From 9bcebcd06d54531f69d8e816b7b9093b2b6c5e1a Mon Sep 17 00:00:00 2001 From: Tommy Date: Sun, 24 Jul 2022 00:17:53 -0400 Subject: [PATCH] Fix Broken Links Signed-off-by: Tommy --- config.yml | 1 + content/knowledge/FLOSS Security.md | 4 +-- .../knowledge/Multi-factor Authentication.md | 2 +- ...ing Your Android-Based Operating System.md | 4 +-- static/apple-touch-icon.png | Bin 7928 -> 3407 bytes static/favicon-16x16.png | Bin 594 -> 454 bytes static/favicon-32x32.png | Bin 1365 -> 718 bytes static/favicon.ico | Bin 15406 -> 7406 bytes static/safari-pinned-tab.svg | 33 ++++++++++++++++++ 9 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 static/safari-pinned-tab.svg diff --git a/config.yml b/config.yml index 180ecde..c7ac06b 100644 --- a/config.yml +++ b/config.yml @@ -32,6 +32,7 @@ params: favicon16x16: "/favicon-16x16.png" favicon32x32: "/favicon-32x32.png" apple_touch_icon: "/apple-touch-icon.png" + safari_pinned_tab: "/safari-pinned-tab.png" label: text: "PrivSec.dev" diff --git a/content/knowledge/FLOSS Security.md b/content/knowledge/FLOSS Security.md index fb4ce8d..1155b38 100644 --- a/content/knowledge/FLOSS Security.md +++ b/content/knowledge/FLOSS Security.md @@ -159,7 +159,7 @@ I readily concede to several points in favor of source availability from a secur - Source code can make analysis _easier_ by _supplementing_ source-independent approaches. The lines between the steps I mentioned in the [four-step vulnerability-fixing process](#how-security-fixes-work) are blurry. -- Patching vulnerabilities is important. Source availability makes it possible for the community, package maintainers, or reporters of a vulnerability to patch software. Package maintainers often blur the line between "packager" and "contributor" by helping projects migrate away from abandoned/insecure dependencies. One example that comes to mind is the Python 2 to Python 3 transition for projects like Calibre.[^12] Being able to fix issues independent of upstream support is an important mitigation against [user domestication](../../../../2021/01/27/whatsapp-and-the-domestication-of-users/). +- Patching vulnerabilities is important. Source availability makes it possible for the community, package maintainers, or reporters of a vulnerability to patch software. Package maintainers often blur the line between "packager" and "contributor" by helping projects migrate away from abandoned/insecure dependencies. One example that comes to mind is the Python 2 to Python 3 transition for projects like Calibre.[^12] Being able to fix issues independent of upstream support is an important mitigation against [user domestication](https://seirdy.one/posts/2021/01/27/whatsapp-and-the-domestication-of-users/). - Some developers/vendors don't distribute binaries that make use of modern toolchain-level exploit mitigations (e.g. PIE, RELRO, stack canaries, automatic variable initialization, [CFI](https://clang.llvm.org/docs/ControlFlowIntegrity.html), etc.