{ "version": 3, "sources": ["ssg:https://framerusercontent.com/modules/xkgOTPH3D819XQA1Lv94/wPvNQpN3ptaCzclqZmWl/WJBZI1Ghk-81.js"], "sourcesContent": ["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{ComponentPresetsConsumer as n,Link as o}from\"framer\";import{motion as a}from\"framer-motion\";import*as i from\"react\";import r from\"https://framerusercontent.com/modules/pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js\";export const richText=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"A good friend of ours and former Fluid Attacks security engineer, has been working in that huge scientific project. Andr\\xe9s is a final Ph.D. student in Computer Science at the Goethe University in Germany. His work has focused on securing the computer grid that allows many physicists around the world to analyze data on subatomic particle collisions at the LHC. He has a fantastic record in cybersecurity. Before starting his doctoral studies, he found several serious weaknesses in commercial software. One of his most striking findings was the \",/*#__PURE__*/e(o,{href:\"https://kuronosec.blogspot.com/2013/07/directshow-arbitrary-memory-overwrite.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"CVE-2013 3174 (MS13-56)\"})}),\", which refers to a Remote Execution Vulnerability affecting Microsoft Windows Systems. You can read more about Andr\\xe9s in his \",/*#__PURE__*/e(o,{href:\"https://iri-wiki.uni-frankfurt.de/cms/?q=node/90\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"academic profile\"})}),\",\",/*#__PURE__*/e(o,{href:\"https://iri-wiki.uni-frankfurt.de/cms/?q=node/90\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"blog\"})}),\" or \",/*#__PURE__*/e(o,{href:\"https://twitter.com/kuronosec\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Twitter account\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"What is your doctoral thesis about?\"})}),/*#__PURE__*/t(\"p\",{children:[\"\u201CIt is about creating a security monitoring system for the \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://home.cern/science/experiments/alice\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ALICE\"})})}),\" computational grid. \",/*#__PURE__*/e(\"code\",{children:\"ALICE\"}),\" is one of the major \",/*#__PURE__*/e(\"code\",{children:\"LHC\"}),\" experiments. The grid is made up of computer centers interconnected around the world that allow scientists to run applications for analyzing data obtained from particle collisions inside \",/*#__PURE__*/e(\"code\",{children:\"ALICE\"}),\". My project is composed of a software framework that isolates applications scientists use in a sandbox. Then, it collects information about the behavior those applications, classifying them as normal or malicious using Machine Learning (\",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\"). And finally, it allows performing actions upon detection of malicious behavior, such as sending alerts or stopping their execution.\u201D\"]}),/*#__PURE__*/t(\"p\",{children:[\"That\u2019s amazing. Researching protecting such a tremendous scientific \",/*#__PURE__*/e(\"em\",{children:\"\u201Cdevice\u201D\"}),\" is undoubtedly a huge challenge. Andr\\xe9s has been featured in the prestigious magazine \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://www.scientificamerican.com/article/worlds-most-powerful-particle-collider-taps-ai-to-expose-hack-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Scientific American\"})})}),\". He told us that the \",/*#__PURE__*/e(\"code\",{children:\"CERN\"}),\", owner of the \",/*#__PURE__*/e(\"code\",{children:\"LHC\"}),\", is a constant target for cyber attacks and that this is not surprising: many \",/*#__PURE__*/e(\"code\",{children:\"CERN\"}),\" systems are exposed to the Internet. We wanted to know more about \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" in his work\u2026\u200B\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Tell us a bit about how ML contributes to the framework you developed\"})}),/*#__PURE__*/t(\"p\",{children:[\"\u201CI used two \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" models. The first performs a classification of applications into malicious and non-malicious. The other generates synthetic attacks to improve the training of the first. I used thousands of examples of typical applications as well as \",/*#__PURE__*/e(\"code\",{children:\"Linux\"}),\" malware for training and testing both models. My framework managed to identify malicious software with an accuracy of \",/*#__PURE__*/e(\"code\",{children:\"99%\"}),\" and less than \",/*#__PURE__*/e(\"code\",{children:\"0.06%\"}),\" of false positives.\u201D\"]}),/*#__PURE__*/t(\"p\",{children:[\"Impressive. We see a link to what we shared days ago on \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/seek-chaos/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"antifragility\"})}),\" and this cutting-edge work. By constant training and exposure to stressors, the framework makes itself better and better (just like lifting weights). According to \",/*#__PURE__*/e(o,{href:\"https://cybersecurityventures.com/cybersecurity-almanac-2019/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Cybersecurity Ventures\"})}),\", by 2021 it is estimated that cybersecurity damages will add up to \",/*#__PURE__*/e(\"code\",{children:\"USD\"}),\" 6 trillion in the world, \",/*#__PURE__*/e(\"code\",{children:\"3\"}),\" trillion more than in 2015. These \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" designs, capable of detecting security weaknesses and responding are seen as an answer for the rampant threats nowadays. If you want to dig deeper into Andr\\xe9s' work, \",/*#__PURE__*/e(o,{href:\"https://arxiv.org/abs/1801.04179\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here is a link\"})}),\" of a recent paper.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Design architecture\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/FOV4WUlv3oxYIvIODd3nI93Z0M.png\",srcSet:\"https://framerusercontent.com/images/FOV4WUlv3oxYIvIODd3nI93Z0M.png?scale-down-to=512 512w,https://framerusercontent.com/images/FOV4WUlv3oxYIvIODd3nI93Z0M.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/FOV4WUlv3oxYIvIODd3nI93Z0M.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/e(\"p\",{children:\"Gomez Ramirez, et. al. (2018) Proposed Arhuaco design architecture.\"}),/*#__PURE__*/e(\"p\",{children:\"Now, we turn to more general security-related issues with him.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"In your opinion, what trends in cybersecurity we should pay more attention to?\"})}),/*#__PURE__*/e(\"p\",{children:\"\u201CI think of three relevant topics:\"}),/*#__PURE__*/t(\"p\",{children:[\"One is the use of Artificial Intelligence (\",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\") for both attack detection as well as for vulnerability detection. I focused on the former in my doctoral research.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Another is the implementation of cryptographic techniques to increase reliance in execution environments, so user privacy is improved. For example, by using something called \",/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/e(\"strong\",{children:\"homomorphic encryption\"})}),\", an end-user could cipher his/her sensitive information before sharing it with a third-party (i.e., a company). The third-party can then perform operations over the encrypted data and finally, the user deciphers the results. No one (especially potential attackers) has access to plain, actionable data. Homomorphic encryption is used, for instance, in blockchain-based applications.\"]}),/*#__PURE__*/e(\"p\",{children:\"The last trend is the emergence of computer systems designed from formal mathematical models which, in theory, are vulnerability-proof.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[\"An example of that vulnerability-proof software can be found \",/*#__PURE__*/e(o,{href:\"https://github.com/project-everest/hacl-star\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"As a company focused on proving security in an offensive way, \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" is definitely a focus of research for us. Although we haven\u2019t yet got dirty developing \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" or \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" artifacts, is something very likely to happen soon.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:'What threats are worth \"having on the radar\"?'})}),/*#__PURE__*/t(\"p\",{children:[\"\u201CIn general, with the rise of \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\", I believe we will start to see more attacks that learn automatically from the environment where they are carried out. Attacks on \",/*#__PURE__*/e(\"em\",{children:'\"Internet of Things\"'}),\" (\",/*#__PURE__*/e(\"code\",{children:\"IoT\"}),\") devices have also wreaked havoc in recent months. Finally, the leakage of sensitive user data is becoming more problematic as time passes on.\u201D\"]}),/*#__PURE__*/t(\"p\",{children:[\"IoT weaknesses and leakage of sensitive information are well under our scope. We provide \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Continuous Hacking\"})}),\". If you have IoT devices deployed on your premises, we can help you identifying attack vectors, as well as providing ways to increase their security. We can help you to protect better your sensitive information.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Our services rely on highly-skilled security analysts as well as on technology designed to deliver real value to your company. But, we go further. \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Get in touch\"})}),\" so we can discuss how we can help you.\"]}),/*#__PURE__*/e(\"p\",{children:\"We continue our conversation with Andr\\xe9s.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"What do you think is a persistent problem within organizations?\"})}),/*#__PURE__*/e(\"p\",{children:\"\u201CI would say there are still many companies receiving well-intended warnings from third parties concerning security holes in their systems. But, instead of taking a good skill in fixing the problems and thanking the contributions, what they do is threaten or sue the guy pointing to the risk.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"This is a sensitive topic and a critique. We know that some companies foster this kind of actions in what is called Big Bounty programs, with clear rules and rewards. These companies, presumably, have reached an understanding of the costs of a cybersecurity breach, so these programs are a win-win. Is it a matter of rules? Is it a matter of incentives? It is a topic worth discussing in more depth in the future.\"}),/*#__PURE__*/e(\"p\",{children:\"We want to conclude this post with two quick questions to Andr\\xe9s:\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Where should companies focus their learning efforts to improve their risk management?\"})}),/*#__PURE__*/e(\"p\",{children:\"\u201COrganizations should adopt a data-driven strategy and invest in automation. They should also invest in research to stay relevant in a continuously changing field.\u201D\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Do you expect any further development based on your doctoral thesis?\"})}),/*#__PURE__*/e(\"p\",{children:\"\u201CI am exploring to go further with the framework. The idea is to push what has been developed so far in a research stage into a commercial product that can be put to work in different organizations.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[\"We hope you liked this post in which we shared some experiences and opinions with Andr\\xe9s. We would love to hear from you on these topics. Drops us a mail to \",/*#__PURE__*/e(o,{href:\"mailto:communications@fluidattacks.com\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"communications@fluidattacks.com\"})}),\" and engage with us!\"]}),/*#__PURE__*/e(\"p\",{children:\"Thank you, Andr\\xe9s!\"}),/*#__PURE__*/e(\"h2\",{children:\"Reference\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(o,{href:\"https://arxiv.org/abs/1801.04179\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Ramirez, A. G., Lara, C., Betev, L., Bilanovic, D. , & Kebschull, U. (2018).\"})})})]});export const richText1=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"As you might have noticed at Fluid Attacks we like \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/pars-orationis-secura/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"parser combinators\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/why-we-go-functional/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"functional programming\"})}),\", and of course, Python. In the parser article, we showed you the essentials of \",/*#__PURE__*/e(\"code\",{children:\"Pyparsing\"}),\" and we also showed how to leverage its power to find \",/*#__PURE__*/e(\"code\",{children:\"SQL\"}),\" injections in a \",/*#__PURE__*/e(\"code\",{children:\"PHP\"}),\" application. Here we will extend those essentials to show you how we used parser combinators in Asserts, our vulnerability closure checker engine (considering that we not longer support this product). Feel free to refer to that article for more details on how \",/*#__PURE__*/e(\"code\",{children:\"Pyparsing\"}),\" works, though I\u2019ll try my best to explain every keyword used here.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Parser combinators are particularly useful analyzing complex expressions. You don\u2019t really need parser combinators to break up email addresses into usernames and domains. For that, a regular expression will suffice. However, when what you need to do is more involved, such as looking for \",/*#__PURE__*/e(\"code\",{children:\"SQL\"}),\" injections or analyzing source code for poor programming practices per our \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/criteria/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Criteria\"})})}),\" and recommendations, then parsers are our tool of choice. This is one of the tasks at which \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" excels. Determine whether a vulnerability that has been found in the source code by one of our analysts is still open by doing a deep search within it with the aid of parser combinators. Let\u2019s see how that works.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Suppose an analyst was auditing some \",/*#__PURE__*/e(\"code\",{children:\"Java\"}),\" source code and found out that it uses the insecure \",/*#__PURE__*/e(\"code\",{children:\"DES\"}),\" cipher to mask the information of a bank transaction in the file \",/*#__PURE__*/e(\"code\",{children:\"transactions.java\"}),\". \",/*#__PURE__*/e(\"code\",{children:\"DES\"}),\" is insecure due to its small 56-bit key size which could theoretically be brute-forced in 6 minutes. In order to report the vulnerability, they could write a script that automatically checks if the vulnerability is still there.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Asserts script \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"expl.py\"})}),/*#__PURE__*/e(\"strong\",{children:\" to check DES usage.\"})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"from fluidasserts.lang import java\\n\\nFILE = 'transactions.java'\\njava.uses_des_algorithm(FILE)\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Simple, right? Just running that script tells you whether or not the insecure \",/*#__PURE__*/e(\"code\",{children:\"DES\"}),\" algorithm is used in that particular file. Or you can even point it at an entire directory and \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" will test every \",/*#__PURE__*/e(\"code\",{children:\"Java\"}),\" source file for \",/*#__PURE__*/e(\"code\",{children:\"DES\"}),\" usage. But what\u2019s behind the curtain? Since \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" is now open-source, anyone can actually check out what this function does.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"java.py. See \"}),/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/asserts/blob/master/fluidasserts/lang/java.py#L395\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Gitlab\"})})}),/*#__PURE__*/e(\"strong\",{children:\" for rest of code.\"})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"from pyparsing import (CaselessKeyword, Word, Literal, Optional, alphas, Or,\\n alphanums, Suppress, nestedExpr, javaStyleComment,\\n SkipTo, QuotedString, oneOf)\\n\\nfrom fluidasserts.helper import lang\\n\\n...\\n\\ndef uses_des_algorithm(java_dest: str, exclude: list = None) -> bool:\\n \\\"\\\"\\\"\\n Check if code uses DES as encryption algorithm.\\n\\n See `https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-149`_.\\n\\n :param java_dest: Path to a Java source file or package.