV#Hb1T&NjjV%-e`}mRs{+JHLKg@`B8d3fbzwj18El;
zQ>$2UMr)TNFeYZ?Cm_I5)5v^amkHf0h9It(FQ$}$j;HN7XGZ_^>w4tN-5hY4#t4uQ
zYZKl)MdDi`fOK+?N=Ue62Yji{bN*<*t-N60cWUux(`sgXbv1vgxJR*=;(eds%U|@D
z_kl|$&p5ZwNtRb!P7MaIfQjG3iU#S;Pr*3Qa3^uJP&1wPa5U?p)_BGxE4Ln{FtXhx
zeNjcgz|71H$uvJ?1vAbbm7=|Fs;FmmT}(Xy0?@sN_VfNXZ2nu4HtK<eTl=sc&VxWZ
zSX`X>4?wohtv1ZMMVdCcbUbJSw|n7hLmg$lV9?!%>o=UEz!LK^q(y0y$y0*p<-(we
z!RQH+K{6{DFXGiJ?6XQc=cB%t^uB}s(Df6?I<M85tn*S6n});8!g`dLy}cJ8=9{tt
z7ux(EW{uw1_Vo!l{g<WND=-ma_j)e;gw7GwgE&kzLznqjN-93VC8eeCtOhW0qH$LN
z!_ZlAq|3rzp%{q}P)`q(?VD?Ph^qRU2y(8+r26w6wPiK@wdd-7b(TbV(+c&dfOXBx
z%xZn0Fg0mHX74t7Z%-=vz(c5Rv`a%t49H)HR^e~XGV9JYWIwL&PfFj}Ih)R^C}`Kg
zcn4WhoVE+XlzZA5?KPDhRaw`x27%;y`P&_5c(nJRJD3oC=cs69fJ8WQazbW(=vDTy
z6J(BL*6Bf^w4-cjztfY^raFAZu-=4B)m1sMt@`=ZSa9B+(50;z0S_RJs>~9YJ$kp|
z^|J{4c*StL$iNvSNHX^S=Vacsqh%PMJ^2BN{=luScwJrHZg8#rx&YtwaK0)fbc<zO
z*_9<v;$Rmdc%CErN|Bo4mIq7mniDU9IUr+<!==uee(iSAi^O-<)YQCQvG5*;J0b9e
zfKFRrP-T_raA#qmtY*e1OYyWhZCVm2RQAC2^Hed7>FwwAXDKGDl8TKxRQ)?&9)qBG
zlDl66-GARd$@Ire*&qIMVgeWSIPb&#gGZZ$q0tSXl^->G?QjEz)_oI*$d*)}oW@a+
zjQq~M*S!mFxEmPP*@JttmK%^JFOv|-i-P~h-OBBhZ-T+;ddRRjP1sypf%_)H?YiVa
z3{~5oiH0_-Oo@Lt<+Q}XVMX9vUzHDZJ9*BBWJm0?|DbIEYgC$4^f@)c54xK^b0BVi
ze}4jX;PqYVdQ9K(3<=CtC2aa)FS)&2r2Ry_<(f<eXt8B7hMyue1NP#rUo{RCPS@B(
n&t3WZ#sB$Lf&c2I#k0$9^&5U!gK|I-34<vsXvmk#TD<yiMWZ6u


From d25595c38b179c0397d26e306187ceaa4ced8632 Mon Sep 17 00:00:00 2001
From: lauralorenz <lauralorenz@google.com>
Date: Wed, 2 Oct 2024 19:51:49 +0000
Subject: [PATCH 31/36] Add latest-milestone and alpha milestone back in

