From battersausage at hotmail.com  Wed Oct  1 16:16:28 2003
From: battersausage at hotmail.com (Simon Mackey)
Date: Wed, 01 Oct 2003 15:16:28 +0000
Subject: [NoCat] PGP ERRORS -- HELP!!!!
Message-ID: <Law10-F12069aZbLAX300000109@hotmail.com>

Hi Robert,

>Could someone tell me the exact locations of where the trustedkeys file 
>should be placed on the authserver and where on the gateway?

For me, my trustedkeys file is in /usr/local/nocat/pgp/ directory on the
authserver. On the gateway, they are in /usr/local/nocat/pgp/ directory,
and it works for me.

Perhaps some of the guys more acquainted with pgp and NoCat on the mailing 
list here might
have some more insight into your problem, because I don't really
understand your errors.

hth though,

simon.

----Original Message Follows----
From: "Robert Pera" <robert_pera@hotmail.com>
Reply-To: rpera@ucsd.edu
To: nocat@lists.nocat.net
Subject: [NoCat] PGP ERRORS -- HELP!!!!
Date: Fri, 26 Sep 2003 06:32:08 +0000

Hi Guys,

Can someone tell me what is going on here?  I know that it is a problem with 
PGP.  Could someone tell me the exact locations of where the trustedkeys 
file should be placed on the authserver and where on the gateway?  Here is 
my log below:


Thanks!
--Robert


[2003-09-25 23:25:43] Connection to 192.168.1.1 from 192.168.1.149
[2003-09-25 23:25:43] Capturing  192.168.1.149  for http://www.apple.com/
[2003-09-25 23:25:43] Notifying parent of Capture on peer 00:03:93:4B:55:80
[2003-09-25 23:25:43] Got notification Capture of peer 00:03:93:4B:55:80
[2003-09-25 23:25:43] Child process returned 1
[2003-09-25 23:26:05] Connection to 192.168.1.1 from 192.168.1.149
[2003-09-25 23:26:05] Received notify from 192.168.1.149
[2003-09-25 23:26:05] Spawning child process 2384.
[2003-09-25 23:26:05] gpg --decrypt --homedir=/usr/local/nocat/pgp --keyring 
trustedkeys.gpg --no-tty -o- returned error message:
gpg: WARNING: unsafe permissions on homedir "/usr/local/nocat/pgp"
gpg: Signature made Fri Sep 26 02:26:34 2003 PDT using DSA key ID B8C2E432
gpg: key B8C2E432 has been created 5026 seconds in future (time warp or 
clock problem)
gpg: key B8C2E432 has been created 5026 seconds in future (time warp or 
clock problem)
gpg: key B8C2E432 has been created 5026 seconds in future (time warp or 
clock problem)
gpg: Can't check signature: timestamp conflict
[2003-09-25 23:26:05] gpg --decrypt --homedir=/usr/local/nocat/pgp --keyring 
trustedkeys.gpg --no-tty -o- returned error: Illegal seek ( 2 )
[2003-09-25 23:26:05] Invalid notify from 192.168.1.149
[2003-09-25 23:26:05] Capturing  192.168.1.149  for 
http://192.168.1.1:5280/?ticket=owGbwMvMwCRovaLm345DT4wYTy9LYrAvYfMKSk3JLEpNLuHMKCkpsNLXLy8v10ssKMhJ1UvOz9Xn8k1M5jQwsDIwtrI0tjJxsjI1tbIw4HJMLsnMz%2bMMSC3KzSzhCi1OLeIsyk9KLSpxKEgtSsxLLSnPL8ouBpnA5ZufksqZk5%2bemccVkpmbml9awmlmYMAVkp%2bdmsepYqhiZGZibGhgYKJi7unq4uMemJcV4BmaEWiSamjoGVZswNVhz8wKdijM5YJMpQUM871a2Ne5xR7bcezqykP%2ftlXOuTI39QrDgpmRws7BH3wPxcxes%2fXoWoOm630PrgIA%3dcrdX
[2003-09-25 23:26:05] Notifying parent of Capture on peer 00:03:93:4B:55:80
[2003-09-25 23:26:05] Got notification Capture of peer 0

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail


_______________________________________________
NoCat mailing list
NoCat@lists.nocat.net
http://lists.nocat.net/mailman/listinfo/nocat

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963



From ryan at muppethouse.com  Wed Oct  1 18:42:04 2003
From: ryan at muppethouse.com (Ryan)
Date: Wed, 01 Oct 2003 13:42:04 -0400
Subject: [NoCat] Red Hat Enterprise Linux
In-Reply-To: <23475E02-F2B8-11D7-B8BD-000393CFD88C@simmons.edu>
References: <23475E02-F2B8-11D7-B8BD-000393CFD88C@simmons.edu>
Message-ID: <3F7B11EC.1060601@muppethouse.com>

I currently run my authentication server on a Red Hat Advanced Server 
2.1 machine(sort of).  I'm just an average joe, so certainly don't want 
to pay for a license.  Like you I was not looking forward to an upgrade 
every year either.  A buddy of mine set up a server which pulls down all 
the src rpms from Red Hat.  He then recompiles each and every package 
and then sync's the newly-created binary RPMs to my apt server.  When 
new RPMs arrive I get an email from his script.  Basically this is Red 
Hat AS2.1 with only open source packages.  I believe there is one RPM, 
redhat-logos which contains copyrighted redhat logos.  From what I 
understand however this package can be used as long as it is not 
modified and it is necessary for another package.  I am not a lawyer, 
but by recompiling open-source rpms available to the public seems 
kosher, and now I don't have to worry about painful upgrades.

-Ryan

David Bruce wrote:

>
> Anyone running nocat on Red Hat Enterprise Linux (formerly Advanced 
> Server)?  I'm wondering what people's plans are with the end of life 
> for Red Hat 7.* at the end of the year, and Red Hat 9 in April of 
> 2004?  A complete upgrade of the OS every year is going to be a pain.
>
> -- 
> David Bruce                                          Phone: 617.521.2187
> UNIX Systems Administrator                           Fax:   617.521.3082
> Simmons College, Office of Information Technology
> 300 The Fenway, Boston, MA 02115-5898            david.bruce@simmons.edu
>
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat





From ryan at muppethouse.com  Wed Oct  1 18:54:49 2003
From: ryan at muppethouse.com (Ryan)
Date: Wed, 01 Oct 2003 13:54:49 -0400
Subject: [NoCat] Redirect Proxy Server
In-Reply-To: <3F4E1C7B@leto.ceplus.de>
References: <3F4E1C7B@leto.ceplus.de>
Message-ID: <3F7B14E9.5080606@muppethouse.com>

I found a solution that works for me.  My network basically looks like this:

[wireless segment]  (((((<  [nocat gateway] -- [nocat auth / iptables 
firewall / squid proxy]  --  [internet router]

Configuring browsers is a pain, so what I decided to do was to was just 
redirect all traffic bound for port 80 to 3128 on my squid server / 
firewall.  The iptables rule is like the one below.

-A PREROUTING -s 10.0.10.0/255.255.255.0 -p tcp -m tcp --dport 80 -j 
REDIRECT --to-ports 3128

I didn't modify the nocat gatway at all to get this to work.  I hope 
this is helpful.

-Ryan

Andreas Moehrlein wrote:

>using Nocat with a browser with proxy settings doesn't work.
>The patch to display the blockproxy.html messages is not a solutions...
>
>Redirecting all 3128 or 8080 request to a local squid on the NoCat machine, 
>doesn't solve the problem, because there is no authentication.
>
>Has anybody a solution for this problem ?
>
>
>Andy
>
>
>
>
>
>_______________________________________________
>NoCat mailing list
>NoCat@lists.nocat.net
>http://lists.nocat.net/mailman/listinfo/nocat
>  
>




From ANDY at ceplus.de  Wed Oct  1 19:01:00 2003
From: ANDY at ceplus.de (Andreas Moehrlein)
Date: Wed, 1 Oct 2003 20:01:00 +0200
Subject: [NoCat] Redirect Proxy Server
Message-ID: <3F4E269D@leto.ceplus.de>

Ryan,

with that solution you have access to squid and everything works fine - but 
there is no authentication from NoCat !!!

Andy

>I found a solution that works for me.  My network basically looks like this:
>
>[wireless segment]  (((((<  [nocat gateway] -- [nocat auth / iptables firewall / squid proxy]  
--  [internet router]
>
>Configuring browsers is a pain, so what I decided to do was to was just
>redirect all traffic bound for port 80 to 3128 on my squid server /
>firewall.  The iptables rule is like the one below.
>
>-A PREROUTING -s 10.0.10.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
>
>I didn't modify the nocat gatway at all to get this to work.  I hope
>this is helpful.
>
>-Ryan
>




From m_felo at libero.it  Wed Oct  1 19:32:03 2003
From: m_felo at libero.it (m_felo@libero.it)
Date: Wed,  1 Oct 2003 20:32:03 +0200
Subject: [NoCat] Nocat groups
Message-ID: <HM3CTF$AEDA3B6798C5B74ADE6242F60C41F268@libero.it>

I installed nocat gateway and authservice 0.82. I inserted different user=
s in different groups.

Can I avoid that the users of a group go in som=
e network?
Does the  gateway mark the packet of different groups in the =
same mode?




From schuyler at oreilly.com  Wed Oct  1 20:18:48 2003
From: schuyler at oreilly.com (Schuyler Erle)
Date: Wed, 1 Oct 2003 12:18:48 -0700
Subject: [NoCat] Re: [NoCatNet] 802.1x transparency?
In-Reply-To: <BBA0AEED.1FBC%born@switch.ch>
References: <BBA0AEED.1FBC%born@switch.ch>
Message-ID: <20031001191848.GP15487@oreillynet.com>

* On  1-Oct-2003 at  8:05AM PDT, Hansruedi Born said:
> 
> Is NoCat 802.1x transparent? Does NoCat realize that a client has been
> 802.1x authenticated (via radius) and afterwards open the internet-access
> for the specific client?

No, the NoCat gateway itself doesn't speak RADIUS, yet. If you have
recommendations on how to make this possible, they would be greatly
appreciated.

SDE


From schuyler at oreilly.com  Wed Oct  1 20:19:50 2003
From: schuyler at oreilly.com (Schuyler Erle)
Date: Wed, 1 Oct 2003 12:19:50 -0700
Subject: [NoCat] Fwd: NoCat Auth
Message-ID: <20031001191950.GQ15487@oreillynet.com>

Please reply to this gentleman off-list, if you can help him. Thanks.

SDE

----- Forwarded message from "Stumpp, Johannes" <jstumpp@inneo.de> -----

Date: Wed, 1 Oct 2003 08:20:49 +0200
From: "Stumpp, Johannes" <jstumpp@inneo.de>
To: <faq@nocat.net>
Subject: NoCat Auth

Dear Sir,
Do you have a description in german, too???
We are very interested.

Many Greets

Johannes Stumpp
INNEO SOLUTIONS

----- End forwarded message -----


From horton at rednecks.net  Wed Oct  1 01:41:55 2003
From: horton at rednecks.net (horton wood)
Date: Tue, 30 Sep 2003 20:41:55 -0400
Subject: [NoCat] nocat accounting
Message-ID: <1064968777.2965.476.camel@funk.rednecks.net>

Howdy,

I have gone to the pogo website and looked at the accounting patches.
http://www.pogozone.net/projects/nocat/
None seem to be able to accomplish exactly what I am looking for, but
due to my lack of radius experience I could be wrong. What I am
essentially trying to pass to radius is which AP a wireless user came
through. This can be useful for many reasons but 2 quickly come to mind.

A. Know what Hotspots are dead and therefore a waste of money.
B. Be able to credit commissions to hosters of hotspots for new signups
at their locations on a monthly basis.

If you know of any patches for nocat to accomplish this please let me
know.

hwood



From bong.ramilo at icasolution.com.au  Wed Oct  1 03:54:23 2003
From: bong.ramilo at icasolution.com.au (Bong Ramilo)
Date: Wed, 1 Oct 2003 12:24:23 +0930 (CST)
Subject: [NoCat] Continuing problems with patches
In-Reply-To: <20030926123701.13163.94065.Mailman@mouse>
References: <20030926123701.13163.94065.Mailman@mouse>
Message-ID: <36277.203.112.96.7.1064976863.squirrel@www.icasolution.com.au>

i've applied the NoCatAuth-0.82+RADIUS-20030802.patch
 and am getting the following errors:

after logging in, the popup window displays "The requested URL
/nocat-cgi/90 was not found on this server." (Note: I use nocat-cgi as the
cgi directory.)

the main window displayed "The requested URL /nocat-cgi/5 was not found on
this server" but this error disappeared after i commented out RedirectTime
in the authserv/nocat.conf file.

i am able to surf in the main window even while the popup has the error
message.

i tried using the login_ok_nopopup.html template, as suggested by Jacob
Barrett. without the popup, however, i can't seem to timeout - closing the
browser window does not time me out (until Session-Timeout is reached,
that is).

also, accounting data is not being written to the ICRADIUS MySQL database
(radacct table).

i have everything running on one box.

been struggling with this for more than a week.

help!



From bong.ramilo at icasolution.com.au  Wed Oct  1 03:42:40 2003
From: bong.ramilo at icasolution.com.au (Bong Ramilo)
Date: Wed, 1 Oct 2003 12:12:40 +0930 (CST)
Subject: [NoCat] PGP Errors :)
In-Reply-To: <20030930190002.21384.53565.Mailman@mouse>
References: <20030930190002.21384.53565.Mailman@mouse>
Message-ID: <36113.203.112.96.7.1064976160.squirrel@www.icasolution.com.au>

had similar problems on my setup. the gateway server's time was off by a
few hours. i reset the time on it and the errors disappeared.


From jbarrett at pogozone.com  Thu Oct  2 16:12:31 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Thu, 02 Oct 2003 08:12:31 -0700
Subject: [NoCat] Continuing problems with patches
In-Reply-To: <36277.203.112.96.7.1064976863.squirrel@www.icasolution.com.au>
References: <20030926123701.13163.94065.Mailman@mouse> <36277.203.112.96.7.1064976863.squirrel@www.icasolution.com.au>
Message-ID: <3F7C405F.6040407@pogozone.com>

Bong Ramilo wrote:
> after logging in, the popup window displays "The requested URL
> /nocat-cgi/90 was not found on this server." (Note: I use nocat-cgi as the
> cgi directory.)
> 
> the main window displayed "The requested URL /nocat-cgi/5 was not found on
> this server" but this error disappeared after i commented out RedirectTime
> in the authserv/nocat.conf file.

The "90" and "5" in there is the number of seconds until the page 
reloads, so there must be format error in one of the web pages.

renew_pasv.html, renew.html and login_ok.html should have this line:
     <meta http-equiv="Refresh" content="$redirecttime; URL=$redirect" />

login_ok.html should have a line like this too:
   You will be redirected within $redirecttime seconds. If not, click
   <a href="$redirect">here</a> to continue.</font></p>

AuthServ.pm line 291ish should read:
     # Add a refresh time of 30 seconds...
     $vars{redirecttime} = my $redirecttime = $self->{RedirectTime};

     push @headers, -Refresh => "$redirecttime; URL=$redirect";
     # push @headers, -Cookie => $self->{Cookie} if $self->{Cookie};

> also, accounting data is not being written to the ICRADIUS MySQL database
> (radacct table).

Can you run ICRADIUS in debug mode and watch the accounting requests 
being processed by it?  If so send me a log of that session.

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From nocat at planetsphinx.com  Thu Oct  2 22:14:50 2003
From: nocat at planetsphinx.com (Mike Cannon)
Date: Thu, 2 Oct 2003 16:14:50 -0500 (CDT)
Subject: [NoCat] More NoCatAuth 0.82 + RADIUS Patch woes...
In-Reply-To: <3F7379B8.5060307@pogozone.com>
References: <3F71031A.4070602@icasolution.com.au>
 <3F71B210.1080707@pogozone.com> <3F71C756.5000101@pogozone.com>
 <1237.199.3.116.26.1064520010.squirrel@www.planetsphinx.com>
 <3F7379B8.5060307@pogozone.com>
Message-ID: <9939.204.96.220.49.1065129290.squirrel@www.planetsphinx.com>

>
> Sorry!  :)
>

Hehe.. it's ok.. it was fun! :)

> In your Passive.pm is line 47 one of these?  You might try either
> defining GatewayAddr in your nocat.conf of swapping the comments.
>
> Passive.pm:
> #gateway  => $peer->socket->sockhost . ":$self->{GatewayPort}"
> gateway  => $self->{GatewayAddr} . ":$self->{GatewayPort}"

Cool.. I defined GatewayAddr, and NetworkAddr, and it started working..  I
also had to correct a bug in the login_ok.html...  the variable for (and
forgive me.. I don't have access to that box right this second..) the URL
Foward time was putting redirect="= 5; http://www.blah..."...  there is an
extra '=' in there..  I hardcoded the forward time (5), and left the
forard URL variable.. and it works!!

WOO! :)

Now to figure out why it's allowing multple radius authentications for
nocat.. hrmmm...

Mike C



From jbarrett at pogozone.com  Thu Oct  2 22:48:44 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Thu, 02 Oct 2003 14:48:44 -0700
Subject: [NoCat] More NoCatAuth 0.82 + RADIUS Patch woes...
In-Reply-To: <9939.204.96.220.49.1065129290.squirrel@www.planetsphinx.com>
References: <3F71031A.4070602@icasolution.com.au>       <3F71B210.1080707@pogozone.com> <3F71C756.5000101@pogozone.com>    <1237.199.3.116.26.1064520010.squirrel@www.planetsphinx.com>    <3F7379B8.5060307@pogozone.com> <9939.204.96.220.49.1065129290.squirrel@www.planetsphinx.com>
Message-ID: <3F7C9D3C.8010409@pogozone.com>

Mike Cannon wrote:
> Now to figure out why it's allowing multple radius authentications for
> nocat.. hrmmm...

Do you mean simultaneous use?  Or is it sending the auth request to the 
radius server more than one time?

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From bh at nt.is  Thu Oct  2 23:53:16 2003
From: bh at nt.is (Brynjar Hauksson)
Date: Fri, 3 Oct 2003 05:53:16 +0700
Subject: [NoCat] status of nocat?
Message-ID: <005101c38937$f7d95d50$0300a8c0@natuamia>

Hi all dear fellow nocat users

I have been having this question on my mind for a few months now and =
have waited to ask it hoping for nice some things to happen.

I=E2=80=99m a bit worried about the progress of the Nocat system and =
there are some questions I=E2=80=99d really like to get answered:

1. When if ever will Jacob=E2=80=99s Radius Accounting be put into the =
nightly build and eventually to a release?  It seems that everyone on =
the list is using it, and trying to patch nocat with different levels of =
success. =20

2. Last time this patch discussion took place Karl Gaissmaier posted =
tens of very interesting and useful scripts.  How many of those have =
made it into the nightly build, if any?

3. I expect there to be a schedule for these things to be included into =
the nocat distribution?  If not is there somebody ready to make a branch =
distribution with all those useful features included?

4. Any plans to put nocat up on sourceforge.net ?

Maybe some of these questions are trivial, but I'm not in the inner =
development circle of the nocat community.  I do understand that nocat =
is a community effort and demanding users like me do not neccesarily =
have much rights to make demands while not being a heavy contributor to =
the project.  I do though have some concerns about the pace of =
development of nocat.  There was 1 year between 0.81 and 0.82 =20

I really hope there will not be another year until 0.83 and we vill see =
version 1.00 within a very long time

I would like to thank all the developers though of making this great =
software and I hope that more of the great effort from Jacob, Karl and =
others will get it's rightful place within the distribution.  If their =
work will be appreciated as it should it might encourage more people to =
contribute to the project.

Best regards

Brynjar Hauksson




From rlotz at seattlewireless.net  Thu Oct  2 23:55:14 2003
From: rlotz at seattlewireless.net (Richard Lotz)
Date: Thu, 2 Oct 2003 15:55:14 -0700
Subject: [NoCat] Updating NoCat's PF support
Message-ID: <7BDAE0E0-F52B-11D7-A5F6-000393CD7EC4@seattlewireless.net>

I'd like to update NoCat to support some of the newer PF features (like 
tables).  In doing so I'd like to make it easier to maintain 
additional, site specific firewall rules.  I plan on doing this by 
pulling out some of the PF syntax from the firewall control scripts and 
putting them into a flat file.  The scripts will then load the file, 
add/modify NoCat specific entries and then load via stdin.

Anyone have any complaints? Anyone willing to test it?

-richard

--
Richard Lotz
GPG Key:     http://students.washington.edu/rlotz/key.txt
Fingerprint: 6BD7 C584 7DDC 43FD F0D4  87AB 5A8F 89D5 B3CC 9517



From shubhobiswas at hotmail.com  Fri Oct  3 02:48:51 2003
From: shubhobiswas at hotmail.com (Shubho Biswas)
Date: Thu, 02 Oct 2003 21:48:51 -0400
Subject: [NoCat] nocat auth server
Message-ID: <BAY8-F64wSPibkiNhoz0000c353@hotmail.com>

Hi folks,

I've got a pebble gateway (192.168.1.38) attempting to authenticate with a 
nocat server (192.168.1.39) that I just set up.  My client pc, using MS IE 
sees the login page properly but I can't seem to login.  I get "Server 
Error, Error Message: Premature End of script headers: login, Error 500" on 
my browser after I fill in my username and passwd and click login.  Here is 
a step by step of my /etc/httpd/logs/ssl_err_log from apache with my 
comments interspersed:

[Thu Oct 02 19:32:58 2003] [warn] RSA server certificate is a CA certificate 
(BasicConstraints: CA == TRUE !?)
[Thu Oct 02 19:32:58 2003] [warn] RSA server certificate CommonName (CN) 
`localhost.localdomain' does NOT match server name!?
[Thu Oct 02 19:33:01 2003] [warn] RSA server certificate is a CA certificate 
(BasicConstraints: CA == TRUE !?)
[Thu Oct 02 19:33:01 2003] [warn] RSA server certificate CommonName (CN) 
`localhost.localdomain' does NOT match server name!?

The above shows up immediately after I start my apache server.  I don't have 
a registered ssl certificate but that should be ok for testing, right?

[Thu Oct 02 19:34:17 2003] [error] [client 192.168.1.38] [2003-10-02 
19:34:17] User UNKNOWN from 192.168.1.38 requests form

The above appears after the login page loads on MS IE on the pc client.

[Thu Oct 02 19:37:42 2003] [error] [client 192.168.1.38] Premature end of 
script headers: login, referer: 
https://192.168.1.39/cgi-bin/login?token=%241%2419663975%24%2fWHDGypwm1OL1uU%2eX7%2e%2ex%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a0C%3a41%3a0C%3a71%3a18&gateway=192%2e168%2e89%2e1%3a5280
[Thu Oct 02 19:37:42 2003] [error] [client 192.168.1.38] [2003-10-02 
19:37:42] User sbiswas from 192.168.1.38 requests form, referer: 
https://192.168.1.39/cgi-bin/login?token=%241%2419663975%24%2fWHDGypwm1OL1uU%2eX7%2e%2ex%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a0C%3a41%3a0C%3a71%3a18&gateway=192%2e168%2e89%2e1%3a5280
[Thu Oct 02 19:37:42 2003] [error] [client 192.168.1.38] [2003-10-02 
19:37:42] gpg --sign --armor --homedir=/usr/local/nocat/cgi-bin/../pgp 
--keyring trustedkeys.gpg --no-tty -o- returned error message:, referer: 
https://192.168.1.39/cgi-bin/login?token=%241%2419663975%24%2fWHDGypwm1OL1uU%2eX7%2e%2ex%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a0C%3a41%3a0C%3a71%3a18&gateway=192%2e168%2e89%2e1%3a5280
[Thu Oct 02 19:37:42 2003] [error] [client 192.168.1.38] gpg: Warning: using 
insecure memory!, referer: 
https://192.168.1.39/cgi-bin/login?token=%241%2419663975%24%2fWHDGypwm1OL1uU%2eX7%2e%2ex%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a0C%3a41%3a0C%3a71%3a18&gateway=192%2e168%2e89%2e1%3a5280
[Thu Oct 02 19:37:42 2003] [error] [client 192.168.1.38] gpg: please see 
http://www.gnupg.org/faq.html for more information, referer: 
https://192.168.1.39/cgi-bin/login?token=%241%2419663975%24%2fWHDGypwm1OL1uU%2eX7%2e%2ex%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a0C%3a41%3a0C%3a71%3a18&gateway=192%2e168%2e89%2e1%3a5280
[Thu Oct 02 19:37:42 2003] [error] [client 192.168.1.38] Can't locate 
Net/Netmask.pm in @INC (@INC contains: ../lib/ 
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi 
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl 
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi 
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at 
../lib//NoCat/AuthService.pm line 76., referer: 
https://192.168.1.39/cgi-bin/login?token=%241%2419663975%24%2fWHDGypwm1OL1uU%2eX7%2e%2ex%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a0C%3a41%3a0C%3a71%3a18&gateway=192%2e168%2e89%2e1%3a5280

The above appears after trying to login in with my username and password and 
clicking login.

FYI: When I initially installed gnu privacy guard, I had created a key and 
revocation certificate.  But I recompiled and installed my gpg without those 
afterwards (I don't know if recompiling and reinstalling changes anything 
though).

Also, I didn't install DBD::MySQL module since I'm not using mysql and I 
can't download anything from CPAN now for some reason.  I'm using password 
file authentication.

And I did not include etc/authserv.conf in my httpd.conf as this gives me a 
syntax error on the first uncommented line when I try to start my apache 
server.

There doesn't seem to be any useful info in nocat.log from my gateway.

Do these logs mean anything to you guys?  I'm not really well-versed in any 
of this so I can't make head or tail of the log.  Are there any other logs 
that could help debug the problem?

Shubho

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963



From rob at capband.net  Fri Oct  3 03:02:56 2003
From: rob at capband.net (Rob Nelson)
Date: Thu, 02 Oct 2003 22:02:56 -0400
Subject: [NoCat] Heavily modified version of NoCat
Message-ID: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>

Our company has used NoCat and modified it heavily. It's all been contract 
work, and everything's been internal. All the contractors are gone, we're 
moving away from it, and I'm left holding onto it. I'd like to release it 
back, but all I got is a tarball and a .doc file with some brief 
instructions. Would anyone be interested in this, and perhaps hacking it 
apart and back into the main? I'm just a project manager, not a programmer 
in any *real* sense of the world.

Known modifications:

- Authenticates against radius (I believe this was coded before the current 
radius patch was available)
- Caches logins in a local postgres database
- Does not time out any connections or delete "oem" sessions upon restart 
(we sell to apartment tenants, they don't like having to auth all the time)

There's a few more functional bugfix type stuff, but those are the new 
features. If anyone's interested, I'm willing to up the tarball and doc to 
wherever is useful for the most people.

Sorry, hate to say "I have a mess, anyone want it?" but I do know that 
while there's still bugs, things like radius auth DO work very well in this 
code. It would be a shame to trash it, with some of the problems people are 
having with it.

Rob Nelson
Network Administrator, Capitol Broadband
C: 919-369-1874
rob@capband.net 



From bong at icasolution.com.au  Fri Oct  3 03:07:16 2003
From: bong at icasolution.com.au (Bong Ramilo)
Date: Fri, 3 Oct 2003 11:37:16 +0930 (CST)
Subject: [NoCat] problems with patches (Jacob S. Barrett)
In-Reply-To: <20031002190002.32376.39325.Mailman@mouse>
References: <20031002190002.32376.39325.Mailman@mouse>
Message-ID: <55737.203.112.96.7.1065146836.squirrel@www.icasolution.com.au>

hi, jake an all.

> renew_pasv.html, renew.html and login_ok.html should have this line:
>      <meta http-equiv="Refresh" content="$redirecttime; URL=$redirect" />
>
> login_ok.html should have a line like this too:
>    You will be redirected within $redirecttime seconds. If not, click
>    <a href="$redirect">here</a> to continue.</font></p>
>
> AuthServ.pm line 291ish should read:
>      # Add a refresh time of 30 seconds...
>      $vars{redirecttime} = my $redirecttime = $self->{RedirectTime};
>
>      push @headers, -Refresh => "$redirecttime; URL=$redirect";
>      # push @headers, -Cookie => $self->{Cookie} if $self->{Cookie};

I have the same code in the patched files but kept getting errors when not
using login_ok_nopopup.html.

i'm now using the unpatched login, Authservice.pm and html files and I
don,t get the refresh errors.

the problem i have with this setup is that when i close the popup and the
main windows, i don't get timed out until Session-Timeout is reached
(using the patched Peer.pm file). I'd like it to timeout liek it did
pre-patch -- that is, if the popup is closed, you are timed out when
LoginTime is reached.

> Can you run ICRADIUS in debug mode and watch the accounting requests
> being processed by it?  If so send me a log of that session.

ICRADIUS now writes to the MySQL database. I commented out lines 97 and
112 in RADIUS.pm:

#{ Name => 40, Value => '7', Type => 'integer' },
#Acct-Status-Type(Accounting-On)

Seems ICRADIUS will accept only one Acct-Status-Type attribute at a time,
so "Start" and "Stop" are enough for it -- RADIUS.pm also had
"Accounting-On" and "Accounting-Off" as attributes.

At this stage, I'm keen to get the log-off stuff sorted out.

Thanks.



From wireless at verma.sfsu.edu  Fri Oct  3 07:13:17 2003
From: wireless at verma.sfsu.edu (Sameer Verma)
Date: Thu, 02 Oct 2003 23:13:17 -0700
Subject: [NoCat] Heavily modified version of NoCat
In-Reply-To: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
References: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
Message-ID: <3F7D137D.4080904@verma.sfsu.edu>

Rob Nelson wrote:

> Our company has used NoCat and modified it heavily. It's all been 
> contract work, and everything's been internal. All the contractors are 
> gone, we're moving away from it, and I'm left holding onto it. I'd 
> like to release it back, but all I got is a tarball and a .doc file 
> with some brief instructions. Would anyone be interested in this, and 
> perhaps hacking it apart and back into the main? I'm just a project 
> manager, not a programmer in any *real* sense of the world.
>
> Known modifications:
>
> - Authenticates against radius (I believe this was coded before the 
> current radius patch was available)
> - Caches logins in a local postgres database
> - Does not time out any connections or delete "oem" sessions upon 
> restart (we sell to apartment tenants, they don't like having to auth 
> all the time)
>
> There's a few more functional bugfix type stuff, but those are the new 
> features. If anyone's interested, I'm willing to up the tarball and 
> doc to wherever is useful for the most people.
>
> Sorry, hate to say "I have a mess, anyone want it?" but I do know that 
> while there's still bugs, things like radius auth DO work very well in 
> this code. It would be a shame to trash it, with some of the problems 
> people are having with it.
>
> Rob Nelson
> Network Administrator, Capitol Broadband
> C: 919-369-1874
> rob@capband.net
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat

Rob,
You could post the tarball here, or on the Wiki 
(http://nocat.net/wiki/), I suppose. The RADIUS features would be 
useful, and the "many eyeballs" logic might help people re-integrate the 
changes into the source.
I'd also be curious to find out why your company is moving away from it.

Sameer

-- 
Dr. Sameer Verma, Ph.D.
Asst. Professor of Information Systems
San Francisco State University
San Francisco CA 94132 USA
http://verma.sfsu.edu/ 




From rio at martin.mu  Fri Oct  3 07:26:29 2003
From: rio at martin.mu (Rio Martin)
Date: Fri, 3 Oct 2003 13:26:29 +0700
Subject: [NoCat] Having error after submit login & password..
In-Reply-To: <3F7D137D.4080904@verma.sfsu.edu>
References: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net> <3F7D137D.4080904@verma.sfsu.edu>
Message-ID: <200310031326.29365.rio@martin.mu>

Dear all,
I am having trouble with my Nocat-0.8.2 installation.
After submiting login & password information, the page return "Internal Server 
Error".
I ve check all the cgi permissions and it all belongs to the same UID as 
apache.

Thanks, need help..

Regards,
Rio Martin.


From aklougbo at yahoo.com  Fri Oct  3 09:41:45 2003
From: aklougbo at yahoo.com (Aime)
Date: Fri, 3 Oct 2003 01:41:45 -0700 (PDT)
Subject: [NoCat] More NoCatAuth 0.82 + RADIUS Patch woes...
In-Reply-To: <3F7C9D3C.8010409@pogozone.com>
Message-ID: <20031003084145.48175.qmail@web11007.mail.yahoo.com>

All,
Did someone find something about simultaneous login
yet ?

Thanks
--Aimé


--- "Jacob S. Barrett" <jbarrett@pogozone.com> wrote:
> Mike Cannon wrote:
> > Now to figure out why it's allowing multple radius
> authentications for
> > nocat.. hrmmm...
> 
> Do you mean simultaneous use?  Or is it sending the
> auth request to the 
> radius server more than one time?
> 
> -- 
> Jacob S. Barrett
> Chief Technology Officer
> PogoZone LLC
> 
>    email: jbarrett@pogozone.com
>      web: www.pogozone.com
>    voice: 360-676-8772
>      fax: 360-733-3941
> address: 114 W. Magnolia Street Suite 417
>           Bellingham, Washington 98225
> 
> 
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com


From rob at capband.net  Fri Oct  3 12:51:36 2003
From: rob at capband.net (Rob Nelson)
Date: Fri, 03 Oct 2003 07:51:36 -0400
Subject: [NoCat] Heavily modified version of NoCat
In-Reply-To: <3F7D137D.4080904@verma.sfsu.edu>
References: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
 <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
Message-ID: <5.2.1.1.0.20031003074736.0221be60@mail.capband.net>

>You could post the tarball here, or on the Wiki (http://nocat.net/wiki/), 
>I suppose. The RADIUS features would be useful, and the "many eyeballs" 
>logic might help people re-integrate the changes into the source.
>I'd also be curious to find out why your company is moving away from it.

Reasons to move away from it:

- It's still buggy and under heavy use (300+ people arriving home between 
5:30-6:30 pm and logging in) it tends to die.
- Sometimes it gets stuck in the login loop - successful login throws you 
back to the login screen.

And the big kicker:

- When we got hit by the Welchia worm, we realized that the only way to 
protect the local network, which was getting slammed regardless of whether 
the person authenticated or not, was to do MAC authentication at the AP.

Our business is selling to apartment complexes, not as hotspots, which also 
contributed. And again, all the NoCat work was done by contractors - when 
something breaks, there's no programmers around who can fix it. I have a 
feeling if we hired two guys for 40 hours a week, in two months we could 
have all the serious bugs stamped out and a few minor ones, but my boss 
won't have it. Oh well.

As for posting it, I've gotten a half dozen requests already. When I get to 
work, I'll grab the tarball and docs and throw them up on our site and/or 
the wiki.


Rob Nelson
Network Administrator, Capitol Broadband
C: 919-369-1874
rob@capband.net 



From rob at capband.net  Fri Oct  3 14:37:38 2003
From: rob at capband.net (Rob Nelson)
Date: Fri, 03 Oct 2003 09:37:38 -0400
Subject: [NoCat] Source code for patched version
Message-ID: <5.2.1.1.0.20031003093327.00b87408@mail.capband.net>

Here's a link to the source code and the one document (pathetically dated 
7/30/02) that I have available. Three people have worked on this code and I 
honestly couldn't tell you what the different versions do or do not have in 
them. All I can tell you is the newest date is January 28th, 2003, on 
v2.17internal.

http://www.capband.net/ronelson/nocat/

I'll be hapy to answer any questions you might have about it. It was 
modified by three people here, only one of whom was decent about 
documenting the code. Hope this helps the nocat project, I enjoyed using 
the software.

Oh, and as a side note, my personal email is ronelson@vt.edu, if anyone 
references this on nocat.net. Of course the code is GPL'ed, but my boss 
wouldn't want me spending precious company time helping out the people who 
made our business viable :)

Rob Nelson
Network Administrator, Capitol Broadband
C: 919-369-1874
rob@capband.net 



From Dennis" <dh at djhanson.net  Fri Oct  3 16:13:05 2003
From: Dennis" <dh at djhanson.net (Dennis)
Date: Fri, 3 Oct 2003 08:13:05 -0700
Subject: [NoCat] Heavily modified version of NoCat
References: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net> <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net> <5.2.1.1.0.20031003074736.0221be60@mail.capband.net>
Message-ID: <001001c389c0$d9134230$0500a8c0@Home>

So... what did replace it with?  Just curious.

Dennis
----- Original Message ----- 
From: "Rob Nelson" <rob@capband.net>
To: "Sameer Verma" <wireless@verma.sfsu.edu>
Cc: <noCat@lists.nocat.net>
Sent: Friday, October 03, 2003 4:51 AM
Subject: Re: [NoCat] Heavily modified version of NoCat


>
> >You could post the tarball here, or on the Wiki (http://nocat.net/wiki/),
> >I suppose. The RADIUS features would be useful, and the "many eyeballs"
> >logic might help people re-integrate the changes into the source.
> >I'd also be curious to find out why your company is moving away from it.
>
> Reasons to move away from it:
>
> - It's still buggy and under heavy use (300+ people arriving home between
> 5:30-6:30 pm and logging in) it tends to die.
> - Sometimes it gets stuck in the login loop - successful login throws you
> back to the login screen.
>
> And the big kicker:
>
> - When we got hit by the Welchia worm, we realized that the only way to
> protect the local network, which was getting slammed regardless of whether
> the person authenticated or not, was to do MAC authentication at the AP.
>
> Our business is selling to apartment complexes, not as hotspots, which
also
> contributed. And again, all the NoCat work was done by contractors - when
> something breaks, there's no programmers around who can fix it. I have a
> feeling if we hired two guys for 40 hours a week, in two months we could
> have all the serious bugs stamped out and a few minor ones, but my boss
> won't have it. Oh well.
>
> As for posting it, I've gotten a half dozen requests already. When I get
to
> work, I'll grab the tarball and docs and throw them up on our site and/or
> the wiki.
>
>
> Rob Nelson
> Network Administrator, Capitol Broadband
> C: 919-369-1874
> rob@capband.net
>
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>



From joshmccormack at travelersdiary.com  Fri Oct  3 17:26:03 2003
From: joshmccormack at travelersdiary.com (joshmccormack@travelersdiary.com)
Date: Fri, 3 Oct 2003 11:26:03 -0500 (CDT)
Subject: [NoCat] Re: Heavily modified version of NoCat
In-Reply-To: <20031003151403.19760.67119.Mailman@mouse>
Message-ID: <Pine.LNX.4.44.0310031120480.9636-100000@westhost39.westhost.net>

>Date: Fri, 03 Oct 2003 07:51:36 -0400
>To: Sameer Verma <wireless@verma.sfsu.edu>
>From: Rob Nelson <rob@capband.net>
>Subject: Re: [NoCat] Heavily modified version of NoCat
>Cc: noCat@lists.nocat.net
>
>
<snip>
>
>And the big kicker:
>
>- When we got hit by the Welchia worm, we realized that the only way to
>protect the local network, which was getting slammed regardless of whether
>the person authenticated or not, was to do MAC authentication at the AP.
>
<snip>
>
>Rob Nelson
>Network Administrator, Capitol Broadband
>C: 919-369-1874
>rob@capband.net
>



Couldn't you have set up NoCatAuth to point to a locally cached version of the windows update when the worm tried to download it? I think I've seen something about someone in ... was it Texas? who did this.

Josh



From rob at capband.net  Fri Oct  3 19:37:25 2003
From: rob at capband.net (Rob Nelson)
Date: Fri, 03 Oct 2003 14:37:25 -0400
Subject: [NoCat] Heavily modified version of NoCat
In-Reply-To: <001001c389c0$d9134230$0500a8c0@Home>
References: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
 <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
 <5.2.1.1.0.20031003074736.0221be60@mail.capband.net>
Message-ID: <5.2.1.1.0.20031003143707.00b94738@mail.capband.net>

>So... what did replace it with?  Just curious.

MAC authentication on the AP, to a RADIUS server at our head-end.


Rob Nelson
Network Administrator, Capitol Broadband
C: 919-369-1874
rob@capband.net 



From rob at capband.net  Fri Oct  3 19:38:23 2003
From: rob at capband.net (Rob Nelson)
Date: Fri, 03 Oct 2003 14:38:23 -0400
Subject: [NoCat] Re: Heavily modified version of NoCat
In-Reply-To: <Pine.LNX.4.44.0310031120480.9636-100000@westhost39.westhos
 t.net>
References: <20031003151403.19760.67119.Mailman@mouse>
Message-ID: <5.2.1.1.0.20031003143727.022b5640@mail.capband.net>

>Couldn't you have set up NoCatAuth to point to a locally cached version of 
>the windows update when the worm tried to download it? I think I've seen 
>something about someone in ... was it Texas? who did this.

The problem is that in the meantime it's trying to find other hosts who 
might be infected, and often at a rate that FAR exceeds our bandwidth, 
making it impossible for them to download any updates. Hell, we couldn't 
even SSH into the nocat when this happened, sometimes.


Rob Nelson
Network Administrator, Capitol Broadband
C: 919-369-1874
rob@capband.net 



From karl.gaissmaier at kiz.uni-ulm.de  Fri Oct  3 21:00:55 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Fri, 03 Oct 2003 22:00:55 +0200
Subject: [NoCat] Heavily modified version of NoCat
References: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net> <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net> <5.2.1.1.0.20031003074736.0221be60@mail.capband.net> <001001c389c0$d9134230$0500a8c0@Home>
Message-ID: <3F7DD577.7E5847CA@kiz.uni-ulm.de>

Hi NoCat Users,

Dennis schrieb:
> 
> So... what did replace it with?  Just curious.

I'm also interested in products able to do 
what NoCat promised to do.

I tried to use NoCat here at Ulm University with
a lot of bug/feature fixes applied, but now when
I try to go to production I stumble again over major 
design flaws using NoCat for many users (~500).

First big problem:
- there is no persistency for the currently authenticated
  users, and the gateway isn't running stable. I'm still
  looking for the reasons why the gateway will crash
  on heavy load. I think it's the old perl problem
  with signal's, maybe. Next week we will run nocat under
  perl 5.8.0 with defered signal handling, perhaps this helps

Second big problem
- the local redirect when a capture arise is directed
  to a postforking server perl script. It would be better
  if we could redirect to a matured web server and do
  the redirect within mod_redir or mod_alias, anyway.
  This would also solve the problem with proxy servers
  configured at the clients.

Third big problem
- most of us use the "same machine" approach, but for
  this scenario the design is to difficult. The same
  machine approach could be easily done with:
	a.) a session database on disk (persistency!)
	b.) cgi login script's as a writer to the session
            database (locking)
	c.) a daemon reading the session database (locking)
            and doing what must be done with the filter rules

I started already this project for my University.
The project name is WebCap and I hope I can release it
before Christmas 2003. A long time you'll say, but my
primary job is a Network Administrator and not an
application programmer :-(

When I've alpha releases I will post it again on this
list if someone is interested.

Regards
	Charly
-- 
Karl Gaissmaier                            University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de        KIZ, Service Group Network


From rob at capband.net  Fri Oct  3 21:19:29 2003
From: rob at capband.net (Rob Nelson)
Date: Fri, 03 Oct 2003 16:19:29 -0400
Subject: [NoCat] Heavily modified version of NoCat
In-Reply-To: <3F7DD577.7E5847CA@kiz.uni-ulm.de>
References: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
 <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
 <5.2.1.1.0.20031003074736.0221be60@mail.capband.net>
 <001001c389c0$d9134230$0500a8c0@Home>
Message-ID: <5.2.1.1.0.20031003161604.01f2d0a8@mail.capband.net>

>First big problem:
>- there is no persistency for the currently authenticated
>   users, and the gateway isn't running stable. I'm still
>   looking for the reasons why the gateway will crash
>   on heavy load. I think it's the old perl problem
>   with signal's, maybe. Next week we will run nocat under
>   perl 5.8.0 with defered signal handling, perhaps this helps

Charley

We fixed this by not logging out older users. THe long-term plan, before we 
abandoned it, was to set up a watchdog program, or perhaps a subroutine 
that runs every so often (again, i'm not a programmer!) that references 
some info about the last time a user accessed the net and the expiration 
time. Never got that far, but I think it's the best way to handle 
persistence in a non-accounting usage. If you're doing accounting, however, 
you don't have room for that.

>Third big problem
>- most of us use the "same machine" approach, but for
>   this scenario the design is to difficult. The same
>   machine approach could be easily done with:
>         a.) a session database on disk (persistency!)
>         b.) cgi login script's as a writer to the session
>             database (locking)
>         c.) a daemon reading the session database (locking)
>             and doing what must be done with the filter rules

That's why we added postgres support. One, it let us write the sessions to 
a local database. Two, if the user changed IP's and reauthenticated, but 
the auth service (RADIUS) couldn't be reached, we could use their cached 
credentials. Every night Nocat was supposed to verify the sessions versus 
RADIUS and kick out suspended accounts.

Rob Nelson
Network Administrator, Capitol Broadband
C: 919-369-1874
rob@capband.net 



From jbarrett at pogozone.com  Fri Oct  3 21:36:52 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Fri, 03 Oct 2003 13:36:52 -0700
Subject: [NoCat] More NoCatAuth 0.82 + RADIUS Patch woes...
In-Reply-To: <20031003084145.48175.qmail@web11007.mail.yahoo.com>
References: <20031003084145.48175.qmail@web11007.mail.yahoo.com>
Message-ID: <3F7DDDE4.4020602@pogozone.com>

Aime wrote:
> All,
> Did someone find something about simultaneous login
> yet ?

It works if you never kill nocat.  If you kill nocat then the gateway 
doesn't notify the RADIUS server that the session has ended.  I started 
but never finished the script the FreeRADIUS uses to double check on a 
session when it detects simultaneous use.  It is pretty easy I just 
haven't had time or a need to do it yet.

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From karl.gaissmaier at kiz.uni-ulm.de  Fri Oct  3 21:53:25 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Fri, 03 Oct 2003 22:53:25 +0200
Subject: [NoCat] Heavily modified version of NoCat
References: <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
 <5.2.1.1.0.20031002215739.00bcf788@mail.capband.net>
 <5.2.1.1.0.20031003074736.0221be60@mail.capband.net>
 <001001c389c0$d9134230$0500a8c0@Home> <5.2.1.1.0.20031003161604.01f2d0a8@mail.capband.net>
Message-ID: <3F7DE1C5.EE6DE2A1@kiz.uni-ulm.de>

Hi Rob,

Rob Nelson schrieb:
> 
> >First big problem:
> >- there is no persistency for the currently authenticated
> >   users, and the gateway isn't running stable. I'm still
> >   looking for the reasons why the gateway will crash
> >   on heavy load. I think it's the old perl problem
> >   with signal's, maybe. Next week we will run nocat under
> >   perl 5.8.0 with defered signal handling, perhaps this helps
> 
> Charley
> 
> We fixed this by not logging out older users. THe long-term plan, before we
> abandoned it, was to set up a watchdog program, or perhaps a subroutine
> that runs every so often (again, i'm not a programmer!) that references
> some info about the last time a user accessed the net and the expiration
> time. Never got that far, but I think it's the best way to handle
> persistence in a non-accounting usage. If you're doing accounting, however,
> you don't have room for that.

My software will do a normal cgi session handling.
- the user authenticates via against a cgi script via
radius/ldap/pam/... and the cgi scripts generates a session
id (sid). The sid is sent back via cookies or renew urls.
Whenver the client renews, the triple (sid, ip, mac) is 
checked against the session database. If it match, the
expiration time is adjusted.

There is also a button for explicit logout, then
the cgi script sets the session information for
this sid to logout. The cgi scripts never do anything with
iptables or anything else for what you need root
privileges.

The daemon script is running under root and the
inter process communication between the cgi scripts
and the daemon is done via mtime or signature changes
on the session database. Whenever the daemon reads
the sesion database (after there was a change) or 
after every expiration interval, the daemon checks
if there are expired sid's and removes them (and
performs accounting at this moment).

The daemon checks the filter rules against
the session database und adjusts the filter rules
according to the session database.

The daemon is responsible for accounting if it
is necessary, but this is easy. The session database
holds the starttime and the daemon deletes clients
from the dbm.

That's my plan. The session database module is already finished
with stable locking (CGI::Session was no help due to bad locking)
and the rest will be coded with HTML::Template, Config::General,
Proc::Reliable and CGI::Application. All you need is on CPAN, I will
just deliver the glue.

> 
> >Third big problem
> >- most of us use the "same machine" approach, but for
> >   this scenario the design is to difficult. The same
> >   machine approach could be easily done with:
> >         a.) a session database on disk (persistency!)
> >         b.) cgi login script's as a writer to the session
> >             database (locking)
> >         c.) a daemon reading the session database (locking)
> >             and doing what must be done with the filter rules
> 
> That's why we added postgres support. One, it let us write the sessions to
> a local database. Two, if the user changed IP's and reauthenticated, but
> the auth service (RADIUS) couldn't be reached, we could use their cached
> credentials. Every night Nocat was supposed to verify the sessions versus
> RADIUS and kick out suspended accounts.

I've a very stable radius service (Radiator: www.open.com.au, the
best software I've ever puchsed with the best support I've
ever seen, and most important, it's pure perl and they
accept patches!) running on  two Sun Boxes with HA Software.

Everything here dealing with dialin and public access here is
authenticated against this beast.

I've still all AP's configured to MAC address authentication
against this radius server. The DEFAULT rule allows all MAC's,
only some black sheeps are in front of the DEFAULT rule
with an implicit 'Reject', so I can block these clients
already before they hit the IP Layer (the same problem you
had is also virulent here!).

Regards
	Charly
-- 
Karl Gaissmaier                            University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de        KIZ, Service Group Network


From ANDY at ceplus.de  Sat Oct  4 13:43:00 2003
From: ANDY at ceplus.de (Andreas Moehrlein)
Date: Sat, 4 Oct 2003 14:43:00 +0200
Subject: [NoCat] NoCat crashes
Message-ID: <3F4E3313@leto.ceplus.de>

I found a 2 situations where NoCat (0.82 with RADIUS Auth/Acct) crashes:

1. Using a external RADIUS Authentication server, the "sub recv_paket" hangs 
within  can_read or recv.
This never occures when you authenticate locally. The gateway process seems 
to "hang" within Radius Auth and doesn't respond any more.

2. When you do login from a wireless client and from a second workstation 
you permanently refresh the URL  http://x.x.x.x:5280/status while logging 
in, the gateway process seems to be dead - but I found there is a second  
bin/gateway process running.
If you kill the second gateway NoCat continues working ...

Has anybody else the same problem with such a behaviour ?


Andy




From niallm at enigma.ie  Fri Oct  3 13:09:59 2003
From: niallm at enigma.ie (Niall Richard Murphy)
Date: Fri, 3 Oct 2003 13:09:59 +0100
Subject: [NoCat] status of nocat?
In-Reply-To: <005101c38937$f7d95d50$0300a8c0@natuamia>
References: <005101c38937$f7d95d50$0300a8c0@natuamia>
Message-ID: <20031003120959.GA43106@enigma.ie>

On Fri, Oct 03, 2003 at 05:53:16AM +0700, Brynjar Hauksson wrote:

Brynjar and others,

> I???m a bit worried about the progress of the Nocat system and there are some questions I???d really like to get answered:

It's clear that the founders of NoCat have a lot on their hands at the moment;
otherwise I expect they'd have had the time to do all that's necessary, or hand 
the authority over to other people to do same. 

Accordingly, we have a choice between waiting until they've got enough time again,
setting up an interim patched distribution, or (dreaded word) forking. My personal
preference is setting up an interim patched distribution and then getting those changes
back into the main tree at some future stage.

At the moment, for people who need to use NoCat, there is quite a lot of work involved
in bringing it up to speed with 'best current practice'. This work has to be done
individually by everyone again, each time. With only a small amount of effort on
everyone's behalf, we can save a lot of effort in the future.

Rob/Schuyler - What do you think? Any volunteers?
 
Niall

-- 
Enigma Consulting Limited: Security, UNIX and telecommunications consultants.
Address: Floor 2, 45 Dawson Street, Dublin 2, Ireland.
802.11 deployment in Dublin: http://www.enigma.ie/wardrive/


From ryan at muppethouse.com  Sat Oct  4 21:35:21 2003
From: ryan at muppethouse.com (Ryan Shea)
Date: Sat, 04 Oct 2003 16:35:21 -0400
Subject: [NoCat] Redirect Proxy Server
In-Reply-To: <3F4E269D@leto.ceplus.de>
References: <3F4E269D@leto.ceplus.de>
Message-ID: <3F7F2F09.4030005@muppethouse.com>

Maybe I wasn't clear.  The iptables rule I mentioned is on my firewall 
rather than my NoCat gateway - so creating this redirect rule is 
complely transparent and the NoCat authentication works without any problem.

-Ryan

Andreas Moehrlein wrote:

>Ryan,
>
>with that solution you have access to squid and everything works fine - but 
>there is no authentication from NoCat !!!
>
>Andy
>
>  
>
>>I found a solution that works for me.  My network basically looks like this:
>>
>>[wireless segment]  (((((<  [nocat gateway] -- [nocat auth / iptables firewall / squid proxy]  
>>    
>>
>--  [internet router]
>  
>
>>Configuring browsers is a pain, so what I decided to do was to was just
>>redirect all traffic bound for port 80 to 3128 on my squid server /
>>firewall.  The iptables rule is like the one below.
>>
>>-A PREROUTING -s 10.0.10.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
>>
>>I didn't modify the nocat gatway at all to get this to work.  I hope
>>this is helpful.
>>
>>-Ryan
>>
>>    
>>
>
>  
>




From joshmccormack at travelersdiary.com  Sun Oct  5 04:31:44 2003
From: joshmccormack at travelersdiary.com (Josh McCormack)
Date: Sat, 04 Oct 2003 23:31:44 -0400
Subject: [NoCat] *bsd & nocatauth
Message-ID: <3F7F90A0.5020008@travelersdiary.com>

I'm interested in getting nocatauth along with an implementation of 
ipsec to work on the smallest system possible. I'm concerned about 
needing to run Perl (it's big), but we'll get to that later.

I've been looking at small Linux distros and saw this today:

SnapGear's embedded Linux distribution represents state-of-the-art 
embedded Linux technology for deeply embedded microprocessors with or 
without MMU (memory management unit)

http://www.snapgear.org/about.html



The *BSD family seems to have some really tiny distros for routers, that 
don't seem too tough to add to for extra functionality, and they handle 
the ipsec stuff very well it seems.

See http://www.bsdrouter.org/

I take it from the NoCatAuth stuff found at 
http://www.pogozone.net/projects/nocat/ that it's possible to run 
NoCatAuth on the BSDs. Any more detailed info on that, issues to be 
aware of, particular BSDs (net, open, free) it will or won't work on?


Josh



From ulrich.schwarz at rz.uni-ulm.de  Sun Oct  5 09:18:41 2003
From: ulrich.schwarz at rz.uni-ulm.de (ulrich schwarz)
Date: Sun,  5 Oct 2003 10:18:41 +0200
Subject: [NoCat] NoCat crashes
In-Reply-To: <3F4E3313@leto.ceplus.de>
References: <3F4E3313@leto.ceplus.de>
Message-ID: <1065341921.3f7fd3e11af8f@imap.rz.uni-ulm.de>

Zitat von Andreas Moehrlein <ANDY@ceplus.de>:

> I found a 2 situations where NoCat (0.82 with RADIUS Auth/Acct) crashes:
> 
> 1. Using a external RADIUS Authentication server, the "sub recv_paket" hangs
> 
> within  can_read or recv.
> This never occures when you authenticate locally. The gateway process seems 
> to "hang" within Radius Auth and doesn't respond any more.
> 
> 2. When you do login from a wireless client and from a second workstation 
> you permanently refresh the URL  http://x.x.x.x:5280/status while logging 
> in, the gateway process seems to be dead - but I found there is a second  
> bin/gateway process running.
> If you kill the second gateway NoCat continues working ...

hi andy,

interesting... at what rate per second do you reload the statuspage when you 
say "permanently"?

which OS and, more interesting, which version of perl do you use?

BTW: there's not only a second gateway process, they are lots of children under 
heavy use.

greets,

ulric

--
ulrich schwarz, computing center, university of ulm, germany


From karl.gaissmaier at kiz.uni-ulm.de  Sun Oct  5 11:06:20 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Sun, 5 Oct 2003 12:06:20 +0200
Subject: [NoCat] NoCat crashes
In-Reply-To: <3F4E3313@leto.ceplus.de>
References: <3F4E3313@leto.ceplus.de>
Message-ID: <200310051206.20433.karl.gaissmaier@kiz.uni-ulm.de>

Hi Andreas,

On Saturday 04 October 2003 14:43, Andreas Moehrlein wrote:
> I found a 2 situations where NoCat (0.82 with RADIUS Auth/Acct) crashes:
>
> 1. Using a external RADIUS Authentication server, the "sub recv_paket"
> hangs within  can_read or recv.
> This never occures when you authenticate locally. The gateway process seems
> to "hang" within Radius Auth and doesn't respond any more.

hmmm, I don't have the radius patches applied and then the gateway
speaks never with the radius server. This happens only within the login cgi.
Therefore this can't be the reason for the gateway crashes at least here
at Ulm University.

>
> 2. When you do login from a wireless client and from a second workstation
> you permanently refresh the URL  http://x.x.x.x:5280/status while logging
> in, the gateway process seems to be dead - but I found there is a second
> bin/gateway process running.
> If you kill the second gateway NoCat continues working ...

as Ulric already said, the gateway is a postforking server. Whenever
you connect to port 5280 an additional process is forked.
After 'HandleTimeout' sec's this additional process stopps if
there was a problem with the connection (SIGALRM).

The parent gateway process gets a SIGCHLD and the dead
child count increases. In the main loop of the parent these waiting
to death childs gets reaped. Anything looks properly and
defensive coded. Again, I think it's inherently a problem with
perl signal handling.

Regards
	Charly
-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de           Service Group Network


From karl.gaissmaier at kiz.uni-ulm.de  Sun Oct  5 11:09:37 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Sun, 5 Oct 2003 12:09:37 +0200
Subject: [NoCat] Redirect Proxy Server
In-Reply-To: <3F7F2F09.4030005@muppethouse.com>
References: <3F4E269D@leto.ceplus.de> <3F7F2F09.4030005@muppethouse.com>
Message-ID: <200310051209.37452.karl.gaissmaier@kiz.uni-ulm.de>

Hi Ryan,

On Saturday 04 October 2003 22:35, Ryan Shea wrote:
> Maybe I wasn't clear.  The iptables rule I mentioned is on my firewall
> rather than my NoCat gateway - so creating this redirect rule is
> complely transparent and the NoCat authentication works without any
> problem.


Hmmm, I didn't understand your drawing. It would be
nice if you could try again to describe your solution
how you solved the problem with proxy servers.

What happens with your logouts if they come via
the web proxy? You don't have the Client MAC address
to logout? Do you igore MAC addresses?

Regards
	Charly
-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de           Service Group Network


From nocat at planetsphinx.com  Sun Oct  5 18:07:28 2003
From: nocat at planetsphinx.com (Mike Cannon)
Date: Sun, 5 Oct 2003 12:07:28 -0500 (CDT)
Subject: [NoCat] More NoCatAuth 0.82 + RADIUS Patch woes...
In-Reply-To: <3F7C9D3C.8010409@pogozone.com>
References: <3F71031A.4070602@icasolution.com.au>
 <3F71B210.1080707@pogozone.com> <3F71C756.5000101@pogozone.com>
 <1237.199.3.116.26.1064520010.squirrel@www.planetsphinx.com>
 <3F7379B8.5060307@pogozone.com>
 <9939.204.96.220.49.1065129290.squirrel@www.planetsphinx.com>
 <3F7C9D3C.8010409@pogozone.com>
Message-ID: <1538.192.168.13.3.1065373648.squirrel@www.planetsphinx.com>

> Mike Cannon wrote:
>> Now to figure out why it's allowing multple radius authentications for
>> nocat.. hrmmm...
>
> Do you mean simultaneous use?  Or is it sending the auth request to the
> radius server more than one time?

Simultaneous use..  2 users online, authenticated with the same username
and password...

Mike C



From jbarrett at pogozone.com  Sun Oct  5 19:58:10 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Sun, 05 Oct 2003 11:58:10 -0700
Subject: [NoCat] *bsd & nocatauth
In-Reply-To: <3F7F90A0.5020008@travelersdiary.com>
References: <3F7F90A0.5020008@travelersdiary.com>
Message-ID: <3F8069C2.8020908@pogozone.com>

Josh McCormack wrote:
> I take it from the NoCatAuth stuff found at 
> http://www.pogozone.net/projects/nocat/ that it's possible to run 
> NoCatAuth on the BSDs. Any more detailed info on that, issues to be 
> aware of, particular BSDs (net, open, free) it will or won't work on?

These patches are specific to FreeBSD's IPFW firewall implementation. 
With the patches it runs like a champ on FreeBSD.  Sorry I can't give 
you any details on NoCat support for the other BSDs, but with the proper 
firewall scripts it will run on pretty much anything.

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From jbarrett at pogozone.com  Sun Oct  5 20:05:52 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Sun, 05 Oct 2003 12:05:52 -0700
Subject: [NoCat] RADIUS and Simultaneous-Use
Message-ID: <3F806B90.4010104@pogozone.com>

This is a MIME-formatted message.  If you see this text it means that your
E-mail software does not support MIME-formatted messages.

--=_pogo02.pogozone.net-18935-1065381035-0001-2
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

A few people have been asking for this and although I haven't had time 
to test it here is what I have going so far.

Simultaneous-Use works with the RADIUS patches already provided, but 
with one problem.  If the NoCat gateway is terminated before it notifies 
the RADIUS server that the sessions are close the next time a user tries 
to log in they will be denied.  FreeRADIUS provides a script that it 
calls to "double check" the NAS to see if the session is really still 
active before denying the authorization.  Attached are the components to 
get FreeRADIUS to work with NoCat (since nocat isn't a standard NAS).

1) Place the checkrad script somewhere on your RADIUS server.  You can 
name it anything you want really if you don't want to confuse it with 
the script from FreeRADIUS.

2) Apply the checkrad.patch either against the installed FreeRADIUS 
checkrad script (/usr/local/sbin/checkrad on FreeBSD) or the source 
checkrad.pl.in and make install.

3) Add lines similar to the ones in clients.conf.sample into 
FreeRADIUS's clients.conf file.  Check the 
"exec|/usr/local/nocat/bin/checkrad" line to reference the script you 
installed in step 1.

Now when an authorization request is going to be denied for a user it 
checks the open sessions for that user.  It will execute the FreeRADIUS 
checkrad script passing in the type line in the clients.conf.  The patch 
adds a section to that script that executes any script after the 
"exec|".  So now our script in step one will get called and check nocat.

As always, if you make mods to these please post them back to the list 
so I can put them into the RADIUS patches.  These will show up in the 
next patch set when I find time.

-Jake

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225


--=_pogo02.pogozone.net-18935-1065381035-0001-2
Content-Type: text/plain; name=checkrad; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="checkrad"

#!/usr/bin/perl

require HTTP::Request;
require LWP::UserAgent;

my $debug = true;

# 192.168.0.1 0 foo 01058159212184670
my ($nas, $user, $session) = @ARGV;

my $request = HTTP::Request->new(GET => "http://$nas:5280/status");
my $ua = LWP::UserAgent->new;
my $response = $ua->request($request);

#my $pattern = qr/foo/g;
foreach ($response->content)
{
	print "DEBUG: $_" if $debug;
	#exit 0 if /$pattern/;
	exit 0 if /$session/;
}

exit 1;

--=_pogo02.pogozone.net-18935-1065381035-0001-2
Content-Type: text/plain; name="checkrad.patch"; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="checkrad.patch"

--- checkrad.pl.in.old	Sun Oct  5 11:42:15 2003
+++ checkrad.pl.in	Sun Oct  5 11:42:22 2003
@@ -1161,6 +1161,20 @@
   ($login eq "$ARGV[3]\@$realm") ? 1 : 0;
 }
 
+sub exec_extern
+{
+  my ($extern) = ($ARGV[0] =~ /^exec\|(.*)/);
+  my @args = @ARGV;
+  shift @args;
+
+  print LOG "  exec extern $extern " . join(' ', @args) . "\n" if ($debug);
+  $ret = system($extern, @args) >> 8;
+  print LOG "  exec extern returned $ret\n" if ($debug);
+  $ret = 2 if ($ret > 1);
+
+  return $ret;
+}
+
 
 ###############################################################################
 
@@ -1230,6 +1244,8 @@
 	$ret = &bay_finger;
 } elsif ($ARGV[0] eq 'cisco_l2tp'){
         $ret = &cisco_l2tp_snmp;
+} elsif ($ARGV[0] =~ /^exec\|/){
+        $ret = &exec_extern;
 } elsif ($ARGV[0] eq 'other') {
 	$ret = 1;
 } else {

--=_pogo02.pogozone.net-18935-1065381035-0001-2
Content-Type: text/plain; name="clients.conf.sample"; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="clients.conf.sample"

#
# SAPMLE: clients.conf - client configuration directives
#
#######################################################################

client 192.168.0.1 {
	secret		= nocat
	shortname	= nocat
	nastype		= exec|/usr/local/nocat/bin/checknocat.pl
}


--=_pogo02.pogozone.net-18935-1065381035-0001-2--


From rob at nocat.net  Sun Oct  5 20:42:24 2003
From: rob at nocat.net (Rob Flickenger)
Date: Sun, 5 Oct 2003 12:42:24 -0700
Subject: [NoCat] status of nocat?
In-Reply-To: <20031003120959.GA43106@enigma.ie>
Message-ID: <0B1FA63D-F76C-11D7-AD71-000393843BC2@nocat.net>

On Friday, October 3, 2003, at 05:09  AM, Niall Richard Murphy wrote:

> On Fri, Oct 03, 2003 at 05:53:16AM +0700, Brynjar Hauksson wrote:
>
> Brynjar and others,
>
>> I???m a bit worried about the progress of the Nocat system and there 
>> are some questions I???d really like to get answered:
>
> It's clear that the founders of NoCat have a lot on their hands at the 
> moment;

Indeed.  At the moment, Schuyler is in Europe and I'm about to head to 
CA for a week.  But generally speaking, yeah, we've been pretty busy 
with other projects.  We've had a couple of volunteers to help 
integrate patches and keep the momentum going, but it seems like we're 
all just too busy to really keep up with the contributions as well as 
we could.

I believe Schuyler has been working on NoCatSplash with the thought 
that it will eventually replace NoCatAuth.  Since it doesn't use perl, 
it will probably eliminate the heavy load problems mentioned earlier.  
It works fine for open mode right now, but the full authentication 
mechanism isn't implemented yet.  Unfortunately, I think the perl 
version is about as tight as it's ever going to be.

We've also been kicking around the idea of eliminating the PGP 
requirements, and just going with a straight SSL (or other crypto) 
implementation.  The fewer external dependencies, the easier it will be 
for people to install and run the thing.  But keep in mind that the 
landscape of the problem has changed in the last couple of years.  It 
seems like there is a lot of interest in using it to build private 
networks (RADIUS back end, accounting, running SameMachine, etc.) and 
frankly, that's not what we had in mind when we designed it.

We tried to design it so that many people could roll out their own 
gateways without coordinating with each other, all using the same Auth 
server, without betraying the trust model.  That way, new gateways 
could come online, and users could trust that they weren't giving away 
their credentials to a possibly rogue gateway.  We also assumed that 
people wouldn't run open gateways unless they could identify who was on 
the other end (which, two years and several million open APs later) is 
decidedly *not* the case.