\\n \\\"\\\"\\\"\\n method = 'Cipher.getInstance(\\\"DES\\\")'\\n tk_mess_dig = CaselessKeyword('cipher')\\n tk_get_inst = CaselessKeyword('getinstance')\\n tk_alg = Literal('\\\"') ` CaselessKeyword('des') ` Literal('\\\"')\\n tk_params = Literal('(') ` tk_alg ` Literal(')')\\n instance_des = tk_mess_dig ` Literal('.') ` tk_get_inst + tk_params\\n\\n result = False\\n try:\\n matches = lang.check_grammar(instance_des, java_dest, LANGUAGE_SPECS,\\n exclude)\\n if not matches:\\n show_unknown('Not files matched',\\n details=dict(code_dest=java_dest))\\n return False\\n except FileNotFoundError:\\n show_unknown('File does not exist', details=dict(code_dest=java_dest))\\n return False\\n for code_file, vulns in matches.items():\\n if vulns:\\n show_open('Code uses {} method'.format(method),\\n details=dict(file=code_file,\\n fingerprint=lang.\\n file_hash(code_file),\\n lines=\\\", \\\".join([str(x) for x in vulns]),\\n total_vulns=len(vulns)))\\n result = True\\n else:\\n show_close('Code does not use {} method'.format(method),\\n details=dict(file=code_file,\\n fingerprint=lang.\\n file_hash(code_file)))\\n return result\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Notice how, in the first few lines (17-22)above, the parser \",/*#__PURE__*/e(\"code\",{children:\"instance_des\"}),\" is built from smaller parsers such as \",/*#__PURE__*/e(\"code\",{children:\"tk_mess_dig\"}),', which matches the single keyword \"Cipher\", but also any variations in case, should they happen. ',/*#__PURE__*/e(\"code\",{children:\"CaselessKeyword\"}),\". \",/*#__PURE__*/e(\"code\",{children:\"Literal\"}),\" does not make any such assumption: if its double quotes, they must be there. \",/*#__PURE__*/e(\"code\",{children:\"Pyparsing\"}),\" also takes care of handling white space by overloading the \",/*#__PURE__*/e(\"code\",{children:\"+\"}),' operator to mean \"followed possibly with some whitespace in between\". Building a regex to match the same thing would be perhaps more compact, but never as readable or maintainable. This is one of the many advantages of parser combinators over regular expressions.']}),/*#__PURE__*/t(\"p\",{children:[\"Next, this parser is passed along with the other required parameters to the function \",/*#__PURE__*/e(\"code\",{children:\"check_grammar\"}),\" in the \",/*#__PURE__*/e(\"code\",{children:\"lang\"}),\" module (more on that later). This function should return the matches in said file for the built parser. Thus the actual matching code can be reused. If there are matches, that means the vulnerability is open, hence \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" will \",/*#__PURE__*/e(\"code\",{children:\"show_open\"}),\" a message like this:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Asserts\",className:\"framer-image\",height:\"539\",src:\"https://framerusercontent.com/images/JyfzhfsT9IOtUjpDXDSMg319Js.png\",srcSet:\"https://framerusercontent.com/images/JyfzhfsT9IOtUjpDXDSMg319Js.png?scale-down-to=512 512w,https://framerusercontent.com/images/JyfzhfsT9IOtUjpDXDSMg319Js.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/JyfzhfsT9IOtUjpDXDSMg319Js.png 1919w\",style:{aspectRatio:\"1919 / 1079\"},width:\"959\"}),/*#__PURE__*/e(\"h6\",{children:\"Asserts open vulnerability message.\"}),/*#__PURE__*/e(\"p\",{children:\"Otherwise it shows a similar message, only with fewer alarming colors.\"}),/*#__PURE__*/t(\"p\",{children:[\"So, what does the \",/*#__PURE__*/e(\"code\",{children:\"lang\"}),\" module do with the combined parsers and the file? More parsing. It tests whether the path is a single file or a directory whether or not it has the correct extension, but really all the most important stuff is in the \",/*#__PURE__*/e(\"code\",{children:\"get_match_lines\"}),\" method. It parses the text in the given source code file to find out if those lines are comments, i.e., not functional code, so as to skip them. In the future, \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" will be able to use this comment-code discrimination to find lines of code which were commented out and later abandoned. This would be important because these commented-out lines of code might exhibit unpredictable behavior in the application if they were carelessly uncommented, depending on who has access to the code.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"From \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"fluidasserts.helper.lang\"})}),/*#__PURE__*/e(\"strong\",{children:\" module. See full code in \"}),/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/asserts/blob/master/fluidasserts/helper/lang.py\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Gitlab\"})})}),/*#__PURE__*/e(\"strong\",{children:\".\"})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"def _get_match_lines(grammar: ParserElement, code_file: str, # noqa\\n lang_spec: dict) -> List: # noqa\\n \\\"\\\"\\\"\\n Check grammar in file.\\n\\n :param grammar: Pyparsing grammar against which file will be checked.\\n :param code_file: Source code file to check.\\n :param lang_spec: Contains language-specific syntax elements, such as\\n acceptable file extensions and comment delimiters.\\n :return: List of lines that contain grammar matches.\\n \\\"\\\"\\\"\\n with open(code_file, encoding='latin-1') as file_fd:\\n affected_lines = []\\n counter = 0\\n in_block_comment = False\\n for line in file_fd.readlines():\\n counter += 1\\n try:\\n if lang_spec.get('line_comment'):\\n parser = ~Or(lang_spec.get('line_comment'))\\n parser.parseString(line)\\n except ParseException:\\n continue\\n if lang_spec.get('block_comment_start'):\\n try:\\n block_start = Literal(lang_spec.get('block_comment_start'))\\n parser = SkipTo(block_start) + block_start\\n parser.parseString(line)\\n in_block_comment = True\\n except (ParseException, IndexError):\\n pass\\n\\n if in_block_comment and lang_spec.get('block_comment_end'):\\n try:\\n block_end = Literal(lang_spec.get('block_comment_end'))\\n parser = SkipTo(block_end) + block_end\\n parser.parseString(line)\\n in_block_comment = False\\n continue\\n except ParseException:\\n continue\\n except IndexError:\\n pass\\n try:\\n results = grammar.searchString(line, maxMatches=1)\\n if not _is_empty_result(results):\\n affected_lines.append(counter)\\n except ParseException:\\n pass\\n return affected_lines\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"After testing if the code we\u2019re looking at is functional or not, it is simply a matter of invoking the \",/*#__PURE__*/e(\"code\",{children:\"searchString\"}),\" method from \",/*#__PURE__*/e(\"code\",{children:\"PyParsing\"}),\", which as its name implies, searches the given string for matches of the given parser. The module has a few more tricks up its sleeve, such as turning the parsing search results into pretty strings and parsing chunks of lines of code. All that again with the help of parser combinators.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The most important takeaway from looking at this single function\u2019s source code, and what lies behind it, is that using parser combinators in \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" allows us not only to have readable, maintainable code for our own use and the use of others but also for this code to be easily \",/*#__PURE__*/e(\"em\",{children:\"extensible\"}),\" and \",/*#__PURE__*/e(\"em\",{children:\"reusable\"}),\". Due to its object-oriented interface, clear naming conventions, and that coding parsers in it are just \",/*#__PURE__*/e(\"em\",{children:\"pythonic\"}),\", \",/*#__PURE__*/e(\"code\",{children:\"PyParsing\"}),\" allows our team to write and rewrite static code analysis tools that will change along with its users' needs.\"]}),/*#__PURE__*/t(\"p\",{children:[\"That wouldn\u2019t be possible with regular expressions. Regexes must be tailor-made, carefully designed with one specific objective in mind. One application. So that regex that might search for conditionals without default actions in \",/*#__PURE__*/e(\"code\",{children:\"Javascript\"}),\", will be useless for the same purpose in a different language. Such is not the case with parser combinators as most code is easily modified or reusable. Also, nesting searches as we did above (parsing before parsing to know if we\u2019re inside a block comment) will definitely require uber-complex regular expressions, if it is possible at all.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Just like \",/*#__PURE__*/e(\"code\",{children:\"uses_des_algorithm\"}),\" above, \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" packs convenient functions to test for many of our requirements or recommendations for \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/products/secure-code-review\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"secure coding\"})}),\", for several different languages, and growing daily. \",/*#__PURE__*/e(\"code\",{children:\"Pyparsing\"}),\" enhances a significant part of our static code analysis tools in a way that, as mentioned earlier, with regexes would only be \",/*#__PURE__*/e(\"em\",{children:\"ad hoc\"}),\" or impossible to maintain.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})]});export const richText2=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Imagine a medium-sized sealed carton box, with two or three glasses inside. If you kick the box (like kicking a soccer ball), the glasses will surely break. The glasses are fragile. Now, think of the same box, but with two or three standard steel hammers. Nothing will happen to those hammers after kicking the box. The hammers are robust in this context.\"}),/*#__PURE__*/t(\"p\",{children:[\"In cybersecurity, there are plenty of instances in which artifacts or entities are fragile given some inputs (we will call them stressors). For example, some default password designs are fragile. It is cheap to find lists of these and it is not so challenging to perform a brute-force attack. At some point, that stressor will break at least one security layer. On the other hand, adding more security layers to authentication (i.e., two-factor authentication) prevents systems to be hacked so easily; these are robust (although how robust is depends on the type of stressor). The typical paradigm of information security has been to go from fragile designs and processes to robust ones as previously unthinkable events appear. Think of how networking protocols have evolved or how \",/*#__PURE__*/e(\"code\",{children:\"IT\"}),\" infrastructure is becoming more script-oriented or transitioning into infrastructure as a code.\"]}),/*#__PURE__*/t(\"p\",{children:[\"A couple of years ago, a new related concept appeared: \",/*#__PURE__*/e(\"em\",{children:\"antifragility\"}),\". This term is developed in the book \",/*#__PURE__*/e(\"em\",{children:\"Antifragile by Nassim Taleb\"}),\". A controversial figure, Taleb is a professor of Risk Engineering at New York University. Beyond robustness, he points to actions and entities that, rather than protect, gain from randomness, disorder, and uncertainty. He called this antifragile. Lifting weights and administering vaccines are antifragile actions: people become stronger from this stressors. Lifting weights break muscle fibers. Vaccines are small illnesses injected. These make your body to grow stronger muscles and develop resistance against viruses, respectively. Antifragility is becoming better from struggles. If you google a bit, you might find that a Hydra, the mythological monster, is an antifragile entity.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Shane Parrish, who runs Farnam Street blog, has provided more examples related to this concept using a triad: \",/*#__PURE__*/e(\"code\",{children:\"FRAGILE\"}),\" - \",/*#__PURE__*/e(\"code\",{children:\"ROBUST\"}),\" - \",/*#__PURE__*/e(\"code\",{children:\"ANTIFRAGILE\"}),\". Here are two cases:\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/t(\"strong\",{children:[\"Table 1. An excerpt of The Central Triad: three types of exposure. Source:\",/*#__PURE__*/e(\"br\",{})]}),/*#__PURE__*/e(o,{href:\"https://fs.blog/2014/04/antifragile-a-definition/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"https://fs.blog/2014/04/antifragile-a-definition/\"})})})]}),/*#__PURE__*/e(\"figure\",{className:\"framer-table-wrapper\",children:/*#__PURE__*/e(\"table\",{children:/*#__PURE__*/t(\"tbody\",{children:[/*#__PURE__*/t(\"tr\",{children:[/*#__PURE__*/e(\"th\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})}),/*#__PURE__*/e(\"th\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})}),/*#__PURE__*/e(\"th\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})}),/*#__PURE__*/e(\"th\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})})]}),/*#__PURE__*/t(\"tr\",{children:[/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Case\"})})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"FRAGILE\"})})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"ROBUST\"})})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"ANTIFRAGILE\"})})})]}),/*#__PURE__*/t(\"tr\",{children:[/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Errors\"})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Hates mistakes\"})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Mistakes are just information\"})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Loves mistakes (since they are small)\"})})]}),/*#__PURE__*/t(\"tr\",{children:[/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Dichotomy event-exposure\"})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Studying events, measuring their risks, statistical properties of events\"})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Studying exposure to events, statistical properties of exposures\"})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Modifying exposure to events\"})})]})]})})}),/*#__PURE__*/e(\"p\",{children:\"How can we foster antifragility in our cybersecurity efforts? We will discuss two ways: first, by creating \u201Ctroubles\u201D and inject them into operations. Second, by experimenting, tinkering and exposing ourselves and systems to small risks.\"})]});export const richText3=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Netflix\u2019s Simian Army\"}),/*#__PURE__*/t(\"p\",{children:[\"The worst nightmare for a company like \",/*#__PURE__*/e(\"code\",{children:\"Netflix\"}),\" is downtime. In 2008, the company decided to migrate to a cloud infrastructure after facing a massive database incident. Complete migration took eight years (read \",/*#__PURE__*/e(o,{href:\"https://media.netflix.com/en/company-blog/completing-the-netflix-cloud-migration\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\" about it). In the process, back in 2010, the company launched \",/*#__PURE__*/e(\"code\",{children:\"Chaos Monkey\"}),\", a tool to cause their cloud servers to be offline by random. They cannot afford, for instance, outages of their \",/*#__PURE__*/e(\"code\",{children:\"IaaS\"}),\" provider.\"]}),/*#__PURE__*/e(\"h3\",{children:\"The Netflix Simian Army\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:\"\u201CBy running Chaos Monkey in the middle of a business day, in a carefully monitored environment with engineers standing by to address any problems, we can still learn the lessons about the weaknesses of our system, and build automatic recovery mechanisms to deal with them. So next time an instance fails at 3 am on a Sunday, we won\u2019t even notice.\u201D\"})}),/*#__PURE__*/e(\"p\",{children:\"By being exposed to these outages, Netflix assesses how proper the countermeasures are to keep services running. If they are not, they devise improvements to avoid these outages when they happen for real.\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:\"\u201CBy pseudo-randomly rebooting their own hosts, they could suss out any weaknesses and validate that their automated remediation worked correctly,\u201D\"})}),/*#__PURE__*/t(\"p\",{children:[\"wrote \",/*#__PURE__*/e(o,{href:\"https://www.gremlin.com/chaos-monkey/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Gremlin\"})}),\", a \",/*#__PURE__*/e(\"em\",{children:\"\u201Cchaos engineering\u201D\"}),\" company. \",/*#__PURE__*/e(\"code\",{children:\"Netflix\"}),\" didn\u2019t stop there. They build a \",/*#__PURE__*/e(\"code\",{children:\"Simian Army\"}),\": more tools to inject other \",/*#__PURE__*/e(\"em\",{children:\"\u201Ctroubles\u201D\"}),\" into their platform. One of these is \",/*#__PURE__*/e(\"code\",{children:\"Chaos Gorilla\"}),\" which simulates an outage of an entire availability zone.\"]}),/*#__PURE__*/t(\"p\",{children:[\"This mindset is in line with the cases shown in \",/*#__PURE__*/e(\"code\",{children:\"table 1\"}),\". \",/*#__PURE__*/e(\"code\",{children:\"Netflix\"}),\" was not waiting for mistakes to happen; they created them. Furthermore, those \",/*#__PURE__*/e(\"em\",{children:'\"mistakes\"'}),\" were diverse; they were creating different exposures to their platform. The journey has not been perfect, and some outages took place, especially at the early days of the migration (read about a Christmas outage \",/*#__PURE__*/e(o,{href:\"https://medium.com/netflix-techblog/a-closer-look-at-the-christmas-eve-outage-d7b409a529ee\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\"). However, Netflix has achieved a remarkable resiliency, even with underlying infrastructure failing (see \",/*#__PURE__*/e(o,{href:\"https://www.networkworld.com/article/3178076/why-netflix-didnt-sink-when-amazon-s3-went-down.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\" a report on Amazon S3 outage), making those earlier outages something tiny.