Signed-off-by: lauralorenz <lauralorenz@google.com>
---
 keps/sig-node/4603-tune-crashloopbackoff/kep.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml b/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
index a3a4e638f3a4..1262c24b0346 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
+++ b/keps/sig-node/4603-tune-crashloopbackoff/kep.yaml
@@ -25,11 +25,11 @@ stage: alpha
 # The most recent milestone for which work toward delivery of this KEP has been
 # done. This can be the current (upcoming) milestone, if it is being actively
 # worked on.
-# latest-milestone: "v1.32"
+latest-milestone: "v1.32"
 
 # The milestone at which this feature was, or is targeted to be, at each stage.
 milestone:
-  # alpha: "v1.32"
+  alpha: "v1.32"
   # beta: "v1.34"
   # stable: "v1.37"
 
@@ -43,7 +43,6 @@ feature-gates:
     components:
       - kubelet
 disable-supported: true
-
 # The following PRR answers are required at beta release
 # metrics:
 #   - my_feature_metric

From 58df245ff5d22f4911300ebf48d04fa35eeadbff Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Fri, 4 Oct 2024 10:08:41 -0700
Subject: [PATCH 32/36] More accurately represent the motivation for
 KubeletConfiguration

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 23 ++++++++++++++-----
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 56cfa401432e..ac3182aeadde 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -718,17 +718,28 @@ based config and 2) configuration following the API specification of the
 `kubelet.config.k8s.io/v1beta1 KubeletConfiguration` Kind, which is passed to
 kubelet as a config file or, beta as of Kubernetes 1.30, a config directory
 ([ref](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)).
+
 Since this is a per-node configuration that likely will be set on a subset of
 nodes, or potentially even differently per node, it's important that it can be
-manipulated per node. By default `KubeletConfiguration` is intended to be shared
+manipulated per node. Expected use cases of this type of heterogeneity in
+configuration include
+
+* Dedicated node pool for workloads that are expected to rapidly restart
+* Config aligned with node labels/pod affinity labels for workloads that are
+  expected to rapidly restart
+* Machine size adjusted config
+
+By default `KubeletConfiguration` is intended to be shared
 between nodes, but the beta feature for drop-in configuration files in a
 colocated config directory cirumvent this. In addition, `KubeletConfiguration`
 drops fields unrecognized by the current kubelet's schema, making it a good
 choice to circumvent compatibility issues with n-3 kubelets. While there is an
 argument that this could be better manipulated with a command-line flag, so
-lifecycle tooling that configures nodes can expose it more transparently, the
-advantages to backwards compatibility outweigh this consideration for the alpha
-period and will be revisted before beta.
+lifecycle tooling that configures nodes can expose it more transparently, that
+was an acceptable design change given the introduction of `KubeletConfiguration`
+in the first place. In any case, the advantages to backwards and forward
+compatibility by far outweigh this consideration for the alpha period and can be
+revisted before beta.
 
 ### Refactor of recovery threshold
 
@@ -1500,7 +1511,7 @@ which is a new field in the `KubeletConfiguration` Kind. Based on manual tests
 by the author, adding an unknown field to `KubeletConfiguration` is safe and the
 unknown config field is dropped before addition to the
 `kube-system/kubelet-config` object which is its final destination (for example,
-in the case of n-3 kubelets facing a configuration introduced by this KEP). This
+in the case of n-3 kubelets facing a configuration introduced by this KEP). Ultimately this is supported by the configuratinon of a given Kind's `fieldValidation` strategy in API machinery ([ref](https://github.com/kubernetes/kubernetes/blob/release-1.31/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go#L584)) which, in 1.31+, is set to "warn" by default and is only valid for API objects and it turns out is not explicitly set as `strict` for `KuberntesConfiguration` object so they ultimately bypass this ([ref](https://github.com/kubernetes/kubectl/issues/1663#issuecomment-2392453716)). This
 is not currently tested as far as I can tell in the tests for
 `KubeletConfiguration` (in either the most likely location, in
 [validation_test](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/apis/config/validation/validation_test.go),
@@ -1508,7 +1519,7 @@ nor other tests in the [config
 package](https://github.com/kubernetes/kubernetes/tree/005f184ab631e52195ed6d129969ff3914d51c98/pkg/kubelet/apis/config))
 and discussions with other contributors indicate that while little in core
 kubernetes does strict parsing, it's not well tested. At minimum as part of this
-implementation a test covering this for `KubeletConfgiuration` objects will be
+implementation a test covering this for `KubeletConfiguration` objects will be
 included in the `config.validation_test` package.
 
