From 1b8f5eb531ddf85aa0b7c5937ab1124253433d4d Mon Sep 17 00:00:00 2001 From: redoomed1 <161974310+redoomed1@users.noreply.github.com> Date: Sun, 4 Aug 2024 09:21:04 +0000 Subject: [PATCH] update: Linux Overview security updates (#2690) - Remove Wayland section - Add Permission Controls section Signed-off-by: Daniel Gray Signed-off-by: Jonah Aragon --- .../img/linux/screenshot_permission.png | Bin 0 -> 55610 bytes docs/desktop.md | 12 ++++----- docs/os/linux-overview.md | 24 ++++++++++++------ 3 files changed, 22 insertions(+), 14 deletions(-) create mode 100644 docs/assets/img/linux/screenshot_permission.png diff --git a/docs/assets/img/linux/screenshot_permission.png b/docs/assets/img/linux/screenshot_permission.png new file mode 100644 index 0000000000000000000000000000000000000000..af16377548d1563a4d71205375d9cce28dc60793 GIT binary patch literal 55610 zcmcG$2UJtrw=NE%U;)9dR69zMLzk`x0Tl!ry-J5r6bvnfz_FlIr6Wy2dPwL<4HiUd zkP>>L0tN_4s0k2A{wv5i_r807|M%{_<2}Z3sATW8*P45lZ+>&mytrwo$G2N>HwOm? z-?gh(ZgX((AUQa=Ja=+~-<&piI>5m(#Ch$?<+}mHvtz5hhx*gC?z5hDymNQopB;Ct zzwh0zuv>S^(BqB!|F|+5clDs6?t^QQjK;8hyGTL4quJYUeaJs2K@pVptrC%z(qwLP_jAg$@@G}he^D_-eSFDf5 ztjfI)zAHCI*0M#t4Yo;3LyGtEy8piFO|OfcOQ(gy{`u<0WodboL(I%oRynfV>#XAM z3!0wEqa8*jr6eu%Xv3v2D{t^-6lGRL#1)l~{pXg5Zz8`s zL(Gpcw3y>shmBQ{c>4(HHNHZJnLuPZ%5G~J1?=39PYgbkGU3sp`-Od?`Y`$t6Mj*3 zv&&l-xW4)dW$Y;)C)|}lMxUS9C=L`QWlL^-$WeSq(mqC5r3@SCKh^!Ve`m47Z~#I- zq;6{Kg2~;*r{XD+712`f`|d$)3t&(BWsOIhw_eL&S%v-+`XLLwvsN`FL4EnR5;=H& z-bgKIBKt}&R52Ar> z@1aPG;~)0kAS$0hGS>z$nvkWbZyKUk*6F3IReQEh(5>=zImvuJJa;?ply0QJ-w%EG z=Iaw!>UZ@=D|7Zq+$=o3ae(MNd_my%qc6dP)C2A>(#!Dy<54a&T8?(uUg*88ZK+;y z{M<0vLRk5tEb19xr{Od4RTLwYxHG1*&HCW)YeJ;eoV7@eaud&<^{09_2BH}zdy2Mv zfvS9ksG|Gb81n_h#sEU`Yz32uU=qt=scj;VxVo(kaHP9+zq#CC80>Y`PQ&r*OHqv7 zV9C7;TRXTE7BTxi&p_qlZ0*OH8%jftw~WMuduye4?A_Y_^JD!QPVI#CU&=({USt@* znAiFHTlcQ@wX}^%`aJC?Flp7WG;6T^tK!02+g^@5Dx1~Py(R<>mz}~z!fSebZwfV3 z+PatYLaHV&QpMTUWp|M>5RIsdDZhwn--|6#ztOY3z=?No-H>4|$V9mBMZzp>)s*%*i{^9yKt$x@-5FVP|s$8Dcv!JiDbn91G7qYVta2a+`w6JC#WDF`cNt zmp-h~S;nNYm{g`V33xHjxvVpGud(}>7YjmPSFW!Ii&*wKz zI#ABT@Q!geoN0n)EoFo;mfh#)`wY)*9W3PvZd3yi&1xKIs?CFb=HU~ZaNM%dm#yDF zJcigFUT-fLhzMG1F+9C>PvDY*ThMrvvQ5QhyNw1a-1{-&qQ~GL;`@Go9%2Rd)OdMs z!|Jb8?~Cn06JK8?a&6hpn|mjHDH+-=c%0C7+!*Uy{;lk^OIypv>dNeCv@zRAr#^Bq zry~UJl&7n2eN^Q!SN5Gn^JXbwup31@{GziHTRL?!>1#$E@tdVbX)~*{OjOBZFo@+~ z@LTd*&%9)P5=Id<)6?BBwi|~!-2b?> zd)IhQF79^>6LhM+o=L+u5H4{H8Q^rMpZxvEo3C`xsW-rfx9FY4AVmFe{9iu-x~4Fc zpU3KH-Fi1~UIo2209QjlhVdTz`5&&15ma>l)TD~rl#gj?v}r@V2*{2~2O(Br0{rVviU!&|rW9Wt+I+VcG&iBrlYezAWq+{z0P z-_k`6dF0lv1t@ z-0}CK|D|pH4=*}ia`MK;{7>cnUpnCbiduRPm-Xh`?8w^DziVTAtQMK|F!0+mPOMVZ^J>Q&5w(JY@T5UPsR1 zOQa)+b*NiBcT6~zPH=Q5y6SU)bE?*;_J+V*K2hBEUAkb~SpSO}K&c_d0+X&Y6cIF$ zl;l_w;BeKiIKu(=D~XvgYsa-;;yUW*yt&&$r$S z6G>z?EbesG&o2Z1>~tNa7BY;ozW-rI>u8N{T#Fb&-IJauZJCI)sFYY;U&Qv3i|~QO zbjSIh&8_lS^|+2qEv*z)sC#W^KW)UDYV}u>pzD*j+F@tK;7hkqh7+|ol(nT<`Vlj2 zMbd?I*-Q85KJXCNGLCLn>>e_YKlJ7>X0_9MhC-;gt)?y%aKYV3`x)=G;N>FQGxRZk z+cKZYwrBBlGsVfO5ik8N^~Day>M=jx3{KBoIo0hK>Q3in1i23fH?WutJ~#d&(iZV) zFiOpIxP6!GPGo3W@O*@=g2(+|@plaOnLV!6591RU^=X%`X~$Q%^;#9}%|dc)gTQyb z_Fi9^Z|yg=9V@xK+NjQ2Uu<0^W_mY?b|>DHklmxYmMqh-bo(vYuH#GN{1>4(&#Iv> zfjps#FZ=)6u}2VhPHU-KdmH4Y|8xoGUuI|Jyoc(*eysm(c^3dQr+o-)b?7Bs<{dP8 ztZSSG+V7{Y;0I-B67u?b31NLK%wQ8o@ffCa;Pw<#JTgeBM8i>9RZ^KiQTs?Ju8j% zZANGIOQyZw3oOcAfB{vgJ)ya=)Vl-shH|n5)#{7YAX@A~CL97L0Qyay-T&HfPdU`EWbH~lPh+p+$AYXR2aVW4YiBCwJA*E$N2MiEbtdZ{YM|P zodPGu&%Pgzek%21e`XE2YGgO^@>q^G_fD^x$;8n~ui*+el=0J#Z^YKW^FZO~vcGB{ zH(7}N_4DIQjW01VYwx3_Z+flWZ?&zD%&8Yje?v$=eK7u|vflF%wSn&F1Ws--?>A)b zl76Oy8=AED*zsfqx7(BkzLv;i;}+2FH&6dw(Ec+`)2V<9q$cH%ZLa!Dw)##$&!xS^ zTso598UWRvx;DGR{4SR;?D0E6Yo~KN2)-Y79C>dja?$lI@(ty92`=nSso&te zu!+a~n&)naTm<@IedLm57Ry4SH_ymBkn!GQNX}_L5T}0~xyte_-+d`*VgAl-kg3^P zeIl>Gl}swRnt)nW%Lx3H;s_us>JHCdi*u6sYCDn3CtQ)hN{bXGSsQeM5jVhgwH(9y zHwJDGAy^yw-wY|`Sk1OGK%`LXpy`~a%1y)!7^+E7wVu*r&b7T16V%Z|C6%+7bc}d4 zJ_r)zfx1QfcZ)}A&<3;bP9kWtL#RD(*uqQ?*cAjEh_tu3O#R%SlVICTwKj;2<&Q$& z#WNq>w&N4A@t^MC{A)1pBDbV%z>lXBWB!C2F1;5lD$do+6c)v5&_{bKW&e?lUHgL6 z13~f}6~SUm^xZMK5v{)P)$!-&7p*ohazdA`+Qduk*z6chRTXOeVr&t*QPsS}?s6@^ zYrPq+*G1%h6X({(a=_b1(S-=WA1$4kK7S|obeLFhfL!qUiX($uZKNA5oRUbe_8(Im z^2Th$w#JEz%e!f^O(7Ei8+Jg8v#?qa z9MZ8PS+=GT28_Nnlt(n#AXP~^@aGHhp5mwW-w8^hAyrpcmB^ntNFaU5nxEm4J@-|y zQe@kW8Pis<|75k23@t>X&#rBdH~RIh2{|X=>+>yfYGA`vr7zU9NW3OcwH4YNPfxmluC)sI}yF1xgFP?0zJaD z{b&UTRBvpb8AQ-4bne<3GeZu(uCjM<4UHL8INqJ?T%=jUm`%mh(mA_GRbMn696 zk_o>axM2ZZPglS62gp??Kx}tg7$Go~8eB9NzMg8`BUAsfeuFmBnwJ^;ItW-{?=js6 zH@q5_aT8_j7xaTy+ijIRsNa%n4)U++i9qiL3D2K}&dwjDQ&#Z&nk&c0Aeu}nz!$w` z0_~5jfg!bC6Hkwi6jJVbqjR9bmr=Xer6x|yLdQ35<04kZ zVB|{E-e@<#4NPa`0o(Snz-1eLF8y5ETobLjujT0SN!p)qa^*m5izrMgMcLaXh~j|w z0epqlm|A~GW}`#hcAS%kjA{Y@KKQfuGS-2U32wI1UGToBi-d2sFc5ZoA^V`NU1=(< z^DSbTvn8MQ=3Jzm;|fIe3VGMRjTvw(UFbJ9wN4m?Q5)O>EgFKL7GDm_*rX*EzfTMk z@iSXvs1_TT*6f`@D59lbFk9b-iN3Z15Xy}(xjbNNMBf)Z9t@JHI1FLOKsmT(upL{KZ!B_Ag4JexL_)F3Y0T* zjWk!^O>@_s-Gxz?E+?ffgMDnF%$Hzqjz1Gz6YtV zYplWV9vZZn>%snny64 z2AZJtNAEr>LFL!pSuT?NzUd_RDjVA_8{C zn5%4PAirpw!_UgNA3xr9TfLjL(xP?Ptojzi0=xRce8(6|vrR9pC@5H;Hy)^vA)gun zpxXx&rE?LsthE6V5woNQk3GnCf{j8Q|GrGI^5#Wm*UE@`dBMrM;Y{NWFG!zC4C&b0 zAplTb+jKc7-NTPZzx;#Nbir4{%SlWIA~FahHo#z%I<(~eaLPFHu6%omv1G54`fvFy zSDlekyR_&q=6W*(>`=p`D5V&fXVeoxXfoCGlX}nueYjyrS0f zW_q}}(!BD%*p}GfC<&^p@A>FY^VKeP8cuETqvdk$huY<7OJnl{t(EVOQ=Gd8BonWs zDtTITa`|i{`BbBq(=yNP0ic0oico{EE!En@nwv^}pl?tS7}TN&{j)B94@3Um$0yNz z$fBE7Y8oY|KVjcyHLrBsFBT8^TD$G~0Fq{wQjqT(JYelVNhzN+#s95L) z^Sj$LZ8B8<2wa#zGijd>7d@`M6o zBpg^p9UB9MT0##ow7?h=h`kB7K!W=`+Wd)`xppii^8mk1px^|hoPP&SgX()gB*__y zw;xIma45%VBrj+_X~x@|x4Efv{Mxu-E=u_+J%!8^^A7zY^mfKe7Ak?i8C6pK&09Py zdF*ALQO~s&+sY=@8C`t!>+-!T^eT0jM)~WRL;9ora#JTuF8DJnsH-pDoV00rt>*7_ zg3B?G&Qkl8>>yWdz5G07x6=@&IwcgE(B_xNgEMxOc|8>Nd?SpsE8s%SL~I8}{Nrb& zg(tu5*Qo$ry=DSOD$f*gBChRiDZ)Ck2E8^7r()ZyQ`q#7^2UBQ-1+nTY{sTh}ae z4bz89j=ij;4ZU8Dg^c<}tcjo-Xch}ZEtbkgw0b+*v?eAgZ|`T`uE%>-&y9suWsHX( zQ5`NeNZJTk#)Oj)m04Q-Nyp@!E0zbXk1^2X1&{82-C~Q%LNcQp;Q8IvAnteYxy_d1 zzJ8aZW$ZWeK8K%)<|#Ds8-|$ER*~ghZOcREwC{!ft$F8&l^OJ-H@~i}>Ipx1QfnE? z$!h$J+}C1DZc=p?J}4W}pqykI9Efh&ukWJdkb6~QpfHY$R9Jy_Y9u~MKA-4>{+5-b zJ9}*(tRzvT1Z6)&S!