[^13]). In these cases, building software yourself with these mitigations (or delegating it to a distro that enforces them) requires source code availability (or at least some sort of intermediate representation). @@ -217,7 +217,7 @@ Releasing source code is just one thing vendors can do to improve audits; other [^11]: As an aside: your security isn't necessarily improved by "disabling" it, since it still runs during the initial boot sequence and does provide some hardening measures of its own (e.g., a TPM). -[^12]: In 2017, Calibre's author actually wanted to stay with Python 2 after its EOL date, and [maintain Python 2 himself](https://bugs.launchpad.net/calibre/+bug/1714107). Users and package maintainers were quite unhappy with this, as Python 2 would no longer be receiving security fixes after 2020. While official releases of Calibre use a bundled Python interpreter, distro packages typically use the system Python package; Calibre's popularity and insistence on using Python 2 made it a roadblock to getting rid of the Python 2 package in most distros. What eventually happened was that community members (especially [Eli Schwartz]("https://github.com/eli-schwartz") and [Flaviu Tamas](https://flaviutamas.com/) submitted patches to migrate Calibre away from Python 2. Calibre migrated to Python 3 by [version 5.0](https://calibre-ebook.com/new-in/fourteen). +[^12]: In 2017, Calibre's author actually wanted to stay with Python 2 after its EOL date, and [maintain Python 2 himself](https://bugs.launchpad.net/calibre/+bug/1714107). Users and package maintainers were quite unhappy with this, as Python 2 would no longer be receiving security fixes after 2020. While official releases of Calibre use a bundled Python interpreter, distro packages typically use the system Python package; Calibre's popularity and insistence on using Python 2 made it a roadblock to getting rid of the Python 2 package in most distros. What eventually happened was that community members (especially [Eli Schwartz](https://github.com/eli-schwartz) and [Flaviu Tamas](https://flaviutamas.com/) submitted patches to migrate Calibre away from Python 2. Calibre migrated to Python 3 by [version 5.0](https://calibre-ebook.com/new-in/fourteen). [^13]: Linux distributions' CFI+ASLR implementations rely executables compiled with CFI+PIE support, and ideally with stack-smashing protectors and no-execute bits. These implementations are flawed (see [On the Effectiveness of Full-ASLR on 64-bit Linux](https://web.archive.org/web/20211021222659/http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf) and [Brad Spengler's presentation comparing these with PaX's own implementation](https://grsecurity.net/PaX-presentation.pdf)). diff --git a/content/knowledge/Multi-factor Authentication.md b/content/knowledge/Multi-factor Authentication.md index 010a717..91e9817 100644 --- a/content/knowledge/Multi-factor Authentication.md +++ b/content/knowledge/Multi-factor Authentication.md @@ -31,7 +31,7 @@ The time-limited code is then derived from the shared secret and the current tim If you have a [Yubikey](https://www.yubico.com/), you should store the "shared secrets" on the key itself using the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/) app. After the initial setup, the Yubico Authenticator will only expose the 6 digit code to the machine it is running on, but not the shared secret. Additional security can be set up by requiring touch confirmation, protecting digit codes not in used from a compromised operating system. -Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 60 seconds + grace period). +Unlike [WebAuthn](#fido2-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 60 seconds + grace period). Despite its short comings, we consider TOTP better and safer than Push Confirmations. diff --git a/content/os/Choosing Your Android-Based Operating System.md b/content/os/Choosing Your Android-Based Operating System.md index f9eef2e..bfc6a59 100644 --- a/content/os/Choosing Your Android-Based Operating System.md +++ b/content/os/Choosing Your Android-Based Operating System.md @@ -6,7 +6,7 @@ tags: ['Operating Systems', 'Android', 'Privacy', 'Security'] author: Tommy --- -Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](permission) control system. +Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. When you buy an Android phone, the device's default operating system often comes with invasive integration with apps and services that are not part of the [Android Open-Source Project](https://source.android.com/). An example of such is Google Play Services, which has irrevocable privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, hardware identifiers, and so on. These apps and services increase the attack surface of your device and are the source of various privacy concerns with Android. @@ -107,7 +107,7 @@ It comes with substantial hardening over AOSP. DivestOS has automated kernel vul - Kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. - GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle. - [Hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) -- [Secure Exec-Spawning](android/grapheneos-vs-calyxos.md#additional-hardening) +- [Secure Exec-Spawning](https://grapheneos.org/usage#exec-spawning) - Partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets from GrapheneOS - GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option on version 17.1 and higher - Automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features) diff --git a/static/apple-touch-icon.png b/static/apple-touch-icon.png index 06f7f6ad43c7bdac9df212be89af38acd0fcae8a..f19acee73071312ba8e8018f6e7342602f5da640 100644 GIT binary patch literal 3407 zcmaJ^XH=7Gvwa~{0Z~F%BuF_RRf-g8p-3;%n}|RlAVnawBPE~^5GhKi(xo>Ep+hJN zNQ-ntAReU?Nzl+fP{_ymdDmU{{+QW&p0)POpP5FqmLSe7oxvbGfbf&_pf|0?BTc+=h-`9|AhacMn+ z%b$bAz$buGxlHu45`n@J=!W>2X_cU72EGA?4nzF^iWL5zjGEj5PW!3))6ZLF&HAN$ z9|s$9v}Cc>WR%pwIpz2ykb{5g$ZN*IT5<4cqiA5j7v^` zktMe@#uctfU!T@$&&x!