 ### Rollout, Upgrade and Rollback Planning

From 1a5f314ad4994a229bd7cf98e1ce9403928397fb Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Fri, 4 Oct 2024 10:17:21 -0700
Subject: [PATCH 33/36] Explicitly add proposed fields for KubeletConfiguration

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md       | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index ac3182aeadde..f318b1a53897 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -404,6 +404,15 @@ CrashLoopBackOffBehavior of today vs the proposed minimum for per node
 configuration](./restarts-vs-elapsed-minimum-per-node.png "Per node minimum backoff
 curve allowed")
 
+While the complete information is saved for [Design Details](#per-node-config),
+its expedient to see the exact config proposed here:
+
+```
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+crashloopbackoff: 
+  max: 4
+```
 
 ### Refactor and flat rate to 10 minutes for the backoff counter reset threshold
 
@@ -741,6 +750,15 @@ in the first place. In any case, the advantages to backwards and forward
 compatibility by far outweigh this consideration for the alpha period and can be
 revisted before beta.
 
+The proposed configuration explicitly looks like this:
+
+```
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+crashloopbackoff: 
+  max: 4
+```
+
 ### Refactor of recovery threshold
 
 A simple change

From 4b3835f05820df671f098c951179a698b526f746 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Fri, 4 Oct 2024 10:18:15 -0700
Subject: [PATCH 34/36] Revisit 300s validation for per node config in beta

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 keps/sig-node/4603-tune-crashloopbackoff/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index f318b1a53897..734690936837 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -1176,6 +1176,7 @@ feature gates set as per the [Conflict Resolution](#conflict-resolution) policy
 
 - Gather feedback from developers and surveys
 - High confidence in the specific numbers/decay rate
+  - Including revisiting 300s maximum for node specific config
 - Benchmark restart load methodology and analysis published and discussed with
   SIG-Node
 - Discuss PLEG polling loops and its effect on specific decay rates

From 1515af5705d87b3f240ae7eb88c7496f0f68bf49 Mon Sep 17 00:00:00 2001
From: Laura Lorenz <lauralorenz@google.com>
Date: Fri, 4 Oct 2024 10:41:39 -0700
Subject: [PATCH 35/36] Add unresolved comments, and annotated unresolved with
 target stage

Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---
 .../4603-tune-crashloopbackoff/README.md      | 38 ++++++++++---------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index 734690936837..b59641b0fc0d 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -528,6 +528,10 @@ of ~5 QPS when deploying 110 mass crashing pods for our tests, even with
 instantly crashing pods and intantaneously restarting CrashLoopBackOff behavior,
 `/pods` API requests quickly normalized to ~2 QPS. In the same tests, runtime
 CPU usage increased by x10 and the API server CPU usage increased by 2x.
+<<[UNRESOLVED non blocking]If you were testing this on a small cluster without a lot of
+additional load, the 2x increase in apiserver cpu usage is probably not a
+particularly useful metric. Might be worth mentioning the raw numbers here
+instead.>> <<[/UNRESOLVED]>>
 
 For both of these changes, by passing these changes through the existing
 SIG-scalability tests, while pursuing manual and more detailed periodic
@@ -587,8 +591,8 @@ excess restarts every 5 minutes after that; each crashing pod would be
 contributing an excess of ~1550 pod state transition API requests, and fully
 saturated node with a full 110 crashing pods would be adding 170,500 new pod
 transition API requests every five minutes, which is an an excess of ~568
-requests/10s. <<[!UNRESOLVED kubernetes default for the kubelet client rate
-limit and how this changes by machine size]>> <<[UNRESOLVED]>>
+requests/10s. <<[!UNRESOLVED non blocking: kubernetes default for the kubelet
+client rate limit and how this changes by machine size]>> <<[UNRESOLVED]>>
 