$}?P1Y%26EL-fLn(y0A7Nss>Vw|W3n;m}=m38Fv~qWi23Z=8{!d5Gk-@nB?t7D@>S{5dLi+W$7b34Hvy0+f5gGZXQMH%L!rEF znjqP|p+T^Q#nFEOV%IA$#dU%iLEdj>S^$@3Xb_{6@%e%Lqbk0?DkhGWbDJ6OMHX57 z?I9vHugt1hW2K55Vl1_{w@0q5@u$~>!-UFp|Wy`iBlS9X=#H<=01zMAxI~0=G?qH<{q=|CM zxu(`oV{|6{vDo@?|5GB~?{*@2W*)cJ|8_E)$nTZk>B>5jr0hB393(E zvJ*p*nXGkUik33>vHmgIPUQIHV+;BYQs1}?#IC{a!(X`>q~!Cxgb0Z+(ID6M_A9o; z(mUYAS8l#|v!4}-4l%~Y7P4Qjs@r?}T??wc9dd1K-R5 z^zSjf8cnc-e7_sRwfEv1CycCfWHY<~f96yBU<*V??LGjkRX0*lJ@Ye&Ljx>{@tUY^ z|IzmkJXbw#O!AuQ2s^XM@Qm}*ym;eFk15r<0;HAKU6wvBEAC$qJ{q*`h!B9 z*;^)`eQYZ0KM1xPDnrn()%Eu|r@YFdB(i>Ba1BMO%PZ|i%|NXFaYGBsueE+3)1nB9 z6OI6&NXs0UKN;OrTT6xvQB~OR8Pg&v6IuCl&>5RCCJQ`VdsS2II$7r%{P|Q}pZtoj zeyOtx!PM%3&iR?I6RmNnxA6`m$tKJ$v-2cCGIc>`oyg;rSt3&;bCkPN?e&%-ma!G9 z2uW1hHs$xI>f9YxrAP*!J?xW9Mqn;#{KdT9&~}g}u)G0@)2;|ZV>H4X4!dMLQ~f9x zy37g}sP;&wnVqde=lI&cIfoT>Do^}#g_fH)ja~q#YQ3l$=KV!kTT;{DS9*8 z04Fy$RM28u1q@lYe&uHbI5IntxzTcjzq$Crfd;;MKYKgtW?JPeJpa%~Kt&4IA!47Fkv8z)gC~ zgwJZv0-4n$ZHtjcxDVO5T9@ig%=8!e@}M8EUMzr&njsD{f*>DIMEQjmJWsLhJVz}> zKh$VXP`Zx1p5P>uBS)WqJ+}ArMn$!+X{DTX<#<0!0>v`M`7+oJe6n081sMOF$4mcp zWV;w^<+rq;)_y}yDMEb#YIR?oT4kH$8p1ohrf z&iP<`s_mL|yBu_8K1sSHdV?rf>EXnC@k)9$X&+0O$ujHwp6-ty`c7!!fJwI;DZdvK z6ngs4&;S^Voxqc9q}s*WYxGzFAoZQ*cr@z-oo_zk68tK+ZcwZw?{XKrkpQG{AGw3p z8Y&Zs8JgbKTI)afElo@cM;j9ZZ_0d*xCqKvDpE6+8QDf!s6L{ze8N6v9Jp;2`urE~uAq#?u30NUY_1`@dtJULPI=z1 z$Ar>@lG;(m>fSnm?oe2%>$j}e2;US&K&Mw+X28!ERp)z+)qY1{CynaLs;9;zL_z_} zV%g=f>m5>xxh<(M0GOg`8wricsJT__bRL~7UFY6kXca|EFtr()4_!VLqaIt=dw}1q zLE1=!-`|(mRb13tXWtyIN%*NTlb`JarvQLFFqiXX(JE#Ep9yGNl$)PPz4`%fM{JskJe<^sNjQNkHkB3F_n3da zq#k5;ee2bva7;vZ)^n%Rb&O8$;5d@n$t!Nn$bO6V>j@(Ry1X+wH}`QZ%ice5&lLGt zU~&fVYx*t{eTzfif|Y7BGJLyK5=fTSg_OH&m|Qeqqfp3y3tQGC`&fds`XXn*;mm9G z$@iFk$jJ#QpJO!L=S)MqUDm5CF{}1UNnbH^{+r_JH!~ocfm_B;OW-bpq@oYz^is1j{m`mT%>b{rG8?)2BdCHZudg%y2u2_m%(3S0MX__|K+epdt zNA5j*;_$#Ti=sQH1n8-WZf*V>w!5Rrr9rS)?||nFhu&lrr7fSMoPc`4v^FMU zW8hs8wJ{ZUHuXnBOXzdQN_{zg{ORcwc0dvRvuUzD>4>VDWTJ`%Aaw2|>bd1LsgigJ zNDygXET#V-RJRsB_HncEMMdn2{#gMTw!*+40h4=elQTBtgI{?o3=> zbTIETNr>6W>0tgd;Br|;!^OoJ(&Y0p`uxl;q=TPR$8qn^5AFg^r4(=~06n;WS#%ve zu<)qm=@FYj*}oO!CH;|3%ByR@Wlde4P4AsK)3i3yex}{VpM21axa*X*RWEY#JI>O( zb0cKTHeWFP3o;Y-E5*fY&b)NHg)|}+T960AS1n~S@hACf5aGG0zn%h65tM%hbsAEz zW~j-O+kp$DpH%}Km_FmrAyggZ^#w-2uv=aZy(!?aI`_lz%jz`6sLPf8MW!yy&Ig&Z z6HT=u!voH|$+}}-7ezL9SS4BcT)XFq1^SwL0e$4HevylGMHZz(d+4y4DY_v)kAI(h zyZskO{Kj?0NK2KnY>^sve?}?#K_X`fNbe-o6W$s`9g{zsz9GoSS0)XeK(#21c-(2# zw85*+f%22G$F&gvs|z>1(VA^%fM^sVm8cdpqTDFLuq~d#n5+&R_fB~&=M-)Lc#TU& zY@YFUn9T{={TV=LtjztW!J2yWujxqT2(=q8(}(77rY!psJ5#Ga5c|sR+VOsNN`E23 z-v%7pSP%gU5U%rDqL7jAAow-=#Lf6k}?`OJsq6qVCq<|GEcLY^B^?i)vld})7 zk#;Aj9Kpph@ekeY#x9T{^4tcC9R|CN)aS2cW(u`8Dml<>kOKSl#iNCkQKz<%{ASd4 zBa8ZNCK|*xR6c@tO$Hl|^EA^vH-zQ10c59r&02mA5*^f8Q|ui>l{41(k`(A7 z;3KJnO|{mW>fwdipgrYHewMtWufrVn04)eQ`7D8*_4yw(Gc9WP3e##+gD8yxTn|mh zCJ$NTn7+k~#i~Cm_J9I}kE&&H1}SMWXHsHmzD>Z)6c|e7KZY^|>Q^IkO|@fdw#7lT zqM7o`2FWVKG+((9Q2LtO4{}LC#f!Zj`)qKv754!%Dl4yuB?1bty{7F?d}xRO|J@BZ z6Ogs?2nvXG8)znTsn-ZS?QMTth6&%E6UftW)-WwO@Woqa86Fhn7vhibp^Jfy;)!to z^+`S?oq%9jfw%jvDr+N3c|Ol5GlLCdr3+Hih0Ut<8N-pBy@TTDe9qqYNzGEZ&WVf_ zvKqPK&ImV-jAI`@uOZ)sg%9FRC8gYhcVFg7D5DBvB-;~Jiw}O#+b#|ehv#5K1v|Gs z!w7KNi7Yb7EwbR*OraIW0~Nes1XH^)FW@3H7|@U9oZz@?r6BXU{>0`4-h%Y5NtG(q z#^#CXkz@7xbA4s}2E_~`v?Lx+U1RKwhXguQK-{Rv@>(sxQ=;+jx@spDDhF(eC{-mC zXZRm&jF2N-&C!_pP$<3u&#nwEtqIZd2K~zumdikN^>ec=(zFw_hsHT4ZJ6~aITuzr zfbGEbLZQ&%hjsLQ%M6-1-(vd{Xo5yLCZ|W} zJgwFigwXRdPV7k6(^%CW;x?etwpM1QVQ+FBY4XhrpaGhQnqmpc0tOoOPC8HGd>_f? zr{`%Bt(|LK&8eAA6`(ZVr`Q_=ssZ^{Vrbq_Xg|pLNpCjEz(Tfev)rL}V_jHocC^x# zdS#r`Eh!xEJyhg?85OYQHP~KIpGm7x7k==0Uri(ATb7O@q6KjDX{(D4S}7LvY&;0G z1B^zqa8;5`pE*`rIJI_UxHfh9!#N|B*+y*5xQwk`!+;HJ@foRVc$Q7F{~+I%AEr7F zr2EaP{Z1ycGBmG9d9HmC^6oRvT$I{S_nRHOO-mUcuKZ-C-C@!W+nc3sTo7ZL*i;Lk zT_GFV0jk4z(*-A-C_$~2e*ow;70{=e(-#N%5i8pI(T{-~ux$4le&$!%YYmuR%XZwn zb0B{4VEP==$sQEIYmye)%dS}AurWjL(2Z;E7#4+{k=fA)B$G06;+O54<5ghMcBEW52? z$KU6_Xje&%`)hH+`y9p7d{LX8ZkAbN4j}QRJ!)t^O9Fi1Jbhy@!%F!OT zI(#DWnpfETGoXwL12s`+eiq?cB=zmAL8{xYn!ia66atN2#(Oo`{P@@krQw=IsmKC^)q{sm+26la-Y6P0_4XNg+5)5m031jpZskmCw#IzOkz!VVp$mqMYm*I&2?&spE9O`O zgmUvdR)cPJMjI`_ICf;7V;@6AdHnL3cDg!k(4huGq+X(DbyCwz!oSpx=biF@L?rYrg(`0CKyR=UK$VGafOHALw zstyk>kUFx_xdd@CcMGFc_HrA*_P3wY9qSZwJlJ4rEjeSzHv97>D0kSm=P&PpI-wDp zJ*-`O&1RBv7d8ATqod^|h3bRC<$bvHZ^FbAZ9epz_lw~!BNYM-*nLc}RPOeZoXQL;yJZ2qiaju65f6$d zVtUF&_YYy2$uEJCmsgl3S1kriEIkvf9?dsH8v^F)2pg!|@cObHn{FTZ8>|%qPykXK zV{EYTBc(BE? zbgpDH(1wdBIrCkrB%~{=#KpLebA0oI4aRyH(46uKkruF%DW~C%H%gmYUT0mJBZ^VF3@IN+R3_Z1P9p z=nFX$tU&?rN0X{upedxh+pq2rG|!q5oel`+$_CfFUj;C4GZqekx@7UgJqZ@o76o|- zD5!!Tta|77sy!3|Jhme1%M=|0O8nCvC1zg~Y$V<hXWwoerI6Ctat-7Kk<1=QyWG1!(D92+vV1(!f zU%_LdnSfY<2NT|1ixU(zvwhHfXvXVtd$2~RcM?cZ^Cs2W0^`|PqB1=LYi&R02?}b` z3MCgl%`21e<`c)UppV!G18qbBtVwMJ?L*0wW30H$_0t-NY~85q^w#juzJL&R?2iK# z0vRC68*9oAEz#uV_v|j3(U$!(E1x5C@QGp(oD=n2yDM$VcO5u8p~*bj#QYW$+y@aF zC@kyQONOZNCSS0u@@VM4odtgpT6lD+$jQWZJ$0}}j;VxwfGZ<^0K-650+vGBcPKi=XP(!W9W2Gu?*G}_7K9wUgX>RDykKon zqiHj=>FEkZewR5U*pQy(-d}EeD3dR%IG;Ey44WQ2HMwOgRObq8q40tSypCv(bUF93anRL0m=RR95FDq~ds=d^hmWhlo zgfyhDTM(G0{)+=+y4xFdl0oys+s8+oRDh}XhKo+T$f>k=kTHI__M3ja-|AF$Oi%S^ zhnr+ju{5B|#e9F8!EjA%Ql-3IuKy8QPH8{O zSHAUy1UHxY_|>8-@X4z{+d)z=HvHuY8}}$ipKOb8T%&>z=Yx8rkpAr!YSeus!%s){ zI00EETK={jwE0Jp3xNYYy6Hg4zsqFCDkWZdOw%IJH~~|7zE}~oJX4G6~uvgEH5))&MRgYaM6D>CuN&DN@L5c=!{oz*u*i{^Cv~=vc zt&AvIGCDhfc#-yq;_3J3RP#dN{B7-Hj3U`06eh_7lu#rc0F5taowLQ5FE`bugM{Y(0 z)4!zq4HpbJ6#7@06>*UOrQ7&&{P~#?3zg$$leEeiuH1bb6@ZxOY43FXWck~Ec5T|v z$v;7MYrYgYc46OLMf;lRpfsPh^G}l&PeotMswgjlG>9ja#+ZKDbXLFXDAwp8yD`Jx z><-PN1auYmZ={26p!j+K47zLB^!RAhRI;qYZk1fK#Pd|yW*_GUxEHUeVqx!o26y!u z>`y7G=`%xWU%?