&D$(Puw!9yv-R<91&z0_Ol-OGati0CTw~rf< zj+f0&+2_afzDt#Ya{4;9X#mbxms@+UQxLZovy<`^p7nn z`3eXPFg>a8g`&D2cN>t8xw^<0_qs8O4p>jtt2k@!^`^tmY?B^GcTJYAqy&ab{@tX$ z12`m;QcCWx$Q-F0XhjKsUmbWns|kiz_F4p{E%O1@9SAB^$)&O{hh}-YEV9-DfMths z_Dui|JIM^qDA8F>7I;`O^|Y*g{ULa=HxF;Wcit0iMJw_W$mQ}zlE)A04eZ2 zXb@}aO^c^&+ZWRt_2r*UDo@TbbJ9B75+Y&Zk(2>hzb-0PT&~vLEEO2`Ho z3V_-1bbP3JxPOl^SOVP2Q0jPz(4kr$n~W}|F0W}M{mC3&GY5{i6zt7xV{1}Of-Nn0 zBvhu0)fJ^^6dCZnlL6+chw%)7_=)<@FX#+FLJW83^fTwMPN^!GjfP4wl`x@0wwG}}vN=`5CKWk6lHO~_!+I51;K*(qhLKEss4Z6As%e(iJNc!|M>9x4Y(;tgT z^?Hr2KV*k?=O&L`MOdY$J&&T`01{oOz`9Wu^2jS%X)h>_CYx4R!->*bSIdl_3q4uL zE#k6#L?XZS{{Viuvzsq33i5norc};=%y3yjJoN|qgT;wv0>vMFb$-jP^nQ~O3XIai z+SGpz7chA=!Pwu1o6hCehG^#ggL!&zGfw(?XstmglszV>0+GM^tcqHognx<8oUD({ z0P=WVnm=%d1D&K!-D2nPmZDeRCuBZ9-~9I3qhc0)`sdR)db`wCLBbboj&w;Z?GaNH zYUeWvS38vKJ#UDvW!5-Kt~bam3@qN2pU)kzRMDED@9*uK%UCjM#MjLG2O@a^7vfEO z=rxs+wSu@-FG+2*Lg}&w80o;}ezE3K?aO2K{wtgi?lh3h(zcQ3clGiXDgtyxg z_D=?5%ek*n9+;vJ*{Z(XMf}FiyeiJrS}D{R%_ZLL^i=k6EH31w3r<9lMqPBL z#P9t9(75@o`NdH3sX@#P&gFE2@S@*NP%+3CmiO$AJMdao-ZIJlOVX8m%BLhcLq&Um zG5lq9%Fk2_-HO5HpF}biH%755^wwKlr=;!9hFr|@N?wDyc#3`gzQ+wD+WH7O%#X8g z+^G`DXgeij9^SHWrVeCNx^K^KOpk{joeOn41uVJ4$Ji44GuRjE%F0TeJ~Gbkbtf~M z_8jl!omit*@0qVz1w$rY6e@T$bFlZ`ceDMMhRAX$PhUqaN#S;_%fwW4;n~M= z^Z@vB>YN4>k&@3b<^MeD)eWV{o<*gSPB}8|H>YJTU4?{3SCTB(vlo)b=dFPe)KbhP zFc*9F+R;q%EI0o_?JaA8DYW1&gM;cz+a-h6hEuISQDcs$9zRg1aaDPN<`_6K_!LMcqSZxGk2(yac(i-WRMu&8C$O`t2$miOrbebBWXqcG*&A0>G3s2e{u1Cr%Poj zDz(%sdAMGk^iXyHg`L z?C%e6tQ)N+zEa8GjpK-kVRO_r-+-r%Y#oSeK?#iLvjT@yET|ChOSWz3N>zdp_tR-b z#|`^(BSYua%DwyMd!d6;%GQyU~;`5Bac7g)4sFMlCMCqu{;C!|iu zYMh>j=2>c6eO=fVaGp8hS#?dPLyl@rVPA3U$LqxM0IIE4MT!j-);{HvUnC4`zFm34$|$Pu zAg-uBQ)+iaGWkmXz)$lbm}C3qpZDn|d0u0jW*TbH0*AC^^-JQ1eioiLY_>`CkU9*Q z3e~>73*u5P)?9*%=*Q~9ku42FXjEEJpQmoC2d>P+#!K7La(p*C?b5|Y9XdO)_8E4} zX9O%yPYRqh+MNxGuWC7I>cR@Pj z{0HF=W-^egpD9G{T8|n^h>zU98@qD7uZ;J(dH>R7;3&NyKFcm~ zPWcmi>|0Fl4{fh9TrD<#eDV&%9Q&=oRWu<_e;@&mn$EuuzC3!!z;nNb!z$#q{eM=y zGj+3?R;L`&~v0~gU|0aoZn7SYY26w3Q6gT2p(#4zels|;~VEI`< z(72;2-Ge;}!XT3!sb~OBVwBzik{4R*%9V zPl5xzeEeV#MC20~#ODdZ0{|il)+nq@L3ZNeV;18RMjKWDNSH;&g9R)MHp%1!fgyTG w#Sfk!VXO^gd~t4MaANTKAmcdFu*6sfAo5&AP;`{CE=mAK`sR9#I&Sg*1^!2YTL1t6 literal 7928 zcmVPy8vPnciRCr$Po#&4vH4}$DcgIVHyCdhEbIv&mK9IwK011Kk#^1viau5iSg+Sz- zbIv*EoNxEl)4Sg7>FI8l%Wluio*S(|jN5iq{amhOcW?3H#gh{g6Q5 z0q6zu=eOi#;}MveHqCf}fYxm{Ia3%9WLZOxWRyd<8sAe6nN1y_yECYai3w=e zJX0@L&3Fkk^dOtY-Q;K!yhaEi3n(U_UGqpyn`XQOfF5MiBqwCX>BNdlb(Kie2*CxU zw%k!jldIuncYtU!;fd{?g8CDp$zB@XitdxHP3+d<5%q6uD58>qRGk0$z)d;*jQ~U z8yebpG*>k6rtifLnV0bZt>I;F;lhQ(19TUzafP2Sg}+n_D5ZY@sT!ecA?N00T!CtM zxlA~P2rwm}eM=s-0OP&XHuR|Ta+v^hN`Up-&DCdVLk8eR$k9m4YZiADu<;@tQH~J&INu#5K*!xzJ5Ey7a8|?1tf4E63668r;X$vX>Hfg z0wOiSPi8}RT|SyMv_|~mcQgwqn;c^H${K2fAnUolRWuDPm_%yYG~;DJ3k2!YL?Z;B z{;O?A7trC`yM~ueK!;CjP+ZyM2!U|_yQ2%}a2h)SbojI~pu6Cq?Q>ZKbeocOYUnP6 zku`KYt}cs!ZsT4B(CIQjIk6H4)EUtIe9Rg;vXjtk_eCCPT8@2y?q-M?#As~VkY%eG zF9SM+<2eqkjW^zC{{8pg;(U)I-*}U}9OT~ZtJeV8joO6!ZXrqma z*KFz;=HGeeo#v589`R2{`%IwHwhCxWxvjR^%Iv-O-Ubti#1E#>TW`Hp*!Urj24Jbj zo6~?sLv6U>hUT!t4l`S9v4vS-g%xH@f!