 
 ## Design Details 
@@ -866,7 +870,7 @@ behaviors common to all pod restarts"](code-diagram-for-restarts.png "Kubelet
 and Container Runtime restart code paths")
 
 ```
- <<[UNRESOLVED answer these question from original PR]>> 
+ <<[UNRESOLVED non blocking answer these question from original PR or make new bugs]>> 
  >Does this [old container cleanup using containerd] include cleaning up the image filesystem? There might be room for some optimization here, if we can reuse the RO layers.
  to answer question: looks like it is per runtime. need to check about leasees. also part of the value of this is to restart the sandbox.
 ```
@@ -1089,11 +1093,9 @@ extending the production code to implement this enhancement.
 -->
 
 
-- <<[UNRESOLVED whats up with this]>>
-  `kubelet/kuberuntime/kuberuntime_manager_test`: **could not find a successful
+- `kubelet/kuberuntime/kuberuntime_manager_test`: **could not find a successful
   coverage run on
   [prow](https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/ci-kubernetes-coverage-unit/1800947623675301888)**
-  <<[/UNRESOLVED]>>
 
 ##### Integration tests
 
@@ -1165,6 +1167,8 @@ feature gates set as per the [Conflict Resolution](#conflict-resolution) policy
 - Test proving `KubeletConfiguration` objects will silently drop unrecognized
   fields in the `config.validation_test` package
   ([ref](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/apis/config/validation/validation_test.go)).
+    - <<[UNRESOLVED non blocking]>>Is this also the expected behavior when the feature gate
+      is disabled?<<[/UNRESOLVED]>>
 - Test coverage of proper requeue behavior; see
   https://github.com/kubernetes/kubernetes/issues/123602
 - Actually fix https://github.com/kubernetes/kubernetes/issues/123602 if this
@@ -1559,7 +1563,7 @@ rollout. Similarly, consider large clusters and how enablement/disablement
 will rollout across nodes.
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ###### What specific metrics should inform a rollback?
 
@@ -1598,7 +1602,7 @@ Longer term, we may want to require automated upgrade/rollback tests, but we
 are missing a bunch of machinery and tooling and can't do that now.
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
 
@@ -1606,7 +1610,7 @@ are missing a bunch of machinery and tooling and can't do that now.
 Even if applying deprecation policies, they may still surprise some users.
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ### Monitoring Requirements
 
@@ -1625,7 +1629,7 @@ checking if there are objects with field X set) may be a last resort. Avoid
 logs or events for this purpose.
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ###### How can someone using this feature know that it is working for their instance?
 
@@ -1638,7 +1642,7 @@ and operation of this feature.
 Recall that end users cannot usually observe component logs or access metrics.
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release.
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release.
 - [ ] Events
   - Event Reason: 
 - [ ] API .status
@@ -1666,7 +1670,7 @@ These goals will help you determine what you need to measure (SLIs) in the next
 question.
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
 
@@ -1674,7 +1678,7 @@ question.
 Pick one more of these and delete the rest.
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release.
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release.
 
 - [ ] Metrics
   - Metric name:
@@ -1692,7 +1696,7 @@ Describe the metrics themselves and the reasons why they weren't added (e.g., co
 implementation difficulties, etc.).
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ### Dependencies
 
@@ -1717,7 +1721,7 @@ and creating new ones, as well as about cluster-level services (e.g. DNS):
       - Impact of its degraded performance or high-error rates on the feature:
 -->
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ### Scalability
 
@@ -1855,7 +1859,7 @@ details). For now, we leave it here.
 