$AAM!ZgYETk(*8y=u+K$s27Gw@eCI(3U4H4wFgQi zS$rv31CTfWp%^+c6nd!rpQ@l5;9YxI?tZLF;H0CH@3AA!S4rTc(=cP;ngXzJ6HxNXyS+*w@%sgxEb47 z_odQGZ(Q=G&pRh16jq^)MgNFuIBlsiayn7S%UKOSTie?OZ!rYP_n^(eLvo*ODwahN zqcQGdaSNb#N}qAF_#zfEfVu&uD6OY_zB@^nlAb+*doCM41yGP{6AEtCf&F$NM{-#G z9ZU#tkU#w&fp7gvumI?yz1S7BX8ZZT~0M~xoNZu72%D!GJ2-(hU+mS{(0#_OTP;Vn&%|Ro3BcP_EAA1@;V!NzPtC z-_$-gKio0;YP&q{jngPT#1%B} z7r@&W4EXn_wqc+io=-47AlPuls^exjz>u!;RZ9040Z)e{R2#2~QOgIH&vN3cVD@A&b zW*5;GHeo|JJYc~uI_rn$7r7VhNix{6Z!42Bh#~JeId6P@t(w9{=Pyqj{h{q{X;ot8 zqlIhQYTolozG(x__2eXa)MpFlY~{7fo*=!R0Z&n;a=G(5_LYmWwy-1riCtT$ec)tkvw*szW`BI7kI+AV9T zX)-ABlU`99WBQccsZi^&Rg1R&2r6MFyx$PWF22yFg zq4K4^+(Ub|;C8#eL58{txrsR4tqwru2KRU;GXv@g>aVR%N!E#7&pXtT%RzzjVal&T zf|P1@r|^3?n?w`y?%4Zv5zZdoNZQfi8~yX1`It1|L*bXAoQD0u#K;6Ft$khMI3yqO zt1CU#Ao-8CCx}@yEd(%Bd5n803ww-<&Q5i$%awjUjSVP?t}Y+n5r=HqH=sGw{aO(s zC*!FKTB}9rw(ai!IcXdm(7=di1laq4dVXH} zPsNijci*a(dH?+{$0TdN^Pa5wueH4t;H?3--eaS1%JI3TQ3L%M5V*1_Y)tVu9L(UH z-E-uE$JKMSe&peYA!>hh2fVFHU^KKe$R*ZAHwI?Yo<=i`pZt(_?#Q2ZYAmGB7Xmh; z(jaMat8>X0(EA(cEYJuDS9+e)JFe5j98O;$w+Q=2B0=QlAW_2}GFOS4%?87q;h_-$ z$D@?<*gb>~TWbdErd~r(*VIA+sW&>;GBQ*H_6an9zbiFzAoLp;;OSA09e*pOn)pp6 z`V6-N&GF%|y?Iq3zrt*!Um+s7JAC~D@UngoAp#!s3zsiy%xh*q-W(p?Q zJ-g_@`g@}MmGi$Ijg~u{g>UE8=`<|#Kl~l&WBT6HU0?=C!}QjL+TfN#Drc_tk3{$h5TSs$y#|QE`iVqKuWL!+(cg=TD1Kvk zKVLsw7PDW@9+Z@)c$XF%N^;Fum;{C&8{CJp0R+r6{0C@`Fkt9C(0X3-N82b!hu6!>mt#T;}(f6eJE>T9`^3lfzh$A^7By9eHJQUJ}%{0hRT8;1Q6VVB$+Hcyq2Xls*5( z{uKNGI-X;D<|8V z*6(d>Udz7m_s`azI5_@$1DgMcf`dJ^_IoJ-vpxUz&#e(s_W6GQ{O6I-E!q6LZT*WG z!0ovIyu*L}@c$=6tA<-&TLE72);a!ra{A}||495_k1JNjZU4PKTZR6E!2X?p|2t>= zfAZe{tLOROk6->z4*0i?fqVb2y^DXb(*KWcb)N&=%MJDjD3S;oLgIY6Lj0ntFeYt# zX7+!_|G;yyO?>X8>N=1R ze05_nlU4tLfB=<%*7py_(+Jxx5;(YRttBUS#5*)Ka5b3;f;{3i8$LBW>%Rva|L@xX z6%r)HF1kU3_k4fEb@UOmIR41ZXioZG4hJ`&dhSX9O=)tG=ElWXgEd*P`~{z$@sTR6 zY(W=Fm-l0pfAx?kK}88bPjv?I{WxHxUV3>v0L-MQ+TNv|SO&9gl+s>*oVkk%#*#^` z;@}Z^*c}8Y?U>O_;v;RyOa{SY?oenY?5XeD3!KCE$edk@UwVKSxZCBHmtJLaY6XmE z=J9U_NtHDfV+%S)hXvGJ?#`cB29Rd#JC$7q1K<4cado2y3$_*M~$ z^;TL5ZyIj+SaUOpgIq%6APR0CQ6i7wF~cJoaD0PG1^Er1Ae(#}RLL&mF96+h*FpP8 z!YC*gwt`us5l1k4)8!e;@6e@ubmx33AN$=zfX)7B_Kd`x`od3Gf#UD?W z5Nh+E4=Aq?es!db*Z(+SEG~4DzV1wZ4aup0Z+h_vTPxmb+(+Fqj6VS0>~bCGE5SkT zI>?YfMjCAVy-sEi6V&wHMV0!7h22f}xHPtyS_wfVEc~?jVZ~O7Fj`ZMuF5S#AfX8* zFpcIoROUodEL!}a#--je}gS_Od^4P;Wn0B~c4HHzff~=K<)!)rHa)Eb?{xJ~m8^GicXRK`osrO1Z9A9{c&<%APXAi$ ziFfgVZ8gPIVvS~|KcQj3f&u=(_`u)upEmrw#HkHmAlAJkK~)`EeLYRUyEivV(YfO& zo70TbXf{?w8=fIi`RN-MT=>9 zSvNi!GUN&32E1-*qLjHkxVy_8UtjaU&47@&n6mw?w?ZqiI8>=k2GFzafx2{{Su5->-YCR7$N}QShV4ZG%x=mdMN;;1D}21^unK7TFiblX9tXZDqyh~EUuEHEZsrLsRlpmkr7xdtfGmVhWInw{h!xA$i>acF z*4%l>+fc-AZt!2VdOaD?M;0d54J(b}l8u6p= zpXYAZd2D}aSB3_J__*8!TNOl`HBTVl4GB>c_}G=M7O`8-_}q2llYKRQ3>rBLGr(ej z@rh&Cn)RZvuMs2y2BVQZGPLVfxZp{w`l5k7_Qq2(2p+THcHO&MY2=Y&FtGLhC(-zQ z*n5dLlBTGK#xvJ%NP-qHMCBhGEa>lZ5%WM=;0RsEwd z9-MPzGJ!zMH5_8oZ%WU*pRAvZ@;{{4H2m5BhRv(d@;|067Z?msugCZQ>aK%# zY>s(!OMlmcMp#bWYebP{HA-Z~q$SXk2)>D+aGt7M;G5cKbM0g?F45oh<~rySPPxvI zDv*08II=fz_Ef9Sm~w%-F6UJu_0YlMiB-1{ogedtX&3J$sRi?dg?+O}BV1ox$p7Tcj$u+22T!YgT;O zB(o#=aioI$ykO66Gsu~3QNu;2`KE?aUVbSPC^5-4mzVr#lP!2kQ0Mi4`gJ~jVhxbm zk@uW9py#mzC_960((SOa#f$EP$!XPRS2M;bJKe@=E1}@~vBEQpbZcB>cP8jI?lW$( zkUTK8eh+2o_C9v6*`yFixooCdig8mYr8?|6LLrcT_Ws2Da9&JmCr$tI|`=4}~XJ0OOJQA;vo8zMpclm;K?Zi+?!K%MZ+mW9^c=xXzsme03 zE^ogWzwGLen!NS8`Dg#F{SUW8Jh7?<99G$Z8&W)87WmhFu;|5+-UYKDmjrxRVseCB z@s~jC*$JUr{b3S0oG&c4{V`SPni%73csD3mTF6|&>{WHGSr1jBFr;#t`nvuk)8*c9 z^@RBU$J={AHMMqYqaXt67CV+mv7tz@0V1JUQF?EoT4;%g0s#RjiWLPEDbjlngcgvF z6{RH75(r9Enj{pZMF{22h3@_Bz0W!Sf5#nX+>GHEE(lp!Z<*zp&wO6twJ6zl#{8z4 z{f~E^`n{05$or>8NkO6cZInXeD1!8dCj%Vq-j91rOvAKtuZ6!l-|gTOzO$p#p%?_UnKf1_{cPWIa-_d@yKD>XGe(tx#HWT`g&-?$5PzeUES%TmbCI4Gvi^quNbS3R~|f9KA3*dDLht9 z3#+?F`bkQ#T00`)D4BdZKW4ymHJS9`MM@PL?6IetohhpC6~<>>MzS&BRjICf67w! z_&KjIKAEg1`F9f|4;%UARbeQepzSa%qSrude;%5v6pXGtypwT%x9vPomd*ayELFhv zWA#*5;sI;!isxWn9QP5Um9Cxw!iDKI6@v+D*|rlhE|Wba%S)#v4Keh>i}wayN~9dp z8;9+rYtMbPIwM#>Zm8T#yw5g&HYpvUS)XI57}edOF!79%ZXB|&h5W;tZQa-{aVT$0 z+b1zcB{#yaWO5h?jTeTI>35=Ce5#Y%KWaKt+!{Q7aKu5>fg?3?B#lmA{-z`hJwC5B z=QD}PkB;o|e|(Ww_|W6@(m#&Zp;nZ$AIQ8iIn_pSk-I>j={{6^T|+QMLP_wW6k9sm zzzQ2GDc!h%*7_NHXpB+IuvSrva96Eu`6kVK%{Y1j6PDH*l(NcEm6md{%IMCC#mEla zISJdmpt8slY`Wx6K#8XCtBo5<9{D*3Dz$1{%-|(-1pL5SW`DJ~qELg<12ZsU7+?wMU5L;v|{TSUKEg zT=mfqa$?Cuus9DD`wmAeb?vry6zvn!j0}$}Oy#RgWa;roO|a>0eh~B7`RAISur6M; zDJ$=8g<05`L{I=evIp#573F1`OLnO{A?becntXK7GJ=;D$0@v5o#fVlPm@$;E(BiQ zX7`e#&H6n(=`cNIe9w`cR5CN+vrjFDOsq1(~z;=w-8{d1npjwgHFQ6hgl~c38n7E9)k$$WGIy zHW6a+78jEIV>g#wyoK`~eU2^?s*N{epOt0&NJyQVu8M4EJ?GHY@H%T^`^NF$tZ{X` zxTF1*$GwgNu{1wxzl3c1L9+SQ23^^}44nXF-Dc@w9J)*7dO5)is`>jV|>+TT0l}~x7=X;{b{Zr)j zvzsQ(Rza}+vm;2L#E^R#HNfgV`fM4nh&^lkiCsIbQ&USO-NH0^w_wVy#Iww>T+e>a zRYxBFvGMzqw>8G&NRyo7@@hAAW!2Qx+SPaWETdvByq{6z?Hdn&tCe#JSCTQ|c|K~3 zMd5`zEVC^KEDKQbSK=y_8n*4(%&RsxM^(6gn(+;c$uK%0lEZeZf*5bsddTP^4Q=aTm4%5uZNAq8E}&MR!&Dx`?V=~(x*Dp+HzL@ zeY`^Z@s^CZ{Fa&RysE6_of%pTqc3Bm_UoIOj{1CrS5-0s5oZy_aN1vkAb6bV`wkmp#60RS7A}*;??ZfsE#zCW;n#v+H-nZcM01-bo>Gi-~ zmoHDN{|oBnLQmIy!$I>nO_hu%Z?&>vz;fL(3Z{7l6jzyysi!)|(~<|n%ak-Ydehz&QAh*b^E{FkL7vHwR<}Ww)2tY^ao z6xeinDpn<4rjm5>A!8&gN7>dYhjMh-fNotcAdxlk#uZa2xQ2I(#0YjP;cpC%y5;#DF%fNW!c3?x9*2Mvd>8RCICJ(nzV7 ziKF*52H&QM_ku}W6_C~Ty1YHC2lx2xsV`i6suzspyCDI7P>a6Gs~(S|k0P_ZKSc9e#Nm=3l8`hGIeMw2WkqNzEfzvbb8m9e*g zxi76xaKIy`eoETOU&n#p?(yf7)Hc7c{_CwHaaj{BB@7q3ljMl^;fE2pj&I$J>J3zlM7j^ai0rTp_)s3l9{p6w zBRYuq0?W-x@2q#}%bUc#R|8{^VdaU;Z%%);AT6k%@G!#}ji*p%p$0>6%fSg;|g= zB^}t@QkgS}Dw_Sh)p{*joAwd6-HVX=5=|;eyrhueuDCB``cll8{76XzVw}(pbT-al zn?bPiy{gG4MsAUACRjvQIX4?8@)j9|R2Xw_H0oXjnq@B3rX zgp&QSMwb*kYl_xN>1~7fXxJxYyu0lio;aU@jXQSjC8A_AqMQmcli?2oNc(5*?vH0% z_nU-@DBsAda$`}YbD@jV#HiahPSro5!tC@|PAl#m69Sw=nQcm=F6za;)zila?r&YF zt-n{#vGEq!|7rCMAggB_00+xPY7|Eew3>!ywaX(0SC~bObw3z4>t9Cg_@KkP!Yq}k zAjz-)M^V(dc0tkLM;em0&>65n5y|lpjKi5x^J&dDzyP~wZkoAI-9ZNR=Jf9O$T(FO zyWW7V=hwBL_Ow3RA2Iyu-r6nm^N?ol^12JS&Q&W-NZnnd&pNHe4)$Qv7p5T`-9Ot6 zSzGyn8n??}&)syC5B;8aPJdnTv$DIs6n%f6RoA_wGnr{>jD>m5NHh*JaOnL!Go{MG za9qF;Jyy*pj-44ot4tpV#yHQc#TVNCHAv@5+m!NL)MaLXr8qJ>23l};1gAur&ChYv zBYM@#+`hg$3#pV-ru0T;p*mHet;Xi*pN=jqhE;REyMg? zOWI&GE)O=vfSUB)Fo$fx9dWdjt~Xvysa27=l6WHdbLnXJj6BBpm6wvV;3&Q-UeVK} zO6Ypzgo)uYYD&lfyft*LzhcX@$=Fm~FYG9F?