}`n&0Kx;)#k$wKlI``$(7@dJI)+<;DH10 zz4OjH=GtqoHGll^$IwiU#ful4^UgcZth?^I#T;00EZQ%=_`*E;=%Yn=k!Vb1qZWNL zB?GzvDqTl8NKdc6`szg@gsk4mE3aG&u$ykW$vpk^(_Vn4F&Yri{O^DN>w6as$Rhdp zF6;}0LuZr@|hm>d)fZMx~E=7=MXFdJ{YaU+ne^e_)@xZwta>EZjZ zl@sYW{`lh!CP?|AzT?U(uPn4-il+)__`tl_nc5;Pm?D7r!3Q5Suf6u#K#^6`Vu%&N zaY9phFX7k&8bDzulaeL^fg{xR0JQhsd(Yf||NZ96FTYerJkb7VX>8W=gA;bmHP;kl zqe*K{D3d;=f@v^Y&2JVHMCO`*N!yxmSzDB7tlIt3-E5c?Y2dv0ZrMKb!2NrK!oXV z0CC(x;?S1=2zH-+_Aw`%aKZpse)#bRbJ?YrneV>)&KIBF?Oll#7X2=}>{5jBh$WCR4b z2E$dJ6R0%D0VAS7oV)xm&doR9Y+iiv#jpVcZ@U0Z7c6+pkX?7(wOE9!t+rZg&&>au zZ@w{4J@u4%_0?Br>}w6c1SB*z(Tq3ZfSyv}Y@gVwIARnC5l?P={`u#h!ajcZ;fKxJ zZ@+C2dKal^7T9U0omSYY<;SMNZ@J}`V(cy-382fn$_5*3U=BU>&>}*E_HN?~z=nUs zui>XP)4Jeg9glng4O&JX&VfyO4KZymle9p(RqucY>$d+xa+ z8`}OT9i&pH8rh8;ps|bb&e6(b&uOI)@z3BF-y&{1;Uy zpzXZyQ`TB*t)lLQcz!iuRGmM53Ux4q`KU0A5jm=kp^;s5KubhYuH`^O0A$RI{rBI0 zMng1RYGOTb>W}%WUL(-Q6lJza2EN%=gb~j^`|O!`Z+Y%GruW@`Jr{81Yoo z`C_|1|NQd@V!Sv~oMd_T-FGFd@oEDfps$PX6xxa4kW&}3FbShH<;smW4fq6A!ZU@xMvKd~KOe);8{#H710IhyE4 zX2jhwt=3^tSt;yf!f~!3 zKJ^16MX;4|GJG|13{P3g@M=2}KTDRJW!7DHoxY!JOd9)AO;3YdQUcln4AX<`D7#Tn zA2P4`JA%AJ6og%t@T!k5p#=2ePHrECNQgb?po5B4T|HD<1p})Yg4v#7fOeaT18Ci< zX0dWSi|W7XLnRya9j#Fr#Y!3mpiz9tmzcFZOyMfqWtSz)ihWHOQzGAy0JJ^+L?H}< z#anKBu#3O=f^_xMMW8;!yr>&T!xROsidPUcAuq~Gt8rXRD54!WwX#RHsD=e-O9Q~B zJe8s+c3|x5HgnP*14CoC9s^T;G&RtM?q@pjShga-OeI=daNcf3m=*w;tw_Bcw;&`X zpqU1m${tcJPm6_05`qf0n9r~QZ5J{jSQ1PqF@WuoJqw(ZGUO5n!Pd!MBfCIAPl<*V zN%Z2FV~#28d5 zH71G6zQ#`?+e=upnpYSapovuyvf{*X+jc`Z2cfbm>*_9~LY!JfqLcTkQx9JAs5C|h zlxUJUtkxal>2ux?A0gH=YJi3=K+F!!ZY>GVqSPq0tzIcHG(b1mjaF!AEegh2i6lta ze!EU|*s(QC(SnUNwsc~mD5yI9^wZ7OTW>wk6}82r!ei}9qX_7-eNAA1`W(tto0J{A z;G{fZ+VZ23T@;gpU^|Y`atoH5(wsF94!{#nJW*(9D&$;oXf3F!?`fD4GPX?yP?u7d z3MVFwmJYqe$j)(;0Zlv}dzwrmrf3_W0W)FHf`!2(yF2|7y4rnz`VHSbGdDJ&J$^xYXtl`9L$f4ltwOC=VcAJ`#Y2 z09GJ%!LH~A6ULUrDJ0PlyFzQ28rqs1@Po`K$Fr(thdrJ}D!j=#6uJimsiOqwa^)n^ zj_MT;b+W;JCN|C4&#Hp+-Cd&|!9s`-KrJ)Dc2}JSlf?`nbOSL|Xz4UoyZC*X5@K%f zZh1U>3!LR@)Q4kC+$Zg2c8pM_u+DU_m6IG4Ks&c(gy9oqr^ueNQ;yBmRZePT7sZAy zgTMltuobqoi!eZp*N;;`0aCF_eN>bKff}ZSfVvouf9Caynhq-Ps-_rDF<;N(oL=ZN zYz>W82EfRhIJB$skNIMDa?ua}t^=~=iAHwO0c|IPFd>i?OD4&60BtKL3C*!9OG-;oT%n91qWwDbr2Q##?OA2T!1Xecj zNdoRtkC@U@7~~t~)2wn2B+oXT#&q3yfPpxD^`r-OBr$2OJJ3E|0-9ZvYDsD{*j=0M zoGvde3XRanL@+|HIG9xA5QYM1n@z*?z`llA6gRo-YqD%a25>B-_H{BqPfN9KJa!_& zci7YAhqk1``IDPe{f2KSpqtES>|_owQ#ncc+7-PZ?8@mP@(ai*#Eh~$D)Ulm?hh5v zcH)#=a$pu9j^9~3$f znCBp7)4_llfX(ZPJZmA}8k;o%njHw|kXwq%5A&wdjKwL}(z89p0yMzIzu{aY{*CM0 zC-a8y?3UyYoF{RlDz?NN&F(rffVOmyal(VV3vq$07vOO+vuz z;8PKlQ&u0gX+8<3Ijs`|(Af6uAlS;T8fJKoos6Rn-|+)93sJ)3kpQ%0AzB-{i70!~ z2|;^%-fZ0W>Ms_2oq02Oy{H5`r~3d7e)^W|T;y{|Ij-86u%s6Cg-(ZmGmYKdQ?u_g93HZ}23 z{<=83ST|3X5STYH>AG))bM>z81?f^i!@F&^*+z7i1~xIFH*9ZQg=b<;wmjZ!#$P^ybz*QFUH3;@C&qpjSd(p(&&-`_C#eLWv0cj#^L*fe z2Z~eSK2FvwFY7sJ&5OeiKfF)^E;(cV0AzNz>Iara8qm|^58iDTYD5a8kHGAfs~rye zn!