If you assume that you own all of the gateways and the authentication 
server (and that you're talking to an established RADIUS store), then 
the problem looks very different.  Hell, with the hardware Via and 
others are cranking out now, you could conceivably throw SSL on each 
gateway and call it a day.  Funny what a couple of years under Moore's 
law will do to a problem.

So, to stem this rambling email, here are my recommendations:

* NoCatSplash will eventually rule them all.  But that will take a 
while.  If you're going to work on NoCat, that's the one to throw time 
at.  I think we're at our limits of what perl can do for us on a large 
scale.

* In the meantime, there are a bunch of patches that seem to work, but 
haven't been integrated into the main tree yet, Schuyler is out for at 
least a week, and I'm not the man to do it.  Are they in the nightly, 
and just not out in a release yet?  Kurt?  Tom?  Little help?

* If you want to run NoCatAuth the simplest way possible (even with a 
guardian watchdog (init) that restarts the gateway if it dies), try 
pebble: http://nycwireless.net/pebble/

I hope to regroup with Schuyler after he gets back and see where we 
want to go next with it.  You're certainly correct, ten months between 
minor releases is a LONG time.  Pity we're not paid to make releases.  
=)

--Rob



From kstar at cpan.org  Sun Oct  5 23:54:50 2003
From: kstar at cpan.org (Kurt Starsinic)
Date: Sun, 5 Oct 2003 18:54:50 -0400
Subject: [NoCat] status of nocat?
In-Reply-To: <0B1FA63D-F76C-11D7-AD71-000393843BC2@nocat.net>
References: <20031003120959.GA43106@enigma.ie> <0B1FA63D-F76C-11D7-AD71-000393843BC2@nocat.net>
Message-ID: <20031005225450.GC4822@verizon.net>

On Oct 05, Rob Flickenger wrote:
> On Friday, October 3, 2003, at 05:09  AM, Niall Richard Murphy wrote:
> 
> >On Fri, Oct 03, 2003 at 05:53:16AM +0700, Brynjar Hauksson wrote:
> >
> >Brynjar and others,
> >
> >>I???m a bit worried about the progress of the Nocat system and there 
> >>are some questions I???d really like to get answered:
> >
> >It's clear that the founders of NoCat have a lot on their hands at the 
> >moment;
> 
> Indeed.  At the moment, Schuyler is in Europe and I'm about to head to 
> CA for a week.  But generally speaking, yeah, we've been pretty busy 
> with other projects.  We've had a couple of volunteers to help 
> integrate patches and keep the momentum going, but it seems like we're 
> all just too busy to really keep up with the contributions as well as 
> we could.

    Yes, I'm one of said volunteers.  I've been busy with Real Life, but
also I've had a large number of NoCat patches I've been trying to reconcile
with each other.  I'm trying to get an upload done soon.

    - Kurt



From tfd at vodafone.es  Mon Oct  6 13:41:12 2003
From: tfd at vodafone.es (Toni dlF. Diaz)
Date: Mon, 06 Oct 2003 14:41:12 +0200
Subject: [NoCat] NoCat SameMachine: How To?
In-Reply-To: <23e7923fe2.23fe223e79@optonline.net>
References: <23e7923fe2.23fe223e79@optonline.net>
Message-ID: <1065444072.1470.43.camel@flame>

English version is already available:
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-en.pdf


Toni
Blyx.com

El mar, 23-09-2003 a las 16:53, pachai@optonline.net escribi=C3=B3:
> >>>Eric CARCAILLON <eric.carcaillon@selftrade.com> =20
> >>>I wrote a doc but it is in French....
>=20
> >>>From: "Toni dlF. Diaz" <tfd@vodafone.es>
> >>> I wrote a doc in spanish and I'm working to translate it to english
>=20
> It seems to me, if both of these documents get translated into English,
> we can compare them - they should turn out identical, right?
>=20
> Seriously, we would be greatful for either or both
>=20
>=20
>=20
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat



From ANDY at ceplus.de  Mon Oct  6 17:52:00 2003
From: ANDY at ceplus.de (Andreas Moehrlein)
Date: Mon, 6 Oct 2003 18:52:00 +0200
Subject: [NoCat] NoCat crashes
Message-ID: <3F4E418D@leto.ceplus.de>

>
>interesting... at what rate per second do you reload the statuspage when you
>say "permanently"?

2-5 times /sec


>
>which OS and, more interesting, which version of perl do you use?

SuSE 8.2, 
Perl v5.8.0

>
>BTW: there's not only a second gateway process, they are lots of children
>under heavy use.

Yes - but those ones are not permanently in the process list.


Andy




From karl.gaissmaier at kiz.uni-ulm.de  Tue Oct  7 08:52:17 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Tue, 07 Oct 2003 09:52:17 +0200
Subject: [NoCat] Some hints about the crashes, question to the original authors
Message-ID: <3F8270B1.5070800@kiz.uni-ulm.de>

Dear NoCatAuth maintainers,

I'm in the process of tracing the crashes.
Yesterday we had a SEGV  signal, now we added

use sigtrap qw(stack-trace untrapped);

in the code, perhaps we can get a significant
pattern when and what crashes the gateway.

and I changed in Gateway.pm

$SIG{CHILD} = 'IGNORE'; # reaping is done by OS

and disabled the reaper code in it

         # See if any kids have expired, reap zombies
         #if ( $kids ) {
         #    1 until ( wait == -1 );
         #    $kids = 0;
         #}


Additionally  I've detected one piece of code looking
suspicious in Gateway.pm for me:

sub accept_child {
     my ($self, $listen) = @_;
     my $r = read( $listen, my $msg, 500_000 ); # arbitrary limit
     if ($r) {
         # The child process has news about a peer.

I don't know why the coders didn't just use:

sub accept_child {
     my ($self, $listen) = @_;
     {
	local $/ = undef; # slurp mode
	my $msg = <$listen>; # reading notification from child via pipe
     }
     # check the msg and error conditions

The read function is implemented with fread(3) or read(2)
and will restart if signal's interrupt this library func.

There is a lot of mem management reserving 500_000 bytes during
read() and shrinking it to the correct length.
If this call is restarted by a signal, perhaps something in the
universe goes wrong (everything is only hard- and software,
and already my mother told me not to play with it) and perhaps
we catch a SEGV.

Who coded this read() function in Gateway.pm?
Perhaps he could tell us something about the background
why he has choosen this approach?

Be aware, these are only guesses and no certainty!

Regards
	Charly

-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de           Service Group Network
Tel.: ++49 731 50-22499




From karl.gaissmaier at kiz.uni-ulm.de  Tue Oct  7 08:49:23 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Tue, 07 Oct 2003 09:49:23 +0200
Subject: [NoCat] NoCat crashes
In-Reply-To: <3F4E418D@leto.ceplus.de>
References: <3F4E418D@leto.ceplus.de>
Message-ID: <3F827003.9080203@kiz.uni-ulm.de>

Hi Andi,

Andreas Moehrlein schrieb:
>>interesting... at what rate per second do you reload the statuspage when you
>>say "permanently"?
...
> 2-5 times /sec
...
> 
>>which OS and, more interesting, which version of perl do you use?
...
> SuSE 8.2, 
> Perl v5.8.0
> 
> 
>>BTW: there's not only a second gateway process, they are lots of children
>>under heavy use.
> 
> 
> Yes - but those ones are not permanently in the process list.

hmmm, how to you start the gateway process?
If you start it with -D Flag, you will see 2
permanent running processes. Could you send
the putput of ps with the gateway processes to
see if they are related (pid's, ppid's).


Regards
	Charly
-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de           Service Group Network
Tel.: ++49 731 50-22499



From clunymark at yahoo.co.uk  Tue Oct  7 11:09:29 2003
From: clunymark at yahoo.co.uk (Mark)
Date: Tue, 07 Oct 2003 11:09:29 +0100
Subject: [NoCat] Clients always redirected to login page
References: <BAY8-F64wSPibkiNhoz0000c353@hotmail.com>
Message-ID: <3F8290D9.7020307@yahoo.co.uk>

After I was running a NoCatAuth test environment successfully I have 
tried to get NoCat running on our public internet access point.
The problem: Although the configuration is the same as in the test 
environment, Clients are getting redirected to the login page instead of 
the desired URL after a successful login.
I have already checked the logfiles and the iptables ruleset without 
finding anything useful to solve the problem.
I am running NoCat on SuSE linux 8.1 and authserver and gateway are 
running on the same machine in both environments.
Any Ideas?

Mark



From schuyler at oreilly.com  Tue Oct  7 14:19:21 2003
From: schuyler at oreilly.com (Schuyler Erle)
Date: Tue, 7 Oct 2003 06:19:21 -0700
Subject: [NoCat] Some hints about the crashes, question to the original authors
In-Reply-To: <3F8270B1.5070800@kiz.uni-ulm.de>
References: <3F8270B1.5070800@kiz.uni-ulm.de>
Message-ID: <20031007131921.GB15487@oreillynet.com>

* On  7-Oct-2003 at  1:06AM PDT, Karl Gaissmaier said:
> 
> There is a lot of mem management reserving 500_000 bytes during
> read() and shrinking it to the correct length.
> If this call is restarted by a signal, perhaps something in the
> universe goes wrong (everything is only hard- and software,
> and already my mother told me not to play with it) and perhaps
> we catch a SEGV.
> 
> Who coded this read() function in Gateway.pm?
> Perhaps he could tell us something about the background
> why he has choosen this approach?

That was me, and I have no excuse. You're absolutely right - do {
local $/; <$fh> } is a much more sensible approach. This is some great
work you've done, Charly - I say try the change and see if it still
segfaults. I really think you're on to something here.

SDE


From karl.gaissmaier at kiz.uni-ulm.de  Tue Oct  7 23:13:22 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Wed, 08 Oct 2003 00:13:22 +0200
Subject: [NoCat] Some hints about the crashes, question to the original
 authors
References: <3F8270B1.5070800@kiz.uni-ulm.de> <20031007131921.GB15487@oreillynet.com>
Message-ID: <3F833A81.C8A2D90E@kiz.uni-ulm.de>

Dies ist eine mehrteilige Nachricht im MIME-Format.
--------------53FF6C6C9CC6FAA686621567
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi Erle,

Schuyler Erle schrieb:
...
> > Who coded this read() function in Gateway.pm?
> > Perhaps he could tell us something about the background
> > why he has choosen this approach?
> 
> That was me, and I have no excuse. You're absolutely right - do {
> local $/; <$fh> } is a much more sensible approach. This is some great
> work you've done, Charly - I say try the change and see if it still
> segfaults. I really think you're on to something here.

hmmm, I tried it a little bit further and created a stress
test script, playing with this construct. After running this
test more than 1 hour with 500 simultaneous childs I could
not reproduce this SEGV or any other strong behavior.

The stress test script is attached.

The only thing I've seen is, that the reaper code
with the wait doesn't come back as expected, even
if you 'IGNORE' the SIGCHLD. Perhaps we should
further investigate in it, but I think this
wait isn't useful at all (at least on a modern OS)
with SIGCHLD on IGNORE. I disabled the reaper
code already in my production version.

After IGNORE on SIGCHLD und disabling the reaper
my gateway is now running more than 36h without
interruption (knocking on wood!).

I'll post further knowledge to this list
if I've more facts.

Regards
	Charly

BTW: No reason for excusion about your code, thanks
for NoCatAuth!! even if it is a little bit outdated
nowadays (for my needs).
I learned a lot dealing with it about captive gateways.
I'll write a shrink wrapped one with the 'same machine'
approach, what makes things really easy in
comparison to your more general approach.

-- 
Karl Gaissmaier                            University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de        KIZ, Service Group Network
--------------53FF6C6C9CC6FAA686621567
Content-Type: application/x-perl;
 name="crashtest.pl"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="crashtest.pl"

#!/usr/bin/perl

# Karl Gaissmaier karl.gaissmaier@kiz.uni-ulm.de
# Use it on your own risk!

# This is a stress program in order to check the behavior
# with a lot of childs talking back to the parent
# via a pipe.

# This piece of code shall localize problems we've seen
# with NoCatAuth under moderate/heavy load and is of no
# application without relation to NoCatAuth.

use strict;
use warnings;

use sigtrap qw(stack-trace untrapped normal-signals error-signals);

# cmdline arg defines how many kids to produce, permanently
my $nr_kids = shift or die "Usage: $0 nr_of_childs\n";
print "try to have $nr_kids kids concurrently running\n";

use Time::HiRes qw( usleep );
use IO::Select;    # used for the IO::Handle pool
use IO::Pipe;

my $pool = IO::Select->new or die "Can't create select pool: $!\n";
my @ready_fhs;
my $sel_timeout = 10;

my $zombies;

#$SIG{CHLD} = sub { $zombies++ };
$SIG{CHLD} = 'IGNORE';

# main loop
while (1) {
    create_kids();

    print "waiting for can_read or timeout\n";
    @ready_fhs = $pool->can_read($sel_timeout);
    foreach my $fh (@ready_fhs) {
        accept_kids_message($fh);
    }

    # reaper
    #    if ($zombies) {
    #	     print "Reaping dead child(s)\n";
    #        1 until ( wait == -1 );
    #        $zombies = 0;
    #        print "Reaping finished\n";
    #    }
}

sub create_kids {

    # $registered is identical with # running childs
    my $registered = $pool->count;
    print "back from can_read, pool has $registered FH(s)\n";

    # restart random number of childs up to $nr_kids
    for ( 1 .. int rand $nr_kids - $registered ) {

        # double check not to start more childs as $nr_kids
        my $registered = $pool->count;
        last if $registered >= $nr_kids;

        # create new pipe
        my $pipe = IO::Pipe->new or die "Can't create a pipe: $!\n";

        # fork a child talking back to parent via pipe
        my $pid = fork;
        if ( defined($pid) and $pid > 0 ) {    # parent
            print "child with pid $pid forked\n";
            $pipe->reader     or die "Can't bless to reader: $!\n";
            $pool->add($pipe) or die "Can't add pipe to pool: $!\n";
        }
        elsif ( defined($pid) and $pid == 0 ) {    # child
            $pipe->writer or die "Can't bless to writer: $!\n";

            # produce some randomness writing to parent
            usleep int rand(3_000_000);

            # produce some randomness in message length
            print $pipe "$$ " x int rand(10) or die "Can't write to pipe: $!\n";
            exit;                                  # child finished
        }
        else {
            warn "Can't fork: $!\n";
            last;
        }
    }
}

sub accept_kids_message {
    my $pipe = shift;

    # this is the test whether this construct out from Gateway.pm is
    # fault-prone with a lot of signals
    my $r = read( $pipe, my $msg, 500_000 );
    if ($r) {    # process childs notify
        print "Got message from: $msg\n";
    }
    elsif ( not defined $r ) {
        warn "Can't read from child: $!";
    }

    $pool->remove($pipe) or die "Can't remove pipe from pool: $!\n";
    $pipe->close         or die "Can't close pipe: $!\n";
}

# vim: cindent sw=2 sts=2 sm

--------------53FF6C6C9CC6FAA686621567--



From eb2bjx at hispavista.com  Thu Oct  9 01:04:23 2003
From: eb2bjx at hispavista.com (eb2bjx@hispavista.com)
Date: Thu, 09 Oct 2003 02:04:23 +0200
Subject: [NoCat] Help with throttling (HTB)
Message-ID: <web-463255992@hispavista.com>

This is a multi-part MIME message

--_===463255992====hispavista.com===_
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by hv143.hispavista.com id CAA24628

Hi all,

        Ive been experimenting with HTB to manage nocat
traffic. My connection is a 256Kbits/128Kbits ADSL.

When loading the attached script, I get the following error
messages:

HTB: quantum of class 10010 is small. Consider r2q change.
HTB: quantum of class 10011 is small. Consider r2q change.
HTB: quantum of class 10012 is small. Consider r2q change.
HTB: quantum of class 10020 is small. Consider r2q change.
HTB: quantum of class 10021 is small. Consider r2q change.
HTB: quantum of class 10022 is small. Consider r2q change.

I've searching documentation but I'm not a HBT guru....in my
opinion there is something wrong with some defined traffic
rates.

I attach my script.

Any help?

Thanks!
-------------------------------------------------------------------------=
-------------------------------
=BFQuieres conocer tu futuro? Te leemos las cartas de forma personalizada=
 en el 906 150 305
http://www.miwebcam.com/dialers/hispatarot/
-------------------------------------------------------------------------=
-------------------------------
=BFConoces eBay, el mayor centro de compra y venta en internet?
M=F3viles, port=E1tiles, pda=B4s, cd=B4s, c=E1maras digitales, videocamar=
as...
=A1Compra ahora a los mejores precios! http://ebay.hispavista.com/

--_===463255992====hispavista.com===_
Content-Type: text/plain
Content-Disposition: attachment; filename="throttle.fw"
Content-Transfer-Encoding: base64

IyEvYmluL3NoDQojIw0KIw0KIyB0aHJvdHRsZS5mdzogU2V0IHRoZSBiYW5kd2lkdGggcG9s
aWN5LCBiYXNlZCBvbiBGV01BUksNCiMNCiMgU2V0IHlvdXIgbGltaXRzIGluIHRoZSBkZWZp
bmVzIGF0IHRoZSB0b3AuICBTb21lZGF5IHRoaXMgd2lsbCBiZQ0KIyBpbnRlZ3JhdGVkIGlu
dG8gdGhlIG5vY2F0LmNvbmYuLi4NCiMNCiMjDQoNCiMgTm90ZTogeW91ciBQQVRIIGlzIGlu
aGVyaXRlZCBmcm9tIHRoZSBnYXRld2F5IHByb2Nlc3MNCiMNCg0KIyBOb3RlOiBhbGwgbnVt
YmVycyBhcmUgaW4ga2JpdCwgb21pdCB0aGUga2JpdCBvciBlbHNlIGZhaWx1cmUhDQoNCklu
dGVybmFsRGV2aWNlPWV0aDENCkV4dGVybmFsRGV2aWNlPWV0aDANCg0KIyBPdXRib3VuZCB0
cmFmZmljDQoNCiMgT3V0Ym91bmQgTWluaW11bXMNCg0KIyBEZWZpbmUgdGhlIG1pbmltdW0g
ZGF0YXJhdGVzIHRoYXQgZWFjaCBjbGFzcyBvZiB1c2VyIHdpbGwgYmUgYWJsZSB0byBnZXQN
CiMgd2hlbiB0aGUgc3lzdGVtIGlzIGZ1bGx5IGxvYWRlZC4gIE5vdGUgdGhhdCB0aGUgc3Vt
IG9mIHRoZXNlIHZhbHVlcyBzaG91bGQNCiMgYmUgZXF1YWwgdG8geW91ciBvdXRib3VuZCBi
YW5kd2lkdGguICBJZiBhIHBhcnRpY3VsYXIgY2xhc3MgaXMgbm90IHVzaW5nDQojIGl0cyBi
YW5kd2lkdGgsIGl0IHdpbGwgYmUgZ2l2ZW4gdG8gdGhlIG90aGVyIGNsYXNzZXMgYmFzZWQg
b24gdGhlDQojIHByaW9yaXRpemF0aW9uIHNjaGVtZSwgYW5kIG9uIHRoZSBtYXhpbXVtIGxp
bWl0cyBvZiB0aGUgb3RoZXIgY2xhc3Nlcy4NCg0KT1dORVJfTE9XX01JTl9VUD0yMCAgICAg
IyBNaW5pbXVtIHJhdGUgZm9yIG93bmVyJ3MgbG93IHByaW9yaXR5IHRyYWZmaWMNCk9XTkVS
X0hJR0hfTUlOX1VQPTUwICAgICMgTWluaW11bSByYXRlIGZvciBvd25lcidzIGhpZ2ggcHJp
b3JpdHkgdHJhZmZpYw0KDQpDT09QX0xPV19NSU5fVVA9MTUgICAgICAjIE1pbmltdW0gcmF0
ZSBmb3IgY29vcCBsb3cgcHJpb3JpdHkgdHJhZmZpYw0KQ09PUF9ISUdIX01JTl9VUD0zNSAg
ICAgIyBNaW5pbXVtIHJhdGUgZm9yIGNvb3AgaGlnaCBwcmlvcml0eSB0cmFmZmljDQoNClBV
QkxJQ19MT1dfTUlOX1VQPTAgICAgICMgTWluaW11bSByYXRlIGZvciBwdWJsaWMgbG93IHBy
aW9yaXR5IHRyYWZmaWMNClBVQkxJQ19ISUdIX01JTl9VUD0wICAgICMgTWluaW11bSByYXRl
IGZvciBwdWJsaWMgaGlnaCBwcmlvcml0eSB0cmFmZmljDQoNCiMgT3V0Ym91bmQgdHJhZmZp
YyBjYXBzDQoNCiMgVGhpcyBzZWN0aW9uIGFsbG93cyB0aGUgY2FwcGluZyBvZiBvdXRib3Vu
ZCB0cmFmZmljLiAgV2l0aCB0aGlzIGZpbHRlciwNCiMgdXNlcnMgYXJlIGd1YXJhbnRlZWQg
YXQgbGVhc3QgdGhlIG1pbmltdW0gcmF0ZSwgYW5kIGF0IG1vc3QgdGhlIG1heCByYXRlLg0K
IyBubyBudW1iZXIgaGVyZSBzaG91bGQgZXhjZWVkIHlvdXIgYWN0dWFsIGRhdGEgcmF0ZSB0
byB0aGUgbmV0d29yay4NCg0KT1dORVJfTE9XX01BWF9VUD0zMCAgICAgIyBNYXhpbXVtIHJh
dGUgZm9yIG93bmVyJ3MgbG93IHByaW9yaXR5IHRyYWZmaWMNCk9XTkVSX0hJR0hfTUFYX1VQ
PTcwICAgICMgTWF4aW11bSByYXRlIGZvciBvd25lcidzIGhpZ2ggcHJpb3JpdHkgdHJhZmZp
Yw0KDQpPV05FUl9NQVhfVVA9NzAgICAgICAgICAjIG1heGltdW0gdG90YWwgcmF0ZSBmb3Ig
dGhlIG93bmVyLiBTaG91bGQgYmUgYXQgbGVhc3QNCiAgICAgICAgICAgICAgICAgICAgICAg
ICMgdGhlIG1heCBvZiB0aGUgaGlnaCBhbmQgbG93IHByaW9yaXR5LCBhbmQgbGVzcyB0aGVu
DQogICAgICAgICAgICAgICAgICAgICAgICAjIHRoZWlyIHN1bS4NCg0KQ09PUF9MT1dfTUFY
X1VQPTIwICAgICAgIyBNYXhpbXVtIHJhdGUgZm9yIGNvb3AgbG93IHByaW9yaXR5IHRyYWZm
aWMNCkNPT1BfSElHSF9NQVhfVVA9NTAgICAgICMgTWF4aW11bSByYXRlIGZvciBjb29wIGhp
Z2ggcHJpb3JpdHkgdHJhZmZpYw0KDQoNCkNPT1BfTUFYX1VQPTUwICAgICAgICAgICMgTWF4
IHRvdGFsIHJhdGUgZm9yIGNvb3AuIFNpbWlsYXIgdG8gT1dORVJfTUFYX1VQDQoNClBVQkxJ
Q19MT1dfTUFYX1VQPTAgICAgICMgTWF4aW11bSByYXRlIGZvciBwdWJsaWMgbG93IHByaW9y
aXR5IHRyYWZmaWMNClBVQkxJQ19ISUdIX01BWF9VUD0wICAgICMgbWF4aW11bSByYXRlIGZv
ciBwdWJsaWMgaGlnaCBwcmlvcml0eSB0cmFmZmljDQoNCg0KUFVCTElDX01BWF9VUD0wICAg
ICAgICAgIyBNYXggdG90YWwgcmF0ZSBmb3IgcHVibGljLiBTaW1pbGFyIHRvIE9XTkVSX01B
WF9VUA0KDQoNCiMgSW5ib3VuZCBUcmFmZmljDQoNCiMgVGhpcyBzZWN0aW9uIGNvbmZpZ3Vy
ZXMgdGhlIGluYm91bmQgdHJhZmZpYyBzaGFwaW5nLiAgQXQgdGhpcyBwb2ludCwgdGhlcmUg
YXJlDQojIG9ubHkgdGhyZWUgY2xhc3NlcyBvZiBzZXJ2aWNlIGZvciBpbmJvdW5kOiBvd25l
ciwgY29vcCwgYW5kIHB1YmxpYy4NCg0KIyBNaW5pbXVtIFJhdGVzDQoNCiMgTm90ZTogdGhl
IHN1bSBvZiB0aGUgbWluaW11bSBkb3dubG9hZCByYXRlcyBzaG91bGQgYmUgZXF1YWwgdG8g
eW91ciBhY3R1YWwNCiMgaW5ib3VuZCBkYXRhIHJhdGUuICBBZ2FpbiwgYW55IHVudXNlZCBi
YW5kd2lkdGggd2lsbCBiZSBkaXZpZGVkIGFzIHBlciB0aGUNCiMgcnVsZXMgZGVmaW5lZC4N
Cg0KT1dORVJfTUlOX0RPV049MTUwICAgICAgICAgICAgICAjIE1pbmltdW0gaW5ib3VuZCBi
YW5kd2lkdGggZm9yIHRoZSBvd25lcg0KDQpDT09QX01JTl9ET1dOPTEwMCAgICAgICAgICAg
ICAgICMgTWluaW11bSBpbmJvdW5kIGJhbmR3aWR0aCBmb3IgdGhlIGNvb3AgdXNlcg0KDQpQ
VUJMSUNfTUlOX0RPV049MCAgICAgICAgICAgICAgICMgTWluaW11bSBpbmJvdW5kIGJhbmR3
aWR0aCBmb3IgcHVibGljIHVzZXJzDQoNCiMgTWF4aW11bSBSYXRlcw0KDQojIFRoZXNlIGFy
ZSB0aGUgaGFyZCBjYXBzIHRoYXQgd2lsbCBiZSBwdXQgYmFuZHdpZHRoLg0KDQpPV05FUl9N
QVhfRE9XTj0yNTAgICAgICAgICAgICAgICMgTWF4aW11bSBpbmJvdW5kIGJhbmR3aWR0aCBm
b3IgdGhlIG93bmVyDQoNCkNPT1BfTUFYX0RPV049MTgwICAgICAgICAgICAgICAgIyBNYXhp
bXVtIGluYm91bmQgYmFuZHdpZHRoIGZvciBjb29wIHVzZXJzDQoNClBVQkxJQ19NQVhfRE9X
Tj0wICAgICAgICAgICAgICAgIyBNYXhpbXVtIGluYm91bmQgYmFuZHdpZHRoIGZvciBwdWJs
aWMgdXNlcnMNCg0KDQojIE1pc2Mgb3B0aW9ucyBmb3Igb3duZXJzLCBjb29wLCBhbmQgcHVi
bGljLiAgbm90IGN1cnJlbnRseSB1c2VkLg0KDQpPV05FUl9PUFRJT05TPSIiDQoNCg0KQ09P
UF9PUFRJT05TPSIiDQoNCg0KUFVCTElDX09QVElPTlM9IiINCg0KIyBMb3cgcHJpb3JpdHkg
ZGVzdCBwb3J0cw0KDQojIGFsbCB0cmFmZmljIGdvaW5nIHRvIHRoZXNlIHBvcnRzIHdpbGwg
YmUgZGVjbGFyZWQgbG93IHByaW9yaXR5Lg0KTE9XX1BSSU9SSVRZX1BPUlRTPSI2ODgxIDY4
ODIgNjg4MyA2ODg0IDY4ODUgNjg4NiA2ODg3IDY4ODggNjg4OSA2MzQ2IDYzNTcgNjM0OCIN
Cg0KDQojIE1hdGggc2VjdGlvbjogQ2FsY3VsYXRlcyBldmVyeXRoaW5nIG91dCBzbyB0aGF0
IGl0IHdpbGwgd29yayBwcm9wZXJseS4NCg0KIyBkZWZpbmUgdGhlIHB1YmxpYyBtaW5pbXVt
IG91dGJvdW5kIGJhbmR3aWR0aA0KUFVCTElDX01JTl9VUD0kKCgkUFVCTElDX0xPV19NSU5f
VVAgKyAkUFVCTElDX0hJR0hfTUlOX1VQKSkNCg0KIyBkZWZpbmUgdGhlIGNvb3AgbWluaW11
bSBvdXRib3VuZCBiYW5kd2lkdGgNCkNPT1BfTUlOX1VQPSQoKCRDT09QX0xPV19NSU5fVVAg
KyAkQ09PUF9ISUdIX01JTl9VUCkpDQoNCiMgZGVmaW5lIHRoZSBvd25lciBtaW5pbXVtIG91
dGJvdW5kIGJhbmR3aWR0aA0KT1dORVJfTUlOX1VQPSQoKCRPV05FUl9MT1dfTUlOX1VQICsg
JE9XTkVSX0hJR0hfTUlOX1VQKSkNCg0KDQojIHRoZSB0b3RhbCBkb3dubG9hZCBzcGVlZCBz
aG91bGQgYmUgdGhlIHN1bWUgb2YgYWxsIHRoZSBtaW5pbXVtcy4gIFVudXNlZCBiYW5kd2lk
dGggd2lsbA0KDQojIGJlIHNoYXJlZCBhcyBwZXIgdGhlIGNlaWxpbmdzDQpUT1RBTF9ET1dO
PSQoKCRQVUJMSUNfTUlOX0RPV04gKyAkQ09PUF9NSU5fRE9XTiArICRPV05FUl9NSU5fRE9X
TikpDQoNCg0KIyBUb3RhbCBvdXRib3VuZCBiYW5kd2lkdGgNClRPVEFMX1VQPSQoKCRQVUJM
SUNfTUlOX1VQICsgJENPT1BfTUlOX1VQICsgJE9XTkVSX01JTl9VUCkpDQoNCg0KTUVUSE9E
PSJzZnEgcXVhbnR1bSAxNTE0YiBwZXJ0dXJiIDE1Ig0KTUVUSE9EX0hJR0g9InByaW8gYmFu
ZHMgNCBwcmlvbWFwIDIgMyAzIDMgMiAzIDEgMSAyIDIgMiAyIDIgMiAyIDIiDQoNCg0KIyMN
CiMgTm93LCB0aGUgcnVsZXMNCiMjDQoNCiMNCiMgRmlyc3QsIGZsdXNoIGFueSBleGlzdGlu
ZyByb290IHF1ZXVlcw0KIw0KdGMgcWRpc2MgZGVsIGRldiAkSW50ZXJuYWxEZXZpY2Ugcm9v
dCBoYW5kbGUgMToNCnRjIHFkaXNjIGRlbCBkZXYgJEV4dGVybmFsRGV2aWNlIHJvb3QgaGFu
ZGxlIDE6DQoNCiMNCiMgU3BlY2lmeSB0aGUgcXVldWUgZGlzY2lwbGluZSBmb3IgYm90aCBp
bnRlcmZhY2VzDQojDQp0YyBxZGlzYyBhZGQgZGV2ICRJbnRlcm5hbERldmljZSByb290IGhh
bmRsZSAxOiBodGIgZGVmYXVsdCAxDQp0YyBxZGlzYyBhZGQgZGV2ICRFeHRlcm5hbERldmlj
ZSByb290IGhhbmRsZSAxOiBodGIgZGVmYXVsdCAxMQ0KDQojDQojIFNwZWNpZnkgdGhlIHJv
b3QgY2xhc3MgKGZpbGxpbmcgYWxsIGJhbmR3aWR0aC4pDQojIEFsbCBvdGhlciBjbGFzc2Vz
IGRlc2NlbmQgZnJvbSB0aGVzZS4NCiMNCnRjIGNsYXNzIGFkZCBkZXYgJEludGVybmFsRGV2
aWNlIFwNCiAgICBwYXJlbnQgMTogY2xhc3NpZCAxOjEgaHRiIHJhdGUgJFRPVEFMX0RPV05c
a2JpdCBjZWlsICRUT1RBTF9ET1dOXGtiaXQNCg0KdGMgY2xhc3MgYWRkIGRldiAkRXh0ZXJu
YWxEZXZpY2UgXA0KICAgIHBhcmVudCAxOiBjbGFzc2lkIDE6MSBodGIgcmF0ZSAkVE9UQUxf
VVBca2JpdCBjZWlsICRUT1RBTF9VUFxrYml0DQoNCiMjDQojIERlZmluZSB0aGUgdXNlciBj
bGFzc2VzDQojIw0KDQojDQojIE93bmVyIGNsYXNzDQojDQp0YyBjbGFzcyBhZGQgZGV2ICRJ
bnRlcm5hbERldmljZSBcDQogICAgcGFyZW50IDE6MSBjbGFzc2lkIDE6MTAgaHRiIHJhdGUg
JE9XTkVSX01JTl9ET1dOXGtiaXQgXA0KICAgIGNlaWwgJE9XTkVSX01BWF9ET1dOXGtiaXQg
cHJpbyAxDQoNCnRjIGNsYXNzIGFkZCBkZXYgJEV4dGVybmFsRGV2aWNlIFwNCiAgICBwYXJl
bnQgMToxIGNsYXNzaWQgMToxMCBodGIgcmF0ZSAkT1dORVJfTUlOX1VQXGtiaXQgXA0KICAg
IGNlaWwgJE9XTkVSX01BWF9VUFxrYml0IHByaW8gMQ0KDQp0YyBjbGFzcyBhZGQgZGV2ICRF
eHRlcm5hbERldmljZSBcDQogICAgcGFyZW50IDE6MTAgY2xhc3NpZCAxOjExIGh0YiByYXRl
ICRPV05FUl9ISUdIX01JTl9VUFxrYml0IFwNCiAgICBjZWlsICRPV05FUl9ISUdIX01BWF9V
UFxrYml0IHByaW8gMQ0KDQp0YyBjbGFzcyBhZGQgZGV2ICRFeHRlcm5hbERldmljZSBcDQog
ICAgcGFyZW50IDE6MTAgY2xhc3NpZCAxOjEyIGh0YiByYXRlICRPV05FUl9MT1dfTUlOX1VQ
XGtiaXQgXA0KICAgIGNlaWwgJE9XTkVSX0xPV19NQVhfVVBca2JpdCBwcmlvIDINCg0KIw0K
IyBDb29wIGNsYXNzDQojDQoNCnRjIGNsYXNzIGFkZCBkZXYgJEludGVybmFsRGV2aWNlIFwN
CiAgICBwYXJlbnQgMToxIGNsYXNzaWQgMToyMCBodGIgcmF0ZSAkQ09PUF9NSU5fRE9XTlxr
Yml0IFwNCiAgICBjZWlsICRDT09QX01BWF9ET1dOXGtiaXQgcHJpbyAyDQoNCnRjIGNsYXNz
IGFkZCBkZXYgJEV4dGVybmFsRGV2aWNlIFwNCiAgICBwYXJlbnQgMToxIGNsYXNzaWQgMToy
MCBodGIgcmF0ZSAkQ09PUF9NSU5fVVBca2JpdCBcDQogICAgY2VpbCAkQ09PUF9NQVhfVVBc
a2JpdCBwcmlvIDINCg0KdGMgY2xhc3MgYWRkIGRldiAkRXh0ZXJuYWxEZXZpY2UgXA0KICAg
IHBhcmVudCAxOjIwIGNsYXNzaWQgMToyMSBodGIgcmF0ZSAkQ09PUF9ISUdIX01JTl9VUFxr
Yml0IFwNCiAgICBjZWlsICRDT09QX0hJR0hfTUFYX1VQXGtiaXQgcHJpbyAxDQoNCnRjIGNs
YXNzIGFkZCBkZXYgJEV4dGVybmFsRGV2aWNlIFwNCiAgICBwYXJlbnQgMToyMCBjbGFzc2lk
IDE6MjIgaHRiIHJhdGUgJENPT1BfTE9XX01JTl9VUFxrYml0IFwNCiAgICBjZWlsICRDT09Q
X0xPV19NQVhfVVBca2JpdCBwcmlvIDINCiMNCiMgUHVibGljIGNsYXNzDQojDQoNCnRjIGNs
YXNzIGFkZCBkZXYgJEludGVybmFsRGV2aWNlIFwNCiAgICBwYXJlbnQgMToxIGNsYXNzaWQg
MTozMCBodGIgcmF0ZSAkUFVCTElDX01JTl9ET1dOXGtiaXQgXA0KICAgIGNlaWwgJFBVQkxJ
Q19NQVhfRE9XTlxrYml0IHByaW8gMw0KDQp0YyBjbGFzcyBhZGQgZGV2ICRFeHRlcm5hbERl
dmljZSBcDQogICAgcGFyZW50IDE6MSBjbGFzc2lkIDE6MzAgaHRiIHJhdGUgJFBVQkxJQ19N
SU5fVVBca2JpdCBcDQogICAgY2VpbCAkUFVCTElDX01BWF9VUFxrYml0IHByaW8gMw0KDQp0
YyBjbGFzcyBhZGQgZGV2ICRFeHRlcm5hbERldmljZSBcDQogICAgcGFyZW50IDE6MzAgY2xh
c3NpZCAxOjMxIGh0YiByYXRlICRQVUJMSUNfSElHSF9NSU5fVVBca2JpdCBcDQogICAgY2Vp
bCAkUFVCTElDX0hJR0hfTUFYX1VQXGtiaXQgcHJpbyAxDQoNCnRjIGNsYXNzIGFkZCBkZXYg
JEV4dGVybmFsRGV2aWNlIFwNCiAgICBwYXJlbnQgMTozMCBjbGFzc2lkIDE6MzIgaHRiIHJh
dGUgJFBVQkxJQ19MT1dfTUlOX1VQXGtiaXQgXA0KICAgIGNlaWwgJFBVQkxJQ19MT1dfTUFY
X1VQXGtiaXQgcHJpbyAyDQoNCiMjDQojIEFkZCB0aGUgcXVldWUgbWFuYWdlbWVudCBydWxl
cw0KIyMNCg0KIyBzZXR1cCB0aGUgaW5ib3VuZCB0cmFmZmljIHNoYXBpbmcNCg0KdGMgcWRp
c2MgYWRkIGRldiAkSW50ZXJuYWxEZXZpY2UgcGFyZW50IDE6MTAgJE1FVEhPRA0KdGMgcWRp
c2MgYWRkIGRldiAkSW50ZXJuYWxEZXZpY2UgcGFyZW50IDE6MjAgJE1FVEhPRA0KdGMgcWRp
c2MgYWRkIGRldiAkSW50ZXJuYWxEZXZpY2UgcGFyZW50IDE6MzAgJE1FVEhPRA0KDQojIHNl
dHVwIHRoZSBsb3cgcHJpb3JpdHkgb3V0Ym91bmQgc3R1ZmYNCg0KdGMgcWRpc2MgYWRkIGRl
diAkRXh0ZXJuYWxEZXZpY2UgcGFyZW50IDE6MTIgaGFuZGxlIDEyOiAkTUVUSE9EDQp0YyBx
ZGlzYyBhZGQgZGV2ICRFeHRlcm5hbERldmljZSBwYXJlbnQgMToyMiBoYW5kbGUgMjI6ICRN
RVRIT0QNCnRjIHFkaXNjIGFkZCBkZXYgJEV4dGVybmFsRGV2aWNlIHBhcmVudCAxOjMyIGhh
bmRsZSAzMjogJE1FVEhPRA0KDQojIHNldHVwIHRoZSBoaWdoIHByaW9yaXR5IG91dGJvdW5k
IHFkaXNrcw0KdGMgcWRpc2MgYWRkIGRldiAkRXh0ZXJuYWxEZXZpY2UgcGFyZW50IDE6MTEg
aGFuZGxlIDExOiAkTUVUSE9EX0hJR0gNCnRjIHFkaXNjIGFkZCBkZXYgJEV4dGVybmFsRGV2
aWNlIHBhcmVudCAxOjIxIGhhbmRsZSAyMTogJE1FVEhPRF9ISUdIDQp0YyBxZGlzYyBhZGQg
ZGV2ICRFeHRlcm5hbERldmljZSBwYXJlbnQgMTozMSBoYW5kbGUgMzE6ICRNRVRIT0RfSElH
SA0KDQojIw0KIyBGaW5hbGx5LCBmaWx0ZXIgZWFjaCBmd21hcmsgdG8gdGhlIGFib3ZlIGRl
ZmluZWQgY2xhc3Nlcw0KIyMNCg0KdGMgZmlsdGVyIGFkZCBkZXYgJEludGVybmFsRGV2aWNl
IHByb3RvY29sIGlwIHBhcmVudCAxOiBwcmlvIDEgaGFuZGxlIDEgZncgY2xhc3NpZCAxOjEw
DQp0YyBmaWx0ZXIgYWRkIGRldiAkSW50ZXJuYWxEZXZpY2UgcHJvdG9jb2wgaXAgcGFyZW50
IDE6IHByaW8gMSBoYW5kbGUgMiBmdyBjbGFzc2lkIDE6MjANCnRjIGZpbHRlciBhZGQgZGV2
ICRJbnRlcm5hbERldmljZSBwcm90b2NvbCBpcCBwYXJlbnQgMTogcHJpbyAxIGhhbmRsZSAz
IGZ3IGNsYXNzaWQgMTozMA0KDQp0YyBmaWx0ZXIgYWRkIGRldiAkRXh0ZXJuYWxEZXZpY2Ug
cHJvdG9jb2wgaXAgcGFyZW50IDE6IHByaW8gMSBoYW5kbGUgMSBmdyBjbGFzc2lkIDE6MTAN
CnRjIGZpbHRlciBhZGQgZGV2ICRFeHRlcm5hbERldmljZSBwcm90b2NvbCBpcCBwYXJlbnQg
MTogcHJpbyAxIGhhbmRsZSAyIGZ3IGNsYXNzaWQgMToyMA0KdGMgZmlsdGVyIGFkZCBkZXYg
JEV4dGVybmFsRGV2aWNlIHByb3RvY29sIGlwIHBhcmVudCAxOiBwcmlvIDEgaGFuZGxlIDMg
ZncgY2xhc3NpZCAxOjMwDQoNCiMgZGVmYXVsdCBhbGwgdHJhZmZpYyB0byBvd25lciBjbGFz
cy4NCnRjIGZpbHRlciBhZGQgZGV2ICRFeHRlcm5hbERldmljZSBwcm90b2NvbCBpcCBwYXJl
bnQgMTogcHJpbyAyIHUzMiBtYXRjaCBpcCBkc3QgMC4wLjAuMC8wIGNsYXNzaWQgMToxMA0K
DQojIGRlZmF1bHQgYWxsIHRyYWZmaWMgdG8gaGlnaCBwcmlvcml0eQ0KdGMgZmlsdGVyIGFk
ZCBkZXYgJEV4dGVybmFsRGV2aWNlIHByb3RvY29sIGlwIHBhcmVudCAxOjEwIHByaW8gMTAg
dTMyIG1hdGNoIGlwIGRzdCAwLjAuMC4wLzAgY2xhc3NpZCAxOjExDQp0YyBmaWx0ZXIgYWRk
IGRldiAkRXh0ZXJuYWxEZXZpY2UgcHJvdG9jb2wgaXAgcGFyZW50IDE6MjAgcHJpbyAxMCB1
MzIgbWF0Y2ggaXAgZHN0IDAuMC4wLjAvMCBjbGFzc2lkIDE6MjENCnRjIGZpbHRlciBhZGQg
ZGV2ICRFeHRlcm5hbERldmljZSBwcm90b2NvbCBpcCBwYXJlbnQgMTozMCBwcmlvIDEwIHUz
MiBtYXRjaCBpcCBkc3QgMC4wLjAuMC8wIGNsYXNzaWQgMTozMQ0KDQojIGZpbHRlciB0cmFm
ZmljIG9mZiB0byB0aGUgbG93IHByaW9yaXR5IHF1ZXVlcy4NCmZvciBwb3J0IGluICRMT1df
UFJJT1JJVFlfUE9SVFM7IGRvDQogICAgIyBmaWx0ZXIgYmFzZWQgb24gZGVzdCBwb3J0cw0K
ICAgIHRjIGZpbHRlciBhZGQgZGV2ICRFeHRlcm5hbERldmljZSBwcm90b2NvbCBpcCBwYXJl
bnQgMToxMCBwcmlvIDEgdTMyIG1hdGNoIFwNCiAgICAgICAgaXAgZHBvcnQgJHBvcnQgMHhm
ZmZmIGZsb3dpZCAxOjEyDQogICAgdGMgZmlsdGVyIGFkZCBkZXYgJEV4dGVybmFsRGV2aWNl
IHByb3RvY29sIGlwIHBhcmVudCAxOjIwIHByaW8gMSB1MzIgbWF0Y2ggXA0KICAgICAgICBp
cCBkcG9ydCAkcG9ydCAweGZmZmYgZmxvd2lkIDE6MjINCiAgICB0YyBmaWx0ZXIgYWRkIGRl
diAkRXh0ZXJuYWxEZXZpY2UgcHJvdG9jb2wgaXAgcGFyZW50IDE6MzAgcHJpbyAxIHUzMiBt
YXRjaCBcDQogICAgICAgIGlwIGRwb3J0ICRwb3J0IDB4ZmZmZiBmbG93aWQgMTozMg0KDQog
ICAgIyBmaWx0ZXIgYmFzZWQgb24gc291cmNlIHBvcnRzDQogICAgdGMgZmlsdGVyIGFkZCBk
ZXYgJEV4dGVybmFsRGV2aWNlIHByb3RvY29sIGlwIHBhcmVudCAxOjEwIHByaW8gMSB1MzIg
bWF0Y2ggXA0KICAgICAgICBpcCBzcG9ydCAkcG9ydCAweGZmZmYgZmxvd2lkIDE6MTINCiAg
ICB0YyBmaWx0ZXIgYWRkIGRldiAkRXh0ZXJuYWxEZXZpY2UgcHJvdG9jb2wgaXAgcGFyZW50
IDE6MjAgcHJpbyAxIHUzMiBtYXRjaCBcDQogICAgICAgIGlwIHNwb3J0ICRwb3J0IDB4ZmZm
ZiBmbG93aWQgMToyMg0KICAgIHRjIGZpbHRlciBhZGQgZGV2ICRFeHRlcm5hbERldmljZSBw
cm90b2NvbCBpcCBwYXJlbnQgMTozMCBwcmlvIDEgdTMyIG1hdGNoIFwNCiAgICAgICAgaXAg
c3BvcnQgJHBvcnQgMHhmZmZmIGZsb3dpZCAxOjMyDQpkb25lDQoNCiMgcHJpb3JpdGl6ZSBh
Y2tzIGFib3ZlIGFsbCBlbHNlDQp0YyBmaWx0ZXIgYWRkIGRldiAkRXh0ZXJuYWxEZXZpY2Ug
cHJvdG9jb2wgaXAgcGFyZW50IDExOiBwcmlvIDEgdTMyIFwNCiAgICBtYXRjaCBpcCBwcm90
b2NvbCA2IDB4ZmYgXA0KICAgIG1hdGNoIHU4IDB4MTAgMHhGRiBhdCBuZXh0aGRyKzEzIFwN
CiAgICBmbG93aWQgMTE6MQ0KDQp0YyBmaWx0ZXIgYWRkIGRldiAkRXh0ZXJuYWxEZXZpY2Ug
cHJvdG9jb2wgaXAgcGFyZW50IDIxOiBwcmlvIDEgdTMyIFwNCiAgICBtYXRjaCBpcCBwcm90
b2NvbCA2IDB4ZmYgXA0KICAgIG1hdGNoIHU4IDB4MTAgMHhGRiBhdCBuZXh0aGRyKzEzIFwN
CiAgICBmbG93aWQgMjE6MQ0KDQp0YyBmaWx0ZXIgYWRkIGRldiAkRXh0ZXJuYWxEZXZpY2Ug
cHJvdG9jb2wgaXAgcGFyZW50IDMxOiBwcmlvIDEgdTMyIFwNCiAgICBtYXRjaCBpcCBwcm90
b2NvbCA2IDB4ZmYgXA0KICAgIG1hdGNoIHU4IDB4MTAgMHhGRiBhdCBuZXh0aGRyKzEzIFwN
CiAgICBmbG93aWQgMzE6MQ0KDQojIyMNCiMjIE5vdywgdGhlIGlwdGFibGVzIHJ1bGVzDQoj
IyMNCg0KaXB0YWJsZXMgLUEgT1VUUFVUIC10IG1hbmdsZSAtcCB0Y3AgLS1kcG9ydCAyMiAt
aiBUT1MgLS1zZXQtdG9zIE1pbmltaXplLURlbGF5DQppcHRhYmxlcyAtQSBPVVRQVVQgLXQg
bWFuZ2xlIC1wIHRjcCAtLWRwb3J0IDgwIC1qIFRPUyAtLXNldC10b3MgTWF4aW1pemUtVGhy
b3VnaHB1dA0KaXB0YWJsZXMgLUEgT1VUUFVUIC10IG1hbmdsZSAtcCB0Y3AgLS1kcG9ydCA0
NDMgLWogVE9TIC0tc2V0LXRvcyBNYXhpbWl6ZS1UaHJvdWdocHV0DQoNCiMNCiMgRW5kZQ0K
Iw0K

--_===463255992====hispavista.com===_--


From shubhobiswas at hotmail.com  Thu Oct  9 01:23:43 2003
From: shubhobiswas at hotmail.com (Shubho Biswas)
Date: Wed, 08 Oct 2003 20:23:43 -0400
Subject: [NoCat] Gnu Privacy Guard
Message-ID: <BAY8-F89dU8ASJTeKLL000279d3@hotmail.com>

When installing the pre-requisite gnupg for authservice installation, do I 
need to create/import keys?  Ie: do I need to do

gpg --gen-key
or
gpg --import path/to/pgp/keyring/pubring.pkr

?

I've tried without and I'm having problems authenticating.  I've also tried 
generating a key but I'm not sure if it needs to be done the same way as 
make pgpkey where we're not supposed to insert a passphrase.  Any advice?

Thanks in advance.

Shubho

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail



From ulrich.schwarz at rz.uni-ulm.de  Thu Oct  9 08:37:09 2003
From: ulrich.schwarz at rz.uni-ulm.de (ulrich schwarz)
Date: Thu,  9 Oct 2003 09:37:09 +0200
Subject: [NoCat] Gnu Privacy Guard
In-Reply-To: <BAY8-F89dU8ASJTeKLL000279d3@hotmail.com>
References: <BAY8-F89dU8ASJTeKLL000279d3@hotmail.com>
Message-ID: <1065685029.3f85102538463@imap.rz.uni-ulm.de>

Shubho Biswas <shubhobiswas@hotmail.com> wrote:

> When installing the pre-requisite gnupg for authservice installation, do I 
> need to create/import keys?  Ie: do I need to do
> 
> gpg --gen-key
> or
> gpg --import path/to/pgp/keyring/pubring.pkr
> 
> ?
> 
> I've tried without and I'm having problems authenticating.  I've also tried 
> generating a key but I'm not sure if it needs to be done the same way as 
> make pgpkey where we're not supposed to insert a passphrase.  Any advice?
> 
> Thanks in advance.
> 
> Shubho

hi shubho,

as far as i remember, running make includes the procedure of generating the 
keypair. it is important _not_ to enter a passphrase.

also, you can run make pgpkey (or something similar, see the docs) to perform 
this seperately.

HTH,

ulric


From tfd at vodafone.es  Wed Oct  8 12:00:21 2003
From: tfd at vodafone.es (Toni dlF. Diaz)
Date: Wed, 08 Oct 2003 13:00:21 +0200
Subject: [NoCat] NoCatAuth Howto v1.3 (spanish & english)
Message-ID: <1065610821.5420.18.camel@flame>

He actualizado el NoCatBOX HowTo. Se han a=C3=B1adido varias opciones que
hab=C3=ADa olvidado y la configuraci=C3=B3n del MySQL Server para almacenar=
 los
usuarios.

Version en castellano
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-es.pdf

Version en ingl=C3=A9s
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-en.pdf

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

I have updated the NoCatBOX HowTo. Several options have been added since
I forgot to add them previously. The configuration for MySQL Server to
store users has been added too.

English Version:
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-en.pdf

Spanish version:
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-es.pdf


Toni
Blyx.com



From tfd at vodafone.es  Mon Oct  6 13:35:35 2003
From: tfd at vodafone.es (Toni dlF. Diaz)
Date: Mon, 06 Oct 2003 14:35:35 +0200
Subject: [NoCat] NoCat SameMachine: How To?
In-Reply-To: <23e7923fe2.23fe223e79@optonline.net>
References: <23e7923fe2.23fe223e79@optonline.net>
Message-ID: <1065443735.1470.40.camel@flame>

English version is already available:
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-en.pdf


Toni
Blyx.com

El mar, 23-09-2003 a las 16:53, pachai@optonline.net escribi=C3=B3:
> >>>Eric CARCAILLON <eric.carcaillon@selftrade.com> =20
> >>>I wrote a doc but it is in French....
>=20
> >>>From: "Toni dlF. Diaz" <tfd@vodafone.es>
> >>> I wrote a doc in spanish and I'm working to translate it to english
>=20
> It seems to me, if both of these documents get translated into English,
> we can compare them - they should turn out identical, right?
>=20
> Seriously, we would be greatful for either or both
>=20
>=20
>=20
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat



From ryan at muppethouse.com  Thu Oct  9 19:28:08 2003
From: ryan at muppethouse.com (Ryan)
Date: Thu, 09 Oct 2003 14:28:08 -0400
Subject: [NoCat] Redirect Proxy Server
In-Reply-To: <200310051209.37452.karl.gaissmaier@kiz.uni-ulm.de>
References: <3F4E269D@leto.ceplus.de> <3F7F2F09.4030005@muppethouse.com> <200310051209.37452.karl.gaissmaier@kiz.uni-ulm.de>
Message-ID: <3F85A8B8.1020803@muppethouse.com>

This is a multi-part message in MIME format.
--------------090102030906020007030009
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Karl,

What I did was quite simple.  Here is an image of my layout.  All I have 
is one entry in the IPTables ruleset on the Linux Router / NoCat Auth 
server that says:
-A PREROUTING -s 10.0.10.0/255.255.255.0 -p tcp -m tcp --dport 80 -j 
REDIRECT --to-ports 3128

That means that all traffic that comes from the 10.0.10.0/24 network 
destined for TCP port 80 should be redirected, essentially nat'd to port 
3128.  This redirection is done on the Linux router and the machine on 
the wireless segment doesn't have a clue that this is occuring.

I didn't add any new or strange rules on the NoCat gateway.  I did not 
have to configure any browsers.  All web traffic from that network goes 
through my proxy server.

-Ryan


Karl Gaissmaier wrote:

>Hi Ryan,
>
>On Saturday 04 October 2003 22:35, Ryan Shea wrote:
>  
>
>>Maybe I wasn't clear.  The iptables rule I mentioned is on my firewall
>>rather than my NoCat gateway - so creating this redirect rule is
>>complely transparent and the NoCat authentication works without any
>>problem.
>>    
>>
>
>
>Hmmm, I didn't understand your drawing. It would be
>nice if you could try again to describe your solution
>how you solved the problem with proxy servers.
>
>What happens with your logouts if they come via
>the web proxy? You don't have the Client MAC address
>to logout? Do you igore MAC addresses?
>
>Regards
>	Charly
>  
>


--------------090102030906020007030009
Content-Type: image/png;
 name="wireless.png"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="wireless.png"

iVBORw0KGgoAAAANSUhEUgAAAcUAAAJkCAMAAABXt8pgAAADAFBMVEXy8vIAAADy8vLy8vLy
8vLy8vJ/f38AAAB/f39/f39/f38AAADy8vLy8vIAAADy8vIAAADy8vIAAABycnJycnJycnJy
cnJ/f38AAACMjIx/f3////8AAAAAAAAAAAAAAADy8vIAAABMTEwAAAAAAAAAAAB/f3+/v79/
f38AAADy8vIAAAAAAAB/f3+D/wD///9/f39/f3+/v7+/v78AAAAAAAAAAAAAAAAAAAD/////
//////////////////////////////8AAAAAAAD////MzMzMzMzMzMzMzMzMzMzMzMzMzMzM
zMzMzMzMzMzMzMzMzMyvr2Z/fwClpUylpUyvr2avr2YAf39JSUkAf38Af38Af38Af38Af38A
AAB8fHxJSUlJSUlJSUkKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoK
CgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoK
CgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoK
CgoKCgoKCgoKCgoKCgoKCgoKCgpJSUm/v7////8AAAD///////////9JSUn/////////////
//////////////+D/wAAAACD/wAKCgoWFhYAAAD//wAAKFAAN20ARYoAVKgAYsUAceIAgP8a
jP8zmf9Npv9ms/+Av/+ZzP+z2f/M5v8AADMAAFUAAHcAAJkAALsAAN0AAP8XF/8tLf9ERP9b
W/9xcf+IiP+fn/+1tf/MzP8aADMmAE0zAGZAAIBNAJlZALNmAMxzAOaAAP+OHf+dOv+rV/+6
df/Ikv/Xr//mzP8zADNNAE1mAGaAAICZAJmzALPMAMzmAOb/AP//Hf//Ov//V///df//kv//
r///zP8zABpNACZmADOAAECZAE2zAFnMAGbmAHP/AID/HY7/Op3/V6v/dbr/ksj/r9f/zOZD
GCZUAAAAAWJLR0QbAmDUpAAAAAlwSFlzAAAOwwAADsMBx2+oZAAAFTJJREFUeNrt3UvWojoX
gOHsTk2AFis9O4wkAyir8dOzwfxYZ4g/5ALBKyhIgu9eZ5UKQT15vpBkc1FpTWQfiir4bUWJ
Y+XSxDcUbyheyNyURnJ3xbsET1yWlie2V3xY/Y9WLC1PbK74tOrvrXy2AY67KL6s9psC8uEb
EqsryuIyssp7EisqyuJSstq7EispyuJysur7EisoyuKSsvo7Ex8qyuJWK5u8N/GB4rKKlrfY
ibQUu+KiUUxNcXE1y6bFiXcUt69kGDdX/EYVw7ix4ncqGEYUUUykemHcUPF7lQvjZorfrFoY
UUQxkYqFEUUUE6lWGFFEMZFahXF9xe/XKYpHUIQRRRSvKrM/33eXGhXNtTirKLpq3Kky9/zs
4yimUoFAvq+YVNXh+J5iatUG4xuK6VUajIsVU6wyGBcqpllhMC5STLW6YDyCIowLFNOtKxSP
oAjjbMWkawrGeYpp1xOKR1CEcZZi6rWEIoooopiNYvqVBCOKKKKIIoooorhAMYcqghFFFFFE
EcWUFFvT/1tJ1T+YVi+9QXh5XapC8fuKhWU4tUX/UBZLa1lqdVVKaIzfVyxPffHGNP0mp2qx
YlWguL+iahylBewo+0uqyqbW+tI0hX8P/7QSaWozPrqPsBuOpRb/ShGKa4xu+o6xrnR1st2i
VSyU0WWpVHGxr4enlVZlOz66j1C1npaiLe6gWPzRqidplf5TOMW+nfX9nXKq4WnjRjLDow58
k1Io7qFY1W5Q0w1zuiapw0Wq4bf4ZHxaSV1VenwMH1GruBSKeyiqRtlOztSqH+EMimMqNjzV
pizaMnr0H9HtjGWyAYjfn/XXZR09BsV2RGmjs1uNTB/tQ1HJZAMUv6/4x/dzZfMnUiz/KPWn
dh2ff9qWSlsv/zh8hKqjUo1RKH5f0fh9obKjmqFnKxo7o5fxqakb6XM84XH8iDIq1U04UPy+
4r6BIoq/oMixfhRRRBFFFAkUD6bIdRoooogiiqspci0xiiAmosg9NlAEMRFF7lp0CEXuA4fi
06hB/JriZtVV/68G8WuKa1RYfQ/xfyNjDeLWiitUWV3fQwyMddcsaxA3Vvy80m72nhaxro0Z
QWsQt1X8+Ccs6v9dMdbOsAv3tA7X38wxBPE9xY+r7orR7kItYg/Yr7GgGG6sOF6UNq8ar3eQ
k9Zm4TyiW2JcvMATfp/oU8VBcp7idUdnRka3JmJ7aeivx0FmFcX5g4v6ZsBipn1fxGZe704B
3E3xytHEryK3GV0iiDspDjFxHOX0nacoflFx7nU4t72dMW99HxB3VzTmY0YUE1CcOqKYiOL7
1XqmKaJIrKn4TsXa0eoZxJwV3ZTj/PcckaK4s+LCqg3zxl7RTBeBmIliPRxejBRDYgDFHRXn
V249HJUyJlbsDy36Y4sg7qU496ZGw/k1pkf8+/c8SaDWbv1jSBCTUPSIdu5/peiW1pPzqFD8
ruKS44w+gXOjODjWIO6kOPPYRkjF6buKwfH+0SkQt1ecU8mTc2q84o3Xo0P9IH5DcX5afEC8
0xi1fnCkGMS0FMNs8e/5geLdY1YofkdxXkWHW70/VWR/up/igqoWvUwRxO8pzq5scfm3893h
DYg7K86sbnHdopnbGEH8ruKsChe9TBHEbyvOqHLRU0UBMTnFV5du+NVxW5TlbydPQk8e7pZA
cY6jvDLp/ezBKccoC9+pW666/+7HgPVgrULxkwYZmTi+sWN8UP7J38lDpudBW1zaIOWxybXi
DdnzykbxS4o3vddkza3is9J396jvB4orhVecP+9HMT1FP7gxekkqFcUEFc0qirIoUExUcVEj
RHGLbhHFQyi+ObxBMQHF6JSb9xojimkonlE8hKLFO6OYtaLpGDvE8993OkYU91d03eK5b49v
7lJRTEXRWEQUM1a0c/5+n4pi5opn9qj5K1rCcNaGQTEzRT+4cZ3i+a3GiGIaiu4GG3agimKm
im622F+0cUYxX0WXubEpOBTzVewHNOGgxvLhDYp7K7puMSC+1xhRTELRNsXJxAPF3BTPk0v3
d1W8FS1uP+3+l3hZ0L2UKlqhTk1rrt6gkr7IwzfNStGkoji7pcpMxTZaUVS6rKfrq6aq2mrx
p++rGHao5tp1T8WqbcruedFU9jKEqu2r1b50ZSppirGctq9dQbvdqW9MVXOS4Z1q/7Lfuii1
XdG/Z6vsyNyWCj8s0y1WKlpmSzbKSKUat7Q20b3y01GM0d6ZMa7eFo1p+vqsXLtp3RP7ry3T
1ioqp91ribZzG41LTHjZPVetGt9Tx58XvoHzDMvayrS6NUV9MrVbWp50USaoeB7ucHv+l4Bi
dWr7ytRKXK36JyrUs2lds3TltHst43bjRtGSYeuyGF53bVGVUSnfFqvJlj3qqWxV2+nZpd3f
QatSUxyOLbqWmMAetbENx7dFddsWta6bsZx2r7uCfrvQgEWPS8a22D0f2mLXL17qoZQK/WL/
NzIsa/u6KOpCn9rCL+1fJahofDY8OlBs9lF0f/lim8up77rqoV88taFfLBo3jHTltHtdD9vZ
/1xHOCwZ+0Xf1Ox7qlr6n2ZypWqJx6jDsqrtutWy2ylXUvqlRkxSisPgxh5e/GdbpFncGLeZ
L8qbg9Xtw7Q6ScXezu9WDYqvoilTVTw7xbeu1iB3k4hivzc14azUpR0jirsrunNu/rmjxP/e
Gt5w5duuiuEkxn+2SzTvns74jatQxSY1l4nLqz61kurRqmLTnngDxTA2DYOcJBV1mEK8Ew8H
UNXiTVJV9HtTvw81b2RvtlQMGUx72yPdTdf8pNElS1s3h7SJVZdodYv8FHNIpPr0bLSq397/
krObS/r/6jGDKpPCqSv259xEPye9/GoNe9eidw1fKIYMpq/kIQUTkqXtmEi1L2zaM0qTRinS
1hfwmaCrNI//z4ybyLRwqoohFW70xMzMbozRQOXN5tg1rucVFDKYUYJ03LuG7KhPpKqQ9hwL
TVKk/l8Vv5fcLLnNxsrqO9jVFe/9uO0CRT8y3awthgymS2peKYa26BKprqnZ7+1aZJxI1TfN
9LothpJDBlWmhTNQvDcBmaHoJn3yWTz9iJDBdEnNK8XQL9pEqku02rRn37e5fnFIpOqwcOgy
r1KuVeNLDhlUmRZOXvH+NHKWYs/40eCm33yV/5u336UxVau/G1soPkoGzFJU8iHiWvP+t98l
tOg8FR82xdmNUYbbYybQFn80d7OiomzZNaL4VPFs0993Fc/nJYquc3w/fq45rnys3zzs/syM
jnFUDEPV6q34OcdUFXE8gGIYquK4h+KHg3sJQ1RRsaO86fgz4xyV1teRMK5RKnJU7zfI33BU
qX0hm0OND/bjmKGic+yTxyGTg2OOijooDrvXwZE8QD6KevAbJ/+PEnN3Tp/6wbScSvNrDWPU
CdEDx8vlIv2/v+uYqKIezku8zHG0hJffdVTJfrMwuinH5Oic/epPHu5QCX+3qeM0D8A4JxfF
kJJzjsP88bPDjyju1j32jmpywAPFjBQjx/FnMtmjZqc4Dlet4UmEtpij4nDEyileZig+uagK
xf2bYz81RDFTxSgLMEsxYF5cxHthFBNxlFmnM8r93xNHMY3ukdFN1orRGR0o5qsYzuhAMW9F
rZkvHkExvlaV3E2+igSKKBIoEigSKKJIoEigSKCIIoEigSKBIooEigSKBIooEigSKBIoEiii
SKBIoEigiCKBIoEigSKKBIoEigSKKBIoEigSKKJIoEigSKCIIoEigSKBIoEiigSKBIoEiigS
KBIoEiiiSKBIoEigiCKBIoEigSKKBIoEigSKKBIoEigSKBIookigeJCQ6N/blSJNOV1UoJis
4uOVpllQHsW926KcpHJPdFHqsgiKrdZV24ZVXesML2sUE1SsKvFUui7reI/aVlUbVkn/sqcV
g2KCitF/xhOJNrXqH9SkQN8g19y1bqQoOcY6irZFDm1R6/I0tEXXWJVujdFZKNY25LJyyAbv
eQlf9oM/2FGxaoppv6hr4ztCu0rXfb/Y94m5tMVcFD9qiweeL4q0besUXQ2Nj5fJ49MF8xUf
vpfI/SXTbdr+26L4TLHpQsZH+yRe8XjBAsVH72Ufm4ffo0ERRRRRpF/csV/0GRpff6emNVcp
0qovMS4aynZD07bKVDGHMeoyxTaSKSpd1lcp0rqo49nkULapVD9t/GXF6yn6jordbFBCbrTt
KtD0L5pS+8mKaXXfPIesqRS+bbalck3SZVG7eaSp18mpZrNHtX/ktfb/t9d/H1/do6pWSZQb
tWH6QxfuhZ/yX2Vz+rq+1HU1ZlG7Ql3RVXKq2Yxupu9/o/jF0Y10SBJyo11bVGXXvk5t2Heq
pk+Bq+vMqsduxyxq98fQbb1KThXFNxR1O7TFrl+81H2X51OkLm+qT+WYNR2Qul1nrzhkUYvT
Sa+TU81UUe+rWA39oqql69/0SXyK1KZNte3wQtZ0UPRj1CGLaiR+9TP9oh76RS1k4LIco9aT
2HGM+kuKax/T6LqZMdZW5JjGl44vbtkWPzq++BuKK/WLzxU/6xdRfK24zhj1heJHY1QUf07x
Tk47PrG4a95tuWBbFHdRfJjTHiyvzyOesS394pf7xZDTboo4wVY1p0HR5ld9ntsmVV3ee8N8
eD5j1A2PaSxSHHLalUxOFK4me1QxPkXXn9NYnnrNDfPhnMn4xujG1vrVicL25ZgRHRb15xe7
vPeG+fBs9qhji1z/WP+yParPabu2GFrk2BbHlPnQFnVRF5vmw7MZ3bxQ/PoYtWpPEvWOcb84
dI+hXxxO+N8qH56b4iZnT705X1y2C847j5rDOXDv5VHnb9CUmSraBpmL4vCVyd08UlxrdGPf
ZJszGVHc8MhUNMsPigNvPV3JkalM5ovyZIzKkant2mLuV6HKmIqJ18ucsU1x993uFZPPx09c
Ef58EDokt+X+IYwFALLcCcXVFN1RCHGz9n7OIKemGuf1lTTusuGiqcZEt2+6ISnuswISL+n/
9Zch+61O/iTyrsyYZm9nHMtC8YViOFzomoU7BTycFW7z2G3t6tAt9WeMm9BgjU92j8nzaEkb
5dLb6CRyt3l8Pw4UP22L0c4tnAKuontlmLapXAEl0yS5ntxQQ929xUacS5e7N+yYM3hGcYli
E1Lgvi3aPLaum5u26M8THwvFB7LCEnt4Q2mZtks9vXmO/wwU11N0p4BH/WLXgxWN683k1FbR
XabcxCUUivrFYYltw3XcL0aKY5q9nXH8GMUVyY82X0QRRQJFFAkUCRQJFFEkUCRQJFAkUESR
QJFAkUARRQJFAkUCRRQJFAkUCRRRJFAkUCRQRJFAkUCRQBFFAkUCRQJFAkUUCRQJFAkUUSRQ
JFAkUESRQJFAkUARRQLFTePJL9KgmA1eNQSaOSle4d3EL1OqbAirB4qvf/QLxUQMQ0u7Azkl
rMKv/KCYnKHFmry8dhwKu9copmh45ehdZdId2ie+tKCYJuKkkQWx2HCUjclRTAzxSkequBne
7GZRTEfxyXRCQtu8PwERFNNEvBmOVtXjSSSKqTbFyLN6FSgmruhmjg9aJ4rJD27iAU6fC9DT
yQeKaSoOEwe5NfRt8j64oJjOHjVilNEmzPsHy5v2KCim1C/KmI2ZTvDvTfHHFsseNbHRzU0e
VR73lb5xCv1iemPUMWF6fzg6OLqCjG4SnWnInAni9BgkiinOF18d679O46CY7Kz/zg710U4W
xcRzN5NOkgxctoozAkUUUUQRRRRRRPFYjCimoygg5q/4NiNnMibGKBhmr/hGc/y9C24yudpG
MMxecX6D/NFLGI9zFWrFVahZUY7n20wOb+jfjUzvziDcneEAisESwPwVNYooosguFUUUUWSX
ejRFGFFEMQ3F/2BEEUV2qSjSGFFEMW/Fq10oinkq/jdxlP9gzHGP2rsJjTF/xdgRxTxHN5Zx
cGSXmrNicEQxb0XvyC41z/niyNg70hizV+wdUcxf0UqiCCOKKKK4FiOKNEYUd1MUQTFzRTvV
nzgKink2Rh07opitYuSIYq67VB078rvEOSsGRxQzZ9Q/n0s9hKJ15Lr+7BV//PTifM9H5azw
QyhyQApFFNmloojizylOfiLsFeOzwijuKPiM7dXL35FUCRu+Wvj4xa/tdFVOhnbF/efyuD2j
mODAReT26VOqH3BUmRlO2t1wxc2vj2YTVJT5JWSukaCY3iwwaoQz25mgmFRDnJSbv68UFJND
DCVli7dG8VuIoU/UMKamKEtLy4Zvj+I3EPvyomFMTFG230JQTA4x1Q9BEcWsFeVQH4MijNkq
ikYRxd9mVL+GeEhGFFHMs2IFRRRRTKNaBUUUUUyjUgVFFFFMo0oFRRRRHCrSX9okO/3pHOnS
KrWb4fWT3/r8QyimVHWC4hEqTlA8QrUJikeoNEHxCFUmKB6hwgTFI1SXoHiEyhIUj1BVgiKK
v6OYdkUJiij+imLq1SQooogiirkoJl9JKB6ikgTFA1QRiiiiiCKKv86oqCAUD1dBgiKKKM7Y
sHpVtkIxfUXZHAFFFFF8tqGUrUjlf67m0jRFv7hs6rAiLPz88hkUN1Ssja78XW3LUqni0j0v
lBlWDAtpiwkrGj3cm7juvrJqwzK/YliIYsKK0WO47HC8b7hcLUQxA0UVvd+wQjG6yUqxvafY
opiPYmOULv8o9ae+UgwL+wIoJq7YzSe0LhrpBzMTxbDQFkAxQcWvBooooghiDooc60eR74ji
wRFRRBHF31PkDH8U+YKJKHLlG4p8v0QUua4fRRQTUeR+NyiimIgi94E7hCL3ZEQRxUQUucvt
IRS54/QhFLn7+yEU+SWGQyim9bNAwq+iZF91/M7Uh9UnO9Zi+HB+820NSNnt9xcP87N9ml/R
RDHfKuV3iVFEMYlKPRoiiihmWq2HQ0QRxTwr9niIKKKYZdUeEBFFFHOs3CMi/pziIRHTUfxS
/aJ4gPo9JmJCit+o4YMipqS4vI4FxPQUl9ayLNzgsIgZK9rzLQTF5BSX1LMshjkuYmKK82ta
FtMcGDE1xbknNspinCMjJqc4z1GWusuhERNUXP47RPLbDTFRxVeVLkvLHx0xTcXn9S7L2I9v
mKrik7q/v2JhcRT3dHxyaYXcL681ins7Rgry+uoYudlAaxRTkZQlIIs3QJFAkUCRQBFFAkUC
RQJFFAkUCRQJFFEkUCRQJFBEkUCRQJFAEUUCRQJFAkUUCRQJFAkUCRRRJFAkUCRQRJFAkUCR
QBFFAkUCRQLF34n/A4n7PrAeqCMoAAAAAElFTkSuQmCC
--------------090102030906020007030009--



From rob at capband.net  Thu Oct  9 20:09:00 2003
From: rob at capband.net (Rob Nelson)
Date: Thu, 09 Oct 2003 15:09:00 -0400
Subject: [NoCat] Redirect Proxy Server
In-Reply-To: <3F85A8B8.1020803@muppethouse.com>
References: <200310051209.37452.karl.gaissmaier@kiz.uni-ulm.de>
 <3F4E269D@leto.ceplus.de>
 <3F7F2F09.4030005@muppethouse.com>
 <200310051209.37452.karl.gaissmaier@kiz.uni-ulm.de>
Message-ID: <5.2.1.1.0.20031009150818.022208f0@mail.capband.net>

Just a note, the 1980's called, they want their laptop back!