$+WZXup@&8mbb7)x&y*+A%OyCeikl zutg#?`M~DpzjjpEkgP7pqV?zrBo>|by>f<*w4qYV-!B6Yi?msFf@ywWtfw#xwqT_jQP-bb8x4N z+2Xu*MuA9Iu;!H$>YB^#ll5J|)MyOO1H+$%9sms5SGh9FY4aLL_+Ib%+I%$O+p)e1#|s4q%mE>@#n`5=Q^oAa8(-e&=Hz(T(U8C7$33G|6*gx z!j#m8a=(|+6EPekpZO6m?LiCEaHnY0Bkel0=#)IbNP2&aoR|g6vS$OJ2&RLLxVl-; z3M@Q3>+^{N=oL24s*>sr)%(0JukLjhHw&&axMSlLI8A>J{kD&W_H?v%JB^)>pG3A& zPj2xAp+R;V5#bCPwC0V)0k45RyD?MGhqC2sj5$J^0IJdV? z-4=HYvV|@we6Q-u+sj9Y7uLfVI71UlzDx5%d+Rra1m|}48aJ+N-jVU=;z1&xuhNoQbCD$_*|e!S@D|BDJI%E@>JXj(ZTCFwmb}*f=kCEN z_GO16yCocC|zc6#7jkJ#$<(7Lcv$(7H>*^chsX)|u`luF_7g2P#Oma@dh~ zJwE1Z__710FdhzILTaLN+GJ$XpSpu&X8uKLsg{mN{?4Yccqh#mc^8q!vKV`0SgOH? z159V2Q<15Wm^XcVbwB_4qtq0)?Mmc%ubtNE^j%Kmm$ymwYAtW*{Km*m_IvfjnJN>moLX3 zb-@?zSTZp5-)ZKYbTcTZ6)PE_s4^?OiNA-Z)a`4-FXNIYMKVpva{C?Lw0pd>5LK6> z`ARllj0+quyYh)SyS@L#9e+1KgmcxOf-jfZT0nN27eHdbK>}AJkdt>QOb;~2TGd;V zu*L^?sAMrmMBVge;9Q1#n77;`a7|Gx+=>aG!GtQ(2qU(C$$1M9vnFz3(^jCoy31TB z_&WGM)ni>n`-(oDco0Ip*(hvST%wsC41!5!Q3q|-kc6%$j8h4`gg>0d$^pjq_E73L z+S_(pt@@W=BD-ql3WrNrR3}(%C|;NKkk{Wd!uk~TcMdn{;sm9wg#ITD+4PzxO6l`^ z8j#fDT7N2}6eVpYCf$iXI$3v{FX$)9s)O zy>El_G@}j(3XcJ5(lC#>Y!Fkms@30zX=h;Rh{rCa89au-B&ynDWT4`-2^fI%Io1tG{j{vdmt=)~d}ZV**V)Gn4c_*c*J#MszHx zj{yU8L)BE^()$KKYp=$Gw`!1xR}(>gAG4)wvC+3^))IU3P{-nP5Tz`~J&_cE6 zSP!fSR6%~m>~_EmjQf#Jz~@hF@?U-)zWfwy#sSmdTmYUc^Vx_l1t}$~>;3t$vyI0T zLgm2)X<488$c=N@k#BFFoHfBIX*0{#@DLk2)-*vq=M2!v#~AzN_o~<6_iPf;l?iPW zKDd^f1w1Rkcte>a2%=mTyTNq_B@m~dOL!`c2oHVaJIOKe37(s-6ng%^D|bIPOQWV* z!_i4$kVLSqMn6&W?L=~fL&?Qmxcyf60_xF%mU2|!B#TCQj&|-Df0(qicUph#olE@| ztz3?HEpOhuz}2hXVd=UlLb^He8y)Jbr25@8kbDDV z!;5DYp%JW5i)y;k%+%r6rn&a>`+3uW1yD^o?HxiWJOC^luC_Hoc3J;GW(yNuip zFmw;GA8+8LMM+S$n&Rd?HRU2vxoU9)5zf5q8xcU-HYGo$uL=Rq^l|lhm-3EFOa2@p zV7%Qh_WN01k>(7KgtNupu^f>i>htjmYhJT%NE3e)osU>fkXvSb$NsUtKYinSuQ;eW z+kHi0NZ9__Pe2{JK%5++SB+MG)XI`dFGSIg)G1)A&OF@wz@&&Y7(tsbDJZdY@JojD zq;h(>;qI@Hgc5=RNT!)VqbE{}UXAj|x_{F%wO)iaf!mlR_$d!bEleMP{?eN%Ef5gc z+*l4F;4es|rD*;{Na{HBV*9%bBl1b&9E;|@mSWEZ6AqOo#c^3?$hx2oJCt?8+zT?V zA1V(C5!Es02ZX*!VES{xg_P?oIkghEuWQUQXOLW;+AVnka`~k!L%{i-()5$Q@+uvP z&}$+N%=YZ*q$e-A&FHAM@>+Z(Gj}z}zuD@B6o~k zB8ZQf-6m%LQqEB~21-er=1qLse+st<9sT5__7l1!zbI5*1eaa2J#*Dpr-AIqjWW`~ z9pC8(zXSZCRkiUAZcn<K#l{yI4xi{hwT ztB+kHziz3%{R`-Wk?ttVz5i5B@{)n9ilV7cJ~&oZ(|!$P`Zo+Mj62a_ z%V*lW#ZIjzPB3dXx-EmG_hnFUqK3ASuqt@`CgVfr1Xd7VYNS@XFVY)HU`ahr5cF+P zKZs(Evay}G(`Hb5DfgSN@RhQ<7rCYt@6Mt&qo7P#eebc`SXWH+%9sZ>PMO{Yv>n(L z=+Hvy5oq6G++&bws~b(94$bcK!aWdm*illzqs=BnztC`KptWypoA{8BWGzEG zUAw<(0lUHs*PdNdXy9}aqLQ1T*<*R7H;ywjA}6RNJ#I#fo*+TVAV1>gXFbt1Ta*>? zdnB#IiLHyw?rl&%R@Q8j%zNF{8TxCQ(6&~FYS}^v(CUV8R6*N%j6?CzI|NNY+!fI8n#Y#t_Jgjx%aQFBNbVl zW8?TXe4pM^BR`&#*-bK(>n2H< z(#z4YwvX+@aLY~0lkyUit_X3nl0d*+C~KGVOSyNDn~i!&1shP$mBDK5Dh~d7&J$hc zW`iQS6JP8i_Xn(Ua`9?wHTyE07s$VsO5aIbUtMul`H#H(Bn?|3ibe1j@q~L>x3*t; zpH#J+a3-EFJwfwXzlf&voh|MPR}Gg&eG?-A<>t+=-`~Pa3vt^|5?{h&k1eB~cRbj4 zNM_NUNcLrFMwDr6XSz?tL~OCIyot?wc*n~$qCK!^5{aaJH=9fQAcs|W34=mGHF18m zwl2phviBN<(qMJw{o0Os#!Pj}w&ti$d2IY;!Seud#oHLpo|fI2(O!-HaArf`3hm)P zM{T5-PJa4&l_B6geIc|*gAm5P_D~TlvTj5pj&;_*q~0aNUR!0F0bdx z$!!MGV5X;@d@u>g&^;~lUh`9NY4N$-gDN96B~^Tcrw1+y_KM?0=Gj?%XLBJfDqFg)U7pJz4Y%5fPU&ieihCpDN7=V86K_TTQOL3!djMP z59vq^dzZ`zY8BBA@Iz991JE7{(-o^Vjq`6E9i4m>?%^(+k$#xC{?S!~s{8EF z3wp6b=%@9Y?cZkFoAbu+w;6hrrLnZ|#K&Wx$WLFK2bOJ#;=-*aN3Sn;wgg4u@^07U z0-faED$8$}l3}~J;tB0{2U~BLo(JD|9@I!yz+;I$n4UA7 z%&cY5^>UED+a>*tKYJg1sLh=5H!$JsIQyFQXRK2zjK0+3x>w7+ljG8(oTTNk zGfUD1b!25S;hu%n^3tcWZi+*Fu`n^QK`z3D`Jo;EEymq>wx``ZTUqDn4L_%WEl#z$ zho+LGYFSu{~~uJ(jiz zfsJgDeBIL<&sR+cQcej62jFMz2;)=GF4oQH02<`TqH(um4)<3uD_qf$YP~(L|0LY% zRm^eIGdU!uBbFC}bYbyYd$8VBsySlrDhO_F{j-U`ONL9F2{CQMMfHAgvm2|mH zr)suxjn`55#l`|Y0W7t(#J;^&`Mdry7s;@V-W4Zq;V^(^tFxwrzZ3#({SwzyQlvc@L{);y+^x zQ}FBc!wE=baHG7Gg?C_B&8L_hy)(bZpu9`5&lnV_{R|MQ*x=MVY!@c!p-;JN8%vuU8yavbbetNvX zOFWC=<4UY>AG!eQKW+4CpECSF(>50Pbt;@ILIC8!93ptq>=etPBhMnrftMML>`%Vq zVq1TG2r?<_f}!+g0q|5AL|(lOGVxH}aYjxHP?Fc9EJtjcZ3YN1ggbY>b^=zmn#ry0 za@b4FiK>h%?N;TkZ|G$%iHO^1U7fRRC~=VcgZ>*1H!SCN=kxhJ)jk%0;`k&jY~g+G z<&l)IvS9CA=M9*57m!vCy$P8IoRb4-< z$7lr5?D{|c7E?D1MCb&XB19~$0?0(2TW( z!rv})!h9Lr?dCAHt0=vit*x>-U(&7Uy73E{N`$<)x_g-<$rIAmA!*(hq z#Jrf7JBrN7xMN=9X&uk6UF=c)$3ypK+WEw@A^G-h<+`A~uid#=IH1b4U!$e6yYM1E zh3`S1@SoopAgTSvw-8k*M3RaMYY2c&??x=WWdE3map2!Za;4es#G%_2&PSbWunrir zqDw0&e9H+ZR97M^XocCJ0^+~KQ@!A+z%}oPuUn2GcSUcuC&z(5Mr<3bf#rmi5VjmY z9`5i8SrZ%YFCSX|15||WtuPBjq6(NV#H?0hD7#_~Gg$`mD2gl)!zo&T0|qQ0IMA%# z)str-kApT_Dj@#^sNK?O*XL*Pu?f9!QZE6B!WPhTS&{%pm9aqlR)?_LV$f{?kWy!) z9MVZKp>ZH|HiK}!fQVmQn5P0XWji(0wr{dnnx>G=o`ti!%vE96F$Prt|G|I%e1apq zdh4OO9GhCdJ#6AdZ#m{&f$jE;Mc54l=o9XS5Xk`tUyTY%9ov}Y9z(5fki##BeK>%G z5umG<&h{AZQ^x^XNd@eFq~zXs*uzZ=qbW_gsTpGkA;iPF#D{&Qa`gxK9EVJH{@4Z3#-&1E4*@DL{OHorLco!x z*`y0^R8NW)ur_)k>i4HKFsC<+aG&8JP|nnR+)2dmyoJ)P|GF=)iE+pJ&1-P=OeV zlQt`;gSOC2%Rv+6ojFDOn#X!!!i%AMn^a55tNH@pZMv8?&+5v(oL|0JvW%*pW}dD* zSk0R(8`sa#orpD79Q-GBel{Pd^Ikq;^^auYZ|8LnO$}2oCni!nP+xEe+;v(;LFT_HH+v-fK>IP%Q8)eRlPd=XuNuAW1mc_|2r_ z2g$-V5zd0M2tWQSx1#YawP2K;sr#*?>)O4_d^sMu5F!_vMhbT3&d3|THp#af%9#vL zxvTeq54#_V-ldY4{1Ts_O5q6X)t2Wyduk<8{9 zihBx#1=ypc(b`2n3JaK$wZiUGK8P#nO8q_&xA63sDd2p(L+vY5`LY-+Bee0Wom!c} z6ZDQwDJ@;tKf%hX!LE1f0J$B}SzAjPg=&gN&p5Qnch(-nU&il{wkU1#qn>Dc()t0I zBbIVw8SU&O?j6{xxlcyepB%rR`*4ESDeA8|d?Vu3_vH9g0Blt=*mMh(S2myNdOE;P zK4LP~K33lG_BzPYZ&+)#FWO#vwV7#~eD3kP6Kv-5{Jt3l*5GVNN9j8skkNHckZRu- zw%Y7$$I+vO0^#)~SWM58OUg2uBU~G2KZh~-bMvJ1=~ox>_*_lKFT=5>M(#?yG|h-= zr*^lmS9t8xRd|-nO5YLNdDvbU#DIR&U;{CJnX#JWNnTsa z(4n-uRWM8SOLVGwgL)SOZq}YQe}lmw;G@=6s5RfM){)yRyD=%uGut-Beg^8j`wQn} zSB0uBJXao97?#78l#HW^$2B@#8oh4FDdm3oblrEYjsH9;Ugec#@n~fjIVY`g{nNJM zm3Z-*?61)qW45iI{)o^yroeKU7)__m_|?D2iPW4A z*yYaUE&2V9;ckxu^ftHphYbc@csm2o!7lYJ%%&;k)m5$|=L7lAPqb+`WhB?!)5tgF zHYQ%grMZVQ@**pnIh7A~*BXkXi_vabYohw^zaQ$ljo!p)Uo`MubtJcwxWi62hH=l{ z|8i%+&JGS+GFUd(wu}_AHYkhX4yrjYuU`& zm6d&^d=keTb}|4rSL^ua+Ef9S`VBc&AGi_{9E@_f@>Z(88%2dfkn^2&_Yti!s1*iP z+RI=?