^P4V)V9C5sZf!LYR*N87>t3@85rg29JQCQWKYQfNs*@d`GbAgmLbYn6ytSyv)n; zOzlNK>}DiLT3#?Yo6LPA>z@2c-=#;e%S+)*ZT)Iuii(qfvv5h8WD#8av4a{-&A!0or+-h9`Z za_f)?fw__jubLguO}z?PH>qh<1vGW&9EAhSt~)VESL2Kly^!4LETK&!yQX(ELo_(1nNF>lNSQv%qe|45cB($~h(pN`l#+y@sw#)=DWW2CbNuxKFsd7+N6Z>rwnp6lBW&u3r zS$?o(3EyGwOP(sAF~7LvrjBOXvS7I0w)OZ^1M;M_N#-qSqZx1R0lFj%n?@%?$A#VH z_%#}k(#@E+7$GF75HJTgo>jddoj#~q;~qT8m0?vtvnyfF5Yey?bHYw0dO{)0;{vY@1@h1U|k5Ht5rcdI+T)$hrAf41b zr^2b3a6MH(vpZ3eOSK$y6ES)Dm6y${ue=&uci}^uYu=LIo5pK1UFJNXEmP2l*p-C$ z05r*h*kJb2(6nW7apQmWR5#H1AXMtUykyLw0Gd-Iy_WBC#1u$7Q-qxLn2@g! zuyaYWa7v{7pn18xkjlZfRQRlhj!#SV#vfnWJlIy-R5P9e(BX_z$DtKNYnT!u2+equ zaZ*WGjY*TD=Muv|5ruGwe+=IXQUcg=Vl&pPFlQwAIhPs918Aen4%aa$Z@i%aAL=WV>4YOhV4vd4=vqv2VU0D{nE-BIt0Bn?`jti z_x>$evSi>C3AGk{4zB4`bp~_>bYuwkcc%q3TAA7tjz-!0r0I*~3ek?H0-`w!=$IH3n%^# zNse;VuO#?FlEt2~aUI8s257;;9tKW)aLMAy8d@MopC+k=o&lY0Xdirfw~Y;G*Or|D zodN9)QlA%M1KKtAK>28ghv-t%rWr4r94^Fo{;m;15qnkwacCM^JK-9BHg%=pWd^h- zU|r2MLU8rj_IrFl$BlA?(5B&K26PC=BPLd~(})k~=9y>!CZ}s~A!)|TfR=My)KVh^ zQO6C9vJG8v3b_i*-o6w2R7XtPNGo(()RQ9a4IjJWWgY#D1%0m1MM!z)GK*6#RxK}Q zt^z9@lQFzG$tA4OxxUH;7Z)Y(gMsUUF(KXdyBc_6b{mXAS`GsZQ<{5s zFQmBRx#`S+t~iD9ij&;JwnJ-dBe!UqZOoJ!vl~D+^ELyzGeFBB=LKl_I;ovNHvns< zHT8HI(BlSZ`8vsf4&;^V_0)@1Gu{~4&^lGEVTwzzZNH};FKg(mp+oTMd^ZEy$s%zB z4KK$?LyP&)*HFV0-AGe!xyIA&GtD!~8hV;H(~OM*XkQ_DIfWtU5&$fy`x?SsfDRh3 z=H(3NW!2;u^2h6A1KIYM0i6oaEo$3KL;I@#3UX3w%+%vG0y>aybqg>xZIbbnciY9~ zju)T zq8z>?WDV`hu^hIOax4Q{$|+$xjaCtMUE3^$hPDHzrcE>6=mR=%ch)ea6=06}L?6$A z_6+C&8+wh&iHW88Zo3dQS$bCm=zv9=0X+^*VSs?ExKsfw0Nkm^%YYsSKnDP7BmixC zrblKn!IJ@<0o^IgvW9MEukXgI;pK3hLSG6MP}DF*G0e;>smB{R4INRY8eR?;&>_eX zzN=x1u zaeOWVIs{EM?`A;9W2lCg8PGHQk7JN%gb)IOWkN%H+*_Uj9fGE;p(Aszzq=XbFdiny zeC3DC{CJpJV}_0Aze{8d-C1Hq4z%nP%6a92c>ZY6vIOX!F%wHCk{@13c^~z7XlU26 ztY6@o-EIVJXdUrQI&bXa(4ORv2cYFUQn}?E0kn>I383Tl98ar+%xhEt?YRy`BxgX^ zu!+h()9WSuWL-8nM0j;J%77k$Fq%dPPRX`3h@+up`c*`mtSb@8qVXy{ji3!JqE*~T z!xVAnLs>xmh=~Je8O89D-EN*oqC?hmJo9a20Uc|h&pkl*3qLiWo6MYYakIIPlDyqr z82-2SpV<%Ov6p!Iy0SlGmtbL6+LqI|04Oxw)5S4F;&ShKYrZB236=*x%MXV3%y4K{ zG)a2I*wOlZe?x1pDr-h!kIJVT9um@0Yi4}PPIF`OS!^JDg0tYmG?|Nx8WWWtvU>hs z;Ltc*CwG4I;k5ZbTg*OM?l-ILSfzU>IQHe#HNKY{cU%9tF)gfm+X2T=vr5;@%GWMT z4cwn4`@a6p7FA$maC)Joovf?S@MX&Wmqy?3@LM~ZOO}a5?gTnfwZt`|BqgyV)hf9t z6-Y4{85kMq8kp-EnS>aaSQ(gG8JlPu7+4t?7(}f~L(!0%pOTqYiCcpsyU;D5hVZJ8 zh?1bha)pAT{ItxRRE3htf>edff|6tghKf0lKk;xBhG}S=@;`mX^Jx$Rvog0{GPkg@ zu=ivUW?==F29v`n%*vZX6i(l`a^lFDBQi(WPd9ih@X}*=B`#R<$;oso&+pqWsrd1OA6PA@CQ90#dHba!WMGk$Y<{kn%O(&2x6zv1iR)FNcHX4X1h796*9lOtVadSJz{)>GKheNPu95fFwnM^RB z&x06{|{nBv!upMf$lIwu```T7mB*;Is4Wp|$L;H-Ow{-BSmt7}kV6W*$Aq1|q4 zzoX#@S+-PqaUA35^^qo)Q>j$YYPC>#R6)Q03Ck=CK7R9*2+0hKFRVx|LcP?NZQMl1xd3dS5jgv%ltzNVHfU~D0o9?OV6?&PF;HM z+y@NgcRjHfc`W@Ed%*-IU7eDMHcE)e-c@Ne5NFCcNd2L?fqx=19|Kvp1!W^ z&)6kc*p;^B^etduV4Uyi;uvCadh6uaY+*-{w)y4extkZRy&pA^Z4JlDCMTc241x>y zo|^kVOrNW3I+v2`ir(DFgSWyi<;>dRS+==)&yCpRdV3N5H;tBO=2(6{XKb8aGI9Ux z!#C9>8W_vYq<(B-n6fqa&i|wnXW#I1Y0irLnKkK~+m3VkO4?#;KAm9<`EW+X;n3Hh zr74ScZIO=1U8_E6rugHt9xq*HP1v#h)zk0N*JjJ-aQ-@cYwlqM!G>s&V_TPIJzkpM zrS?3GSM~Plqw3~S^|1o$)MwXx+4K2Tuts9@s{0ckw)}hc_4v}g0XtN=zOtXr-`&UZ z>aNUhEzXw<3U^dg>K^>M;op@U86H-F{!qK)3@3m5ae5tV+7gqTw+?