Where oh where did you find that old-school laptop diagram in visio? 
Absolutely hilarious :)

Rob Nelson
Network Administrator, Capitol Broadband
C: 919-369-1874
rob@capband.net 



From ryan at muppethouse.com  Thu Oct  9 20:50:11 2003
From: ryan at muppethouse.com (Ryan)
Date: Thu, 09 Oct 2003 15:50:11 -0400
Subject: [NoCat] Redirect Proxy Server
In-Reply-To: <5.2.1.1.0.20031009150818.022208f0@mail.capband.net>
References: <200310051209.37452.karl.gaissmaier@kiz.uni-ulm.de> <3F4E269D@leto.ceplus.de> <3F7F2F09.4030005@muppethouse.com> <200310051209.37452.karl.gaissmaier@kiz.uni-ulm.de> <5.2.1.1.0.20031009150818.022208f0@mail.capband.net>
Message-ID: <3F85BBF3.5040704@muppethouse.com>

I wish there were a good free source of quality visio stencils out 
there.  That one is from the standard "logical network diagram" stencil 
I believe.  The funny part is that my gateway is on a laptop that came 
out when Duran Duran was the greatest thing since sliced bread - so the 
picture is strangely appropriate.

-Ryan

Rob Nelson wrote:

> Just a note, the 1980's called, they want their laptop back!
>
> Where oh where did you find that old-school laptop diagram in visio? 
> Absolutely hilarious :)
>
> Rob Nelson
> Network Administrator, Capitol Broadband
> C: 919-369-1874
> rob@capband.net 





From robert at maknet.net  Fri Oct 10 00:22:03 2003
From: robert at maknet.net (RM)
Date: Thu, 9 Oct 2003 19:22:03 -0400
Subject: [NoCat] nocat startup problem
Message-ID: <008601c38ebc$25f45030$04280c0a@pinkpig>

This is a multi-part message in MIME format.

------=_NextPart_000_0083_01C38E9A.9EBEFB90
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

when i start the gateway i get those error of cant resolve hostname =
etc....
what do those mean?=20
so did the gateway start correctly and is running?

bin/gateway
[2003-10-09 10:06:55] Resetting firewall.
[2003-10-09 10:06:55] Detected InternalDevice 'dc0'
[2003-10-09 10:06:55] Detected ExternalDevice 'fxp0'
[2003-10-09 10:06:55] Detected LocalNetwork '10.12.42.0/24'
net.inet.ip.forwarding: 0 -> 1
0 entries flushed from NAT table
0 entries flushed from NAT list
1: can't resolve hostname: port
1: syntax error in "rdr"
1: can't resolve hostname: port
1: syntax error in "rdr"
[: 207.69.188.185: unexpected operator
1:ioctl(add/insert rule): File exists
[2003-10-09 10:06:58] Binding listener socket to 0.0.0.0


thanks in advance


------=_NextPart_000_0083_01C38E9A.9EBEFB90
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2712.300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DVerdana size=3D2>when i start the gateway i get those =
error of=20
cant resolve hostname etc....</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2>what do those mean? </FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2>so did the gateway start correctly =
and is=20
running?</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DVerdana size=3D2>bin/gateway<BR>[2003-10-09 10:06:55] =
Resetting=20
firewall.<BR>[2003-10-09 10:06:55] Detected InternalDevice =
'dc0'<BR>[2003-10-09=20
10:06:55] Detected ExternalDevice 'fxp0'<BR>[2003-10-09 10:06:55] =
Detected=20
LocalNetwork '10.12.42.0/24'<BR>net.inet.ip.forwarding: 0 -&gt; 1<BR>0 =
entries=20
flushed from NAT table<BR>0 entries flushed from NAT list<BR>1: can't =
resolve=20
hostname: port<BR>1: syntax error in "rdr"<BR>1: can't resolve hostname: =

port<BR>1: syntax error in "rdr"<BR>[: 207.69.188.185: unexpected=20
operator<BR>1:ioctl(add/insert rule): File exists<BR>[2003-10-09 =
10:06:58]=20
Binding listener socket to 0.0.0.0</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DVerdana size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DVerdana size=3D2>thanks in advance</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0083_01C38E9A.9EBEFB90--



From Jared.Shields at ucen.ucsb.edu  Fri Oct 10 02:27:40 2003
From: Jared.Shields at ucen.ucsb.edu (Jared Shields)
Date: Thu, 9 Oct 2003 18:27:40 -0700
Subject: [NoCat] NoCat on wired connections
Message-ID: <59D5B082B9CED311808B009027DE9B98B1DD94@zilla.bookstore.ucsb.edu>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C38ECD.B20333A0
Content-Type: text/plain;
	charset="iso-8859-1"

I tried looking through the archives and a bit of the documentation about
the system but didn't find much info about using wired connections through
the NoCat gateway.  We have a mixed public access network here, 2 Air Ports
and up to 75-100 wired connections available for public access (or at least
we will once we can get an auth system in place.)  
 
Can NoCat handle wired connections in the same manner as wireless? (clients
will get DCHP addresses, forced to go to the log in web page, authenticate,
and then get released to the various levels of access)
 
Any tips on how to do this or overcome the challenges that might present
themselves would be greatly appreciated.
 
Jared Shields
jared.shields@ucen.ucsb.edu <mailto:jared.shields@ucen.ucsb.edu> 
 
 

------_=_NextPart_001_01C38ECD.B20333A0
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<META content="MSHTML 6.00.2800.1264" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2><SPAN class=319331101-10102003>I tried looking 
through the archives and a bit of the documentation about the system but didn't 
find much info about using wired connections through the NoCat gateway.&nbsp; We 
have a mixed public access network here, 2 Air Ports and up to 75-100 wired 
connections available for public access (or at least we will once we can get an 
auth system in place.)&nbsp; </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=319331101-10102003></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=319331101-10102003>Can NoCat handle 
wired connections in the same manner as wireless? (clients will get DCHP 
addresses, forced to go to the log in web page, authenticate, and then get 
released to the various levels of access)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=319331101-10102003></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=319331101-10102003>Any tips on how to 
do this or overcome the challenges that might present themselves would be 
greatly appreciated.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=319331101-10102003></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=319331101-10102003>Jared 
Shields</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=319331101-10102003><A 
href="mailto:jared.shields@ucen.ucsb.edu">jared.shields@ucen.ucsb.edu</A></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=319331101-10102003></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=319331101-10102003></SPAN></FONT>&nbsp;</DIV></BODY></HTML>

------_=_NextPart_001_01C38ECD.B20333A0--


From chs at 23.org  Fri Oct 10 08:28:12 2003
From: chs at 23.org (CHS)
Date: Fri, 10 Oct 2003 00:28:12 -0700 (PDT)
Subject: [NoCat] memory stick wifi card?
Message-ID: <Pine.LNX.4.58.0310100027270.4529@23.org>

Hey guys, anyone know about the availability of a memory stick wifi card?
does such a beast exist? where can I get one, and for how much?

Much appreciated!

--Christian

----
-- http://www.23.org/~chs/ -- AIM/AOL: bdsmchs
-----------------------------------------------------------------------------
"Among the many misdeeds of the British rule in India, history will look upon
the act of depriving a whole nation of arms, as the blackest."
	Mahatma Gandhi
-----------------------------------------------------------------------------


From rob at capband.net  Fri Oct 10 13:46:52 2003
From: rob at capband.net (Rob Nelson)
Date: Fri, 10 Oct 2003 08:46:52 -0400
Subject: [NoCat] NoCat on wired connections
In-Reply-To: <59D5B082B9CED311808B009027DE9B98B1DD94@zilla.bookstore.ucs
 b.edu>
Message-ID: <5.2.1.1.0.20031010084617.00bbd0b8@mail.capband.net>

At 06:27 PM 10/9/2003 -0700, Jared Shields wrote:
>I tried looking through the archives and a bit of the documentation about 
>the system but didn't find much info about using wired connections through 
>the NoCat gateway.  We have a mixed public access network here, 2 Air 
>Ports and up to 75-100 wired connections available for public access (or 
>at least we will once we can get an auth system in place.)
>
>Can NoCat handle wired connections in the same manner as wireless? 
>(clients will get DCHP addresses, forced to go to the log in web page, 
>authenticate, and then get released to the various levels of access)
>
>Any tips on how to do this or overcome the challenges that might present 
>themselves would be greatly appreciated.

You should be fine, Nocat just works with two interfaces. We used NoCat as 
a gateway for our wireless network, but the server had no wireless cards in 
it itself.


Rob Nelson
Network Administrator, Capitol Broadband
C: 919-369-1874
rob@capband.net 



From nocat at lists.nocat.net  Fri Oct 10 14:23:45 2003
From: nocat at lists.nocat.net (Gerry Gosselin)
Date: Fri, 10 Oct 2003 09:23:45 -0400
Subject: [NoCat] memory stick wifi card?
In-Reply-To: <Pine.LNX.4.58.0310100027270.4529@23.org>; from chs@23.org on Fri, Oct 10, 2003 at 12:28:12AM -0700
References: <Pine.LNX.4.58.0310100027270.4529@23.org>
Message-ID: <20031010092345.A27639@nuclearcrayon.net>

Christian,
	I just looked into this yesterday actually with the announcement of the Treo 600 release. SanDisk makes 2 CF cards that do it. One does wifi, the other provides memory & wifi! They also make an SD card that does wifi. All 802.11b. I called them yesterday and a rep said that in November they are releasing the SD wifi card with memory as well. Also in November they will release Palm OS 5.x drivers for all above said cards. Currently I only saw drivers for PocketPC and Windows. Although I was hunting more for Palm drivers and didn't look into the Windows end, it would appear that one of those PCMCIA -> CF adapters would allow the CF/Wifi card to work as a wireless NIC. Only thing to be concerned about is that they aren't as strong as a normal PCMCIA wifi card. They are meant to use much less power and that translates directly to less performance according to a table I saw comparing different Wifi NICs to these SD/CF wifi cards.
	There are many other manufacturers other than SanDisk and prices seem to be all over the place but between $70 and $130, of course depending on whether you get the one with memory on board too. To clarify the ones with memory means that it acts 256MB CF or SD card like normal, PLUS has 802.11b wifi built in. Haven't seen any 802.11g ones yet ;)

-Gerry


On Fri, Oct 10, 2003 at 12:28:12AM -0700, CHS wrote:
> 
> Hey guys, anyone know about the availability of a memory stick wifi card?
> does such a beast exist? where can I get one, and for how much?
> 
> Much appreciated!
> 
> --Christian


From chs at 23.org  Fri Oct 10 17:38:27 2003
From: chs at 23.org (CHS)
Date: Fri, 10 Oct 2003 09:38:27 -0700 (PDT)
Subject: [NoCat] memory stick wifi card?
In-Reply-To: <20031010092345.A27639@nuclearcrayon.net>
References: <Pine.LNX.4.58.0310100027270.4529@23.org> <20031010092345.A27639@nuclearcrayon.net>
Message-ID: <Pine.LNX.4.58.0310100936460.4529@23.org>

On Fri, 10 Oct 2003, Gerry Gosselin wrote:

> 	There are many other manufacturers other than SanDisk and prices
> seem to be all over the place but between $70 and $130, of course
> depending on whether you get the one with memory on board too. To
> clarify the ones with memory means that it acts 256MB CF or SD card like
> normal, PLUS has 802.11b wifi built in. Haven't seen any 802.11g ones
> yet ;)

Thanks for the help. unfortunately, while I already knew about the
availability of CF-based wifi cards, what I'm really looking for is one in
the memory stick format for my sony clie palmos5 device.

----
-- http://www.23.org/~chs/ -- AIM/AOL: bdsmchs
-----------------------------------------------------------------------------
"Among the many misdeeds of the British rule in India, history will look upon
the act of depriving a whole nation of arms, as the blackest."
	Mahatma Gandhi
-----------------------------------------------------------------------------


From jstaerk at usegroup.de  Fri Oct 10 19:04:36 2003
From: jstaerk at usegroup.de (=?ISO-8859-1?Q?Jochen_St=E4rk?=)
Date: Fri, 10 Oct 2003 20:04:36 +0200
Subject: [NoCat] Is there a Client?
Message-ID: <3F86F4B4.7050408@usegroup.de>

Hi List,

is there something like a NoCat-Client that could autmatically log me 
into a nocat network (saves some seconds on the PWD-dialogue) or refresh 
my login so I don't need the Javascript-window?

thanks,
Jochen



From armadilo at gothpunk.com  Sat Oct 11 00:37:03 2003
From: armadilo at gothpunk.com (Roadknight Mobility Labs (Steve Okay))
Date: Fri, 10 Oct 2003 16:37:03 -0700
Subject: [NoCat] memory stick wifi card?
In-Reply-To: <Pine.LNX.4.58.0310100936460.4529@23.org>
Message-ID: <A6ADF37C-FB7A-11D7-B4E3-000A959DD466@gothpunk.com>

On Friday, Oct 10, 2003, at 09:38 US/Pacific, CHS wrote:

> On Fri, 10 Oct 2003, Gerry Gosselin wrote:
>
>> 	There are many other manufacturers other than SanDisk and prices
>> seem to be all over the place but between $70 and $130, of course
>> depending on whether you get the one with memory on board too. To
>> clarify the ones with memory means that it acts 256MB CF or SD card 
>> like
>> normal, PLUS has 802.11b wifi built in. Haven't seen any 802.11g ones
>> yet ;)
>
> Thanks for the help. unfortunately, while I already knew about the
> availability of CF-based wifi cards, what I'm really looking for is 
> one in
> the memory stick format for my sony clie palmos5 device.

Sony has been planning one for some time now, but the last updates I
heard on it a couple months ago had it being pushed off down the road
at least 4-6 months, possibly for good.

I doubt the thing will see the light of day. The past couple Clies have 
either had
802.11b built in or an option as a CF slot.

Socket has announced their 802.11b SDIO card, so you'd would think that 
Sony would
followup with a MS-based one, but in the time it was supposed to come 
out, several
Clies have been released with 802.11b built-in.

HTH,
'dillo



From chettawan at iec.co.th  Mon Oct 13 07:00:24 2003
From: chettawan at iec.co.th (Chettawan Senapant.)
Date: Mon, 13 Oct 2003 13:00:24 +0700
Subject: [NoCat] chown can solve "Internal Server Error"
Message-ID: <004201c3914f$4c0907d0$5001a8c0@chettawan>

ImNob3duIC1SIGFwYWNoZTphcGFjaGUgL3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9wZ3AiIE1h
eSBiZSB5b3UgZm9yZ2V0IHRvIGRvIHRoaXMgbGlrZSBtZS4NCg==



From ulrich.schwarz at rz.uni-ulm.de  Mon Oct 13 12:54:08 2003
From: ulrich.schwarz at rz.uni-ulm.de (ulrich schwarz)
Date: Mon, 13 Oct 2003 13:54:08 +0200
Subject: [NoCat] extant iptables rules
Message-ID: <1066046048.3f8a92600a87a@imap.rz.uni-ulm.de>

hello everyone,

watching NoCat for some time in production, we have observed that iptables rules
are not removed when the client logs out (quite seldomly).

so we created a little script to be run as a cron-job in order to fix this.
works fine here.

regards,

ulric

--
ulrich schwarz, computing center, university of ulm, germany


#!/bin/bash
 
export MTABLE=/tmp/mangle_rules.txt
export MACTABLE=/tmp/mangle_MACs.txt
export NCTABLE=/tmp/nocat_MACs.txt
export EXTANT=/tmp/extant.txt
 
export PATH="$PATH:/sbin" # be able to be run as a cron-job
 
# write rules in table mangle to file
iptables -n -t mangle -L NoCat | \
    perl -wane 'print "@F[3,6,9]\n" if /MAC/' > $MTABLE
 
# pick the MACs and sort them
perl -we '@macs = <>;
    @macs = map {(split)[1] ."\n"} @macs;
    print sort @macs' $MTABLE > $MACTABLE
 
# get user's MACs known by NoCat by reading the status-page and processing it
lynx -dump localhost:5280/status | \
    perl -wne 'print if s/.*((([\da-f]){2}:){5}[\da-f]{2})$/$1/i' | \
    sort > $NCTABLE
 
# detect differences between iptables and NoCat
date
echo "extant MACs in table mangle (unknown by NoCat):"
 
diff -Nau $NCTABLE $MACTABLE | \
    perl -wne 'if ( /^\+0/ ) {(s/^\+0/0/); print}' | \
    tee $EXTANT
 
if [ ! -s "$EXTANT" ]
    then echo "[none] - everything seems to be alright."
    echo
    exit
fi
 
echo "Clearing those sloppinesses..."
 
perl -we '
    my @mtable = qx(cat $ENV{MTABLE});
    my %mtable;
    my @extant;
    my @line;
    foreach (@mtable) {
        @line = split;
        $mtable{$line[1]} = [ $line[0], $line[2] ];
    }
    @extant = qx(cat $ENV{EXTANT});
    chomp @extant;
 
    foreach my $mac (@extant) {
        print "Processing MAC: $mac\n";
        $mtable{$mac}[1] = "Member" if $mtable{$mac}[1] =~ /0x2/;
        $mtable{$mac}[1] = "Public" if $mtable{$mac}[1] =~ /0x3/;
        print "Executing command" . qq(/usr/local/nocat/bin/access.fw deny $mac
$mtable{$mac}[0] $mtable{$mac}[1]\n);
        qx(/usr/local/nocat/bin/access.fw deny $mac $mtable{$mac}[0]
$mtable{$mac}[1]);
    }
     
'
 
echo


From karl.gaissmaier at kiz.uni-ulm.de  Mon Oct 13 16:54:18 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Mon, 13 Oct 2003 17:54:18 +0200
Subject: [NoCat] Patch: stable-01.patch against the crashes
Message-ID: <3F8ACAAA.7090009@kiz.uni-ulm.de>

This is a multi-part message in MIME format.
--------------010102010905070807080009
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Name:
	stable-01.patch

Affected Files:
	bin/gateway
	lib/NoCat/Gateway.pm

Version:
         Patch against 0.82

Severity:
	important on linux if you hate crashes

Description:
	Hopefully solves the problem with crashed gateways.

	I changed the sigchld handling in Gateway.pm
	I've seen, that the gateway on heavy load hangs
	in the system call 'wait4' and not as expected
	in the 'do_select'.

	Since the parent doesn't rely on the exit status of the
	child processes, we can totally 'IGNORE' SIGCHLD signals
	and let the operating system do the job with reaping childs.

	This was a try here at Ulm University, and the gateway is stable
	since more then one week running, even under stress tests.

	I'm not totally convinced if this helps in all
	circumstances, but anyway this is the proper solution
	for handling childs if the parent is not interested
	in the exit status.


Regards
         Charly
-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de           Service Group Network
Tel.: ++49 731 50-22499


--------------010102010905070807080009
Content-Type: text/plain;
 name="stable-01.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="stable-01.patch"

diff -Naur NoCatAuth-nightly/bin/gateway NoCatAuth-mod/bin/gateway
--- NoCatAuth-nightly/bin/gateway	Sat Mar  8 02:56:51 2003
+++ NoCatAuth-mod/bin/gateway	Mon Oct 13 12:35:37 2003
@@ -7,6 +7,7 @@
 use lib "$FindBin::Bin/../lib";
 use NoCat;
 use strict;
+use sigtrap qw(stack-trace untrapped error-signals);
 
 # Gracefully handle termination signals.
 $SIG{INT} = sub { exit };
diff -Naur NoCatAuth-nightly/lib/NoCat/Gateway.pm NoCatAuth-mod/lib/NoCat/Gateway.pm
--- NoCatAuth-nightly/lib/NoCat/Gateway.pm	Mon Mar 10 17:50:51 2003
+++ NoCatAuth-mod/lib/NoCat/Gateway.pm	Mon Oct 13 12:40:41 2003
@@ -96,7 +96,8 @@
     return unless $self->bind_socket;
 
     local $SIG{PIPE} = "IGNORE"; 
-    local $SIG{CHLD} = sub { $kids++ };
+    local $SIG{CHLD} = 'IGNORE';    # the OS does the dirty job
+    #local $SIG{CHLD} = sub { $kids++ };
     local $SIG{HUP} = sub { $hup++ };
 
     # Reset history.
@@ -135,11 +136,13 @@
             $hup = 0;
         }
 
+	# changed by kg, let the OS do the dirty job
+	#
 	# See if any kids have expired, reap zombies
-	if ( $kids ) {
-	    1 until ( wait == -1 );
-	    $kids = 0;
-	}
+	#if ( $kids ) {
+	#    1 until ( wait == -1 );
+	#    $kids = 0;
+	#}
 
     } # loop forever
 }

--------------010102010905070807080009--



From karl.gaissmaier at kiz.uni-ulm.de  Mon Oct 13 17:07:49 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Mon, 13 Oct 2003 18:07:49 +0200
Subject: [NoCat] Patch: alarm-03.patch
Message-ID: <3F8ACDD5.5010308@kiz.uni-ulm.de>

This is a multi-part message in MIME format.
--------------050705040008090004070009
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Name:
	alarm-03.patch

Affected Files:
	lib/NoCat/Gateway.pm

Version:
	Patch against 0.82 or later

Severity:
	unimportant, works wihout applying this patch

Description:
	handling a new connection on the gateway port is guarded
	with a timeout to prevent DoS and lurking processes. The
	alarm handling is a little bit improved with this patch.
	
	In difference to alarm-02.patch, a small chance for
	a race condition is eliminated through the introduction
	of an additional scope level.

Obsoletes:
	alarm-02.patch and or alarm-01.patch

-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de           Service Group Network
Tel.: ++49 731 50-22499


--------------050705040008090004070009
Content-Type: text/plain;
 name="alarm-03.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="alarm-03.patch"

--- NoCatAuth-mod/lib/NoCat/Gateway.pm	Mon Mar 10 17:50:51 2003
+++ NoCatAuth-new/lib/NoCat/Gateway.pm	Mon Oct  6 12:53:48 2003
@@ -278,20 +279,26 @@
 
     $self->log( 8, "Connection to " . $sock->sockhost . " from $peerhost" );
 
-    # Set the UNIX alarm clock.
-    alarm( $self->{HandleTimeout} ) if $self->{HandleTimeout};
-
-    # Wrap the call to handle() in eval{}, so we catch the
-    # exception when the alarm goes off.
-    #
-    # Then turn the alarm off, Schuyler, you moron!
-    eval { 
-	$self->handle( $peer );
-	alarm 0 if $self->{HandleTimeout};
-    };
+    {
+	local $SIG{ALRM} = 'IGNORE'; # inhibit race condition
+	#
+	# Wrap the call to handle() in eval{}, so we catch the
+	# exception when the alarm goes off.
+	#
+	eval {
+	    # ALRM signal handler only for this eval block
+	    local $SIG{ALRM} = sub {die "timeout in handling connection\n"};
+
+	    # Set the UNIX alarm clock.
+	    alarm( $self->{HandleTimeout} ) if $self->{HandleTimeout};
+	    $self->handle( $peer );
+	    alarm 0;
+	};
+	alarm 0;
 
-    # Note the warning if the call to handle() threw an exception.
-    $self->log( 1, "$peerhost: $@" ) if $@;
+	# Note the warning if the call to handle() threw an exception.
+	$self->log( 1, "peer $peerhost: $@" ) if $@;
+    }
 }
 
 sub check_expired { 

--------------050705040008090004070009--



From michael at mapu.com  Mon Oct 13 18:00:30 2003
From: michael at mapu.com (Michael Klatsky)
Date: Mon, 13 Oct 2003 13:00:30 -0400
Subject: [NoCat] Nocat .82, patched with Radius/throttle patch
Message-ID: <3F8ADA2E.5060705@mapu.com>

Good afternoon all:

I have successfully patched am testing NoCatAuth .82, with the following 
patches:

NoCatAuth-0.82+RADIUS-20030802.patch
throttle-per-public-user-04.patch

Almost everything works well.

2 issues I've noticed so far:

1) The javascript pop-up, upon a successful authenticate, comes up with 
correct window including the logout message and button. At this point 
the main browser window shows the redirect message. After the 
appropriate redirect time (5 secs in this case), the main window 
continues on to the correct redirect page (yahoo.com in this case). 
Then, very quickly, the pop-up window redirects itself to an error 404, 
stating (not the real url)"The requested URL /cgi-bin/450; 
URL=https://authtester.auth.net/cgi-bin/login
was not found on this server.".

This is the message from the webserver on the auth server. Any help 
pointing me towards fixing this would be most apprciated.


2) To temporarily go around the above, I am using the 
login_ok_nopopup.html page, however- how does one logout using this 
method? This has probably already been answered but I just can't seem to 
find it.

Again- thanks for any help.


Sincerely,

Michael Klatsky



From robert at maknet.net  Mon Oct 13 21:32:50 2003
From: robert at maknet.net (RM)
Date: Mon, 13 Oct 2003 16:32:50 -0400
Subject: [NoCat] need help, configuring nocat
Message-ID: <005d01c391c9$2c306910$04280c0a@pinkpig>

This is a multi-part message in MIME format.

------=_NextPart_000_005A_01C391A7.A4E801A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello, all

        I've setup nocat on my machine with slackware 9. I installed the =
authserv and gateway on the same machine. After i installed everything =
and launched the gateway everything worked. My laptop was able to get a =
dhcp IP and then go thru the gateway with the default options in the =
nocat.conf file.... so i guess it uses the auth.nocat.net server, and =
after i click skip im able to surf the net. But now im trying to =
configure my own authserver. So in /usr/local/nocat/gw/nocat.conf i have =
these options

HomePage http://10.12.40.1

GatewayMode Captive=20

DocumentRoot /usr/local/nocat/gw/htdocs

TrustedGroups Any

AuthServiceAddr 10.12.41.1=20

AuthServiceURL https://$AuthServiceAddr/cgi-bin/login

LogoutURL https://$AuthServiceAddr/logout.html

LocalNetwork 10.12.41.0/24

Theres other options also but i never touched those. When i changed it =
to captive and gave it a authserviceaddr of 10.12.41.1 nothing works =
anymore. When i try to surf any page , IE returns no page found.

BUT if i change GatewayMode to Open and comment out AuthServiceAddr i =
get i believe is either the splash.html or status.html=20
because it says "Welcome to the NoCat network" and there's a login =
button and it also says "There are currently 0 users connected, The last =
connection was at:none."
After i press the login button im able to surf the net...

Can anyone help me out? its something with my authserv i think but i =
cant figure it out

again this is a slackware 9 install with apache/dhcp installed. I =
beleive SSL is installed also cuz the default apache page says=20
"The SSL/TLS-aware apache webserver was successfully installed on this =
website."
apache interface to OpennSSL (mod_ssl)

any help or suggestions would be great!!

Thanks in Advanace
Rob=20



------=_NextPart_000_005A_01C391A7.A4E801A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2712.300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello, all</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; =
I've setup=20
nocat on my machine with slackware 9. I installed the authserv and =
gateway on=20
the same machine. After i installed everything and launched the gateway=20
everything worked. My laptop was able to get a dhcp IP and then go thru =
the=20
gateway with the default options in the nocat.conf file.... so i guess =
it uses=20
the auth.nocat.net server, and after i click skip im able to surf the =
net. But=20
now im trying to configure my own authserver. So in=20
/usr/local/nocat/gw/nocat.conf i have these options</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>
<P><FONT face=3DArial>HomePage <A=20
href=3D"http://10.12.40.1">http://10.12.40.1</A></FONT></P>
<P>GatewayMode&nbsp;Captive <FONT size=3D2></P>
<P>DocumentRoot /usr/local/nocat/gw/htdocs<FONT size=3D2></P>
<P>TrustedGroups Any</P><FONT size=3D2>
<P>AuthServiceAddr 10.12.41.1 </P><FONT size=3D2>
<P>AuthServiceURL <A=20
href=3D"https://$AuthServiceAddr/cgi-bin/login">https://$AuthServiceAddr/=
cgi-bin/login</A></P><FONT=20
size=3D2>
<P>LogoutURL <A=20
href=3D"https://$AuthServiceAddr/logout.html">https://$AuthServiceAddr/lo=
gout.html</A></P><FONT=20
size=3D2>
<P>LocalNetwork=20
10.12.41.0/24</P></FONT></FONT></FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Theres other options also but i never =
touched=20
those. When i changed it to captive and gave it a authserviceaddr of =
10.12.41.1=20
nothing works anymore. When i try to surf any page , IE returns no page=20
found.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>BUT if i change GatewayMode to Open and =
comment out=20
AuthServiceAddr i get i believe is either the splash.html or status.html =

</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>because it says "Welcome to the NoCat =
network" and=20
there's a login button and it also says "There are currently 0 users =
connected,=20
The last connection was at:none."</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>After i press the login button im able =
to surf the=20
net...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Can anyone help me out? its something =
with my=20
authserv i think but i cant figure it out</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>again this is a slackware&nbsp;9 =
install with=20
apache/dhcp installed. I beleive SSL is installed also cuz the default =
apache=20
page says </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>"The SSL/TLS-aware apache webserver was =

successfully installed on this website."</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>apache interface to OpennSSL =
(mod_ssl)</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>any help or suggestions would be=20
great!!</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Thanks in Advanace</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Rob</FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_005A_01C391A7.A4E801A0--



From jstaerk at usegroup.de  Tue Oct 14 12:43:57 2003
From: jstaerk at usegroup.de (=?ISO-8859-1?Q?Jochen_St=E4rk?=)
Date: Tue, 14 Oct 2003 13:43:57 +0200
Subject: [NoCat] Nocat .82, patched with Radius/throttle patch
In-Reply-To: <3F8ADA2E.5060705@mapu.com>
References: <3F8ADA2E.5060705@mapu.com>
Message-ID: <3F8BE17D.3030601@usegroup.de>

Michael Klatsky wrote:

> Good afternoon all:
>
> I have successfully patched am testing NoCatAuth .82, with the 
> following patches:
>
> NoCatAuth-0.82+RADIUS-20030802.patch
> throttle-per-public-user-04.patch
>
> Almost everything works well.
>
> 2 issues I've noticed so far:
>
> 1) The javascript pop-up, upon a successful authenticate, comes up 
> with correct window including the logout message and button. At this 
> point the main browser window shows the redirect message. After the 
> appropriate redirect time (5 secs in this case), the main window 
> continues on to the correct redirect page (yahoo.com in this case). 
> Then, very quickly, the pop-up window redirects itself to an error 
> 404, stating (not the real url)"The requested URL /cgi-bin/450; 
> URL=https://authtester.auth.net/cgi-bin/login
> was not found on this server.".
>
> This is the message from the webserver on the auth server. Any help 
> pointing me towards fixing this would be most apprciated.

Hi Michael,

maybe this is not in throttle-per-public-user-04.patc, i'm using nocat 
just with the radius-patch and have the same problem.

bye,
Jochen



From jstaerk at usegroup.de  Tue Oct 14 12:50:02 2003
From: jstaerk at usegroup.de (=?ISO-8859-1?Q?Jochen_St=E4rk?=)
Date: Tue, 14 Oct 2003 13:50:02 +0200
Subject: [NoCat] need help, configuring nocat
In-Reply-To: <005d01c391c9$2c306910$04280c0a@pinkpig>
References: <005d01c391c9$2c306910$04280c0a@pinkpig>
Message-ID: <3F8BE2EA.4000607@usegroup.de>

Hi Robert,

>  
> authserver. So in /usr/local/nocat/gw/nocat.conf i have these options
>
> HomePage http://10.12.40.1
>
> GatewayMode Captive
>
Why not Passive? AFAIU passive means the same as captive, but works 
through NAT.

> Theres other options also but i never touched those. When i changed it 
> to captive and gave it a authserviceaddr of 10.12.41.1 nothing works 
> anymore. When i try to surf any page , IE returns no page found.

That may be because IE is redirected to https://10.12.41.1/cgi-bin/login.
Can you point your browser to https://10.12.41.1/ to see if a apache 
with ssl is running there?

>  
> BUT if i change GatewayMode to Open and comment out AuthServiceAddr i 
> get i believe is either the splash.html or status.html
> because it says "Welcome to the NoCat network" and there's a login 
> button and it also says "There are currently 0 users connected, The 
> last connection was at:none."
> After i press the login button im able to surf the net...

AFAIK, because of architectural reasons, the gateway has to be, and the 
authserv can not be a standalone HTTP(S) server. So, to run an network, 
you may not have another http-server on the gateway machine listening to 
port 80, but you need apache and mod_ssl on port 443 of your authserv.

>  
> Can anyone help me out? its something with my authserv i think but i 
> cant figure it out
>  

try and have a look in /var/log/httpd/error_log if in doubt.

> again this is a slackware 9 install with apache/dhcp installed. I 
> beleive SSL is installed also cuz the default apache page says
> "The SSL/TLS-aware apache webserver was successfully installed on this 
> website."
> apache interface to OpennSSL (mod_ssl)

by the way: you can start apache in ssl mode with apachectl startssl, if 
you just do a apachectl start, there may be problems.

bye,
Jochen



From jbarrett at pogozone.com  Tue Oct 14 16:14:37 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Tue, 14 Oct 2003 08:14:37 -0700
Subject: [NoCat] Nocat .82, patched with Radius/throttle patch
In-Reply-To: <3F8ADA2E.5060705@mapu.com>
References: <3F8ADA2E.5060705@mapu.com>
Message-ID: <3F8C12DD.80607@pogozone.com>

Michael Klatsky wrote:
> I have successfully patched am testing NoCatAuth .82, with the following 
> patches:
> NoCatAuth-0.82+RADIUS-20030802.patch
Great!

> 2 issues I've noticed so far:
> 1) The javascript pop-up, upon a successful authenticate, comes up with 
> correct window including the logout message and button. At this point 
> the main browser window shows the redirect message. After the 
> appropriate redirect time (5 secs in this case), the main window 
> continues on to the correct redirect page (yahoo.com in this case). 
> Then, very quickly, the pop-up window redirects itself to an error 404, 
> stating (not the real url)"The requested URL /cgi-bin/450; 
> URL=https://authtester.auth.net/cgi-bin/login
> was not found on this server.".
> This is the message from the webserver on the auth server. Any help 
> pointing me towards fixing this would be most apprciated.

This is a problem that my patches introduce.  I haven't had a chance to 
track it down since I use the login_ok_nopopup.html.  I think the 
changes I made to fix the redirect bug that was found months ago is the 
culprit here.  I don't think I properly updated the login_ok.html file. 
  I will look into it more.  Also, check some of the previous posts, I 
think there might be a solution in one of them, I can't remember.

> 2) To temporarily go around the above, I am using the 
> login_ok_nopopup.html page, however- how does one logout using this 
> method? This has probably already been answered but I just can't seem to 
> find it.

One doesn't.  Your session will end when the ARP times out, your 
Session-Timeout (RADIUS) has been reached, or when your Idle-Timeout is 
reached (not done).  I added the nopopup to get rid of the annoying 
popup reauth thing. :)

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From jbarrett at pogozone.com  Tue Oct 14 16:29:22 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Tue, 14 Oct 2003 08:29:22 -0700
Subject: [NoCat] Nocat .82, patched with Radius/throttle patch
In-Reply-To: <3F8ADA2E.5060705@mapu.com>
References: <3F8ADA2E.5060705@mapu.com>
Message-ID: <3F8C1652.2030803@pogozone.com>

Try these patches to renew_pasv.html and renew.html.  I think they will 
fix the problem with the 404 errors.

Index: renew_pasv.html
===================================================================
RCS file: /cvsroot/NoCatAuth/htdocs/renew_pasv.html,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 renew_pasv.html
--- renew_pasv.html	23 Jun 2003 03:02:53 -0000	1.1.1.1
+++ renew_pasv.html	14 Oct 2003 15:20:11 -0000
@@ -1,7 +1,7 @@
  <html>
  <head>
      <title>NoCat login agent</title>
-    <meta http-equiv="Refresh" content="$redirect" />
+    <meta http-equiv="Refresh" content="$redirecttime; $redirect" />
  </head>
  <script language="JavaScript">
      setTimeout( "document.RenewalForm.submit()", $timeout * 1000 );

Index: renew.html
===================================================================
RCS file: /cvsroot/NoCatAuth/htdocs/renew.html,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 renew.html
--- renew.html	23 Jun 2003 03:02:53 -0000	1.1.1.1
+++ renew.html	14 Oct 2003 15:21:34 -0000
@@ -1,7 +1,7 @@
  <html>
  <head>
      <title>NoCat login agent</title>
-    <meta http-equiv="Refresh" content="$redirect" />
+    <meta http-equiv="Refresh" content="$redirecttime; $redirect" />
  </head>
  <body bgcolor="#FFFFFF">
  <p><a href="http://nocat.net" target="_blank"><img 
src="/images/auth_logo.gif" width="112" height="35" border="0"></a> </p>

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From jbarrett at pogozone.com  Tue Oct 14 16:40:00 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Tue, 14 Oct 2003 08:40:00 -0700
Subject: [NoCat] Nocat .82, patched with Radius/throttle patch
In-Reply-To: <3F8ADA2E.5060705@mapu.com>
References: <3F8ADA2E.5060705@mapu.com>
Message-ID: <3F8C18D0.9060206@pogozone.com>

I have posted an new full patch at 
http://www.pogozone.net/projects/nocat that should fix this problem. 
This is the only change in this patch.

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From shubhobiswas at hotmail.com  Tue Oct 14 18:00:35 2003
From: shubhobiswas at hotmail.com (Shubho Biswas)
Date: Tue, 14 Oct 2003 13:00:35 -0400
Subject: [NoCat] gpg errors
Message-ID: <BAY8-DAV41m47Frm2cp00002de4@hotmail.com>

This is a multi-part message in MIME format.

------=_NextPart_000_02C8_01C39253.28AD6920
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hey folks,

I've got a nocat gateway and a nocat auth server on the same network.  =
On my pc client IE, after I sign in, I get redirected back to the login =
page.  From my gateway's nocat.log, it looks like there's something =
wrong with my trustedkeys.gpg but I copied the one from my server's =
/usr/local/nocat/trustedkeys.gpg over to my gateway's =
/usr/local/nocat/gpg.  I then had to chown nocat:nogrp on =
/usr/local/nocat/pgp/* on the gateway to prevent unable to open file =
errors.  My nocat.log is below.  If anyone can give me a hint, that =
would be great.

[2003-10-13 22:24:07] Spawning child process 496.
[2003-10-13 22:24:07] Connection to 192.168.89.1 from 192.168.89.10
[2003-10-13 22:24:07] Capturing  192.168.89.10  for =
http://www.google.ca/
[2003-10-13 22:24:08] Notifying parent of Capture on peer =
00:0C:41:0C:71:18
[2003-10-13 22:24:08] Got notification Capture of peer 00:0C:41:0C:71:18
[2003-10-13 22:24:08] Child process returned 1
[2003-10-13 22:24:08] Spawning child process 497.
[2003-10-13 22:24:08] Connection to 192.168.89.1 from 192.168.89.10
[2003-10-13 22:24:08] Capturing  192.168.89.10  for =
http://www.download.windowsupdate.com/msdownload/update/v3/static/trusted=
r/en/authrootseq.txt
[2003-10-13 22:24:08] Notifying parent of Capture on peer =
00:0C:41:0C:71:18
[2003-10-13 22:24:08] Got notification Capture of peer 00:0C:41:0C:71:18
[2003-10-13 22:24:08] Child process returned 1
[2003-10-13 22:24:08] Connection to 192.168.89.1 from 192.168.89.10
[2003-10-13 22:24:08] Capturing  192.168.89.10  for =
http://www.download.windowsupdate.com/msdownload/update/v3/static/trusted=
r/en/authrootseq.txt
[2003-10-13 22:24:08] Spawning child process 498.
[2003-10-13 22:24:08] Notifying parent of Capture on peer =
00:0C:41:0C:71:18
[2003-10-13 22:24:08] Got notification Capture of peer 00:0C:41:0C:71:18
[2003-10-13 22:24:08] Child process returned 1
[2003-10-13 22:24:35] Spawning child process 499.
[2003-10-13 22:24:35] Connection to 192.168.89.1 from 192.168.89.10
[2003-10-13 22:24:35] Received notify from 192.168.89.10
[2003-10-13 22:24:35] gpg --decrypt =
--homedir=3D/usr/local/nocat/bin/../pgp --keyring trustedkeys.gpg =
--no-tty -o- returned error message:
gpg: Signature made Mon Oct 13 22:39:40 2003 UTC using DSA key ID =
DCD1F28B
gpg: [don't know]: invalid packet (ctb=3D00)
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks failed: invalid keyring
gpg: Can't check signature: public key not found
[2003-10-13 22:24:35] gpg --decrypt =
--homedir=3D/usr/local/nocat/bin/../pgp --keyring trustedkeys.gpg =
--no-tty -o- returned error: Illegal seek ( 2 )
[2003-10-13 22:24:35] Invalid notify from 192.168.89.10
[2003-10-13 22:24:36] Capturing  192.168.89.10  for =
http://192.168.89.1:5280/?ticket=3DowGbwMvMwCTIwrJz8Z2Ln7oZT09NYrDv1lzjm5=
jMaWBgZeBsZWIIIs0NrQwtuEKLU4s4Q%2f28%2ffzD%2fbgck0sy8%2fM4A1KLcjNLuELys1P=
zOFUMVQwMzI0NzE3MVMxNfbNS8z09qsK8KsIMU%2fWz9ZySfQy4glJTMotSk0s4M0pKCqz09c=
vLy%2fXS8%2fPTc1L1khP1uUIyc1PzS0s4zQwMuHzzU1I5i7MzC7g67JlZwe6COVSQST2VYZ6=
Nh1bqNeeXfx%2fq36rnq1TV8PCZMIVhfnXx4hlz9sj52bx9sit0i%2bc1S9EOLQA%3d%3dtQ0=
b
[2003-10-13 22:24:36] Notifying parent of Capture on peer =
00:0C:41:0C:71:18
[2003-10-13 22:24:36] Got notification Capture of peer 00:0C:41:0C:71:18
[2003-10-13 22:24:36] Child process returned 1


------=_NextPart_000_02C8_01C39253.28AD6920
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2733.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hey folks,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I've got a nocat gateway and a nocat =
auth server on=20
the same network.&nbsp; On my pc client IE, after I sign in, I get =
redirected=20
back to the login page.&nbsp;&nbsp;From my gateway's nocat.log, it looks =
like=20
there's something wrong with my trustedkeys.gpg but I copied the one =
from my=20
server's /usr/local/nocat/trustedkeys.gpg over to my gateway's=20
/usr/local/nocat/gpg.&nbsp; I then had to chown nocat:nogrp on=20
/usr/local/nocat/pgp/* on the gateway to prevent unable to open file=20
errors.&nbsp; My nocat.log is below.&nbsp; If anyone can give me a hint, =
that=20
would be great.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><FONT size=3D2>
<P>[2003-10-13 22:24:07] Spawning child process 496.<BR>[2003-10-13 =
22:24:07]=20
Connection to 192.168.89.1 from 192.168.89.10<BR>[2003-10-13 22:24:07]=20
Capturing&nbsp; 192.168.89.10&nbsp; for <A=20
href=3D"http://www.google.ca/">http://www.google.ca/</A><BR>[2003-10-13 =
22:24:08]=20
Notifying parent of Capture on peer 00:0C:41:0C:71:18<BR>[2003-10-13 =
22:24:08]=20
Got notification Capture of peer 00:0C:41:0C:71:18<BR>[2003-10-13 =
22:24:08]=20
Child process returned 1<BR>[2003-10-13 22:24:08] Spawning child process =

497.<BR>[2003-10-13 22:24:08] Connection to 192.168.89.1 from=20
192.168.89.10<BR>[2003-10-13 22:24:08] Capturing&nbsp; =
192.168.89.10&nbsp; for=20
<A=20
href=3D"http://www.download.windowsupdate.com/msdownload/update/v3/static=
/trustedr/en/authrootseq.txt">http://www.download.windowsupdate.com/msdow=
nload/update/v3/static/trustedr/en/authrootseq.txt</A><BR>[2003-10-13=20
22:24:08] Notifying parent of Capture on peer =
00:0C:41:0C:71:18<BR>[2003-10-13=20
22:24:08] Got notification Capture of peer =
00:0C:41:0C:71:18<BR>[2003-10-13=20
22:24:08] Child process returned 1<BR>[2003-10-13 22:24:08] Connection =
to=20
192.168.89.1 from 192.168.89.10<BR>[2003-10-13 22:24:08] Capturing&nbsp; =

192.168.89.10&nbsp; for <A=20
href=3D"http://www.download.windowsupdate.com/msdownload/update/v3/static=
/trustedr/en/authrootseq.txt">http://www.download.windowsupdate.com/msdow=
nload/update/v3/static/trustedr/en/authrootseq.txt</A><BR>[2003-10-13=20
22:24:08] Spawning child process 498.<BR>[2003-10-13 22:24:08] Notifying =
parent=20
of Capture on peer 00:0C:41:0C:71:18<BR>[2003-10-13 22:24:08] Got =
notification=20
Capture of peer 00:0C:41:0C:71:18<BR>[2003-10-13 22:24:08] Child process =

returned 1<BR>[2003-10-13 22:24:35] Spawning child process =
499.<BR>[2003-10-13=20
22:24:35] Connection to 192.168.89.1 from 192.168.89.10<BR>[2003-10-13 =
22:24:35]=20
Received notify from 192.168.89.10<BR>[2003-10-13 22:24:35] gpg =
--decrypt=20
--homedir=3D/usr/local/nocat/bin/../pgp --keyring trustedkeys.gpg =
--no-tty -o-=20
returned error message:<BR>gpg: Signature made Mon Oct 13 22:39:40 2003 =
UTC=20
using DSA key ID DCD1F28B<BR>gpg: [don't know]: invalid packet =
(ctb=3D00)<BR>gpg:=20
read_keyblock: read error: invalid packet<BR>gpg: enum_keyblocks failed: =
invalid=20
keyring<BR>gpg: Can't check signature: public key not =
found<BR>[2003-10-13=20
22:24:35] gpg --decrypt --homedir=3D/usr/local/nocat/bin/../pgp =
--keyring=20
trustedkeys.gpg --no-tty -o- returned error: Illegal seek ( 2 =
)<BR>[2003-10-13=20
22:24:35] Invalid notify from 192.168.89.10<BR>[2003-10-13 22:24:36]=20
Capturing&nbsp; 192.168.89.10&nbsp; for <A=20
href=3D"http://192.168.89.1:5280/?ticket=3DowGbwMvMwCTIwrJz8Z2Ln7oZT09NYr=
Dv1lzjm5jMaWBgZeBsZWIIIs0NrQwtuEKLU4s4Q%2f28%2ffzD%2fbgck0sy8%2fM4A1KLcjN=
LuELys1PzOFUMVQwMzI0NzE3MVMxNfbNS8z09qsK8KsIMU%2fWz9ZySfQy4glJTMotSk0s4M0=
pKCqz09cvLy%2fXS8%2fPTc1L1khP1uUIyc1PzS0s4zQwMuHzzU1I5i7MzC7g67JlZwe6COVS=
QST2VYZ6Nh1bqNeeXfx%2fq36rnq1TV8PCZMIVhfnXx4hlz9sj52bx9sit0i%2bc1S9EOLQA%=
3d%3dtQ0b">http://192.168.89.1:5280/?ticket=3DowGbwMvMwCTIwrJz8Z2Ln7oZT09=
NYrDv1lzjm5jMaWBgZeBsZWIIIs0NrQwtuEKLU4s4Q%2f28%2ffzD%2fbgck0sy8%2fM4A1KL=
cjNLuELys1PzOFUMVQwMzI0NzE3MVMxNfbNS8z09qsK8KsIMU%2fWz9ZySfQy4glJTMotSk0s=
4M0pKCqz09cvLy%2fXS8%2fPTc1L1khP1uUIyc1PzS0s4zQwMuHzzU1I5i7MzC7g67JlZwe6C=
OVSQST2VYZ6Nh1bqNeeXfx%2fq36rnq1TV8PCZMIVhfnXx4hlz9sj52bx9sit0i%2bc1S9EOL=
QA%3d%3dtQ0b</A><BR>[2003-10-13=20
22:24:36] Notifying parent of Capture on peer =
00:0C:41:0C:71:18<BR>[2003-10-13=20
22:24:36] Got notification Capture of peer =
00:0C:41:0C:71:18<BR>[2003-10-13=20
22:24:36] Child process returned 1</P></FONT></FONT></DIV></BODY></HTML>

------=_NextPart_000_02C8_01C39253.28AD6920--


From konetzed at linuxworkz.com  Tue Oct 14 19:14:54 2003
From: konetzed at linuxworkz.com (Edward Konetzko)
Date: Tue, 14 Oct 2003 13:14:54 -0500
Subject: [NoCat] IMAP.pm patch
Message-ID: <3F8C3D1E.1050702@linuxworkz.com>

This is a multi-part message in MIME format.
--------------020106060607040004060107
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Here is a patch that fixes login problems with the IMAP.pm file.  The 
problem was that users with no mail would recive a login error.  Reason 
being that the login function of Net::IMAP::Simple returns # of messages 
on success and an empty string on failure, well if you have no messages 
it returns a zero and that is false in an if statment and ya cant 
login.  Hopefully I explaned that well enough, not to good at perl so if 
someone could look it over that would be great.  I tested it with the 
following: user that didnt exist, user that does exists bad passwd with 
mail, user that does exists good password with mail, user that does 
exists bad passwd with no mail, user that does exists good password with 
no mail.  All test worked they way they were supposed to.


Edward Konetzko
konetzed@linuxworkz.com

--------------020106060607040004060107
Content-Type: text/plain;
 name="nocat.imap.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="nocat.imap.patch"

diff -Naur NoCatAuth-nightly/lib/NoCat/Source/IMAP.pm NoCatAuth-nightly.update/lib/NoCat/Source/IMAP.pm
--- NoCatAuth-nightly/lib/NoCat/Source/IMAP.pm	2003-03-06 19:24:21.000000000 -0600
+++ NoCatAuth-nightly.update/lib/NoCat/Source/IMAP.pm	2003-10-14 12:27:50.000000000 -0500
@@ -9,16 +9,32 @@
 
 sub authenticate_user {
     my ($self, $user_pw, $user) = @_;
+    my ($server, $returned);
     $user = $user->id;
 
-    my $server = new Net::IMAP::Simple( $self->{IMAP_Server} );
+    ### Make a new IMAP::Simple object
+    $server = new Net::IMAP::Simple( $self->{IMAP_Server} );
 
-    if( $server->login( $user,$user_pw ) )
+    ### Try to log in.
+    ### Returns int num of messages on success, nothing on fail
+    $returned = $server->login($user, $user_pw);
+
+    ### If login was a success, $returned will be defined
+    if (defined $returned)
     {
+      ### Login wasn't an empty string. So this user is valid
+
+      ### Close the connection and return success
       $server->quit;
       return 1;
-    } else {
+    }
+    else
+    {
+      ### Login returned an empty string. So this user is invalid
+
       $self->log( 4, "Tried to auth via " . $self->{IMAP_Server} );
+
+      ### Close the connection, log the failure, and return
       $server->quit;
       return $self->log( 4, "IMAP authentication unsuccessful." );
     }

--------------020106060607040004060107--



From cswenson at students.curry.edu  Wed Oct 15 00:05:22 2003
From: cswenson at students.curry.edu (Chris Swenson)
Date: Tue, 14 Oct 2003 19:05:22 -0400
Subject: [NoCat] does imap auth work
Message-ID: <1066172722.3f8c81320b3f3@stumail>

Hi all,  I downloaded the net::imap::simple mod set auth type to IMAP and put 
in the dns name of an imap server that is on the external side.  It did not 
work.  Since I did this thing last year I have forgotten everything I knew.  I 
know when I switch it back to Passwd it works fine.

Thanks in advance for any ideas.

CS



-------------------------------------------------
Visit us at http://www.curry.edu/welcome


From braga at intralab.com.br  Wed Oct 15 15:49:44 2003
From: braga at intralab.com.br (Roberto Braga)
Date: Wed, 15 Oct 2003 11:49:44 -0300
Subject: [NoCat] Problem using the Nocat checkrad script for Freeradius
Message-ID: <20031015144944.1764.qmail@esmeralda.intralab.com.br>

Hi all. 

I saw in this list a patch to enable Freeradius to check simultaneous-use 
with Nocat but when I try to run the perl script to check Nocat I receive 
the following error: 

[root@nocat bin]# ./checkrad
Can't locate HTTP/Request.pm in @INC (@INC contains: 
/usr/lib/perl5/5.8.1/i686-linux-thread-multi /usr/lib/perl5/5.8.1 
/usr/lib/perl5/site_perl/5.8.1/i686-linux-thread-multi 
/usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 
/usr/lib/perl5/site_perl .) at ./checkrad line 3. 

The script I am using: 

#!/usr/bin/perl 

require HTTP::Request;
require LWP::UserAgent; 

my $debug = true; 

# 192.168.0.1 0 foo 01058159212184670
my ($nas, $user, $session) = @ARGV; 

my $request = HTTP::Request->new(GET => "http://$nas:5280/status");
my $ua = LWP::UserAgent->new;
my $response = $ua->request($request); 

#my $pattern = qr/foo/g;
foreach ($response->content)
{
       print "DEBUG: $_" if $debug;
       #exit 0 if /$pattern/;
       exit 0 if /$session/;
} 

exit 1; 

Roberto Braga
Intralab Tecnologia
pabx.:551150824111
celular:551181366242


From joseluis at pinedawireless.net  Wed Oct 15 16:19:06 2003
From: joseluis at pinedawireless.net (Jose Luis Garcia)
Date: Wed, 15 Oct 2003 17:19:06 +0200
Subject: [NoCat] public login user
Message-ID: <11811657071.20031015171906@pinedawireless.net>

Hi all:

I have auth and Gw in two separate machines. It's working but when I
logon with a user ( passwd type) always have this in log:

[2003-10-14 21:40:08] Got auth msg:
Timeout 600
Token   $1$14226446$2n2CXuGZ3MSPGHXenPa7n1
Mode    login
Redirect        http://www.amena.es/
Mac     00:05:5D:4C:08:7C
User    jlgarcia
Action  Permit
[2003-10-14 21:40:09] User () v. trusted (Any)
[2003-10-14 21:40:09] User  jlgarcia  permitted in class Public

Why in class public if is a registered user.

Thanks.

  

-- 
Un saludo,
mailto:joseluis@pinedawireless.net



From jbarrett at pogozone.com  Wed Oct 15 16:48:49 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Wed, 15 Oct 2003 08:48:49 -0700
Subject: [NoCat] Problem using the Nocat checkrad script for Freeradius
In-Reply-To: <20031015144944.1764.qmail@esmeralda.intralab.com.br>
References: <20031015144944.1764.qmail@esmeralda.intralab.com.br>
Message-ID: <3F8D6C61.9090209@pogozone.com>

Roberto Braga wrote:
> Can't locate HTTP/Request.pm in @INC (@INC contains: 

You need to install the HTTP modules for perl.  See "man CPAN" for 
installing modules.  The module you will want is the LWP module.  I 
think the command to install all of it when running CPAN is "install 
Bundle::LWP".  Or if your OS has other means of installing perl modules 
use that, like FreeBSD ports system or RPMs.

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From robert at maknet.net  Wed Oct 15 21:34:14 2003
From: robert at maknet.net (RM)
Date: Wed, 15 Oct 2003 16:34:14 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de>
Message-ID: <00b401c3935b$b3402ba0$04280c0a@pinkpig>

> That may be because IE is redirected to https://10.12.41.1/cgi-bin/login.
> Can you point your browser to https://10.12.41.1/ to see if a apache
> with ssl is running there?
>

i tried https://10.12.41.1 and it doesnt work =( but just normal http
works....
changed it to passive also still no go....

So i guess the problem now is SSL since https:// is not coming up =(
i tried to set that up but im having problems on that also =X.... but well
i'll find help on that somewhere else since thats not related to nocat =)

thanks
Rob

----- Original Message -----
From: "Jochen Stärk" <jstaerk@usegroup.de>
To: "RM" <robert@maknet.net>
Cc: <nocat@lists.nocat.net>
Sent: Tuesday, October 14, 2003 7:50 AM
Subject: Re: [NoCat] need help, configuring nocat


> Hi Robert,
>
> >
> > authserver. So in /usr/local/nocat/gw/nocat.conf i have these options
> >
> > HomePage http://10.12.40.1
> >
> > GatewayMode Captive
> >
> Why not Passive? AFAIU passive means the same as captive, but works
> through NAT.
>
> > Theres other options also but i never touched those. When i changed it
> > to captive and gave it a authserviceaddr of 10.12.41.1 nothing works
> > anymore. When i try to surf any page , IE returns no page found.
>
> That may be because IE is redirected to https://10.12.41.1/cgi-bin/login.
> Can you point your browser to https://10.12.41.1/ to see if a apache
> with ssl is running there?
>
> >
> > BUT if i change GatewayMode to Open and comment out AuthServiceAddr i
> > get i believe is either the splash.html or status.html
> > because it says "Welcome to the NoCat network" and there's a login
> > button and it also says "There are currently 0 users connected, The
> > last connection was at:none."
> > After i press the login button im able to surf the net...
>
> AFAIK, because of architectural reasons, the gateway has to be, and the
> authserv can not be a standalone HTTP(S) server. So, to run an network,
> you may not have another http-server on the gateway machine listening to
> port 80, but you need apache and mod_ssl on port 443 of your authserv.
>
> >
> > Can anyone help me out? its something with my authserv i think but i
> > cant figure it out
> >
>
> try and have a look in /var/log/httpd/error_log if in doubt.
>
> > again this is a slackware 9 install with apache/dhcp installed. I
> > beleive SSL is installed also cuz the default apache page says
> > "The SSL/TLS-aware apache webserver was successfully installed on this
> > website."
> > apache interface to OpennSSL (mod_ssl)
>
> by the way: you can start apache in ssl mode with apachectl startssl, if
> you just do a apachectl start, there may be problems.
>
> bye,
> Jochen
>
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>



From michael at mapu.com  Wed Oct 15 21:35:53 2003
From: michael at mapu.com (Michael Klatsky)
Date: Wed, 15 Oct 2003 16:35:53 -0400
Subject: [NoCat] Nocat .82, patched with Radius/throttle patch
In-Reply-To: <3F8C18D0.9060206@pogozone.com>
References: <3F8ADA2E.5060705@mapu.com> <3F8C18D0.9060206@pogozone.com>
Message-ID: <3F8DAFA9.1020003@mapu.com>

Excellent- thanks.

Unfortunately the original issue still occurs:

The javascript pop-up, upon a successful authenticate, comes up with 
correct window including the logout message and button. At this point 
the main browser window shows the redirect message. After the 
appropriate redirect time (5 secs in this case), the main window 
continues on to the correct redirect page (yahoo.com in this case). 
Then, very quickly, the pop-up window redirects itself to an error 404, 
stating (not the real url)"The requested URL /cgi-bin/450; 
URL=https://authtester.auth.net/cgi-bin/login
was not found on this server.".

And from the webserver logs:

[Wed Oct 15 16:18:05 2003] [error] [client xx.xx.xx.xx] script not found 
or unable to stat: /usr/local/nocat/cgi-bin/450; URL=https:


Note that if I switch to nocat v0.82 with no patch applied- it works. 
When I apply the pacth, and install into a clean dir and restart apache- 
it doessn't.


Again- thanks for any and all help.




Jacob S. Barrett wrote:
> I have posted an new full patch at 
> http://www.pogozone.net/projects/nocat that should fix this problem. 
> This is the only change in this patch.
> 




From bob at ketterhagen.com  Wed Oct 15 22:04:59 2003
From: bob at ketterhagen.com (Bob Ketterhagen)
Date: Wed, 15 Oct 2003 17:04:59 -0400
Subject: [NoCat] Error in Authservice.pm and the new Radius patch still doesn't fix
 the popup for me.
Message-ID: <1066251899.20223.16.camel@funk.rednecks.net>

Howdy,

I run Auth and Gw on the same server in passive mode.		
My LocalNetwork is defined in my nocatgw/nocat.conf
and I have Netmask.pm installed properly. I still get
the error 
could not parse  at ../lib//NoCat/AuthService.pm line 77
In my apache error.log

I also just applied the new nocat radius patch hoping to get the logout
button back with the pop-up, to no avail. I get the same error as before
even with $redirecttime; added into the metatag.
It kinda pops up for a nano second then 404's.

If anyone is experiencing the same boogs or has a fix for my errors
please let me know.

below is a snip from a typical login from my apache error.log

[2003-10-15 16:47:21] User UNKNOWN from wifi-200.airplanet.org requests
form

[2003-10-15 16:47:29] User test0r from wifi-200.airplanet.org requests
form

[2003-10-15 16:47:29] could not parse  at ../lib//NoCat/AuthService.pm
line 77

[2003-10-15 16:47:29] Request from local ip wifi-200.airplanet.org,
directing to local gateway 10.90.90.1.