>Pl3fnASg(c#1M7=s%G7Zd^_+GQ(7y`?I==ncv%w6w^0qP+aOmgcE98 z#!vc1X8)-0CyL!P+G&bvThIWBtkUYHyhyP*fbmW$n+A*1{PJ_skP32*sBxT}hDC9v z2Cp^Ix|)eG&ZY+Zm|l56`!_i=?lu zwn$g)$6MF7t>&)P%!tyAMMu^sNb_V&ZaV9SSt;FN!mOAQcJ#QF5RI~{@Q`lIWG_PJ zY3Gb_GuzPOl|f^RLez$~EPSoayl86N5@1TW7kjL1s!I&x7BthbT7GOqU+_}A*k0yq zjU)5>=JSk!&GV{T@}S}1nez25Xd=y8S1y>~>XckslFj!FRo6eN8Z=iDW~V{A6f;o; zDa@3R^2nL~H$bt$Sxs97U-RW)MjLcR%w&8F7^$deYt2UEFqdZwS2V23(4WE?5sj)O z2Yj|&m|&C1y|DNF_lJ-zY((-mL`TuIB$|&%$_Jj65wiwK*|7LaevJvTwQKR6nZAoB z(j)AFsfbv*7aPb)Pthf;+ntp2#r>umutCn<1(F&pON|v6sTPN9QQfyVhs7#K-V% zzcjXm_!d{rr;{C25joJ}_@;ncgxI^puD|aDC^@U`es@y60q961rERM>*IiWi$DLQ4 zYF9`OS?zGq58=6}t&PHHP$+&U_0yX*#@o<4*}D}Hs{IY1+RIDm8rR=7y%#*q)5xm) zQE>&2cG`>wditd=fiZ+mjiOl)g;oXjitd1z|6@L9R93cYteT-nJ_ z6iP*cchbgGHTwgA(14w{uePW23eROlaL4h8%Y9FYfrWf!;!>W<6QjC{*3xSU^y3+6 z#!vsXj4jQf5pXljXBCiN2T4-_Xc!lp|ig`#_@tMFOzASV|Wc;dPQ|rfX-Qt`~f_;c< z=t(z|VlM6%K!>K=WfUbWJYAr^tg#7xhhI1_?79dP%kP#L5`@BU2Q$w*njaV}hfMO) zC9iKJq4>l#_X#zz;*INxE~mYUB45amgbph!JIGn}_s5PiJJ%GqpO4?*GdfeA2&;?e zw$FFbT!J5{jpT9pT%0@5GsS8L+qGmn-mLN`rYjVq+*fTcAiKuy!%aN^p1yub@I*V` z5wSdb<+1xk`4OZs>TQ){PiJ4q?yd^+c+y(pcDKr2FV>8rp7T3yL>=$oCxBHNK}V`h zzPTnqZV8FGwt3LC+)33!f8V9Ye2*nglB-=kMn7(2exyHrr=aKp2PEDcQ~lP{eNEMr z=z#L@k|18xjyraEVn}t!MY?I?gQJlHhW3t8kZRQNB3VD5%o3N!HQ%0-4LY$B8$N5k za8SUTpFD^h5UmxCcN+9W;cGm{tZ6?6D2XnY6)t#tld%;IujJFkbmR;h6j(0Q$n;PyW|wClD(MiCukX=wMJo&FLw&pijmzvIRk3FUkXb$>4dRG z>#tQyyh5E3>L{FRazCPsSgku=A{c7J%=YG^_q|JRsc~Ww68So6d^tgCEB1}RF{xLr z#z2oH{6P`!BU3H&nIijy8{-DsFDAStLa8 zc&#*ZC>NTbwNWW`~JRz9Y%L3H1T^XEzidGMwqY zSNBc_dhveh*gNS)hRpL`k1qPXw@#~b9iiO;fpl_IY^BNTpT)#)tCzbjmv#w3JP;wy z#sGZw=ku95@k)y(sq5nXbJfmvx*fEtDEVdvspqKy9;*I!#?8thWy~?jwMXJ)HuqxcOSMvt1`x@cfYSWgx-EA<9Ll5uEW~gnEhExB%!7u=8IZA*{Ff4gcBQ;g!f#*h36($LL zGTZJ;>jA`jWMt%Ge`bVJ&PI>j%U%n~h7j6ae2PQCDA>BzRm3!$aB#>=+-3n83;qK4 zzGc)OC0<1)iSIP((4o#dmQe@#y3OaVw2cPJkVG#73G602!?afC3nMqQzTH~~<%=@U zTH5sM3UrRyN@I^@zjW(;E5H!!1$@Q~V3ATl17gbqNVJ7i@ObPw3+YdS4m`aOTP!CS zt~T2jzwi`o`fTtT5GYe>7XgFVHFFm*p|OfcNRtO7#1Vb%6}1 zu*M#aO3uHSv-|C9*VmJimoXJN87>XwCBEr1e$Qr)$1v)%4KodDk^K%V;@m=^cC1p= z0V|2wB_4R5KLTZ(@n-&($dRn#d5=Y7473Un#p< z=-3B*6G%wBm~bIgX~hYw4t~DJHvS6mMkYns-e3i~cOKEiSWSi4=e&N?;m zZ^n*}fXCy!09Kaaqy?`oX;WFE(s7F)&nzkGsk*!WSPBEc-0cTmHn*HKrRc_tD`&1> zLKPKk+P%SauW=-4@-buHt!mV_r^?IYjNGc2bZE+d6oAJJsfM_LIVZc}2Fy1xzQ4Tl zhZW7BTji7a>L9ek{+uU*4qns1clTZj2Mp0RU#Z@lX3m{ z*L{Dt_$$n|Zz%AZv=+<++{P}YNXf2Y6Ya33^zPn|^=E*29cNY{ zW*e^qywFL}H!$a+zMScDwLj!xTEB8;fJd-wTeKPpEG=C}J$(5%* zP!3O8uQXfSH*PK?tmq*NwoO4f_HjOhgTS39N-|u4nvlZXjo7!EFsF}T>A5#9qlO2j zw-wM@(`FM^Ee^nF3Z}a)qYjb&hkacw+Ejk8h$iJJaOuEYENC^p(&^qya|`9_yd5nDz^LVwRN`s9~N^P=S5ZN z-B!PjJO0JMe@pRS1SQ2s#DDlMJl`^^T<{?|p}4^~MbG?}h<+&NSRlp%-2=za7>|#U zHfbAheAX9`fi?1eQgj+I)8ATBt!lxOojOD7$u&JlJ4_nW>$#QUy@iZ3*)7MM_y`9( zPoMkxa>DWWsSmwi9)>GOujvTu+A}TPD&$$r(vn@!_JW)Medkp>f9sq|$?c1Db|T4j z$4G!&zwP0XAJ<`cQ!XOHhgoZeEN3CqL)g^xf%h2SU6R}^rP7-#%wnx*N9LE}vPr)J zC_F8de_9TgD0!Yod5l_(dYbqmp;>o;dG>EBO+HswVbtpepA9&s99m}hM@f6p#C5RE z2WQx*j=_(qYVbK{>nehHsOrBbQ#Q7HX1nwQ8d%j2v^;Xc%ibXi3C}7izBBx*w|=g$ zmy=D+XOLVNJ@^EuZafUYzoaQ&e7ls9FXI8*;&yjX4#k#`cDhmuPD21(5noqZ6&nEv)l zNmaarws(pt4Zn?b)E&P=Bd4sdKZ3_toOgjzl(hMQSTI}_0?#6r(m<#Mtp@Fg;oyll zz~diQ7fB%)t(@d2Ak=Qsy*cX>N%Lf!2Mc1C4P6KC1dz%B25j~3bi3m#LYI6uqd2m! z9Ts#QjbLXSU*9^O>$N)QD7O8bTo6VD)J@M(CV-z^K`!(d!7QWh%vWr3+X(hUXx*a`RYq&>M}Bwrs1XIa_LI2>F4R28uJY@i zG23S4`@8QfPJ?UQYZ7@nUT1}w1MyFXWxmENHq7&Mw2Q+?rCjn_@}%FPDax_7A;5Ys zdrA9?^p&TZ|CdpK0}TXe3Yprmk>~8pch5r+W$5^BJjo?|;uwHt5&$>crHbPQU7#Tl zchKroT?HDJLK?EKIZ7o5OKI#3HPi9{%U=X&XT!i=AV4=c>lt}HpcUsj4>)gP@Sb2vW_Yc;@x<2ljD5 zC}fi0@M~N;#M){Wr6PFb;xx}Q=Shw&yCQVl8&0sV!CApre)=lK1eZ@0{q(g*uIOig z(d#1UUIH^)c2qBthnmqRtUu8G3#Ms2soDv#gk`-Gl@N`GUZL8>Zcx@AIeyiIsi0oU zU2L?3)$Fj1*Q>)sXd4&p)lImJ2YB&=-1N7WS8kK>_K9Np=J`M1F~gfr$<1Dafyrk` zeE(cF{>^ec^Xer6>iLPY0=b7Z>(HM7pg_{Oyf8LPZkgp8p=00KSzqX_(^>kdNIB=Z z-y$@$+U-@%+vsZ3ix^w{2s6zfGmb$%Fk;bB>+kR5b&@#fvoPmHQ-F!t=VPCk_~bM6 z9gg3q?buq7KXiZ6n`&Kb2gzh_Ie+~0VVQEF!*YmI_?f}HPF}vhiEYd`6TKd3B%oaU zS)Eu?vv%ac;P6$g-i5%A7BNnxZ;^JK+Qsq4gBznsjq)r+8(L8KY(0WjrumHDU2lip zX&c`>dm3bYyl^~r%C^oYd)DJ?;?t3&__@?%AaZ`hw_~7r1cxe|S#$prpyB`D%18*ivjT`0IpgsSS73Zsf@5F6K5Mrxp+Z`$8&oSK|+c1f42x zD6*{e`;>nJk@lV5fW{gDU+5R3nd0(gMLnuw0Va_z=a{!#95(Anz8VwZ{3@{2*vU!h z({?RcxZr|nIQklR)msa6e&Jr@ek9rGaUr66{@oxobymexUUo|wu0z?;#)jCHnZo$C zy}_-ng1k7w>67!eHsW)tdkHe6wzY#V)5~O;e$XI1ePm1y4$}59&TeaD{X`Sd^zgON zJ>I<#>26uQT{=45Q;$i{fi@dMk<0Xw_aX}54v4jFBy{K`xm|x~N>N}>ws}TVpX=+s z$;&4zzQ*QUr11SfJ=T9Z251<~gFmijZMv>iSxqPy9{LMwV)eGbrF7liSs^M{Yjz>< zoJ=$IgMvo&KHix>8gDe;df-absWBgO=`^=da_u|UvM36&eqTq%#M@SKvxceriXgc+ z+%C=n0^N8>*2IX^5>{rHEUG2rA1^6!Y#-|OHnYbb$_KNL+D0;E5ZcLd!bWI;d`U>R zYcM`N-#QU|(R{ONM1N9=lkyLp4sx^HmvT1Q8j=Qs zh_;obD+aNQUn#vaZ~%+c2$W`P-1n4>!t5t)?y#NP+5$CwO4APQKzjp8l1%evvKA65 z=keT>-G0t1aD1KecKmaP`33C*{DM2g@kG?)ukwzY)BoFnI5s{)xPgF%$Up#GVl$oq z?K9m?)QK=h9{X&h+yr3``ep!B0OOS%uH5}G&t`P{`0O<{H{nGjgjVA7_UR@}lI|Hf z%X+uqUOVbR@eRz40TL7>zAfAQhSTAymmaA;)e9j!b-1gTM_#;0q#)mXSr1OVF6m~X z0nf(C_&8uRw_lTE`amX?|D?NPQ-Mh)6}rf`&VI_`k^ZJ~!Rc2$wN(%bApUE}7k^G6 z;xZ8SU*5xhN@XV>e*^yToNc7kNTxMNmJ_<4z|8V@n( zCfzqc%)Fs_YhN^i@ul3T#SSkYsxwVJtr?x$tJ=tUbmqxf@ew{@LXwhp;~SPjyT=^V z>FEBR&^6AGS%h|`@9Y5nk#y@kZq|RO!u&Uvzpq4&RZHoo6zMHR{_3XSQ5SmLbQ*1F zM^o!(gi4~4Bfn2byqa<`pH(TT>fP>A^`+9!Yl>-Hd8!~oc@csNu?+<}lFi=Dn|%Oa z@U?mc3OZpk9Qkq~qpm(uTp`o$L@Dw9sZB$-1MnWKjpl!t4JHeO-wVLgz0Q7|DSgk# zTj_fh;F5AdCFHiUtBm#fOuW-8!yYf=o!Y?)_Vra*pR-NLqC- z;R|Fg1i&uL0mj$8v_BG#JJLv+7B=QO*?4jYEr&7IeB-z|Zu)17?-{|YX-xiEpQ@&4 znfm;!9Q|CeYn#H`i`!({7cz5%BtBKGL7xenRHL>-$05$pCz9A-8@|F=U=@2{UVmEm4X}h#z0oziqqxl@buEv{QyK z<|aRv(^v<9EM1L_PMb<2Eeuml8r}9g?;rC5Ir|aT)dlc~sm7o-;P~UEKW*HddC0&z z&qaSsjggvvR%WHFW(Gn7j_|s+R8nqRTE+&|>UI&+$%^jZ9>=dSu5I1C#hXGuH3qQO zfrg3d(S6@~@EJEmF_=ll;zAi~LGT@IL%c*S(rci>FLBWLz+Tw>yPK&;U!7y;%mz%m zwa-j78Evs4VI$;j{JdJ(E5~BHcq?Sp1<*t)GD_+t)saZiBJmxJOrtZ>6VcYB7}ijx zJ%`k68V%~`I0{}lP^n|$>uB3M%#z3AGL{-r+Ydyrl$9Eed`oKB#1)`&EZ|qPnI&at4vd&X zLDPO7)Go;3UlnsR_Y~U&x`nEbhyr8h-=CQSu-M(x)9L)5Gv=k^oinVfy@906HTmM^ z>}mvKJZ`rQ*n^AEoi-37PzWLo2?CEFL$oVnyPWH|s1RT<0L5_`MFJN#rwy1F51CkS zFi{Q(;FV*9S)dSmZtoaHCc={18 zVc+9NkiBD67w6nsJg-BCGQt!ZnE9_?1)4uAQf#LXmP>S}l4g=l3a4JN_6;-`jQ`gu zuz+LW58$9?M1}spJZRPWxyHx_czND%qR}&M?lfD32<=kjzqp{Zor}x&YLW^MLZQ+_ zmczSzsAqKgm>vXDMo;4`G}2LF?499|&r%2!ZKchNUiaiyK>b5WW(O}I&Cp<7Vcf2U zKnTV}YvqKse|zS?Sd0IlRU%8}Kd*mXz>NRrcmMMRvXK6I{o~?)nWOsuhW1$i>LN?