\"]}),/*#__PURE__*/t(\"p\",{children:[\"I don\u2019t know about you, dear reader, but I\u2019ve never experienced a \",/*#__PURE__*/e(\"code\",{children:\"Netflix\"}),\" outage since July 2013, when I became a customer.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Experimentation, tinkering and small risks\"}),/*#__PURE__*/e(\"img\",{alt:\"Feynman\",className:\"framer-image\",height:\"400\",src:\"https://framerusercontent.com/images/YUQTMmM9HVrlnrZxjAXaCu53Y.png\",srcSet:\"https://framerusercontent.com/images/YUQTMmM9HVrlnrZxjAXaCu53Y.png?scale-down-to=512 512w,https://framerusercontent.com/images/YUQTMmM9HVrlnrZxjAXaCu53Y.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/YUQTMmM9HVrlnrZxjAXaCu53Y.png 1920w\",style:{aspectRatio:\"1920 / 800\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Richard Feynman.\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:\"\u201CThe test of all knowledge is experiment. Experiment is the sole judge of scientific \u2018truth\u2019.\u201D - Richard Feynman\"})}),/*#__PURE__*/e(\"p\",{children:\"In my work, I rely on behavioral insights most of the time to think about behavior change. Many people I have worked with believe Behavioral Science is the origin of proper experimentation, but they are wrong. It is precisely the opposite: good experimentation has been essential in creating what Behavioral Science is today. Likewise, good experimentation is a door-opener for novel ideas, different approaches in doing things regardless of discipline. Some people think innovations come from a bunch of new methodologies and frameworks (e.g., design thinking), but I would argue that innovations are created more from an exploration mindset and curiosity than anything else. The glue of these two elements is running experiments. By exploring and being curious, we discover how the world works; we start creating hypotheses. By doing experimentation, we test those hypotheses and continue to build knowledge upon empirical results.\"}),/*#__PURE__*/e(\"p\",{children:\"In a sense, becoming antifragile means that you would have to crave for some chaos. You would have to seek for variability, and you would have to embrace and face uncertainty. This would lead you to learn to live in harsh circumstances if they arrive. To become antifragile is to become a constant learner with diverse inputs. In this way, a company could be always a step further and be better prepared for the uncertain future. That\u2019s exactly what experiments are for: to learn what works and what doesn\u2019t.\"}),/*#__PURE__*/e(\"p\",{children:\"I acknowledge that the corporate world has reasons not to invest or support this mindset. One of these is the cost. Investing in experiments, with a no clear outcome isn\u2019t encouraging. However, in the words of Parrish, that\u2019s playing the short-term game, which is dangerous. Another reason is how to handle results from unsuccessful experiments. People in firms fear they would seem ridiculous in the face of unfavorable results. But, here\u2019s the thing: how much money companies are not capturing by not experimenting? It might be they are just following the herd. We should reframe our thinking into asking how much are we missing (or losing) by not experimenting, rather than keeping telling ourselves that an experiment is expensive.\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:\"\u201CYou have to be willing to look like an idiot in the short term to look like a genius in the long term\u201D - Shane Parrish \u2014Farnam Street blog\"})}),/*#__PURE__*/t(\"p\",{children:[\"John List and Uri Gneezy (both experimental economists), in their book The Why Axis, suggest that businesses that do not experiment are losing money. Furthermore, they claim that executives of these non-experiment-oriented corporations will become endangered species (\",/*#__PURE__*/e(\"code\",{children:\"p. 213\"}),\").\"]}),/*#__PURE__*/t(\"p\",{children:[\"An organization I admire is The Behavioral Insights Team (\",/*#__PURE__*/e(\"code\",{children:\"BIT\"}),\"). This company works designing and running experiments since 2010. Almost every project is a well-designed experiment. They aim to find cheaper and scalable solutions to improve efficiency and efficacy of services from governments and public institutions towards citizens. They combine novel approaches including behavioral science, adequate randomized control trials, and data analyses. From their work (and learning), they were able to launch \",/*#__PURE__*/e(\"code\",{children:\"BI Ventures\"}),\", their product development army. They have been looking for \",/*#__PURE__*/e(\"em\",{children:'\"mistakes\"'}),\" and experimenting with different \",/*#__PURE__*/e(\"em\",{children:\"\u201Cexposures\u201D\"}),\" to help governments stepping away from fragility. In their journey, \",/*#__PURE__*/e(\"code\",{children:\"BIT\"}),\" itself has become a great example of an antifragile company. See how \",/*#__PURE__*/e(\"code\",{children:\"BIT\"}),\" has been featured:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"The Economist (\",/*#__PURE__*/e(o,{href:\"https://www.economist.com/international/2017/05/18/policymakers-around-the-world-are-embracing-behavioural-science\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Policymakers around the world are embracing behavioral science)\"})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"The Guardian (\",/*#__PURE__*/e(o,{href:\"https://www.theguardian.com/public-leaders-network/2015/jul/23/rise-nudge-unit-politicians-human-behaviour\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"The rise of nudge \u2013 the unit helping politicians to fathom human behaviour; The \u2018nudge unit\u2019: the experts that became a prime UK export\"})}),\").\"]})})]}),/*#__PURE__*/e(\"h2\",{children:\"Becoming antifragile: Fluid Attacks can help\"}),/*#__PURE__*/t(\"p\",{children:['Want to start becoming antifragile in your cybersecurity efforts? We can help. Check out our service. We inject a mix of \"troubles\" into your applications and IT infrastructure through our ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/continuous-hacking\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Continuous Hacking\"})}),\". Think of it as a constant source of stressors.\"]}),/*#__PURE__*/t(\"p\",{children:[\"We are able to create some monkeys and even gorillas to shake your IT assets, making \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-red-teaming/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"offensive testing\"})}),\" your best line of protection. That way, you can learn how to better prepare for potential incidents and outthink attackers! And don\u2019t worry: we do it in a controlled way.\"]}),/*#__PURE__*/e(\"p\",{children:\"We also invite you to take a look at our platform, a tool to keep track of weaknesses. Think of it as a platform that helps you to learn how to become antifragile in cybersecurity.\"})]});export const richText4=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"code\",{children:\"Amazon Web Services\"}),\" (\",/*#__PURE__*/e(o,{href:\"https://aws.amazon.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"AWS\"})}),\") is one of the biggest cloud services used by thousands of companies around the world, and with a centralized and strong security, it is one of the best on the market. Services like \",/*#__PURE__*/e(o,{href:\"https://www.terraform.io/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Terraform\"})}),\" or \",/*#__PURE__*/e(\"code\",{children:\"AWS\"}),\" \",/*#__PURE__*/e(o,{href:\"https://aws.amazon.com/cloudformation/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"CloudFormation\"})}),\" allow us to write our infrastructure definitions as code in an easy and maintainable way, being capable of storing it on a repository, deploying it using \",/*#__PURE__*/e(\"code\",{children:\"Continuous Integration\"}),\" (\",/*#__PURE__*/e(\"code\",{children:\"CI\"}),\") and changing the infrastructure on the fly with minimal to no availability issues. Securing this new way of infrastructure is a must. As a pentester, I have seen many vulnerabilities in how the code is written, stored and deployed, which are also mistakes that we should avoid in order to present the most robust infrastructure. Here we are going to discuss some of the most critical and recurrent holes in an \",/*#__PURE__*/e(\"code\",{children:\"AWS\"}),\" Infrastructure as Code (\",/*#__PURE__*/e(\"code\",{children:\"IaC\"}),\").\"]}),/*#__PURE__*/t(\"p\",{children:[\"Let\u2019s talk about credentials. \",/*#__PURE__*/e(\"code\",{children:\"AWS\"}),\" provides a powerful way of storing and managing credentials named \",/*#__PURE__*/e(\"code\",{children:\"Identity and Access Management\"}),\" (\",/*#__PURE__*/e(o,{href:\"https://aws.amazon.com/iam/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"IAM\"})}),\"). Here we can create users and assign roles, permissions and secret keys, one of the most important things when we talk about \",/*#__PURE__*/e(\"code\",{children:\"IaC\"}),\". These are a set of key pairs consisting of an \",/*#__PURE__*/e(\"code\",{children:\"AccesKey\"}),\" and a \",/*#__PURE__*/e(\"code\",{children:\"SecretKey\"}),\" that allow us to connect to the service using the \",/*#__PURE__*/e(\"code\",{children:\"AWScli\"}),\", the provider of \",/*#__PURE__*/e(\"code\",{children:\"IaC cli\"}),\" or our own \",/*#__PURE__*/e(\"code\",{children:\"CI\"}),\" pipelines.\"]}),/*#__PURE__*/t(\"p\",{children:[\"We all know that we should protect our credentials; this is the first thing that appears when we talk about confidentiality but, are you truly protecting your credentials on your \",/*#__PURE__*/e(\"code\",{children:\"IaC\"}),\" environment? The answer is no. The most common faults that we find when we test \",/*#__PURE__*/e(\"code\",{children:\"IaC\"}),\" deployments are clear text secrets and hard-coded credentials. Even though your code is \u201Csecure\u201D in a password protected repository, there is no need to store \",/*#__PURE__*/e(\"code\",{children:\"AWS\"}),\" keys on it; anyone with access to the code can view and consume your keys, causing loss of confidentiality, integrity and availability of the data and services that you want to protect. Even if you encrypt your keys, you must not store them in your code. I have seen keys with a \",/*#__PURE__*/e(\"code\",{children:\"base64\"}),\" encoding that anyone can view anyway, keys encrypted with old algorithms that a pentester can bruteforce and keys encrypted with a secure algorithm (like \",/*#__PURE__*/e(\"code\",{children:\"AES\"}),\") with the decryption key hard-coded in clear text or encoded with \",/*#__PURE__*/e(\"code\",{children:\"base64\"}),\". So, what is the solution to this problem? Use environment variables.\"]}),/*#__PURE__*/t(\"p\",{children:[\"An environment variable is an easy and secure way of storing your credentials. You can control who has access to these keys and change them without touching your code, but you need to be sure to delete them from your repository history or change them when you migrate to environment variables (We can find them with tools like \",/*#__PURE__*/e(o,{href:\"https://github.com/dxa4481/truffleHog\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Trufflehog\"})}),\"). Services like \",/*#__PURE__*/e(o,{href:\"https://about.gitlab.com/product/continuous-integration/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Gitlab CI\"})}),\" have this method, or you can use a service for credential storage like \",/*#__PURE__*/e(o,{href:\"https://aws.amazon.com/secrets-manager/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"AWS Secrets Manager\"})}),\" or \",/*#__PURE__*/e(o,{href:\"https://www.vaultproject.io/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Hashicorp Vault\"})}),\" to securely store your keys and passwords, access them whenever you need and have a clear principle of roles and least privilege, so important when you want to maintain confidentiality. And, talking about roles, are you setting them correctly? Again, nope.\"]}),/*#__PURE__*/t(\"p\",{children:[\"As I said, \",/*#__PURE__*/e(\"code\",{children:\"AWS\"}),\" has a module named \",/*#__PURE__*/e(\"code\",{children:\"IAM\"}),\" where we can set users, roles and access keys to the \",/*#__PURE__*/e(\"code\",{children:\"AWS\"}),\" environments. Most of the times I have compromised \",/*#__PURE__*/e(\"code\",{children:\"AWS\"}),\" keys, they were configured with excessive permissions. Keys that should only have access to the \",/*#__PURE__*/e(\"code\",{children:\"Amazon Simple Storage Service\"}),\" (\",/*#__PURE__*/e(o,{href:\"https://aws.amazon.com/s3/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Amazon S3\"})}),\") also have access to the \",/*#__PURE__*/e(\"code\",{children:\"AWS Secrets Manager\"}),\", \",/*#__PURE__*/e(\"code\",{children:\"Amazon Elastic Compute Cloud\"}),\" (\",/*#__PURE__*/e(o,{href:\"https://aws.amazon.com/ec2/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"EC2\"})}),\") and so on.\"]}),/*#__PURE__*/t(\"p\",{children:[\"An attacker (\",/*#__PURE__*/e(\"code\",{children:\"80%\"}),\" of the time an employee) that obtains credentials as we saw on the last point could access almost all of the organization cloud infrastructure, extracting more secrets, reading and/or modifying \",/*#__PURE__*/e(\"code\",{children:\"S3\"}),\" web pages and files, shutting down servers, among others. Having the principle of least privilege on your cloud is a must, you need to set users only for the tasks that this user is meant to do, and configuring its roles and policies correctly.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Finally, the third and one of the most underestimated vulnerability that I have encountered is logical access. This means access to a server through an \",/*#__PURE__*/e(\"code\",{children:\"SSH\"}),\" port, access to an \",/*#__PURE__*/e(\"code\",{children:\"Amazon Relational Database Service\"}),\" (\",/*#__PURE__*/e(o,{href:\"https://aws.amazon.com/rds/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"RDS\"})}),\") through the port \",/*#__PURE__*/e(\"code\",{children:\"3306\"}),\" or \",/*#__PURE__*/e(\"code\",{children:\"1433\"}),\", or having the administration server open to the world using port \",/*#__PURE__*/e(\"code\",{children:\"443\"}),\". An open port is a window to your infrastructure increasing the attack surface that we as pentesters can exploit, so why open it to the world? Most of the time \",/*#__PURE__*/e(\"code\",{children:\"IaC\"}),\" developers set the network access to the services using a \",/*#__PURE__*/e(\"code\",{children:\"0.0.0.0\"}),\" wildcard because \u201Call\u201D of the services should have access, but if an attacker has access to a set of credentials for the database, \",/*#__PURE__*/e(\"code\",{children:\"SSH\"}),\" or administration service either by brute-forcing it or reading it in clear text (we talked about this a lot), he can wreak havoc in your systems.\"]}),/*#__PURE__*/t(\"p\",{children:[\"You need to set the network permissions using the principle of least privilege too. Only the core servers should have access to the database, only the administration network segment should have access to the administration services and so on. This can be done by writing restrictive network rules in your code, setting them to the specific \",/*#__PURE__*/e(\"code\",{children:\"IPs\"}),\" that need to have access to your services, and using environment variables in order to prevent in-office attacks when an employee changes this settings in the code.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In conclusion, the cloud is dominating the world and \",/*#__PURE__*/e(\"code\",{children:\"IaC\"}),\" is at the moment the best way of having your organization core accessible and maintainable, but it comes with certain risks. You should protect your credentials at all costs, using environmental variables or vault services that securely store your keys. Also, have a good policy of least privilege for your users and roles when accessing your cloud services as well as for the network access of your servers and databases. With this measures you can build the most robust, scalable and maintainable infrastructure for your company and you can ensure that it is safe against these attacks.\"]})]});export const richText5=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Thus far, the situations we have modeled have been either over-simplifications or fabrications in order to illustrate a concept. This article will try to improve on that a bit by considering more variables and closer to reality, too. We will do so by presenting the subject matter needed to understand and review the article \",/*#__PURE__*/e(\"em\",{children:\"An Adversarial Risk Analysis Framework for Cybersecurity\"}),\" by Insua et al (2019), still in preprint form.\"]}),/*#__PURE__*/t(\"p\",{children:[\"They say a picture is worth a thousand words, and that applies to risk analysis as well. Besides the obvious examples of mathematical plots, diagrams can be great aids in understanding and modeling a situation whose outcome is unknown. Remember \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/updating-belief/#mathematical-interlude\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"tree diagrams\"})}),\"? They are a good tool to help understand a situation in which there are several choices and one depends on the other. In reality, they are a simplified version of \",/*#__PURE__*/e(o,{href:\"https://www.probabilisticworld.com/bayesian-belief-networks-part-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Bayesian Networks\"})}),\". In both, the number joining two random events gives the probability of the end node happening, if we already know the origin node happened.