[2003-10-15 16:47:29] Connecting to RADIUS server 10.90.90.1 with
Timeout 5

[2003-10-15 16:47:30] gpg --sign --armor
--homedir=/usr/local/nocatauth/cgi-bin/../pgp --keyring trustedkeys.gpg
--no-tty -o- returned error message:
gpg: WARNING: unsafe permissions on homedir
"/usr/local/nocatauth/cgi-bin/../pgp"

[2003-10-15 16:47:30] could not parse  at ../lib//NoCat/AuthService.pm
line 77

[2003-10-15 16:47:30] Request from local ip wifi-200.airplanet.org,
directing to local gateway 10.90.90.1.




From shubhobiswas at hotmail.com  Wed Oct 15 23:36:30 2003
From: shubhobiswas at hotmail.com (Shubho Biswas)
Date: Wed, 15 Oct 2003 18:36:30 -0400
Subject: [NoCat] pgp nocatauth errors
Message-ID: <BAY8-F101GdMNFmWAFs00005ebd@hotmail.com>

>From the post below 
(http://lists.nocat.net/pipermail/nocat/2003-September/003682.html), it 
seems that the gpg version on the nocat auth server and gateway need to be 
the same.  I had thought that if the version on the server was higher, it 
would work fine with the gateway's older version.  But when I had that, I 
had the almost the exact same errors as quendor and my internet browser 
would loop back to the login page.  From gateway's nocat.log:

gpg --decrypt --homedir=/usr/local/nocat/bin/../pgp --keyring 
trustedkeys.gpg --no-tty -o- returned error message:
gpg: Signature made Wed Oct 15 21:35:33 2003 UTC using DSA key ID DCD1F28B
gpg: [don't know]: invalid packet (ctb=00)
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks failed: invalid keyring
gpg: Can't check signature: public key not found
gpg --decrypt --homedir=/usr/local/nocat/bin/../pgp --keyring 
trustedkeys.gpg --no-tty -o- returned error: Illegal seek ( 2 )

Like him, my gateway is running pebble.  I downgraded my server to use gpg 
1.0.6 to match my gateway.  Now I get Premature end of script headers: login 
in my browser.  No error indications in my gateway's nocat.log.  But I get 
these errors in my server's apache ssl_err_log:

[Wed Oct 15 18:14:56 2003] [error] [client 192.168.1.37] [2003-10-15 
18:14:56] User UNKNOWN from 192.168.1.37 requests form
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] Premature end of 
script headers: login, referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] [2003-10-15 
18:15:12] User sbiswas from 192.168.1.37 requests form, referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] [2003-10-15 
18:15:13] gpg --sign --armor --homedir=/usr/local/nocat/cgi-bin/../pgp 
--keyring trustedkeys.gpg --no-tty -o- returned error message:, referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] gpg: Warning: using 
insecure memory!, referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] gpg: [don't know]: 
invalid packet (ctb=00), referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] gpg: read_keyblock: 
read error: invalid packet, referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] gpg: enum_keyblocks 
failed: invalid keyring, referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] gpg: no default 
secret key: invalid keyring, referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] gpg: signing 
failed: invalid keyring, referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] [2003-10-15 
18:15:13] gpg --sign --armor --homedir=/usr/local/nocat/cgi-bin/../pgp 
--keyring trustedkeys.gpg --no-tty -o- returned error:  ( 2 ), referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280
[Wed Oct 15 18:15:13 2003] [error] [client 192.168.1.37] Can't call method 
"text" on an undefined value at ../lib//NoCat/AuthService.pm line 134., 
referer: 
https://192.168.1.41/cgi-bin/login?token=%241%2448775631%24msbp%2e6Wa3TJY80Ftwm6p1%2e&timeout=600&redirect=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3die%26pver%3d6%26ar%3dmsnhome&mac=00%3a02%3a6F%3a01%3a6B%3a92&gateway=192%2e168%2e89%2e1%3a5280

If anyone has any ideas, that would be much appreciated.

Shubho




--------------------------------------------------------------------------------------------------------
Niall,

Downgraded gpg on server to 1.0.6 and it now works! Many thanks.



>On Sun, Sep 21, 2003 at 08:42:32AM -0500, quendor@nandor.net wrote:
>
>You can't have different versions of gpg on the gateway and the authserver.
>Upgrade or downgrade one or the other and generate your keys again.
>
>NRM
>
>>I am attempting to install NoCatAuth and am having trouble with gpg. The 
>>error messges are:
>>
>>gpg --decrypt --homedir=/usr/local/nocat/bin/../pgp --keyring 
>>trustedkeys.gpg --no-tty -o- returned error: Illegal seek ( 2 )
>>gpg: Signature made Sun Sep 21 12:58:24 2003 UTC using DSA key ID 078F653B
>>gpg: [don't know]: invalid packet (ctb=00)
>>gpg: read_keyblock: read error: invalid packet
>>gpg: enum_keyblocks failed: invalid keyring
>>gpg: Can't check signature: public key not found
>>
>>I have copied trustedkeys.gpg from the server to the gateway.
>>I have changed permissions on trustedkeys.gpg on both server and gateway 
>>appropriately.
>>I have verified that the server and gateway trustedkeys.gpg are in fact 
>>the same.
>>I am running gpg 1.06 on gateway and gpg 1.2.2 on server.
>>I am running pebble on my gateway and debian (sarge)  on my server

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail



From robert at maknet.net  Thu Oct 16 05:38:47 2003
From: robert at maknet.net (RM)
Date: Thu, 16 Oct 2003 00:38:47 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de>
Message-ID: <012701c3939f$63f10990$04280c0a@pinkpig>

Ok i got SSL to work with my apache server now.  i start apache with
apachectl ssl and then enter the passphrase.

then i go to https://10.12.41.1 and it works and asl me to accept the cert
 http://10.12.41.1 works also.

but when i try yahoo or any other page it doesnt work, just gives me the
Page cannot be found
its not bring up the nocat htdocs pages

anyone know what the problem is?
someone please help =).. been trying this for almost a week =X

thanks
Rob

----- Original Message -----
From: "Jochen Stärk" <jstaerk@usegroup.de>
To: "RM" <robert@maknet.net>
Cc: <nocat@lists.nocat.net>
Sent: Tuesday, October 14, 2003 7:50 AM
Subject: Re: [NoCat] need help, configuring nocat


> Hi Robert,
>
> >
> > authserver. So in /usr/local/nocat/gw/nocat.conf i have these options
> >
> > HomePage http://10.12.41.1
> >
> > GatewayMode Captive
> >
> Why not Passive? AFAIU passive means the same as captive, but works
> through NAT.
>
> > Theres other options also but i never touched those. When i changed it
> > to captive and gave it a authserviceaddr of 10.12.41.1 nothing works
> > anymore. When i try to surf any page , IE returns no page found.
>
> That may be because IE is redirected to https://10.12.41.1/cgi-bin/login.
> Can you point your browser to https://10.12.41.1/ to see if a apache
> with ssl is running there?
>
> >
> > BUT if i change GatewayMode to Open and comment out AuthServiceAddr i
> > get i believe is either the splash.html or status.html
> > because it says "Welcome to the NoCat network" and there's a login
> > button and it also says "There are currently 0 users connected, The
> > last connection was at:none."
> > After i press the login button im able to surf the net...
>
> AFAIK, because of architectural reasons, the gateway has to be, and the
> authserv can not be a standalone HTTP(S) server. So, to run an network,
> you may not have another http-server on the gateway machine listening to
> port 80, but you need apache and mod_ssl on port 443 of your authserv.
>
> >
> > Can anyone help me out? its something with my authserv i think but i
> > cant figure it out
> >
>
> try and have a look in /var/log/httpd/error_log if in doubt.
>
> > again this is a slackware 9 install with apache/dhcp installed. I
> > beleive SSL is installed also cuz the default apache page says
> > "The SSL/TLS-aware apache webserver was successfully installed on this
> > website."
> > apache interface to OpennSSL (mod_ssl)
>
> by the way: you can start apache in ssl mode with apachectl startssl, if
> you just do a apachectl start, there may be problems.
>
> bye,
> Jochen
>
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>



From konetzed at linuxworkz.com  Thu Oct 16 19:01:44 2003
From: konetzed at linuxworkz.com (Edward Konetzko)
Date: Thu, 16 Oct 2003 13:01:44 -0500
Subject: [NoCat] need help, configuring nocat
In-Reply-To: <012701c3939f$63f10990$04280c0a@pinkpig>
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig>
Message-ID: <3F8EDD08.2090508@linuxworkz.com>

Two things
1. You prob want to regen your cert and not put an passphrase in other=20
wise apache will hang on unattened reboots i think. Someone correct me=20
if im wrong

2. Also have you changed your doc root? A good source of infomation is=20
too look at you httpd error log that will tell you where its looking for=20
the nocat files.

Thats all i can think of
Edward Konetzko


RM wrote:

>Ok i got SSL to work with my apache server now.  i start apache with
>apachectl ssl and then enter the passphrase.
>
>then i go to https://10.12.41.1 and it works and asl me to accept the ce=
rt
> http://10.12.41.1 works also.
>
>but when i try yahoo or any other page it doesnt work, just gives me the
>Page cannot be found
>its not bring up the nocat htdocs pages
>
>anyone know what the problem is?
>someone please help =3D).. been trying this for almost a week =3DX
>
>thanks
>Rob
>
>----- Original Message -----
>From: "Jochen St=E4rk" <jstaerk@usegroup.de>
>To: "RM" <robert@maknet.net>
>Cc: <nocat@lists.nocat.net>
>Sent: Tuesday, October 14, 2003 7:50 AM
>Subject: Re: [NoCat] need help, configuring nocat
>
>
> =20
>
>>Hi Robert,
>>
>>   =20
>>
>>>authserver. So in /usr/local/nocat/gw/nocat.conf i have these options
>>>
>>>HomePage http://10.12.41.1
>>>
>>>GatewayMode Captive
>>>
>>>     =20
>>>
>>Why not Passive? AFAIU passive means the same as captive, but works
>>through NAT.
>>
>>   =20
>>
>>>Theres other options also but i never touched those. When i changed it
>>>to captive and gave it a authserviceaddr of 10.12.41.1 nothing works
>>>anymore. When i try to surf any page , IE returns no page found.
>>>     =20
>>>
>>That may be because IE is redirected to https://10.12.41.1/cgi-bin/logi=
n.
>>Can you point your browser to https://10.12.41.1/ to see if a apache
>>with ssl is running there?
>>
>>   =20
>>
>>>BUT if i change GatewayMode to Open and comment out AuthServiceAddr i
>>>get i believe is either the splash.html or status.html
>>>because it says "Welcome to the NoCat network" and there's a login
>>>button and it also says "There are currently 0 users connected, The
>>>last connection was at:none."
>>>After i press the login button im able to surf the net...
>>>     =20
>>>
>>AFAIK, because of architectural reasons, the gateway has to be, and the
>>authserv can not be a standalone HTTP(S) server. So, to run an network,
>>you may not have another http-server on the gateway machine listening t=
o
>>port 80, but you need apache and mod_ssl on port 443 of your authserv.
>>
>>   =20
>>
>>>Can anyone help me out? its something with my authserv i think but i
>>>cant figure it out
>>>
>>>     =20
>>>
>>try and have a look in /var/log/httpd/error_log if in doubt.
>>
>>   =20
>>
>>>again this is a slackware 9 install with apache/dhcp installed. I
>>>beleive SSL is installed also cuz the default apache page says
>>>"The SSL/TLS-aware apache webserver was successfully installed on this
>>>website."
>>>apache interface to OpennSSL (mod_ssl)
>>>     =20
>>>
>>by the way: you can start apache in ssl mode with apachectl startssl, i=
f
>>you just do a apachectl start, there may be problems.
>>
>>bye,
>>Jochen
>>
>>
>>_______________________________________________
>>NoCat mailing list
>>NoCat@lists.nocat.net
>>http://lists.nocat.net/mailman/listinfo/nocat
>>
>>   =20
>>
>
>
>_______________________________________________
>NoCat mailing list
>NoCat@lists.nocat.net
>http://lists.nocat.net/mailman/listinfo/nocat
> =20
>




From christof.kallfass at nexgo.de  Thu Oct 16 21:28:07 2003
From: christof.kallfass at nexgo.de (Christof Kallfass)
Date: Thu, 16 Oct 2003 22:28:07 +0200
Subject: [NoCat] Bad token problem
In-Reply-To: <20031016190002.5315.40675.Mailman@mouse>
Message-ID: <DFEJIENGFLGHMNMNMDLGEEABCFAA.christof.kallfass@nexgo.de>

Hi nocat developpers,

I'm running some patched nocat gateways (Ver. 0.81) and a separate auth
server (Ver. 0.81). Some clients which are running connections before or
while authenticating have problems to login properly and I receive a bad
token match error message. Clients which only start their browser and login
don't have any problems and it seems as the connections are (maybe) captured
x times. The filter for windowsupdate.com is aplied to initialize.fw. Some
clients which have these problem get in after x (3-5) retries others don't
have a chance to login properly.

Does anyone had the same or similar problem or any opinion what may be the
cause of this behaviour?

Thanks for any help.

Best regards,

Christof


Here are the logfiles of the gateway:

[2003-10-16 10:33:07] Connection to 172.30.1.46 from 172.30.1.41
[2003-10-16 10:33:07] Capturing  172.30.1.41  for
http://cgicounter.puretec.de/cgi-bin/cnt?clsid=xxxx
[2003-10-16 10:33:08] Connection to 172.30.1.46 from 172.30.1.41
[2003-10-16 10:33:08] Capturing  172.30.1.41  for
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/e
n/authrootseq.txt
[2003-10-16 10:33:09] Connection to 172.30.1.46 from 172.30.1.41
[2003-10-16 10:33:09] Capturing  172.30.1.41  for
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/e
n/authrootseq.txt
[2003-10-16 10:33:23] Connection to 172.30.1.46 from 172.30.1.41
[2003-10-16 10:33:23] Capturing  172.30.1.41  for http://www.rheingau.de/
[2003-10-16 10:33:36] Connection to 217.88.221.240 from 213.20.214.134
[2003-10-16 10:33:36] Received notify 00:xx:xx:D5:D4:34 from 213.20.214.134
gpgv: Signature made Thu Oct 16 10:33:36 2003 CEST using DSA key ID 22E3413C
gpgv: Good signature from "Admin (Auth Service Admin)
<administrator@cegelec-asp.de>"
[2003-10-16 10:33:36] Got auth msg Redirect	http://www.rheingau.de/
Mac	00:xx:xx:D5:D4:34
Action	Permit
User	xxx
Mode	login
Gwname	xxx
Timeout	300
Token	$1$01807944$kU3r0sL/VQqD8NULY3R6Y/
[2003-10-16 10:33:36] 404: Bad token match from 00:xx:xx:D5:D4:34:
$1$01807944$kU3r0sL/VQqD8NULY3R6Y/ != $1$98227274$0LAT0HwHVYu1MCgSWexyJ0
[2003-10-16 10:33:36] Responding with:404 Bad token match from
00:10:DC:D5:D4:34: $1$01807944$kU3r0sL/VQqD8NULY3R6Y/ !=
$1$98227274$0LAT0HwHVYu1MCgSWexyJ0

and the authserver:

[2003-10-16 10:33:27] User UNKNOWN from xxx 217.88.221.240 requests form
[2003-10-16 10:33:36] User xxx from xxx 217.88.221.240 requests login
[2003-10-16 10:33:37] Gateway returned 404 (Bad token match from
00:xx:xx:D5:D4:34: $1$01807944$kU3r0sL/VQqD8NULY3R6Y/ !=
$1$98227274$0LAT0HwHVYu1MCgSWexyJ0 ) for 00:xx:xx:D5:D4:34.





From joseluis at pinedawireless.net  Thu Oct 16 21:33:37 2003
From: joseluis at pinedawireless.net (Jose Luis Garcia)
Date: Thu, 16 Oct 2003 22:33:37 +0200
Subject: [NoCat] assign user to group from register form
Message-ID: <1467050257.20031016223337@pinedawireless.net>

Hi all,

When a user do a register from the register form this user goes to
etc/passwd file. The problem is that if this user is not in a group he
never will be permited in member class (only in Public class) so the
register form is useless.

How can I resolve this little problem? Can I do something to assign a
user always to a default group?


  

-- 
Un saludo,
mailto:joseluis@pinedawireless.net



From robert at maknet.net  Fri Oct 17 02:11:28 2003
From: robert at maknet.net (RM)
Date: Thu, 16 Oct 2003 21:11:28 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com>
Message-ID: <019a01c3944b$98293000$04280c0a@pinkpig>

Ok now i got the login page to come up. Thanks for all the replies to my
problem that pointed me in the right direction to get this part working =)
BUT

i have another problem now heheh.. (there's like one problem after the other
=] )

the problem that im having now is that i created a user for me to login. Im
using passwd, i used the admtool to create the user. i did this

-bin/admintool -c NewUser motdepasse
-bin/admintool -a NewUser VIPGRP
-bin/admintool -A NewUser VIPGRP

after i've done that i try to login i get a Internal Server Error.
and when i look at the apache error_log this is what i see

[2003-10-16 21:03:54] User NewUser from 10.12.41.10 requests form
[2003-10-16 21:03:54]
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
trustedkeys.gpg --no-tty -o- retur
ned error message:
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: can't open `/usr/local/nocat/authserv/pgp/secring.gpg'
gpg: keydb_search failed: file open error
gpg: no default secret key: file open error
gpg: signing failed: file open error
[2003-10-16 21:03:54]
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
trustedkeys.gpg --no-tty -o- retur
ned error: Illegal seek ( 2 )
Can't call method "text" on an undefined value at
../lib//NoCat/AuthService.pm line 134.
[Thu Oct 16 21:03:54 2003] [error] [client 10.12.41.10] Premature end of
script headers: /usr/local/nocat/authserv/cgi-bin/lo
gin

So i thoguht something was wrong with my keys... so i redid it again with no
passphrase using these command from the samemachine.txt file

$ make PREFIX=/usr/local/nocat/authserv pgpkey

$ cp /usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gw/pgp

Can anyone take a stab at this problem now ? =X

this info is for some that wants to know about my config

im not running pebble, its a fresh install of slackware 9, and gateway and
authserv is running on the same machine.

Thanks again!!!

rob


> RM wrote:
>
> >Ok i got SSL to work with my apache server now.  i start apache with
> >apachectl ssl and then enter the passphrase.
> >
> >then i go to https://10.12.41.1 and it works and asl me to accept the
cert
> > http://10.12.41.1 works also.
> >
> >but when i try yahoo or any other page it doesnt work, just gives me the
> >Page cannot be found
> >its not bring up the nocat htdocs pages
> >
> >anyone know what the problem is?
> >someone please help =).. been trying this for almost a week =X
> >
> >thanks
> >Rob
> >
> >----- Original Message -----
> >From: "Jochen Stärk" <jstaerk@usegroup.de>
> >To: "RM" <robert@maknet.net>
> >Cc: <nocat@lists.nocat.net>
> >Sent: Tuesday, October 14, 2003 7:50 AM
> >Subject: Re: [NoCat] need help, configuring nocat
> >
> >
> >
> >
> >>Hi Robert,
> >>
> >>
> >>
> >>>authserver. So in /usr/local/nocat/gw/nocat.conf i have these options
> >>>
> >>>HomePage http://10.12.41.1
> >>>
> >>>GatewayMode Captive
> >>>
> >>>
> >>>
> >>Why not Passive? AFAIU passive means the same as captive, but works
> >>through NAT.
> >>
> >>
> >>
> >>>Theres other options also but i never touched those. When i changed it
> >>>to captive and gave it a authserviceaddr of 10.12.41.1 nothing works
> >>>anymore. When i try to surf any page , IE returns no page found.
> >>>
> >>>
> >>That may be because IE is redirected to
https://10.12.41.1/cgi-bin/login.
> >>Can you point your browser to https://10.12.41.1/ to see if a apache
> >>with ssl is running there?
> >>
> >>
> >>
> >>>BUT if i change GatewayMode to Open and comment out AuthServiceAddr i
> >>>get i believe is either the splash.html or status.html
> >>>because it says "Welcome to the NoCat network" and there's a login
> >>>button and it also says "There are currently 0 users connected, The
> >>>last connection was at:none."
> >>>After i press the login button im able to surf the net...
> >>>
> >>>
> >>AFAIK, because of architectural reasons, the gateway has to be, and the
> >>authserv can not be a standalone HTTP(S) server. So, to run an network,
> >>you may not have another http-server on the gateway machine listening to
> >>port 80, but you need apache and mod_ssl on port 443 of your authserv.
> >>
> >>
> >>
> >>>Can anyone help me out? its something with my authserv i think but i
> >>>cant figure it out
> >>>
> >>>
> >>>
> >>try and have a look in /var/log/httpd/error_log if in doubt.
> >>
> >>
> >>
> >>>again this is a slackware 9 install with apache/dhcp installed. I
> >>>beleive SSL is installed also cuz the default apache page says
> >>>"The SSL/TLS-aware apache webserver was successfully installed on this
> >>>website."
> >>>apache interface to OpennSSL (mod_ssl)
> >>>
> >>>
> >>by the way: you can start apache in ssl mode with apachectl startssl, if
> >>you just do a apachectl start, there may be problems.
> >>
> >>bye,
> >>Jochen
> >>
> >>
> >>_______________________________________________
> >>NoCat mailing list
> >>NoCat@lists.nocat.net
> >>http://lists.nocat.net/mailman/listinfo/nocat
> >>
> >>
> >>
> >
> >
> >_______________________________________________
> >NoCat mailing list
> >NoCat@lists.nocat.net
> >http://lists.nocat.net/mailman/listinfo/nocat
> >
> >
>
>
>




From robert at maknet.net  Fri Oct 17 04:39:30 2003
From: robert at maknet.net (RM)
Date: Thu, 16 Oct 2003 23:39:30 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com> <019a01c3944b$98293000$04280c0a@pinkpig> <3F8F5C2C.2060408@causey.org>
Message-ID: <01a501c39460$46c458b0$04280c0a@pinkpig>

ok changed the permissions of that file to nobody since in httpd.conf  its
User nobody
Group nobody

now when i try to login i get this apache error... boy ohh boy i have a lot
of problems with this hehe =)

[2003-10-16 23:38:50] User NewUser from 10.12.41.10 requests form
[2003-10-16 23:38:50]
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
trustedkeys.gpg --no-tty -o- retur
ned error message:
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
gpg: keydb_search failed: file open error
gpg: key 532BDA2E: secret key without public key - skipped
gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
gpg: keydb_search failed: file open error
gpg: key 4E2572D2: secret key without public key - skipped
gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
gpg: keydb_search failed: file open error
gpg: key B4B61340: secret key without public key - skipped
gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
gpg: keydb_search failed: file open error
gpg: key 4BAFFEE9: secret key without public key - skipped
gpg: no default secret key: secret key not available
gpg: signing failed: secret key not available
[2003-10-16 23:38:50]
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
trustedkeys.gpg --no-tty -o- retur
ned error: Broken pipe ( 2 )
Can't call method "text" on an undefined value at
../lib//NoCat/AuthService.pm line 134.
[Thu Oct 16 23:38:50 2003] [error] [client 10.12.41.10] Premature end of
script headers: /usr/local/nocat/authserv/cgi-bin/lo
gin


thanks again

----- Original Message -----
From: "Robert Causey" <robert@causey.org>
To: "RM" <robert@maknet.net>
Cc: <nocat@lists.nocat.net>
Sent: Thursday, October 16, 2003 11:04 PM
Subject: Re: [NoCat] need help, configuring nocat


> Rob,
>
> the error in the log "/usr/local/nocat/authserv/pgp/secring.gpg"
> indicates that apache either can't find the file secring.gpg in
> th path indicated, or the permissions are wrong on the file,
> such that apache can't access them. check the file (ls -l) vs
> the user that apache is running as (in httpd.conf).
>
> Robert Causey
>
> RM wrote:
>
> > Ok now i got the login page to come up. Thanks for all the replies to my
> > problem that pointed me in the right direction to get this part working
=)
> > BUT
> >
> > i have another problem now heheh.. (there's like one problem after the
other
> > =] )
> >
> > the problem that im having now is that i created a user for me to login.
Im
> > using passwd, i used the admtool to create the user. i did this
> >
> > -bin/admintool -c NewUser motdepasse
> > -bin/admintool -a NewUser VIPGRP
> > -bin/admintool -A NewUser VIPGRP
> >
> > after i've done that i try to login i get a Internal Server Error.
> > and when i look at the apache error_log this is what i see
> >
> > [2003-10-16 21:03:54] User NewUser from 10.12.41.10 requests form
> > [2003-10-16 21:03:54]
> > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > trustedkeys.gpg --no-tty -o- retur
> > ned error message:
> > gpg: WARNING: using insecure memory!
> > gpg: please see http://www.gnupg.org/faq.html for more information
> > gpg: can't open `/usr/local/nocat/authserv/pgp/secring.gpg'
> > gpg: keydb_search failed: file open error
> > gpg: no default secret key: file open error
> > gpg: signing failed: file open error
> > [2003-10-16 21:03:54]
> > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > trustedkeys.gpg --no-tty -o- retur
> > ned error: Illegal seek ( 2 )
> > Can't call method "text" on an undefined value at
> > ../lib//NoCat/AuthService.pm line 134.
> > [Thu Oct 16 21:03:54 2003] [error] [client 10.12.41.10] Premature end of
> > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > gin
> >
> > So i thoguht something was wrong with my keys... so i redid it again
with no
> > passphrase using these command from the samemachine.txt file
> >
> > $ make PREFIX=/usr/local/nocat/authserv pgpkey
> >
> > $ cp /usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gw/pgp
> >
> > Can anyone take a stab at this problem now ? =X
> >
> > this info is for some that wants to know about my config
> >
> > im not running pebble, its a fresh install of slackware 9, and gateway
and
> > authserv is running on the same machine.
> >
> > Thanks again!!!
> >
> > rob
> >
> >
> >
> >>RM wrote:
> >>
> >>
> >>>Ok i got SSL to work with my apache server now.  i start apache with
> >>>apachectl ssl and then enter the passphrase.
> >>>
> >>>then i go to https://10.12.41.1 and it works and asl me to accept the
> >
> > cert
> >
> >>>http://10.12.41.1 works also.
> >>>
> >>>but when i try yahoo or any other page it doesnt work, just gives me
the
> >>>Page cannot be found
> >>>its not bring up the nocat htdocs pages
> >>>
> >>>anyone know what the problem is?
> >>>someone please help =).. been trying this for almost a week =X
> >>>
> >>>thanks
> >>>Rob
> >>>
> >>>----- Original Message -----
> >>>From: "Jochen Stärk" <jstaerk@usegroup.de>
> >>>To: "RM" <robert@maknet.net>
> >>>Cc: <nocat@lists.nocat.net>
> >>>Sent: Tuesday, October 14, 2003 7:50 AM
> >>>Subject: Re: [NoCat] need help, configuring nocat
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>Hi Robert,
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>authserver. So in /usr/local/nocat/gw/nocat.conf i have these options
> >>>>>
> >>>>>HomePage http://10.12.41.1
> >>>>>
> >>>>>GatewayMode Captive
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>Why not Passive? AFAIU passive means the same as captive, but works
> >>>>through NAT.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>Theres other options also but i never touched those. When i changed
it
> >>>>>to captive and gave it a authserviceaddr of 10.12.41.1 nothing works
> >>>>>anymore. When i try to surf any page , IE returns no page found.
> >>>>>
> >>>>>
> >>>>
> >>>>That may be because IE is redirected to
> >
> > https://10.12.41.1/cgi-bin/login.
> >
> >>>>Can you point your browser to https://10.12.41.1/ to see if a apache
> >>>>with ssl is running there?
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>BUT if i change GatewayMode to Open and comment out AuthServiceAddr i
> >>>>>get i believe is either the splash.html or status.html
> >>>>>because it says "Welcome to the NoCat network" and there's a login
> >>>>>button and it also says "There are currently 0 users connected, The
> >>>>>last connection was at:none."
> >>>>>After i press the login button im able to surf the net...
> >>>>>
> >>>>>
> >>>>
> >>>>AFAIK, because of architectural reasons, the gateway has to be, and
the
> >>>>authserv can not be a standalone HTTP(S) server. So, to run an
network,
> >>>>you may not have another http-server on the gateway machine listening
to
> >>>>port 80, but you need apache and mod_ssl on port 443 of your authserv.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>Can anyone help me out? its something with my authserv i think but i
> >>>>>cant figure it out
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>try and have a look in /var/log/httpd/error_log if in doubt.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>again this is a slackware 9 install with apache/dhcp installed. I
> >>>>>beleive SSL is installed also cuz the default apache page says
> >>>>>"The SSL/TLS-aware apache webserver was successfully installed on
this
> >>>>>website."
> >>>>>apache interface to OpennSSL (mod_ssl)
> >>>>>
> >>>>>
> >>>>
> >>>>by the way: you can start apache in ssl mode with apachectl startssl,
if
> >>>>you just do a apachectl start, there may be problems.
> >>>>
> >>>>bye,
> >>>>Jochen
> >>>>
> >>>>
> >>>>_______________________________________________
> >>>>NoCat mailing list
> >>>>NoCat@lists.nocat.net
> >>>>http://lists.nocat.net/mailman/listinfo/nocat
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>_______________________________________________
> >>>NoCat mailing list
> >>>NoCat@lists.nocat.net
> >>>http://lists.nocat.net/mailman/listinfo/nocat
> >>>
> >>>
> >>
> >>
> >>
> >
> >
> >
> > _______________________________________________
> > NoCat mailing list
> > NoCat@lists.nocat.net
> > http://lists.nocat.net/mailman/listinfo/nocat
> >
>
>



From shubhobiswas at hotmail.com  Fri Oct 17 05:09:28 2003
From: shubhobiswas at hotmail.com (Shubho Biswas)
Date: Fri, 17 Oct 2003 00:09:28 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com> <019a01c3944b$98293000$04280c0a@pinkpig> <3F8F5C2C.2060408@causey.org> <01a501c39460$46c458b0$04280c0a@pinkpig>
Message-ID: <BAY8-DAV10NCY9sxusY00004c2a@hotmail.com>

Did you chown user:group /usr/local/nocat/authserv/pgp and
/usr/local/nocat/authserv/pgp/* to what your apache runs as?

----- Original Message -----
From: "RM" <robert@maknet.net>
To: <nocat@lists.nocat.net>
Sent: Thursday, October 16, 2003 11:39 PM
Subject: Re: [NoCat] need help, configuring nocat


> ok changed the permissions of that file to nobody since in httpd.conf  its
> User nobody
> Group nobody
>
> now when i try to login i get this apache error... boy ohh boy i have a
lot
> of problems with this hehe =)
>
> [2003-10-16 23:38:50] User NewUser from 10.12.41.10 requests form
> [2003-10-16 23:38:50]
> gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> trustedkeys.gpg --no-tty -o- retur
> ned error message:
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> gpg: keydb_search failed: file open error
> gpg: key 532BDA2E: secret key without public key - skipped
> gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> gpg: keydb_search failed: file open error
> gpg: key 4E2572D2: secret key without public key - skipped
> gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> gpg: keydb_search failed: file open error
> gpg: key B4B61340: secret key without public key - skipped
> gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> gpg: keydb_search failed: file open error
> gpg: key 4BAFFEE9: secret key without public key - skipped
> gpg: no default secret key: secret key not available
> gpg: signing failed: secret key not available
> [2003-10-16 23:38:50]
> gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> trustedkeys.gpg --no-tty -o- retur
> ned error: Broken pipe ( 2 )
> Can't call method "text" on an undefined value at
> ../lib//NoCat/AuthService.pm line 134.
> [Thu Oct 16 23:38:50 2003] [error] [client 10.12.41.10] Premature end of
> script headers: /usr/local/nocat/authserv/cgi-bin/lo
> gin
>
>
> thanks again
>
> ----- Original Message -----
> From: "Robert Causey" <robert@causey.org>
> To: "RM" <robert@maknet.net>
> Cc: <nocat@lists.nocat.net>
> Sent: Thursday, October 16, 2003 11:04 PM
> Subject: Re: [NoCat] need help, configuring nocat
>
>
> > Rob,
> >
> > the error in the log "/usr/local/nocat/authserv/pgp/secring.gpg"
> > indicates that apache either can't find the file secring.gpg in
> > th path indicated, or the permissions are wrong on the file,
> > such that apache can't access them. check the file (ls -l) vs
> > the user that apache is running as (in httpd.conf).
> >
> > Robert Causey
> >
> > RM wrote:
> >
> > > Ok now i got the login page to come up. Thanks for all the replies to
my
> > > problem that pointed me in the right direction to get this part
working
> =)
> > > BUT
> > >
> > > i have another problem now heheh.. (there's like one problem after the
> other
> > > =] )
> > >
> > > the problem that im having now is that i created a user for me to
login.
> Im
> > > using passwd, i used the admtool to create the user. i did this
> > >
> > > -bin/admintool -c NewUser motdepasse
> > > -bin/admintool -a NewUser VIPGRP
> > > -bin/admintool -A NewUser VIPGRP
> > >
> > > after i've done that i try to login i get a Internal Server Error.
> > > and when i look at the apache error_log this is what i see
> > >
> > > [2003-10-16 21:03:54] User NewUser from 10.12.41.10 requests form
> > > [2003-10-16 21:03:54]
> > > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > trustedkeys.gpg --no-tty -o- retur
> > > ned error message:
> > > gpg: WARNING: using insecure memory!
> > > gpg: please see http://www.gnupg.org/faq.html for more information
> > > gpg: can't open `/usr/local/nocat/authserv/pgp/secring.gpg'
> > > gpg: keydb_search failed: file open error
> > > gpg: no default secret key: file open error
> > > gpg: signing failed: file open error
> > > [2003-10-16 21:03:54]
> > > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > trustedkeys.gpg --no-tty -o- retur
> > > ned error: Illegal seek ( 2 )
> > > Can't call method "text" on an undefined value at
> > > ../lib//NoCat/AuthService.pm line 134.
> > > [Thu Oct 16 21:03:54 2003] [error] [client 10.12.41.10] Premature end
of
> > > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > > gin
> > >
> > > So i thoguht something was wrong with my keys... so i redid it again
> with no
> > > passphrase using these command from the samemachine.txt file
> > >
> > > $ make PREFIX=/usr/local/nocat/authserv pgpkey
> > >
> > > $ cp /usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gw/pgp
> > >
> > > Can anyone take a stab at this problem now ? =X
> > >
> > > this info is for some that wants to know about my config
> > >
> > > im not running pebble, its a fresh install of slackware 9, and gateway
> and
> > > authserv is running on the same machine.
> > >
> > > Thanks again!!!
> > >
> > > rob
> > >
> > >
> > >
> > >>RM wrote:
> > >>
> > >>
> > >>>Ok i got SSL to work with my apache server now.  i start apache with
> > >>>apachectl ssl and then enter the passphrase.
> > >>>
> > >>>then i go to https://10.12.41.1 and it works and asl me to accept the
> > >
> > > cert
> > >
> > >>>http://10.12.41.1 works also.
> > >>>
> > >>>but when i try yahoo or any other page it doesnt work, just gives me
> the
> > >>>Page cannot be found
> > >>>its not bring up the nocat htdocs pages
> > >>>
> > >>>anyone know what the problem is?
> > >>>someone please help =).. been trying this for almost a week =X
> > >>>
> > >>>thanks
> > >>>Rob
> > >>>
> > >>>----- Original Message -----
> > >>>From: "Jochen Stärk" <jstaerk@usegroup.de>
> > >>>To: "RM" <robert@maknet.net>
> > >>>Cc: <nocat@lists.nocat.net>
> > >>>Sent: Tuesday, October 14, 2003 7:50 AM
> > >>>Subject: Re: [NoCat] need help, configuring nocat
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>>Hi Robert,
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>>authserver. So in /usr/local/nocat/gw/nocat.conf i have these
options
> > >>>>>
> > >>>>>HomePage http://10.12.41.1
> > >>>>>
> > >>>>>GatewayMode Captive
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>Why not Passive? AFAIU passive means the same as captive, but works
> > >>>>through NAT.
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>>Theres other options also but i never touched those. When i changed
> it
> > >>>>>to captive and gave it a authserviceaddr of 10.12.41.1 nothing
works
> > >>>>>anymore. When i try to surf any page , IE returns no page found.
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>That may be because IE is redirected to
> > >
> > > https://10.12.41.1/cgi-bin/login.
> > >
> > >>>>Can you point your browser to https://10.12.41.1/ to see if a apache
> > >>>>with ssl is running there?
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>>BUT if i change GatewayMode to Open and comment out AuthServiceAddr
i
> > >>>>>get i believe is either the splash.html or status.html
> > >>>>>because it says "Welcome to the NoCat network" and there's a login
> > >>>>>button and it also says "There are currently 0 users connected, The
> > >>>>>last connection was at:none."
> > >>>>>After i press the login button im able to surf the net...
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>AFAIK, because of architectural reasons, the gateway has to be, and
> the
> > >>>>authserv can not be a standalone HTTP(S) server. So, to run an
> network,
> > >>>>you may not have another http-server on the gateway machine
listening
> to
> > >>>>port 80, but you need apache and mod_ssl on port 443 of your
authserv.
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>>Can anyone help me out? its something with my authserv i think but
i
> > >>>>>cant figure it out
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>try and have a look in /var/log/httpd/error_log if in doubt.
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>>again this is a slackware 9 install with apache/dhcp installed. I
> > >>>>>beleive SSL is installed also cuz the default apache page says
> > >>>>>"The SSL/TLS-aware apache webserver was successfully installed on
> this
> > >>>>>website."
> > >>>>>apache interface to OpennSSL (mod_ssl)
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>by the way: you can start apache in ssl mode with apachectl
startssl,
> if
> > >>>>you just do a apachectl start, there may be problems.
> > >>>>
> > >>>>bye,
> > >>>>Jochen
> > >>>>
> > >>>>
> > >>>>_______________________________________________
> > >>>>NoCat mailing list
> > >>>>NoCat@lists.nocat.net
> > >>>>http://lists.nocat.net/mailman/listinfo/nocat
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>>_______________________________________________
> > >>>NoCat mailing list
> > >>>NoCat@lists.nocat.net
> > >>>http://lists.nocat.net/mailman/listinfo/nocat
> > >>>
> > >>>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > > _______________________________________________
> > > NoCat mailing list
> > > NoCat@lists.nocat.net
> > > http://lists.nocat.net/mailman/listinfo/nocat
> > >
> >
> >
>
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>


From robert at maknet.net  Fri Oct 17 05:54:52 2003
From: robert at maknet.net (RM)
Date: Fri, 17 Oct 2003 00:54:52 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com> <019a01c3944b$98293000$04280c0a@pinkpig> <3F8F5C2C.2060408@causey.org> <01a501c39460$46c458b0$04280c0a@pinkpig> <BAY8-DAV10NCY9sxusY00004c2a@hotmail.com>
Message-ID: <01b501c3946a$cd618370$04280c0a@pinkpig>

yea  /usr/local/nocat/authserv/pgp and  /usr/local/nocat/authserv/pgp/*  are
owned by nobody....

i was messing around with it more before but wasnt sure what i did.... but
the previous error is gone but i have another LOL
so i guess no more problem finding the key and opening now it. Its something
else with the key now =X

[2003-10-17 00:51:12] User NewUser from 10.12.41.10 requests form
[2003-10-17 00:51:13]
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
trustedkeys.gpg --no-tty -o- retur
ned error message:
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Sorry, no terminal at all requested - can't get input
[2003-10-17 00:51:13]
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
trustedkeys.gpg --no-tty -o- retur
ned error: Illegal seek ( 2 )
Can't call method "text" on an undefined value at
../lib//NoCat/AuthService.pm line 134.
[Fri Oct 17 00:51:13 2003] [error] [client 10.12.41.10] Premature end of
script headers: /usr/local/nocat/authserv/cgi-bin/lo
gin

thanks again everyone


----- Original Message -----
From: "Shubho Biswas" <shubhobiswas@hotmail.com>
To: <nocat@lists.nocat.net>
Sent: Friday, October 17, 2003 12:09 AM
Subject: Re: [NoCat] need help, configuring nocat


> Did you chown user:group /usr/local/nocat/authserv/pgp and
> /usr/local/nocat/authserv/pgp/* to what your apache runs as?
>
> ----- Original Message -----
> From: "RM" <robert@maknet.net>
> To: <nocat@lists.nocat.net>
> Sent: Thursday, October 16, 2003 11:39 PM
> Subject: Re: [NoCat] need help, configuring nocat
>
>
> > ok changed the permissions of that file to nobody since in httpd.conf
its
> > User nobody
> > Group nobody
> >
> > now when i try to login i get this apache error... boy ohh boy i have a
> lot
> > of problems with this hehe =)
> >
> > [2003-10-16 23:38:50] User NewUser from 10.12.41.10 requests form
> > [2003-10-16 23:38:50]
> > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > trustedkeys.gpg --no-tty -o- retur
> > ned error message:
> > gpg: WARNING: using insecure memory!
> > gpg: please see http://www.gnupg.org/faq.html for more information
> > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > gpg: keydb_search failed: file open error
> > gpg: key 532BDA2E: secret key without public key - skipped
> > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > gpg: keydb_search failed: file open error
> > gpg: key 4E2572D2: secret key without public key - skipped
> > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > gpg: keydb_search failed: file open error
> > gpg: key B4B61340: secret key without public key - skipped
> > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > gpg: keydb_search failed: file open error
> > gpg: key 4BAFFEE9: secret key without public key - skipped
> > gpg: no default secret key: secret key not available
> > gpg: signing failed: secret key not available
> > [2003-10-16 23:38:50]
> > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > trustedkeys.gpg --no-tty -o- retur
> > ned error: Broken pipe ( 2 )
> > Can't call method "text" on an undefined value at
> > ../lib//NoCat/AuthService.pm line 134.
> > [Thu Oct 16 23:38:50 2003] [error] [client 10.12.41.10] Premature end of
> > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > gin
> >
> >
> > thanks again
> >
> > ----- Original Message -----
> > From: "Robert Causey" <robert@causey.org>
> > To: "RM" <robert@maknet.net>
> > Cc: <nocat@lists.nocat.net>
> > Sent: Thursday, October 16, 2003 11:04 PM
> > Subject: Re: [NoCat] need help, configuring nocat
> >
> >
> > > Rob,
> > >
> > > the error in the log "/usr/local/nocat/authserv/pgp/secring.gpg"
> > > indicates that apache either can't find the file secring.gpg in
> > > th path indicated, or the permissions are wrong on the file,
> > > such that apache can't access them. check the file (ls -l) vs
> > > the user that apache is running as (in httpd.conf).
> > >
> > > Robert Causey
> > >
> > > RM wrote:
> > >
> > > > Ok now i got the login page to come up. Thanks for all the replies
to
> my
> > > > problem that pointed me in the right direction to get this part
> working
> > =)
> > > > BUT
> > > >
> > > > i have another problem now heheh.. (there's like one problem after
the
> > other
> > > > =] )
> > > >
> > > > the problem that im having now is that i created a user for me to
> login.
> > Im
> > > > using passwd, i used the admtool to create the user. i did this
> > > >
> > > > -bin/admintool -c NewUser motdepasse
> > > > -bin/admintool -a NewUser VIPGRP
> > > > -bin/admintool -A NewUser VIPGRP
> > > >
> > > > after i've done that i try to login i get a Internal Server Error.
> > > > and when i look at the apache error_log this is what i see
> > > >
> > > > [2003-10-16 21:03:54] User NewUser from 10.12.41.10 requests form
> > > > [2003-10-16 21:03:54]
> > > > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > > trustedkeys.gpg --no-tty -o- retur
> > > > ned error message:
> > > > gpg: WARNING: using insecure memory!
> > > > gpg: please see http://www.gnupg.org/faq.html for more information
> > > > gpg: can't open `/usr/local/nocat/authserv/pgp/secring.gpg'
> > > > gpg: keydb_search failed: file open error
> > > > gpg: no default secret key: file open error
> > > > gpg: signing failed: file open error
> > > > [2003-10-16 21:03:54]
> > > > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > > trustedkeys.gpg --no-tty -o- retur
> > > > ned error: Illegal seek ( 2 )
> > > > Can't call method "text" on an undefined value at
> > > > ../lib//NoCat/AuthService.pm line 134.
> > > > [Thu Oct 16 21:03:54 2003] [error] [client 10.12.41.10] Premature
end
> of
> > > > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > > > gin
> > > >
> > > > So i thoguht something was wrong with my keys... so i redid it again
> > with no
> > > > passphrase using these command from the samemachine.txt file
> > > >
> > > > $ make PREFIX=/usr/local/nocat/authserv pgpkey
> > > >
> > > > $ cp /usr/local/nocat/authserv/trustedkeys.gpg
/usr/local/nocat/gw/pgp
> > > >
> > > > Can anyone take a stab at this problem now ? =X
> > > >
> > > > this info is for some that wants to know about my config
> > > >
> > > > im not running pebble, its a fresh install of slackware 9, and
gateway
> > and
> > > > authserv is running on the same machine.
> > > >
> > > > Thanks again!!!
> > > >
> > > > rob
> > > >
> > > >
> > > >
> > > >>RM wrote:
> > > >>
> > > >>
> > > >>>Ok i got SSL to work with my apache server now.  i start apache
with
> > > >>>apachectl ssl and then enter the passphrase.
> > > >>>
> > > >>>then i go to https://10.12.41.1 and it works and asl me to accept
the
> > > >
> > > > cert
> > > >
> > > >>>http://10.12.41.1 works also.
> > > >>>
> > > >>>but when i try yahoo or any other page it doesnt work, just gives
me
> > the
> > > >>>Page cannot be found
> > > >>>its not bring up the nocat htdocs pages
> > > >>>
> > > >>>anyone know what the problem is?
> > > >>>someone please help =).. been trying this for almost a week =X
> > > >>>
> > > >>>thanks
> > > >>>Rob
> > > >>>
> > > >>>----- Original Message -----
> > > >>>From: "Jochen Stärk" <jstaerk@usegroup.de>
> > > >>>To: "RM" <robert@maknet.net>
> > > >>>Cc: <nocat@lists.nocat.net>
> > > >>>Sent: Tuesday, October 14, 2003 7:50 AM
> > > >>>Subject: Re: [NoCat] need help, configuring nocat
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>>Hi Robert,
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>>authserver. So in /usr/local/nocat/gw/nocat.conf i have these
> options
> > > >>>>>
> > > >>>>>HomePage http://10.12.41.1
> > > >>>>>
> > > >>>>>GatewayMode Captive
> > > >>>>>
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>>>Why not Passive? AFAIU passive means the same as captive, but
works
> > > >>>>through NAT.
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>>Theres other options also but i never touched those. When i
changed
> > it
> > > >>>>>to captive and gave it a authserviceaddr of 10.12.41.1 nothing
> works
> > > >>>>>anymore. When i try to surf any page , IE returns no page found.
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>>>That may be because IE is redirected to
> > > >
> > > > https://10.12.41.1/cgi-bin/login.
> > > >
> > > >>>>Can you point your browser to https://10.12.41.1/ to see if a
apache
> > > >>>>with ssl is running there?
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>>BUT if i change GatewayMode to Open and comment out
AuthServiceAddr
> i
> > > >>>>>get i believe is either the splash.html or status.html
> > > >>>>>because it says "Welcome to the NoCat network" and there's a
login
> > > >>>>>button and it also says "There are currently 0 users connected,
The
> > > >>>>>last connection was at:none."
> > > >>>>>After i press the login button im able to surf the net...
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>>>AFAIK, because of architectural reasons, the gateway has to be,
and
> > the
> > > >>>>authserv can not be a standalone HTTP(S) server. So, to run an
> > network,
> > > >>>>you may not have another http-server on the gateway machine
> listening
> > to
> > > >>>>port 80, but you need apache and mod_ssl on port 443 of your
> authserv.
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>>Can anyone help me out? its something with my authserv i think
but
> i
> > > >>>>>cant figure it out
> > > >>>>>
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>>>try and have a look in /var/log/httpd/error_log if in doubt.
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>>again this is a slackware 9 install with apache/dhcp installed. I
> > > >>>>>beleive SSL is installed also cuz the default apache page says
> > > >>>>>"The SSL/TLS-aware apache webserver was successfully installed on
> > this
> > > >>>>>website."
> > > >>>>>apache interface to OpennSSL (mod_ssl)
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>>>by the way: you can start apache in ssl mode with apachectl
> startssl,
> > if
> > > >>>>you just do a apachectl start, there may be problems.
> > > >>>>
> > > >>>>bye,
> > > >>>>Jochen
> > > >>>>
> > > >>>>
> > > >>>>_______________________________________________
> > > >>>>NoCat mailing list
> > > >>>>NoCat@lists.nocat.net
> > > >>>>http://lists.nocat.net/mailman/listinfo/nocat
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>
> > > >>>
> > > >>>_______________________________________________
> > > >>>NoCat mailing list
> > > >>>NoCat@lists.nocat.net
> > > >>>http://lists.nocat.net/mailman/listinfo/nocat
> > > >>>
> > > >>>
> > > >>
> > > >>
> > > >>
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > NoCat mailing list
> > > > NoCat@lists.nocat.net
> > > > http://lists.nocat.net/mailman/listinfo/nocat
> > > >
> > >
> > >
> >
> >
> > _______________________________________________
> > NoCat mailing list
> > NoCat@lists.nocat.net
> > http://lists.nocat.net/mailman/listinfo/nocat
> >
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>



From shubhobiswas at hotmail.com  Fri Oct 17 06:28:38 2003
From: shubhobiswas at hotmail.com (Shubho Biswas)
Date: Fri, 17 Oct 2003 01:28:38 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com> <019a01c3944b$98293000$04280c0a@pinkpig> <3F8F5C2C.2060408@causey.org> <01a501c39460$46c458b0$04280c0a@pinkpig> <BAY8-DAV10NCY9sxusY00004c2a@hotmail.com> <01b501c3946a$cd618370$04280c0a@pinkpig>
Message-ID: <BAY8-DAV58oN3jb8ZPj00004d10@hotmail.com>

I recall seeing this on the list somewhere.  But I can't remember what it
said.  Maybe you could do a google search on nocat and "no terminal at all
requested".

----- Original Message -----
From: "RM" <robert@maknet.net>
To: <nocat@lists.nocat.net>
Sent: Friday, October 17, 2003 12:54 AM
Subject: Re: [NoCat] need help, configuring nocat


> yea  /usr/local/nocat/authserv/pgp and  /usr/local/nocat/authserv/pgp/*
are
> owned by nobody....
>
> i was messing around with it more before but wasnt sure what i did.... but
> the previous error is gone but i have another LOL
> so i guess no more problem finding the key and opening now it. Its
something
> else with the key now =X
>
> [2003-10-17 00:51:12] User NewUser from 10.12.41.10 requests form
> [2003-10-17 00:51:13]
> gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> trustedkeys.gpg --no-tty -o- retur
> ned error message:
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Sorry, no terminal at all requested - can't get input
> [2003-10-17 00:51:13]
> gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> trustedkeys.gpg --no-tty -o- retur
> ned error: Illegal seek ( 2 )
> Can't call method "text" on an undefined value at
> ../lib//NoCat/AuthService.pm line 134.
> [Fri Oct 17 00:51:13 2003] [error] [client 10.12.41.10] Premature end of
> script headers: /usr/local/nocat/authserv/cgi-bin/lo
> gin
>
> thanks again everyone
>
>
> ----- Original Message -----
> From: "Shubho Biswas" <shubhobiswas@hotmail.com>
> To: <nocat@lists.nocat.net>
> Sent: Friday, October 17, 2003 12:09 AM
> Subject: Re: [NoCat] need help, configuring nocat
>
>
> > Did you chown user:group /usr/local/nocat/authserv/pgp and
> > /usr/local/nocat/authserv/pgp/* to what your apache runs as?
> >
> > ----- Original Message -----
> > From: "RM" <robert@maknet.net>
> > To: <nocat@lists.nocat.net>
> > Sent: Thursday, October 16, 2003 11:39 PM
> > Subject: Re: [NoCat] need help, configuring nocat
> >
> >
> > > ok changed the permissions of that file to nobody since in httpd.conf
> its
> > > User nobody
> > > Group nobody
> > >
> > > now when i try to login i get this apache error... boy ohh boy i have
a
> > lot
> > > of problems with this hehe =)
> > >
> > > [2003-10-16 23:38:50] User NewUser from 10.12.41.10 requests form
> > > [2003-10-16 23:38:50]
> > > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > trustedkeys.gpg --no-tty -o- retur
> > > ned error message:
> > > gpg: WARNING: using insecure memory!
> > > gpg: please see http://www.gnupg.org/faq.html for more information
> > > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > > gpg: keydb_search failed: file open error
> > > gpg: key 532BDA2E: secret key without public key - skipped
> > > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > > gpg: keydb_search failed: file open error
> > > gpg: key 4E2572D2: secret key without public key - skipped
> > > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > > gpg: keydb_search failed: file open error
> > > gpg: key B4B61340: secret key without public key - skipped
> > > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > > gpg: keydb_search failed: file open error
> > > gpg: key 4BAFFEE9: secret key without public key - skipped
> > > gpg: no default secret key: secret key not available
> > > gpg: signing failed: secret key not available
> > > [2003-10-16 23:38:50]
> > > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > trustedkeys.gpg --no-tty -o- retur
> > > ned error: Broken pipe ( 2 )
> > > Can't call method "text" on an undefined value at
> > > ../lib//NoCat/AuthService.pm line 134.
> > > [Thu Oct 16 23:38:50 2003] [error] [client 10.12.41.10] Premature end
of
> > > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > > gin
> > >
> > >
> > > thanks again
> > >
> > > ----- Original Message -----
> > > From: "Robert Causey" <robert@causey.org>
> > > To: "RM" <robert@maknet.net>
> > > Cc: <nocat@lists.nocat.net>
> > > Sent: Thursday, October 16, 2003 11:04 PM
> > > Subject: Re: [NoCat] need help, configuring nocat
> > >
> > >
> > > > Rob,
> > > >
> > > > the error in the log "/usr/local/nocat/authserv/pgp/secring.gpg"
> > > > indicates that apache either can't find the file secring.gpg in
> > > > th path indicated, or the permissions are wrong on the file,
> > > > such that apache can't access them. check the file (ls -l) vs
> > > > the user that apache is running as (in httpd.conf).
> > > >
> > > > Robert Causey
> > > >
> > > > RM wrote:
> > > >
> > > > > Ok now i got the login page to come up. Thanks for all the replies
> to
> > my
> > > > > problem that pointed me in the right direction to get this part
> > working
> > > =)
> > > > > BUT
> > > > >
> > > > > i have another problem now heheh.. (there's like one problem after
> the
> > > other
> > > > > =] )
> > > > >
> > > > > the problem that im having now is that i created a user for me to
> > login.
> > > Im
> > > > > using passwd, i used the admtool to create the user. i did this
> > > > >
> > > > > -bin/admintool -c NewUser motdepasse
> > > > > -bin/admintool -a NewUser VIPGRP
> > > > > -bin/admintool -A NewUser VIPGRP
> > > > >
> > > > > after i've done that i try to login i get a Internal Server Error.
> > > > > and when i look at the apache error_log this is what i see
> > > > >
> > > > > [2003-10-16 21:03:54] User NewUser from 10.12.41.10 requests form
> > > > > [2003-10-16 21:03:54]
> > > > >
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > > > trustedkeys.gpg --no-tty -o- retur
> > > > > ned error message:
> > > > > gpg: WARNING: using insecure memory!
> > > > > gpg: please see http://www.gnupg.org/faq.html for more information
> > > > > gpg: can't open `/usr/local/nocat/authserv/pgp/secring.gpg'
> > > > > gpg: keydb_search failed: file open error
> > > > > gpg: no default secret key: file open error
> > > > > gpg: signing failed: file open error
> > > > > [2003-10-16 21:03:54]
> > > > >
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > > > trustedkeys.gpg --no-tty -o- retur
> > > > > ned error: Illegal seek ( 2 )
> > > > > Can't call method "text" on an undefined value at
> > > > > ../lib//NoCat/AuthService.pm line 134.
> > > > > [Thu Oct 16 21:03:54 2003] [error] [client 10.12.41.10] Premature
> end
> > of
> > > > > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > > > > gin
> > > > >
> > > > > So i thoguht something was wrong with my keys... so i redid it
again
> > > with no
> > > > > passphrase using these command from the samemachine.txt file
> > > > >
> > > > > $ make PREFIX=/usr/local/nocat/authserv pgpkey
> > > > >
> > > > > $ cp /usr/local/nocat/authserv/trustedkeys.gpg
> /usr/local/nocat/gw/pgp
> > > > >
> > > > > Can anyone take a stab at this problem now ? =X
> > > > >
> > > > > this info is for some that wants to know about my config
> > > > >
> > > > > im not running pebble, its a fresh install of slackware 9, and
> gateway
> > > and
> > > > > authserv is running on the same machine.
> > > > >
> > > > > Thanks again!!!
> > > > >
> > > > > rob
> > > > >
> > > > >
> > > > >
> > > > >>RM wrote:
> > > > >>
> > > > >>
> > > > >>>Ok i got SSL to work with my apache server now.  i start apache
> with
> > > > >>>apachectl ssl and then enter the passphrase.
> > > > >>>
> > > > >>>then i go to https://10.12.41.1 and it works and asl me to accept
> the
> > > > >
> > > > > cert
> > > > >
> > > > >>>http://10.12.41.1 works also.
> > > > >>>
> > > > >>>but when i try yahoo or any other page it doesnt work, just gives
> me
> > > the
> > > > >>>Page cannot be found
> > > > >>>its not bring up the nocat htdocs pages
> > > > >>>
> > > > >>>anyone know what the problem is?
> > > > >>>someone please help =).. been trying this for almost a week =X
> > > > >>>
> > > > >>>thanks
> > > > >>>Rob
> > > > >>>
> > > > >>>----- Original Message -----
> > > > >>>From: "Jochen Stärk" <jstaerk@usegroup.de>
> > > > >>>To: "RM" <robert@maknet.net>
> > > > >>>Cc: <nocat@lists.nocat.net>
> > > > >>>Sent: Tuesday, October 14, 2003 7:50 AM
> > > > >>>Subject: Re: [NoCat] need help, configuring nocat
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>>>Hi Robert,
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>>authserver. So in /usr/local/nocat/gw/nocat.conf i have these
> > options
> > > > >>>>>
> > > > >>>>>HomePage http://10.12.41.1
> > > > >>>>>
> > > > >>>>>GatewayMode Captive
> > > > >>>>>
> > > > >>>>>
> > > > >>>>>
> > > > >>>>
> > > > >>>>Why not Passive? AFAIU passive means the same as captive, but
> works
> > > > >>>>through NAT.
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>>Theres other options also but i never touched those. When i
> changed
> > > it
> > > > >>>>>to captive and gave it a authserviceaddr of 10.12.41.1 nothing
> > works
> > > > >>>>>anymore. When i try to surf any page , IE returns no page
found.
> > > > >>>>>
> > > > >>>>>
> > > > >>>>
> > > > >>>>That may be because IE is redirected to
> > > > >
> > > > > https://10.12.41.1/cgi-bin/login.
> > > > >
> > > > >>>>Can you point your browser to https://10.12.41.1/ to see if a
> apache
> > > > >>>>with ssl is running there?
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>>BUT if i change GatewayMode to Open and comment out
> AuthServiceAddr
> > i
> > > > >>>>>get i believe is either the splash.html or status.html
> > > > >>>>>because it says "Welcome to the NoCat network" and there's a
> login
> > > > >>>>>button and it also says "There are currently 0 users connected,
> The
> > > > >>>>>last connection was at:none."
> > > > >>>>>After i press the login button im able to surf the net...
> > > > >>>>>
> > > > >>>>>
> > > > >>>>
> > > > >>>>AFAIK, because of architectural reasons, the gateway has to be,
> and
> > > the
> > > > >>>>authserv can not be a standalone HTTP(S) server. So, to run an
> > > network,
> > > > >>>>you may not have another http-server on the gateway machine
> > listening
> > > to
> > > > >>>>port 80, but you need apache and mod_ssl on port 443 of your
> > authserv.
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>>Can anyone help me out? its something with my authserv i think
> but
> > i
> > > > >>>>>cant figure it out
> > > > >>>>>
> > > > >>>>>
> > > > >>>>>
> > > > >>>>
> > > > >>>>try and have a look in /var/log/httpd/error_log if in doubt.
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>>again this is a slackware 9 install with apache/dhcp installed.
I
> > > > >>>>>beleive SSL is installed also cuz the default apache page says
> > > > >>>>>"The SSL/TLS-aware apache webserver was successfully installed
on
> > > this
> > > > >>>>>website."
> > > > >>>>>apache interface to OpennSSL (mod_ssl)
> > > > >>>>>
> > > > >>>>>
> > > > >>>>
> > > > >>>>by the way: you can start apache in ssl mode with apachectl
> > startssl,
> > > if
> > > > >>>>you just do a apachectl start, there may be problems.
> > > > >>>>
> > > > >>>>bye,
> > > > >>>>Jochen
> > > > >>>>
> > > > >>>>
> > > > >>>>_______________________________________________
> > > > >>>>NoCat mailing list
> > > > >>>>NoCat@lists.nocat.net
> > > > >>>>http://lists.nocat.net/mailman/listinfo/nocat
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>
> > > > >>>
> > > > >>>_______________________________________________
> > > > >>>NoCat mailing list
> > > > >>>NoCat@lists.nocat.net
> > > > >>>http://lists.nocat.net/mailman/listinfo/nocat
> > > > >>>
> > > > >>>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > NoCat mailing list
> > > > > NoCat@lists.nocat.net
> > > > > http://lists.nocat.net/mailman/listinfo/nocat
> > > > >
> > > >
> > > >
> > >
> > >
> > > _______________________________________________
> > > NoCat mailing list
> > > NoCat@lists.nocat.net
> > > http://lists.nocat.net/mailman/listinfo/nocat
> > >
> >
> > _______________________________________________
> > NoCat mailing list
> > NoCat@lists.nocat.net
> > http://lists.nocat.net/mailman/listinfo/nocat
> >
>
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>


From robert at maknet.net  Fri Oct 17 16:51:51 2003
From: robert at maknet.net (RM)
Date: Fri, 17 Oct 2003 11:51:51 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com> <019a01c3944b$98293000$04280c0a@pinkpig> <3F8F5C2C.2060408@causey.org> <01a501c39460$46c458b0$04280c0a@pinkpig> <BAY8-DAV10NCY9sxusY00004c2a@hotmail.com> <01b501c3946a$cd618370$04280c0a@pinkpig> <BAY8-DAV58oN3jb8ZPj00004d10@hotmail.com>
Message-ID: <01d001c394c6$94bff770$04280c0a@pinkpig>