* zN3`#33BJEU5C?55Ch!la_{eLCcm_Me8li(Nz=3d^%dhp`?MObw52J;=en01Z3WWSt z+&IvClmL1=^7=hGuTx>?CA`4GX&Ky<6@U9p03pYen9xDAsoe#*jvVtD!ZKWK778pw z&tLERMJYaRG7l=pS9xy%&CsR&unnwa+7F!sB`3KnAD{i>osfiH51skh8)^Y9EJaWv z!&QT9tVvsjwwM3XjekGQx`L3!XG=d=V&5$>-hbWePhR++lm6EqKr_SAAN=!ee?H@1 zl;7XenRObL76Dp@%#p5-5D{f;ysCds1+){609BLv-%;%Hf5!c(tP1M3rqs2nbGGx) zv`Ph3gCOHTHbX>K7l2`726}7-K)DqC_8e#lZoJ`vNKg2#dcqHcSv$q9V7s!1<~{-0 z&C0(G=85wW@jzoIC_jOmHO-laO-cw=nSD14r{_8Yee>YBEMmowCLAgVhYZUaPxw*d z6&;XMB&g8nM956=ZorQ|-KWdvy(S~g;cvrmoNLvl5KwjmjmgAi{I(!T?S!bmFaZ+# zJOP!tE_#vO!!b7?y)~c|T+_yqup~YL^ytsCYp2E-40;7VcZm^3^PKy6jTP;X@L-RX zG8|@&Y<*wV*xw|nQvYrMM(QX#M<&5I{>AZLkp&41HTl#%iB&H(fS7nAu^6^96^JAb zpK5#++skD)R>BM{Cuq)%!T|%*gaM#0-l-u&qw$>t=e+3eaD3cK-%&)w&>KoyrvULd zM_GEfUkf(?{U!1%wWukAkG)1zWtbBufRZh6;4<~rkskX9>K+(MdjIQ#)>V#`?n7a$ zt(Xm!1B~h_IQs5^kPI_`GzS>CplUBn3UdHU?g!<3D>d`dg9AE)Su=C4I?7`Z()`Yx~!76kHO+nJ@uD+;DLjXP* z=yhE**f+;=brV&lUAr;kvt15}qzv7}D`UH@m}PKW$Vyo^>taTAh})N!ygt+^P%s&B zUy@wZyvzDYSFNy2D*xzqPEvV^)4xP$<>ETI6?#i0pR*w`p`WPUv4jMSc_b_gB)cW3 z_|j33LUl1zK(sVLCI%q~FQbYrqk^nNDQG+!OwWsV=GvCp2PlRni+z|sAdv5-;7{cG z4iu*b^4(fEt%5+a@&8maaEO~F+bV-h(eG`$V-L};Toh!8&9(=TZTq03?g|CyeUG4I z^AX<+j;WX!fFO=VmA z*b5?K1*JLTC^{+#$N-_Kj5>;fs7OL*kS5XzB@j?i5DQpANTT|arDmI``q92J>T>5FNAaU-e;G!S9#aFrlOt9M$~>Le77_kT;&$w zA!>pqCq7FgET}-}6h_?yarZi?Mg`u=a%Le>5U;PjEyq?TkY@_OK9+A*-cc_(8E{wc zyUn!H-qzjfqJH%Ot{F$|1$Y2IWF`rdb0AsgB&kuF3LaNE6a}i)EJq(%p8?xHhmHo) z=p>d3FsHr(LS*B~7!U%jOwAhQEJv!`DDUT}??($~E^^lnRY(m(*Y$5$OxWjeYOv2C zkN(zrxbjtZnyWy1n2A-_v--(E; z`|eGFz7%&rOU>rIM5fqUT?oWg`#8>DCa^1SvkG>2MZv-Mqp#W zq-0`2gGoJ3TtEl@A<&c+EP1fYH}ZHY-TwC=h?n%;++9P1_jCAJHj*XKeW@5UwDwC{ zdq}1qUV@|$cYI@5W935Dh$zQ*dWK2zh>@RK)(Q-bX_jn z$UjyA2;lo+x9Ny#ep)%23i0p>7nnZh&O8qiiw%NKSJ{#Wz-V!74RI+Eh$i|_B@s(t zp1Dd8u>6;f=|HBj>rKvuwpVupnaV*dV9nStjFtQi(g;ltOdy1Af>r>EvnS1Q8gf)q z0r|aHD-f8Z)`_B*ogg;I!+=UA>kXEW*;Mm|kXwGE6xwObDdMBF;3EIXXqB2t&hx52cQJRiZ zxm4^>$-NS!>n}R!{!I`b-?1`_pyp9&obQ>W4C%>!*%u%ZHylMqQX2V2y4w-zWaCWR zTUdxl8$EIcTt@Nb8uJBRn-Ttd1lbLi2R=^8Wy3>5OLqu7P!JQKtp=oII@1ryiPViV zI-qN2LAZ?1;W1uH^($mbXE=iwnGjYO7ZRZdn=(BWqC_nSi4iXh+qwD0Ubo)g)LR*^ z$$8z}ql%h-!)<1W9`H#)=pvumMOcP0le#8Ni%(Liit!C?SR?ia(ZI6{O_pu&l?%Og z@hIbJ7uv?)+zJ!ZldiWCe!4FFWck9&%YRy$^Mm)HebzS*@7vM%Xsv;P!JR`VPi~At zrIQJl7jWhR*j>*Z?58`D^`9LZVS2mp^Iekbn0{n6p^J!GxZhY6%t`Ed&t2t>&vca( zevPMwz1-`teIy%hix@Q~tXCOAc|Khz{__Mc&zeX~OViUZS`{hdKY9QS#WJ?X1x(bc zM4jw9NxQ%(MGZkKNcywa5Oe2;#xVzNeI33gDT?Pn5<^WO`=b={1TEtm!Ba)dJVx(@ zSr$2T=+Kgq5GYBx2XMSri57gs{2#>jF{sd|CLgpx2}Z1+PDU8q6Gn7NILl4?W!oZ6 zPt}u~>I2DR!pn{Z7L1k9ICqhI{W2u8T)bpb+sc5N>Z_nE@!?irb}6-Tfs83DkfJ?M znBGxs&Df|V>dqaxg?3&{)oLy{;6*@=*36(l&$JIBc(|;f7|a%2s}4-8 z4eLG|>l*-ZVw;E!;iZ10z;J%HEKd{C*?*+_R))(k`4-UsVkCWZrAV%ucDHyBSj!v0 zuDid&N8x8ue-xF7xwoPm?zt6E9z_K3n;p(B1B4d9*X^~hf8+{93eHU_27u?O475I_ z9);qNX>;&M$^eA;PJzbGaPg!D{siyiqd>(eIYD;0}woc40{W+CanjYH%rxN zUF(TC({1E{h?x)3P@Vz}#r_72%Q5fVRxqdi0w6u(Ew~i2xxELn<7t4s?MRr5>pL|H zGVWchA0%f*@r$4Ux+1@mp9tTw95EaBZ*2jNRziD<7;ZC_ra0}iQ0KcYx9E(FbBuqUiVM$P8u6W zQz!H_#>)4?UNY9bln$lfLFuSdUh?M%-GNQN&#S=~vdgT%Zs>sshX|M@?{+h#n8M{h zbb`gb7p{m5C}cYv*7gV7b7_e82iaCax8qHm^R_wq%awyiQc)?*OdozJSnw?_P-16N zuVM%;V;kE)3L?Ia?SLNY^HbNE{>TtW1PlhtohFqGrDi0c4u!a$`tUyL8h8{r6+*3Q zC7hOYML#2QteR40Bnu$VWe|dlK?qv*2F}fnj+TkqO(i=+o|_|R0D|)iul@DI{2-BE z2}X`|p$Z&nxp~!v6mF--r2ME#5zFv;T{={-uPul!;`0lUZj{b6> zzdR2+cK)${{r{KOzJ2@av-7k5Z+j6evtW1r>j?h!|MOe;KlCxbf4?1@K!$ud7k}^L zpPNGV^536@U;g8G{_}TzIV|4}36U*dHsU|_|F>uV?Rft4cm2CQ1XJ>lpYr$VL&o}# z|A?9~fx76D3I3hha;EwNQ zYcF@Hi;*$+|J?7&Zssb|G%|@nbYbLO#_7X1#qUskaDbbHmtl?G)Gej&0~K}EgxKy? zIpLdRuD@5$qaX|Q#+(U`JF;U97*+%Ipew@}g2Q5Iw1n=IikUEc=*16uT!x|L4$MED z1nE3IP@b;ZkEj7|wfUzX{dk$Rkxs#{3+`5J#4ba$n<*3oljQAh7Fw1r{PUq87Uj}N zW~PqYAv>xJ(o3u3ZsV*MAIHX^R@zp$=V7pyu{z7>gD%V>nPa;Orlp`$Scm#S7UVhW zS@(g#zCtkUiU%uex=uet%mSxYlWs0vY*teI@zP8zl@_dY zeHTv}&O97_`)1pkhj&z`%)odVkIdswsmzb;2V&C`_gS`o-9(C)lp-1bu_r33D0$)* zC0uLnemAllFtA%^!AwGDU%*flm=NGy3ogVsl-vjq27|PKNncJ;mmuaCHYEAw23D2{ zrf8S3g?mLyfEcU*9NvA$07iB~l35u=1ttEt)H);waDI8Vps98lUA<3q(})<(g%fp_ zypbpDgCCx(ED?oiTH+|QnIP_Qud)DO>;VI6@sOn6>jBi`KYf`pR@!okLAW`uEE>pO zH>L9Nt;@f@_~6y6SEI1Pc2cxTo40-LJ!8J2nv*Ao9{ND}vOjxgUbmDo^J;l*1yMFN zI}8{9W!fLElF`y|i&Y2XBb8hL+|{Q^BYdZqD zJMRc{@A%Zq9)0M86q3nBpkR4Ns4Y;*LxI2jz zCsxdJrqHG~xgL19*WuVSy+fsp6u(;pT(=_KX%;eCJjTT6K;ev4qh`}Va&gc&t`n2V ze~9ax8*RO}gumNvy-~1yi7COSZhFpN3)xm%I+4obs%e`Q&%LA2DxxUWj+IGA$+vWa znZl*{xw)$Am;hGW2u>Oaa5GCnPWppQB_uu%(42~VJft}ETo#sVMd@hDfH&K9sMVK3 z#4IVI=JKbZ;!ng20BS5DxKv!<5Xy9dI*eNS^UGg=LVFL-&_}^KeO64lX5zeSx^R)a z_}YPD1$nzw-IUoS!eteaW`^>mC{zLa;&2)*#-)}_$Cm?TfhJ$(@#!4%q;z$k!3Rk+ z%v8lVj#ortZzvJ^II#c`LRCniycMZ!m4*t%BjP4d!J(n~WoHC0ja_MJW?--e{5EGM zDn82#Z!RI(v_PKb6k^s)DEG2-)s1G~?*EagR_xV2Gm_gER!H6u>8~#l6py7~v`&8= z{1N$CQv4|k$0=d?0esrs_jOS;F~$1MhJfZ|gcFy1iabU?aJ5#F&r8t%IgZYX#`I`OARXLxu6d{s+LsIm=M`ll zWVKW@D$VcHog-84E%8k!R5nN^XV&i5W)@Dk7oYVvZ}$by+dZlu8k2Ugg7?~cJDM8l zGbes8vuFxq$FADFF2eIdM~-@TciAK1dnGM0>~^_d=!5eE+lgZhJy1>K+tHPS4tBh`MUxqqe5~U143jIT2wdAINI-df zVtrA@g8Acn)UBjHi+V#BpIEzU&au|LWoDJ7_S`uK+l^k0k6e#Ln)}u|i&COodiY#y zXnH)|j@eOUWL^@qNtCBGCaJH%B9fONLi^KR@C$w#PO~NJX^gzzm42LmkYyb{yrC2a z{D1`)Itn3BRS$8`aw=d#!cUhRzwNluuR|X-EZp~j17+mzPZ&St)up7Q;03Gu=y4G1 z19SH=e37$eAi;<6&~4r6@LScU7T95to|;#yO~Ta@auqX6CJJ+so9t9dczQ)k=-{%w zI@2PoG^SG7gIojtqdj*EBX{WIc=W>^cX5mt4c-GRb#(MAnJM2Oc~%}G!7fUIe?M9^ zEq@@|ac%ewrF83kCs4o2ZIX^`bgn7ofJ>@wlYd_csVJte@dJYIMasDP0EKKBk|{=Q zRded5eQs*XX+{CY@N_pHFqz|FG=x!d$F5zvn%w}kSr;w?lx^g7$TaQq%!r%dbTm^X zT<0n<;WyUcDy}~WB~|>;mBzy)WoF9YK8Yr!OGUo#in0VSpJQ2h6+3u*b>}N-?aAvY z9&&cl*4}XZ${j}y-`~1rWWjZ;qj!6Myc$X(VLofEn?Gpadr;r7w{I0A%dN*I(v0#V z2z#^2LEGZyc-z!;S1))N^*iZ)Hz1B^tEp92tf%fg{;4X7$p?0ho%WS%LnE^XxZ-WP zcT3)M0nKgvPGk$)4_az+ukwG#7kO}2*Wfyatt(}vGa=YmZ}(=2nuYq(ZvE4?V)}8Y zqPkL4WtV@%r;)}4ecSYrEXTbd&_YStoaxi>q5b5hh%@2OPXulmn?A}uJ`pv)2-1PG zV+7-$P$Q+Wzi#&j4S%y!M)72$?