\"]}),/*#__PURE__*/t(\"p\",{children:[\"But not all random situations in life are entirely random. Some are decisions which should be taken strategically, taking into account all the information at hand. In the 1970s, decision theorists extended such diagrams to involve such rational decisions and their consequences in terms of rewards or penalties (\",/*#__PURE__*/e(\"em\",{children:\"utilities\"}),\"), which rational agents are supposed to maximize.\"]}),/*#__PURE__*/e(\"img\",{alt:\"diagram\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/Reg0EcgYG7hbD4R3GNglH8245Og.png\",srcSet:\"https://framerusercontent.com/images/Reg0EcgYG7hbD4R3GNglH8245Og.png?scale-down-to=512 512w,https://framerusercontent.com/images/Reg0EcgYG7hbD4R3GNglH8245Og.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Reg0EcgYG7hbD4R3GNglH8245Og.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Diagram.\"}),/*#__PURE__*/t(\"p\",{children:[\"In this \",/*#__PURE__*/e(\"em\",{children:\"influence diagram\"}),\", solid arrows indicate that the node at the tip depends probabilistically on the node at the tail. As illustrated by each node label:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"rectangles are for decisions to be made by rational agents, sometimes based on information which can depend on the occurrence of a random event or another choice;\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"ellipses are for random events, typically costs associated with a particular risk\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"double ellipses for deterministic situations (usually a mathematical function of the random events, typically used for costs that depend on them),\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"and hexagons represent the utility, reward or penalty associated with such an outcome.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Influence diagrams can be a lot more complicated, but for now that will suffice. Notice how decisions are at the first level. Depending on those decisions, some random events (typically costs associated with a particular risk) will happen or not, that\u2019s another level. From the outcomes of those random events, a deterministic function (usually the total of the costs) is computed and from that, a utility is computed. Also, influence diagrams can involve more than one decision-making agent, which can be distinguished using colors.\"}),/*#__PURE__*/e(\"p\",{children:\"With that in mind, the following model for cybersecurity attacks can be easily understood:\"}),/*#__PURE__*/e(\"img\",{alt:\"Influence diagram for cybersecurity\",className:\"framer-image\",height:\"561\",src:\"https://framerusercontent.com/images/31IYekXG80YMwfbxPURXklO5GfA.png\",srcSet:\"https://framerusercontent.com/images/31IYekXG80YMwfbxPURXklO5GfA.png?scale-down-to=512 512w,https://framerusercontent.com/images/31IYekXG80YMwfbxPURXklO5GfA.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/31IYekXG80YMwfbxPURXklO5GfA.png 1920w\",style:{aspectRatio:\"1920 / 1122\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Influence diagram for a cybersecurity situation.\"}),/*#__PURE__*/e(\"p\",{children:\"It looks a bit busy, but bear with us. Keep in mind the layer arrangement described above, ignore all the mathematical notation and focus only on the shapes and labels. There are two players involved: the defender and attacker. The attacker has to decide whether or not to launch an attack (row 1), depending on the information they gain about the defender\u2019s decision to implement security controls. The defender might choose to acquire insurance for their cyber assets. Each party has a utility node (last row), each of which depends on the deterministic nodes (row 4) which sum up the results of random impacts (row 3), which depend on random events (row 2). That is, in a nutshell, an influence diagram for cyber warfare.\"}),/*#__PURE__*/e(\"h2\",{children:\"Mathematical interlude: expectation\"}),/*#__PURE__*/t(\"p\",{children:[\"Another important concept to understand this model is that of \",/*#__PURE__*/e(\"em\",{children:\"expected value\"}),\". As it name implies, it is the \",/*#__PURE__*/e(\"em\",{children:\"value\"}),\" that can be reasonably \",/*#__PURE__*/e(\"em\",{children:\"expected\"}),\" for a random variable, taking into account the probability of each value, i.e., its distribution. However the mathematical formula to compute it doesn\u2019t look too user friendly, so it deserves some explanation.\"]}),/*#__PURE__*/e(\"p\",{children:\"The expected value is not unlike an average taken from a sample. Say you want the average age of people in a room:\"}),/*#__PURE__*/e(\"img\",{alt:\"Average 1\",className:\"framer-image\",height:\"114\",src:\"https://framerusercontent.com/images/0gcAnNgZQjycTqOWgknn4nALdtE.png\",srcSet:\"https://framerusercontent.com/images/0gcAnNgZQjycTqOWgknn4nALdtE.png?scale-down-to=512 512w,https://framerusercontent.com/images/0gcAnNgZQjycTqOWgknn4nALdtE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/0gcAnNgZQjycTqOWgknn4nALdtE.png 1920w\",style:{aspectRatio:\"1920 / 228\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Average 1.\"}),/*#__PURE__*/t(\"p\",{children:[\"So, if you had to guess a person\u2019s age, it would make sense to go for 22 o 23. But adding like that would be too much work for large samples. Why not group them instead, count how many are each age, and \",/*#__PURE__*/e(\"em\",{children:\"weight\"}),\" each value with that count?\"]}),/*#__PURE__*/e(\"img\",{alt:\"Average 2\",className:\"framer-image\",height:\"109\",src:\"https://framerusercontent.com/images/10KOVwa5ksw1Ah7WaLRpU9VDs.png\",srcSet:\"https://framerusercontent.com/images/10KOVwa5ksw1Ah7WaLRpU9VDs.png?scale-down-to=512 512w,https://framerusercontent.com/images/10KOVwa5ksw1Ah7WaLRpU9VDs.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/10KOVwa5ksw1Ah7WaLRpU9VDs.png 1916w\",style:{aspectRatio:\"1916 / 218\"},width:\"958\"}),/*#__PURE__*/e(\"h6\",{children:\"Average 2.\"}),/*#__PURE__*/e(\"p\",{children:\"This can be interpreted in terms of probabilities. If we break up that fraction, we can rewrite that sum as\"}),/*#__PURE__*/e(\"img\",{alt:\"Average 3\",className:\"framer-image\",height:\"109\",src:\"https://framerusercontent.com/images/0W2ExQmLjC0F6V7D40UEGzPTPM.png\",srcSet:\"https://framerusercontent.com/images/0W2ExQmLjC0F6V7D40UEGzPTPM.png?scale-down-to=512 512w,https://framerusercontent.com/images/0W2ExQmLjC0F6V7D40UEGzPTPM.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/0W2ExQmLjC0F6V7D40UEGzPTPM.png 1920w\",style:{aspectRatio:\"1920 / 219\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Average 3.\"}),/*#__PURE__*/e(\"p\",{children:\"Which is nothing more than the sum of each value times its probability. This is just the definition of expected value for a discrete probability distribution:\"}),/*#__PURE__*/e(\"img\",{alt:\"Expected value discrete\",className:\"framer-image\",height:\"80\",src:\"https://framerusercontent.com/images/QhnxoAkXklH6aMjkszsjpwCVRI.png\",srcSet:\"https://framerusercontent.com/images/QhnxoAkXklH6aMjkszsjpwCVRI.png?scale-down-to=512 512w,https://framerusercontent.com/images/QhnxoAkXklH6aMjkszsjpwCVRI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/QhnxoAkXklH6aMjkszsjpwCVRI.png 1920w\",style:{aspectRatio:\"1920 / 160\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Expected Value Discrete.\"}),/*#__PURE__*/t(\"p\",{children:[\"where \",/*#__PURE__*/e(\"em\",{children:\"v\"}),\" is each value, \",/*#__PURE__*/e(\"em\",{children:\"p(v)\"}),\" is its probability, and the sums runs over all possible values. For continuous distributions, the sum over all values is upgraded to a integral over all values:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Expected value continuous\",className:\"framer-image\",height:\"90\",src:\"https://framerusercontent.com/images/5Ai1QL24IAW93TqsHSPJouwDo.png\",srcSet:\"https://framerusercontent.com/images/5Ai1QL24IAW93TqsHSPJouwDo.png?scale-down-to=512 512w,https://framerusercontent.com/images/5Ai1QL24IAW93TqsHSPJouwDo.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/5Ai1QL24IAW93TqsHSPJouwDo.png 1920w\",style:{aspectRatio:\"1920 / 180\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Expected Value Continuous Distribution.\"}),/*#__PURE__*/e(\"h2\",{children:\"Back to the model\"}),/*#__PURE__*/t(\"p\",{children:[\"We would like to compute and maximize the expected value for the utility, but that value depends probabilistically on others. Recalling our discussion about \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/updating-belief/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"conditional probability\"})}),\", you know that the probability of two events happening together can be computed with the probability of one of them, and the probability of one given the other. If we have a chain of events, each depending on the last, that rule would imply a succession of multiplied conditional probabilities:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Expected utility\",className:\"framer-image\",height:\"74\",src:\"https://framerusercontent.com/images/NjEQLV8qa8lftQ6HGVjRlMcAE.png\",srcSet:\"https://framerusercontent.com/images/NjEQLV8qa8lftQ6HGVjRlMcAE.png?scale-down-to=512 512w,https://framerusercontent.com/images/NjEQLV8qa8lftQ6HGVjRlMcAE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/NjEQLV8qa8lftQ6HGVjRlMcAE.png 1920w\",style:{aspectRatio:\"1920 / 149\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Expected Utility.\"}),/*#__PURE__*/t(\"p\",{children:[\"I know this looks like crazy math, but focus on the product of conditional probabilities. All that is just the probability of having the utility \",/*#__PURE__*/e(\"em\",{children:\"u\"}),\" corresponding to the parameters \",/*#__PURE__*/e(\"em\",{children:\"cn\"}),\", \",/*#__PURE__*/e(\"em\",{children:\"ct\"}),\", \",/*#__PURE__*/e(\"em\",{children:\"cc\"}),\", etc. According to the above discussion of expected value, we just multiply the value by its probability and integrate.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Now that we have an estimate of expected utility, we need only simulate and throw some optimization algorithms to obtain the maximum values and which parameters (the decisions, the configuration, etc) that give us that maximum value. In the above model, where what needs to be decided is whether to acquire insurance and security controls, for the defender, and the attacker needs to decide whether to launch an attack, the results of running such simulations and optimizations are that the defender should get the best-in-class, 1 \",/*#__PURE__*/e(\"code\",{children:\"terabyte\"}),\" per second, cloud-based \",/*#__PURE__*/e(\"code\",{children:\"DDos\"}),\" protection, implement a firewall and anti-fire system, and subscribe to comprehensive cyberattack insurance. Not too surprising.\"]}),/*#__PURE__*/e(\"p\",{children:'Having understood both concepts above, plus the optimization algorithms we will not go into, because they would take us too far away from the main topic, all of which are standard mathematical topics, the article can be understood. In the original, however, we are walked through every addition to the model step by step, beginning from a simple model where utility depends from a single random node, adding one piece at a time. This might be good from a pedagogical point of view, but we feel it would be more valuable to explain the conventions for influence diagrams as we did above. Also they first build a few reusable abstract model. There is nothing special about \"fire\" above. It is a risk just like an earthquake or robbery. Only the probability distribution and the impact values would change. Likewise \"virus\" and \"DDos\" could mean any kind of untargeted and targeted cybersecurity risk, respectively.'}),/*#__PURE__*/t(\"p\",{children:['After having presented the general model, the authors go to great lengths to explain every detail of the use case model (the above diagram), including definitions of what each term (such as \"DDos\" or \"confidentiality\") mean. At the very end end they rush through the results, discussion and conclusions. So, in terms of reviewing the paper, we feel that it is overly long in the obvious, and lacking in the difficult to grasp or most valuable. Personally, I feel this is not research proper, but merely a novel application of well-established topics to a particular game theoretic situation which might apply to cybersecurity as it could to any other ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-red-teaming/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"attack-defense scenario\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"Reference\"}),/*#__PURE__*/e(\"ul\",{children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"D. Rios, A. Couce, J. Rubio, W. Pieters, K. Labunets, D. Garcia (2019). \",/*#__PURE__*/e(\"em\",{children:\"An Adversarial Risk Analysis Framework for Cybersecurity\"}),\". \",/*#__PURE__*/e(o,{href:\"https://arxiv.org/abs/1903.07727\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"arXiv preprint\"})})]})})})]});export const richText6=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Why the f*ck did you click on this post?\"}),/*#__PURE__*/e(\"p\",{children:\"Chances are, you were attracted to the title, paradoxically suggesting not to do something. But, here you are. We are glad you did not follow that direction, but we deliberately crafted that title to attract your attention, to guide your behavior. We behave in ways plenty of times motivated by surprising factors. That single click you made a few seconds ago is an example.\"}),/*#__PURE__*/e(\"p\",{children:'As a company, we have wondered for years how we can harness what science already knows about human motivation in what we aim to provide to our customers, not only from the attackers\\' perspective but also from the \"good guys\" shoes. We know that information security is more than just focusing on software and IT infrastructure: it is about how we behave.'}),/*#__PURE__*/t(\"p\",{children:[\"What we know as \",/*#__PURE__*/e(\"strong\",{children:\"social engineering\"}),\" is essentially the science of persuasion put into practice, with presumably dark intentions. A bunch of globally renowned organizations has succumbed to these types of attacks, especially by \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"phishing\"})}),\" and impersonation, with significant financial and reputational losses. According to \",/*#__PURE__*/e(o,{href:\"https://www.phishingbox.com/assets/files/Page_Editor_Files/rp_DBIR_2016_Report_en_xg.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Verizon\"})}),\", which periodically publishes the Data Breach Investigation Report (DBIR), in 2015, \",/*#__PURE__*/e(\"strong\",{children:\"95 out of 100\"}),\" of advanced and targeted attacks involved spear-phishing scams through emails with malicious attachments. Many people still make a decision an attacker wants to be made triggered by a well-crafted email that arrives at their inbox. A behavior (persuasion) guiding another behavior (download an infected file). Although important, we acknowledge that social engineering became boring for many people in our field (but we wonder why), so, in this post, we want to shift to other behaviors, other types of risks.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Problematic behaviors cataloged as human errors are interesting enough because they seem irrational. They are those actions or omissions that could have a great deal of impact within companies. Ongoing research conducted by \",/*#__PURE__*/e(o,{href:\"http://www.ideas42.org/blog/project/human-behavior-cybersecurity/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Ideas42\"})}),\", a US non-profit, social-purpose organization, has found (by speaking to cybersecurity experts) that \",/*#__PURE__*/e(\"strong\",{children:\"70-80%\"}),\" of the costs attributed to cybersecurity attacks are rooted in human error. We can think of those times when we choose \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-credential-stuffing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"insanely weak\"})})}),\" \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/requiem-password/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"passwords\"})}),\", of computer sessions we unnecessarily leave open waiting for someone to dive in, of doing nothing about timely found security vulnerabilities, of providing sensitive information to some party without much thought, etc. Some of these are out of Fluid Attacks' scope nowadays. Some others are our very reason to exist; let's talk about these.