> I recall seeing this on the list somewhere.  But I can't remember what it
> said.  Maybe you could do a google search on nocat and "no terminal at all
> requested".
>
Did a search but didnt find much.... one person asked about that problem but
there wasnt any reply

thanks


> ----- Original Message -----
> From: "RM" <robert@maknet.net>
> To: <nocat@lists.nocat.net>
> Sent: Friday, October 17, 2003 12:54 AM
> Subject: Re: [NoCat] need help, configuring nocat
>
>
> > yea  /usr/local/nocat/authserv/pgp and  /usr/local/nocat/authserv/pgp/*
> are
> > owned by nobody....
> >
> > i was messing around with it more before but wasnt sure what i did....
but
> > the previous error is gone but i have another LOL
> > so i guess no more problem finding the key and opening now it. Its
> something
> > else with the key now =X
> >
> > [2003-10-17 00:51:12] User NewUser from 10.12.41.10 requests form
> > [2003-10-17 00:51:13]
> > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > trustedkeys.gpg --no-tty -o- retur
> > ned error message:
> > gpg: WARNING: using insecure memory!
> > gpg: please see http://www.gnupg.org/faq.html for more information
> > gpg: Sorry, no terminal at all requested - can't get input
> > [2003-10-17 00:51:13]
> > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > trustedkeys.gpg --no-tty -o- retur
> > ned error: Illegal seek ( 2 )
> > Can't call method "text" on an undefined value at
> > ../lib//NoCat/AuthService.pm line 134.
> > [Fri Oct 17 00:51:13 2003] [error] [client 10.12.41.10] Premature end of
> > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > gin
> >
> > thanks again everyone
> >
> >
> > ----- Original Message -----
> > From: "Shubho Biswas" <shubhobiswas@hotmail.com>
> > To: <nocat@lists.nocat.net>
> > Sent: Friday, October 17, 2003 12:09 AM
> > Subject: Re: [NoCat] need help, configuring nocat
> >
> >
> > > Did you chown user:group /usr/local/nocat/authserv/pgp and
> > > /usr/local/nocat/authserv/pgp/* to what your apache runs as?
> > >
> > > ----- Original Message -----
> > > From: "RM" <robert@maknet.net>
> > > To: <nocat@lists.nocat.net>
> > > Sent: Thursday, October 16, 2003 11:39 PM
> > > Subject: Re: [NoCat] need help, configuring nocat
> > >
> > >
> > > > ok changed the permissions of that file to nobody since in
httpd.conf
> > its
> > > > User nobody
> > > > Group nobody
> > > >
> > > > now when i try to login i get this apache error... boy ohh boy i
have
> a
> > > lot
> > > > of problems with this hehe =)
> > > >
> > > > [2003-10-16 23:38:50] User NewUser from 10.12.41.10 requests form
> > > > [2003-10-16 23:38:50]
> > > > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > > trustedkeys.gpg --no-tty -o- retur
> > > > ned error message:
> > > > gpg: WARNING: using insecure memory!
> > > > gpg: please see http://www.gnupg.org/faq.html for more information
> > > > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > > > gpg: keydb_search failed: file open error
> > > > gpg: key 532BDA2E: secret key without public key - skipped
> > > > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > > > gpg: keydb_search failed: file open error
> > > > gpg: key 4E2572D2: secret key without public key - skipped
> > > > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > > > gpg: keydb_search failed: file open error
> > > > gpg: key B4B61340: secret key without public key - skipped
> > > > gpg: can't open `/usr/local/nocat/authserv/pgp/pubring.gpg'
> > > > gpg: keydb_search failed: file open error
> > > > gpg: key 4BAFFEE9: secret key without public key - skipped
> > > > gpg: no default secret key: secret key not available
> > > > gpg: signing failed: secret key not available
> > > > [2003-10-16 23:38:50]
> > > > gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > > trustedkeys.gpg --no-tty -o- retur
> > > > ned error: Broken pipe ( 2 )
> > > > Can't call method "text" on an undefined value at
> > > > ../lib//NoCat/AuthService.pm line 134.
> > > > [Thu Oct 16 23:38:50 2003] [error] [client 10.12.41.10] Premature
end
> of
> > > > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > > > gin
> > > >
> > > >
> > > > thanks again
> > > >
> > > > ----- Original Message -----
> > > > From: "Robert Causey" <robert@causey.org>
> > > > To: "RM" <robert@maknet.net>
> > > > Cc: <nocat@lists.nocat.net>
> > > > Sent: Thursday, October 16, 2003 11:04 PM
> > > > Subject: Re: [NoCat] need help, configuring nocat
> > > >
> > > >
> > > > > Rob,
> > > > >
> > > > > the error in the log "/usr/local/nocat/authserv/pgp/secring.gpg"
> > > > > indicates that apache either can't find the file secring.gpg in
> > > > > th path indicated, or the permissions are wrong on the file,
> > > > > such that apache can't access them. check the file (ls -l) vs
> > > > > the user that apache is running as (in httpd.conf).
> > > > >
> > > > > Robert Causey
> > > > >
> > > > > RM wrote:
> > > > >
> > > > > > Ok now i got the login page to come up. Thanks for all the
replies
> > to
> > > my
> > > > > > problem that pointed me in the right direction to get this part
> > > working
> > > > =)
> > > > > > BUT
> > > > > >
> > > > > > i have another problem now heheh.. (there's like one problem
after
> > the
> > > > other
> > > > > > =] )
> > > > > >
> > > > > > the problem that im having now is that i created a user for me
to
> > > login.
> > > > Im
> > > > > > using passwd, i used the admtool to create the user. i did this
> > > > > >
> > > > > > -bin/admintool -c NewUser motdepasse
> > > > > > -bin/admintool -a NewUser VIPGRP
> > > > > > -bin/admintool -A NewUser VIPGRP
> > > > > >
> > > > > > after i've done that i try to login i get a Internal Server
Error.
> > > > > > and when i look at the apache error_log this is what i see
> > > > > >
> > > > > > [2003-10-16 21:03:54] User NewUser from 10.12.41.10 requests
form
> > > > > > [2003-10-16 21:03:54]
> > > > > >
> gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > > > > trustedkeys.gpg --no-tty -o- retur
> > > > > > ned error message:
> > > > > > gpg: WARNING: using insecure memory!
> > > > > > gpg: please see http://www.gnupg.org/faq.html for more
information
> > > > > > gpg: can't open `/usr/local/nocat/authserv/pgp/secring.gpg'
> > > > > > gpg: keydb_search failed: file open error
> > > > > > gpg: no default secret key: file open error
> > > > > > gpg: signing failed: file open error
> > > > > > [2003-10-16 21:03:54]
> > > > > >
> gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> > > > > > trustedkeys.gpg --no-tty -o- retur
> > > > > > ned error: Illegal seek ( 2 )
> > > > > > Can't call method "text" on an undefined value at
> > > > > > ../lib//NoCat/AuthService.pm line 134.
> > > > > > [Thu Oct 16 21:03:54 2003] [error] [client 10.12.41.10]
Premature
> > end
> > > of
> > > > > > script headers: /usr/local/nocat/authserv/cgi-bin/lo
> > > > > > gin
> > > > > >
> > > > > > So i thoguht something was wrong with my keys... so i redid it
> again
> > > > with no
> > > > > > passphrase using these command from the samemachine.txt file
> > > > > >
> > > > > > $ make PREFIX=/usr/local/nocat/authserv pgpkey
> > > > > >
> > > > > > $ cp /usr/local/nocat/authserv/trustedkeys.gpg
> > /usr/local/nocat/gw/pgp
> > > > > >
> > > > > > Can anyone take a stab at this problem now ? =X
> > > > > >
> > > > > > this info is for some that wants to know about my config
> > > > > >
> > > > > > im not running pebble, its a fresh install of slackware 9, and
> > gateway
> > > > and
> > > > > > authserv is running on the same machine.
> > > > > >
> > > > > > Thanks again!!!
> > > > > >
> > > > > > rob
> > > > > >
> > > > > >
> > > > > >
> > > > > >>RM wrote:
> > > > > >>
> > > > > >>
> > > > > >>>Ok i got SSL to work with my apache server now.  i start apache
> > with
> > > > > >>>apachectl ssl and then enter the passphrase.
> > > > > >>>
> > > > > >>>then i go to https://10.12.41.1 and it works and asl me to
accept
> > the
> > > > > >
> > > > > > cert
> > > > > >
> > > > > >>>http://10.12.41.1 works also.
> > > > > >>>
> > > > > >>>but when i try yahoo or any other page it doesnt work, just
gives
> > me
> > > > the
> > > > > >>>Page cannot be found
> > > > > >>>its not bring up the nocat htdocs pages
> > > > > >>>
> > > > > >>>anyone know what the problem is?
> > > > > >>>someone please help =).. been trying this for almost a week =X
> > > > > >>>
> > > > > >>>thanks
> > > > > >>>Rob
> > > > > >>>
> > > > > >>>----- Original Message -----
> > > > > >>>From: "Jochen Stärk" <jstaerk@usegroup.de>
> > > > > >>>To: "RM" <robert@maknet.net>
> > > > > >>>Cc: <nocat@lists.nocat.net>
> > > > > >>>Sent: Tuesday, October 14, 2003 7:50 AM
> > > > > >>>Subject: Re: [NoCat] need help, configuring nocat
> > > > > >>>
> > > > > >>>
> > > > > >>>
> > > > > >>>
> > > > > >>>
> > > > > >>>>Hi Robert,
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>>authserver. So in /usr/local/nocat/gw/nocat.conf i have these
> > > options
> > > > > >>>>>
> > > > > >>>>>HomePage http://10.12.41.1
> > > > > >>>>>
> > > > > >>>>>GatewayMode Captive
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>
> > > > > >>>>Why not Passive? AFAIU passive means the same as captive, but
> > works
> > > > > >>>>through NAT.
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>>Theres other options also but i never touched those. When i
> > changed
> > > > it
> > > > > >>>>>to captive and gave it a authserviceaddr of 10.12.41.1
nothing
> > > works
> > > > > >>>>>anymore. When i try to surf any page , IE returns no page
> found.
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>
> > > > > >>>>That may be because IE is redirected to
> > > > > >
> > > > > > https://10.12.41.1/cgi-bin/login.
> > > > > >
> > > > > >>>>Can you point your browser to https://10.12.41.1/ to see if a
> > apache
> > > > > >>>>with ssl is running there?
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>>BUT if i change GatewayMode to Open and comment out
> > AuthServiceAddr
> > > i
> > > > > >>>>>get i believe is either the splash.html or status.html
> > > > > >>>>>because it says "Welcome to the NoCat network" and there's a
> > login
> > > > > >>>>>button and it also says "There are currently 0 users
connected,
> > The
> > > > > >>>>>last connection was at:none."
> > > > > >>>>>After i press the login button im able to surf the net...
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>
> > > > > >>>>AFAIK, because of architectural reasons, the gateway has to
be,
> > and
> > > > the
> > > > > >>>>authserv can not be a standalone HTTP(S) server. So, to run an
> > > > network,
> > > > > >>>>you may not have another http-server on the gateway machine
> > > listening
> > > > to
> > > > > >>>>port 80, but you need apache and mod_ssl on port 443 of your
> > > authserv.
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>>Can anyone help me out? its something with my authserv i
think
> > but
> > > i
> > > > > >>>>>cant figure it out
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>
> > > > > >>>>try and have a look in /var/log/httpd/error_log if in doubt.
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>>again this is a slackware 9 install with apache/dhcp
installed.
> I
> > > > > >>>>>beleive SSL is installed also cuz the default apache page
says
> > > > > >>>>>"The SSL/TLS-aware apache webserver was successfully
installed
> on
> > > > this
> > > > > >>>>>website."
> > > > > >>>>>apache interface to OpennSSL (mod_ssl)
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>
> > > > > >>>>by the way: you can start apache in ssl mode with apachectl
> > > startssl,
> > > > if
> > > > > >>>>you just do a apachectl start, there may be problems.
> > > > > >>>>
> > > > > >>>>bye,
> > > > > >>>>Jochen
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>_______________________________________________
> > > > > >>>>NoCat mailing list
> > > > > >>>>NoCat@lists.nocat.net
> > > > > >>>>http://lists.nocat.net/mailman/listinfo/nocat
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>
> > > > > >>>
> > > > > >>>_______________________________________________
> > > > > >>>NoCat mailing list
> > > > > >>>NoCat@lists.nocat.net
> > > > > >>>http://lists.nocat.net/mailman/listinfo/nocat
> > > > > >>>
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > NoCat mailing list
> > > > > > NoCat@lists.nocat.net
> > > > > > http://lists.nocat.net/mailman/listinfo/nocat
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > NoCat mailing list
> > > > NoCat@lists.nocat.net
> > > > http://lists.nocat.net/mailman/listinfo/nocat
> > > >
> > >
> > > _______________________________________________
> > > NoCat mailing list
> > > NoCat@lists.nocat.net
> > > http://lists.nocat.net/mailman/listinfo/nocat
> > >
> >
> >
> > _______________________________________________
> > NoCat mailing list
> > NoCat@lists.nocat.net
> > http://lists.nocat.net/mailman/listinfo/nocat
> >
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>



From jstaerk at usegroup.de  Fri Oct 17 17:21:19 2003
From: jstaerk at usegroup.de (Jochen Staerk)
Date: Fri, 17 Oct 2003 18:21:19 +0200
Subject: [NoCat] need help, configuring nocat
In-Reply-To: <01a501c39460$46c458b0$04280c0a@pinkpig>
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com> <019a01c3944b$98293000$04280c0a@pinkpig> <3F8F5C2C.2060408@causey.org> <01a501c39460$46c458b0$04280c0a@pinkpig>
Message-ID: <3F9016FF.2030206@usegroup.de>

Hi Rob,

>ok changed the permissions of that file to nobody since in httpd.conf  its
>User nobody
>Group nobody
>
>now when i try to login i get this apache error... boy ohh boy i have a lot
>of problems with this hehe =)
>
>[2003-10-16 23:38:50] User NewUser from 10.12.41.10 requests form
>[2003-10-16 23:38:50]
>gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
>trustedkeys.gpg --no-tty -o- retur
>ned error message:
>  
>

please make sure you have not only changed the permission of the file, 
but of the directory and all files in it. (chown -R nobody 
/usr/local/nocat/authserv/pgp)
And copy the trustedkeys file (cp 
/usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gw/).

bye,
Jochen




From robert at maknet.net  Fri Oct 17 20:01:44 2003
From: robert at maknet.net (RM)
Date: Fri, 17 Oct 2003 15:01:44 -0400
Subject: [NoCat] need help, configuring nocat
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com> <019a01c3944b$98293000$04280c0a@pinkpig> <3F8F5C2C.2060408@causey.org> <01a501c39460$46c458b0$04280c0a@pinkpig> <3F9016FF.2030206@usegroup.de>
Message-ID: <020601c394e1$1b5df240$04280c0a@pinkpig>

Everything of /usr/local/nocat/authserv/pgp is owned by nobody

drwx------    2 nobody   nobody       4096 Oct 17 00:49 pgp/

contents in pgp
-rw-------    1 nobody   nobody       3628 Oct 16 20:55 pubring.gpg
-rw-------    1 nobody   nobody       2721 Oct 15 23:57 pubring.gpg~
-rw-------    1 nobody   nobody        600 Oct 16 20:55 random_seed
-rw-------    1 nobody   nobody       4028 Oct 16 20:55 secring.gpg
-rw-------    1 nobody   nobody       1360 Oct 16 20:55 trustdb.gpg
-rw-r--r--    1 nobody   nobody        557 Oct 15 23:55 trustedkeys.gpg

still getting this error

[2003-10-17 14:53:45] User NewUser from 10.12.41.10 requests form
[2003-10-17 14:53:46]
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
trustedkeys.gpg --no-tty -o- retur
ned error message:
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Sorry, no terminal at all requested - can't get input
[2003-10-17 14:53:46]
gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
trustedkeys.gpg --no-tty -o- retur
ned error: Illegal seek ( 2 )
Can't call method "text" on an undefined value at
../lib//NoCat/AuthService.pm line 134.
[Fri Oct 17 14:53:46 2003] [error] [client 10.12.41.10] Premature end of
script headers: /usr/local/nocat/authserv/cgi-bin/lo
gin


thanks




----- Original Message -----
From: "Jochen Staerk" <jstaerk@usegroup.de>
To: "RM" <robert@maknet.net>
Cc: <nocat@lists.nocat.net>
Sent: Friday, October 17, 2003 12:21 PM
Subject: Re: [NoCat] need help, configuring nocat


> Hi Rob,
>
> >ok changed the permissions of that file to nobody since in httpd.conf
its
> >User nobody
> >Group nobody
> >
> >now when i try to login i get this apache error... boy ohh boy i have a
lot
> >of problems with this hehe =)
> >
> >[2003-10-16 23:38:50] User NewUser from 10.12.41.10 requests form
> >[2003-10-16 23:38:50]
> >gpg --sign --armor --homedir=/usr/local/nocat/authserv/pgp --keyring
> >trustedkeys.gpg --no-tty -o- retur
> >ned error message:
> >
> >
>
> please make sure you have not only changed the permission of the file,
> but of the directory and all files in it. (chown -R nobody
> /usr/local/nocat/authserv/pgp)
> And copy the trustedkeys file (cp
> /usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gw/).
>
> bye,
> Jochen
>
>
>



From john at webs4vets.co.uk  Sat Oct 18 17:10:34 2003
From: john at webs4vets.co.uk (John Taylor)
Date: Sat, 18 Oct 2003 17:10:34 +0100
Subject: [NoCat] Patching program, MAC authentication
Message-ID: <000001c39592$5e086c40$9c8f7ad5@dell>

Well got it all installed on a couple of RedHat boxes and very
impressed! Couldn't have done it without the mailing list archives so
thanks guys.

2 questions for the assorted genii:

1. How do I get the throttle script working? I assume it involves the
patch; how do I do this?

2. I can't find the exceptions file in the gateway? How do I
automatically authenticate and open the firewall to a certain MAC and/or
IP address (MAC preferably!)

Cheers
John Taylor
www.stourvalleywireless.org.uk



From karl.gaissmaier at kiz.uni-ulm.de  Sat Oct 18 20:39:01 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Sat, 18 Oct 2003 21:39:01 +0200
Subject: [NoCat] nocat now running 2 weeks without crash and more than 4000 logins
Message-ID: <3F9196D5.2060205@kiz.uni-ulm.de>

Hi,

after I've changed the code for Gateway.pm (see the
patch stable-01.patch) the gateway is now running
for 2 weeks with more than 4000 logins without
a crash. I think the new signal handling for SIGCHLD
solved the problem.

Are there any other users with some results
after applying the stable patch?

Regards
	Charly
-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de           Service Group Network
Tel.: ++49 731 50-22499



From schuyler at oreilly.com  Sun Oct 19 17:48:55 2003
From: schuyler at oreilly.com (Schuyler Erle)
Date: Sun, 19 Oct 2003 09:48:55 -0700
Subject: [NoCat] nocat now running 2 weeks without crash and more than 4000 logins
In-Reply-To: <3F9196D5.2060205@kiz.uni-ulm.de>
References: <3F9196D5.2060205@kiz.uni-ulm.de>
Message-ID: <20031019164855.GA15487@oreillynet.com>

* On 18-Oct-2003 at 12:48PM PDT, Karl Gaissmaier said:
> 
> after I've changed the code for Gateway.pm (see the
> patch stable-01.patch) the gateway is now running
> for 2 weeks with more than 4000 logins without
> a crash. I think the new signal handling for SIGCHLD
> solved the problem.

That's great news, Charly, thanks for demonstrating this. It's a bit
frustrating, because the POSIX standard explicitly states that
(apparently) SIGCHLD is not to be ignored, and I dimly recall earlier
versions of Linux not actually permitting it for that reason. Now
maybe I've been smoking crank in my sleep, but if it works with
SIGCHLD set to ignore, great. I'll check the change in CVS right away.
Thanks again for tracking this down and testing it.

SDE


From robert at maknet.net  Sun Oct 19 20:04:04 2003
From: robert at maknet.net (RM)
Date: Sun, 19 Oct 2003 15:04:04 -0400
Subject: [NoCat] keep kicking me back to login page
Message-ID: <002f01c39673$c9c93cc0$04280c0a@pinkpig>

This is a multi-part message in MIME format.

------=_NextPart_000_002C_01C39652.3C994C30
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello all....

        i have nocat setup now and have nocat and authserv on the same =
machine. Im also using passwd and running passive mode.=20
everytime i login and get the popup the main window in the back doesnt =
get redirected to the internet(web) page that i want. It takes me back =
to the login page. the error i get in error_log is

User rob from 10.12.41.10 requests form
[2003-10-19 14:55:48] gpg --sign --armor =
--homedir=3D/usr/local/nocat/authserv/cgi-bin/../pgp --keyring =
trustedkeys.gpg --no-tt
y -o- returned error message:
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
[2003-10-19 14:55:48] could not parse  at ../lib//NoCat/AuthService.pm =
line 77
[2003-10-19 14:55:48] Request from local ip 10.12.41.10, directing to =
local gateway 10.12.41.1.
[2003-10-19 14:55:51] User rob from 10.12.41.10 requests popup
[2003-10-19 14:55:52] could not parse  at ../lib//NoCat/AuthService.pm =
line 77
[2003-10-19 14:55:52] Request from local ip 10.12.41.10, directing to =
local gateway 10.12.41.1.
[2003-10-19 14:55:57] User UNKNOWN from 10.12.41.10 requests form


is it because of how my network is setup?=20

i have=20

                                                                  | ---> =
gateway machine with 2 nics(10.12.40.1, 10.12.41.1  < --- this is for =
wireless nocat side)
ISP--->(public ip)router(10.12.40.1)---->hub---->
                                                                  | ---> =
other comps with (10.12.40.*)

Rob



------=_NextPart_000_002C_01C39652.3C994C30
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2712.300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello all....</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; i =
have nocat=20
setup now and have nocat and authserv on the same machine. Im also using =
passwd=20
and running passive mode. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>everytime i login and get the popup the =
main window=20
in the back doesnt get redirected to the internet(web) page that i want. =
It=20
takes me back to the login page. the error i get in error_log =
is</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>User rob from 10.12.41.10 requests=20
form<BR>[2003-10-19 14:55:48] gpg --sign --armor=20
--homedir=3D/usr/local/nocat/authserv/cgi-bin/../pgp --keyring =
trustedkeys.gpg=20
--no-tt<BR>y -o- returned error message:<BR>gpg: WARNING: using insecure =

memory!<BR>gpg: please see <A=20
href=3D"http://www.gnupg.org/faq.html">http://www.gnupg.org/faq.html</A> =
for more=20
information<BR>[2003-10-19 14:55:48] could not parse&nbsp; at=20
../lib//NoCat/AuthService.pm line 77<BR>[2003-10-19 14:55:48] Request =
from local=20
ip 10.12.41.10, directing to local gateway 10.12.41.1.<BR>[2003-10-19 =
14:55:51]=20
User rob from 10.12.41.10 requests popup<BR>[2003-10-19 14:55:52] could =
not=20
parse&nbsp; at ../lib//NoCat/AuthService.pm line 77<BR>[2003-10-19 =
14:55:52]=20
Request from local ip 10.12.41.10, directing to local gateway=20
10.12.41.1.<BR>[2003-10-19 14:55:57] User UNKNOWN from 10.12.41.10 =
requests=20
form<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>is it because of how my network is =
setup?=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>i have </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
| ---&gt; gateway machine with 2 nics(10.12.40.1, 10.12.41.1&nbsp; &lt; =
--- this=20
is for wireless nocat side)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ISP---&gt;(public=20
ip)router(10.12.40.1)----&gt;hub----&gt;</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|=20
---&gt; other comps with (10.12.40.*)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Rob</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;</DIV></FONT></BODY></HTML>

------=_NextPart_000_002C_01C39652.3C994C30--



From karl.gaissmaier at kiz.uni-ulm.de  Mon Oct 20 08:59:35 2003
From: karl.gaissmaier at kiz.uni-ulm.de (Karl Gaissmaier)
Date: Mon, 20 Oct 2003 09:59:35 +0200
Subject: [NoCat] nocat now running 2 weeks without crash and more than
 4000 logins
In-Reply-To: <20031019164855.GA15487@oreillynet.com>
References: <3F9196D5.2060205@kiz.uni-ulm.de> <20031019164855.GA15487@oreillynet.com>
Message-ID: <3F9395E7.6020208@kiz.uni-ulm.de>

Hi Erle,

Schuyler Erle schrieb:
> * On 18-Oct-2003 at 12:48PM PDT, Karl Gaissmaier said:
> 
>>after I've changed the code for Gateway.pm (see the
>>patch stable-01.patch) the gateway is now running
>>for 2 weeks with more than 4000 logins without
>>a crash. I think the new signal handling for SIGCHLD
>>solved the problem.
> 
> 
> That's great news, Charly, thanks for demonstrating this. It's a bit
> frustrating, because the POSIX standard explicitly states that
> (apparently) SIGCHLD is not to be ignored, and I dimly recall earlier
> versions of Linux not actually permitting it for that reason. Now

Yes, I know here is the manpage from the RH-7.3 signal(2)

"According  to POSIX (3.3.1.3) it is unspecified what happens
when SIGCHLD is set to SIG_IGN.  Here the BSD and SYSV
behaviours differ, causing BSD software that sets the action
for SIGCHLD to SIG_IGN to fail on Linux."

but anyway, even when I read the manpage for wait
and waitpid, I see no flaw in your original code
but the result was, that the process was very often in
the wait4 WCHAN and not in the do_select as expected.

But all documentation for perl states, we
should use 'IGNORE' if we are not interested in
the childs result. And the default behavior for
SIGCHLD is 'IGNORE' on this platform.

In all example codes, I didn't see a wait loop
like in Gateway.pm for nonblocking wait's:

   1 until ( wait == -1 );


even if this should be ok for a C program.
All example code in perl is written with the
POSIX WNOHANG flag:

use POSIX ":sys_wait_h";
...

while (($child = waitpid(-1,WNOHANG)) > 0) {
     do something or nothing with exit status in $child;
}

and even in the newest Perl Cookbook, they state
you should use 'IGNORE' when you are not interested
in the exit status. Perhaps perl intoduces here
a sort of compatibility mode for the different
signal handling?

Regards
	Charly

P.S. Erle, thanks again for NoCatAuth, please don't
misinterpret my patches!

-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de           Service Group Network
Tel.: ++49 731 50-22499



From kgarner at kgarner.com  Mon Oct 20 17:33:05 2003
From: kgarner at kgarner.com (Keith T. Garner)
Date: Mon, 20 Oct 2003 11:33:05 -0500
Subject: [NoCat] registration -> implied login
Message-ID: <20031020163305.GA30290@copper.kgarner.com>

At an upcoming conference for work[1], my department is going to be
hosting a wireless hotspot in the convention center.  I've set up
nocat's auth and gateway on the same box, and its working great in my
test lab.  I'm very impressed.

As to why I mailed the list....We'd like to capture some
information[2] about the people who will be using the access point.
It seems natural to me to use nocat in passive mode and use the
existing registration cgi with slight tweaks to capture the additional
information we'll want.  Our current plan is just to set the timeout
for their session to be longer than the time the conference will be
going on.  Because of this, it seems goofy to have them enter a
password into the registration and then login right after registration
as it'll be a one time thing.

I've done a bunch of documentation reading and web searching, but I
still have some questions that I couldn't find the answer to.....

  1) Is this a good way to do it?  Is there a better way?

  2) Assuming it is a good way to do it, I was thinking about just
  transporting some of the code from the login cgi to the registration
  cgi to make it look like authentication has happened.  Any tips
  there?  Has anyone already done anything like this?

Keith

[1] The Center for REALTOR(R) Technology, National Association of REALTORS
[2] We won't do anything evil like spam them for products, but we'd
    probably ping them to do surveys and stuff as part of our research
    efforts.

-- 
  Keith T. Garner                                         kgarner@kgarner.com
   The whole problem with the world is that fools and fanatics are always so
 certain of themselves, and wiser people so full of doubts. --Bertrand Russell


From jstaerk at usegroup.de  Mon Oct 20 18:46:32 2003
From: jstaerk at usegroup.de (Jochen Staerk)
Date: Mon, 20 Oct 2003 19:46:32 +0200
Subject: [NoCat] Patching program, MAC authentication
In-Reply-To: <000001c39592$5e086c40$9c8f7ad5@dell>
References: <000001c39592$5e086c40$9c8f7ad5@dell>
Message-ID: <3F941F78.2010607@usegroup.de>

John Taylor wrote:

>Well got it all installed on a couple of RedHat boxes and very
>impressed! Couldn't have done it without the mailing list archives so
>thanks guys.
>
>2 questions for the assorted genii:
>
>1. How do I get the throttle script working? I assume it involves the
>patch; how do I do this?
>  
>

Hi John,

did you change throttle.fw's file attributes to executable?

bye,
Jochen



From jstaerk at usegroup.de  Mon Oct 20 18:58:51 2003
From: jstaerk at usegroup.de (Jochen Staerk)
Date: Mon, 20 Oct 2003 19:58:51 +0200
Subject: [NoCat] how to tell the gateway is working?
Message-ID: <3F94225B.2080202@usegroup.de>

Hi List,

when I say ps -aux | grep gateway, i'll get the gateway-process, so it's 
up. The log says it's been started and itself said it was listening to 
0.0.0.0. It seems to answer tcp requests on 5280 (and logs a 
capturing-peer-message) but it tries to redirect which will fail. The 
problem is: I don't see anything on port 80 (lynx localhost "unable to 
connect to remote host").

Aren't requests to port 80 supposed to get redirected by nocat-Gateway? 
Is there any means of testing that?


bye,
Jochen



From cswenson at students.curry.edu  Mon Oct 20 20:37:38 2003
From: cswenson at students.curry.edu (Chris Swenson)
Date: Mon, 20 Oct 2003 15:37:38 -0400
Subject: [NoCat] IMAP authentication
Message-ID: <1066678658.3f9439821c53d@stumail>

Does the IMAP authentication work in nocat 0.81?  I followed the instructions 
and pointed it to my email server (where I regulary log in as an imap user).

My gateway works fine when I am using Passwd for authentication.

Chris S.



-------------------------------------------------
Visit us at http://www.curry.edu/welcome


From riaz at vcn.bc.ca  Sat Oct 18 20:28:43 2003
From: riaz at vcn.bc.ca (Riaz Merchant)
Date: Sat, 18 Oct 2003 12:28:43 -0700
Subject: [NoCat] Nocat with RADIUS
Message-ID: <000801c395ae$0d15b380$534066cf@homepc>

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C39573.5E93AD60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I want to setup my own authserver with RADIUS. Do I need to install =
NoCat Authserver package for RADIUS or I have to apply only patch. If I =
have to install NoCatAuth package then shall I run Authserver package on =
same machine as RADIUS or I need to install it on different machine? Thx =
in advance...........=20

------=_NextPart_000_0005_01C39573.5E93AD60
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3809.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I want to setup my own authserver with =
RADIUS. Do I=20
need to install <A =
href=3D"http://nocat.net/wiki/index.cgi?NoCat">NoCat</A>=20
Authserver package for RADIUS or I have to apply only patch. If I have =
to=20
install&nbsp;NoCatAuth package then shall I run Authserver package on =
same=20
machine as RADIUS or I need to install it on different machine? Thx in=20
advance........... </FONT></DIV></BODY></HTML>

------=_NextPart_000_0005_01C39573.5E93AD60--




From chuck at lareassoc.com  Mon Oct 20 06:59:24 2003
From: chuck at lareassoc.com (Chuck Lare)
Date: Sun, 19 Oct 2003 22:59:24 -0700
Subject: [NoCat] Open Source captive portal - under Windows XP?
Message-ID: <3F9379BC.7070400@lareassoc.com>

Greetings:

Can anyone refer me to a similar, Open Source captive portal as NoCat, 
except running under Windows XP?

-- 
Please advise, thanks. 

Chuck Lare 






From olivier at levadis.com  Mon Oct 20 10:10:01 2003
From: olivier at levadis.com (Olivier Fauchon)
Date: Mon, 20 Oct 2003 11:10:01 +0200
Subject: [NoCat] Bandwidth status (throttle.fw)
Message-ID: <3F93A669.2040509@levadis.com>

Hi,

Are there people running nocat gateways with throttle.fw on ?

My first attempt was a failure, and i'd like to know, if this works 
although it's marked experimental ?

I'll spend more time on that today & try to make that run.

Advices & tips  welcome

thx


-- 
Olivier Fauchon
www.levadis.com



From robert at causey.org  Fri Oct 17 04:04:12 2003
From: robert at causey.org (Robert Causey)
Date: Thu, 16 Oct 2003 20:04:12 -0700
Subject: [NoCat] need help, configuring nocat
In-Reply-To: <019a01c3944b$98293000$04280c0a@pinkpig>
References: <005d01c391c9$2c306910$04280c0a@pinkpig> <3F8BE2EA.4000607@usegroup.de> <012701c3939f$63f10990$04280c0a@pinkpig> <3F8EDD08.2090508@linuxworkz.com> <019a01c3944b$98293000$04280c0a@pinkpig>
Message-ID: <3F8F5C2C.2060408@causey.org>

Rob,

the error in the log "/usr/local/nocat/authserv/pgp/secring.gpg"
indicates that apache either can't find the file secring.gpg in
th path indicated, or the permissions are wrong on the file,
such that apache can't access them. check the file (ls -l) vs
the user that apache is running as (in httpd.conf).

Robert Causey

RM wrote:

> Ok now i got the login page to come up. Thanks for all the replies to m=
y
> problem that pointed me in the right direction to get this part working=
 =3D)
> BUT
>=20
> i have another problem now heheh.. (there's like one problem after the =
other
> =3D] )
>=20
> the problem that im having now is that i created a user for me to login=
. Im
> using passwd, i used the admtool to create the user. i did this
>=20
> -bin/admintool -c NewUser motdepasse
> -bin/admintool -a NewUser VIPGRP
> -bin/admintool -A NewUser VIPGRP
>=20
> after i've done that i try to login i get a Internal Server Error.
> and when i look at the apache error_log this is what i see
>=20
> [2003-10-16 21:03:54] User NewUser from 10.12.41.10 requests form
> [2003-10-16 21:03:54]
> gpg --sign --armor --homedir=3D/usr/local/nocat/authserv/pgp --keyring
> trustedkeys.gpg --no-tty -o- retur
> ned error message:
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: can't open `/usr/local/nocat/authserv/pgp/secring.gpg'
> gpg: keydb_search failed: file open error
> gpg: no default secret key: file open error
> gpg: signing failed: file open error
> [2003-10-16 21:03:54]
> gpg --sign --armor --homedir=3D/usr/local/nocat/authserv/pgp --keyring
> trustedkeys.gpg --no-tty -o- retur
> ned error: Illegal seek ( 2 )
> Can't call method "text" on an undefined value at
> ../lib//NoCat/AuthService.pm line 134.
> [Thu Oct 16 21:03:54 2003] [error] [client 10.12.41.10] Premature end o=
f
> script headers: /usr/local/nocat/authserv/cgi-bin/lo
> gin
>=20
> So i thoguht something was wrong with my keys... so i redid it again wi=
th no
> passphrase using these command from the samemachine.txt file
>=20
> $ make PREFIX=3D/usr/local/nocat/authserv pgpkey
>=20
> $ cp /usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gw/pgp
>=20
> Can anyone take a stab at this problem now ? =3DX
>=20
> this info is for some that wants to know about my config
>=20
> im not running pebble, its a fresh install of slackware 9, and gateway =
and
> authserv is running on the same machine.
>=20
> Thanks again!!!
>=20
> rob
>=20
>=20
>=20
>>RM wrote:
>>
>>
>>>Ok i got SSL to work with my apache server now.  i start apache with
>>>apachectl ssl and then enter the passphrase.
>>>
>>>then i go to https://10.12.41.1 and it works and asl me to accept the
>=20
> cert
>=20
>>>http://10.12.41.1 works also.
>>>
>>>but when i try yahoo or any other page it doesnt work, just gives me t=
he
>>>Page cannot be found
>>>its not bring up the nocat htdocs pages
>>>
>>>anyone know what the problem is?
>>>someone please help =3D).. been trying this for almost a week =3DX
>>>
>>>thanks
>>>Rob
>>>
>>>----- Original Message -----
>>>From: "Jochen St=E4rk" <jstaerk@usegroup.de>
>>>To: "RM" <robert@maknet.net>
>>>Cc: <nocat@lists.nocat.net>
>>>Sent: Tuesday, October 14, 2003 7:50 AM
>>>Subject: Re: [NoCat] need help, configuring nocat
>>>
>>>
>>>
>>>
>>>
>>>>Hi Robert,
>>>>
>>>>
>>>>
>>>>
>>>>>authserver. So in /usr/local/nocat/gw/nocat.conf i have these option=
s
>>>>>
>>>>>HomePage http://10.12.41.1
>>>>>
>>>>>GatewayMode Captive
>>>>>
>>>>>
>>>>>
>>>>
>>>>Why not Passive? AFAIU passive means the same as captive, but works
>>>>through NAT.
>>>>
>>>>
>>>>
>>>>
>>>>>Theres other options also but i never touched those. When i changed =
it
>>>>>to captive and gave it a authserviceaddr of 10.12.41.1 nothing works
>>>>>anymore. When i try to surf any page , IE returns no page found.
>>>>>
>>>>>
>>>>
>>>>That may be because IE is redirected to
>=20
> https://10.12.41.1/cgi-bin/login.
>=20
>>>>Can you point your browser to https://10.12.41.1/ to see if a apache
>>>>with ssl is running there?
>>>>
>>>>
>>>>
>>>>
>>>>>BUT if i change GatewayMode to Open and comment out AuthServiceAddr =
i
>>>>>get i believe is either the splash.html or status.html
>>>>>because it says "Welcome to the NoCat network" and there's a login
>>>>>button and it also says "There are currently 0 users connected, The
>>>>>last connection was at:none."
>>>>>After i press the login button im able to surf the net...
>>>>>
>>>>>
>>>>
>>>>AFAIK, because of architectural reasons, the gateway has to be, and t=
he
>>>>authserv can not be a standalone HTTP(S) server. So, to run an networ=
k,
>>>>you may not have another http-server on the gateway machine listening=
 to
>>>>port 80, but you need apache and mod_ssl on port 443 of your authserv.
>>>>
>>>>
>>>>
>>>>
>>>>>Can anyone help me out? its something with my authserv i think but i
>>>>>cant figure it out
>>>>>
>>>>>
>>>>>
>>>>
>>>>try and have a look in /var/log/httpd/error_log if in doubt.
>>>>
>>>>
>>>>
>>>>
>>>>>again this is a slackware 9 install with apache/dhcp installed. I
>>>>>beleive SSL is installed also cuz the default apache page says
>>>>>"The SSL/TLS-aware apache webserver was successfully installed on th=
is
>>>>>website."
>>>>>apache interface to OpennSSL (mod_ssl)
>>>>>
>>>>>
>>>>
>>>>by the way: you can start apache in ssl mode with apachectl startssl,=
 if
>>>>you just do a apachectl start, there may be problems.
>>>>
>>>>bye,
>>>>Jochen
>>>>
>>>>
>>>>_______________________________________________
>>>>NoCat mailing list
>>>>NoCat@lists.nocat.net
>>>>http://lists.nocat.net/mailman/listinfo/nocat
>>>>
>>>>
>>>>
>>>
>>>
>>>_______________________________________________
>>>NoCat mailing list
>>>NoCat@lists.nocat.net
>>>http://lists.nocat.net/mailman/listinfo/nocat
>>>
>>>
>>
>>
>>
>=20
>=20
>=20
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>=20



From hjohnson at sfu.ca  Tue Oct 21 01:35:07 2003
From: hjohnson at sfu.ca (hjohnson@sfu.ca)
Date: Mon, 20 Oct 2003 17:35:07 -0700
Subject: [NoCat] Bandwidth status (throttle.fw)
In-Reply-To: <3F93A669.2040509@levadis.com>
References: <3F93A669.2040509@levadis.com>
Message-ID: <20031021003507.GD29339@vancouver.lucidoc.com>

--jL2BoiuKMElzg3CS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Olivier,

Well, it works for me(tm) but I wrote it. <G>.  Basically, the key is
that you need a modern Linux kernel (2.4.20 to 2.4.22), with all the
traffic control stuff compiled as modules (most noteably htb, prio, and
bfifo), and a matching version of the tc tool.=20

Anyhow, It should work if you have the requisite tools, but if not, let
me know what happened and hopefully I can help you get it up and going.

Regards,

Hans

On Mon, Oct 20, 2003 at 11:10:01AM +0200, Olivier Fauchon wrote:
> Hi,
>=20
> Are there people running nocat gateways with throttle.fw on ?
>=20
> My first attempt was a failure, and i'd like to know, if this works=20
> although it's marked experimental ?
>=20
> I'll spend more time on that today & try to make that run.
>=20
> Advices & tips  welcome
>=20
> thx
>=20
>=20
> --=20
> Olivier Fauchon
> www.levadis.com
>=20
>=20
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat

--=20
---------------------------------
Hans Johnson (hjohnson@sfu.ca)
EUSS VP Academic
5th Year Engineering Student
Simon Fraser University

=2E.. Si hoc legere scis numium eruditionis habes. -- Anonymous


--jL2BoiuKMElzg3CS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/lH87GCZpgOYsv8kRAoR2AJ0bS4PrjUrXe7/ZGJPE4VG9RK9i+QCgl532
JGx0tXh+4bxuMP9h/Sg++Xk=
=26sW
-----END PGP SIGNATURE-----

--jL2BoiuKMElzg3CS--


From rio at martin.mu  Tue Oct 21 02:34:03 2003
From: rio at martin.mu (Rio Martin)
Date: Tue, 21 Oct 2003 08:34:03 +0700
Subject: [NoCat] Nocat with RADIUS
In-Reply-To: <000801c395ae$0d15b380$534066cf@homepc>
References: <000801c395ae$0d15b380$534066cf@homepc>
Message-ID: <200310210834.03230.rio@martin.mu>

On Sunday 19 October 2003 02:28, Riaz Merchant wrote:
> I want to setup my own authserver with RADIUS. Do I need to install NoCat
> Authserver package for RADIUS or I have to apply only patch. If I have to
> install NoCatAuth package then shall I run Authserver package on same
> machine as RADIUS or I need to install it on different machine? Thx in
> advance...........

I am also developing the same project, but i havent finished it yet. Once i 
installed both Radius and Nocat on the same machine, i read more details on 
nocat.conf and found that we can configured nocat authserver with radius 
using two methods: PAM and Radius.
I keep looking all the documentation about it, specially the documentation 
which includes all the information about configuring NoCat to handle and 
perform AAA request on Radius. This is important due to Nocat doesnt have any 
time accounting. As far as i know NoCat only have username & password 
accounting. Of course this is hard to implement billing system with prepaid 
access.
CMIIW..

Regards,
Rio Martin.


From john at webs4vets.co.uk  Tue Oct 21 08:36:39 2003
From: john at webs4vets.co.uk (John Taylor)
Date: Tue, 21 Oct 2003 08:36:39 +0100
Subject: [NoCat] Minimum RPM install
Message-ID: <000001c397a6$276a0250$0101a8c0@officepc>

Hi guys, I've tried to do a minimum RH9 install to create an
authservice/gateway box. I't all works fine except when I pust the login
button when I've entered a correct user/pw, I get and error:
Internal server error 500; premature end script  headers login.
I guess I'm missing something/ My ssl_error_log looks like:


[Sun Oct 19 10:35:33 2003] [error] [client 192.168.3.2] [2003-10-19
10:35:33] User UNKNOWN from 192.168.3.2 requests form
[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] Premature end of
script headers: login, referer:
https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] [2003-10-19
10:35:41] User john from 192.168.3.2 requests form, referer:
https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] [2003-10-19
10:35:42] gpg --sign --armor --homedir=/usr/local/nocat/cgi-bin/../pgp
--keyring trustedkeys.gpg --no-tty -o- returned error message:, referer:
https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] gpg: WARNING:
using insecure memory!, referer:
https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] gpg: please see
http://www.gnupg.org/faq.html for more information, referer:
https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] Can't locate
Net/Netmask.pm in @INC (@INC contains: ../lib/ /usr/local/nocat//lib
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at
../lib//NoCat/AuthService.pm line 76., referer:
https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520


Anybody help?

Also does anybody have a list of minimum required RPMS to get this
working under RH9?

John Taylor




From bh at nt.is  Tue Oct 21 16:02:01 2003
From: bh at nt.is (Brynjar Hauksson)
Date: Tue, 21 Oct 2003 22:02:01 +0700
Subject: [NoCat] throttle.fw problems
In-Reply-To: <20031021003507.GD29339@vancouver.lucidoc.com>
Message-ID: <001401c397e4$4a3c4f70$0300a8c0@natuamia>

Hi Hans,

I'm totally unable to get this working.

I'm using pebble on a soekris box
pebble:/usr/local/nocat# uname -a
Linux pebble 2.4.20-pebble #3 Fri May 2 13:14:19 EDT 2003 i486 unknown

The errors I get when I try to run throttle.fw are the following:

pebble:/usr/local/nocat/bin# ./throttle.fw
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
pebble:/usr/local/nocat/bin#

I'm using this version here:
http://vancouver.lucidoc.com/~hans/nocat/throttle.fw

My current setting for the script are the following:

InternalDevice=3Dwlan0
ExternalDevice=3Deth0
OWNER_LOW_MIN_UP=3D100    # Minimum rate for owner's low priority =
traffic
OWNER_HIGH_MIN_UP=3D300   # Minimum rate for owner's high priority =
traffic
COOP_LOW_MIN_UP=3D50              # Minimum rate for coop low priority =
traffic
COOP_HIGH_MIN_UP=3D100    # Minimum rate for coop high priority traffic
PUBLIC_LOW_MIN_UP=3D30    # Minimum rate for public low priority traffic
PUBLIC_HIGH_MIN_UP=3D30   # Minimum rate for public high priority =
traffic

I have no idea why I'm gettng these errors, any help is appreciated

Kve=C3=B0ja / Best regards / =
=E0=B8=94=E0=B9=89=E0=B8=A7=E0=B8=A2=E0=B8=84=E0=B8=A7=E0=B8=B2=E0=B8=A1=E0=
=B8=84=E0=B8=B4=E0=B8=94=E0=B8=96=E0=B8=B6=E0=B8=87
Brynjar Hauksson
ICQ# 15512204




From jbarrett at pogozone.com  Tue Oct 21 16:52:56 2003
From: jbarrett at pogozone.com (Jacob S. Barrett)
Date: Tue, 21 Oct 2003 08:52:56 -0700
Subject: [NoCat] Nocat with RADIUS
In-Reply-To: <200310210834.03230.rio@martin.mu>
References: <000801c395ae$0d15b380$534066cf@homepc> <200310210834.03230.rio@martin.mu>
Message-ID: <3F955658.2090408@pogozone.com>

Rio Martin wrote:

> On Sunday 19 October 2003 02:28, Riaz Merchant wrote:
> 
>>I want to setup my own authserver with RADIUS. Do I need to install NoCat
>>Authserver package for RADIUS or I have to apply only patch. If I have to
>>install NoCatAuth package then shall I run Authserver package on same
>>machine as RADIUS or I need to install it on different machine? Thx in
>>advance...........
> 
> 
> I am also developing the same project, but i havent finished it yet. Once i 
> installed both Radius and Nocat on the same machine, i read more details on 
> nocat.conf and found that we can configured nocat authserver with radius 
> using two methods: PAM and Radius.
> I keep looking all the documentation about it, specially the documentation 
> which includes all the information about configuring NoCat to handle and 
> perform AAA request on Radius. This is important due to Nocat doesnt have any 
> time accounting. As far as i know NoCat only have username & password 
> accounting. Of course this is hard to implement billing system with prepaid 
> access.
> CMIIW..

Both of you might be interested in my RADIUS patches.  They do time and 
byte accounting.

http://www.pogozone.net/projects/nocat

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225



From hjohnson at sfu.ca  Tue Oct 21 17:51:20 2003
From: hjohnson at sfu.ca (hjohnson@sfu.ca)
Date: Tue, 21 Oct 2003 09:51:20 -0700
Subject: [NoCat] throttle.fw problems
In-Reply-To: <001401c397e4$4a3c4f70$0300a8c0@natuamia>
References: <20031021003507.GD29339@vancouver.lucidoc.com> <001401c397e4$4a3c4f70$0300a8c0@natuamia>
Message-ID: <20031021165120.GE29339@vancouver.lucidoc.com>

--SWTRyWv/ijrBap1m
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

Lookslike you don't have the traffic shaping stuff built for use with
the kernel.  The throttle.fw script needs the following kernel modules:

ipt_TOS, cls_fw, cls_u32, sch_sfq, sch_prio, sch_htb

To check to see whether you have these loaded, do an lsmod on the
prompt.  If not, try to load each of the above with modprobe, and if
that fails, you probably need to build yourself a new kernel that
supports the traffic shaping functions.

Now, since pebble is a mini-distribution, and you're on the Soekris
anyhow, you'll need to either cross compile on another machine, or get
someone to do it for you.

The relevant parts of the kernel configuration are under "Networking
Options->QoS and/or Fair Queueing" in the kernel configuration program.
The Kernel HOWTO at www.tldp.org makes for a helpful read on how to
build your own kernel.  In a nutshell, what you need to do is build the
kernel, build the modules, then copy the kernel, System.map file, and
the modules over to the soekris, point the bootloader at the new kernel,
and cross your fingers.

Anyhow, I hope that I've pointed you in the right direction. :)

Peace,

Hans

PS: which soekris are you using? I'm looking at using one for a long
range wireless project here in Vancouver.

On Tue, Oct 21, 2003 at 10:02:01PM +0700, Brynjar Hauksson wrote:
> Hi Hans,
>=20
> I'm totally unable to get this working.
>=20
> I'm using pebble on a soekris box
> pebble:/usr/local/nocat# uname -a
> Linux pebble 2.4.20-pebble #3 Fri May 2 13:14:19 EDT 2003 i486 unknown
>=20
> The errors I get when I try to run throttle.fw are the following:
>=20
> pebble:/usr/local/nocat/bin# ./throttle.fw
> RTNETLINK answers: Invalid argument
> RTNETLINK answers: Invalid argument
> RTNETLINK answers: Invalid argument
> RTNETLINK answers: Invalid argument

=2E...

> I'm using this version here:
> http://vancouver.lucidoc.com/~hans/nocat/throttle.fw
>=20
> My current setting for the script are the following:
>=20
> InternalDevice=3Dwlan0
> ExternalDevice=3Deth0
> OWNER_LOW_MIN_UP=3D100    # Minimum rate for owner's low priority traffic
> OWNER_HIGH_MIN_UP=3D300   # Minimum rate for owner's high priority traffic
> COOP_LOW_MIN_UP=3D50              # Minimum rate for coop low priority tr=
affic
> COOP_HIGH_MIN_UP=3D100    # Minimum rate for coop high priority traffic
> PUBLIC_LOW_MIN_UP=3D30    # Minimum rate for public low priority traffic
> PUBLIC_HIGH_MIN_UP=3D30   # Minimum rate for public high priority traffic
>=20
> I have no idea why I'm gettng these errors, any help is appreciated
>=20
--=20
---------------------------------
Hans Johnson (hjohnson@sfu.ca)
EUSS VP Academic
5th Year Engineering Student
Simon Fraser University

=2E.. Si hoc legere scis numium eruditionis habes. -- Anonymous


--SWTRyWv/ijrBap1m
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/lWQIGCZpgOYsv8kRAuPeAKCHiR9uBLHAobADmLCzXBfbcgWSqwCgsK0H
4aPyd07/gA2SXwbObARXCnI=
=e3yf
-----END PGP SIGNATURE-----

--SWTRyWv/ijrBap1m--


From konetzed at linuxworkz.com  Tue Oct 21 18:18:07 2003
From: konetzed at linuxworkz.com (Edward Konetzko)
Date: Tue, 21 Oct 2003 12:18:07 -0500
Subject: [NoCat] Minimum RPM install
In-Reply-To: <000001c397a6$276a0250$0101a8c0@officepc>
References: <000001c397a6$276a0250$0101a8c0@officepc>
Message-ID: <3F956A4F.60104@linuxworkz.com>

Dont know what you problem is but i have been installing gw/authserv 
with redhat min install

Here are the packages that I can remeber off had
Auth
       http
       perl-cpan
       perl-cgi

gw
       nothing extra

Those should be all you need, for a min install of rh9 to work.  One 
thing you may want to check is that apache can read the nocat dir's.


Hope this helps
Edward konetzko


John Taylor wrote:

>Hi guys, I've tried to do a minimum RH9 install to create an
>authservice/gateway box. I't all works fine except when I pust the login
>button when I've entered a correct user/pw, I get and error:
>Internal server error 500; premature end script  headers login.
>I guess I'm missing something/ My ssl_error_log looks like:
>
>
>[Sun Oct 19 10:35:33 2003] [error] [client 192.168.3.2] [2003-10-19
>10:35:33] User UNKNOWN from 192.168.3.2 requests form
>[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] Premature end of
>script headers: login, referer:
>https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
>1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
>3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
>[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] [2003-10-19
>10:35:41] User john from 192.168.3.2 requests form, referer:
>https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
>1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
>3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
>[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] [2003-10-19
>10:35:42] gpg --sign --armor --homedir=/usr/local/nocat/cgi-bin/../pgp
>--keyring trustedkeys.gpg --no-tty -o- returned error message:, referer:
>https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
>1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
>3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
>[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] gpg: WARNING:
>using insecure memory!, referer:
>https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
>1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
>3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
>[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] gpg: please see
>http://www.gnupg.org/faq.html for more information, referer:
>https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
>1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
>3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
>[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] Can't locate
>Net/Netmask.pm in @INC (@INC contains: ../lib/ /usr/local/nocat//lib
>/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
>/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
>/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
>/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
>/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at
>../lib//NoCat/AuthService.pm line 76., referer:
>https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
>1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
>3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
>
>
>Anybody help?
>
>Also does anybody have a list of minimum required RPMS to get this
>working under RH9?
>
>John Taylor
>
>
>
>_______________________________________________
>NoCat mailing list
>NoCat@lists.nocat.net
>http://lists.nocat.net/mailman/listinfo/nocat
>  
>




From konetzed at linuxworkz.com  Tue Oct 21 18:21:30 2003
From: konetzed at linuxworkz.com (Edward Konetzko)
Date: Tue, 21 Oct 2003 12:21:30 -0500
Subject: [NoCat] IMAP authentication
In-Reply-To: <1066678658.3f9439821c53d@stumail>
References: <1066678658.3f9439821c53d@stumail>
Message-ID: <3F956B1A.2030903@linuxworkz.com>

There is a patch on the list that I made for the IMAP module in .82. The 
problem was that mailboxes that were mt would not allow users to login.  
So try putting mail in your inbox or applying the patch.  Also RTFM 
where M=mail.


Chris Swenson wrote:

>Does the IMAP authentication work in nocat 0.81?  I followed the instructions 
>and pointed it to my email server (where I regulary log in as an imap user).
>
>My gateway works fine when I am using Passwd for authentication.
>
>Chris S.
>
>
>
>-------------------------------------------------
>Visit us at http://www.curry.edu/welcome
>
>_______________________________________________
>NoCat mailing list
>NoCat@lists.nocat.net
>http://lists.nocat.net/mailman/listinfo/nocat
>  
>




From robert at maknet.net  Tue Oct 21 20:04:15 2003
From: robert at maknet.net (RM)
Date: Tue, 21 Oct 2003 15:04:15 -0400
Subject: [NoCat] Minimum RPM install
References: <000001c397a6$276a0250$0101a8c0@officepc> <3F956A4F.60104@linuxworkz.com>
Message-ID: <001901c39806$1f488d20$04280c0a@pinkpig>

>Net/Netmask.pm in @INC (@INC contains: ../lib/ /usr/local/nocat//lib
>/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
>/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
>/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
>/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
>/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at
>../lib//NoCat/AuthService.pm line 76., referer:


install Netmask

i had that error before but after installing it .. it was ok.... hope that
fixes some of your problems


----- Original Message -----
From: "Edward Konetzko" <konetzed@linuxworkz.com>
To: "John Taylor" <john@webs4vets.co.uk>; <nocat@lists.nocat.net>
Sent: Tuesday, October 21, 2003 1:18 PM
Subject: Re: [NoCat] Minimum RPM install


> Dont know what you problem is but i have been installing gw/authserv
> with redhat min install
>
> Here are the packages that I can remeber off had
> Auth
>        http
>        perl-cpan
>        perl-cgi
>
> gw
>        nothing extra
>
> Those should be all you need, for a min install of rh9 to work.  One
> thing you may want to check is that apache can read the nocat dir's.
>
>
> Hope this helps
> Edward konetzko
>
>
> John Taylor wrote:
>
> >Hi guys, I've tried to do a minimum RH9 install to create an
> >authservice/gateway box. I't all works fine except when I pust the login
> >button when I've entered a correct user/pw, I get and error:
> >Internal server error 500; premature end script  headers login.
> >I guess I'm missing something/ My ssl_error_log looks like:
> >
> >
> >[Sun Oct 19 10:35:33 2003] [error] [client 192.168.3.2] [2003-10-19
> >10:35:33] User UNKNOWN from 192.168.3.2 requests form
> >[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] Premature end of
> >script headers: login, referer:
> >https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
> >1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
> >3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
> >[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] [2003-10-19
> >10:35:41] User john from 192.168.3.2 requests form, referer:
> >https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
> >1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
> >3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
> >[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] [2003-10-19
> >10:35:42] gpg --sign --armor --homedir=/usr/local/nocat/cgi-bin/../pgp
> >--keyring trustedkeys.gpg --no-tty -o- returned error message:, referer:
> >https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
> >1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
> >3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
> >[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] gpg: WARNING:
> >using insecure memory!, referer:
> >https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
> >1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
> >3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
> >[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] gpg: please see
> >http://www.gnupg.org/faq.html for more information, referer:
> >https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
> >1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
> >3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
> >[Sun Oct 19 10:35:42 2003] [error] [client 192.168.3.2] Can't locate
> >Net/Netmask.pm in @INC (@INC contains: ../lib/ /usr/local/nocat//lib
> >/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
> >/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
> >/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> >/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at
> >../lib//NoCat/AuthService.pm line 76., referer:
> >https://192.168.0.2/cgi-bin/login?redirect=http%3a%2f%2f192%2e168%2e0%2e
> >1%2fwebsites%2ftest&timeout=600&gateway=192%2e168%2e3%2e1%3a5280&mac=00%
> >3a50%3a56%3a40%3a00%3a50&token=%241%2455957991%24XVcRUjbrOsOf6nHbkF1520
> >
> >
> >Anybody help?
> >
> >Also does anybody have a list of minimum required RPMS to get this
> >working under RH9?
> >
> >John Taylor
> >
> >
> >
> >_______________________________________________
> >NoCat mailing list
> >NoCat@lists.nocat.net
> >http://lists.nocat.net/mailman/listinfo/nocat
> >
> >
>
>
>
> _______________________________________________
> NoCat mailing list
> NoCat@lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>



From nba at users.sourceforge.net  Tue Oct 21 22:12:56 2003
From: nba at users.sourceforge.net (Niels Baggesen)
Date: Tue, 21 Oct 2003 23:12:56 +0200
Subject: [NoCat] keep kicking me back to login page
In-Reply-To: <002f01c39673$c9c93cc0$04280c0a@pinkpig>
References: <002f01c39673$c9c93cc0$04280c0a@pinkpig>
Message-ID: <20031021211256.GA3675@baggesen.mine.nu>

On Sun, Oct 19, 2003 at 03:04:04PM -0400, RM wrote:
>         i have nocat setup now and have nocat and authserv on the same =
machine. Im also using passwd and running passive mode.=20
> everytime i login and get the popup the main window in the back doesnt =
get redirected to the internet(web) page that i want. It takes me back to=
 the login page. the error i get in error_log is
>=20
> User rob from 10.12.41.10 requests form
> [2003-10-19 14:55:48] gpg --sign --armor --homedir=3D/usr/local/nocat/a=
uthserv/cgi-bin/../pgp --keyring trustedkeys.gpg --no-tt
> y -o- returned error message:
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> [2003-10-19 14:55:48] could not parse  at ../lib//NoCat/AuthService.pm =
line 77

Even though it is not mentioned, you need to configure LocalNetwork
in your authserv nocat.conf file if your auth server is on the same
subnet as the gateway (which includes the case where they run on the
same machine)

Something like

LocalNetwork 192.168.1.0/24

/Niels

--=20
Niels Baggesen -- @home -- =C5rhus -- Denmark -- niels@baggesen.net
The purpose of computing is insight, not numbers  --  R W Hamming


From cstone at axint.net  Wed Oct 22 01:28:20 2003
From: cstone at axint.net (Chris Stone, MCSE)
Date: Tue, 21 Oct 2003 18:28:20 -0600
Subject: [NoCat] Nocat web site
In-Reply-To: <3F955658.2090408@pogozone.com>
Message-ID: <E1ACAh5-0000Gs-00@lists.nocat.net>

Darn, working through getting NoCat and Radius rolling and am almost there
but need more docs....and the web site is down? Anyone know what's up with
that and when it might be back?

-cs- 

-----Original Message-----
From: nocat-admin@lists.nocat.net [mailto:nocat-admin@lists.nocat.net] On
Behalf Of Jacob S. Barrett
Sent: Tuesday, October 21, 2003 9:53 AM
To: Rio Martin
Cc: nocat@lists.nocat.net
Subject: Re: [NoCat] Nocat with RADIUS

Rio Martin wrote:

> On Sunday 19 October 2003 02:28, Riaz Merchant wrote:
> 
>>I want to setup my own authserver with RADIUS. Do I need to install NoCat
>>Authserver package for RADIUS or I have to apply only patch. If I have to
>>install NoCatAuth package then shall I run Authserver package on same
>>machine as RADIUS or I need to install it on different machine? Thx in
>>advance...........
> 
> 
> I am also developing the same project, but i havent finished it yet. Once
i 
> installed both Radius and Nocat on the same machine, i read more details
on 
> nocat.conf and found that we can configured nocat authserver with radius 
> using two methods: PAM and Radius.
> I keep looking all the documentation about it, specially the documentation

> which includes all the information about configuring NoCat to handle and 
> perform AAA request on Radius. This is important due to Nocat doesnt have
any 
> time accounting. As far as i know NoCat only have username & password 
> accounting. Of course this is hard to implement billing system with
prepaid 
> access.
> CMIIW..

Both of you might be interested in my RADIUS patches.  They do time and 
byte accounting.

http://www.pogozone.net/projects/nocat

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

   email: jbarrett@pogozone.com
     web: www.pogozone.com
   voice: 360-676-8772
     fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
          Bellingham, Washington 98225


_______________________________________________
NoCat mailing list
NoCat@lists.nocat.net
http://lists.nocat.net/mailman/listinfo/nocat



From olivier at levadis.com  Tue Oct 21 09:41:00 2003
From: olivier at levadis.com (Olivier Fauchon)
Date: Tue, 21 Oct 2003 10:41:00 +0200
Subject: [NoCat] Minimum RPM install
In-Reply-To: <000001c397a6$276a0250$0101a8c0@officepc>
References: <000001c397a6$276a0250$0101a8c0@officepc>
Message-ID: <3F94F11C.7070803@levadis.com>

> Net/Netmask.pm in @INC (@INC contains: ../lib/ /usr/local/nocat//lib
> /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0

Seems you miss a perl lib.

sudo perl -eshell -MPCAN

 > install Net::Netmask
.....
.....
 > quit


This sould at least remove this error

--=20
Olivier Fauchon
Ing=E9nieur syst=E8mes et r=E9seaux

Levadis
Analyse Radio, D=E9ploiement, S=E9curit=E9, Maintenance de R=E9seaux Sans=
 Fil

5-7 av de la canebi=E8re - 13001 Marseille
Tel: +33 (0)4 91 90 91 72
Fax: +33 (0)4 91 90 19 05



From tfd at vodafone.es  Tue Oct 21 17:08:51 2003
From: tfd at vodafone.es (Toni dlF. Diaz)
Date: Tue, 21 Oct 2003 18:08:51 +0200
Subject: [NoCat] NoCatAuth + openldap works?
Message-ID: <1066752531.6630.11.camel@flame>

Hello,

	Somebody known if NoCatAuth works really with ldap backend? I'm trying
with iPlanet Directory Server, Novell Directory Server and OpenLDAP but
AuthService does not work (uid/mail or password error). I think that the
problem is the password coding but I tried with different...

Toni



From jcbf at underspell.com  Tue Oct 21 19:49:53 2003
From: jcbf at underspell.com (=?ISO-8859-1?Q?Jos=E9_Borges_Ferreira?=)
Date: Tue, 21 Oct 2003 19:49:53 +0100
Subject: [NoCat] Minimum RPM install
In-Reply-To: <3F956A4F.60104@linuxworkz.com>
References: <000001c397a6$276a0250$0101a8c0@officepc> <3F956A4F.60104@linuxworkz.com>
Message-ID: <3F957FD1.4020003@underspell.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=20
Edward Konetzko wrote:

| Dont know what you problem is but i have been installing gw/authserv
| with redhat min install
|
| Here are the packages that I can remeber off had Auth http perl-cpan
| perl-cgi
|
| gw nothing extra
|
| Those should be all you need, for a min install of rh9 to work.  One
| thing you may want to check is that apache can read the nocat dir's.
|
Also need Net::Netmask.pm , get it from CPAN or build a RPM out of it. (
i can send you  my RPM and/or SRPM )
Jos=E9 Borges Ferreira
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
=20
iD8DBQE/lX/QbzMzHSz3fVcRAnVqAKCQT0XDDkCDu+rlzWy+U7WciT4e4ACfdWg1
rzwNJuwe5yoEl4/M+B3L7+w=3D
=3Dji0s
-----END PGP SIGNATURE-----




From olivier at levadis.com  Tue Oct 21 09:31:48 2003
From: olivier at levadis.com (Olivier Fauchon)
Date: Tue, 21 Oct 2003 10:31:48 +0200
Subject: [NoCat] Bandwidth status (throttle.fw)
In-Reply-To: <20031021003507.GD29339@vancouver.lucidoc.com>
References: <3F93A669.2040509@levadis.com> <20031021003507.GD29339@vancouver.lucidoc.com>
Message-ID: <3F94EEF4.2060002@levadis.com>

hi Hans,

(My questions are in 4/ section)


0/ Ifconfig
-----------



eth0      Link encap:Ethernet  HWaddr 00:30:BD:2A:C2:AC
           inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:337939 errors:0 dropped:0 overruns:0 frame:0
           TX packets:281971 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:367170915 (350.1 MiB)  TX bytes:30925001 (29.4 MiB)
           Interrupt:9 Base address:0xf000

THIS IS MY LAN interface (192.168.0.254) is my gateway to go to=20
internet. Max internet speed is about 70Ko/s

---

eth1      Link encap:Ethernet  HWaddr 00:E0:4C:E2:0F:36
           inet addr:192.168.6.254  Bcast:192.168.6.255  	=20
Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:76416 errors:0 dropped:0 overruns:0 frame:0
           TX packets:123327 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:6735105 (6.4 MiB)  TX bytes:163865853 (156.2 MiB)
           Interrupt:9 Base address:0x1000

This is my Hotspot interface ( connected to DLINK 802.11b/g AP)
There is DHCP + Apache + Nocat/Gw



1/ I compiled my 2.4.22 with:
-----------------------------

QoS and/or fair queueing  --->
[*] QoS and/or fair queueing
<*>   CBQ packet scheduler
<*>   HTB packet scheduler
<*>   CSZ packet scheduler
<*>   The simplest PRIO pseudoscheduler
<*>   RED queue
<*>   SFQ queue
<*>   TEQL queue
<*>   TBF queue
<*>   GRED queue

2/ tc works :
--------------

olivier@aurora:/nocat/gateway/bin$ tc -s -d qdisc show
qdisc sfq 807e: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb=20
15sec
  Sent 126380 bytes 1889 pkts (dropped 0, overlimits 0)

qdisc sfq 807d: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb=20
15sec
  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

qdisc sfq 807c: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb=20
15sec
  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

qdisc cbq 20: dev eth0 rate 10Mbit cell 8b (bounded,isolated) prio=20
no-transmit/8 weight 10Mbit allot 1514b
level 2 ewma 5 avpkt 1000b maxidle 23us
  Sent 699201 bytes 8969 pkts (dropped 0, overlimits 3302)
   borrowed 0 overactions 0 avgidle 624 undertime 0

qdisc sfq 807b: dev eth1 quantum 1514b limit 128p flows 128/1024 perturb=20
15sec
  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

qdisc sfq 807a: dev eth1 quantum 1514b limit 128p flows 128/1024 perturb=20
15sec
  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

qdisc sfq 8079: dev eth1 quantum 1514b limit 128p flows 128/1024 perturb=20
15sec
  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

qdisc cbq 10: dev eth1 rate 10Mbit cell 8b (bounded,isolated) prio=20
no-transmit/8 weight 10Mbit allot 1514b
level 2 ewma 5 avpkt 1000b maxidle 23us
  Sent 5654154 bytes 3892 pkts (dropped 0, overlimits 0)
   borrowed 0 overactions 0 avgidle 624 undertime 0




3/ My throttle.fw modifications:
---------------------------------

TOTAL_DOWN=3D512kbit
TOTAL_UP=3D256kbit

OWNER_DOWN=3D512kbit      # fw mark 1
OWNER_UP=3D256kbit
OWNER_OPTIONS=3D""

COOP_DOWN=3D256kbit               # fw mark 2
COOP_UP=3D126kbit
COOP_OPTIONS=3D""

PUBLIC_DOWN=3D56kbit      # fw mark 3
PUBLIC_UP=3D56kbit
PUBLIC_OPTIONS=3D"bounded"

(This configuration was for testing purpose)




4/ My questions
---------------


a/

TOTAL_DOWN=3D512kbit
TOTAL_UP=3D256kbit

What are those values ? Max upstream & downstream traffic from all=20
wireless clients ?


b/
	"tc qdisc add dev $InternalDevice root handle 10: cbq bandwidth 10Mbit=20
avpkt 1000"

-> Sould i turn this to bandwidth 100Mbit if i use 100Mb Realtek Adapter=20
? or this is not important ?


c/

With that:

PUBLIC_DOWN=3D56kbit      # fw mark 3
PUBLIC_UP=3D56kbit
PUBLIC_OPTIONS=3D"bounded"

.. My public user (skip button in login form) can download up to 58.7=20
KBytes/s (Reported by Mozilla ftp download progress bar & gkrellm).
Isn't 56kbit equivalent to about 56/8 =3D 7 KBytes/s ?



And with :

PUBLIC_DOWN=3D1kbit       # fw mark 3
PUBLIC_UP=3D1kbit


... i can download at 6.5 KB/s . Strange


Could you explain me this behaviour b ???




Thanx a lot


--=20
Olivier Fauchon
Ing=E9nieur syst=E8mes et r=E9seaux

Levadis
Analyse Radio, D=E9ploiement, S=E9curit=E9, Maintenance de R=E9seaux Sans=
 Fil
Convergence T=E9l=E9phonie/Informatique

5-7 av de la canebi=E8re - 13001 Marseille
Tel: +33 (0)4 91 90 91 72
Fax: +33 (0)4 91 90 19 05



From rob at nocat.net  Wed Oct 22 07:18:25 2003
From: rob at nocat.net (Rob Flickenger)
Date: Tue, 21 Oct 2003 23:18:25 -0700
Subject: [NoCat] Nocat web site
In-Reply-To: <E1ACAh5-0000Gs-00@lists.nocat.net>
Message-ID: <8B86B744-0457-11D8-9FD0-000393843BC2@nocat.net>

On Tuesday, October 21, 2003, at 05:28  PM, Chris Stone, MCSE wrote:

> Darn, working through getting NoCat and Radius rolling and am almost 
> there
> but need more docs....and the web site is down? Anyone know what's up 
> with
> that and when it might be back?

Do you mean nocat.net?  Looks fine to me...