|42(e4 z64!{5l*E!$tK_0oAjM#0U}RLUYhbQxWD;UvVr5`%Wo)8tU|?lnU=Xz`4Mj(8eoAIq zC0GYm4UX(Ww}2YLt3o15f)dLW3X1a6GILTDN-7Id6*3D-k{K8(<~;ty!%-Nfp>fLp z^cl~mK@7~w+)j>gcVjthFHi)9)HD1xCTKzUGHo`4CkA^hur=s<;y1 z!(dr8+LNq`Zk~5Dz64y8?7$S1f*U54h!q}|b>>=31lGYKA&`kW5F6oe*vA1EAp`_$ zITusxFUng6s(*Kk{X+Ro!0G3Jjr#j=pjM+@oKHd>1oZCAvS8XA;}B43Sq=4sa{@WU z8tVK`IE6 zAuUIGR_CcC6qPegBCQxFk|O*7EeU;GlKAi-u~-b{a(@}cV$si6IawctZ-%(Trw03g zf}^(rw{DH1we>?RFE86za$tg;P%$-v_{`#x4oZMbr_Q!Y8r0j{i?OjWEG;eJ@bE8m zbVQI!rEvG&U7WqGO24E8Ixb$sS9k6plX;96FMdUh@Mhc9o0?Mrujv>DIy*a&OeWFV z+KNX%K7Yc_t3TvoU#C*o%x00x!JAc;K*H9{z{X_#;l5=x&n4h0Vxm>cx zxV@5IhC(3>4-ccSuMeA>o7mdon-RQrRbXmr3bBu4_-^rAdCe($a#})m7~7?kXB5 zGJkRN5M}J?>A~ROAkyEYnS%u#Pz2TJ=qM_c3RYHDkk9A!35ehncw}S*g+c+DOa_I* z5jzb<6Cn~H$Yy6}v9Pcp$51Iu(_|HCZ*NB;F@oqvQ9Rjrg6-{XhJTI4GI_O#1Afb} z(Ady~__a9tKaV4q`wiJ_mhHg%OiWDR3SRR+-PPUd1oZpEKM~PfvLV zXQ@aef;Yt?-d3x!Ln1PoW*uf`W*D~n`}-hRA{Q>;@7J$=l2iF3T0W@)>3>6- z{?Dad(bWjXn+C35yN(Y+A*`>hu{E52(y;M%)T8wQl8q|?I*#jj`^DaiBU+pf_IJLR zfrf?#G&VM(RN{WXWN1s6U{Td065uCfAPE(egAcXysN=}hMLasNsA+YkYDuWBDHy7p z`aUjuh|Ryc7^jIyWi>4IIJQBs%YUnCUY5-ueREux>;1=ziP}xQ-@QQOWB@hg45x+J zJ;B!#DoH6EAk$H`E{#a`1EwK8pFRZjgkC3fSAgFgbX8#_GHpl1ds*)_Ox3Q_?W)%>Uhg1YoOjXn_k^ytTrB6goJJBSsMR7# z5q$PGDREY038{S?v;NO<8ec;qjDvfpeGk-J*@bzCiUg`ab1_k+swVI+ICcTlFPK!x P00000NkvXXu0mjfYQKeg diff --git a/static/favicon.ico b/static/favicon.ico index 10bbe3a67cfe73b9577c6f78c1eeb8faac3111aa..cd82da1a0b9fa01dbfa125aead339635431db10c 100644 GIT binary patch literal 7406 zcmeHLhgMrj5-oy>GVp|ugh-NjB$44^7>vk4h-{m*wgHR9K!Xj&Ip>`7FU(i%w`||; zexlKMc6N7mXU?9b4)yBRt?KSl>j7O<d}i)I{87(9bzU$B4-9SAGW3-#C|-C;g2h zM9(}#)jWp}p%tzeCnQrE@l29C~xH^zPj|s;a6Yuh&bvySrpr7QK1% zhAJv5=Ciw7tDeXV0Fc$;nCT>FJ^G z-@o(E+(a*4yr4iJKu)KV7-Mw$^l2I&AE$6QOkcl#rG|zEdiLxYm6esz_3PL9KIGBH z#s)1eF4FPi$LaIu&s0}eM^BzSp^}mkx_b30oj-q`=I7@r5{b~qk00sLqeoO!R796A zU#9lOsIah*E?v4ru~>{wo;*o|gM-x8)<$pNzNN~_O1gLN9(g<- z+S%Emm6a8mnVF&f{(fq0ZKc<*Uz2H?R8UYr7cN|&rKKgBnwp~C-d<{MZl;$nUs5m_ zq+7RcQGR|tojG%cCMG7RyStmdefvg@jg9pD`E$B);|3XqL7SVKG&VLyU0q%D<;xd( z`t&K4mX^}BYu6|@H<#Ae*R?PB5FYNpZ|?vL9T4Rvuqp*?LPWUstJ==87%+^7RrS&-6XJa7l|V87x|J-oQ1P0Uyh2qU{$gm0i!g5 zk}O+U4abdBltN=U~vc@;E ztWa#CL@SDk2;xE*^B&s?Mi_Tk$hWn*%a||RT%I5QK&toG3kav*4(@)A|l#SoVr||FKYqo>KU0&|7m|XpP+6z zC7vH*%n>c^tIq+$)mm~k(##%rgo|g((ZBeFFCT1gajc`4@2^aV{55sHXqZ=H=UZo! z$F(ntS>C$Rom1lLmOC|da%iLYxFsFNVwbBI;tsR=>pQda94aVQv|@7w7Yk=+X! z(r^qsmb83p=PnKmF7oxbCltnVjgK@I$o;pr8yi$P{0#|SOwG&@u9nY-SS^MpIqK!e zb*XO`F+NS%>0T$*sILVaR0#{Egd4jeA#45ODia*@oj70H6wd)E10u?uz{J{Oh;>)G zWjQR+o`u5gFt^Nhq{aL1nl6mkwEBIJL69n-jBpq0lhmB-U=*I*RqPx`!tlM4P`Zk> zqxQsnD1?cpZKM-_A_&!lNvw<(00axwgh{N7761eb)r3i`j1~X{3)O^4tc(@_1Pj%K zNvw<=&{)1tzbYZd_)mh^b4aVrqy;oqK|82LY--;k2-Sp1tc(@_1Pj%KNvw<(00axw zgh{N7761eb)r3i`j1~X{``ag^!;Jst4xmrrO;bGBNqNlX`NxP5yQSXSp@y?w)KkOUzo^fkyOZ1EA6aD-`!0r># zAJ*5`ANGd!J9KFO=XZd=-@i+u7`^{EI2Y&Rp(xOg9tVf~r@i?4`<3i3q1PwkyuK(G zREjL|*iRRzZXkiMT~iJj&X*I|w6aleWfD(_)^#_Tb>rdq%yLjPn%dLeZ2F^STYHk3 z*WE#O5r{|4^8CpfH;_M&!KW{6n9Par_2evOc4zW*iEyHk>JbxZ!IWyNg(FD8P+IXZ ziA`5~w%||~2)MZ%x&3k;?