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Let\u2019s take secure coding. How many developers indeed engage in secure coding? Ideas42 has found a \",/*#__PURE__*/e(o,{href:\"https://www.eweek.com/security/app-security-worries-cisos-but-most-fail-to-adopt-secure-development\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"figure\"})}),\" worth taking a look at. Nearly \",/*#__PURE__*/e(\"strong\",{children:\"14.000 CISOs\"}),\" and other security professionals were surveyed by ISC2. \",/*#__PURE__*/e(\"strong\",{children:\"72%\"}),' of them indicated that \"application vulnerabilities were a top concern\". Still, only ',/*#__PURE__*/e(\"strong\",{children:\"24%\"}),\" of security practitioners say their companies always \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/products/secure-code-review\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"scan for bugs during the code development process\"})}),\", and another \",/*#__PURE__*/e(\"strong\",{children:\"46%\"}),\" sometimes look for bugs during development. This could be seen by a psychologist as a clear example of the intention-action gap. (Another example: The majority of us agree that saving for the future is very important; yet, just a few of us are saving enough for retirement.)\"]}),/*#__PURE__*/t(\"p\",{children:[\"Ideas42 has identified \",/*#__PURE__*/e(o,{href:\"http://www.ideas42.org/wp-content/uploads/2016/08/Deep-Thought-A-Cybersecurity-Story.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"secure coding\"})}),\" as one behavioral challenge that might be a potential lever to make cybersecurity more robust. They provide behavioral insights to take into account and tactics (design concepts) to reduce barriers to secure coding. A summary is here:\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Table 1. Developers behaviors\"})}),/*#__PURE__*/e(\"figure\",{className:\"framer-table-wrapper\",children:/*#__PURE__*/e(\"table\",{children:/*#__PURE__*/t(\"tbody\",{children:[/*#__PURE__*/t(\"tr\",{children:[/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Behavioral Insights \u2014how do developers behave\"})})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})})]}),/*#__PURE__*/t(\"tr\",{children:[/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Tunneling:\"}),\" Developers prioritize functional deliverables at the expense of security.\"]})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"Developers do their job using heuristics that overlook security concerns.\"})})]}),/*#__PURE__*/t(\"tr\",{children:[/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:\"The explanation comes from the psychology of scarcity. People tend to focus on what is most pressing under scarcity (money, time, social connections, etc.). In the case of software developers, functionality trumps security aspects most of the time (and this is not necessarily undesirable).\"})}),/*#__PURE__*/e(\"td\",{children:/*#__PURE__*/e(\"p\",{children:'Heuristics are mental shortcuts from a behavioral perspective. This has an evolutionary explanation: Our brains, most of the time, look for the path of least resistance to save energy. Developers use heuristics because coding is effortful, and they learn \"tricks\" to code easily for functionality and/or performance. What is the likely trade-off? Security. But heuristics can also be used in security, as we will see next.'})})]})]})})}),/*#__PURE__*/t(\"p\",{children:[\"Some of the \",/*#__PURE__*/e(\"em\",{children:\"design concepts\"}),\" Ideas42 suggests to make cybersecurity more robust referring to the safe coding behaviors are almost exactly what we at Fluid Attacks want to provide to our customers:\"]}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Provide/create more bandwidth:\"}),\" By \",/*#__PURE__*/e(\"em\",{children:\"bandwidth\"}),\", behavioral scientists refer to cognitive capacity. Off-loading cognitive attention on secure coding from developers is a way to provide more robustness to security, by allocating full attention to safe coding. Do you know our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/continuous-hacking\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Continuous Hacking\"})}),\"? We are bandwidth for you! We make it easier for your development team to focus first on functionality and performance without forgetting about security. Additionally, we provide bandwidth to IT security administrators and project managers through our \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"platform\"})}),\". You don't have to invest important cognitive resources to deal with weakness tracking, remediation and reporting.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Provide tools to augment heuristics:\"}),\" Developers can also rely on heuristics for secure coding. Have you visited our \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/criteria/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Criteria\"})})}),\"? It is completely \",/*#__PURE__*/e(\"strong\",{children:\"free\"}),\"! Your company can leverage what we have built over the years, making infusing security on your code and IT infrastructure a lot easier.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Bring costs into the present:\"}),\" In a nutshell, we tend to be present-biased (weighing more value on immediate rewards compared to future rewards, even when the latter are objectively bigger) and loss-averse (we prefer to avoid losses than seeking gains). Developers may value delivering functionality quickly more than delivering, additionally, secure coding at low cost (time-effort), even when the potential loss in the future (by not considering safe coding) is enormous. You could consider what Ideas42 suggests: put incentives upfront, for example, performance-based pay. We acknowledge this is not easy, but it is worth considering and analyze how feasible it is.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"These clever people at Ideas42 also came up with another ten behavioral challenges related to cybersecurity. We invite you to take a look at the report they published a couple of months ago.\"}),/*#__PURE__*/e(\"p\",{children:\"We hope you have enjoyed a not-so-well-known perspective on information security (behavior), and we look forward to discussing more of this. One of our former employees, now a behavioral strategist, recently shared with us some ideas and perspectives that led to this post. We were impressed by how behavioral science is spreading fast, as he told us, and we also came across this study from Ideas42 in which we find common grounds in what we already do that influences behavior for the benefit of our customers.\"}),/*#__PURE__*/e(\"p\",{children:\"We will try to bring more of these behavior-related topics in future posts, and we want to hear from you!\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"What human errors do you think are the most relevant to address in the workplace (i.e., more dangerous or pervasive)?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"How could a company nudge users or even IT guys to do what they should do?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Are you a software developer? Tell us about how you infuse security while coding! Do you have a strategy for that? Do you have a peer that takes care of it? Do you rely on us for this? (We hope you do!)\"})})]})]});export const richText7=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"Now that we have an understanding of \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantifying-risk/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"risk concepts\"})}),\" such as the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"loss exceedance curve\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/para-bellum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"value-at-risk\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/updating-belief/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Bayes Rule\"})}),\", and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/hit-miss/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"fitting distributions\"})}),\", we would like to have a reliable, extensible and preferably open tool to perform these computations. In the background, we have used a spreadsheet, which is hard to extend. We have used \",/*#__PURE__*/e(o,{href:\"https://gnu.org/software/octave/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"GNU Octave\"})}),\", which is good, but not a proper programming language. Our favorite language at Fluid Attacks, \",/*#__PURE__*/e(\"code\",{children:\"Python\"}),\", has modules for \",/*#__PURE__*/e(o,{href:\"https://docs.python.org/3/library/statistics.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"statistics\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://www.scipy.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"scientific computation\"})}),\" and even \",/*#__PURE__*/e(o,{href:\"https://pypi.org/project/finance/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"finance\"})}),\" itself. Let\u2019s take it for a spin around this risky neighborhood.\"]})});export const richText8=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"code\",{children:\"Python\"}),\" has a whole ecosystem for numerical computing (v.g. \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://www.numpy.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Numpy\"})})}),\") and data analysis (\",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"http://pandas.pydata.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Pandas\"})})}),\") and is well on its way to becoming a standard in \",/*#__PURE__*/e(o,{href:\"https://www.linuxjournal.com/content/jupyter-future-open-science\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Open Science\"})}),\". Being a free and open source tool, there are also many derived projects which make life easier when coding, such as the \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://jupyter.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Jupyter\"})})}),/*#__PURE__*/e(o,{href:\"https://jupyter.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\" Notebook\"})}),\", which allows us to selectively run code snippets, much like in commercial packages such as \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://mathworks.com/products/matlab\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Matlab\"})})}),\" and \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"http://www.wolfram.com/mathematica/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Mathematica\"})})}),\". This enables and encourages, at least, initial exploration, although it might not be the best fit for developing more involved code.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Let us see how we can automate the generation of a loss exceedance curve (\",/*#__PURE__*/e(\"code\",{children:\"LEC\"}),\") via Monte Carlo simulation. Here we will closely follow our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"article on the subject\"})}),\", so as not to duplicate information. In that article, we wanted to find a distribution for losses based on expert estimations of occurrence likelihood and confidence intervals for the impact:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Table with inputs\",className:\"framer-image\",height:\"481\",src:\"https://framerusercontent.com/images/NmPHypsYUn2s7cm7FttbNBTF4.png\",srcSet:\"https://framerusercontent.com/images/NmPHypsYUn2s7cm7FttbNBTF4.png?scale-down-to=512 512w,https://framerusercontent.com/images/NmPHypsYUn2s7cm7FttbNBTF4.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/NmPHypsYUn2s7cm7FttbNBTF4.png 1920w\",style:{aspectRatio:\"1920 / 962\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Table with input data.\"}),/*#__PURE__*/t(\"p\",{children:[\"So we need to read those values in our script. Since this is tabular information of the kind that would be useful to view, say, in a spreadsheet, it will be convenient to read this into a \",/*#__PURE__*/e(\"code\",{children:\"Pandas\"}),\" dataframe:\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Importing pandas and reading data.\"})}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"import pandas as pd\\nevents_basic = pd.read_csv('events.csv')\\nevents_basic.head()\",language:\"Python\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Imported data\",className:\"framer-image\",height:\"236\",src:\"https://framerusercontent.com/images/ChPQSSGfrx3Dqmhregwy0re2w.png\",srcSet:\"https://framerusercontent.com/images/ChPQSSGfrx3Dqmhregwy0re2w.png?scale-down-to=512 512w,https://framerusercontent.com/images/ChPQSSGfrx3Dqmhregwy0re2w.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/ChPQSSGfrx3Dqmhregwy0re2w.png 1920w\",style:{aspectRatio:\"1920 / 472\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Data as imported into Jupyter like in our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/#input-data\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Monte Carlo article\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"We declare an event happens if a number taken at random is beyond a certain threshold, given by the second column in the table above:\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"def event_happens(occurrence_probability):\\n return np.random.rand() < occurrence_probability\",language:\"Python\"})})}),/*#__PURE__*/e(\"p\",{children:\"If and when the event happens, we next need to know the extent of the loss due to this single event. Recall that we modeled this with a lognormal variable, whose parameters we got from the estimated confidence interval:\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"def lognormal_event_result(lower, upper):\\n mean = (np.log(upper) + np.log(lower))/2.0\\n stdv = (np.log(upper) - np.log(lower))/3.29\\n return np.random.lognormal(mean, stdv)\",language:\"Python\"})})}),/*#__PURE__*/e(\"p\",{children:\"All of the events in the above table can happen in a single year, so to simulate a scenario, we need to find out, for each of them, if they happen, and how much money they will cost us. Finally, we add all the losses and return that single number as a summary of the losses in a simulated year:\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"def simulate_scenario(events):\\n total_loss = 0\\n for _, event in events.iterrows():\\n if event_happens(event['Probability']):\\n total_loss += lognormal_event_result(event['Lower'],event['Upper'])\\n return total_loss\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Now, the crucial step in Monte-Carlo simulation is to simulate many scenarios and record those results. Let us write a function that does just this, returning the results in a basic \",/*#__PURE__*/e(\"code\",{children:\"Python\"}),\" list, which we could later turn, if we so wished, into a \",/*#__PURE__*/e(\"code\",{children:\"Pandas\"}),\" or \",/*#__PURE__*/e(\"code\",{children:\"Numpy\"}),\"-native structure for statistical analysis. The function takes as input the number of times we want to simulate scenarios:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"def monte_carlo(events, rounds):\\n list_losses = []\\n for i in range(rounds):\\n loss_result = simulate_scenario(events)\\n list_losses.append(loss_result)\\n return list_losses\",language:\"Python\"})})}),/*#__PURE__*/e(\"h2\",{children:\"Going graphic\"}),/*#__PURE__*/t(\"p\",{children:[\"Just to get a feeling for the results, let us run a thousand scenarios and plot them, that is, the result of each simulated year, in the order in which they were obtained. As foretold, we could convert the results into a \",/*#__PURE__*/e(\"code\",{children:\"Pandas\"}),\" \",/*#__PURE__*/e(\"code\",{children:\"DataSeries\"}),\", if anything, to illustrate how they work. We also need to import \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://matplotlib.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Matplotlib\"})})}),\" for visualization:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"import matplotlib.pyplot as plt\\nresults = monte_carlo(events_basic, 1000)\\nresults_series = pd.Series(results)\\nresults_series.plot()\",language:\"Python\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Monte-Carlo simulation results\",className:\"framer-image\",height:\"288\",src:\"https://framerusercontent.com/images/ggEIRlT28lwdidviRzr1Nj7G4.png\",srcSet:\"https://framerusercontent.com/images/ggEIRlT28lwdidviRzr1Nj7G4.png?scale-down-to=512 512w,https://framerusercontent.com/images/ggEIRlT28lwdidviRzr1Nj7G4.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/ggEIRlT28lwdidviRzr1Nj7G4.png 1920w\",style:{aspectRatio:\"1920 / 576\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Raw Monte-Carlo results.\"}),/*#__PURE__*/e(\"p\",{children:\"It can be observed that the vast majority of them are in the fringe between 0 and 15 million. But it is not infeasible to have results that are way beyond the central interval. In order to rule out what\u2019s simple chance and what is really happening due to the distribution of loss, we can simply run more scenarios. Tens or hundreds of thousands of scenarios is a good rule of thumb, without sacrificing performance. A thousand runs takes around 5 seconds, and 10000 takes around 50. At some point adding more simulations does not necessarily improve the quality of results. Your mileage may vary.