--Rob



From visick at eng.utah.edu  Wed Oct 22 15:48:24 2003
From: visick at eng.utah.edu (Spencer H Visick)
Date: Wed, 22 Oct 2003 08:48:24 -0600
Subject: [NoCat] NoCatAuth + openldap works?
In-Reply-To: <1066752531.6630.11.camel@flame>
References: <1066752531.6630.11.camel@flame>
Message-ID: <20031022144823.GA25118@scooter.eng.utah.edu>

Toni dlF. Diaz on Tue, Oct 21, 2003 at 06:08:51PM +0200 wrote:
> 	Somebody known if NoCatAuth works really with ldap backend? I'm trying
> with iPlanet Directory Server, Novell Directory Server and OpenLDAP but
> AuthService does not work (uid/mail or password error). I think that the
> problem is the password coding but I tried with different...

We have had NoCatAuth working with both iPlanet and OpenLDAP. We are
using 0.82 and OpenLDAP currently with no problems. Often people have
a problem with their LDAP_Filter. It defaults to 'mail' but people
using LDAP as a Network Information Service (like in RFC 2307) want
this set to uid. If you need any help getting it going I'd be glad to
help you out.

-- 
Spencer


From laquequedelibre at hotmail.com  Thu Oct 23 09:09:15 2003
From: laquequedelibre at hotmail.com (Migu el)
Date: Thu, 23 Oct 2003 08:09:15 +0000
Subject: [NoCat] Premature end of script headers HELP!!!
Message-ID: <SEA1-F4PxaDs4wENp9D00014abe@hotmail.com>

  Hi, I am trying to set my HotSpot up, but I still have not got it. I have 
the gateway and the authserver running on different boxes, with Mandrake 
9.1. Both boxes have gpg 1.0.6, the /usr/local/nocat/pgp ditectory and its 
files are owned by the same user as apache daemon (apache in this case), and 
trustedkeys.pgp was copied from the authserv to th gw.

  When I set the gw in Open mode everything works, but when I change to 
Passive mode, using Passwd as DataSource, I can see the login page, but when 
I try to log in, I get an 'Internal Server Error', and the Apache error log 
looks like this:

[Thu Oct 23 10:27:31 2003] [error] [client 193.145.253.208] [2003-10-23 
10:27:31] User UNKNOWN from 193.145.253.208 requests form
[Thu Oct 23 10:28:01 2003] [error] [client 193.145.253.208] Premature end of 
script headers: login, referer: 
http://193.145.253.111/cgi-bin/login?redirect=http%3a%2f%2fwww%2egoogle%2ecom%2f&timeout=60000&gateway=192%2e168%2e6%2e1%3a5280&mac=00%3a0C%3a85%3a2D%3a2A%3a20&token=%241%2424408468%24pDmW81pUwIVtE0ZJ0ArEU%2f
[Thu Oct 23 10:28:01 2003] [error] [client 193.145.253.208] [2003-10-23 
10:28:00] User a from 193.145.253.208 requests form, referer: 
http://193.145.253.111/cgi-bin/login?redirect=http%3a%2f%2fwww%2egoogle%2ecom%2f&timeout=60000&gateway=192%2e168%2e6%2e1%3a5280&mac=00%3a0C%3a85%3a2D%3a2A%3a20&token=%241%2424408468%24pDmW81pUwIVtE0ZJ0ArEU%2f
[Thu Oct 23 10:28:01 2003] [error] [client 193.145.253.208] [2003-10-23 
10:28:01] gpg --sign --armor --homedir=/usr/local/nocat/cgi-bin/../pgp 
--keyring trustedkeys.gpg --no-tty -o- returned error message:, referer: 
http://193.145.253.111/cgi-bin/login?redirect=http%3a%2f%2fwww%2egoogle%2ecom%2f&timeout=60000&gateway=192%2e168%2e6%2e1%3a5280&mac=00%3a0C%3a85%3a2D%3a2A%3a20&token=%241%2424408468%24pDmW81pUwIVtE0ZJ0ArEU%2f
[Thu Oct 23 10:28:01 2003] [error] [client 193.145.253.208] gpg: keyblock 
resource `/usr/local/nocat/cgi-bin/../pgp/trustedkeys.gpg': file open error, 
referer: 
http://193.145.253.111/cgi-bin/login?redirect=http%3a%2f%2fwww%2egoogle%2ecom%2f&timeout=60000&gateway=192%2e168%2e6%2e1%3a5280&mac=00%3a0C%3a85%3a2D%3a2A%3a20&token=%241%2424408468%24pDmW81pUwIVtE0ZJ0ArEU%2f
[Thu Oct 23 10:28:01 2003] [error] [client 193.145.253.208] [2003-10-23 
10:28:01] gpg --sign --armor --homedir=/usr/local/nocat/cgi-bin/../pgp 
--keyring trustedkeys.gpg --no-tty -o- returned error: Illegal seek ( 2 ), 
referer: 
http://193.145.253.111/cgi-bin/login?redirect=http%3a%2f%2fwww%2egoogle%2ecom%2f&timeout=60000&gateway=192%2e168%2e6%2e1%3a5280&mac=00%3a0C%3a85%3a2D%3a2A%3a20&token=%241%2424408468%24pDmW81pUwIVtE0ZJ0ArEU%2f
[Thu Oct 23 10:28:01 2003] [error] [client 193.145.253.208] Can't call 
method "text" on an undefined value at ../lib//NoCat/AuthService.pm line 
134., referer: 
http://193.145.253.111/cgi-bin/login?redirect=http%3a%2f%2fwww%2egoogle%2ecom%2f&timeout=60000&gateway=192%2e168%2e6%2e1%3a5280&mac=00%3a0C%3a85%3a2D%3a2A%3a20&token=%241%2424408468%24pDmW81pUwIVtE0ZJ0ArEU%2f


  Any help will be welcome. Thaks a lot,

              Miguel.

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:  
http://messenger.microsoft.com/es



From john at webs4vets.co.uk  Thu Oct 23 09:58:55 2003
From: john at webs4vets.co.uk (John Taylor)
Date: Thu, 23 Oct 2003 09:58:55 +0100
Subject: [NoCat] How to install Perl modules
In-Reply-To: <20031021155302.22259.96908.Mailman@mouse>
Message-ID: <000301c39943$e4eb4bb0$010aa8c0@dell>

Thanks for all the help. Just for the sake of the archives, I found

perl -MCPAN -e 'install Net::Netmask'

installed the Net::Netmask perl module fine for me (once I'd connected
to the net...!)

John



From tfd at vodafone.es  Thu Oct 23 12:37:38 2003
From: tfd at vodafone.es (Toni dlF. Diaz)
Date: Thu, 23 Oct 2003 13:37:38 +0200
Subject: [NoCat] NoCatBOX Howto con/with OpenLDAP
Message-ID: <1066909058.1659.27.camel@flame>

He actualizado el NoCatBOX HowTo otra vez. He a=C3=B1adido la configuraci=
=C3=B3n
para almacenar los usuarios en OpenLDAP.

Version en castellano
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-es.pdf

Version en ingl=C3=A9s
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-en.pdf

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

I have updated the NoCatBOX HowTo. The configuration for OpenLDAP to
store users has been added.

English Version:
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-en.pdf

Spanish version:
http://blyx.com/public/wireless/nocatbox/nocatbox-howto-es.pdf


Toni
Blyx.com



From sunsheng at hotmail.com  Thu Oct 23 18:52:19 2003
From: sunsheng at hotmail.com (sheng sun)
Date: Thu, 23 Oct 2003 17:52:19 +0000
Subject: [NoCat] problem with gpg...
Message-ID: <BAY10-F112gQmBWwLm2000064c3@hotmail.com>

This is a multi-part message in MIME format.

------=_NextPart_000_15da_6704_5180
Content-Type: text/plain; format=flowed

Hi:
    I have been struggling with this problem for a couple exhausted days. 
The problem is with the gpg certificates and authentication.
    My configuration is RH9, Gnupg 1.2.1-3,MySql,both gateway and authserv 
running on the same box. I am also able to get in the registration and do 
the self-registration which can be reflected in the mysql database. However 
when I try to login with userid/password created in the db, the web page 
will shows an error page.
I captured the Httpd.conf as follows:
===================================================================================================
[Thu Oct 23 12:01:47 2003] [error] [client 192.168.1.197] [2003-10-23 
12:01:47] User UNKNOWN from 192.168.1.197 requests form, referer: 
http://chat.skif.net/chat
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] Premature end of 
script headers: login, referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] [2003-10-23 
12:02:02] User sunsheng@hotmail.com from 192.168.1.197 requests form, 
referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] [2003-10-23 
12:02:02] could not parse  at ../lib//NoCat/AuthService.pm line 77, referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] [2003-10-23 
12:02:02] Request from local ip 192.168.1.197, directing to local gateway 
192.168.1.1., referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] [2003-10-23 
12:02:02] gpg --clearsign --homedir=/usr/local/nocat/authserv/cgi-bin/../pgp 
--keyring trustedkeys.gpg --no-tty -o- returned error message:, referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] gpg: WARNING: 
using insecure memory!, referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] gpg: please see 
http://www.gnupg.org/faq.html for more information, referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] gpg: Sorry, no 
terminal at all requested - can't get input, referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] [2003-10-23 
12:02:02] gpg --clearsign --homedir=/usr/local/nocat/authserv/cgi-bin/../pgp 
--keyring trustedkeys.gpg --no-tty -o- returned error: Illegal seek ( 2 ), 
referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
[Thu Oct 23 12:02:02 2003] [error] [client 192.168.1.197] Can't call method 
"text" on an undefined value at ../lib//NoCat/AuthService.pm line 177., 
referer: 
https://192.168.1.1/cgi-bin/login?redirect=http%3a%2f%2fwww%2edono%2ecom%2ecn%2ftujie%2ftujie%2ehtm&timeout=600&mac=
00%3a06%3a5B%3aA2%3aD9%3aA2&token=%241%2412242642%243RmXFCL2wtmLCynrivU32%2e
==================================================================================================
I read some matched symptom threads here. according to them, I chowned 
apache:apache to all my pgp files in both authserv and gateway. The problem 
still exists.

Thanks and regards!
Also, I enclosed the httpd error.log and nocat.log

Rob 10/23/03

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.  
http://join.msn.com/?page=features/junkmail

------=_NextPart_000_15da_6704_5180
Content-Type: application/octet-stream; name="error_log"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="error_log"