 ###### How does this feature react if the API server and/or etcd is unavailable?
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ###### What are other known failure modes?
 
@@ -1874,7 +1878,7 @@ For each of them, fill in the following information by copying the below templat
 
 ###### What steps should be taken if SLOs are not being met to determine the problem?
 
-<<[UNRESOLVED]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
+<<[UNRESOLVED beta]>> Fill out when targeting beta to a release. <<[/UNRESOLVED]>>
 
 ## Implementation History
 

From 220604e3694c8ba8ec582dfd88950ecefc75ccd4 Mon Sep 17 00:00:00 2001
From: lauralorenz <lauralorenz@google.com>
Date: Fri, 4 Oct 2024 23:38:14 -0400
Subject: [PATCH 36/36] crashloopbackoff.max -> crashloopbackoff.maxSeconds

---
 keps/sig-node/4603-tune-crashloopbackoff/README.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/keps/sig-node/4603-tune-crashloopbackoff/README.md b/keps/sig-node/4603-tune-crashloopbackoff/README.md
index b59641b0fc0d..557642b805ed 100644
--- a/keps/sig-node/4603-tune-crashloopbackoff/README.md
+++ b/keps/sig-node/4603-tune-crashloopbackoff/README.md
@@ -411,7 +411,7 @@ its expedient to see the exact config proposed here:
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 crashloopbackoff: 
-  max: 4
+  maxSeconds: 4
 ```
 
 ### Refactor and flat rate to 10 minutes for the backoff counter reset threshold
@@ -760,7 +760,7 @@ The proposed configuration explicitly looks like this:
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 crashloopbackoff: 
-  max: 4
+  maxSeconds: 4
 ```
 
 ### Refactor of recovery threshold
@@ -1146,7 +1146,7 @@ heterogenity between "Succeeded" terminating pods, and crashing pods whose
 
 #### Alpha
 
-- New `int32 crashloopbackoff.max` field in `KubeletConfiguration` API, validated
+- New `int32 crashloopbackoff.maxSeconds` field in `KubeletConfiguration` API, validated
   to a minimum of 1 and a maximum of 300, used when
   `EnableKubeletCrashLoopBackoffMax` feature flag enabled, to customize
   CrashLoopBackOff per node
@@ -1300,12 +1300,12 @@ To make use of this enhancement, on cluster upgrade, the
 `EnableKubeletCrashLoopBackoffMax` feature gate must first be turned on for the
 cluster. Then, if any nodes need to use a different backoff curve, their kubelet
 must be completely redeployed either in the same upgrade or after that upgrade
-with the `crashloopbackoff.max` `KubeletConfiguration` set.
+with the `crashloopbackoff.maxSeconds` `KubeletConfiguration` set.
 
 To stop use of this enhancement, there are two options. 
 
 On a per-node basis, nodes can be completely redeployed with
-`crashloopbackoff.max` `KubeletConfiguration` unset. Since kubelet does
+`crashloopbackoff.maxSeconds` `KubeletConfiguration` unset. Since kubelet does
 not cache the backoff object, on kubelet restart they will start from the
 beginning of their backoff curve (either the original one with initial value
 10s, or the new baseline with initial value 1s, depending on whether they've
@@ -1343,9 +1343,9 @@ lower than 300s, it will be honored. In other words, operator-invoked
 configuration will have precedence over the default, even if it is slower, as
 long as it is valid.
 
-If `crashloopbackoff.max` `KubeletConfiguration` exists but
+If `crashloopbackoff.maxSeconds` `KubeletConfiguration` exists but
 `EnableKubeletCrashLoopBackoffMax` is off, kubelet will log a warning but will
-not honor the `crashloopbackoff.max` `KubeletConfiguration`. In other words,
+not honor the `crashloopbackoff.maxSeconds` `KubeletConfiguration`. In other words,
 operator-invoked per node configuration will not be honored if the overall
 feature gate is turned off.