&-j6eXW_F(=}tbAPqrz@71aeN3H>6tuQ00}hMC4|D z6jCQOH1lKMh0hmA5L?=w>Ft#rcq35sXmxJl9(gTr@y^e4t5hkcHfJEQ?tYlAH`C|1 z=}&&Z&I_!%*5an*1l@$ou!7$|Xvf zxmRt&ghRPWZ$g+Klq1ayEG_V$!L2X|&?#8{{c;Y-Q1+6o==U`$&|qkZS zbYQnSkNFBV0bzNqgYFsTj=FL^2{A1=PPgRH;BMc+vV)pdrlnLr@WLk13L!YUHXILB z9Bad46s!+ZJ{ChEKw~nVo|@wxfa!ta5=q!%RXPWuz30qA=zB(E0iyqoET_1Me$I+& z1O>PTXBvBeFeOcI+EnqNKm&cmfs3ZCq$v2fbmZDOIEHpq@GnAiuYL7{H(+ z+^)@0DVaGzq3MCUcY^6QGnQ-WmrX;sGhf%KK;B9@HJn*%w-RaHODCg_WqkCp*KE1p z=1;-<3&-kzP$DK^>BUJN8FjD4rkT?IPbm`xQ?uCK37Nq0P4P>Rqxr5U`@`mu>gK2i z8EFM+221GRB!51q;TAQLZ_3WaqZ`#Abl!%l7y(LExrrrLoZ_`XR>$gkYqL8%LTSK> zZD~%s0ar`E(h@|^DAb=tZC>b8Kr6@e9;Mv?4=qg&ow0>J(R-?YUZ={CxXhB*{SX4k@9o8P zLoJSL+2+Ockt7j!r7dz%o#@M0(|nC#TwJH$8!vLY`KT9#hMydh)mk>c`ytRT1!coK z9+l$Y{P`a0(%gnltlbfo4>``GSoxhhk9Ha}0E2&AQ)|SH;K=|sl6;mgxU#D`vEn^B znidWY4(LqV6LmjG*}0G~9c^(cKv?#5>vNvpNjPmmi^7npGp&()McLW823fCmC+kX; zXiKSzXC?RQ*4UkK@iiwo)3$e^qf}?i;}^{@S)AX9Lp{2v;)F_Pv;Ae(Lj~(ofe}Da zw%)(9ud&U6cJlygcp7;2e+~2Ne&h5rVVPdlvdwT*tho*6)v9ZG-79#~k z`s!kh`PmR`B+?3I$E(+oRjl4#X@0@$36bFlj@y2);c`7$5)+N=8Ql11OcHGevwn}; z&Q$xE@eQHXq0HJ+RCI}@Rd1xwdv&jB4cX6}lCvNEmclu>h;Q(v5h78~Z>@0$^A#JB z-Rxt!x&UI)w|+uHo`gCJm5P4()0s18)_V@e`wm1kJKiJT{S0DKmr!bMZXSmTz>@;G zWioTObC1t}sLqU&AMucmUuW&D#Wh_d*y5__$k)v1&?gSGZb-QrgsZB~qewaMz>sfR z(cA!D5#6o$i*MCyx=X(D8Ly!`;@pr<*Gxb+2s9nAg__3(BWxbge{ovsy6=4Ri^FS( z2>__x&9cjbLpC0ujRbFR%_vOKJmMh5V0)Y$*bh;d_O`jLl)2T921QN1pYnnq{=r zO_0R+vEo@Jb2ukeF#G4n_Vik&gHh_Su3pF^JfzOsjMNmDLQt1Eb&qGRikZKNv?MTn zk;^vLntg$L5D~Uvu+vOIv#H_Q>7u9*Jjkr;of}F?S1jQ^oe+^i?Hj`*Ne~!5LVw2i zA|g;|BdnUblB0J3>uupwFK#N2HlgM1c8Hdt*uVWi7LFB-S~BGyxvqO%5O#gKb@l|& zEJv;euf%o#7_K>%RT4OV3J^t6Dg=OSzKIrn5SuxHzmBcZhcF!#*)F=JOy^tIL1*PYB1_zI@)k*{bMO&&wf&MiyQ#kRCllWaqo77^L< zgGF6hw*Ka{u+rJ_l;EpR#`QukLJ57!>uTN{6e?0V)EKQPbggnb?a+L`=knYfhmL^o@%5;-4di&!f0MXmvP` zuGy2|Xeec}ZuY((jWn{5AAEf_m7`e5t9x?%WPn{m_xT8}v4P|5%{qP|X_^vF8DR_N z?mdeiz@O+nH9R*3_S1qbW;Ql9y&I2TtuwFdhY02g{vT7bGod6Xhoj6^b*;KP3RaG- z?Gg*OiVX#m8Xy*hAwu42!(JcfKVF40>&wl;Y0-e)4sQ$Q4^8(&3hoGaCX&eOg$fRt zZum{$ANX-qH~&pp)Tk+yEfKji(7VBpHP_Y47_Qt*Oejd~ie!_4MnCDxfI^Ts8TJB{ zZ_mQ{r2;*0zob5Uuwm<1>%p@c2t?ZJv+on&hNLN<&Ohl=#5%iU&z{sKWohN}XUx;b zB1>ksF@=6$zp10eifW8rgmKs+7yoJs411N4xn`kxmq#qYZ16ZeHnX@px*HT@nsm`b z{>vZYo03fA1G)3J2H^Yepo*_w%F(irAE}Pz^!F8v9MkZEEN0*EKJO_JWGuBzUrmX} z7w_&ktK>HWb_|PC+^5*uHxeybJTnl3i{TL*F{7Gl=p*Sxaels;2fJmFAu(?BzM?o- ztek^{z#*P;-|mjAu@3OS#pL_XfI}#bEv~xr5ryiTea+7wKsP>#m2?1M>fT~q^%;Im zb?=fGgz$P7?S@j7M-ksg6ZTQ7+4UPYz^gP>Ygq&u&glD;^s5ri#d~I-JUt&-%pVWy zeEZbz`PB`(j9NYy1>}B8*xOgy9U>fJddDMaTvHQm;m5003+$Sf3}g%D%o#$WN!BUI zk?pdW0N=?wwdYV@!KimkAq$GjtEayl1r(_FjBhrfO&PKWYUZd{gNJ}Yajz#hTS_B* z!*#>NP>xOzY)_&gBx1-IosJzlmVKiI;Wylh7BkGZTChK1IR$)}?{`lWP4h(GcBpi( z4D=s+=E}bBU{!xr$NPNvQ2zDwHol73RnU#4%yBdFQTVhz#)x<@;8xZbCu4#c6VV6G znR2+HiSZ%{B)#RGxVijC)YhgTR(d;jxnnWsm$AaJ&CTrN-pFBVmFSP&paDU4vsdS6 zP+{~ACm&ehs(j-R`UMkD+Xgeu!gQ-gdZ|_O<$E^JbQ=mJ~$#7P79rr5Dx8WcCAX083W|(KSK&ZJ&UN`0Kd&4TF+IXKK40XkPAb4ucn6TxC zrS#kpC`AYR_mdhA(5Y%rer3m`EoX+yJ)a zko!mcGV{T&Jv@a(b_neQZZ~8*pJIbfwZxw<2{l>Pn~JjdguHdz;{F+AUv8@$5{>l# z^w*2IxjqGGDFR5Q$5k(Fbj~lKNAP5wq^`wNhL5T27P@%Z6nqCsnJLUT#oE8dcl78{ z=z{T*6ukXNEG6@7hL+QtPUvnAIj>4YSm@Cf5A*n#&BTHhhRg7ueHAAZ78agGP&;im zxAQ%Ze=si1Z+TP2*A!=}%Vq6Mc5PZH^sXAbIV%9orFXNXMYzk0fb1rKu*jUoVDij} zVO)$#Xt>PmbZ*VfA*lpbcF-8brn56kNN8NqiL(fX=^~@_%`}4JIkl|?#5I2du_UMa z$Ckv&O%}V*@$D|Xlv1CRFtJ>R1wx-Z54+g_xaQCwM5K7_iy`-HM}bB!B*dMbYq5)U zs|;L1pH_WL8f?acKnftlY!uqB2ZB)p>%~e*=e2y97a^`u2xur{B|)r)XOXlHQod8| z&7CT8LKpW1Mor+(XB5vpH!%~qwg7%WidYoRHDrnt!Bsk{W)g(WJe_a15ZnIhV`3!R zy$^}il^P=`kBbE3)rC)<{KNos0^h|kW6ogWv`#jjm}9naHcKut&+V@W+y1Wi@837F z)5F3`_&oz|1EPP_z*WZO-mK+l)T3!D6LIbBcV4c#U z$#|BuSo?iXHzmO<$Y_>VR8(NtX>#)Nq9EX1vG@FCw4K}3XS29Ym>_J*rF%K68})}3 zI%?=hZ_;1Q|u)f9ex)(kNVLvahI?^(oZ`XK7A^R=B-gxeWT_0G|oTf;TnI~OdIbk!jQvDl*1RW}E0%HHn8SJKQk7c#H7 z;%4%kosn;ym!!q(eINn5moXF*!(jA%T!*@nuq!0w>>^n^5z1JJi&QRKTEaLou74?n zqY&kfF2tUmaz; zU;+76=0=hdi~iLKmC|*Y6>ubWeRO1^yh!nI0A-KgDp98!hY<7`_!8haM^2?WL;8s6 zN`HrYoB&BL;}X|171&VSAnJ8WXUNs;Ll2z2zBX_E1Y#*lH&7--SnhD$OGW@lpVJxA zMDsh@Y)4S|_}T;)*x|1eSg)TTUornF+qh?q3=Ox*EeU`KK;^SHDKU&>lD71Cx^7IQ zg;*HV&F_zlFr|zfsdw>|zV`aVSs*>;SEfku>=Cz{rkU%fW49M@8YcM>107@>$sT{6 zO+QF~GUe?5=h*gdz1adME%aqRWRw-yb`O>Fi2BU

S0OvoHZmHaSRd%vcI{{wXY874DU!22@>nmtqDVQ+o<7 zv{mlw5TJuVC`_Gn8}Mw8YjLBntU{!+)4;PDuH0r8&SVCnS$CcpUFCPq1s{K?cb(FZ z-GIvc%_qF)@rk3dDms4-!BSM9De2!tnpks0(g0t7U|A96oVWH|&!dFo@C)8p)#rV; zt{$OxSszS!Z&C0g2m-_w783Hic=ztz*q2cAW1w18Yx?8RcE9(1A=(ZG_;YQ_QBf3! z>YyWI-QJRn90tzN{&YvfEd+Zuzgtd#oIYiZHC?JvM@$QCIUU1r2#=1UsK{VAA6z~A zN9$klpElb|+5JJ?Jjvc9VT{e+k+mnyGwADwZ~h(bHroNuQ!fylrdYuEy?Dl^>Wi|P z#YUNltTh#pAu#dPyZMBTshNA$#5K^T>XUg}RE~cAZWZ|j(iOB>Ac>D_%5rFe!E^eU zfvzW6+WhnO_U2l+A_mp`$g5J$BvVdg+6Gwn#0B`Mr1<)6(DHpY#}Y9+1AO zpKj|6Ncw!dL{@g#9bUqn3vd#3RNk^K)dWr%W}${rZdmm-yMi^YLwU+1@4_uWqI5>} zYg5F=#>UvpS!L1)M9Id5b};FTUB}2rqT}S?&6#F9mC9D{0_~v9+Mz z^9!