#XdJz}W}q4csN;?i+W4Cfqo|uzbmTVaQGQ-GBO3gIf1!?&ihLM!*HZls+^4t!?S>*K`Ny#-l-l81LX*m4Z f=|>GmdNGGW40kY#&lF#f=V(~w{Ik#B`+ff%PZ4Fs literal 15406 zcmeHNXOmV%7Jj#Of4~I75R{CApgZKG1SusCpePwxGRT%zSt41Yl7oKYi$7=oR_}Sv z>8Ja2-}_#MUH8*ERd01T={ceM_T0X`-d}ou?F|g{q@CS6|F>RmRj=2ZJ=?~kgT3DG zGB-9B=?ifn@XTs>BMVbf8%|O_>V@H@fcb>_Mf5_3og$u)} zlc&Ps#fu|G^J9|4Xy?uy;o!l8Y8SCMcI>FdLF8u4m=V4@a6mCmo;+D~vDSc`QZQB-OJE$>v_uY3D3v|PuA<0e3gN%J2F_}C`?6_Qdy4I=S!W{LXo~+(j zTks7w%y*;ZyeV$c;p;|iM7=7fxY}wC>mb@^%}4u)zs3eN6=~odhTlTt9BPg02K9}3 z%mGj0(bx(`C+F+0byIkYN$fMT<+n+G*q{3SX`CZITj$K7#ayvRUzrE`kYphrd2}wu zi*wY$*30?6(h<8DC*&A0Y3R{d=G=qFV#m6%vC75xLf4z^o4ss5$AEL#cMOl!iRrZc z1w7T$hSlTTamxflaioa3JB>BzgqIr~AZY{Ac5V2<*n`!%2E zm`l@Z^Qq*dmT>Gs{pPTAyq5{W$MkEjbomzkg<(zQ)j(pVouTm-;KcZM6hD6a1CB zvEMdj5g*1zV~t!h_d;X5Ima-xboQ;bu_oZZ>EWEy<@HwhylwRHe4i@k1oVN`e8pLBI9$DYHH?jo=^UQn zi$+HaUu#|FOJ0AbtC<(f&zdzWoH+51aQpV{uwcQ0wSl z3*pY~J7MF-jhZXiO8ZaTM`$1Cz3;#OUgNiB&6<=$(6MI8XXC-JUe2&T{`g~DD~Ny7 zAH-B*DFQgbI{P0!SM(tV3F^otiS^h|4h zo9~_n{pr)E%X#-$c>45d*t2Jk+DJS#-uMi_UUKr}$?)vyvoJoMWipiLbq(F{8|QBDJQKU8&z#Y9#JDJr=)gGjqh7`uG@Rv;-v?61>(;MJaR%*%X!>*&I9PORdkw zIY(NP5+~ZP&tKqg?nkK4Twhp2+}prk{9+C~e?f=-#AC9=!WR72&$#nkjt6j31}*Jy zj-fm;F#a{!bJ!BPaTkG4*)8^n>`x z)3hJ=KUX_7Zq2`o8|l#LeeZ+hS8f{Xi_o2X?;uz2D#W=<~<_tQB*XzSv8b^6Q=lkT#a~7illdF-$m-LpH+T@6{ zX-o2-^Z;{Jv)+#mUlS&WleXA;9^Y@H_nU)UE!%I7I@p2_vB9|Cdx8I#dAui)SG2to z^6Pp}f;GeV)oq=Jx1krZX?^8=u%O4BQGXXL;T4_8bsAGgvc><$^BzV0Y`g5diPlDE z?bS5S!>+!!C062(z7QANS`X*hmh|Sj_I4?Qwrzj(be#45*!Syr*JICX|1Mk*CtD{!~6P2e83@TiZrw z&9u>|gV;H)+fLbPzbWyTxo+2EJiysbw>-DgOcpfK&EJXG?N>jxe==@97PR5#*l)$} z@|a~yY>@Z(sn54rwp7NLG;%tvYj!752i}uF- zvt!*&1V7{0g#kRI(_hMYnxA7Ia+Kv9TI$KPX6?1%r@lYBWt=CZx8Gh}%>%#x|3SwU zkJ;}Yl>BCz^`XC*b88JWtA}O{7_NSH zb6pm?VPEvucJG09HchWo$)cQDX(@R>7w;q!ZZI_-V-D22=e^lPv<6Zh`@d3U- zZ

aT8+0JPY8dkbKt_a4|qST{}=oEce(rY(@*t1;hHsT)AI}W6U&w@i|-E08u?%1 zNBri^o2PdNcprK0+&TT$!TarVgZl-1KY{n;=BMQq^LQ8hNOa(?0e2wK?PcqC1)$aO z#+do!zRG>Oq}iRz&Ye5Ml`B`m-Me@7+l@u?4G3*QPb~{vxTC@MCfN?w)v(@Ad@1)+ zpyQqJ`1pAL_m{EeYD~31z``H%h`4mq(X$3AFFmo5#@p5d-zJk>Vn3BUA>Kkr?5|Bd?;)D-T( z4j(?O-&0XEf3x8qnp4?NwHr5#KIPqAhwk6Mukpj0Z{jbX<7;J)LyhAO3ipq=bF6W5T;eY=AXix9xSM0W zdAa_wa&Cz+Wh`Gje=c`tPr`-`8zTOkujEh6CGO7pCwnl=0uP zWsAmO>(;Fe|C{kIW#K2*^r1rswSMp1xuf^BID^!9F{VDYz>4@CIdUYteECvq;EON5 z&|HuQZ9`V#hW!(9!=8`&n?8Mp(=WEbBQ{Ifi~+eq{BXw%+qkd99*lR$YP-Sx(h)G}QLWl`F$_c@DgK^-9|7 zazDIU^X~aPUf}d&&xbzi5O=MgefF7tkMP@Xzv>;1>ezz)Z-GfU2nyLa!_x_B<@8+Z75PtCquxpFn&IfS#O z&kJ=CKfWKu9`#(-Cw|y3P~-jL0{JHX_8Nd)kDs>D;@N;Z>Q}E`YU^W#=j`j(uXW$% zc?L4RCb33FMy7>}7cc64FTPE{vx+wQ*#*5Df38vRLQk?ApBJ=&=jFO}>-AjW_s8R3 ze;rU`YuCzIQ*^ZbpcnG^P6Fo=FHgHkuCn{K_>&%wCF-o>ggoGRg=aR_Op>iIK(3Ze zyfJQmoMI@ne)v5PWx0Mi_AU6!{bxvHiZchEGZ~+(i;3V*JXPJMdCO%Re#WD%<#{;M z@?M?in(q=|C(&ikPyHDC{$nRs-@}S*(i?Tw{`eTfh9B2`(wn)fVp!E4vDf;jhkD!g zF2kGmx<3McjRWJ1p}B_p;isNX+3I<#_^TQ-J^36(y>;8L z%{ty3xAEuoYx$~qh|%VAPGK|48a6M>HC12}-^oM0N_R2An0P5$k1wnt4zzZ<#kz}D + + + +Created by potrace 1.14, written by Peter Selinger 2001-2017 + + + + +