\"}),/*#__PURE__*/t(\"p\",{children:[\"No matter the number of scenarios, the results are not as useful as they could be until we aggregate them, v.g., in a histogram. \",/*#__PURE__*/e(\"code\",{children:\"Pandas\"}),\" also provides a shorthand for this:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"results_series.hist(bins = 15)\",language:\"Python\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Aggregated simulation results\",className:\"framer-image\",height:\"288\",src:\"https://framerusercontent.com/images/JJecexhUvNRgZHSvR4o4qEQirw.png\",srcSet:\"https://framerusercontent.com/images/JJecexhUvNRgZHSvR4o4qEQirw.png?scale-down-to=512 512w,https://framerusercontent.com/images/JJecexhUvNRgZHSvR4o4qEQirw.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/JJecexhUvNRgZHSvR4o4qEQirw.png 1920w\",style:{aspectRatio:\"1920 / 576\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Histogram of results.\"}),/*#__PURE__*/t(\"p\",{children:['We\u2019re getting closer to the loss exceedance curve, but not there yet. We can estimate probabilities simply by counting occurrences and normalizing by dividing by the number of rounds and multiplying by 100. Hence the estimated \"probability\" of a single value is the normalized number of times that value appeared in the simulation. So let us take evenly spaced values, and count the number of times each of those values is ',/*#__PURE__*/e(\"em\",{children:\"exceeded\"}),\" (or matched). The \",/*#__PURE__*/e(\"code\",{children:\"numpy\"}),\" function \",/*#__PURE__*/e(\"code\",{children:\"cumsum\"}),\" does just that, except in the opposite order: it adds the values seen up to a moment. So if we take the intervals and the counts separately, revert the counts list and then do \",/*#__PURE__*/e(\"code\",{children:\"cumsum\"}),\" on it, we get what we need, in reverse order. To fix that we simply revert again:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"import numpy as np\\nresult_nparray = np.array(results_list)\\nhist, edges = np.histogram(results_nparray, bins = 40)\\ncumrev = np.cumsum(hist[::-1])[::-1]*100/len(results_nparray)\\nplt.plot(edges[:-1], cumrev)\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"And \",/*#__PURE__*/e(\"em\",{children:\"voil\\xe0\"}),\", we get our loss exceedance curve as we sought:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Loss exceedance curve\",className:\"framer-image\",height:\"288\",src:\"https://framerusercontent.com/images/QZJqYOIfgMqQfqNFP8ekPlT5a4k.png\",srcSet:\"https://framerusercontent.com/images/QZJqYOIfgMqQfqNFP8ekPlT5a4k.png?scale-down-to=512 512w,https://framerusercontent.com/images/QZJqYOIfgMqQfqNFP8ekPlT5a4k.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/QZJqYOIfgMqQfqNFP8ekPlT5a4k.png 1920w\",style:{aspectRatio:\"1920 / 576\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Simple loss exceedance curve like in our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/#lec-simple\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Monte Carlo article\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"We can repeat the procedure with a more moderate dataset to obtain the inherent risk \",/*#__PURE__*/e(\"code\",{children:\"LEC\"}),\", in the sense that the probabilities and impact CIs are lower. And finally, to obtain the risk tolerance curve, we give a few points obtained from interviewing someone in charge, as described in \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"the original article\"})}),\" and fitting a curve to it using \",/*#__PURE__*/e(o,{href:\"https://www.scipy.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SciPy\u2019s\"})}),\" \",/*#__PURE__*/e(o,{href:\"https://docs.scipy.org/doc/scipy/reference/interpolate.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Interpolation functions:\"})})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"from scipy import interpolate\\nxs = np.array([1,2,3,7,9])*(1e6)\\ntols = np.array([100,60,10,2,1])\\nxint = np.linspace(min(xs), max(xs))\\nfit = interpolate.interp1d(xs, tols, kind='slinear')\\nplt.plot(xint, fit(xint))\",language:\"Python\"})})}),/*#__PURE__*/e(\"p\",{children:\"All together in a single plot:\"}),/*#__PURE__*/e(\"img\",{alt:\"Risk curves\",className:\"framer-image\",height:\"288\",src:\"https://framerusercontent.com/images/rjhCSb9GNuGqPUK6A3wnsmTeiAI.png\",srcSet:\"https://framerusercontent.com/images/rjhCSb9GNuGqPUK6A3wnsmTeiAI.png?scale-down-to=512 512w,https://framerusercontent.com/images/rjhCSb9GNuGqPUK6A3wnsmTeiAI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/rjhCSb9GNuGqPUK6A3wnsmTeiAI.png 1920w\",style:{aspectRatio:\"1920 / 576\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Loss exceedance curves like in our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/#lec-all\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Monte Carlo article\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"Risk measures\"}),/*#__PURE__*/t(\"p\",{children:['Now obtaining the 5% value at risk is simply a matter of asking for the 95th percentile of the \"distribution\", i.e., the actual simulation results, in its ',/*#__PURE__*/e(\"code\",{children:\"Numpy\"}),\"-array incarnation:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\">>> np.percentile(results_nparray, 95)\\n23360441.53826834\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Hence the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\", according to this particular simulation is a little over $23 million. It is just as simple to obtain the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/para-bellum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"tail value at risk\"})}),\". If we had a mathematical function for the distribution we would have to compute an integral in order to obtain it, but since what we have is a \",/*#__PURE__*/e(\"em\",{children:\"discrete\"}),\" approximation to it, i.e., a simple table of values, we can just average the values that are under the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\":\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\">>> np.average(results_nparray[results_nparray >= var])\\n31949559.99328234\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Thus in case of a \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" breach, we can expect the loss to be of little less than $32 million.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Let us simulate the input values for the simulation, as if we were running the simulation every day with different occurrence probabilities and impacts. Let us make up a \",/*#__PURE__*/e(\"code\",{children:\"DataFrame\"}),\" with random values for the inputs:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"def gen_random_events():\\n probability_column = np.random.random_sample(30)*0.1\\n lower_ci_column = np.random.random_sample(30)*(1e6)\\n upper_ci_column = np.random.random_sample(30)*(9e6)+1e6\\n dicc = {'Probability' : probability_column,\\n 'Lower' : lower_ci_column,\\n 'Upper': upper_ci_column}\\n events_rand = pd.DataFrame(dicc)\\n return events_rand\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Next we run Monte-Carlo on those, once for each day of a fictitious month, compute the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"tVaR\"}),\" for each day and observe how they evolve:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Daily VaR evolution\",className:\"framer-image\",height:\"288\",src:\"https://framerusercontent.com/images/xqAJtiG3xvb5TJGOmsrqXMSGQ7Q.png\",srcSet:\"https://framerusercontent.com/images/xqAJtiG3xvb5TJGOmsrqXMSGQ7Q.png?scale-down-to=512 512w,https://framerusercontent.com/images/xqAJtiG3xvb5TJGOmsrqXMSGQ7Q.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/xqAJtiG3xvb5TJGOmsrqXMSGQ7Q.png 1920w\",style:{aspectRatio:\"1920 / 576\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Fabricated VaR monitoring example like in our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/para-bellum/#var-monitor\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"VaR article\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Since this was a made-up example and the probabilities are sampled simply, i.e., from a uniform distribution, the results are, well, \",/*#__PURE__*/e(\"em\",{children:\"uniform\"}),\". However for the sake of conclusion, we can imagine there is a steady, if slow, trend towards raising the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\". It is interesting that the highest peak in \",/*#__PURE__*/e(\"code\",{children:\"tVaR\"}),\" corresponds to a \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" that is not that different from its neighbors. This goes to show that one is not just a simple function of the other, which is often the case in dealing with uncertainty.\"]}),/*#__PURE__*/e(\"h2\",{children:\"References\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"C. Davidson-Pilon (2019). \",/*#__PURE__*/e(o,{href:\"https://github.com/CamDavidsonPilon/Probabilistic-Programming-and-Bayesian-Methods-for-Hackers\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"Probabilistic Programming and Bayesian Methods for Hackers.\"})})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"C. Motiff (2019). \",/*#__PURE__*/e(o,{href:\"https://pbpython.com/monte-carlo.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"Monte Carlo Simulation with Python\"})})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"B. Mikulski (2018). \",/*#__PURE__*/e(o,{href:\"https://mikulskibartosz.name/monte-carlo-simulation-in-python-d63f0cfcdf6f\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"Monte Carlo simulation in Python\"})})})]})})]}),/*#__PURE__*/e(\"h2\",{children:\"Appendix: full script\"}),/*#__PURE__*/t(\"p\",{children:[\"Download \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantitative-python/quant.py/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Python script\"})}),\" or as \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantitative-python/quant.ipynb/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Jupyter notebook\"})}),\" and input data for \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantitative-python/events.csv/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"inherent risk\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantitative-python/events-redux.csv/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"residual risk\"})}),\".\"]})]});export const richText9=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:['\"',/*#__PURE__*/e(\"em\",{children:\"Si vis pacem, para bellum\"}),'\", goes the old adage. If you want peace, prepare for war. In our case, the worst possible risky scenario our information assets could go into. While probability distributions, loss exceedance curves, simulated scenarios, etc, are all great for the quants in the office, at the end of the day big, important decisions need to be supported by single numbers that can be easily compared to one another. In ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"risk management\"})}),\", this number is the \",/*#__PURE__*/e(\"em\",{children:\"Value at Risk\"}),\" or \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\". Fortunately, once you have one you have the other.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" measures this scenario by telling us beyond how much our losses will \",/*#__PURE__*/e(\"em\",{children:\"not\"}),\" go, with a certain degree of confidence, over a definite period of time. Thus a daily 1% \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" of $10 million means that the probability that you will lose more than ten million is 1%, i.e., are 99% confident that the losses will not exceed that.\"]}),/*#__PURE__*/t(\"p\",{children:[\"So we need to define over what time period our \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" will be taken and how extreme the worst-case scenario. Typical periods and confidences used in the industry are a single day or week, and confidence levels of 95% or 99%.\"]}),/*#__PURE__*/e(\"p\",{children:\"There are at least three workable ways to compute the value at risk:\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Examining the distribution of the returns,\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Using the loss exceedance curve (\",/*#__PURE__*/e(\"code\",{children:\"LEC\"}),\")\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"The \",/*#__PURE__*/e(o,{href:\"https://www.investopedia.com/terms/n/normaldistribution.asp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"normal distribution\"})}),\" is perhaps the most popular one for modeling real-word situations and natural phenomena, and with \",/*#__PURE__*/e(o,{href:\"https://www.thoughtco.com/importance-of-the-central-limit-theorem-3126556\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"good reason\"})}),\". It could be used, to model the value of a portfolio over a one-year period, with mean return 10%, and standard deviation (volatility) 30%:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Normal distribution of values\",className:\"framer-image\",height:\"300\",src:\"https://framerusercontent.com/images/9ByBFCDKOf5dJ72Uea2czT9oGr8.png\",srcSet:\"https://framerusercontent.com/images/9ByBFCDKOf5dJ72Uea2czT9oGr8.png?scale-down-to=512 512w,https://framerusercontent.com/images/9ByBFCDKOf5dJ72Uea2czT9oGr8.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/9ByBFCDKOf5dJ72Uea2czT9oGr8.png 1920w\",style:{aspectRatio:\"1920 / 600\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Normal distribution of value.\"}),/*#__PURE__*/t(\"p\",{children:[\"Knowing the probability distribution, which tells us probabilities of point values, we can find probabilities of ranges with the corresponding \",/*#__PURE__*/e(\"em\",{children:\"cumulative\"}),\" distribution function (\",/*#__PURE__*/e(\"code\",{children:\"CDF\"}),\"):\"]}),/*#__PURE__*/e(\"img\",{alt:\"Cumulative distribution\",className:\"framer-image\",height:\"300\",src:\"https://framerusercontent.com/images/yrbYABJjLWGKWF01T0Xlwc0Vs.png\",srcSet:\"https://framerusercontent.com/images/yrbYABJjLWGKWF01T0Xlwc0Vs.png?scale-down-to=512 512w,https://framerusercontent.com/images/yrbYABJjLWGKWF01T0Xlwc0Vs.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/yrbYABJjLWGKWF01T0Xlwc0Vs.png 1920w\",style:{aspectRatio:\"1920 / 600\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Cumulative distribution function of value.\"}),/*#__PURE__*/t(\"p\",{children:[\"Looks like a vertically reflected \",/*#__PURE__*/e(\"code\",{children:\"LEC\"}),\". In a cumulative probability plot the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" is just the x-value corresponding to the confidence.\"]}),/*#__PURE__*/t(\"p\",{children:[\"We can use a \",/*#__PURE__*/e(o,{href:\"https://www.libreoffice.org/discover/calc/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"spreadsheet\"})}),\", for this, with the \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://help.libreoffice.org/Calc/Statistical_Functions_Part_Four#NORM.DIST\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"NORM.DIST\"})})}),\" function. The probability that the loss exceeds 20% is\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\" =NORM.DIST(-20,10,30,1)\\n 0.158655253931457\",language:\"Markdown\"})})}),/*#__PURE__*/e(\"p\",{children:\"i.e., around 15.8%. The 10 and 30 above are the distribution parameters, and the -20 is the value whose probability we need. Notice that it is negative, meaning a loss. The 1 means to make the computations cumulative.\"}),/*#__PURE__*/e(\"p\",{children:\"We can also use the inverse function so that, given a probability, we get the point at which this probability is attained. It is the same process as above, but backwards.\"}),/*#__PURE__*/t(\"p\",{children:[\"At what point is the 1% probability? More exactly, for which value \",/*#__PURE__*/e(\"em\",{children:\"V\"}),\" is it true that the probability that the final value is less than or equal to \",/*#__PURE__*/e(\"em\",{children:\"V\"}),\" is 1%? That\u2019s just the 1% \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\":\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\" =NORM.INV(0.01,10,30)\\n -59.7904362212252\",language:\"Markdown\"})})}),/*#__PURE__*/t(\"p\",{children:[\"This is the 1% \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Quantile\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"quantile\"})})}),\", or the first \",/*#__PURE__*/e(\"em\",{children:\"percentile\"}),\" of the distribution, the point under which the remaining 1% of points are, weighing by the probability. Thus the \",/*#__PURE__*/e(\"em\",{children:\"Value at Risk\"}),\" in this example will be 59.8% of what we invested. Had we invested $100 million, then we know the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" is $59.8 million, and hence that the losses will not exceed that amount in 99% of the cases, only in that rare 1%. Notice that the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\", being a single figure, does not tell us exactly or otherwise what the losses might be in that catastrophic 1%. But if we are ready to lose that much, we are halfway prepared for the metaphoric war.