W1N1biBPY3QgMTkgMjI6NDc6MTIgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIg
Y2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJh
aW50czogQ0EgPT0gVFJVRSAhPykKW1N1biBPY3QgMTkgMjI6NDc6MTIgMjAw
M10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAo
Q04pIGBsb2NhbGhvc3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNl
cnZlciBuYW1lIT8KW1N1biBPY3QgMTkgMjI6NDc6MTIgMjAwM10gW25vdGlj
ZV0gRGlnZXN0OiBnZW5lcmF0aW5nIHNlY3JldCBmb3IgZGlnZXN0IGF1dGhl
bnRpY2F0aW9uIC4uLgpbU3VuIE9jdCAxOSAyMjo0NzoxMiAyMDAzXSBbbm90
aWNlXSBEaWdlc3Q6IGRvbmUKW1N1biBPY3QgMTkgMjI6NDc6MTMgMjAwM10g
W25vdGljZV0gQXBhY2hlLzIuMC40MCAoUmVkIEhhdCBMaW51eCkgY29uZmln
dXJlZCAtLSByZXN1bWluZyBub3JtYWwgb3BlcmF0aW9ucwpbU3VuIE9jdCAx
OSAyMzoxOTowMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAzMjEwIHN0
aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1N1biBPY3Qg
MTkgMjM6MTk6MDMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMzIxMSBz
dGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltTdW4gT2N0
IDE5IDIzOjE5OjAzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDMyMTIg
c3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbU3VuIE9j
dCAxOSAyMzoxOTowMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAzMjEz
IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1N1biBP
Y3QgMTkgMjM6MTk6MDMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMzIx
NCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltTdW4g
T2N0IDE5IDIzOjE5OjAzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDMy
MTUgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbU3Vu
IE9jdCAxOSAyMzoxOTowMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAz
MjE2IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1N1
biBPY3QgMTkgMjM6MTk6MDMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3Mg
MzIxNyBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltT
dW4gT2N0IDE5IDIzOjE5OjA0IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNz
IDMyMTAgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpb
U3VuIE9jdCAxOSAyMzoxOTowNCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2Vz
cyAzMjExIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0K
W1N1biBPY3QgMTkgMjM6MTk6MDQgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nl
c3MgMzIxMiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJN
CltTdW4gT2N0IDE5IDIzOjE5OjA0IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9j
ZXNzIDMyMTMgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVS
TQpbU3VuIE9jdCAxOSAyMzoxOTowNCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJv
Y2VzcyAzMjE0IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RF
Uk0KW1N1biBPY3QgMTkgMjM6MTk6MDQgMjAwM10gW3dhcm5dIGNoaWxkIHBy
b2Nlc3MgMzIxNSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdU
RVJNCltTdW4gT2N0IDE5IDIzOjE5OjA0IDIwMDNdIFt3YXJuXSBjaGlsZCBw
cm9jZXNzIDMyMTYgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lH
VEVSTQpbU3VuIE9jdCAxOSAyMzoxOTowNCAyMDAzXSBbd2Fybl0gY2hpbGQg
cHJvY2VzcyAzMjE3IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJ
R1RFUk0KW1N1biBPY3QgMTkgMjM6MTk6MDUgMjAwM10gW25vdGljZV0gY2F1
Z2h0IFNJR1RFUk0sIHNodXR0aW5nIGRvd24KW01vbiBPY3QgMjAgMTk6MjA6
MjkgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgaXMgYSBD
QSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0gVFJVRSAh
PykKW01vbiBPY3QgMjAgMTk6MjA6MjkgMjAwM10gW3dhcm5dIFJTQSBzZXJ2
ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhvc3QubG9j
YWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8KW01vbiBP
Y3QgMjAgMTk6MjA6MzIgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlm
aWNhdGUgaXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJhaW50czog
Q0EgPT0gVFJVRSAhPykKW01vbiBPY3QgMjAgMTk6MjA6MzIgMjAwM10gW3dh
cm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAoQ04pIGBs
b2NhbGhvc3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNlcnZlciBu
YW1lIT8KW01vbiBPY3QgMjAgMTk6MjA6MzIgMjAwM10gW25vdGljZV0gRGln
ZXN0OiBnZW5lcmF0aW5nIHNlY3JldCBmb3IgZGlnZXN0IGF1dGhlbnRpY2F0
aW9uIC4uLgpbTW9uIE9jdCAyMCAxOToyMDozMiAyMDAzXSBbbm90aWNlXSBE
aWdlc3Q6IGRvbmUKW01vbiBPY3QgMjAgMTk6MjA6MzMgMjAwM10gW25vdGlj
ZV0gQXBhY2hlLzIuMC40MCAoUmVkIEhhdCBMaW51eCkgY29uZmlndXJlZCAt
LSByZXN1bWluZyBub3JtYWwgb3BlcmF0aW9ucwpbTW9uIE9jdCAyMCAyMDox
MzozMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTU5IHN0aWxsIGRp
ZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBPY3QgMjAgMjA6
MTM6MzMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE2MCBzdGlsbCBk
aWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24gT2N0IDIwIDIw
OjEzOjMzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIxNjEgc3RpbGwg
ZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9uIE9jdCAyMCAy
MDoxMzozMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTYyIHN0aWxs
IGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBPY3QgMjAg
MjA6MTM6MzMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE2MyBzdGls
bCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24gT2N0IDIw
IDIwOjEzOjMzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIxNjQgc3Rp
bGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9uIE9jdCAy
MCAyMDoxMzozMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTY1IHN0
aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBPY3Qg
MjAgMjA6MTM6MzMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE2NiBz
dGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24gT2N0
IDIwIDIwOjEzOjMzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIxNTkg
c3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9uIE9j
dCAyMCAyMDoxMzozMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTYw
IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBP
Y3QgMjAgMjA6MTM6MzMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE2
MSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24g
T2N0IDIwIDIwOjEzOjMzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIx
NjIgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9u
IE9jdCAyMCAyMDoxMzozMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAy
MTYzIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01v
biBPY3QgMjAgMjA6MTM6MzMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3Mg
MjE2NCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltN
b24gT2N0IDIwIDIwOjEzOjMzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNz
IDIxNjUgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpb
TW9uIE9jdCAyMCAyMDoxMzozMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2Vz
cyAyMTY2IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0K
W01vbiBPY3QgMjAgMjA6MTM6MzQgMjAwM10gW25vdGljZV0gY2F1Z2h0IFNJ
R1RFUk0sIHNodXR0aW5nIGRvd24KW01vbiBPY3QgMjAgMjA6MTY6MTggMjAw
M10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0
aWZpY2F0ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0gVFJVRSAhPykKW01v
biBPY3QgMjAgMjA6MTY6MTggMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2Vy
dGlmaWNhdGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhvc3QubG9jYWxkb21h
aW4nIGRvZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8KW01vbiBPY3QgMjAg
MjA6MTY6MjMgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUg
aXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0g
VFJVRSAhPykKW01vbiBPY3QgMjAgMjA6MTY6MjMgMjAwM10gW3dhcm5dIFJT
QSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhv
c3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8K
W01vbiBPY3QgMjAgMjA6MTY6MjMgMjAwM10gW25vdGljZV0gRGlnZXN0OiBn
ZW5lcmF0aW5nIHNlY3JldCBmb3IgZGlnZXN0IGF1dGhlbnRpY2F0aW9uIC4u
LgpbTW9uIE9jdCAyMCAyMDoxNjoyMyAyMDAzXSBbbm90aWNlXSBEaWdlc3Q6
IGRvbmUKW01vbiBPY3QgMjAgMjA6MTY6MjQgMjAwM10gW25vdGljZV0gQXBh
Y2hlLzIuMC40MCAoUmVkIEhhdCBMaW51eCkgY29uZmlndXJlZCAtLSByZXN1
bWluZyBub3JtYWwgb3BlcmF0aW9ucwpbTW9uIE9jdCAyMCAyMDo0MToxMiAy
MDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTY0IHN0aWxsIGRpZCBub3Qg
ZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBPY3QgMjAgMjA6NDE6MTIg
MjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE2NSBzdGlsbCBkaWQgbm90
IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24gT2N0IDIwIDIwOjQxOjEy
IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIxNjYgc3RpbGwgZGlkIG5v
dCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9uIE9jdCAyMCAyMDo0MTox
MiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTY3IHN0aWxsIGRpZCBu
b3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBPY3QgMjAgMjA6NDE6
MTIgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE2OCBzdGlsbCBkaWQg
bm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24gT2N0IDIwIDIwOjQx
OjEyIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIxNjkgc3RpbGwgZGlk
IG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9uIE9jdCAyMCAyMDo0
MToxMiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTcwIHN0aWxsIGRp
ZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBPY3QgMjAgMjA6
NDE6MTIgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE3MSBzdGlsbCBk
aWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24gT2N0IDIwIDIw
OjQxOjEyIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIxNjQgc3RpbGwg
ZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9uIE9jdCAyMCAy
MDo0MToxMiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTY1IHN0aWxs
IGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBPY3QgMjAg
MjA6NDE6MTIgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE2NiBzdGls
bCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24gT2N0IDIw
IDIwOjQxOjEyIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIxNjcgc3Rp
bGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9uIE9jdCAy
MCAyMDo0MToxMiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTY4IHN0
aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBPY3Qg
MjAgMjA6NDE6MTIgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjE2OSBz
dGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltNb24gT2N0
IDIwIDIwOjQxOjEyIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDIxNzAg
c3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbTW9uIE9j
dCAyMCAyMDo0MToxMiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyMTcx
IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW01vbiBP
Y3QgMjAgMjA6NDE6MTMgMjAwM10gW25vdGljZV0gY2F1Z2h0IFNJR1RFUk0s
IHNodXR0aW5nIGRvd24KW1R1ZSBPY3QgMjEgMTY6MDk6MDggMjAwM10gW3dh
cm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0aWZpY2F0
ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0gVFJVRSAhPykKW1R1ZSBPY3Qg
MjEgMTY6MDk6MDggMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNh
dGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhvc3QubG9jYWxkb21haW4nIGRv
ZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8KW1R1ZSBPY3QgMjEgMTY6MDk6
MTEgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgaXMgYSBD
QSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0gVFJVRSAh
PykKW1R1ZSBPY3QgMjEgMTY6MDk6MTEgMjAwM10gW3dhcm5dIFJTQSBzZXJ2
ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhvc3QubG9j
YWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8KW1R1ZSBP
Y3QgMjEgMTY6MDk6MTEgMjAwM10gW25vdGljZV0gRGlnZXN0OiBnZW5lcmF0
aW5nIHNlY3JldCBmb3IgZGlnZXN0IGF1dGhlbnRpY2F0aW9uIC4uLgpbVHVl
IE9jdCAyMSAxNjowOToxMSAyMDAzXSBbbm90aWNlXSBEaWdlc3Q6IGRvbmUK
W1R1ZSBPY3QgMjEgMTY6MDk6MTIgMjAwM10gW25vdGljZV0gQXBhY2hlLzIu
MC40MCAoUmVkIEhhdCBMaW51eCkgY29uZmlndXJlZCAtLSByZXN1bWluZyBu
b3JtYWwgb3BlcmF0aW9ucwpbVHVlIE9jdCAyMSAxNzoxODowNSAyMDAzXSBb
d2Fybl0gY2hpbGQgcHJvY2VzcyAyNDk2IHN0aWxsIGRpZCBub3QgZXhpdCwg
c2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBPY3QgMjEgMTc6MTg6MDUgMjAwM10g
W3dhcm5dIGNoaWxkIHByb2Nlc3MgMjQ5NyBzdGlsbCBkaWQgbm90IGV4aXQs
IHNlbmRpbmcgYSBTSUdURVJNCltUdWUgT2N0IDIxIDE3OjE4OjA1IDIwMDNd
IFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI0OTggc3RpbGwgZGlkIG5vdCBleGl0
LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVlIE9jdCAyMSAxNzoxODowNSAyMDAz
XSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNDk5IHN0aWxsIGRpZCBub3QgZXhp
dCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBPY3QgMjEgMTc6MTg6MDUgMjAw
M10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjUwMCBzdGlsbCBkaWQgbm90IGV4
aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUgT2N0IDIxIDE3OjE4OjA1IDIw
MDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI1MDEgc3RpbGwgZGlkIG5vdCBl
eGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVlIE9jdCAyMSAxNzoxODowNSAy
MDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNTAyIHN0aWxsIGRpZCBub3Qg
ZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBPY3QgMjEgMTc6MTg6MDUg
MjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjUwMyBzdGlsbCBkaWQgbm90
IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUgT2N0IDIxIDE3OjE4OjA2
IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI0OTYgc3RpbGwgZGlkIG5v
dCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVlIE9jdCAyMSAxNzoxODow
NiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNDk3IHN0aWxsIGRpZCBu
b3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBPY3QgMjEgMTc6MTg6
MDYgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjQ5OCBzdGlsbCBkaWQg
bm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUgT2N0IDIxIDE3OjE4
OjA2IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI0OTkgc3RpbGwgZGlk
IG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVlIE9jdCAyMSAxNzox
ODowNiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNTAwIHN0aWxsIGRp
ZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBPY3QgMjEgMTc6
MTg6MDYgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjUwMSBzdGlsbCBk
aWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUgT2N0IDIxIDE3
OjE4OjA2IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI1MDIgc3RpbGwg
ZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVlIE9jdCAyMSAx
NzoxODowNiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNTAzIHN0aWxs
IGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBPY3QgMjEg
MTc6MTg6MDcgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjQ5NiBzdGls
bCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUgT2N0IDIx
IDE3OjE4OjA3IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI0OTcgc3Rp
bGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVlIE9jdCAy
MSAxNzoxODowNyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNDk4IHN0
aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBPY3Qg
MjEgMTc6MTg6MDcgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjQ5OSBz
dGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUgT2N0
IDIxIDE3OjE4OjA3IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI1MDAg
c3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVlIE9j
dCAyMSAxNzoxODowNyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNTAx
IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBP
Y3QgMjEgMTc6MTg6MDcgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjUw
MiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUg
T2N0IDIxIDE3OjE4OjA3IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI1
MDMgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVl
IE9jdCAyMSAxNzoxOTo1NCAyMDAzXSBbd2Fybl0gUlNBIHNlcnZlciBjZXJ0
aWZpY2F0ZSBpcyBhIENBIGNlcnRpZmljYXRlIChCYXNpY0NvbnN0cmFpbnRz
OiBDQSA9PSBUUlVFICE/KQpbVHVlIE9jdCAyMSAxNzoxOTo1NCAyMDAzXSBb
d2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZpY2F0ZSBDb21tb25OYW1lIChDTikg
YGxvY2FsaG9zdC5sb2NhbGRvbWFpbicgZG9lcyBOT1QgbWF0Y2ggc2VydmVy
IG5hbWUhPwpbVHVlIE9jdCAyMSAxNzoxOTo1OCAyMDAzXSBbd2Fybl0gUlNB
IHNlcnZlciBjZXJ0aWZpY2F0ZSBpcyBhIENBIGNlcnRpZmljYXRlIChCYXNp
Y0NvbnN0cmFpbnRzOiBDQSA9PSBUUlVFICE/KQpbVHVlIE9jdCAyMSAxNzox
OTo1OCAyMDAzXSBbd2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZpY2F0ZSBDb21t
b25OYW1lIChDTikgYGxvY2FsaG9zdC5sb2NhbGRvbWFpbicgZG9lcyBOT1Qg
bWF0Y2ggc2VydmVyIG5hbWUhPwpbVHVlIE9jdCAyMSAxNzoxOTo1OCAyMDAz
XSBbbm90aWNlXSBEaWdlc3Q6IGdlbmVyYXRpbmcgc2VjcmV0IGZvciBkaWdl
c3QgYXV0aGVudGljYXRpb24gLi4uCltUdWUgT2N0IDIxIDE3OjE5OjU4IDIw
MDNdIFtub3RpY2VdIERpZ2VzdDogZG9uZQpbVHVlIE9jdCAyMSAxNzoxOTo1
OSAyMDAzXSBbbm90aWNlXSBBcGFjaGUvMi4wLjQwIChSZWQgSGF0IExpbnV4
KSBjb25maWd1cmVkIC0tIHJlc3VtaW5nIG5vcm1hbCBvcGVyYXRpb25zCltU
dWUgT2N0IDIxIDE3OjIyOjQ4IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzoyMjo0OF0gVXNlciBVTktOT1dO
IGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBo
dHRwOi8vd29ybGQudXMubm9ydGVsLmNvbS9Xb3JsZE9ubGluZS9tYWluLmNm
bQpbVHVlIE9jdCAyMSAxNzoyNDozOCAyMDAzXSBbZXJyb3JdIFtjbGllbnQg
MTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MjQ6MzhdIFVzZXIgVU5L
Tk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybSwgcmVmZXJl
cjogaHR0cDovL3dvcmxkLnVzLm5vcnRlbC5jb20vV29ybGRPbmxpbmUvd29f
Y2VudGVyZnJhbWUuaHRtbApbVHVlIE9jdCAyMSAxNzoyNTowNiAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6
MjU6MDZdIFVzZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVz
dHMgZm9ybQpbVHVlIE9jdCAyMSAxNzoyNToxNiAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MjU6MTVdIFVz
ZXIgc3Vuc2hlbmcgZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0s
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9y
ZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNv
bSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNh
NTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUy
NDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAlMmZjMApbVHVl
IE9jdCAyMSAxNzoyNToxNiAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MjU6MTVdIE1pc3NpbmcgREJfUGFz
c3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OlNvdXJjZTo6REJJ
IG9iamVjdCEsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJp
bi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5v
cnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUy
ZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEy
JnRva2VuPSUyNDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAl
MmZjMApbVHVlIE9jdCAyMSAxNzoyNToyMyAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MjU6MjNdIFVzZXIg
c3Vuc2hlbmcgZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0sIHJl
ZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbVHVl
IE9jdCAyMSAxNzoyNToyMyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MjU6MjNdIE1pc3NpbmcgREJfUGFz
c3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OlNvdXJjZTo6REJJ
IG9iamVjdCEsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJp
bi9sb2dpbgpbVHVlIE9jdCAyMSAxNzoyNToyNyAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MjU6MjddIFVz
ZXIgc3Vuc2hlbmcgZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0s
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpb
VHVlIE9jdCAyMSAxNzoyNToyNyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTky
LjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MjU6MjddIE1pc3NpbmcgREJf
UGFzc3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OlNvdXJjZTo6
REJJIG9iamVjdCEsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbgpbVHVlIE9jdCAyMSAxNzoyNTo0NCAyMDAzXSBbZXJyb3Jd
IFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MjU6NDRd
IE1pc3NpbmcgREJfUGFzc3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9D
YXQ6OlNvdXJjZTo6REJJIG9iamVjdCEsIHJlZmVyZXI6IGh0dHBzOi8vMTky
LjE2OC4xLjEvY2dpLWJpbi9yZWdpc3Rlcj9yZWRpcmVjdD1odHRwOi8vd29y
bGQudXMubm9ydGVsLmNvbS8KW1R1ZSBPY3QgMjEgMTc6MjU6NDkgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3
OjI1OjQ5XSBVc2VyIFVOS05PV04gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVl
c3RzIGZvcm0KW1R1ZSBPY3QgMjEgMTc6MjU6NTggMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI1OjU4XSBV
c2VyIHN1bnNoZW5nIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3Jt
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVj
b20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1
ZSBPY3QgMjEgMTc6MjU6NTggMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI1OjU4XSBNaXNzaW5nIERCX1Bh
c3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRC
SSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVu
b3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjgl
MmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FB
MiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQ
JTJmYzAKW1R1ZSBPY3QgMjEgMTc6MjY6MDEgMjAwM10gW2Vycm9yXSBbY2xp
ZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI2OjAxXSBVc2Vy
IHN1bnNoZW5nIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCBy
ZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1R1
ZSBPY3QgMjEgMTc6MjY6MDEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI2OjAxXSBNaXNzaW5nIERCX1Bh
c3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRC
SSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MDMgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI2OjAzXSBV
c2VyIHN1bnNoZW5nIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3Jt
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4K
W1R1ZSBPY3QgMjEgMTc6MjY6MDMgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI2OjAzXSBNaXNzaW5nIERC
X1Bhc3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6
OkRCSSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2Nn
aS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MDUgMjAwM10gW2Vycm9y
XSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFByZW1hdHVyZSBlbmQgb2Ygc2Ny
aXB0IGhlYWRlcnM6IGxvZ2luLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjgu
MS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MDUgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3
OjI2OjA0XSBVc2VyIHN1bnNoZW5nIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1
ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MDUgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI2OjA1XSBn
cGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQv
YXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlz
LmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3IgbWVzc2FnZTosIHJl
ZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbVHVl
IE9jdCAyMSAxNzoyNjowNSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gZ3BnOiBXQVJOSU5HOiB1c2luZyBpbnNlY3VyZSBtZW1vcnkh
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4K
W1R1ZSBPY3QgMjEgMTc6MjY6MDUgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIGdwZzogcGxlYXNlIHNlZSBodHRwOi8vd3d3LmdudXBn
Lm9yZy9mYXEuaHRtbCBmb3IgbW9yZSBpbmZvcm1hdGlvbiwgcmVmZXJlcjog
aHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltUdWUgT2N0IDIx
IDE3OjI2OjA1IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IFNvcnJ5LCBubyB0ZXJtaW5hbCBhdCBhbGwgcmVxdWVzdGVkIC0g
Y2FuJ3QgZ2V0IGlucHV0LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4x
L2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MDUgMjAwM10gW2Vy
cm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI2
OjA1XSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwv
bm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0
ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3I6IElsbGVn
YWwgc2VlayAoIDIgKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9j
Z2ktYmluL2xvZ2luCltUdWUgT2N0IDIxIDE3OjI2OjA1IDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBDYW4ndCBjYWxsIG1ldGhvZCAi
dGV4dCIgb24gYW4gdW5kZWZpbmVkIHZhbHVlIGF0IC4uL2xpYi8vTm9DYXQv
QXV0aFNlcnZpY2UucG0gbGluZSAxMzQuLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MDgg
MjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEw
LTIxIDE3OjI2OjA4XSBVc2VyIHN1bnNoZW5nIGZyb20gMTkyLjE2OC4xLjE5
NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4x
L2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MDggMjAwM10gW2Vy
cm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI2
OjA4XSBNaXNzaW5nIERCX1Bhc3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9y
IE5vQ2F0OjpTb3VyY2U6OkRCSSBvYmplY3QhLCByZWZlcmVyOiBodHRwczov
LzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6
MTMgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAz
LTEwLTIxIDE3OjI2OjEzXSBVc2VyIHN1bnNoZW5nIGZyb20gMTkyLjE2OC4x
LjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjgu
MS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MTMgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3
OjI2OjEzXSBNaXNzaW5nIERCX1Bhc3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQg
Zm9yIE5vQ2F0OjpTb3VyY2U6OkRCSSBvYmplY3QhLCByZWZlcmVyOiBodHRw
czovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6
MjY6MTQgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsy
MDAzLTEwLTIxIDE3OjI2OjE0XSBVc2VyIHN1bnNoZW5nIGZyb20gMTkyLjE2
OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MTQgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIx
IDE3OjI2OjE0XSBNaXNzaW5nIERCX1Bhc3N3ZCBkaXJlY3RpdmUgcmVxdWly
ZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRCSSBvYmplY3QhLCByZWZlcmVyOiBo
dHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEg
MTc6MjY6MjMgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IFsyMDAzLTEwLTIxIDE3OjI2OjIzXSBVc2VyIHN1bnNoZW5nIGZyb20gMTky
LjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6MjY6MjMg
MjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEw
LTIxIDE3OjI2OjIzXSBNaXNzaW5nIERCX1Bhc3N3ZCBkaXJlY3RpdmUgcmVx
dWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRCSSBvYmplY3QhLCByZWZlcmVy
OiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1R1ZSBPY3Qg
MjEgMTc6MjY6NDUgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4x
OTddIFsyMDAzLTEwLTIxIDE3OjI2OjQ1XSBNaXNzaW5nIERCX1Bhc3N3ZCBk
aXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRCSSBvYmpl
Y3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vcmVn
aXN0ZXI/cmVkaXJlY3Q9aHR0cDovL3dvcmxkLnVzLm5vcnRlbC5jb20vCltU
dWUgT2N0IDIxIDE3OjI2OjU2IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzoyNjo1Nl0gTWlzc2luZyBEQl9Q
YXNzd2QgZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6U291cmNlOjpE
Qkkgb2JqZWN0ISwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2kt
YmluL3JlZ2lzdGVyCltUdWUgT2N0IDIxIDE3OjI3OjAxIDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzoyNzow
MV0gVXNlciBVTktOT1dOIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBm
b3JtCltUdWUgT2N0IDIxIDE3OjI3OjE2IDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzoyNzoxNl0gVXNlciBh
YSBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybSwgcmVmZXJlcjog
aHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0
dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVv
dXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0w
MCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0MzMx
NjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIxIDE3
OjI3OjE2IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBb
MjAwMy0xMC0yMSAxNzoyNzoxNl0gTWlzc2luZyBEQl9QYXNzd2QgZGlyZWN0
aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6U291cmNlOjpEQkkgb2JqZWN0ISwg
cmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3Jl
ZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29t
JTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1
MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0
MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUg
T2N0IDIxIDE3OjI3OjQzIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4
LjEuMTk3XSBQcmVtYXR1cmUgZW5kIG9mIHNjcmlwdCBoZWFkZXJzOiBsb2dp
biwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
CltUdWUgT2N0IDIxIDE3OjI3OjQzIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAx
OTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzoyNzo0Ml0gVXNlciBiQGhv
dG1haWwuY29tIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCBy
ZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1R1
ZSBPY3QgMjEgMTc6Mjc6NDMgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI3OjQyXSBNaXNzaW5nIERCX1Bh
c3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRC
SSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6Mjc6NDMgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI3OjQzXSBn
cGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQv
YXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlz
LmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3IgbWVzc2FnZTosIHJl
ZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbVHVl
IE9jdCAyMSAxNzoyNzo0MyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gZ3BnOiBXQVJOSU5HOiB1c2luZyBpbnNlY3VyZSBtZW1vcnkh
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4K
W1R1ZSBPY3QgMjEgMTc6Mjc6NDMgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIGdwZzogcGxlYXNlIHNlZSBodHRwOi8vd3d3LmdudXBn
Lm9yZy9mYXEuaHRtbCBmb3IgbW9yZSBpbmZvcm1hdGlvbiwgcmVmZXJlcjog
aHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltUdWUgT2N0IDIx
IDE3OjI3OjQzIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IFNvcnJ5LCBubyB0ZXJtaW5hbCBhdCBhbGwgcmVxdWVzdGVkIC0g
Y2FuJ3QgZ2V0IGlucHV0LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4x
L2NnaS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6Mjc6NDMgMjAwM10gW2Vy
cm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI3
OjQzXSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwv
bm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0
ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3I6IEJyb2tl
biBwaXBlICggMiApLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2Nn
aS1iaW4vbG9naW4KW1R1ZSBPY3QgMjEgMTc6Mjc6NDMgMjAwM10gW2Vycm9y
XSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIENhbid0IGNhbGwgbWV0aG9kICJ0
ZXh0IiBvbiBhbiB1bmRlZmluZWQgdmFsdWUgYXQgLi4vbGliLy9Ob0NhdC9B
dXRoU2VydmljZS5wbSBsaW5lIDEzNC4sIHJlZmVyZXI6IGh0dHBzOi8vMTky
LjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbVHVlIE9jdCAyMSAxNzoyNzo1NSAy
MDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAt
MjEgMTc6Mjc6NTVdIFVzZXIgc3Vuc2hlbmcgZnJvbSAxOTIuMTY4LjEuMTk3
IHJlcXVlc3RzIGZvcm0sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEv
Y2dpLWJpbi9sb2dpbgpbVHVlIE9jdCAyMSAxNzoyNzo1NSAyMDAzXSBbZXJy
b3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6Mjc6
NTVdIE1pc3NpbmcgREJfUGFzc3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3Ig
Tm9DYXQ6OlNvdXJjZTo6REJJIG9iamVjdCEsIHJlZmVyZXI6IGh0dHBzOi8v
MTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbVHVlIE9jdCAyMSAxNzoyNzo1
NiAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMt
MTAtMjEgMTc6Mjc6NTZdIFVzZXIgc3Vuc2hlbmcgZnJvbSAxOTIuMTY4LjEu
MTk3IHJlcXVlc3RzIGZvcm0sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4x
LjEvY2dpLWJpbi9sb2dpbgpbVHVlIE9jdCAyMSAxNzoyNzo1NiAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6
Mjc6NTZdIE1pc3NpbmcgREJfUGFzc3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBm
b3IgTm9DYXQ6OlNvdXJjZTo6REJJIG9iamVjdCEsIHJlZmVyZXI6IGh0dHBz
Oi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbVHVlIE9jdCAyMSAxNzoy
Nzo1OSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIw
MDMtMTAtMjEgMTc6Mjc6NThdIFVzZXIgc3Vuc2hlbmcgZnJvbSAxOTIuMTY4
LjEuMTk3IHJlcXVlc3RzIGZvcm0sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2
OC4xLjEvY2dpLWJpbi9sb2dpbgpbVHVlIE9jdCAyMSAxNzoyNzo1OSAyMDAz
XSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEg
MTc6Mjc6NTldIE1pc3NpbmcgREJfUGFzc3dkIGRpcmVjdGl2ZSByZXF1aXJl
ZCBmb3IgTm9DYXQ6OlNvdXJjZTo6REJJIG9iamVjdCEsIHJlZmVyZXI6IGh0
dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbVHVlIE9jdCAyMSAx
NzoyODoxOCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
WzIwMDMtMTAtMjEgMTc6Mjg6MThdIE1pc3NpbmcgREJfUGFzc3dkIGRpcmVj
dGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OlNvdXJjZTo6REJJIG9iamVjdCEs
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9yZWdpc3Rl
cj9yZWRpcmVjdD1odHRwOi8vd29ybGQudXMubm9ydGVsLmNvbS8KW1R1ZSBP
Y3QgMjEgMTc6Mjg6MjMgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjgu
MS4xOTddIFsyMDAzLTEwLTIxIDE3OjI4OjIzXSBVc2VyIFVOS05PV04gZnJv
bSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0KW1R1ZSBPY3QgMjEgMTc6
Mjg6MzIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFBy
ZW1hdHVyZSBlbmQgb2Ygc2NyaXB0IGhlYWRlcnM6IGxvZ2luLCByZWZlcmVy
OiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9
aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQz
MzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEg
MTc6Mjg6MzIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IFsyMDAzLTEwLTIxIDE3OjI4OjMyXSBVc2VyIHN1bnNoZW5nQGhvdG1haWwu
Y29tIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVy
OiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9
aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQz
MzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEg
MTc6Mjg6MzIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IFsyMDAzLTEwLTIxIDE3OjI4OjMyXSBNaXNzaW5nIERCX1Bhc3N3ZCBkaXJl
Y3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRCSSBvYmplY3Qh
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVj
b20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1
ZSBPY3QgMjEgMTc6Mjg6MzIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI4OjMyXSBncGcgLS1zaWduIC0t
YXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dp
LWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0
eSAtby0gcmV0dXJuZWQgZXJyb3IgbWVzc2FnZTosIHJlZmVyZXI6IGh0dHBz
Oi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNh
JTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYw
MCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2Ew
NiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQwNDMzMTYwOSUy
NERLbk1oUEV0cnZDSnV1MXBCSFAlMmZjMApbVHVlIE9jdCAyMSAxNzoyODoz
MiAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBX
QVJOSU5HOiB1c2luZyBpbnNlY3VyZSBtZW1vcnkhLCByZWZlcmVyOiBodHRw
czovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUz
YSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02
MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNh
MDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDkl
MjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEgMTc6Mjg6
MzIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzog
cGxlYXNlIHNlZSBodHRwOi8vd3d3LmdudXBnLm9yZy9mYXEuaHRtbCBmb3Ig
bW9yZSBpbmZvcm1hdGlvbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEu
MS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUy
ZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTky
JTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUz
YUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNK
dXUxcEJIUCUyZmMwCltUdWUgT2N0IDIxIDE3OjI4OjMyIDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IFNvcnJ5LCBubyB0ZXJt
aW5hbCBhdCBhbGwgcmVxdWVzdGVkIC0gY2FuJ3QgZ2V0IGlucHV0LCByZWZl
cmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJl
Y3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYm
dGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAm
bWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0
MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3Qg
MjEgMTc6Mjg6MzIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4x
OTddIFsyMDAzLTEwLTIxIDE3OjI4OjMyXSBncGcgLS1zaWduIC0tYXJtb3Ig
LS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8u
Li9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0g
cmV0dXJuZWQgZXJyb3I6IElsbGVnYWwgc2VlayAoIDIgKSwgcmVmZXJlcjog
aHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0
dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVv
dXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0w
MCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0MzMx
NjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIxIDE3
OjI4OjMyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBD
YW4ndCBjYWxsIG1ldGhvZCAidGV4dCIgb24gYW4gdW5kZWZpbmVkIHZhbHVl
IGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNlcnZpY2UucG0gbGluZSAxMzQuLCBy
ZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVk
aXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20l
MmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUy
ODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQx
JTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBP
Y3QgMjEgMTc6Mjg6NDEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjgu
MS4xOTddIFByZW1hdHVyZSBlbmQgb2Ygc2NyaXB0IGhlYWRlcnM6IGxvZ2lu
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVj
b20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1
ZSBPY3QgMjEgMTc6Mjg6NDEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI4OjQxXSBVc2VyIHN1bnNoZW5n
QGhvdG1haWwuY29tIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3Jt
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVj
b20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1
ZSBPY3QgMjEgMTc6Mjg6NDEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI4OjQxXSBNaXNzaW5nIERCX1Bh
c3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRC
SSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVu
b3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjgl
MmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FB
MiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQ
JTJmYzAKW1R1ZSBPY3QgMjEgMTc6Mjg6NDEgMjAwM10gW2Vycm9yXSBbY2xp
ZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI4OjQxXSBncGcg
LS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0
aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdw
ZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3IgbWVzc2FnZTosIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0
aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZt
YWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQw
NDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAlMmZjMApbVHVlIE9jdCAy
MSAxNzoyODo0MSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gZ3BnOiBXQVJOSU5HOiB1c2luZyBpbnNlY3VyZSBtZW1vcnkhLCByZWZl
cmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJl
Y3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYm
dGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAm
bWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0
MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3Qg
MjEgMTc6Mjg6NDEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4x
OTddIGdwZzogcGxlYXNlIHNlZSBodHRwOi8vd3d3LmdudXBnLm9yZy9mYXEu
aHRtbCBmb3IgbW9yZSBpbmZvcm1hdGlvbiwgcmVmZXJlcjogaHR0cHM6Ly8x
OTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYl
MmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdh
dGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNh
NUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0MzMxNjA5JTI0REtu
TWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIxIDE3OjI4OjQxIDIw
MDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IFNvcnJ5
LCBubyB0ZXJtaW5hbCBhdCBhbGwgcmVxdWVzdGVkIC0gY2FuJ3QgZ2V0IGlu
cHV0LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9n
aW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwl
MmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJl
MSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tl
bj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAK
W1R1ZSBPY3QgMjEgMTc6Mjg6NDEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjI4OjQxXSBncGcgLS1zaWdu
IC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYv
Y2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5v
LXR0eSAtby0gcmV0dXJuZWQgZXJyb3I6IElsbGVnYWwgc2VlayAoIDIgKSwg
cmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3Jl
ZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29t
JTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1
MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0
MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUg
T2N0IDIxIDE3OjI4OjQxIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4
LjEuMTk3XSBDYW4ndCBjYWxsIG1ldGhvZCAidGV4dCIgb24gYW4gdW5kZWZp
bmVkIHZhbHVlIGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNlcnZpY2UucG0gbGlu
ZSAxMzQuLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4v
bG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0
ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUx
JTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0
b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJm
YzAKW1R1ZSBPY3QgMjEgMTc6MzA6MTQgMjAwM10gW2Vycm9yXSBbY2xpZW50
IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjMwOjE0XSBVc2VyIG5v
Y2F0IGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVy
OiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9
aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQz
MzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEg
MTc6MzA6MTQgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IFsyMDAzLTEwLTIxIDE3OjMwOjE0XSBNaXNzaW5nIERCX1Bhc3N3ZCBkaXJl
Y3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRCSSBvYmplY3Qh
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVj
b20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1
ZSBPY3QgMjEgMTc6MzA6NDYgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjMwOjQ2XSBNaXNzaW5nIERCX1Bh
c3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRC
SSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vcmVnaXN0ZXI/cmVkaXJlY3Q9aHR0cDovL3dvcmxkLnVzLm5vcnRlbC5j
b20vCltUdWUgT2N0IDIxIDE3OjMxOjAwIDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzozMTowMF0gTWlzc2lu
ZyBEQl9QYXNzd2QgZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6U291
cmNlOjpEQkkgb2JqZWN0ISwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEu
MS9jZ2ktYmluL3JlZ2lzdGVyCltUdWUgT2N0IDIxIDE3OjMxOjA1IDIwMDNd
IFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAx
NzozMTowNV0gVXNlciBVTktOT1dOIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1
ZXN0cyBmb3JtCltUdWUgT2N0IDIxIDE3OjMxOjMwIDIwMDNdIFtlcnJvcl0g
W2NsaWVudCAxOTIuMTY4LjEuMTk3XSBQcmVtYXR1cmUgZW5kIG9mIHNjcmlw
dCBoZWFkZXJzOiBsb2dpbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEu
MS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUy
ZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTky
JTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUz
YUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNK
dXUxcEJIUCUyZmMwCltUdWUgT2N0IDIxIDE3OjMxOjMwIDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzozMToz
MF0gVXNlciB5YW5nQGhvdG1haWwuY29tIGZyb20gMTkyLjE2OC4xLjE5NyBy
ZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2Nn
aS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMl
MmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUx
NjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDkl
M2FBMiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFw
QkhQJTJmYzAKW1R1ZSBPY3QgMjEgMTc6MzE6MzAgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjMxOjMwXSBN
aXNzaW5nIERCX1Bhc3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0
OjpTb3VyY2U6OkRCSSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndv
cmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBF
dHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEgMTc6MzE6MzAgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3
OjMxOjMwXSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9j
YWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRy
dXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3IgbWVz
c2FnZTosIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9s
b2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRl
bCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTEl
MmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRv
a2VuPSUyNDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAlMmZj
MApbVHVlIE9jdCAyMSAxNzozMTozMCAyMDAzXSBbZXJyb3JdIFtjbGllbnQg
MTkyLjE2OC4xLjE5N10gZ3BnOiBXQVJOSU5HOiB1c2luZyBpbnNlY3VyZSBt
ZW1vcnkhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4v
bG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0
ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUx
JTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0
b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJm
YzAKW1R1ZSBPY3QgMjEgMTc6MzE6MzAgMjAwM10gW2Vycm9yXSBbY2xpZW50
IDE5Mi4xNjguMS4xOTddIGdwZzogcGxlYXNlIHNlZSBodHRwOi8vd3d3Lmdu
dXBnLm9yZy9mYXEuaHRtbCBmb3IgbW9yZSBpbmZvcm1hdGlvbiwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0
MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIx
IDE3OjMxOjMwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IFNvcnJ5LCBubyB0ZXJtaW5hbCBhdCBhbGwgcmVxdWVzdGVkIC0g
Y2FuJ3QgZ2V0IGlucHV0LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4x
L2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJl
dXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIl
MmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNh
RDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1
dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEgMTc6MzE6MzAgMjAwM10gW2Vycm9y
XSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjMxOjMw
XSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9j
YXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRr
ZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3I6IElsbGVnYWwg
c2VlayAoIDIgKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2kt
YmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJl
bm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4
JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNh
QTImdG9rZW49JTI0MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJI
UCUyZmMwCltUdWUgT2N0IDIxIDE3OjMxOjMwIDIwMDNdIFtlcnJvcl0gW2Ns
aWVudCAxOTIuMTY4LjEuMTk3XSBDYW4ndCBjYWxsIG1ldGhvZCAidGV4dCIg
b24gYW4gdW5kZWZpbmVkIHZhbHVlIGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNl
cnZpY2UucG0gbGluZSAxMzQuLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjgu
MS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxk
JTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0x
OTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEy
JTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2
Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEgMTc6MzE6NDMgMjAwM10gW2Vy
cm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjMx
OjQzXSBVc2VyIFVOS05PV04gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3Rz
IGZvcm0sIHJlZmVyZXI6IGh0dHA6Ly9jaGF0LnNraWYubmV0L2NoYXQKW1R1
ZSBPY3QgMjEgMTc6MzE6NTMgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFByZW1hdHVyZSBlbmQgb2Ygc2NyaXB0IGhlYWRlcnM6IGxv
Z2luLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9n
aW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnNwb3J0cyUyZXNpbmElMmVjb20l
MmVjbiUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUx
JTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2Vu
PSUyNDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAlMmZjMApb
VHVlIE9jdCAyMSAxNzozMTo1MyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTky
LjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MzE6NTNdIFVzZXIgc3Vuc2hl
bmdAaG90bWFpbC5jb20gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZv
cm0sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dp
bj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUy
ZWNuJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTEl
M2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49
JTI0MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltU
dWUgT2N0IDIxIDE3OjMxOjUzIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzozMTo1M10gTWlzc2luZyBEQl9Q
YXNzd2QgZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6U291cmNlOjpE
Qkkgb2JqZWN0ISwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2kt
YmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZzcG9ydHMlMmVzaW5h
JTJlY29tJTJlY24lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjgl
MmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FB
MiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQ
JTJmYzAKW1R1ZSBPY3QgMjEgMTc6MzE6NTMgMjAwM10gW2Vycm9yXSBbY2xp
ZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjMxOjUzXSBncGcg
LS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0
aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdw
ZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3IgbWVzc2FnZTosIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUyZWNuJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0
MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIx
IDE3OjMxOjUzIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IFdBUk5JTkc6IHVzaW5nIGluc2VjdXJlIG1lbW9yeSEsIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUyZWNuJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0
MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIx
IDE3OjMxOjUzIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IHBsZWFzZSBzZWUgaHR0cDovL3d3dy5nbnVwZy5vcmcvZmFxLmh0
bWwgZm9yIG1vcmUgaW5mb3JtYXRpb24sIHJlZmVyZXI6IGh0dHBzOi8vMTky
LjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJm
c3BvcnRzJTJlc2luYSUyZWNvbSUyZWNuJTJmJnRpbWVvdXQ9NjAwJmdhdGV3
YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIl
M2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0MzMxNjA5JTI0REtuTWhQ
RXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIxIDE3OjMxOjUzIDIwMDNd
IFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IFNvcnJ5LCBu
byB0ZXJtaW5hbCBhdCBhbGwgcmVxdWVzdGVkIC0gY2FuJ3QgZ2V0IGlucHV0
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnNwb3J0cyUyZXNpbmElMmVjb20lMmVj
biUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNh
NTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUy
NDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAlMmZjMApbVHVl
IE9jdCAyMSAxNzozMTo1MyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6MzE6NTNdIGdwZyAtLXNpZ24gLS1h
cm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2kt
YmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8tdHR5
IC1vLSByZXR1cm5lZCBlcnJvcjogQnJva2VuIHBpcGUgKCAyICksIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUyZWNuJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0
MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIx
IDE3OjMxOjUzIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBDYW4ndCBjYWxsIG1ldGhvZCAidGV4dCIgb24gYW4gdW5kZWZpbmVkIHZh
bHVlIGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNlcnZpY2UucG0gbGluZSAxMzQu
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnNwb3J0cyUyZXNpbmElMmVjb20lMmVj
biUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNh
NTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUy
NDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAlMmZjMApbVHVl
IE9jdCAyMSAxNzozNzo0MCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gUHJlbWF0dXJlIGVuZCBvZiBzY3JpcHQgaGVhZGVyczogbG9n
aW4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dp
bj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUy
ZWNuJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTEl
M2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49
JTI0MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltU
dWUgT2N0IDIxIDE3OjM3OjQwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzozNzo0MF0gVXNlciBzdW5zaGVu
Z0Bob3RtYWlsLmNvbSBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9y
bSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
P3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZzcG9ydHMlMmVzaW5hJTJlY29tJTJl
Y24lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1
ZSBPY3QgMjEgMTc6Mzc6NDAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjM3OjQwXSBNaXNzaW5nIERCX1Bh
c3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRC
SSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnNwb3J0cyUyZXNpbmEl
MmVjb20lMmVjbiUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUy
ZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEy
JnRva2VuPSUyNDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAl
MmZjMApbVHVlIE9jdCAyMSAxNzozNzo0MCAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6Mzc6NDBdIGdwZyAt
LXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRo
c2Vydi9jZ2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3Bn
IC0tbm8tdHR5IC1vLSByZXR1cm5lZCBlcnJvciBtZXNzYWdlOiwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZzcG9ydHMlMmVzaW5hJTJlY29tJTJlY24lMmYmdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQz
MzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEg
MTc6Mzc6NDAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IGdwZzogV0FSTklORzogdXNpbmcgaW5zZWN1cmUgbWVtb3J5ISwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZzcG9ydHMlMmVzaW5hJTJlY29tJTJlY24lMmYmdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQz
MzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEg
MTc6Mzc6NDAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IGdwZzogcGxlYXNlIHNlZSBodHRwOi8vd3d3LmdudXBnLm9yZy9mYXEuaHRt
bCBmb3IgbW9yZSBpbmZvcm1hdGlvbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIu
MTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZz
cG9ydHMlMmVzaW5hJTJlY29tJTJlY24lMmYmdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBF
dHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEgMTc6Mzc6NDAgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogU29ycnksIG5v
IHRlcm1pbmFsIGF0IGFsbCByZXF1ZXN0ZWQgLSBjYW4ndCBnZXQgaW5wdXQs
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9y
ZWRpcmVjdD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUyZWNu
JTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1
MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0
MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUg
T2N0IDIxIDE3OjM3OjQwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4
LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzozNzo0MF0gZ3BnIC0tc2lnbiAtLWFy
bW9yIC0taG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1i
aW4vLi4vcGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1uby10dHkg
LW8tIHJldHVybmVkIGVycm9yOiBJbGxlZ2FsIHNlZWsgKCAyICksIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUyZWNuJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0
MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIx
IDE3OjM3OjQwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBDYW4ndCBjYWxsIG1ldGhvZCAidGV4dCIgb24gYW4gdW5kZWZpbmVkIHZh
bHVlIGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNlcnZpY2UucG0gbGluZSAxMzQu
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnNwb3J0cyUyZXNpbmElMmVjb20lMmVj
biUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNh
NTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUy
NDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAlMmZjMApbVHVl
IE9jdCAyMSAxNzozNzo1MCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gUHJlbWF0dXJlIGVuZCBvZiBzY3JpcHQgaGVhZGVyczogbG9n
aW4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dp
bj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUy
ZWNuJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTEl
M2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49
JTI0MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltU
dWUgT2N0IDIxIDE3OjM3OjUwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzozNzo1MF0gVXNlciBzdW5zaGVu
Z0Bob3RtYWlsLmNvbSBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9y
bSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
P3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZzcG9ydHMlMmVzaW5hJTJlY29tJTJl
Y24lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0MDQzMzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1
ZSBPY3QgMjEgMTc6Mzc6NTAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIxIDE3OjM3OjUwXSBNaXNzaW5nIERCX1Bh
c3N3ZCBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRC
SSBvYmplY3QhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnNwb3J0cyUyZXNpbmEl
MmVjb20lMmVjbiUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUy
ZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEy
JnRva2VuPSUyNDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAl
MmZjMApbVHVlIE9jdCAyMSAxNzozNzo1MCAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjEgMTc6Mzc6NTBdIGdwZyAt
LXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRo
c2Vydi9jZ2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3Bn
IC0tbm8tdHR5IC1vLSByZXR1cm5lZCBlcnJvciBtZXNzYWdlOiwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZzcG9ydHMlMmVzaW5hJTJlY29tJTJlY24lMmYmdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQz
MzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEg
MTc6Mzc6NTAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IGdwZzogV0FSTklORzogdXNpbmcgaW5zZWN1cmUgbWVtb3J5ISwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZzcG9ydHMlMmVzaW5hJTJlY29tJTJlY24lMmYmdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQz
MzE2MDklMjRES25NaFBFdHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEg
MTc6Mzc6NTAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IGdwZzogcGxlYXNlIHNlZSBodHRwOi8vd3d3LmdudXBnLm9yZy9mYXEuaHRt
bCBmb3IgbW9yZSBpbmZvcm1hdGlvbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIu
MTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZz
cG9ydHMlMmVzaW5hJTJlY29tJTJlY24lMmYmdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0MDQzMzE2MDklMjRES25NaFBF
dHJ2Q0p1dTFwQkhQJTJmYzAKW1R1ZSBPY3QgMjEgMTc6Mzc6NTAgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogU29ycnksIG5v
IHRlcm1pbmFsIGF0IGFsbCByZXF1ZXN0ZWQgLSBjYW4ndCBnZXQgaW5wdXQs
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9y
ZWRpcmVjdD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUyZWNu
JTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1
MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0
MSUyNDA0MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUg
T2N0IDIxIDE3OjM3OjUwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4
LjEuMTk3XSBbMjAwMy0xMC0yMSAxNzozNzo1MF0gZ3BnIC0tc2lnbiAtLWFy
bW9yIC0taG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1i
aW4vLi4vcGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1uby10dHkg
LW8tIHJldHVybmVkIGVycm9yOiBJbGxlZ2FsIHNlZWsgKCAyICksIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmc3BvcnRzJTJlc2luYSUyZWNvbSUyZWNuJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDA0
MzMxNjA5JTI0REtuTWhQRXRydkNKdXUxcEJIUCUyZmMwCltUdWUgT2N0IDIx
IDE3OjM3OjUwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBDYW4ndCBjYWxsIG1ldGhvZCAidGV4dCIgb24gYW4gdW5kZWZpbmVkIHZh
bHVlIGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNlcnZpY2UucG0gbGluZSAxMzQu
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnNwb3J0cyUyZXNpbmElMmVjb20lMmVj
biUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNh
NTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUy
NDElMjQwNDMzMTYwOSUyNERLbk1oUEV0cnZDSnV1MXBCSFAlMmZjMApbVHVl
IE9jdCAyMSAxNzozODoxOSAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAy
NDY5IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1
ZSBPY3QgMjEgMTc6Mzg6MTkgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3Mg
MjQ3MCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltU
dWUgT2N0IDIxIDE3OjM4OjE5IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNz
IDI0NzEgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpb
VHVlIE9jdCAyMSAxNzozODoxOSAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2Vz
cyAyNDcyIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0K
W1R1ZSBPY3QgMjEgMTc6Mzg6MTkgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nl
c3MgMjQ3MyBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJN
CltUdWUgT2N0IDIxIDE3OjM4OjE5IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9j
ZXNzIDI0NzQgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVS
TQpbVHVlIE9jdCAyMSAxNzozODoxOSAyMDAzXSBbd2Fybl0gY2hpbGQgcHJv
Y2VzcyAyNDc1IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RF
Uk0KW1R1ZSBPY3QgMjEgMTc6Mzg6MTkgMjAwM10gW3dhcm5dIGNoaWxkIHBy
b2Nlc3MgMjQ3NiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdU
RVJNCltUdWUgT2N0IDIxIDE3OjM4OjE5IDIwMDNdIFt3YXJuXSBjaGlsZCBw
cm9jZXNzIDI0Njkgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lH
VEVSTQpbVHVlIE9jdCAyMSAxNzozODoxOSAyMDAzXSBbd2Fybl0gY2hpbGQg
cHJvY2VzcyAyNDcwIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJ
R1RFUk0KW1R1ZSBPY3QgMjEgMTc6Mzg6MTkgMjAwM10gW3dhcm5dIGNoaWxk
IHByb2Nlc3MgMjQ3MSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBT
SUdURVJNCltUdWUgT2N0IDIxIDE3OjM4OjE5IDIwMDNdIFt3YXJuXSBjaGls
ZCBwcm9jZXNzIDI0NzIgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEg
U0lHVEVSTQpbVHVlIE9jdCAyMSAxNzozODoxOSAyMDAzXSBbd2Fybl0gY2hp
bGQgcHJvY2VzcyAyNDczIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBh
IFNJR1RFUk0KW1R1ZSBPY3QgMjEgMTc6Mzg6MTkgMjAwM10gW3dhcm5dIGNo
aWxkIHByb2Nlc3MgMjQ3NCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcg
YSBTSUdURVJNCltUdWUgT2N0IDIxIDE3OjM4OjE5IDIwMDNdIFt3YXJuXSBj
aGlsZCBwcm9jZXNzIDI0NzUgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5n
IGEgU0lHVEVSTQpbVHVlIE9jdCAyMSAxNzozODoxOSAyMDAzXSBbd2Fybl0g
Y2hpbGQgcHJvY2VzcyAyNDc2IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGlu
ZyBhIFNJR1RFUk0KW1R1ZSBPY3QgMjEgMTc6Mzg6MjAgMjAwM10gW25vdGlj
ZV0gY2F1Z2h0IFNJR1RFUk0sIHNodXR0aW5nIGRvd24KW1R1ZSBPY3QgMjEg
MjE6MTc6NTMgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUg
aXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0g
VFJVRSAhPykKW1R1ZSBPY3QgMjEgMjE6MTc6NTMgMjAwM10gW3dhcm5dIFJT
QSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhv
c3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8K
W1R1ZSBPY3QgMjEgMjE6MTc6NTYgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIg
Y2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJh
aW50czogQ0EgPT0gVFJVRSAhPykKW1R1ZSBPY3QgMjEgMjE6MTc6NTYgMjAw
M10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAo
Q04pIGBsb2NhbGhvc3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNl
cnZlciBuYW1lIT8KW1R1ZSBPY3QgMjEgMjE6MTc6NTYgMjAwM10gW25vdGlj
ZV0gRGlnZXN0OiBnZW5lcmF0aW5nIHNlY3JldCBmb3IgZGlnZXN0IGF1dGhl
bnRpY2F0aW9uIC4uLgpbVHVlIE9jdCAyMSAyMToxNzo1NiAyMDAzXSBbbm90
aWNlXSBEaWdlc3Q6IGRvbmUKW1R1ZSBPY3QgMjEgMjE6MTc6NTcgMjAwM10g
W25vdGljZV0gQXBhY2hlLzIuMC40MCAoUmVkIEhhdCBMaW51eCkgY29uZmln
dXJlZCAtLSByZXN1bWluZyBub3JtYWwgb3BlcmF0aW9ucwpbVHVlIE9jdCAy
MSAyMTozNjo1OSAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNTM3IHN0
aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBPY3Qg
MjEgMjE6MzY6NTkgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjUzOCBz
dGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUgT2N0
IDIxIDIxOjM2OjU5IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI1Mzkg
c3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVlIE9j
dCAyMSAyMTozNjo1OSAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAyNTQw
IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1ZSBP
Y3QgMjEgMjE6MzY6NTkgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMjU0
MSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltUdWUg
T2N0IDIxIDIxOjM2OjU5IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDI1
NDIgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbVHVl
IE9jdCAyMSAyMTozNjo1OSAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAy
NTQzIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1R1
ZSBPY3QgMjEgMjE6MzY6NTkgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3Mg
MjU0NCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltU
dWUgT2N0IDIxIDIxOjM3OjAwIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNz
IDI1Mzcgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpb
VHVlIE9jdCAyMSAyMTozNzowMCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2Vz
cyAyNTM4IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0K
W1R1ZSBPY3QgMjEgMjE6Mzc6MDAgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nl
c3MgMjUzOSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJN
CltUdWUgT2N0IDIxIDIxOjM3OjAwIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9j
ZXNzIDI1NDAgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVS
TQpbVHVlIE9jdCAyMSAyMTozNzowMCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJv
Y2VzcyAyNTQxIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RF
Uk0KW1R1ZSBPY3QgMjEgMjE6Mzc6MDAgMjAwM10gW3dhcm5dIGNoaWxkIHBy
b2Nlc3MgMjU0MiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdU
RVJNCltUdWUgT2N0IDIxIDIxOjM3OjAwIDIwMDNdIFt3YXJuXSBjaGlsZCBw
cm9jZXNzIDI1NDMgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lH
VEVSTQpbVHVlIE9jdCAyMSAyMTozNzowMCAyMDAzXSBbd2Fybl0gY2hpbGQg
cHJvY2VzcyAyNTQ0IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJ
R1RFUk0KW1R1ZSBPY3QgMjEgMjE6Mzc6MDEgMjAwM10gW25vdGljZV0gY2F1
Z2h0IFNJR1RFUk0sIHNodXR0aW5nIGRvd24KW1dlZCBPY3QgMjIgMDk6MzI6
NTIgMjAwM10gW25vdGljZV0gRGlnZXN0OiBnZW5lcmF0aW5nIHNlY3JldCBm
b3IgZGlnZXN0IGF1dGhlbnRpY2F0aW9uIC4uLgpbV2VkIE9jdCAyMiAwOToz
Mjo1MiAyMDAzXSBbbm90aWNlXSBEaWdlc3Q6IGRvbmUKW1dlZCBPY3QgMjIg
MDk6MzI6NTMgMjAwM10gW25vdGljZV0gQXBhY2hlLzIuMC40MCAoUmVkIEhh
dCBMaW51eCkgY29uZmlndXJlZCAtLSByZXN1bWluZyBub3JtYWwgb3BlcmF0
aW9ucwpbV2VkIE9jdCAyMiAwOTozNDo1MiAyMDAzXSBbd2Fybl0gY2hpbGQg
cHJvY2VzcyAyNTIxIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJ
R1RFUk0KW1dlZCBPY3QgMjIgMDk6MzQ6NTIgMjAwM10gW3dhcm5dIGNoaWxk
IHByb2Nlc3MgMjUyMiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBT
SUdURVJNCltXZWQgT2N0IDIyIDA5OjM0OjUyIDIwMDNdIFt3YXJuXSBjaGls
ZCBwcm9jZXNzIDI1MjMgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEg
U0lHVEVSTQpbV2VkIE9jdCAyMiAwOTozNDo1MiAyMDAzXSBbd2Fybl0gY2hp
bGQgcHJvY2VzcyAyNTI0IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBh
IFNJR1RFUk0KW1dlZCBPY3QgMjIgMDk6MzQ6NTIgMjAwM10gW3dhcm5dIGNo
aWxkIHByb2Nlc3MgMjUyNSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcg
YSBTSUdURVJNCltXZWQgT2N0IDIyIDA5OjM0OjUyIDIwMDNdIFt3YXJuXSBj
aGlsZCBwcm9jZXNzIDI1MjYgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5n
IGEgU0lHVEVSTQpbV2VkIE9jdCAyMiAwOTozNDo1MiAyMDAzXSBbd2Fybl0g
Y2hpbGQgcHJvY2VzcyAyNTI3IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGlu
ZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMDk6MzQ6NTIgMjAwM10gW3dhcm5d
IGNoaWxkIHByb2Nlc3MgMjUyOCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRp
bmcgYSBTSUdURVJNCltXZWQgT2N0IDIyIDA5OjM0OjUyIDIwMDNdIFtub3Rp
Y2VdIGNhdWdodCBTSUdURVJNLCBzaHV0dGluZyBkb3duCltXZWQgT2N0IDIy
IDEwOjA3OjE1IDIwMDNdIFtub3RpY2VdIERpZ2VzdDogZ2VuZXJhdGluZyBz
ZWNyZXQgZm9yIGRpZ2VzdCBhdXRoZW50aWNhdGlvbiAuLi4KW1dlZCBPY3Qg
MjIgMTA6MDc6MTUgMjAwM10gW25vdGljZV0gRGlnZXN0OiBkb25lCltXZWQg
T2N0IDIyIDEwOjA3OjE2IDIwMDNdIFtub3RpY2VdIEFwYWNoZS8yLjAuNDAg
KFJlZCBIYXQgTGludXgpIGNvbmZpZ3VyZWQgLS0gcmVzdW1pbmcgbm9ybWFs
IG9wZXJhdGlvbnMKW1dlZCBPY3QgMjIgMTA6Mzk6MDEgMjAwM10gW3dhcm5d
IGNoaWxkIHByb2Nlc3MgMzAxOSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRp
bmcgYSBTSUdURVJNCltXZWQgT2N0IDIyIDEwOjM5OjAxIDIwMDNdIFt3YXJu
XSBjaGlsZCBwcm9jZXNzIDMwMjAgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5k
aW5nIGEgU0lHVEVSTQpbV2VkIE9jdCAyMiAxMDozOTowMSAyMDAzXSBbd2Fy
bl0gY2hpbGQgcHJvY2VzcyAzMDIxIHN0aWxsIGRpZCBub3QgZXhpdCwgc2Vu
ZGluZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMTA6Mzk6MDEgMjAwM10gW3dh
cm5dIGNoaWxkIHByb2Nlc3MgMzAyMiBzdGlsbCBkaWQgbm90IGV4aXQsIHNl
bmRpbmcgYSBTSUdURVJNCltXZWQgT2N0IDIyIDEwOjM5OjAxIDIwMDNdIFt3
YXJuXSBjaGlsZCBwcm9jZXNzIDMwMjMgc3RpbGwgZGlkIG5vdCBleGl0LCBz
ZW5kaW5nIGEgU0lHVEVSTQpbV2VkIE9jdCAyMiAxMDozOTowMSAyMDAzXSBb
d2Fybl0gY2hpbGQgcHJvY2VzcyAzMDI0IHN0aWxsIGRpZCBub3QgZXhpdCwg
c2VuZGluZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMTA6Mzk6MDEgMjAwM10g
W3dhcm5dIGNoaWxkIHByb2Nlc3MgMzAyNSBzdGlsbCBkaWQgbm90IGV4aXQs
IHNlbmRpbmcgYSBTSUdURVJNCltXZWQgT2N0IDIyIDEwOjM5OjAxIDIwMDNd
IFt3YXJuXSBjaGlsZCBwcm9jZXNzIDMwMjYgc3RpbGwgZGlkIG5vdCBleGl0
LCBzZW5kaW5nIGEgU0lHVEVSTQpbV2VkIE9jdCAyMiAxMDozOTowMSAyMDAz
XSBbbm90aWNlXSBjYXVnaHQgU0lHVEVSTSwgc2h1dHRpbmcgZG93bgpbV2Vk
IE9jdCAyMiAxMDo0NToyOSAyMDAzXSBbd2Fybl0gUlNBIHNlcnZlciBjZXJ0
aWZpY2F0ZSBpcyBhIENBIGNlcnRpZmljYXRlIChCYXNpY0NvbnN0cmFpbnRz
OiBDQSA9PSBUUlVFICE/KQpbV2VkIE9jdCAyMiAxMDo0NToyOSAyMDAzXSBb
d2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZpY2F0ZSBDb21tb25OYW1lIChDTikg
YGxvY2FsaG9zdC5sb2NhbGRvbWFpbicgZG9lcyBOT1QgbWF0Y2ggc2VydmVy
IG5hbWUhPwpbV2VkIE9jdCAyMiAxMDo0NTozMSAyMDAzXSBbd2Fybl0gUlNB
IHNlcnZlciBjZXJ0aWZpY2F0ZSBpcyBhIENBIGNlcnRpZmljYXRlIChCYXNp
Y0NvbnN0cmFpbnRzOiBDQSA9PSBUUlVFICE/KQpbV2VkIE9jdCAyMiAxMDo0
NTozMSAyMDAzXSBbd2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZpY2F0ZSBDb21t
b25OYW1lIChDTikgYGxvY2FsaG9zdC5sb2NhbGRvbWFpbicgZG9lcyBOT1Qg
bWF0Y2ggc2VydmVyIG5hbWUhPwpbV2VkIE9jdCAyMiAxMDo0NTozMSAyMDAz
XSBbbm90aWNlXSBEaWdlc3Q6IGdlbmVyYXRpbmcgc2VjcmV0IGZvciBkaWdl
c3QgYXV0aGVudGljYXRpb24gLi4uCltXZWQgT2N0IDIyIDEwOjQ1OjMxIDIw
MDNdIFtub3RpY2VdIERpZ2VzdDogZG9uZQpbV2VkIE9jdCAyMiAxMDo0NToz
MiAyMDAzXSBbbm90aWNlXSBBcGFjaGUvMi4wLjQwIChSZWQgSGF0IExpbnV4
KSBjb25maWd1cmVkIC0tIHJlc3VtaW5nIG5vcm1hbCBvcGVyYXRpb25zCltX
ZWQgT2N0IDIyIDEwOjQ3OjQyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMDo0Nzo0Ml0gTWlzc2luZyBMb2dp
bkZvcm0gZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6QXV0aFNlcnZp
Y2Ugb2JqZWN0IQpbV2VkIE9jdCAyMiAxMDo0Nzo0MiAyMDAzXSBbZXJyb3Jd
IFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6NDc6NDJd
IE1pc3NpbmcgRmF0YWxGb3JtIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9D
YXQ6OkF1dGhTZXJ2aWNlIG9iamVjdCEKW1dlZCBPY3QgMjIgMTA6NDc6NDIg
MjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEw
LTIyIDEwOjQ3OjQyXSBNaXNzaW5nIFJlbmV3Rm9ybSBkaXJlY3RpdmUgcmVx
dWlyZWQgZm9yIE5vQ2F0OjpBdXRoU2VydmljZSBvYmplY3QhCltXZWQgT2N0
IDIyIDEwOjQ3OjQyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBbMjAwMy0xMC0yMiAxMDo0Nzo0Ml0gTWlzc2luZyBMb2dpbk9LRm9y
bSBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpBdXRoU2VydmljZSBv
YmplY3QhCltXZWQgT2N0IDIyIDEwOjQ3OjQyIDIwMDNdIFtlcnJvcl0gW2Ns
aWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMDo0Nzo0Ml0gTWlz
c2luZyBFeHBpcmVkRm9ybSBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0
OjpBdXRoU2VydmljZSBvYmplY3QhCltXZWQgT2N0IDIyIDEwOjQ3OjQyIDIw
MDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0y
MiAxMDo0Nzo0Ml0gTWlzc2luZyBMb2dpbkdyZWV0aW5nIGRpcmVjdGl2ZSBy
ZXF1aXJlZCBmb3IgTm9DYXQ6OkF1dGhTZXJ2aWNlIG9iamVjdCEKW1dlZCBP
Y3QgMjIgMTA6NDc6NDIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjgu
MS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ3OjQyXSBNaXNzaW5nIExvZ2luTWlz
c2luZyBkaXJlY3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpBdXRoU2Vydmlj
ZSBvYmplY3QhCltXZWQgT2N0IDIyIDEwOjQ3OjQyIDIwMDNdIFtlcnJvcl0g
W2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMDo0Nzo0Ml0g
TWlzc2luZyBMb2dpbkJhZFVzZXIgZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBO
b0NhdDo6QXV0aFNlcnZpY2Ugb2JqZWN0IQpbV2VkIE9jdCAyMiAxMDo0Nzo0
MiAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMt
MTAtMjIgMTA6NDc6NDJdIE1pc3NpbmcgTG9naW5CYWRQYXNzIGRpcmVjdGl2
ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OkF1dGhTZXJ2aWNlIG9iamVjdCEKW1dl
ZCBPY3QgMjIgMTA6NDc6NDIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ3OjQyXSBVc2VyIFVOS05PV04g
ZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0KW1dlZCBPY3QgMjIg
MTA6NDc6NDIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IFsyMDAzLTEwLTIyIDEwOjQ3OjQyXSBmaWxlIC91c3IvbG9jYWwvbm9jYXQv
YXV0aHNlcnYvaHRkb2NzL0xvZ2luRm9ybTogTm8gc3VjaCBmaWxlIG9yIGRp
cmVjdG9yeQpbV2VkIE9jdCAyMiAxMDo0Nzo0MiAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6NDc6NDJdIFVz
ZSBvZiB1bmluaXRpYWxpemVkIHZhbHVlIGluIHN1YnN0aXR1dGlvbiAocy8v
LykgYXQgLi4vbGliLy9Ob0NhdC5wbSBsaW5lIDI2MiwgPEZJTEU+IGxpbmUg
MS4KW1dlZCBPY3QgMjIgMTA6NDc6NDIgMjAwM10gW2Vycm9yXSBbY2xpZW50
IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ3OjQyXSBVc2Ugb2Yg
dW5pbml0aWFsaXplZCB2YWx1ZSBpbiBoYXNoIGVsZW1lbnQgYXQgLi4vbGli
Ly9Ob0NhdC9BdXRoU2VydmljZS5wbSBsaW5lIDI3OCwgPEZJTEU+IGxpbmUg
MS4KW1dlZCBPY3QgMjIgMTA6NDc6NDIgMjAwM10gW2Vycm9yXSBbY2xpZW50
IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ3OjQyXSBVc2Ugb2Yg
dW5pbml0aWFsaXplZCB2YWx1ZSBpbiBjb25jYXRlbmF0aW9uICguKSBvciBz
dHJpbmcgYXQgLi4vbGliLy9Ob0NhdC9BdXRoU2VydmljZS5wbSBsaW5lIDI3
OCwgPEZJTEU+IGxpbmUgMS4KW1dlZCBPY3QgMjIgMTA6NDc6NTYgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDEw
OjQ3OjU2XSBNaXNzaW5nIExvZ2luRm9ybSBkaXJlY3RpdmUgcmVxdWlyZWQg
Zm9yIE5vQ2F0OjpBdXRoU2VydmljZSBvYmplY3QhCltXZWQgT2N0IDIyIDEw
OjQ3OjU2IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBb
MjAwMy0xMC0yMiAxMDo0Nzo1Nl0gTWlzc2luZyBGYXRhbEZvcm0gZGlyZWN0
aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6QXV0aFNlcnZpY2Ugb2JqZWN0IQpb
V2VkIE9jdCAyMiAxMDo0Nzo1NiAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTky
LjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6NDc6NTZdIE1pc3NpbmcgUmVu
ZXdGb3JtIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OkF1dGhTZXJ2
aWNlIG9iamVjdCEKW1dlZCBPY3QgMjIgMTA6NDc6NTYgMjAwM10gW2Vycm9y
XSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ3OjU2
XSBNaXNzaW5nIExvZ2luT0tGb3JtIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3Ig
Tm9DYXQ6OkF1dGhTZXJ2aWNlIG9iamVjdCEKW1dlZCBPY3QgMjIgMTA6NDc6
NTYgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAz
LTEwLTIyIDEwOjQ3OjU2XSBNaXNzaW5nIEV4cGlyZWRGb3JtIGRpcmVjdGl2
ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OkF1dGhTZXJ2aWNlIG9iamVjdCEKW1dl
ZCBPY3QgMjIgMTA6NDc6NTYgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ3OjU2XSBNaXNzaW5nIExvZ2lu
R3JlZXRpbmcgZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6QXV0aFNl
cnZpY2Ugb2JqZWN0IQpbV2VkIE9jdCAyMiAxMDo0Nzo1NiAyMDAzXSBbZXJy
b3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6NDc6
NTZdIE1pc3NpbmcgTG9naW5NaXNzaW5nIGRpcmVjdGl2ZSByZXF1aXJlZCBm
b3IgTm9DYXQ6OkF1dGhTZXJ2aWNlIG9iamVjdCEKW1dlZCBPY3QgMjIgMTA6
NDc6NTYgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsy
MDAzLTEwLTIyIDEwOjQ3OjU2XSBNaXNzaW5nIExvZ2luQmFkVXNlciBkaXJl
Y3RpdmUgcmVxdWlyZWQgZm9yIE5vQ2F0OjpBdXRoU2VydmljZSBvYmplY3Qh
CltXZWQgT2N0IDIyIDEwOjQ3OjU2IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAx
OTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMDo0Nzo1Nl0gTWlzc2luZyBM
b2dpbkJhZFBhc3MgZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6QXV0
aFNlcnZpY2Ugb2JqZWN0IQpbV2VkIE9jdCAyMiAxMDo0Nzo1NiAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6
NDc6NTZdIFVzZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVz
dHMgZm9ybQpbV2VkIE9jdCAyMiAxMDo0Nzo1NiAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6NDc6NTZdIGZp
bGUgL3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9odGRvY3MvTG9naW5Gb3Jt
OiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5CltXZWQgT2N0IDIyIDEwOjQ3
OjU2IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAw
My0xMC0yMiAxMDo0Nzo1Nl0gVXNlIG9mIHVuaW5pdGlhbGl6ZWQgdmFsdWUg
aW4gc3Vic3RpdHV0aW9uIChzLy8vKSBhdCAuLi9saWIvL05vQ2F0LnBtIGxp
bmUgMjYyLCA8RklMRT4gbGluZSAxLgpbV2VkIE9jdCAyMiAxMDo0Nzo1NiAy
MDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAt
MjIgMTA6NDc6NTZdIFVzZSBvZiB1bmluaXRpYWxpemVkIHZhbHVlIGluIGhh
c2ggZWxlbWVudCBhdCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2aWNlLnBtIGxp
bmUgMjc4LCA8RklMRT4gbGluZSAxLgpbV2VkIE9jdCAyMiAxMDo0Nzo1NiAy
MDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAt
MjIgMTA6NDc6NTZdIFVzZSBvZiB1bmluaXRpYWxpemVkIHZhbHVlIGluIGNv
bmNhdGVuYXRpb24gKC4pIG9yIHN0cmluZyBhdCAuLi9saWIvL05vQ2F0L0F1
dGhTZXJ2aWNlLnBtIGxpbmUgMjc4LCA8RklMRT4gbGluZSAxLgpbV2VkIE9j
dCAyMiAxMDo0OToyMCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAzNjQ1
IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dlZCBP
Y3QgMjIgMTA6NDk6MjAgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgMzY0
NiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltXZWQg
T2N0IDIyIDEwOjQ5OjIwIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDM2
NDcgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbV2Vk
IE9jdCAyMiAxMDo0OToyMCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyAz
NjQ4IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dl
ZCBPY3QgMjIgMTA6NDk6MjAgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3Mg
MzY0OSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltX
ZWQgT2N0IDIyIDEwOjQ5OjIwIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNz
IDM2NTAgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpb
V2VkIE9jdCAyMiAxMDo0OToyMCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2Vz
cyAzNjUxIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0K
W1dlZCBPY3QgMjIgMTA6NDk6MjAgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nl
c3MgMzY1MiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJN
CltXZWQgT2N0IDIyIDEwOjQ5OjIwIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9j
ZXNzIDM2NDUgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVS
TQpbV2VkIE9jdCAyMiAxMDo0OToyMCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJv
Y2VzcyAzNjQ5IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RF
Uk0KW1dlZCBPY3QgMjIgMTA6NDk6MjAgMjAwM10gW3dhcm5dIGNoaWxkIHBy
b2Nlc3MgMzY1MCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdU
RVJNCltXZWQgT2N0IDIyIDEwOjQ5OjIxIDIwMDNdIFtub3RpY2VdIGNhdWdo
dCBTSUdURVJNLCBzaHV0dGluZyBkb3duCltXZWQgT2N0IDIyIDEwOjQ5OjMy
IDIwMDNdIFt3YXJuXSBSU0Egc2VydmVyIGNlcnRpZmljYXRlIGlzIGEgQ0Eg
Y2VydGlmaWNhdGUgKEJhc2ljQ29uc3RyYWludHM6IENBID09IFRSVUUgIT8p
CltXZWQgT2N0IDIyIDEwOjQ5OjMyIDIwMDNdIFt3YXJuXSBSU0Egc2VydmVy
IGNlcnRpZmljYXRlIENvbW1vbk5hbWUgKENOKSBgbG9jYWxob3N0LmxvY2Fs
ZG9tYWluJyBkb2VzIE5PVCBtYXRjaCBzZXJ2ZXIgbmFtZSE/CltXZWQgT2N0
IDIyIDEwOjQ5OjMzIDIwMDNdIFt3YXJuXSBSU0Egc2VydmVyIGNlcnRpZmlj
YXRlIGlzIGEgQ0EgY2VydGlmaWNhdGUgKEJhc2ljQ29uc3RyYWludHM6IENB
ID09IFRSVUUgIT8pCltXZWQgT2N0IDIyIDEwOjQ5OjMzIDIwMDNdIFt3YXJu
XSBSU0Egc2VydmVyIGNlcnRpZmljYXRlIENvbW1vbk5hbWUgKENOKSBgbG9j
YWxob3N0LmxvY2FsZG9tYWluJyBkb2VzIE5PVCBtYXRjaCBzZXJ2ZXIgbmFt
ZSE/CltXZWQgT2N0IDIyIDEwOjQ5OjMzIDIwMDNdIFtub3RpY2VdIERpZ2Vz
dDogZ2VuZXJhdGluZyBzZWNyZXQgZm9yIGRpZ2VzdCBhdXRoZW50aWNhdGlv
biAuLi4KW1dlZCBPY3QgMjIgMTA6NDk6MzMgMjAwM10gW25vdGljZV0gRGln
ZXN0OiBkb25lCltXZWQgT2N0IDIyIDEwOjQ5OjM0IDIwMDNdIFtub3RpY2Vd
IEFwYWNoZS8yLjAuNDAgKFJlZCBIYXQgTGludXgpIGNvbmZpZ3VyZWQgLS0g
cmVzdW1pbmcgbm9ybWFsIG9wZXJhdGlvbnMKW1dlZCBPY3QgMjIgMTA6NDk6
NDAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAz
LTEwLTIyIDEwOjQ5OjQwXSBNaXNzaW5nIExvZ2luRm9ybSBkaXJlY3RpdmUg
cmVxdWlyZWQgZm9yIE5vQ2F0OjpBdXRoU2VydmljZSBvYmplY3QhLCByZWZl
cmVyOiBodHRwOi8vY2hhdC5za2lmLm5ldC9jaGF0CltXZWQgT2N0IDIyIDEw
OjQ5OjQwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBb
MjAwMy0xMC0yMiAxMDo0OTo0MF0gTWlzc2luZyBGYXRhbEZvcm0gZGlyZWN0
aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6QXV0aFNlcnZpY2Ugb2JqZWN0ISwg
cmVmZXJlcjogaHR0cDovL2NoYXQuc2tpZi5uZXQvY2hhdApbV2VkIE9jdCAy
MiAxMDo0OTo0MCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gWzIwMDMtMTAtMjIgMTA6NDk6NDBdIE1pc3NpbmcgUmVuZXdGb3JtIGRp
cmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OkF1dGhTZXJ2aWNlIG9iamVj
dCEsIHJlZmVyZXI6IGh0dHA6Ly9jaGF0LnNraWYubmV0L2NoYXQKW1dlZCBP
Y3QgMjIgMTA6NDk6NDAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjgu
MS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ5OjQwXSBNaXNzaW5nIExvZ2luT0tG
b3JtIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OkF1dGhTZXJ2aWNl
IG9iamVjdCEsIHJlZmVyZXI6IGh0dHA6Ly9jaGF0LnNraWYubmV0L2NoYXQK
W1dlZCBPY3QgMjIgMTA6NDk6NDAgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ5OjQwXSBNaXNzaW5nIEV4
cGlyZWRGb3JtIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OkF1dGhT
ZXJ2aWNlIG9iamVjdCEsIHJlZmVyZXI6IGh0dHA6Ly9jaGF0LnNraWYubmV0
L2NoYXQKW1dlZCBPY3QgMjIgMTA6NDk6NDAgMjAwM10gW2Vycm9yXSBbY2xp
ZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDEwOjQ5OjQwXSBNaXNz
aW5nIExvZ2luR3JlZXRpbmcgZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBOb0Nh
dDo6QXV0aFNlcnZpY2Ugb2JqZWN0ISwgcmVmZXJlcjogaHR0cDovL2NoYXQu
c2tpZi5uZXQvY2hhdApbV2VkIE9jdCAyMiAxMDo0OTo0MCAyMDAzXSBbZXJy
b3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6NDk6
NDBdIE1pc3NpbmcgTG9naW5NaXNzaW5nIGRpcmVjdGl2ZSByZXF1aXJlZCBm
b3IgTm9DYXQ6OkF1dGhTZXJ2aWNlIG9iamVjdCEsIHJlZmVyZXI6IGh0dHA6
Ly9jaGF0LnNraWYubmV0L2NoYXQKW1dlZCBPY3QgMjIgMTA6NDk6NDAgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDEwOjQ5OjQwXSBNaXNzaW5nIExvZ2luQmFkVXNlciBkaXJlY3RpdmUgcmVx
dWlyZWQgZm9yIE5vQ2F0OjpBdXRoU2VydmljZSBvYmplY3QhLCByZWZlcmVy
OiBodHRwOi8vY2hhdC5za2lmLm5ldC9jaGF0CltXZWQgT2N0IDIyIDEwOjQ5
OjQwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAw
My0xMC0yMiAxMDo0OTo0MF0gTWlzc2luZyBMb2dpbkJhZFBhc3MgZGlyZWN0
aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6QXV0aFNlcnZpY2Ugb2JqZWN0ISwg
cmVmZXJlcjogaHR0cDovL2NoYXQuc2tpZi5uZXQvY2hhdApbV2VkIE9jdCAy
MiAxMDo0OTo0MCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gWzIwMDMtMTAtMjIgMTA6NDk6NDBdIFVzZXIgVU5LTk9XTiBmcm9tIDE5
Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybSwgcmVmZXJlcjogaHR0cDovL2No
YXQuc2tpZi5uZXQvY2hhdApbV2VkIE9jdCAyMiAxMDo0OTo0MCAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6
NDk6NDBdIGZpbGUgL3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9odGRvY3Mv
TG9naW5Gb3JtOiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5LCByZWZlcmVy
OiBodHRwOi8vY2hhdC5za2lmLm5ldC9jaGF0CltXZWQgT2N0IDIyIDEwOjQ5
OjQwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAw
My0xMC0yMiAxMDo0OTo0MF0gVXNlIG9mIHVuaW5pdGlhbGl6ZWQgdmFsdWUg
aW4gc3Vic3RpdHV0aW9uIChzLy8vKSBhdCAuLi9saWIvL05vQ2F0LnBtIGxp
bmUgMjYyLCA8RklMRT4gbGluZSAxLiwgcmVmZXJlcjogaHR0cDovL2NoYXQu
c2tpZi5uZXQvY2hhdApbV2VkIE9jdCAyMiAxMDo0OTo0MCAyMDAzXSBbZXJy
b3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6NDk6
NDBdIFVzZSBvZiB1bmluaXRpYWxpemVkIHZhbHVlIGluIGhhc2ggZWxlbWVu
dCBhdCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2aWNlLnBtIGxpbmUgMjc4LCA8
RklMRT4gbGluZSAxLiwgcmVmZXJlcjogaHR0cDovL2NoYXQuc2tpZi5uZXQv
Y2hhdApbV2VkIE9jdCAyMiAxMDo0OTo0MCAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTA6NDk6NDBdIFVzZSBv
ZiB1bmluaXRpYWxpemVkIHZhbHVlIGluIGNvbmNhdGVuYXRpb24gKC4pIG9y
IHN0cmluZyBhdCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2aWNlLnBtIGxpbmUg
Mjc4LCA8RklMRT4gbGluZSAxLiwgcmVmZXJlcjogaHR0cDovL2NoYXQuc2tp
Zi5uZXQvY2hhdApbV2VkIE9jdCAyMiAxMDo1MDowNSAyMDAzXSBbd2Fybl0g
Y2hpbGQgcHJvY2VzcyAzNzcxIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGlu
ZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMTA6NTA6MDUgMjAwM10gW25vdGlj
ZV0gY2F1Z2h0IFNJR1RFUk0sIHNodXR0aW5nIGRvd24KW1dlZCBPY3QgMjIg
MTE6MDA6NDEgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUg
aXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0g
VFJVRSAhPykKW1dlZCBPY3QgMjIgMTE6MDA6NDEgMjAwM10gW3dhcm5dIFJT
QSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhv
c3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8K
W1dlZCBPY3QgMjIgMTE6MDA6NDIgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIg
Y2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25zdHJh
aW50czogQ0EgPT0gVFJVRSAhPykKW1dlZCBPY3QgMjIgMTE6MDA6NDIgMjAw
M10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFtZSAo
Q04pIGBsb2NhbGhvc3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1hdGNoIHNl
cnZlciBuYW1lIT8KW1dlZCBPY3QgMjIgMTE6MDA6NDIgMjAwM10gW25vdGlj
ZV0gRGlnZXN0OiBnZW5lcmF0aW5nIHNlY3JldCBmb3IgZGlnZXN0IGF1dGhl
bnRpY2F0aW9uIC4uLgpbV2VkIE9jdCAyMiAxMTowMDo0MiAyMDAzXSBbbm90
aWNlXSBEaWdlc3Q6IGRvbmUKW1dlZCBPY3QgMjIgMTE6MDA6NDMgMjAwM10g
W25vdGljZV0gQXBhY2hlLzIuMC40MCAoUmVkIEhhdCBMaW51eCkgY29uZmln
dXJlZCAtLSByZXN1bWluZyBub3JtYWwgb3BlcmF0aW9ucwpbV2VkIE9jdCAy
MiAxMTowMDo1NCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gWzIwMDMtMTAtMjIgMTE6MDA6NTNdIFVzZXIgVU5LTk9XTiBmcm9tIDE5
Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybQpbV2VkIE9jdCAyMiAxMTowMTox
MCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gUHJlbWF0
dXJlIGVuZCBvZiBzY3JpcHQgaGVhZGVyczogbG9naW4sIHJlZmVyZXI6IGh0
dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRw
JTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWpp
ZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUx
JTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2Vu
PSUyNDElMjQ0MjA0ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3MApb
V2VkIE9jdCAyMiAxMTowMToxMCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTky
LjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTE6MDE6MDldIFVzZXIgc3Vuc2hl
bmdAaG90bWFpbC5jb20gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZv
cm0sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dp
bj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNu
JTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5
MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIl
M2FEOSUzYUEyJnRva2VuPSUyNDElMjQ0MjA0ODc4MCUyNGRmMXZVSCUyZlRD
aGpyWXpWSUVYTUx3MApbV2VkIE9jdCAyMiAxMTowMToxMCAyMDAzXSBbZXJy
b3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTE6MDE6
MDldIE1pc3NpbmcgREJfUGFzc3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3Ig
Tm9DYXQ6OlNvdXJjZTo6REJJIG9iamVjdCEsIHJlZmVyZXI6IGh0dHBzOi8v
MTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJm
JTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0
bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4
MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDEl
MjQ0MjA0ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3MApbV2VkIE9j
dCAyMiAxMTowMToxMCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4x
LjE5N10gWzIwMDMtMTAtMjIgMTE6MDE6MTBdIGdwZyAtLXNpZ24gLS1hcm1v
ciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmlu
Ly4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8tdHR5IC1v
LSByZXR1cm5lZCBlcnJvciBtZXNzYWdlOiwgcmVmZXJlcjogaHR0cHM6Ly8x
OTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYl
MmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRt
JnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1Mjgw
Jm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUy
NDQyMDQ4NzgwJTI0ZGYxdlVIJTJmVENoanJZelZJRVhNTHcwCltXZWQgT2N0
IDIyIDExOjAxOjEwIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBncGc6IFdBUk5JTkc6IHVzaW5nIGluc2VjdXJlIG1lbW9yeSEsIHJl
ZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRp
cmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVq
aWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2
OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUz
YUEyJnRva2VuPSUyNDElMjQ0MjA0ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpW
SUVYTUx3MApbV2VkIE9jdCAyMiAxMTowMToxMCAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBwbGVhc2Ugc2VlIGh0dHA6Ly93
d3cuZ251cGcub3JnL2ZhcS5odG1sIGZvciBtb3JlIGluZm9ybWF0aW9uLCBy
ZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVk
aXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1
amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUx
NjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDkl
M2FBMiZ0b2tlbj0lMjQxJTI0NDIwNDg3ODAlMjRkZjF2VUglMmZUQ2hqcll6
VklFWE1MdzAKW1dlZCBPY3QgMjIgMTE6MDE6MTAgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogU29ycnksIG5vIHRlcm1pbmFs
IGF0IGFsbCByZXF1ZXN0ZWQgLSBjYW4ndCBnZXQgaW5wdXQsIHJlZmVyZXI6
IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1o
dHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0
dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTEl
MmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRv
a2VuPSUyNDElMjQ0MjA0ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3
MApbV2VkIE9jdCAyMiAxMTowMToxMCAyMDAzXSBbZXJyb3JdIFtjbGllbnQg
MTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTE6MDE6MTBdIGdwZyAtLXNp
Z24gLS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vy
di9jZ2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0t
bm8tdHR5IC1vLSByZXR1cm5lZCBlcnJvcjogSWxsZWdhbCBzZWVrICggMiAp
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUy
ZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIl
MmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNh
RDklM2FBMiZ0b2tlbj0lMjQxJTI0NDIwNDg3ODAlMjRkZjF2VUglMmZUQ2hq
cll6VklFWE1MdzAKW1dlZCBPY3QgMjIgMTE6MDE6MTAgMjAwM10gW2Vycm9y
XSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIENhbid0IGNhbGwgbWV0aG9kICJ0
ZXh0IiBvbiBhbiB1bmRlZmluZWQgdmFsdWUgYXQgLi4vbGliLy9Ob0NhdC9B
dXRoU2VydmljZS5wbSBsaW5lIDEzNC4sIHJlZmVyZXI6IGh0dHBzOi8vMTky
LjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJm
d3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0
aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZt
YWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ0
MjA0ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3MApbV2VkIE9jdCAy
MiAxMTowMTozMSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gWzIwMDMtMTAtMjIgMTE6MDE6MzFdIE1pc3NpbmcgREJfUGFzc3dkIGRp
cmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OlNvdXJjZTo6REJJIG9iamVj
dCEsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9yZWdp
c3Rlcj9yZWRpcmVjdD1odHRwOi8vd3d3LmRvbm8uY29tLmNuL3R1amllL3R1
amllLmh0bQpbV2VkIE9jdCAyMiAxMTowMTo0NSAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTE6MDE6NDVdIE1p
c3NpbmcgREJfUGFzc3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6
OlNvdXJjZTo6REJJIG9iamVjdCEsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2
OC4xLjEvY2dpLWJpbi9yZWdpc3RlcgpbV2VkIE9jdCAyMiAxMTowMTo1MCAy
MDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAt
MjIgMTE6MDE6NTBdIFVzZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcg
cmVxdWVzdHMgZm9ybQpbV2VkIE9jdCAyMiAxMTowMjowOCAyMDAzXSBbZXJy
b3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gUHJlbWF0dXJlIGVuZCBvZiBz
Y3JpcHQgaGVhZGVyczogbG9naW4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2
OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3
JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1l
b3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9
MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ0MjA0
ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3MApbV2VkIE9jdCAyMiAx
MTowMjowOCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
WzIwMDMtMTAtMjIgMTE6MDI6MDhdIFVzZXIgeXVqaWVAaG90bWFpbC5jb20g
ZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0sIHJlZmVyZXI6IGh0
dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRw
JTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWpp
ZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUx
JTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2Vu
PSUyNDElMjQ0MjA0ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3MApb
V2VkIE9jdCAyMiAxMTowMjowOCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTky
LjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTE6MDI6MDhdIE1pc3NpbmcgREJf
UGFzc3dkIGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OlNvdXJjZTo6
REJJIG9iamVjdCEsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUy
ZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZn
YXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUz
YTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ0MjA0ODc4MCUyNGRm
MXZVSCUyZlRDaGpyWXpWSUVYTUx3MApbV2VkIE9jdCAyMiAxMTowMjowOCAy
MDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAt
MjIgMTE6MDI6MDhdIGdwZyAtLXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9L3Vz
ci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmluLy4uL3BncCAtLWtleXJp
bmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8tdHR5IC1vLSByZXR1cm5lZCBlcnJv
ciBtZXNzYWdlOiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2kt
YmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJl
Y29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdh
dGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNh
NUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDQyMDQ4NzgwJTI0ZGYx
dlVIJTJmVENoanJZelZJRVhNTHcwCltXZWQgT2N0IDIyIDExOjAyOjA4IDIw
MDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IFdBUk5J
Tkc6IHVzaW5nIGluc2VjdXJlIG1lbW9yeSEsIHJlZmVyZXI6IGh0dHBzOi8v
MTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJm
JTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0
bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4
MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDEl
MjQ0MjA0ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3MApbV2VkIE9j
dCAyMiAxMTowMjowOCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4x
LjE5N10gZ3BnOiBwbGVhc2Ugc2VlIGh0dHA6Ly93d3cuZ251cGcub3JnL2Zh
cS5odG1sIGZvciBtb3JlIGluZm9ybWF0aW9uLCByZWZlcmVyOiBodHRwczov
LzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUy
ZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVo
dG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUy
ODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQx
JTI0NDIwNDg3ODAlMjRkZjF2VUglMmZUQ2hqcll6VklFWE1MdzAKW1dlZCBP
Y3QgMjIgMTE6MDI6MDggMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjgu
MS4xOTddIGdwZzogU29ycnksIG5vIHRlcm1pbmFsIGF0IGFsbCByZXF1ZXN0
ZWQgLSBjYW4ndCBnZXQgaW5wdXQsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2
OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3
JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1l
b3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9
MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ0MjA0
ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3MApbV2VkIE9jdCAyMiAx
MTowMjowOCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
WzIwMDMtMTAtMjIgMTE6MDI6MDhdIGdwZyAtLXNpZ24gLS1hcm1vciAtLWhv
bWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmluLy4uL3Bn
cCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8tdHR5IC1vLSByZXR1
cm5lZCBlcnJvcjogSWxsZWdhbCBzZWVrICggMiApLCByZWZlcmVyOiBodHRw
czovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUz
YSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUl
MmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0NDIwNDg3ODAlMjRkZjF2VUglMmZUQ2hqcll6VklFWE1MdzAKW1dl
ZCBPY3QgMjIgMTE6MDI6MDggMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIENhbid0IGNhbGwgbWV0aG9kICJ0ZXh0IiBvbiBhbiB1bmRl
ZmluZWQgdmFsdWUgYXQgLi4vbGliLy9Ob0NhdC9BdXRoU2VydmljZS5wbSBs
aW5lIDEzNC4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJp
bi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNv
bSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRl
d2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVC
JTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ0MjA0ODc4MCUyNGRmMXZV
SCUyZlRDaGpyWXpWSUVYTUx3MApbV2VkIE9jdCAyMiAxMTowMzoxMSAyMDAz
XSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIg
MTE6MDM6MTFdIFVzZXIgeXVqaWVAaG90bWFpbC5jb20gZnJvbSAxOTIuMTY4
LjEuMTk3IHJlcXVlc3RzIGZvcm0sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2
OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3
JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1l
b3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9
MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ0MjA0
ODc4MCUyNGRmMXZVSCUyZlRDaGpyWXpWSUVYTUx3MApbV2VkIE9jdCAyMiAx
MTowMzoxOSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
UHJlbWF0dXJlIGVuZCBvZiBzY3JpcHQgaGVhZGVyczogbG9naW4sIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9j
dCAyMiAxMTowMzoxOSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4x
LjE5N10gWzIwMDMtMTAtMjIgMTE6MDM6MThdIFVzZXIgeXVqaWVAaG90bWFp
bC5jb20gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0sIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9j
dCAyMiAxMTowMzoxOSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4x
LjE5N10gWzIwMDMtMTAtMjIgMTE6MDM6MTldIE1pc3NpbmcgREJfUGFzc3dk
IGRpcmVjdGl2ZSByZXF1aXJlZCBmb3IgTm9DYXQ6OlNvdXJjZTo6REJJIG9i
amVjdCEsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9s
b2dpbgpbV2VkIE9jdCAyMiAxMTowMzoxOSAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTE6MDM6MTldIGdwZyAt
LXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRo
c2Vydi9jZ2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3Bn
IC0tbm8tdHR5IC1vLSByZXR1cm5lZCBlcnJvciBtZXNzYWdlOiwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltXZWQgT2N0
IDIyIDExOjAzOjE5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBncGc6IFdBUk5JTkc6IHVzaW5nIGluc2VjdXJlIG1lbW9yeSEsIHJl
ZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2Vk
IE9jdCAyMiAxMTowMzoxOSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gZ3BnOiBwbGVhc2Ugc2VlIGh0dHA6Ly93d3cuZ251cGcub3Jn
L2ZhcS5odG1sIGZvciBtb3JlIGluZm9ybWF0aW9uLCByZWZlcmVyOiBodHRw
czovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1dlZCBPY3QgMjIgMTE6
MDM6MTkgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdw
ZzogU29ycnksIG5vIHRlcm1pbmFsIGF0IGFsbCByZXF1ZXN0ZWQgLSBjYW4n
dCBnZXQgaW5wdXQsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTowMzoxOSAyMDAzXSBbZXJyb3Jd
IFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTE6MDM6MTld
IGdwZyAtLXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2Nh
dC9hdXRoc2Vydi9jZ2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtl
eXMuZ3BnIC0tbm8tdHR5IC1vLSByZXR1cm5lZCBlcnJvcjogSWxsZWdhbCBz
ZWVrICggMiApLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4KW1dlZCBPY3QgMjIgMTE6MDM6MTkgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIENhbid0IGNhbGwgbWV0aG9kICJ0ZXh0
IiBvbiBhbiB1bmRlZmluZWQgdmFsdWUgYXQgLi4vbGliLy9Ob0NhdC9BdXRo
U2VydmljZS5wbSBsaW5lIDEzNC4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2
OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTowMzoyNyAyMDAz
XSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gUHJlbWF0dXJlIGVu
ZCBvZiBzY3JpcHQgaGVhZGVyczogbG9naW4sIHJlZmVyZXI6IGh0dHBzOi8v
MTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTowMzoy
NyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMt
MTAtMjIgMTE6MDM6MjddIFVzZXIgeXVqaWVAaG90bWFpbC5jb20gZnJvbSAx
OTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0sIHJlZmVyZXI6IGh0dHBzOi8v
MTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTowMzoy
NyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMt
MTAtMjIgMTE6MDM6MjddIGdwZyAtLXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9
L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmluLy4uL3BncCAtLWtl
eXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8tdHR5IC1vLSByZXR1cm5lZCBl
cnJvciBtZXNzYWdlOiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9j
Z2ktYmluL2xvZ2luCltXZWQgT2N0IDIyIDExOjAzOjI3IDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IFdBUk5JTkc6IHVzaW5n
IGluc2VjdXJlIG1lbW9yeSEsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4x
LjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTowMzoyNyAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBwbGVhc2Ugc2Vl
IGh0dHA6Ly93d3cuZ251cGcub3JnL2ZhcS5odG1sIGZvciBtb3JlIGluZm9y
bWF0aW9uLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4v
bG9naW4KW1dlZCBPY3QgMjIgMTE6MDM6MjcgMjAwM10gW2Vycm9yXSBbY2xp
ZW50IDE5Mi4xNjguMS4xOTddIGdwZzogU29ycnksIG5vIHRlcm1pbmFsIGF0
IGFsbCByZXF1ZXN0ZWQgLSBjYW4ndCBnZXQgaW5wdXQsIHJlZmVyZXI6IGh0
dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAx
MTowMzoyNyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
WzIwMDMtMTAtMjIgMTE6MDM6MjddIGdwZyAtLXNpZ24gLS1hcm1vciAtLWhv
bWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmluLy4uL3Bn
cCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8tdHR5IC1vLSByZXR1
cm5lZCBlcnJvcjogQnJva2VuIHBpcGUgKCAyICksIHJlZmVyZXI6IGh0dHBz
Oi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTow
MzoyNyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gQ2Fu
J3QgY2FsbCBtZXRob2QgInRleHQiIG9uIGFuIHVuZGVmaW5lZCB2YWx1ZSBh
dCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2aWNlLnBtIGxpbmUgMTM0LiwgcmVm
ZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltXZWQg
T2N0IDIyIDExOjA1OjAyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4
LjEuMTk3XSBQcmVtYXR1cmUgZW5kIG9mIHNjcmlwdCBoZWFkZXJzOiBsb2dp
biwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
CltXZWQgT2N0IDIyIDExOjA1OjAyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAx
OTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMTowNTowMV0gVXNlciB5dWpp
ZUBob3RtYWlsLmNvbSBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9y
bSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
CltXZWQgT2N0IDIyIDExOjA1OjAyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAx
OTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMTowNTowMV0gTWlzc2luZyBE
Ql9QYXNzd2QgZGlyZWN0aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6U291cmNl
OjpEQkkgb2JqZWN0ISwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9j
Z2ktYmluL2xvZ2luCltXZWQgT2N0IDIyIDExOjA1OjAyIDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMTowNTow
MV0gZ3BnIC0tc2lnbiAtLWFybW9yIC0taG9tZWRpcj0vdXNyL2xvY2FsL25v
Y2F0L2F1dGhzZXJ2L2NnaS1iaW4vLi4vcGdwIC0ta2V5cmluZyB0cnVzdGVk
a2V5cy5ncGcgLS1uby10dHkgLW8tIHJldHVybmVkIGVycm9yIG1lc3NhZ2U6
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4K
W1dlZCBPY3QgMjIgMTE6MDU6MDIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIGdwZzogV0FSTklORzogdXNpbmcgaW5zZWN1cmUgbWVt
b3J5ISwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xv
Z2luCltXZWQgT2N0IDIyIDExOjA1OjAyIDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBncGc6IHBsZWFzZSBzZWUgaHR0cDovL3d3dy5n
bnVwZy5vcmcvZmFxLmh0bWwgZm9yIG1vcmUgaW5mb3JtYXRpb24sIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9j
dCAyMiAxMTowNTowMiAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4x
LjE5N10gZ3BnOiBTb3JyeSwgbm8gdGVybWluYWwgYXQgYWxsIHJlcXVlc3Rl
ZCAtIGNhbid0IGdldCBpbnB1dCwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4
LjEuMS9jZ2ktYmluL2xvZ2luCltXZWQgT2N0IDIyIDExOjA1OjAyIDIwMDNd
IFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAx
MTowNTowMV0gZ3BnIC0tc2lnbiAtLWFybW9yIC0taG9tZWRpcj0vdXNyL2xv
Y2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1iaW4vLi4vcGdwIC0ta2V5cmluZyB0
cnVzdGVka2V5cy5ncGcgLS1uby10dHkgLW8tIHJldHVybmVkIGVycm9yOiBJ
bGxlZ2FsIHNlZWsgKCAyICksIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4x
LjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTowNTowMiAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gQ2FuJ3QgY2FsbCBtZXRo
b2QgInRleHQiIG9uIGFuIHVuZGVmaW5lZCB2YWx1ZSBhdCAuLi9saWIvL05v
Q2F0L0F1dGhTZXJ2aWNlLnBtIGxpbmUgMTM0LiwgcmVmZXJlcjogaHR0cHM6
Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltXZWQgT2N0IDIyIDExOjA3
OjUyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBQcmVt
YXR1cmUgZW5kIG9mIHNjcmlwdCBoZWFkZXJzOiBsb2dpbiwgcmVmZXJlcjog
aHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltXZWQgT2N0IDIy
IDExOjA3OjUyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBbMjAwMy0xMC0yMiAxMTowNzo1Ml0gVXNlciB5dWppZUBob3RtYWlsLmNv
bSBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybSwgcmVmZXJlcjog
aHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltXZWQgT2N0IDIy
IDExOjA3OjUyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBbMjAwMy0xMC0yMiAxMTowNzo1Ml0gTWlzc2luZyBEQl9QYXNzd2QgZGly
ZWN0aXZlIHJlcXVpcmVkIGZvciBOb0NhdDo6U291cmNlOjpEQkkgb2JqZWN0
ISwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
CltXZWQgT2N0IDIyIDExOjA3OjUyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAx
OTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMTowNzo1Ml0gZ3BnIC0tc2ln
biAtLWFybW9yIC0taG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2
L2NnaS1iaW4vLi4vcGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1u
by10dHkgLW8tIHJldHVybmVkIGVycm9yIG1lc3NhZ2U6LCByZWZlcmVyOiBo
dHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1dlZCBPY3QgMjIg
MTE6MDc6NTIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IGdwZzogV0FSTklORzogdXNpbmcgaW5zZWN1cmUgbWVtb3J5ISwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltXZWQgT2N0
IDIyIDExOjA3OjUyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBncGc6IHBsZWFzZSBzZWUgaHR0cDovL3d3dy5nbnVwZy5vcmcvZmFx
Lmh0bWwgZm9yIG1vcmUgaW5mb3JtYXRpb24sIHJlZmVyZXI6IGh0dHBzOi8v
MTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTowNzo1
MiAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBT
b3JyeSwgbm8gdGVybWluYWwgYXQgYWxsIHJlcXVlc3RlZCAtIGNhbid0IGdl
dCBpbnB1dCwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmlu
L2xvZ2luCltXZWQgT2N0IDIyIDExOjA3OjUyIDIwMDNdIFtlcnJvcl0gW2Ns
aWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMTowNzo1Ml0gZ3Bn
IC0tc2lnbiAtLWFybW9yIC0taG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1
dGhzZXJ2L2NnaS1iaW4vLi4vcGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5n
cGcgLS1uby10dHkgLW8tIHJldHVybmVkIGVycm9yOiBCcm9rZW4gcGlwZSAo
IDIgKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xv
Z2luCltXZWQgT2N0IDIyIDExOjA3OjUyIDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBDYW4ndCBjYWxsIG1ldGhvZCAidGV4dCIgb24g
YW4gdW5kZWZpbmVkIHZhbHVlIGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNlcnZp
Y2UucG0gbGluZSAxMzQuLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4x
L2NnaS1iaW4vbG9naW4KW1dlZCBPY3QgMjIgMTE6MDg6NTcgMjAwM10gW2Vy
cm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFByZW1hdHVyZSBlbmQgb2Yg
c2NyaXB0IGhlYWRlcnM6IGxvZ2luLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4KW1dlZCBPY3QgMjIgMTE6MDg6NTcgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDExOjA4OjU3XSBVc2VyIHl1amllQGhvdG1haWwuY29tIGZyb20gMTkyLjE2
OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4KW1dlZCBPY3QgMjIgMTE6MDg6NTcgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDExOjA4OjU3XSBNaXNzaW5nIERCX1Bhc3N3ZCBkaXJlY3RpdmUgcmVxdWly
ZWQgZm9yIE5vQ2F0OjpTb3VyY2U6OkRCSSBvYmplY3QhLCByZWZlcmVyOiBo
dHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1dlZCBPY3QgMjIg
MTE6MDg6NTcgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IFsyMDAzLTEwLTIyIDExOjA4OjU3XSBncGcgLS1zaWduIC0tYXJtb3IgLS1o
b21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9w
Z3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0
dXJuZWQgZXJyb3IgbWVzc2FnZTosIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2
OC4xLjEvY2dpLWJpbi9sb2dpbgpbV2VkIE9jdCAyMiAxMTowODo1NyAyMDAz
XSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBXQVJOSU5H
OiB1c2luZyBpbnNlY3VyZSBtZW1vcnkhLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1dlZCBPY3QgMjIgMTE6MDg6NTcg
MjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogcGxl
YXNlIHNlZSBodHRwOi8vd3d3LmdudXBnLm9yZy9mYXEuaHRtbCBmb3IgbW9y
ZSBpbmZvcm1hdGlvbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9j
Z2ktYmluL2xvZ2luCltXZWQgT2N0IDIyIDExOjA4OjU3IDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IFNvcnJ5LCBubyB0ZXJt
aW5hbCBhdCBhbGwgcmVxdWVzdGVkIC0gY2FuJ3QgZ2V0IGlucHV0LCByZWZl
cmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4KW1dlZCBP
Y3QgMjIgMTE6MDg6NTcgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjgu
MS4xOTddIFsyMDAzLTEwLTIyIDExOjA4OjU3XSBncGcgLS1zaWduIC0tYXJt
b3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJp
bi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAt
by0gcmV0dXJuZWQgZXJyb3I6IElsbGVnYWwgc2VlayAoIDIgKSwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luCltXZWQgT2N0
IDIyIDExOjA4OjU3IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBDYW4ndCBjYWxsIG1ldGhvZCAidGV4dCIgb24gYW4gdW5kZWZpbmVk
IHZhbHVlIGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNlcnZpY2UucG0gbGluZSAx
MzQuLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9n
aW4KW1dlZCBPY3QgMjIgMTE6Mjc6MzcgMjAwM10gW3dhcm5dIGNoaWxkIHBy
b2Nlc3MgMzgzOSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdU
RVJNCltXZWQgT2N0IDIyIDExOjI3OjM3IDIwMDNdIFt3YXJuXSBjaGlsZCBw
cm9jZXNzIDM4NDAgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lH
VEVSTQpbV2VkIE9jdCAyMiAxMToyNzozNyAyMDAzXSBbd2Fybl0gY2hpbGQg
cHJvY2VzcyAzODQxIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJ
R1RFUk0KW1dlZCBPY3QgMjIgMTE6Mjc6MzcgMjAwM10gW3dhcm5dIGNoaWxk
IHByb2Nlc3MgMzg0MiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBT
SUdURVJNCltXZWQgT2N0IDIyIDExOjI3OjM3IDIwMDNdIFt3YXJuXSBjaGls
ZCBwcm9jZXNzIDM4NDMgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEg
U0lHVEVSTQpbV2VkIE9jdCAyMiAxMToyNzozNyAyMDAzXSBbd2Fybl0gY2hp
bGQgcHJvY2VzcyAzODQ0IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBh
IFNJR1RFUk0KW1dlZCBPY3QgMjIgMTE6Mjc6MzcgMjAwM10gW3dhcm5dIGNo
aWxkIHByb2Nlc3MgMzg0NSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcg
YSBTSUdURVJNCltXZWQgT2N0IDIyIDExOjI3OjM3IDIwMDNdIFt3YXJuXSBj
aGlsZCBwcm9jZXNzIDM4NDYgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5n
IGEgU0lHVEVSTQpbV2VkIE9jdCAyMiAxMToyNzozNyAyMDAzXSBbbm90aWNl
XSBjYXVnaHQgU0lHVEVSTSwgc2h1dHRpbmcgZG93bgpbV2VkIE9jdCAyMiAx
MToyNzozOSAyMDAzXSBbd2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZpY2F0ZSBp
cyBhIENBIGNlcnRpZmljYXRlIChCYXNpY0NvbnN0cmFpbnRzOiBDQSA9PSBU
UlVFICE/KQpbV2VkIE9jdCAyMiAxMToyNzozOSAyMDAzXSBbd2Fybl0gUlNB
IHNlcnZlciBjZXJ0aWZpY2F0ZSBDb21tb25OYW1lIChDTikgYGxvY2FsaG9z
dC5sb2NhbGRvbWFpbicgZG9lcyBOT1QgbWF0Y2ggc2VydmVyIG5hbWUhPwpb
V2VkIE9jdCAyMiAxMToyNzo0MCAyMDAzXSBbd2Fybl0gUlNBIHNlcnZlciBj
ZXJ0aWZpY2F0ZSBpcyBhIENBIGNlcnRpZmljYXRlIChCYXNpY0NvbnN0cmFp
bnRzOiBDQSA9PSBUUlVFICE/KQpbV2VkIE9jdCAyMiAxMToyNzo0MCAyMDAz
XSBbd2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZpY2F0ZSBDb21tb25OYW1lIChD
TikgYGxvY2FsaG9zdC5sb2NhbGRvbWFpbicgZG9lcyBOT1QgbWF0Y2ggc2Vy
dmVyIG5hbWUhPwpbV2VkIE9jdCAyMiAxMToyNzo0MCAyMDAzXSBbbm90aWNl
XSBEaWdlc3Q6IGdlbmVyYXRpbmcgc2VjcmV0IGZvciBkaWdlc3QgYXV0aGVu
dGljYXRpb24gLi4uCltXZWQgT2N0IDIyIDExOjI3OjQwIDIwMDNdIFtub3Rp
Y2VdIERpZ2VzdDogZG9uZQpbV2VkIE9jdCAyMiAxMToyNzo0MSAyMDAzXSBb
bm90aWNlXSBBcGFjaGUvMi4wLjQwIChSZWQgSGF0IExpbnV4KSBjb25maWd1
cmVkIC0tIHJlc3VtaW5nIG5vcm1hbCBvcGVyYXRpb25zCltXZWQgT2N0IDIy
IDExOjI3OjQ3IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBbMjAwMy0xMC0yMiAxMToyNzo0N10gVXNlciBVTktOT1dOIGZyb20gMTky
LjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwOi8vY2hh
dC5za2lmLm5ldC9jaGF0CltXZWQgT2N0IDIyIDExOjI4OjEzIDIwMDNdIFtl
cnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBQcmVtYXR1cmUgZW5kIG9m
IHNjcmlwdCBoZWFkZXJzOiBsb2dpbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIu
MTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3
d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDk5
OTM0NTEyJTI0ZFBwM1JyQ3FrSVQ4TEJVMzVwSE1PJTJlCltXZWQgT2N0IDIy
IDExOjI4OjEzIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBbMjAwMy0xMC0yMiAxMToyODoxMl0gVXNlciBzdW5zaGVuZ0Bob3RtYWls
LmNvbSBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybSwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUy
ZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJl
MSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTIm
dG9rZW49JTI0MSUyNDk5OTM0NTEyJTI0ZFBwM1JyQ3FrSVQ4TEJVMzVwSE1P
JTJlCltXZWQgT2N0IDIyIDExOjI4OjEzIDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBEQkkgY29ubmVjdCgnZGF0YWJhc2U9bm9jYXQ6
aG9zdD0xMjcuMC4wLjEnLCdub2NhdCcsLi4uKSBmYWlsZWQ6IEFjY2VzcyBk
ZW5pZWQgZm9yIHVzZXI6ICdub2NhdEBsb2NhbGhvc3QubG9jYWxkb21haW4n
IChVc2luZyBwYXNzd29yZDogWUVTKSBhdCAuLi9saWIvL05vQ2F0L1NvdXJj
ZS9EQkkucG0gbGluZSAxOCwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEu
MS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVk
b25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9
NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUz
YTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDk5OTM0NTEy
JTI0ZFBwM1JyQ3FrSVQ4TEJVMzVwSE1PJTJlCltXZWQgT2N0IDIyIDExOjI4
OjQ1IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBQcmVt
YXR1cmUgZW5kIG9mIHNjcmlwdCBoZWFkZXJzOiByZWdpc3RlciwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL3JlZ2lzdGVyP3JlZGly
ZWN0PWh0dHA6Ly93d3cuZG9uby5jb20uY24vdHVqaWUvdHVqaWUuaHRtCltX
ZWQgT2N0IDIyIDExOjI4OjQ1IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBEQkkgY29ubmVjdCgnZGF0YWJhc2U9bm9jYXQ6aG9zdD0x
MjcuMC4wLjEnLCdub2NhdCcsLi4uKSBmYWlsZWQ6IEFjY2VzcyBkZW5pZWQg
Zm9yIHVzZXI6ICdub2NhdEBsb2NhbGhvc3QubG9jYWxkb21haW4nIChVc2lu
ZyBwYXNzd29yZDogWUVTKSBhdCAuLi9saWIvTm9DYXQvU291cmNlL0RCSS5w
bSBsaW5lIDE4LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vcmVnaXN0ZXI/cmVkaXJlY3Q9aHR0cDovL3d3dy5kb25vLmNvbS5jbi90
dWppZS90dWppZS5odG0KW1dlZCBPY3QgMjIgMTE6MzU6NTMgMjAwM10gW2Vy
cm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFByZW1hdHVyZSBlbmQgb2Yg
c2NyaXB0IGhlYWRlcnM6IGxvZ2luLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3
dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0OTk5
MzQ1MTIlMjRkUHAzUnJDcWtJVDhMQlUzNXBITU8lMmUKW1dlZCBPY3QgMjIg
MTE6MzU6NTMgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IFsyMDAzLTEwLTIyIDExOjM1OjUzXSBVc2VyIHN1bnNoZW5nQGhvdG1haWwu
Y29tIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVy
OiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9
aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJm
dHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUx
JTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0
b2tlbj0lMjQxJTI0OTk5MzQ1MTIlMjRkUHAzUnJDcWtJVDhMQlUzNXBITU8l
MmUKW1dlZCBPY3QgMjIgMTE6MzU6NTMgMjAwM10gW2Vycm9yXSBbY2xpZW50
IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDExOjM1OjUzXSBncGcgLS1z
aWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0aHNl
cnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdwZyAt
LW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3IgbWVzc2FnZTosIHJlZmVyZXI6
IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1o
dHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0
dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTEl
MmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRv
a2VuPSUyNDElMjQ5OTkzNDUxMiUyNGRQcDNSckNxa0lUOExCVTM1cEhNTyUy
ZQpbV2VkIE9jdCAyMiAxMTozNTo1MyAyMDAzXSBbZXJyb3JdIFtjbGllbnQg
MTkyLjE2OC4xLjE5N10gZ3BnOiBXQVJOSU5HOiB1c2luZyBpbnNlY3VyZSBt
ZW1vcnkhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4v
bG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20l
MmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0OTk5MzQ1MTIlMjRkUHAzUnJD
cWtJVDhMQlUzNXBITU8lMmUKW1dlZCBPY3QgMjIgMTE6MzU6NTMgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogcGxlYXNlIHNl
ZSBodHRwOi8vd3d3LmdudXBnLm9yZy9mYXEuaHRtbCBmb3IgbW9yZSBpbmZv
cm1hdGlvbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmlu
L2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29t
JTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3
YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIl
M2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDk5OTM0NTEyJTI0ZFBwM1Jy
Q3FrSVQ4TEJVMzVwSE1PJTJlCltXZWQgT2N0IDIyIDExOjM1OjUzIDIwMDNd
IFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IFNvcnJ5LCBu
byB0ZXJtaW5hbCBhdCBhbGwgcmVxdWVzdGVkIC0gY2FuJ3QgZ2V0IGlucHV0
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUy
ZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIl
MmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNh
RDklM2FBMiZ0b2tlbj0lMjQxJTI0OTk5MzQ1MTIlMjRkUHAzUnJDcWtJVDhM
QlUzNXBITU8lMmUKW1dlZCBPY3QgMjIgMTE6MzU6NTMgMjAwM10gW2Vycm9y
XSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDExOjM1OjUz
XSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9j
YXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRr
ZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3I6IElsbGVnYWwg
c2VlayAoIDIgKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2kt
YmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJl
Y29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdh
dGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNh
NUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDk5OTM0NTEyJTI0ZFBw
M1JyQ3FrSVQ4TEJVMzVwSE1PJTJlCltXZWQgT2N0IDIyIDExOjM1OjUzIDIw
MDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBDYW4ndCBjYWxs
IG1ldGhvZCAidGV4dCIgb24gYW4gdW5kZWZpbmVkIHZhbHVlIGF0IC4uL2xp
Yi8vTm9DYXQvQXV0aFNlcnZpY2UucG0gbGluZSAxMzQuLCByZWZlcmVyOiBo
dHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0
cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVq
aWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJl
MSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tl
bj0lMjQxJTI0OTk5MzQ1MTIlMjRkUHAzUnJDcWtJVDhMQlUzNXBITU8lMmUK
W1dlZCBPY3QgMjIgMTE6Mzg6MDEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDExOjM4OjAxXSBVc2VyIFVOS05P
V04gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0KW1dlZCBPY3Qg
MjIgMTE6Mzg6MjkgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4x
OTddIFsyMDAzLTEwLTIyIDExOjM4OjI5XSBVc2VyIFVOS05PV04gZnJvbSAx
OTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0KW1dlZCBPY3QgMjIgMTI6Mzk6
NDIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAz
LTEwLTIyIDEyOjM5OjQyXSBVc2VyIFVOS05PV04gZnJvbSAxOTIuMTY4LjEu
MTk3IHJlcXVlc3RzIGZvcm0KW1dlZCBPY3QgMjIgMTI6Mzk6NTkgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFByZW1hdHVyZSBlbmQg
b2Ygc2NyaXB0IGhlYWRlcnM6IGxvZ2luLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUy
ZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0
ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1
QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFC
cVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6Mzk6NTkgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDEyOjM5OjU4XSBVc2VyIHN1bnNoZW5nQGhvdG1haWwuY29tIGZyb20gMTky
LjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUy
ZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0
ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1
QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFC
cVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6Mzk6NTkgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDEyOjM5OjU5XSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3Iv
bG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5n
IHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3Ig
bWVzc2FnZTosIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJp
bi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5v
cnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUy
ZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEy
JnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRv
biUyZQpbV2VkIE9jdCAyMiAxMjozOTo1OSAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBXYXJuaW5nOiB1c2luZyBpbnNlY3Vy
ZSBtZW1vcnkhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVu
b3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjgl
MmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FB
MiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4cUhaTTYxNG5KV3lU
b24lMmUKW1dlZCBPY3QgMjIgMTI6Mzk6NTkgMjAwM10gW2Vycm9yXSBbY2xp
ZW50IDE5Mi4xNjguMS4xOTddIGdwZzogW2Rvbid0IGtub3ddOiBpbnZhbGlk
IHBhY2tldCAoY3RiPTAwKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEu
MS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUy
ZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTky
JTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUz
YUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02
MTRuSld5VG9uJTJlCltXZWQgT2N0IDIyIDEyOjM5OjU5IDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IHJlYWRfa2V5YmxvY2s6
IHJlYWQgZXJyb3I6IGludmFsaWQgcGFja2V0LCByZWZlcmVyOiBodHRwczov
LzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUy
ZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAm
Z2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYl
M2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRa
RUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6Mzk6NTkg
MjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogZW51
bV9rZXlibG9ja3MgZmFpbGVkOiBpbnZhbGlkIGtleXJpbmcsIHJlZmVyZXI6
IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1o
dHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1l
b3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9
MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4NDcy
MjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAx
MjozOTo1OSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
Z3BnOiBubyBkZWZhdWx0IHNlY3JldCBrZXk6IGludmFsaWQga2V5cmluZywg
cmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3Jl
ZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29t
JTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1
MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0
MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltXZWQg
T2N0IDIyIDEyOjM5OjU5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4
LjEuMTk3XSBncGc6IHNpZ25pbmcgZmFpbGVkOiBpbnZhbGlkIGtleXJpbmcs
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9y
ZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNv
bSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNh
NTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUy
NDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2Vk
IE9jdCAyMiAxMjozOTo1OSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gWzIwMDMtMTAtMjIgMTI6Mzk6NTldIGdwZyAtLXNpZ24gLS1h
cm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2kt
YmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8tdHR5
IC1vLSByZXR1cm5lZCBlcnJvcjogQnJva2VuIHBpcGUgKCAyICksIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0
aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZt
YWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4
NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAy
MiAxMjozOTo1OSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gQ2FuJ3QgY2FsbCBtZXRob2QgInRleHQiIG9uIGFuIHVuZGVmaW5lZCB2
YWx1ZSBhdCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2aWNlLnBtIGxpbmUgMTM0
LiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
P3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJl
Y29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTEl
M2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49
JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltX
ZWQgT2N0IDIyIDEyOjQwOjU0IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMjo0MDo1NF0gVXNlciBVTktOT1dO
IGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtCltXZWQgT2N0IDIy
IDEyOjQwOjU3IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBQcmVtYXR1cmUgZW5kIG9mIHNjcmlwdCBoZWFkZXJzOiBsb2dpbiwgcmVm
ZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGly
ZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJm
JnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1Mjgw
Jm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUy
NDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltXZWQgT2N0
IDIyIDEyOjQwOjU3IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBbMjAwMy0xMC0yMiAxMjo0MDo1N10gVXNlciBVTktOT1dOIGZyb20g
MTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczov
LzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUy
ZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAm
Z2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYl
M2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRa
RUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDA6NTcg
MjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEw
LTIyIDEyOjQwOjU3XSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91
c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXly
aW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJy
b3IgbWVzc2FnZTosIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUy
ZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2
OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUz
YUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpX
eVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0MDo1NyAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBXYXJuaW5nOiB1c2luZyBpbnNl
Y3VyZSBtZW1vcnkhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2Nn
aS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMl
MmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUx
NjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDkl
M2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4cUhaTTYxNG5K
V3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDA6NTcgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogW2Rvbid0IGtub3ddOiBpbnZh
bGlkIHBhY2tldCAoY3RiPTAwKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4
LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3Js
ZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9
MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FB
MiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFI
Wk02MTRuSld5VG9uJTJlCltXZWQgT2N0IDIyIDEyOjQwOjU3IDIwMDNdIFtl
cnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IHJlYWRfa2V5Ymxv
Y2s6IHJlYWQgZXJyb3I6IGludmFsaWQgcGFja2V0LCByZWZlcmVyOiBodHRw
czovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUz
YSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02
MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNh
MDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUl
MjRaRUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDA6
NTcgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzog
ZW51bV9rZXlibG9ja3MgZmFpbGVkOiBpbnZhbGlkIGtleXJpbmcsIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0
aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZt
YWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4
NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAy
MiAxMjo0MDo1NyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gZ3BnOiBubyBkZWZhdWx0IHNlY3JldCBrZXk6IGludmFsaWQga2V5cmlu
ZywgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
P3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJl
Y29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTEl
M2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49
JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltX
ZWQgT2N0IDIyIDEyOjQwOjU3IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBncGc6IHNpZ25pbmcgZmFpbGVkOiBpbnZhbGlkIGtleXJp
bmcsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dp
bj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUy
ZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUx
JTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2Vu
PSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpb
V2VkIE9jdCAyMiAxMjo0MDo1NyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTky
LjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTI6NDA6NTddIGdwZyAtLXNpZ24g
LS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9j
Z2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8t
dHR5IC1vLSByZXR1cm5lZCBlcnJvcjogQnJva2VuIHBpcGUgKCAyICksIHJl
ZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRp
cmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUy
ZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4
MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDEl
MjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9j
dCAyMiAxMjo0MDo1NyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4x
LjE5N10gQ2FuJ3QgY2FsbCBtZXRob2QgInRleHQiIG9uIGFuIHVuZGVmaW5l
ZCB2YWx1ZSBhdCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2aWNlLnBtIGxpbmUg
MTM0LiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xv
Z2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVs
JTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUy
ZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9r
ZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJl
CltXZWQgT2N0IDIyIDEyOjQxOjA0IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAx
OTIuMTY4LjEuMTk3XSBQcmVtYXR1cmUgZW5kIG9mIHNjcmlwdCBoZWFkZXJz
OiBsb2dpbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmlu
L2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9y
dGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJl
MSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTIm
dG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9u
JTJlCltXZWQgT2N0IDIyIDEyOjQxOjA0IDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMjo0MTowNF0gVXNlciBV
TktOT1dOIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZl
cmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJl
Y3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYm
dGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAm
bWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0
ODQ3MjI0NjUlMjRaRUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3Qg
MjIgMTI6NDE6MDQgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4x
OTddIFsyMDAzLTEwLTIyIDEyOjQxOjA0XSBncGcgLS1zaWduIC0tYXJtb3Ig
LS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8u
Li9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0g
cmV0dXJuZWQgZXJyb3IgbWVzc2FnZTosIHJlZmVyZXI6IGh0dHBzOi8vMTky
LjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJm
d29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRl
d2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVC
JTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJx
UHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0MTowNCAyMDAz
XSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBXYXJuaW5n
OiB1c2luZyBpbnNlY3VyZSBtZW1vcnkhLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUy
ZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0
ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1
QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFC
cVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDE6MDQgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogW2Rvbid0
IGtub3ddOiBpbnZhbGlkIHBhY2tldCAoY3RiPTAwKSwgcmVmZXJlcjogaHR0
cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAl
M2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9
NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUz
YTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0NzIyNDY1
JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltXZWQgT2N0IDIyIDEyOjQx
OjA0IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6
IHJlYWRfa2V5YmxvY2s6IHJlYWQgZXJyb3I6IGludmFsaWQgcGFja2V0LCBy
ZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVk
aXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20l
MmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUy
ODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQx
JTI0ODQ3MjI0NjUlMjRaRUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBP
Y3QgMjIgMTI6NDE6MDQgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjgu
MS4xOTddIGdwZzogZW51bV9rZXlibG9ja3MgZmFpbGVkOiBpbnZhbGlkIGtl
eXJpbmcsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9s
b2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRl
bCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTEl
MmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRv
a2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUy
ZQpbV2VkIE9jdCAyMiAxMjo0MTowNCAyMDAzXSBbZXJyb3JdIFtjbGllbnQg
MTkyLjE2OC4xLjE5N10gZ3BnOiBubyBkZWZhdWx0IHNlY3JldCBrZXk6IGlu
dmFsaWQga2V5cmluZywgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9j
Z2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVz
JTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJl
MTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5
JTNhQTImdG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRu
Sld5VG9uJTJlCltXZWQgT2N0IDIyIDEyOjQxOjA0IDIwMDNdIFtlcnJvcl0g
W2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IHNpZ25pbmcgZmFpbGVkOiBp
bnZhbGlkIGtleXJpbmcsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEv
Y2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1
cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUy
ZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FE
OSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0
bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0MTowNCAyMDAzXSBbZXJyb3Jd
IFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTI6NDE6MDRd
IGdwZyAtLXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2Nh
dC9hdXRoc2Vydi9jZ2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtl
eXMuZ3BnIC0tbm8tdHR5IC1vLSByZXR1cm5lZCBlcnJvcjogSWxsZWdhbCBz
ZWVrICggMiApLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVu
b3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjgl
MmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FB
MiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4cUhaTTYxNG5KV3lU
b24lMmUKW1dlZCBPY3QgMjIgMTI6NDE6MDQgMjAwM10gW2Vycm9yXSBbY2xp
ZW50IDE5Mi4xNjguMS4xOTddIENhbid0IGNhbGwgbWV0aG9kICJ0ZXh0IiBv
biBhbiB1bmRlZmluZWQgdmFsdWUgYXQgLi4vbGliLy9Ob0NhdC9BdXRoU2Vy
dmljZS5wbSBsaW5lIDEzNC4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4x
LjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQl
MmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5
MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIl
M2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpN
NjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0MToxMSAyMDAzXSBbZXJy
b3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gUHJlbWF0dXJlIGVuZCBvZiBz
Y3JpcHQgaGVhZGVyczogbG9naW4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2
OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29y
bGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5
PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNh
QTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhx
SFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0MToxMSAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTI6
NDE6MTFdIFVzZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVz
dHMgZm9ybSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmlu
L2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9y
dGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJl
MSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTIm
dG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9u
JTJlCltXZWQgT2N0IDIyIDEyOjQxOjExIDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMjo0MToxMV0gZ3BnIC0t
c2lnbiAtLWFybW9yIC0taG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhz
ZXJ2L2NnaS1iaW4vLi4vcGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcg
LS1uby10dHkgLW8tIHJldHVybmVkIGVycm9yIG1lc3NhZ2U6LCByZWZlcmVy
OiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9
aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3
MjI0NjUlMjRaRUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIg
MTI6NDE6MTEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IGdwZzogV2FybmluZzogdXNpbmcgaW5zZWN1cmUgbWVtb3J5ISwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0
NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltXZWQgT2N0IDIy
IDEyOjQxOjExIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IFtkb24ndCBrbm93XTogaW52YWxpZCBwYWNrZXQgKGN0Yj0wMCks
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9y
ZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNv
bSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNh
NTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUy
NDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2Vk
IE9jdCAyMiAxMjo0MToxMSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gZ3BnOiByZWFkX2tleWJsb2NrOiByZWFkIGVycm9yOiBpbnZh
bGlkIHBhY2tldCwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2kt
YmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJl
bm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4
JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNh
QTImdG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5
VG9uJTJlCltXZWQgT2N0IDIyIDEyOjQxOjExIDIwMDNdIFtlcnJvcl0gW2Ns
aWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IGVudW1fa2V5YmxvY2tzIGZhaWxl
ZDogaW52YWxpZCBrZXlyaW5nLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjgu
MS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxk
JTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0x
OTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEy
JTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4cUha
TTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDE6MTEgMjAwM10gW2Vy
cm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogbm8gZGVmYXVsdCBz
ZWNyZXQga2V5OiBpbnZhbGlkIGtleXJpbmcsIHJlZmVyZXI6IGh0dHBzOi8v
MTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJm
JTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZn
YXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUz
YTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpF
QUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0MToxMSAy
MDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBzaWdu
aW5nIGZhaWxlZDogaW52YWxpZCBrZXlyaW5nLCByZWZlcmVyOiBodHRwczov
LzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUy
ZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAm
Z2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYl
M2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRa
RUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDE6MTEg
MjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEw
LTIyIDEyOjQxOjExXSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91
c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXly
aW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJy
b3I6IEJyb2tlbiBwaXBlICggMiApLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndv
cmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4
cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDE6MTEgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIENhbid0IGNhbGwgbWV0
aG9kICJ0ZXh0IiBvbiBhbiB1bmRlZmluZWQgdmFsdWUgYXQgLi4vbGliLy9O
b0NhdC9BdXRoU2VydmljZS5wbSBsaW5lIDEzNC4sIHJlZmVyZXI6IGh0dHBz
Oi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNh
JTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYw
MCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2Ew
NiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUy
NFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0NDox
MyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyA0MDgzIHN0aWxsIGRpZCBu
b3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMTI6NDQ6
MTMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgNDA4NCBzdGlsbCBkaWQg
bm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltXZWQgT2N0IDIyIDEyOjQ0
OjEzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDQwODUgc3RpbGwgZGlk
IG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbV2VkIE9jdCAyMiAxMjo0
NDoxMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyA0MDg2IHN0aWxsIGRp
ZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMTI6
NDQ6MTMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgNDA4NyBzdGlsbCBk
aWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltXZWQgT2N0IDIyIDEy
OjQ0OjEzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDQwODggc3RpbGwg
ZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbV2VkIE9jdCAyMiAx
Mjo0NDoxMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyA0MDg5IHN0aWxs
IGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIg
MTI6NDQ6MTMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgNDA5MCBzdGls
bCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltXZWQgT2N0IDIy
IDEyOjQ0OjEzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDQwODMgc3Rp
bGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbV2VkIE9jdCAy
MiAxMjo0NDoxMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyA0MDg0IHN0
aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dlZCBPY3Qg
MjIgMTI6NDQ6MTMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgNDA4NSBz
dGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltXZWQgT2N0
IDIyIDEyOjQ0OjEzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDQwODYg
c3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbV2VkIE9j
dCAyMiAxMjo0NDoxMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyA0MDg3
IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dlZCBP
Y3QgMjIgMTI6NDQ6MTMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3MgNDA4
OCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltXZWQg
T2N0IDIyIDEyOjQ0OjEzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNzIDQw
ODkgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpbV2Vk
IE9jdCAyMiAxMjo0NDoxMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyA0
MDkwIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dl
ZCBPY3QgMjIgMTI6NDQ6MTQgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3Mg
NDA4MyBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltX
ZWQgT2N0IDIyIDEyOjQ0OjE0IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNz
IDQwODQgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpb
V2VkIE9jdCAyMiAxMjo0NDoxNCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2Vz
cyA0MDg1IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0K
W1dlZCBPY3QgMjIgMTI6NDQ6MTQgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nl
c3MgNDA4NiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJN
CltXZWQgT2N0IDIyIDEyOjQ0OjE0IDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9j
ZXNzIDQwODcgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVS
TQpbV2VkIE9jdCAyMiAxMjo0NDoxNCAyMDAzXSBbd2Fybl0gY2hpbGQgcHJv
Y2VzcyA0MDg4IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RF
Uk0KW1dlZCBPY3QgMjIgMTI6NDQ6MTQgMjAwM10gW3dhcm5dIGNoaWxkIHBy
b2Nlc3MgNDA4OSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdU
RVJNCltXZWQgT2N0IDIyIDEyOjQ0OjE0IDIwMDNdIFt3YXJuXSBjaGlsZCBw
cm9jZXNzIDQwOTAgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lH
VEVSTQpbV2VkIE9jdCAyMiAxMjo0NDoxOCAyMDAzXSBbd2Fybl0gUlNBIHNl
cnZlciBjZXJ0aWZpY2F0ZSBpcyBhIENBIGNlcnRpZmljYXRlIChCYXNpY0Nv
bnN0cmFpbnRzOiBDQSA9PSBUUlVFICE/KQpbV2VkIE9jdCAyMiAxMjo0NDox
OCAyMDAzXSBbd2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZpY2F0ZSBDb21tb25O
YW1lIChDTikgYGxvY2FsaG9zdC5sb2NhbGRvbWFpbicgZG9lcyBOT1QgbWF0
Y2ggc2VydmVyIG5hbWUhPwpbV2VkIE9jdCAyMiAxMjo0NDoyMCAyMDAzXSBb
d2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZpY2F0ZSBpcyBhIENBIGNlcnRpZmlj
YXRlIChCYXNpY0NvbnN0cmFpbnRzOiBDQSA9PSBUUlVFICE/KQpbV2VkIE9j
dCAyMiAxMjo0NDoyMCAyMDAzXSBbd2Fybl0gUlNBIHNlcnZlciBjZXJ0aWZp
Y2F0ZSBDb21tb25OYW1lIChDTikgYGxvY2FsaG9zdC5sb2NhbGRvbWFpbicg
ZG9lcyBOT1QgbWF0Y2ggc2VydmVyIG5hbWUhPwpbV2VkIE9jdCAyMiAxMjo0
NDoyMCAyMDAzXSBbbm90aWNlXSBEaWdlc3Q6IGdlbmVyYXRpbmcgc2VjcmV0
IGZvciBkaWdlc3QgYXV0aGVudGljYXRpb24gLi4uCltXZWQgT2N0IDIyIDEy
OjQ0OjIwIDIwMDNdIFtub3RpY2VdIERpZ2VzdDogZG9uZQpbV2VkIE9jdCAy
MiAxMjo0NDoyMSAyMDAzXSBbbm90aWNlXSBBcGFjaGUvMi4wLjQwIChSZWQg
SGF0IExpbnV4KSBjb25maWd1cmVkIC0tIHJlc3VtaW5nIG5vcm1hbCBvcGVy
YXRpb25zCltXZWQgT2N0IDIyIDEyOjQ0OjI4IDIwMDNdIFtlcnJvcl0gW2Ns
aWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMjo0NDoyOF0gVXNl
ciBVTktOT1dOIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtCltX
ZWQgT2N0IDIyIDEyOjQ0OjM5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBQcmVtYXR1cmUgZW5kIG9mIHNjcmlwdCBoZWFkZXJzOiBs
b2dpbiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xv
Z2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJl
Y24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9
MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FB
MiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFI
Wk02MTRuSld5VG9uJTJlCltXZWQgT2N0IDIyIDEyOjQ0OjM5IDIwMDNdIFtl
cnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxMjo0
NDozOV0gVXNlciBzdW5zaGVuZ0Bob3RtYWlsLmNvbSBmcm9tIDE5Mi4xNjgu
MS4xOTcgcmVxdWVzdHMgZm9ybSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4
LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3cl
MmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVv
dXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0w
MCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0NzIy
NDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltXZWQgT2N0IDIyIDEy
OjQ0OjM5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBb
MjAwMy0xMC0yMiAxMjo0NDozOV0gZ3BnIC0tc2lnbiAtLWFybW9yIC0taG9t
ZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1iaW4vLi4vcGdw
IC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1uby10dHkgLW8tIHJldHVy
bmVkIGVycm9yIG1lc3NhZ2U6LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjgu
MS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUy
ZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91
dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAw
JTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0
NjUlMjRaRUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6
NDQ6MzkgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdw
ZzogV2FybmluZzogdXNpbmcgaW5zZWN1cmUgbWVtb3J5ISwgcmVmZXJlcjog
aHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0
dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1
amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUy
ZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9r
ZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJl
CltXZWQgT2N0IDIyIDEyOjQ0OjM5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAx
OTIuMTY4LjEuMTk3XSBncGc6IFtkb24ndCBrbm93XTogaW52YWxpZCBwYWNr
ZXQgKGN0Yj0wMCksIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUy
ZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZn
YXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUz
YTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpF
QUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0NDozOSAy
MDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiByZWFk
X2tleWJsb2NrOiByZWFkIGVycm9yOiBpbnZhbGlkIHBhY2tldCwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUy
ZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJl
MSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTIm
dG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9u
JTJlCltXZWQgT2N0IDIyIDEyOjQ0OjM5IDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBncGc6IGVudW1fa2V5YmxvY2tzIGZhaWxlZDog
aW52YWxpZCBrZXlyaW5nLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4x
L2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRv
bm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02
MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNh
MDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUl
MjRaRUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDQ6
MzkgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzog
bm8gZGVmYXVsdCBzZWNyZXQga2V5OiBpbnZhbGlkIGtleXJpbmcsIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUl
MmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUy
ZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEy
JnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRv
biUyZQpbV2VkIE9jdCAyMiAxMjo0NDozOSAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBzaWduaW5nIGZhaWxlZDogaW52YWxp
ZCBrZXlyaW5nLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1i
aW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVj
b20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0
ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1
QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFC
cVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NDQ6MzkgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDEyOjQ0OjM5XSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3Iv
bG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5n
IHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3I6
IEJyb2tlbiBwaXBlICggMiApLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjgu
MS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUy
ZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91
dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAw
JTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0
NjUlMjRaRUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6
NDQ6MzkgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIENh
bid0IGNhbGwgbWV0aG9kICJ0ZXh0IiBvbiBhbiB1bmRlZmluZWQgdmFsdWUg
YXQgLi4vbGliLy9Ob0NhdC9BdXRoU2VydmljZS5wbSBsaW5lIDEzNC4sIHJl
ZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRp
cmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVq
aWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2
OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUz
YUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpX
eVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo0Njo1MCAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTI6NDY6NTBdIFVz
ZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybQpb
V2VkIE9jdCAyMiAxMjo1Mjo0NSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTky
LjE2OC4xLjE5N10gUHJlbWF0dXJlIGVuZCBvZiBzY3JpcHQgaGVhZGVyczog
bG9naW4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9s
b2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUy
ZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5
PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNh
QTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhx
SFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo1Mjo0NSAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTI6
NTI6NDVdIFVzZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVz
dHMgZm9ybSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmlu
L2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29t
JTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3
YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIl
M2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQ
eHFIWk02MTRuSld5VG9uJTJlCltXZWQgT2N0IDIyIDEyOjUyOjQ1IDIwMDNd
IFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAx
Mjo1Mjo0NV0gZ3BnIC0tc2lnbiAtLWFybW9yIC0taG9tZWRpcj0vdXNyL2xv
Y2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1iaW4vLi4vcGdwIC0ta2V5cmluZyB0
cnVzdGVka2V5cy5ncGcgLS1uby10dHkgLW8tIHJldHVybmVkIGVycm9yIG1l
c3NhZ2U6LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4v
bG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20l
MmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4
cUhaTTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NTI6NDUgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogV2FybmluZzog
dXNpbmcgaW5zZWN1cmUgbWVtb3J5ISwgcmVmZXJlcjogaHR0cHM6Ly8xOTIu
MTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3
d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0
NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltXZWQgT2N0IDIy
IDEyOjUyOjQ1IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IFtkb24ndCBrbm93XTogaW52YWxpZCBwYWNrZXQgKGN0Yj0wMCks
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9y
ZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJm
dHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUy
ZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FE
OSUzYUEyJnRva2VuPSUyNDElMjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0
bkpXeVRvbiUyZQpbV2VkIE9jdCAyMiAxMjo1Mjo0NSAyMDAzXSBbZXJyb3Jd
IFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiByZWFkX2tleWJsb2NrOiBy
ZWFkIGVycm9yOiBpbnZhbGlkIHBhY2tldCwgcmVmZXJlcjogaHR0cHM6Ly8x
OTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYl
MmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRt
JnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1Mjgw
Jm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUy
NDg0NzIyNDY1JTI0WkVBQnFQeHFIWk02MTRuSld5VG9uJTJlCltXZWQgT2N0
IDIyIDEyOjUyOjQ1IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBncGc6IGVudW1fa2V5YmxvY2tzIGZhaWxlZDogaW52YWxpZCBrZXly
aW5nLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9n
aW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVj
biUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0x
OTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEy
JTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4cUha
TTYxNG5KV3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NTI6NDUgMjAwM10gW2Vy
cm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogbm8gZGVmYXVsdCBz
ZWNyZXQga2V5OiBpbnZhbGlkIGtleXJpbmcsIHJlZmVyZXI6IGh0dHBzOi8v
MTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJm
JTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0
bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4
MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDEl
MjQ4NDcyMjQ2NSUyNFpFQUJxUHhxSFpNNjE0bkpXeVRvbiUyZQpbV2VkIE9j
dCAyMiAxMjo1Mjo0NSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4x
LjE5N10gZ3BnOiBzaWduaW5nIGZhaWxlZDogaW52YWxpZCBrZXlyaW5nLCBy
ZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVk
aXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1
amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUx
NjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDkl
M2FBMiZ0b2tlbj0lMjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4cUhaTTYxNG5K
V3lUb24lMmUKW1dlZCBPY3QgMjIgMTI6NTI6NDUgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDEyOjUyOjQ1XSBn
cGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3IvbG9jYWwvbm9jYXQv
YXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5nIHRydXN0ZWRrZXlz
LmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3I6IElsbGVnYWwgc2Vl
ayAoIDIgKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmlu
L2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29t
JTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3
YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIl
M2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDg0NzIyNDY1JTI0WkVBQnFQ
eHFIWk02MTRuSld5VG9uJTJlCltXZWQgT2N0IDIyIDEyOjUyOjQ1IDIwMDNd
IFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBDYW4ndCBjYWxsIG1l
dGhvZCAidGV4dCIgb24gYW4gdW5kZWZpbmVkIHZhbHVlIGF0IC4uL2xpYi8v
Tm9DYXQvQXV0aFNlcnZpY2UucG0gbGluZSAxMzQuLCByZWZlcmVyOiBodHRw
czovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUz
YSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUl
MmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0ODQ3MjI0NjUlMjRaRUFCcVB4cUhaTTYxNG5KV3lUb24lMmUKW1dl
ZCBPY3QgMjIgMTM6MDQ6MDMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nlc3Mg
NDQyOSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJNCltX
ZWQgT2N0IDIyIDEzOjA0OjAzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9jZXNz
IDQ0MzAgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVSTQpb
V2VkIE9jdCAyMiAxMzowNDowMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2Vz
cyA0NDMxIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0K
W1dlZCBPY3QgMjIgMTM6MDQ6MDMgMjAwM10gW3dhcm5dIGNoaWxkIHByb2Nl
c3MgNDQzMiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdURVJN
CltXZWQgT2N0IDIyIDEzOjA0OjAzIDIwMDNdIFt3YXJuXSBjaGlsZCBwcm9j
ZXNzIDQ0MzMgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lHVEVS
TQpbV2VkIE9jdCAyMiAxMzowNDowMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJv
Y2VzcyA0NDM0IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RF
Uk0KW1dlZCBPY3QgMjIgMTM6MDQ6MDMgMjAwM10gW3dhcm5dIGNoaWxkIHBy
b2Nlc3MgNDQzNSBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBTSUdU
RVJNCltXZWQgT2N0IDIyIDEzOjA0OjAzIDIwMDNdIFt3YXJuXSBjaGlsZCBw
cm9jZXNzIDQ0MzYgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEgU0lH
VEVSTQpbV2VkIE9jdCAyMiAxMzowNDowMyAyMDAzXSBbd2Fybl0gY2hpbGQg
cHJvY2VzcyA0NDI5IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJ
R1RFUk0KW1dlZCBPY3QgMjIgMTM6MDQ6MDMgMjAwM10gW3dhcm5dIGNoaWxk
IHByb2Nlc3MgNDQzMCBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcgYSBT
SUdURVJNCltXZWQgT2N0IDIyIDEzOjA0OjAzIDIwMDNdIFt3YXJuXSBjaGls
ZCBwcm9jZXNzIDQ0MzEgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5nIGEg
U0lHVEVSTQpbV2VkIE9jdCAyMiAxMzowNDowMyAyMDAzXSBbd2Fybl0gY2hp
bGQgcHJvY2VzcyA0NDMyIHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGluZyBh
IFNJR1RFUk0KW1dlZCBPY3QgMjIgMTM6MDQ6MDMgMjAwM10gW3dhcm5dIGNo
aWxkIHByb2Nlc3MgNDQzMyBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRpbmcg
YSBTSUdURVJNCltXZWQgT2N0IDIyIDEzOjA0OjAzIDIwMDNdIFt3YXJuXSBj
aGlsZCBwcm9jZXNzIDQ0MzQgc3RpbGwgZGlkIG5vdCBleGl0LCBzZW5kaW5n
IGEgU0lHVEVSTQpbV2VkIE9jdCAyMiAxMzowNDowMyAyMDAzXSBbd2Fybl0g
Y2hpbGQgcHJvY2VzcyA0NDM1IHN0aWxsIGRpZCBub3QgZXhpdCwgc2VuZGlu
ZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMTM6MDQ6MDMgMjAwM10gW3dhcm5d
IGNoaWxkIHByb2Nlc3MgNDQzNiBzdGlsbCBkaWQgbm90IGV4aXQsIHNlbmRp
bmcgYSBTSUdURVJNCltXZWQgT2N0IDIyIDEzOjA0OjA0IDIwMDNdIFtub3Rp
Y2VdIGNhdWdodCBTSUdURVJNLCBzaHV0dGluZyBkb3duCltXZWQgT2N0IDIy
IDEzOjA0OjEwIDIwMDNdIFtub3RpY2VdIERpZ2VzdDogZ2VuZXJhdGluZyBz
ZWNyZXQgZm9yIGRpZ2VzdCBhdXRoZW50aWNhdGlvbiAuLi4KW1dlZCBPY3Qg
MjIgMTM6MDQ6MTAgMjAwM10gW25vdGljZV0gRGlnZXN0OiBkb25lCltXZWQg
T2N0IDIyIDEzOjA0OjExIDIwMDNdIFtub3RpY2VdIEFwYWNoZS8yLjAuNDAg
KFJlZCBIYXQgTGludXgpIGNvbmZpZ3VyZWQgLS0gcmVzdW1pbmcgbm9ybWFs
IG9wZXJhdGlvbnMKW1dlZCBPY3QgMjIgMTM6MDQ6MTQgMjAwM10gW2Vycm9y
XSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGNsaWVudCBkZW5pZWQgYnkgc2Vy
dmVyIGNvbmZpZ3VyYXRpb246IC91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYv
aHRkb2NzLwpbV2VkIE9jdCAyMiAxMzowNDoxOCAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gY2xpZW50IGRlbmllZCBieSBzZXJ2ZXIg
Y29uZmlndXJhdGlvbjogL3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9odGRv
Y3MvCltXZWQgT2N0IDIyIDEzOjA0OjIwIDIwMDNdIFtlcnJvcl0gW2NsaWVu
dCAxOTIuMTY4LjEuMTk3XSBjbGllbnQgZGVuaWVkIGJ5IHNlcnZlciBjb25m
aWd1cmF0aW9uOiAvdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2h0ZG9jcy8K
W1dlZCBPY3QgMjIgMTM6MDQ6MjEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIGNsaWVudCBkZW5pZWQgYnkgc2VydmVyIGNvbmZpZ3Vy
YXRpb246IC91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvaHRkb2NzLwpbV2Vk
IE9jdCAyMiAxMzowNDoyMSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2
OC4xLjE5N10gY2xpZW50IGRlbmllZCBieSBzZXJ2ZXIgY29uZmlndXJhdGlv
bjogL3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9odGRvY3MvCltXZWQgT2N0
IDIyIDEzOjA0OjIyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBjbGllbnQgZGVuaWVkIGJ5IHNlcnZlciBjb25maWd1cmF0aW9uOiAv
dXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2h0ZG9jcy8KW1dlZCBPY3QgMjIg
MTM6MDQ6NDEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTdd
IGNsaWVudCBkZW5pZWQgYnkgc2VydmVyIGNvbmZpZ3VyYXRpb246IC91c3Iv
bG9jYWwvbm9jYXQvYXV0aHNlcnYvaHRkb2NzLwpbV2VkIE9jdCAyMiAxMzow
NToxMyAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyA0NTY1IHN0aWxsIGRp
ZCBub3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMTM6
MDU6MTQgMjAwM10gW25vdGljZV0gY2F1Z2h0IFNJR1RFUk0sIHNodXR0aW5n
IGRvd24KW1dlZCBPY3QgMjIgMTM6MDU6MTUgMjAwM10gW3dhcm5dIFJTQSBz
ZXJ2ZXIgY2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWND
b25zdHJhaW50czogQ0EgPT0gVFJVRSAhPykKW1dlZCBPY3QgMjIgMTM6MDU6
MTUgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9u
TmFtZSAoQ04pIGBsb2NhbGhvc3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1h
dGNoIHNlcnZlciBuYW1lIT8KW1dlZCBPY3QgMjIgMTM6MDU6MTYgMjAwM10g
W3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0aWZp
Y2F0ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0gVFJVRSAhPykKW1dlZCBP
Y3QgMjIgMTM6MDU6MTYgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlm
aWNhdGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhvc3QubG9jYWxkb21haW4n
IGRvZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8KW1dlZCBPY3QgMjIgMTM6
MDU6MTYgMjAwM10gW25vdGljZV0gRGlnZXN0OiBnZW5lcmF0aW5nIHNlY3Jl
dCBmb3IgZGlnZXN0IGF1dGhlbnRpY2F0aW9uIC4uLgpbV2VkIE9jdCAyMiAx
MzowNToxNiAyMDAzXSBbbm90aWNlXSBEaWdlc3Q6IGRvbmUKW1dlZCBPY3Qg
MjIgMTM6MDU6MTcgMjAwM10gW25vdGljZV0gQXBhY2hlLzIuMC40MCAoUmVk
IEhhdCBMaW51eCkgY29uZmlndXJlZCAtLSByZXN1bWluZyBub3JtYWwgb3Bl
cmF0aW9ucwpbV2VkIE9jdCAyMiAxMzowNToyMSAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTM6MDU6MjFdIFVz
ZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybQpb
V2VkIE9jdCAyMiAxMzowNzoxOCAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTky
LjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTM6MDc6MThdIFVzZXIgVU5LTk9X
TiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybSwgcmVmZXJlcjog
aHR0cDovL2NoYXQuc2tpZi5uZXQvY2hhdApbV2VkIE9jdCAyMiAxMzoyMToy
MSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMt
MTAtMjIgMTM6MjE6MjFdIFVzZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4x
OTcgcmVxdWVzdHMgZm9ybQpbV2VkIE9jdCAyMiAxMzoyMjoxMyAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTM6
MjI6MTNdIFVzZXIgVU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVz
dHMgZm9ybQpbV2VkIE9jdCAyMiAxMzoyMjo0OSAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTM6MjI6NDhdIFVz
ZXIgY2hyaXNAaG90bWFpbC5jb20gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVl
c3RzIGZvcm0sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJp
bi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5v
cnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUy
ZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEy
JnRva2VuPSUyNDElMjQ5NDI0NDA1NSUyNHRTRGZwcnhPOU5rTTBMJTJlY1dZ
TnlRMApbV2VkIE9jdCAyMiAxMzoyNjoyNCAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTM6MjY6MjRdIFVzZXIg
VU5LTk9XTiBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9ybSwgcmVm
ZXJlcjogaHR0cDovL2NoYXQuc2tpZi5uZXQvY2hhdApbV2VkIE9jdCAyMiAx
Mzo0ODo1NSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
UHJlbWF0dXJlIGVuZCBvZiBzY3JpcHQgaGVhZGVyczogbG9naW4sIHJlZmVy
ZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVj
dD1odHRwJTNhJTJmJTJmd3d3JTJlbGludXhmb3J1bSUyZW5ldCUyZmZvcnVt
JTJmY2F0ZWdvcmllcyUyZXBocCZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUy
ZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FE
OSUzYUEyJnRva2VuPSUyNDElMjQ5NDI0NDA1NSUyNHRTRGZwcnhPOU5rTTBM
JTJlY1dZTnlRMApbV2VkIE9jdCAyMiAxMzo0ODo1NSAyMDAzXSBbZXJyb3Jd
IFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTM6NDg6NTVd
IFVzZXIgc3Vuc2hlbmdAaG90bWFpbC5jb20gZnJvbSAxOTIuMTY4LjEuMTk3
IHJlcXVlc3RzIGZvcm0sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEv
Y2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlbGlu
dXhmb3J1bSUyZW5ldCUyZmZvcnVtJTJmY2F0ZWdvcmllcyUyZXBocCZ0aW1l
b3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9
MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ5NDI0
NDA1NSUyNHRTRGZwcnhPOU5rTTBMJTJlY1dZTnlRMApbV2VkIE9jdCAyMiAx
Mzo0ODo1NSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
WzIwMDMtMTAtMjIgMTM6NDg6NTVdIGdwZyAtLXNpZ24gLS1hcm1vciAtLWhv
bWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmluLy4uL3Bn
cCAtLWtleXJpbmcgdHJ1c3RlZGtleXMuZ3BnIC0tbm8tdHR5IC1vLSByZXR1
cm5lZCBlcnJvciBtZXNzYWdlOiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4
LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3cl
MmVsaW51eGZvcnVtJTJlbmV0JTJmZm9ydW0lMmZjYXRlZ29yaWVzJTJlcGhw
JnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1Mjgw
Jm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUy
NDk0MjQ0MDU1JTI0dFNEZnByeE85TmtNMEwlMmVjV1lOeVEwCltXZWQgT2N0
IDIyIDEzOjQ4OjU1IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBncGc6IFdhcm5pbmc6IHVzaW5nIGluc2VjdXJlIG1lbW9yeSEsIHJl
ZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRp
cmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlbGludXhmb3J1bSUyZW5ldCUyZmZv
cnVtJTJmY2F0ZWdvcmllcyUyZXBocCZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5
MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIl
M2FEOSUzYUEyJnRva2VuPSUyNDElMjQ5NDI0NDA1NSUyNHRTRGZwcnhPOU5r
TTBMJTJlY1dZTnlRMApbV2VkIE9jdCAyMiAxMzo0ODo1NSAyMDAzXSBbZXJy
b3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBbZG9uJ3Qga25vd106
IGludmFsaWQgcGFja2V0IChjdGI9MDApLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUy
Znd3dyUyZWxpbnV4Zm9ydW0lMmVuZXQlMmZmb3J1bSUyZmNhdGVnb3JpZXMl
MmVwaHAmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0OTQyNDQwNTUlMjR0U0RmcHJ4TzlOa00wTCUyZWNXWU55UTAKW1dl
ZCBPY3QgMjIgMTM6NDg6NTUgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIGdwZzogcmVhZF9rZXlibG9jazogcmVhZCBlcnJvcjogaW52
YWxpZCBwYWNrZXQsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlbGludXhm
b3J1bSUyZW5ldCUyZmZvcnVtJTJmY2F0ZWdvcmllcyUyZXBocCZ0aW1lb3V0
PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAl
M2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ5NDI0NDA1
NSUyNHRTRGZwcnhPOU5rTTBMJTJlY1dZTnlRMApbV2VkIE9jdCAyMiAxMzo0
ODo1NSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3Bn
OiBlbnVtX2tleWJsb2NrcyBmYWlsZWQ6IGludmFsaWQga2V5cmluZywgcmVm
ZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGly
ZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVsaW51eGZvcnVtJTJlbmV0JTJmZm9y
dW0lMmZjYXRlZ29yaWVzJTJlcGhwJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTky
JTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUz
YUQ5JTNhQTImdG9rZW49JTI0MSUyNDk0MjQ0MDU1JTI0dFNEZnByeE85TmtN
MEwlMmVjV1lOeVEwCltXZWQgT2N0IDIyIDEzOjQ4OjU1IDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IG5vIGRlZmF1bHQgc2Vj
cmV0IGtleTogaW52YWxpZCBrZXlyaW5nLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUy
Znd3dyUyZWxpbnV4Zm9ydW0lMmVuZXQlMmZmb3J1bSUyZmNhdGVnb3JpZXMl
MmVwaHAmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0OTQyNDQwNTUlMjR0U0RmcHJ4TzlOa00wTCUyZWNXWU55UTAKW1dl
ZCBPY3QgMjIgMTM6NDg6NTUgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4x
NjguMS4xOTddIGdwZzogc2lnbmluZyBmYWlsZWQ6IGludmFsaWQga2V5cmlu
ZywgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
P3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVsaW51eGZvcnVtJTJlbmV0
JTJmZm9ydW0lMmZjYXRlZ29yaWVzJTJlcGhwJnRpbWVvdXQ9NjAwJmdhdGV3
YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIl
M2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDk0MjQ0MDU1JTI0dFNEZnBy
eE85TmtNMEwlMmVjV1lOeVEwCltXZWQgT2N0IDIyIDEzOjQ4OjU1IDIwMDNd
IFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAx
Mzo0ODo1NV0gZ3BnIC0tc2lnbiAtLWFybW9yIC0taG9tZWRpcj0vdXNyL2xv
Y2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1iaW4vLi4vcGdwIC0ta2V5cmluZyB0
cnVzdGVka2V5cy5ncGcgLS1uby10dHkgLW8tIHJldHVybmVkIGVycm9yOiBC
cm9rZW4gcGlwZSAoIDIgKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEu
MS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVs
aW51eGZvcnVtJTJlbmV0JTJmZm9ydW0lMmZjYXRlZ29yaWVzJTJlcGhwJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDk0
MjQ0MDU1JTI0dFNEZnByeE85TmtNMEwlMmVjV1lOeVEwCltXZWQgT2N0IDIy
IDEzOjQ4OjU1IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBDYW4ndCBjYWxsIG1ldGhvZCAidGV4dCIgb24gYW4gdW5kZWZpbmVkIHZh
bHVlIGF0IC4uL2xpYi8vTm9DYXQvQXV0aFNlcnZpY2UucG0gbGluZSAxMzQu
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWxpbnV4Zm9ydW0lMmVuZXQl
MmZmb3J1bSUyZmNhdGVnb3JpZXMlMmVwaHAmdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0OTQyNDQwNTUlMjR0U0RmcHJ4
TzlOa00wTCUyZWNXWU55UTAKW1dlZCBPY3QgMjIgMTQ6MTA6MDAgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDE0
OjEwOjAwXSBVc2VyIFVOS05PV04gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVl
c3RzIGZvcm0KW1dlZCBPY3QgMjIgMTQ6MTA6MTcgMjAwM10gW2Vycm9yXSBb
Y2xpZW50IDE5Mi4xNjguMS4xOTddIFByZW1hdHVyZSBlbmQgb2Ygc2NyaXB0
IGhlYWRlcnM6IGxvZ2luLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4x
L2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJl
dXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIl
MmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNh
RDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1
Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0OjEwOjE3IDIwMDNdIFtlcnJvcl0g
W2NsaWVudCAxOTIuMTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxNDoxMDoxN10g
VXNlciBzdW5zaGVuZ0Bob3RtYWlsLmNvbSBmcm9tIDE5Mi4xNjguMS4xOTcg
cmVxdWVzdHMgZm9ybSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9j
Z2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVz
JTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJl
MTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5
JTNhQTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdz
Ulk0eXhrMApbV2VkIE9jdCAyMiAxNDoxMDoxNyAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTQ6MTA6MTddIGdw
ZyAtLXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2NhdC9h
dXRoc2Vydi9jZ2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtleXMu
Z3BnIC0tbm8tdHR5IC1vLSByZXR1cm5lZCBlcnJvciBtZXNzYWdlOiwgcmVm
ZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGly
ZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJm
JnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1Mjgw
Jm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUy
NDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0eXhrMApbV2VkIE9jdCAy
MiAxNDoxMDoxNyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gZ3BnOiBXYXJuaW5nOiB1c2luZyBpbnNlY3VyZSBtZW1vcnkhLCByZWZl
cmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJl
Y3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYm
dGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAm
bWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0
NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIy
IDE0OjEwOjE3IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IC91c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9w
Z3Avc2VjcmluZy5ncGc6IGNhbid0IGNyZWF0ZSBrZXlyaW5nOiBQZXJtaXNz
aW9uIGRlbmllZCwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2kt
YmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJl
bm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4
JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNh
QTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0
eXhrMApbV2VkIE9jdCAyMiAxNDoxMDoxNyAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBrZXlibG9jayByZXNvdXJjZSBgL3Vz
ci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmluLy4uL3BncC9zZWNyaW5n
LmdwZyc6IGZpbGUgb3BlbiBlcnJvciwgcmVmZXJlcjogaHR0cHM6Ly8xOTIu
MTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3
b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRpbWVvdXQ9NjAwJmdhdGV3
YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIl
M2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhhSmtW
dTBUZlhWdWdzUlk0eXhrMApbV2VkIE9jdCAyMiAxNDoxMDoxNyAyMDAzXSBb
ZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBubyBkZWZhdWx0
IHNlY3JldCBrZXk6IHNlY3JldCBrZXkgbm90IGF2YWlsYWJsZSwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDcz
ODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0eXhrMApbV2VkIE9jdCAyMiAx
NDoxMDoxNyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
Z3BnOiBzaWduaW5nIGZhaWxlZDogc2VjcmV0IGtleSBub3QgYXZhaWxhYmxl
LCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/
cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVj
b20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUz
YTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0l
MjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQg
T2N0IDIyIDE0OjEwOjE3IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4
LjEuMTk3XSBbMjAwMy0xMC0yMiAxNDoxMDoxN10gZ3BnIC0tc2lnbiAtLWFy
bW9yIC0taG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1i
aW4vLi4vcGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1uby10dHkg
LW8tIHJldHVybmVkIGVycm9yOiBCcm9rZW4gcGlwZSAoIDIgKSwgcmVmZXJl
cjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0
PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29tJTJmJnRp
bWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1h
Yz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDcz
ODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0eXhrMApbV2VkIE9jdCAyMiAx
NDoxMDoxNyAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10g
Q2FuJ3QgY2FsbCBtZXRob2QgInRleHQiIG9uIGFuIHVuZGVmaW5lZCB2YWx1
ZSBhdCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2aWNlLnBtIGxpbmUgMTM0Liwg
cmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3Jl
ZGlyZWN0PWh0dHAlM2ElMmYlMmZ3b3JsZCUyZXVzJTJlbm9ydGVsJTJlY29t
JTJmJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1
MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0
MSUyNDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0eXhrMApbV2VkIE9j
dCAyMiAxNDoxMzowNiAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4x
LjE5N10gUHJlbWF0dXJlIGVuZCBvZiBzY3JpcHQgaGVhZGVyczogbG9naW4s
IHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9y
ZWRpcmVjdD1odHRwJTNhJTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNv
bSUyZiZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNh
NTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUy
NDElMjQ3MzgyNDg0NiUyNDVYYUprVnUwVGZYVnVnc1JZNHl4azAKW1dlZCBP
Y3QgMjIgMTQ6MTM6MDYgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjgu
MS4xOTddIFsyMDAzLTEwLTIyIDE0OjEzOjA2XSBVc2VyIHN1bnNoZW5nQGhv
dG1haWwuY29tIGZyb20gMTkyLjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCBy
ZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVk
aXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20l
MmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUy
ODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQx
JTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0
IDIyIDE0OjEzOjA2IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEu
MTk3XSBbMjAwMy0xMC0yMiAxNDoxMzowNl0gZ3BnIC0tc2lnbiAtLWFybW9y
IC0taG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1iaW4v
Li4vcGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1uby10dHkgLW8t
IHJldHVybmVkIGVycm9yIG1lc3NhZ2U6LCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUy
ZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0
ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1
QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFK
a1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0OjEzOjA2IDIwMDNd
IFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IFdhcm5pbmc6
IHVzaW5nIGluc2VjdXJlIG1lbW9yeSEsIHJlZmVyZXI6IGh0dHBzOi8vMTky
LjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJm
d29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYwMCZnYXRl
d2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVC
JTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ3MzgyNDg0NiUyNDVYYUpr
VnUwVGZYVnVnc1JZNHl4azAKW1dlZCBPY3QgMjIgMTQ6MTM6MDYgMjAwM10g
W2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIGdwZzogL3Vzci9sb2Nh
bC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmluLy4uL3BncC9zZWNyaW5nLmdwZzog
Y2FuJ3QgY3JlYXRlIGtleXJpbmc6IFBlcm1pc3Npb24gZGVuaWVkLCByZWZl
cmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJl
Y3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYm
dGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAm
bWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0
NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIy
IDE0OjEzOjA2IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBncGc6IGtleWJsb2NrIHJlc291cmNlIGAvdXNyL2xvY2FsL25vY2F0L2F1
dGhzZXJ2L2NnaS1iaW4vLi4vcGdwL3NlY3JpbmcuZ3BnJzogZmlsZSBvcGVu
IGVycm9yLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4v
bG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndvcmxkJTJldXMlMmVub3J0
ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUx
JTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0
b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGsw
CltXZWQgT2N0IDIyIDE0OjEzOjA2IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAx
OTIuMTY4LjEuMTk3XSBncGc6IG5vIGRlZmF1bHQgc2VjcmV0IGtleTogc2Vj
cmV0IGtleSBub3QgYXZhaWxhYmxlLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndv
cmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1
MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0OjEzOjA2IDIwMDNdIFtl
cnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IHNpZ25pbmcgZmFp
bGVkOiBzZWNyZXQga2V5IG5vdCBhdmFpbGFibGUsIHJlZmVyZXI6IGh0dHBz
Oi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNh
JTJmJTJmd29ybGQlMmV1cyUyZW5vcnRlbCUyZWNvbSUyZiZ0aW1lb3V0PTYw
MCZnYXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2Ew
NiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ3MzgyNDg0NiUy
NDVYYUprVnUwVGZYVnVnc1JZNHl4azAKW1dlZCBPY3QgMjIgMTQ6MTM6MDYg
MjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEw
LTIyIDE0OjEzOjA2XSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91
c3IvbG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXly
aW5nIHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJy
b3I6IEJyb2tlbiBwaXBlICggMiApLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZndv
cmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAmZ2F0ZXdh
eT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUz
YUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1
MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0OjEzOjA2IDIwMDNdIFtl
cnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBDYW4ndCBjYWxsIG1ldGhv
ZCAidGV4dCIgb24gYW4gdW5kZWZpbmVkIHZhbHVlIGF0IC4uL2xpYi8vTm9D
YXQvQXV0aFNlcnZpY2UucG0gbGluZSAxMzQuLCByZWZlcmVyOiBodHRwczov
LzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUy
ZiUyZndvcmxkJTJldXMlMmVub3J0ZWwlMmVjb20lMmYmdGltZW91dD02MDAm
Z2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYl
M2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1
WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0OjE1OjAxIDIw
MDNdIFtub3RpY2VdIGNhdWdodCBTSUdURVJNLCBzaHV0dGluZyBkb3duCltX
ZWQgT2N0IDIyIDE0OjE1OjAyIDIwMDNdIFt3YXJuXSBSU0Egc2VydmVyIGNl
cnRpZmljYXRlIGlzIGEgQ0EgY2VydGlmaWNhdGUgKEJhc2ljQ29uc3RyYWlu
dHM6IENBID09IFRSVUUgIT8pCltXZWQgT2N0IDIyIDE0OjE1OjAyIDIwMDNd
IFt3YXJuXSBSU0Egc2VydmVyIGNlcnRpZmljYXRlIENvbW1vbk5hbWUgKENO
KSBgbG9jYWxob3N0LmxvY2FsZG9tYWluJyBkb2VzIE5PVCBtYXRjaCBzZXJ2
ZXIgbmFtZSE/CltXZWQgT2N0IDIyIDE0OjE1OjAzIDIwMDNdIFt3YXJuXSBS
U0Egc2VydmVyIGNlcnRpZmljYXRlIGlzIGEgQ0EgY2VydGlmaWNhdGUgKEJh
c2ljQ29uc3RyYWludHM6IENBID09IFRSVUUgIT8pCltXZWQgT2N0IDIyIDE0
OjE1OjAzIDIwMDNdIFt3YXJuXSBSU0Egc2VydmVyIGNlcnRpZmljYXRlIENv
bW1vbk5hbWUgKENOKSBgbG9jYWxob3N0LmxvY2FsZG9tYWluJyBkb2VzIE5P
VCBtYXRjaCBzZXJ2ZXIgbmFtZSE/CltXZWQgT2N0IDIyIDE0OjE1OjAzIDIw
MDNdIFtub3RpY2VdIERpZ2VzdDogZ2VuZXJhdGluZyBzZWNyZXQgZm9yIGRp
Z2VzdCBhdXRoZW50aWNhdGlvbiAuLi4KW1dlZCBPY3QgMjIgMTQ6MTU6MDMg
MjAwM10gW25vdGljZV0gRGlnZXN0OiBkb25lCltXZWQgT2N0IDIyIDE0OjE1
OjA0IDIwMDNdIFtub3RpY2VdIEFwYWNoZS8yLjAuNDAgKFJlZCBIYXQgTGlu
dXgpIGNvbmZpZ3VyZWQgLS0gcmVzdW1pbmcgbm9ybWFsIG9wZXJhdGlvbnMK
W1dlZCBPY3QgMjIgMTQ6MTU6MTEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIyIDE0OjE1OjExXSBVc2VyIFVOS05P
V04gZnJvbSAxOTIuMTY4LjEuMTk3IHJlcXVlc3RzIGZvcm0sIHJlZmVyZXI6
IGh0dHA6Ly9jaGF0LnNraWYubmV0L2NoYXQKW1dlZCBPY3QgMjIgMTQ6MTU6
MjEgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFByZW1h
dHVyZSBlbmQgb2Ygc2NyaXB0IGhlYWRlcnM6IGxvZ2luLCByZWZlcmVyOiBo
dHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0
cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVq
aWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJl
MSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tl
bj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltX
ZWQgT2N0IDIyIDE0OjE1OjIxIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxNDoxNToyMV0gVXNlciBzdW5zaGVu
Z0Bob3RtYWlsLmNvbSBmcm9tIDE5Mi4xNjguMS4xOTcgcmVxdWVzdHMgZm9y
bSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2lu
P3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJlY24l
MmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTky
JTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUz
YUQ5JTNhQTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhhSmtWdTBUZlhW
dWdzUlk0eXhrMApbV2VkIE9jdCAyMiAxNDoxNToyMSAyMDAzXSBbZXJyb3Jd
IFtjbGllbnQgMTkyLjE2OC4xLjE5N10gWzIwMDMtMTAtMjIgMTQ6MTU6MjFd
IGdwZyAtLXNpZ24gLS1hcm1vciAtLWhvbWVkaXI9L3Vzci9sb2NhbC9ub2Nh
dC9hdXRoc2Vydi9jZ2ktYmluLy4uL3BncCAtLWtleXJpbmcgdHJ1c3RlZGtl
eXMuZ3BnIC0tbm8tdHR5IC1vLSByZXR1cm5lZCBlcnJvciBtZXNzYWdlOiwg
cmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3Jl
ZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0
dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJl
MTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5
JTNhQTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdz
Ulk0eXhrMApbV2VkIE9jdCAyMiAxNDoxNToyMSAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBXYXJuaW5nOiB1c2luZyBpbnNl
Y3VyZSBtZW1vcnkhLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2Nn
aS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8l
MmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAm
Z2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYl
M2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1
WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0OjE1OjIxIDIw
MDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IC91c3Iv
bG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3Avc2VjcmluZy5n
cGc6IGNhbid0IGNyZWF0ZSBrZXlyaW5nOiBQZXJtaXNzaW9uIGRlbmllZCwg
cmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3Jl
ZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0
dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJl
MTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5
JTNhQTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdz
Ulk0eXhrMApbV2VkIE9jdCAyMiAxNDoxNToyMSAyMDAzXSBbZXJyb3JdIFtj
bGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBrZXlibG9jayByZXNvdXJjZSBg
L3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9jZ2ktYmluLy4uL3BncC9zZWNy
aW5nLmdwZyc6IGZpbGUgb3BlbiBlcnJvciwgcmVmZXJlcjogaHR0cHM6Ly8x
OTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYl
MmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRt
JnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1Mjgw
Jm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUy
NDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0eXhrMApbV2VkIE9jdCAy
MiAxNDoxNToyMSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5
N10gZ3BnOiBubyBkZWZhdWx0IHNlY3JldCBrZXk6IHNlY3JldCBrZXkgbm90
IGF2YWlsYWJsZSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2kt
YmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJl
Y29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdh
dGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNh
NUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhh
SmtWdTBUZlhWdWdzUlk0eXhrMApbV2VkIE9jdCAyMiAxNDoxNToyMSAyMDAz
XSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gZ3BnOiBzaWduaW5n
IGZhaWxlZDogc2VjcmV0IGtleSBub3QgYXZhaWxhYmxlLCByZWZlcmVyOiBo
dHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0
cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVq
aWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJl
MSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tl
bj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltX
ZWQgT2N0IDIyIDE0OjE1OjIxIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBbMjAwMy0xMC0yMiAxNDoxNToyMV0gZ3BnIC0tc2lnbiAt
LWFybW9yIC0taG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2Nn
aS1iaW4vLi4vcGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1uby10
dHkgLW8tIHJldHVybmVkIGVycm9yOiBCcm9rZW4gcGlwZSAoIDIgKSwgcmVm
ZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGly
ZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWpp
ZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4
JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNh
QTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0
eXhrMApbV2VkIE9jdCAyMiAxNDoxNToyMSAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gQ2FuJ3QgY2FsbCBtZXRob2QgInRleHQiIG9u
IGFuIHVuZGVmaW5lZCB2YWx1ZSBhdCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2
aWNlLnBtIGxpbmUgMTM0LiwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEu
MS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVk
b25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9
NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUz
YTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDczODI0ODQ2
JTI0NVhhSmtWdTBUZlhWdWdzUlk0eXhrMApbV2VkIE9jdCAyMiAxNDoxODoy
MiAyMDAzXSBbd2Fybl0gY2hpbGQgcHJvY2VzcyA0Nzk0IHN0aWxsIGRpZCBu
b3QgZXhpdCwgc2VuZGluZyBhIFNJR1RFUk0KW1dlZCBPY3QgMjIgMTQ6MTg6
MjIgMjAwM10gW25vdGljZV0gY2F1Z2h0IFNJR1RFUk0sIHNodXR0aW5nIGRv
d24KW1dlZCBPY3QgMjIgMTQ6MTg6MjQgMjAwM10gW3dhcm5dIFJTQSBzZXJ2
ZXIgY2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0aWZpY2F0ZSAoQmFzaWNDb25z
dHJhaW50czogQ0EgPT0gVFJVRSAhPykKW1dlZCBPY3QgMjIgMTQ6MTg6MjQg
MjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgQ29tbW9uTmFt
ZSAoQ04pIGBsb2NhbGhvc3QubG9jYWxkb21haW4nIGRvZXMgTk9UIG1hdGNo
IHNlcnZlciBuYW1lIT8KW1dlZCBPY3QgMjIgMTQ6MTg6MjUgMjAwM10gW3dh
cm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNhdGUgaXMgYSBDQSBjZXJ0aWZpY2F0
ZSAoQmFzaWNDb25zdHJhaW50czogQ0EgPT0gVFJVRSAhPykKW1dlZCBPY3Qg
MjIgMTQ6MTg6MjUgMjAwM10gW3dhcm5dIFJTQSBzZXJ2ZXIgY2VydGlmaWNh
dGUgQ29tbW9uTmFtZSAoQ04pIGBsb2NhbGhvc3QubG9jYWxkb21haW4nIGRv
ZXMgTk9UIG1hdGNoIHNlcnZlciBuYW1lIT8KW1dlZCBPY3QgMjIgMTQ6MTg6
MjUgMjAwM10gW25vdGljZV0gRGlnZXN0OiBnZW5lcmF0aW5nIHNlY3JldCBm
b3IgZGlnZXN0IGF1dGhlbnRpY2F0aW9uIC4uLgpbV2VkIE9jdCAyMiAxNDox
ODoyNSAyMDAzXSBbbm90aWNlXSBEaWdlc3Q6IGRvbmUKW1dlZCBPY3QgMjIg
MTQ6MTg6MjYgMjAwM10gW25vdGljZV0gQXBhY2hlLzIuMC40MCAoUmVkIEhh
dCBMaW51eCkgY29uZmlndXJlZCAtLSByZXN1bWluZyBub3JtYWwgb3BlcmF0
aW9ucwpbV2VkIE9jdCAyMiAxNDoxODozOSAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gUHJlbWF0dXJlIGVuZCBvZiBzY3JpcHQgaGVh
ZGVyczogbG9naW4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUy
ZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZn
YXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUz
YTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ3MzgyNDg0NiUyNDVY
YUprVnUwVGZYVnVnc1JZNHl4azAKW1dlZCBPY3QgMjIgMTQ6MTg6MzkgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDE0OjE4OjM5XSBVc2VyIHN1bnNoZW5nQGhvdG1haWwuY29tIGZyb20gMTky
LjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUy
Znd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0m
dGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAm
bWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0
NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIy
IDE0OjE4OjM5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBbMjAwMy0xMC0yMiAxNDoxODozOV0gZ3BnIC0tc2lnbiAtLWFybW9yIC0t
aG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1iaW4vLi4v
cGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1uby10dHkgLW8tIHJl
dHVybmVkIGVycm9yIG1lc3NhZ2U6LCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3
dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4
MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0
OjE4OjM5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBn
cGc6IFdhcm5pbmc6IHVzaW5nIGluc2VjdXJlIG1lbW9yeSEsIHJlZmVyZXI6
IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1o
dHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0
dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTEl
MmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRv
a2VuPSUyNDElMjQ3MzgyNDg0NiUyNDVYYUprVnUwVGZYVnVnc1JZNHl4azAK
W1dlZCBPY3QgMjIgMTQ6MTg6MzkgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIGdwZzogL3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9j
Z2ktYmluLy4uL3BncC9zZWNyaW5nLmdwZzogY2FuJ3QgY3JlYXRlIGtleXJp
bmc6IFBlcm1pc3Npb24gZGVuaWVkLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3
dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4
MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0
OjE4OjM5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBn
cGc6IGtleWJsb2NrIHJlc291cmNlIGAvdXNyL2xvY2FsL25vY2F0L2F1dGhz
ZXJ2L2NnaS1iaW4vLi4vcGdwL3NlY3JpbmcuZ3BnJzogZmlsZSBvcGVuIGVy
cm9yLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9n
aW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVj
biUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0x
OTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEy
JTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRm
WFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0OjE4OjM5IDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IG5vIGRlZmF1bHQgc2Vj
cmV0IGtleTogc2VjcmV0IGtleSBub3QgYXZhaWxhYmxlLCByZWZlcmVyOiBo
dHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0
cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVq
aWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJl
MSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tl
bj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltX
ZWQgT2N0IDIyIDE0OjE4OjM5IDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBncGc6IHNpZ25pbmcgZmFpbGVkOiBzZWNyZXQga2V5IG5v
dCBhdmFpbGFibGUsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUy
ZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZn
YXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUz
YTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ3MzgyNDg0NiUyNDVY
YUprVnUwVGZYVnVnc1JZNHl4azAKW1dlZCBPY3QgMjIgMTQ6MTg6MzkgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDE0OjE4OjM5XSBncGcgLS1zaWduIC0tYXJtb3IgLS1ob21lZGlyPS91c3Iv
bG9jYWwvbm9jYXQvYXV0aHNlcnYvY2dpLWJpbi8uLi9wZ3AgLS1rZXlyaW5n
IHRydXN0ZWRrZXlzLmdwZyAtLW5vLXR0eSAtby0gcmV0dXJuZWQgZXJyb3I6
IElsbGVnYWwgc2VlayAoIDIgKSwgcmVmZXJlcjogaHR0cHM6Ly8xOTIuMTY4
LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGlyZWN0PWh0dHAlM2ElMmYlMmZ3d3cl
MmVkb25vJTJlY29tJTJlY24lMmZ0dWppZSUyZnR1amllJTJlaHRtJnRpbWVv
dXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4JTJlMSUyZTElM2E1MjgwJm1hYz0w
MCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNhQTImdG9rZW49JTI0MSUyNDczODI0
ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0eXhrMApbV2VkIE9jdCAyMiAxNDox
ODozOSAyMDAzXSBbZXJyb3JdIFtjbGllbnQgMTkyLjE2OC4xLjE5N10gQ2Fu
J3QgY2FsbCBtZXRob2QgInRleHQiIG9uIGFuIHVuZGVmaW5lZCB2YWx1ZSBh
dCAuLi9saWIvL05vQ2F0L0F1dGhTZXJ2aWNlLnBtIGxpbmUgMTM0LiwgcmVm
ZXJlcjogaHR0cHM6Ly8xOTIuMTY4LjEuMS9jZ2ktYmluL2xvZ2luP3JlZGly
ZWN0PWh0dHAlM2ElMmYlMmZ3d3clMmVkb25vJTJlY29tJTJlY24lMmZ0dWpp
ZSUyZnR1amllJTJlaHRtJnRpbWVvdXQ9NjAwJmdhdGV3YXk9MTkyJTJlMTY4
JTJlMSUyZTElM2E1MjgwJm1hYz0wMCUzYTA2JTNhNUIlM2FBMiUzYUQ5JTNh
QTImdG9rZW49JTI0MSUyNDczODI0ODQ2JTI0NVhhSmtWdTBUZlhWdWdzUlk0
eXhrMApbV2VkIE9jdCAyMiAxNDoyOToxMiAyMDAzXSBbZXJyb3JdIFtjbGll
bnQgMTkyLjE2OC4xLjE5N10gUHJlbWF0dXJlIGVuZCBvZiBzY3JpcHQgaGVh
ZGVyczogbG9naW4sIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUy
ZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZn
YXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUz
YTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ3MzgyNDg0NiUyNDVY
YUprVnUwVGZYVnVnc1JZNHl4azAKW1dlZCBPY3QgMjIgMTQ6Mjk6MTIgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguMS4xOTddIFsyMDAzLTEwLTIy
IDE0OjI5OjExXSBVc2VyIHN1bnNoZW5nQGhvdG1haWwuY29tIGZyb20gMTky
LjE2OC4xLjE5NyByZXF1ZXN0cyBmb3JtLCByZWZlcmVyOiBodHRwczovLzE5
Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUy
Znd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0m
dGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAm
bWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0
NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIy
IDE0OjI5OjEyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3
XSBbMjAwMy0xMC0yMiAxNDoyOToxMl0gZ3BnIC0tc2lnbiAtLWFybW9yIC0t
aG9tZWRpcj0vdXNyL2xvY2FsL25vY2F0L2F1dGhzZXJ2L2NnaS1iaW4vLi4v
cGdwIC0ta2V5cmluZyB0cnVzdGVka2V5cy5ncGcgLS1uby10dHkgLW8tIHJl
dHVybmVkIGVycm9yIG1lc3NhZ2U6LCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3
dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4
MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0
OjI5OjEyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBn
cGc6IFdhcm5pbmc6IHVzaW5nIGluc2VjdXJlIG1lbW9yeSEsIHJlZmVyZXI6
IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dpLWJpbi9sb2dpbj9yZWRpcmVjdD1o
dHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUyZWNvbSUyZWNuJTJmdHVqaWUlMmZ0
dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZnYXRld2F5PTE5MiUyZTE2OCUyZTEl
MmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUzYTVCJTNhQTIlM2FEOSUzYUEyJnRv
a2VuPSUyNDElMjQ3MzgyNDg0NiUyNDVYYUprVnUwVGZYVnVnc1JZNHl4azAK
W1dlZCBPY3QgMjIgMTQ6Mjk6MTIgMjAwM10gW2Vycm9yXSBbY2xpZW50IDE5
Mi4xNjguMS4xOTddIGdwZzogL3Vzci9sb2NhbC9ub2NhdC9hdXRoc2Vydi9j
Z2ktYmluLy4uL3BncC9zZWNyaW5nLmdwZzogY2FuJ3QgY3JlYXRlIGtleXJp
bmc6IFBlcm1pc3Npb24gZGVuaWVkLCByZWZlcmVyOiBodHRwczovLzE5Mi4x
NjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3
dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVqaWUlMmVodG0mdGlt
ZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFj
PTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4
MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0
OjI5OjEyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBn
cGc6IGtleWJsb2NrIHJlc291cmNlIGAvdXNyL2xvY2FsL25vY2F0L2F1dGhz
ZXJ2L2NnaS1iaW4vLi4vcGdwL3NlY3JpbmcuZ3BnJzogZmlsZSBvcGVuIGVy
cm9yLCByZWZlcmVyOiBodHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9n
aW4/cmVkaXJlY3Q9aHR0cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVj
biUyZnR1amllJTJmdHVqaWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0x
OTIlMmUxNjglMmUxJTJlMSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEy
JTNhRDklM2FBMiZ0b2tlbj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRm
WFZ1Z3NSWTR5eGswCltXZWQgT2N0IDIyIDE0OjI5OjEyIDIwMDNdIFtlcnJv
cl0gW2NsaWVudCAxOTIuMTY4LjEuMTk3XSBncGc6IG5vIGRlZmF1bHQgc2Vj
cmV0IGtleTogc2VjcmV0IGtleSBub3QgYXZhaWxhYmxlLCByZWZlcmVyOiBo
dHRwczovLzE5Mi4xNjguMS4xL2NnaS1iaW4vbG9naW4/cmVkaXJlY3Q9aHR0
cCUzYSUyZiUyZnd3dyUyZWRvbm8lMmVjb20lMmVjbiUyZnR1amllJTJmdHVq
aWUlMmVodG0mdGltZW91dD02MDAmZ2F0ZXdheT0xOTIlMmUxNjglMmUxJTJl
MSUzYTUyODAmbWFjPTAwJTNhMDYlM2E1QiUzYUEyJTNhRDklM2FBMiZ0b2tl
bj0lMjQxJTI0NzM4MjQ4NDYlMjQ1WGFKa1Z1MFRmWFZ1Z3NSWTR5eGswCltX
ZWQgT2N0IDIyIDE0OjI5OjEyIDIwMDNdIFtlcnJvcl0gW2NsaWVudCAxOTIu
MTY4LjEuMTk3XSBncGc6IHNpZ25pbmcgZmFpbGVkOiBzZWNyZXQga2V5IG5v
dCBhdmFpbGFibGUsIHJlZmVyZXI6IGh0dHBzOi8vMTkyLjE2OC4xLjEvY2dp
LWJpbi9sb2dpbj9yZWRpcmVjdD1odHRwJTNhJTJmJTJmd3d3JTJlZG9ubyUy
ZWNvbSUyZWNuJTJmdHVqaWUlMmZ0dWppZSUyZWh0bSZ0aW1lb3V0PTYwMCZn
YXRld2F5PTE5MiUyZTE2OCUyZTElMmUxJTNhNTI4MCZtYWM9MDAlM2EwNiUz
YTVCJTNhQTIlM2FEOSUzYUEyJnRva2VuPSUyNDElMjQ3MzgyNDg0NiUyNDVY
YUprVnUwVGZYVnVnc1JZNHl4azAKW1dlZCBPY3QgMjIgMTQ6Mjk6MTIgMjAw
M10gW2Vycm9yXSBbY2xpZW50IDE5Mi4xNjguM