%ul-d-rqI+|?Ul=izsw3FZ$N$8)T$Fr_itjH;u$UW<>;Z`(qRchqr&e{1PZ#j> zEI!1?QoKEC*Y@lRr{f&Wb+6E(-3Sdiw&`>a=as1_GjZccf?4JTpQ|yuU{C@vchd4j z+KU&^z?hK2;niWax@Aw<&yxT~hQQVJ*i#MD*Nfj#fDN1UXVaj#xM zG`Rjk-;BO4YGRy+wSC)gx6+RVhAkIeafi}tZZbe+(xKmt)_i$GJs6QoHGg(cZ~x%_ z{ZCTK3DdIx3{OvqGBo3XKWOyPc5Y)Imn&n=yVtZVINIi|&JE`TMebReL|P8RgFq%C z67Yq-U}N}QfAZu>>K#IEvC)iJzNHe7yY>xecN=?a9>zxDxuJ)fTunC9&CAZB?3Y8@5GW z?JMYxThZ!P<)VTBWd&2&YGQYiw5=>~?1se^P)!viAq8q7OFEOy3Rou3E43o+(fnxf zA$Y5C+`6zm5^LvDt211Wkxk0T+?yhaEQu1VyrT;GYhz7+cy{EV>K=yqVMv;3kXf-# qPiy9rE0_UiRlqvKxiAX(GM>ub&XvyxufSVEM-S=!mUhtc^8WxJ#` -[Fedora Atomic Desktops](https://fedoramagazine.org/introducing-fedora-atomic-desktops) come in a variety of flavors depending on the desktop environment you prefer, such as **Fedora Silverblue** (which comes with [GNOME](https://gnome.org)), **Fedora Kinoite** (which comes with [KDE](https://kde.org)), **Fedora Sway Atomic**, or **Fedora Budgie Atomic**. However, we don't recommend the last of these as the Budgie desktop environment [still requires X11](https://buddiesofbudgie.org/blog/wayland). +[Fedora Atomic Desktops](https://fedoramagazine.org/introducing-fedora-atomic-desktops) come in a variety of flavors depending on the desktop environment you prefer. As with the recommendation to avoid X11 in our [criteria](#criteria) for Linux distributions, we recommend avoiding flavors that support only the legacy X11 window system. These operating systems differ from Fedora Workstation as they replace the [DNF](https://docs.fedoraproject.org/en-US/quick-docs/dnf) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/package-management/rpm-ostree). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image. -After the update is complete you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed. +After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed. [Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image. @@ -124,7 +124,7 @@ The Nix package manager uses a purely functional language—which is also called [Nixpkgs](https://github.com/nixos/nixpkgs) (the main source of packages) are contained in a single GitHub repository. You can also define your own packages in the same language and then easily include them in your config. -Nix is a source-based package manager; if there’s no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible, thus making binaries reproducible. +Nix is a source-based package manager; if there’s no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible. Binaries built with this method are reproducible, which can be useful as a safeguard against [:material-package-variant-closed-remove: Supply Chain Attacks](basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }. ## Anonymity-Focused Distributions @@ -231,8 +231,8 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- [Avoids X11](os/linux-overview.md#wayland). - - The notable exception here is Qubes, but the isolation issues which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. +- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. + - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. - We [recommend against](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. diff --git a/docs/os/linux-overview.md b/docs/os/linux-overview.md index b73630fd..9c1f3de3 100644 --- a/docs/os/linux-overview.md +++ b/docs/os/linux-overview.md @@ -102,14 +102,6 @@ Consider using [ZRAM](https://wiki.archlinux.org/title/Zram#Using_zram-generator If you require suspend-to-disk (hibernation) functionality, you will still need to use a traditional swap file or partition. Make sure that any swap space you do have on a persistent storage device is [encrypted](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) at a minimum to mitigate some of these threats. -### Wayland - -We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol, as it was developed with security [in mind](https://lwn.net/Articles/589147). Its predecessor ([X11](https://en.wikipedia.org/wiki/X_Window_System)) does not support GUI isolation, which allows any window to [record, log, and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. - -Fortunately, [Wayland compositors](https://en.wikipedia.org/wiki/Wayland_(protocol)#Wayland_compositors) such as those included with [GNOME](https://gnome.org) and [KDE Plasma](https://kde.org) now have good support for Wayland along with some other compositors that use [wlroots](https://gitlab.freedesktop.org/wlroots/wlroots/-/wikis/Projects-which-use-wlroots), (e.g. [Sway](https://swaywm.org)). Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://phoronix.com/news/X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments, it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)). - -We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3. - ### Proprietary Firmware (Microcode Updates) Some Linux distributions (such as [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre)-based or DIY distros) don’t come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates which patch critical security vulnerabilities. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html). @@ -124,6 +116,22 @@ Some distributions (particularly those aimed at advanced users) are more bare bo Additionally, some distributions will not download firmware updates automatically. For that, you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd). +### Permission Controls + +Desktop environments (DEs) that support the [Wayland](https://wayland.freedesktop.org) display protocol are [more secure](https://lwn.net/Articles/589147) than those that only support X11. However, not all DEs take full advantage of Wayland's architectural security improvements. + +For example, GNOME has a notable edge in security compared to other DEs by implementing permission controls for third-party software that tries to [capture your screen](https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943). That is, when a third-party application attempts to capture your screen, you are prompted for your permission to share your screen with the app. + +

+ ![Screenshot permissions](../assets/img/linux/screenshot_permission.png){ width="450" } +
GNOME's screenshot permission dialog
+
+ +Many alternatives don't provide these same permission controls yet,[^1] while some are waiting for Wayland to implement these controls upstream.[^2] + +[^1]: KDE currently has an open proposal to add controls for screen captures: +[^2]: Sway is waiting to add specific security controls until they "know how security as a whole is going to play out" in Wayland: + ## Privacy Tweaks ### MAC Address Randomization