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The \",/*#__PURE__*/e(\"em\",{children:\"tail\"}),\" (or \",/*#__PURE__*/e(\"em\",{children:\"conditional\"}),\") value at risk, or \",/*#__PURE__*/e(\"code\",{children:\"TVaR\"}),\" (\",/*#__PURE__*/e(\"code\",{children:\"CVaR\"}),\") for short, tries to fill that void by giving us the expected value or mean in the catastrophe region, i.e., in case of a \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),' breach. Much like the actual mean of a distribution is a center of gravity of sorts, where we could \"hold\" the ',/*#__PURE__*/e(\"code\",{children:\"PDF\"}),\" in balance, besides being the value with more repetitions if we repeatedly draw numbers from such a distribution:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Expected value\",className:\"framer-image\",height:\"250\",src:\"https://framerusercontent.com/images/1BfVw7SDJPtMnSuVvnpbn2dOH0Y.png\",srcSet:\"https://framerusercontent.com/images/1BfVw7SDJPtMnSuVvnpbn2dOH0Y.png?scale-down-to=512 512w,https://framerusercontent.com/images/1BfVw7SDJPtMnSuVvnpbn2dOH0Y.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/1BfVw7SDJPtMnSuVvnpbn2dOH0Y.png 1920w\",style:{aspectRatio:\"1920 / 500\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Expected value of a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/hit-miss/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"beta distribution\"})}),\". Via \",/*#__PURE__*/e(o,{href:\"https://upload.wikimedia.org/wikipedia/commons/thumb/8/82/Beta_first_moment.svg/220px-Beta_first_moment.svg.png\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Wikimedia\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"The \",/*#__PURE__*/e(\"code\",{children:\"TVaR\"}),\" is thus the expected value of the loss, given that the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),' has been surpassed. In terms of the above analogy, it is the center of gravity of the \"catastrophe\" region of the distribution plot:']}),/*#__PURE__*/e(\"img\",{alt:\"VaR and TVaR\",className:\"framer-image\",height:\"250\",src:\"https://framerusercontent.com/images/UURVlEbt7V4AOngYCE3Ir9kuds.png\",srcSet:\"https://framerusercontent.com/images/UURVlEbt7V4AOngYCE3Ir9kuds.png?scale-down-to=512 512w,https://framerusercontent.com/images/UURVlEbt7V4AOngYCE3Ir9kuds.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/UURVlEbt7V4AOngYCE3Ir9kuds.png 1920w\",style:{aspectRatio:\"1920 / 500\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Illustration of \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"TVaR\"}),\". Via \",/*#__PURE__*/e(o,{href:\"http://www.nematrian.com/TailValueAtRisk\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Nematrian\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"In our case, since we are mainly interested in cybersecurity risk, which we quantify via \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"simulations\"})}),\", we can always re-run them and aggregate the results differently in order to obtain the density function and recreate the example above. But given that the main result of our simulations was a loss exceedance curve:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Loss exceedance curve\",className:\"framer-image\",height:\"350\",src:\"https://framerusercontent.com/images/htvdfPBpWqWOWu1vyjG8E0H0A.png\",srcSet:\"https://framerusercontent.com/images/htvdfPBpWqWOWu1vyjG8E0H0A.png?scale-down-to=512 512w,https://framerusercontent.com/images/htvdfPBpWqWOWu1vyjG8E0H0A.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/htvdfPBpWqWOWu1vyjG8E0H0A.png 1920w\",style:{aspectRatio:\"1920 / 700\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Loss exceedance curve.\"}),/*#__PURE__*/t(\"p\",{children:[\"We can just use this to obtain the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\", just like we did with the distribution \",/*#__PURE__*/e(\"code\",{children:\"CDF\"}),\". This graph is already cumulative, so there is no need to compute areas under the curve behind the scenes. We simply obtain the value in millions corresponding to the percentage of the scenario in which we are interested. In this particular graph, the 5% yearly \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" appears to be $500 million (recall that this graph has a logarithmic scale in the x-axis). The 1% is not even visible here, but at least that tells us that it must be beyond $1000 million.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Monitoring a short-termed \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" can be usefulto evaluate the performance of risk management or to understand events from the past:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Artificial VaR monitoring\",className:\"framer-image\",height:\"380\",src:\"https://framerusercontent.com/images/jg3Z6YcDqaeJ30rEuLRSe07uB8k.png\",srcSet:\"https://framerusercontent.com/images/jg3Z6YcDqaeJ30rEuLRSe07uB8k.png?scale-down-to=512 512w,https://framerusercontent.com/images/jg3Z6YcDqaeJ30rEuLRSe07uB8k.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/jg3Z6YcDqaeJ30rEuLRSe07uB8k.png 1920w\",style:{aspectRatio:\"1920 / 760\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Artificial VaR monitoring (via \",/*#__PURE__*/e(o,{href:\"https://www.mathworks.com/help/examples/risk/win64/ValueatRiskEstimationandBacktestingExample_04.png\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"MathWorks\"})}),\") and real example from \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Bankers_Trust\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Bankers Trust\"})}),\" (Jorion, 2006).\"]}),/*#__PURE__*/t(\"p\",{children:[\"In the first we see a steady, if slow, decline in \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" over the years. Also notice how the returns are almost always above their corresponding values-at-risk, save for a few rare breaches, which is to be expected.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In the image to the right there is an interesting moment around February 1994, where there is a sharp decrease in the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\", after which it pretty much stays stable under the risk appetite line (dashed). This phenomenon is explained in Jorion\u2019s book as a response to a rise in interest rates at that moment, which was just as sharp as the decrease in the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"However, a decreasing \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" is not all. Shying away from investments to keep the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" low will, by symmetry, mean lower chance of great returns:\"]}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:\"A risk manager has two jobs: make people take more risk the 99% of the time it is safe to do so, and survive the other 1% of the time. VaR is the border. \u2014Aaron Brown\"})}),/*#__PURE__*/t(\"p\",{children:[\"So, the VaR tells us in a single number what can happen with an investment or any risky situation the worst that might happen. However its greatest strength is also where it falls short. This particular number, while it gives an upper bound for the losses, is also unable to tell us anything else about what happens in that 1% of the cases. The \",/*#__PURE__*/e(\"code\",{children:\"TVar\"}),\" tries to fill this void, but it is still just a number, meaning that it inherits this same weakness.\"]}),/*#__PURE__*/e(\"h2\",{children:\"References\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"S. Benninga and Z. Wiener (1998). \",/*#__PURE__*/e(\"em\",{children:\"Value-at-Risk (\"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"em\",{children:\"VaR\"})}),/*#__PURE__*/e(\"em\",{children:\")\"}),\". \",/*#__PURE__*/e(o,{href:\"http://simonbenninga.com/wiener/MiER74.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Mathematica in Education and Research 7(4)\"})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"P. Jorion (2006). \",/*#__PURE__*/e(\"em\",{children:\"Value at Risk: The New Benchmark for Managing Financial Risk\"}),\". \",/*#__PURE__*/e(o,{href:\"https://www.goodreads.com/book/show/1274687.Value_At_Risk\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"McGraw-Hill\"})}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"N. Pearson (2002). \",/*#__PURE__*/e(\"em\",{children:\"Risk Budgeting: portfolio problem solving with value-at-risk\"}),\". \",/*#__PURE__*/e(o,{href:\"https://www.goodreads.com/book/show/1274693.Risk_Budgeting\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Wiley\"})}),\".\"]})})]})]});export const richText10=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"One of the main obstacles against adopting a quantitative approach to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"risk management\"})}),\" is that since major security breaches are relatively rare and hence, there cannot be enough data for proper statistical analysis. While this might be true in the classical sense, it is not if we adopt a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/updating-belief/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Bayesian\"})}),\" mindset, which basically amounts to being open to change your beliefs due to new evidence.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Remember the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantifying-risk/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Rule of 5\"})}),'? It allows us to give a 90% confidence interval with only 5 samples. This is already a counterexample for the \"not enough data\" obstacle. Also recall how we used ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"probability distributions\"})}),\" in order to run simulations on many possible scenarios and updated our beliefs based upon evidence, all based only on a few expertly estimated probabilities. In this article we will show how a probability distribution can be derived from simple observations.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Suppose we want to estimate the batting average --the ratio of hits to the number of times he stands at the bat-- for a particular player. One way to do so would be to look at their \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Moving_average\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"rolling average\"})}),\", i.e., his average so far. The \",/*#__PURE__*/e(o,{href:\"https://www.probabilisticworld.com/law-large-numbers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"law of large numbers\"})}),\" tells us that no matter what happens at the beginning, the rolling average will tend to the true value, if you observe it for long enough:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Rolling average\",className:\"framer-image\",height:\"380\",src:\"https://framerusercontent.com/images/XOH29KhoVI1JsdR4a0oDWlWtkg.png\",srcSet:\"https://framerusercontent.com/images/XOH29KhoVI1JsdR4a0oDWlWtkg.png?scale-down-to=512 512w,https://framerusercontent.com/images/XOH29KhoVI1JsdR4a0oDWlWtkg.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/XOH29KhoVI1JsdR4a0oDWlWtkg.png 1920w\",style:{aspectRatio:\"1920 / 760\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Rolling average tends to the true mean. Via \",/*#__PURE__*/e(o,{href:\"https://www.bradford-delong.com/2005/07/the_law_of_larg.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Brad DeLong\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"The only problem is, we don\u2019t have long enough. Baseball seasons are finite, and major cybersecurity events are few and far between. What is one to do? If we go with the rolling average like in the above image, we would be stuck with the initial, imprecise part of it. For instance, after the first try, the player\u2019s average will be either exactly 0 or 1, which clearly does not reflect the reality well.\"}),/*#__PURE__*/t(\"p\",{children:[\"Enter the \",/*#__PURE__*/e(\"em\",{children:\"beta\"}),\" probability distribution. This distribution takes two parameters which determine its shape and spread, and are cryptically called \",/*#__PURE__*/e(\"em\",{children:\"alpha\"}),\" and \",/*#__PURE__*/e(\"em\",{children:\"beta\"}),\", but in reality can be though of as \",/*#__PURE__*/e(\"em\",{children:\"hits\"}),\" and \",/*#__PURE__*/e(\"em\",{children:\"misses\"}),\" from a certain sample. We may also think that the density function of this distribution gives us the probability that a \",/*#__PURE__*/e(\"em\",{children:\"proportion\"}),\", \",/*#__PURE__*/e(\"em\",{children:\"ratio\"}),\" or \",/*#__PURE__*/e(\"em\",{children:\"probability\"}),\" of an event is just that. No, it was not a typo. We can think of the beta distribution as being the probability distribution of probabilities themselves. As such, we can use it to obtain the probability of being attacked after having observed who has been attacked (the hits) and who has not (the misses) in a certain period of time.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Beta distribution\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/dZoBqCPuttQemZnHx6Nl8BA09k.png\",srcSet:\"https://framerusercontent.com/images/dZoBqCPuttQemZnHx6Nl8BA09k.png?scale-down-to=512 512w,https://framerusercontent.com/images/dZoBqCPuttQemZnHx6Nl8BA09k.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/dZoBqCPuttQemZnHx6Nl8BA09k.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Beta distribution with different parameters. By Shona Shields on \",/*#__PURE__*/e(o,{href:\"http://slideplayer.com/slide/6184857/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Slideplayer\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Wait: it gets better. The beta distribution can be updated with evidence and observations, just like we did when working with \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/updating-belief/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Bayes Rule\"})}),\", to give better estimations. Since alpha and beta represent hits and misses, and if we observe some breaches and some non-breaches, why not just add them to the original parameters?\"]}),/*#__PURE__*/e(\"p\",{children:\"It can be shown that the beta distribution, modified this way, reflects reality much better than the previous estimate. And we can continue doing this in a repetitive manner everytime there is an observation.\"}),/*#__PURE__*/e(\"p\",{children:\"Imagine an even simpler situation: what is the probability that a coin lands heads? We don\u2019t know whether the coin is fair or has been loaded to give more priority to some results than others, so we might just roll it many times, record the results (how many heads and how many tails) and fit a beta distribution in the manner described above. The results would be as follows:\"}),/*#__PURE__*/e(\"img\",{alt:\"Adjusting beta distribution\",className:\"framer-image\",height:\"539\",src:\"https://framerusercontent.com/images/ZUvImkSEBexpxi2WRCIh3LQzy4.png\",srcSet:\"https://framerusercontent.com/images/ZUvImkSEBexpxi2WRCIh3LQzy4.png?scale-down-to=512 512w,https://framerusercontent.com/images/ZUvImkSEBexpxi2WRCIh3LQzy4.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/ZUvImkSEBexpxi2WRCIh3LQzy4.png 1919w\",style:{aspectRatio:\"1919 / 1079\"},width:\"959\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://github.com/CamDavidsonPilon/Probabilistic-Programming-and-Bayesian-Methods-for-Hackers\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Adjusting a beta distribution to new evidence\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"Notice how the distributions after the first two tosses resulted in head do not just say that the probability of heads is 100%, which is what the rolling average would point to, which is clearly wrong. Instead, the beta distribution sort of smoothes out what would be a sharp, extreme yes/no situation, allowing a chance to values in between. After only 3 tosses the distribution starts to look like a proper distribution. It gives the probability that the probability of obtaining heads has a certain value. After 50 tosses we can conclude, with evidence and a mathematically sound supporting method, that the coin was fair after all.\"}),/*#__PURE__*/t(\"p\",{children:['Next, how do we go about applying this to security breaches? What exactly would be the \"hits\" and the \"misses\"? Recall that we ',/*#__PURE__*/e(\"em\",{children:\"update\"}),\" our knowledge of hits and misses by taking random (tough typically small) samples from an unknown, allegedly large population. Since we want to estimate the probability that a business like our own would suffer a major attack, then the population should be a list of companies similar to ours. Call that the top 10, 100, etc of your country/region/world. Out of those, take a random sample, and check against a public database of cybersecurity events (such as the \",/*#__PURE__*/e(o,{href:\"https://enterprise.verizon.com/resources/reports/dbir/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Verizon Data Breach Investigations Report\"})}),\") to see if any of the sampled companies suffered an attack.\"]}),/*#__PURE__*/t(\"p\",{children:[\"We also need seeds for the \",/*#__PURE__*/e(\"em\",{children:\"alpha\"}),\" and \",/*#__PURE__*/e(\"em\",{children:\"beta\"}),\" parameters. These could be expert estimations or, if you want to be very conservative, you can set both to 1, which would give simply a uniform distribution (everything is equally likely). This is the most \",/*#__PURE__*/e(\"em\",{children:\"uninformative\"}),' of all possible priors. It is totally unbiased. Again, by the law of large numbers, it doesn\u2019t really matter much where we begin. But the better the initial estimates, the faster the convergence to the \"truth\". Starting with this uniform prior and observing that there is one attacked company in the sample over a 2-year period, we obtain the following beta distribution:']}),/*#__PURE__*/e(\"img\",{alt:\"Breach frequency\",className:\"framer-image\",height:\"283\",src:\"https://framerusercontent.com/images/o9zynMXdxRo29x1i4Vl1is4zEXI.png\",srcSet:\"https://framerusercontent.com/images/o9zynMXdxRo29x1i4Vl1is4zEXI.png?scale-down-to=512 512w,https://framerusercontent.com/images/o9zynMXdxRo29x1i4Vl1is4zEXI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/o9zynMXdxRo29x1i4Vl1is4zEXI.png 1920w\",style:{aspectRatio:\"1920 / 566\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.howtomeasureanything.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Beta distribution for breach frequency\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"When we have a distribution, we know pretty much everything. We can give find an expected probability of attack or, better yet, a 90% confidence interval in which that probability lies. We can also use it to update our previous models. Remember that in our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"simulations\"})}),\" to obtain the Loss Exceedance Curve, we used a log-normal distribution simply because it was the best fit due to some of its properties. Now we have a better reason to use this beta distribution we obtained here, and running the simulations again with this distribution would yield the following results:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Updated LEC\",className:\"framer-image\",height:\"250\",src:\"https://framerusercontent.com/images/5lPTmPdWLqrzBqIDNPMB93JdW0.png\",srcSet:\"https://framerusercontent.com/images/5lPTmPdWLqrzBqIDNPMB93JdW0.png?scale-down-to=512 512w,https://framerusercontent.com/images/5lPTmPdWLqrzBqIDNPMB93JdW0.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/5lPTmPdWLqrzBqIDNPMB93JdW0.png 1920w\",style:{aspectRatio:\"1920 / 500\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Updated LEC.\"}),/*#__PURE__*/e(\"p\",{children:\"Notice how, by using the beta distribution, it is clear that higher losses are more likely, while smaller losses are less so. Given that this beta distribution was built using real data, this should be a more appropriate estimate of reality.\"}),/*#__PURE__*/t(\"p\",{children:[\"Thus, the Bayesian interpretation of statistics and, in particular, the iterative updating of a fitted beta distribution can aid your company in better understanding risk, and not only in cibersecurity, since nothing in this method is inherent to cybersecurity risk. Especially in combination with \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"random simulations\"})}),\", which turn these abstract distributions into concrete bills and coins.\"]}),/*#__PURE__*/e(\"h2\",{children:\"References\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"C. Davidson-Pilon (2019). \",/*#__PURE__*/e(o,{href:\"https://github.com/CamDavidsonPilon/Probabilistic-Programming-and-Bayesian-Methods-for-Hackers\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"Probabilistic Programming and Bayesian Methods for Hackers.\"})})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"D. Hubbard, R. Seiersen (2016). \",/*#__PURE__*/e(\"em\",{children:\"How to measure anything in cibersecurity risk\"}),\". \",/*#__PURE__*/e(o,{href:\"https://www.howtomeasureanything.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Wiley\"})}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"M. Richey M. and P. Zorn (2005). \",/*#__PURE__*/e(o,{href:\"https://www.jstor.org/stable/30044191?seq=1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Basketball, Beta, and Bayes.\"})}),\" \",/*#__PURE__*/e(\"em\",{children:\"Mathematics Magazine\"}),\", 78(5), 354.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"D. Robinson (2015). \",/*#__PURE__*/e(\"em\",{children:\"Understanding the beta distribution (using baseball statistics)\"}),\". \",/*#__PURE__*/e(o,{href:\"http://varianceexplained.org/statistics/beta_distribution_and_baseball/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Variance Explained\"})}),\".\"]})})]})]});export const richText11=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Usually, changing our beliefs is seen as a negative thing. But when those beliefs represent our state of uncertainty regarding a particular cybersecurity risk, you\u2019d better use all the tools at hand to reduce that uncertainty, i.e., measuring.\"}),/*#__PURE__*/t(\"p\",{children:['Why do we speak of \"belief\" and not \"probability\" here? Intuitively, when we have mentioned ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantifying-risk/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"probabilities\"})}),\", we\u2019re meaning some belief or measure of uncertainty. For example, when giving a confidence interval, we say we \",/*#__PURE__*/e(\"em\",{children:\"believe\"}),\" the actual value is between the boundaries of the interval, up to a certain degree of confidence. When we simulate multiple scenarios in \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Monte Carlo simulations\"})}),\" and finally aggregate the results, we\u2019re expressing that we believe that the loss will be so many millions or larger.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In science, hypotheses are disproven trough observable, measurable evidence. Similarly, testing in general \u2014and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,preserveParams:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pentesting\"})}),\" in particular\u2014 can change our beliefs, that is, our initially proposed or \",/*#__PURE__*/e(\"em\",{children:\"prior\"}),\" probabilities, based upon evidence. The mathematical tool for updating these beliefs is a simple one: Bayes Rule. However, it does require us to discuss a few basic probability theory facts. If you\u2019re familiar with it, feel free to skip straight to the application to cybersecurity risk.\"]})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"], "mappings": "mVAAAA,IAAgS,IAAMC,EAAsBC,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,wiBAAqjBE,EAAEC,EAAE,CAAC,KAAK,oFAAoF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,oIAAiJF,EAAEC,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,IAAiBF,EAAEC,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAEC,EAAE,CAAC,KAAK,gCAAgC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mEAA2EE,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,wBAAqCF,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,wBAAqCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+LAA4MA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,iPAA8PA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,8IAAyI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4EAAoFE,EAAE,KAAK,CAAC,SAAS,oBAAU,CAAC,EAAE,6FAA0GA,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,oHAAoH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,yBAAsCF,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,kBAA+BA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,kFAA+FA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,sEAAmFA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,0BAAgB,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uEAAuE,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oBAA4BE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,8OAA2PA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,0HAAuIA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,kBAA+BA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,4BAAuB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2DAAwEE,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,uKAAoLF,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,uEAAoFF,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,6BAA0CA,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,EAAE,sCAAmDA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,6KAA0LA,EAAEC,EAAE,CAAC,KAAK,mCAAmC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,sBAAsB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qEAAqE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gEAAgE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,gFAAgF,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yCAAoC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8CAA2DE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,sHAAsH,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iLAA8LE,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,iYAAiY,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+IAA0I,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gEAA6EE,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iEAA8EE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,gGAAwGA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,OAAoBA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,sDAAsD,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,+CAA+C,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sCAA8CE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,sIAAmJA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uJAAkJ,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4FAAyGE,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,sNAAsN,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,sJAAmKE,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,yCAAyC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,8CAA8C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,iEAAiE,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iTAAuS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+ZAA+Z,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sEAAsE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uFAAuF,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gLAAsK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,sEAAsE,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mNAAyM,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mKAAgLE,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,uBAAuB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,mCAAmC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8EAA8E,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeC,EAAuBL,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,sDAAmEE,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,sDAAsD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,mFAAgGF,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,yDAAsEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,oBAAiCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,wQAAqRA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,0EAAqE,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wSAAgTE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+EAA4FA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,gGAA6GA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,4NAAuN,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqDE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,wDAAqEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,qEAAkFA,EAAE,OAAO,CAAC,SAAS,mBAAmB,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,sOAAsO,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iBAAiB,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA,+BAAkG,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,iFAA8FE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,mGAAgHA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,oBAAiCA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,oBAAiCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,qDAA6DA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,6EAA6E,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,qFAAqF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAg/D,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,+DAA4EE,EAAE,OAAO,CAAC,SAAS,cAAc,CAAC,EAAE,0CAAuDA,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,qGAAkHA,EAAE,OAAO,CAAC,SAAS,iBAAiB,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,iFAA8FA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,+DAA4EA,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,EAAE,0QAA0Q,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wFAAqGE,EAAE,OAAO,CAAC,SAAS,eAAe,CAAC,EAAE,WAAwBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,2NAAwOA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,SAAsBA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,uBAAuB,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,UAAU,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qCAAqC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wEAAwE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,6NAA0OA,EAAE,OAAO,CAAC,SAAS,iBAAiB,CAAC,EAAE,oKAAiLA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,mUAAmU,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,OAAO,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,2BAA+lE,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,+GAAuHE,EAAE,OAAO,CAAC,SAAS,cAAc,CAAC,EAAE,gBAA6BA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,iSAAiS,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qJAA6JE,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,qIAAkJA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,QAAqBA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,4GAAyHA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,gHAAgH,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8OAAsPE,EAAE,OAAO,CAAC,SAAS,YAAY,CAAC,EAAE,4VAAuV,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0BE,EAAE,OAAO,CAAC,SAAS,oBAAoB,CAAC,EAAE,WAAwBA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,2FAAwGA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,yDAAsEF,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,kIAA+IA,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,6BAA6B,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeO,EAAuBT,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,qWAAqW,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,ixBAA8xBE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,kGAAkG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0DAAuEE,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAE,wCAAqDA,EAAE,KAAK,CAAC,SAAS,6BAA6B,CAAC,EAAE,grBAAgrB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iHAA8HE,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,MAAmBA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,MAAmBA,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,uBAAuB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcA,EAAE,SAAS,CAAC,SAAS,CAAC,6EAA0FE,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,mDAAmD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,UAAU,uBAAuB,SAAsBA,EAAE,QAAQ,CAAC,SAAsBF,EAAE,QAAQ,CAAC,SAAS,CAAcA,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,uCAAuC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,0EAA0E,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,kEAAkE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yPAA+O,CAAC,CAAC,CAAC,CAAC,EAAeQ,EAAuBV,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,4BAAuB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuDE,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,uKAAoLA,EAAEC,EAAE,CAAC,KAAK,mFAAmF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,kEAA+EF,EAAE,OAAO,CAAC,SAAS,cAAc,CAAC,EAAE,qHAAkIA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,YAAY,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,4WAA6V,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8MAA8M,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,8JAAoJ,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,SAAsBE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAE,KAAK,CAAC,SAAS,+BAAqB,CAAC,EAAE,aAA0BA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,yCAAiDA,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,gCAA6CA,EAAE,KAAK,CAAC,SAAS,sBAAY,CAAC,EAAE,yCAAsDA,EAAE,OAAO,CAAC,SAAS,eAAe,CAAC,EAAE,4DAA4D,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mDAAgEE,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,kFAA+FA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,wNAAqOA,EAAEC,EAAE,CAAC,KAAK,6FAA6F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,8GAA2HF,EAAEC,EAAE,CAAC,KAAK,oGAAoG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,8EAA8E,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,+EAAkFE,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,oDAAoD,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4CAA4C,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,UAAU,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kBAAkB,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,sIAAkH,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,u6BAAu6B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wgBAA8f,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gvBAAiuB,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,4JAA6I,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+QAA4RE,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6DAA0EE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,icAA8cA,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,gEAA6EA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,qCAAkDA,EAAE,KAAK,CAAC,SAAS,uBAAa,CAAC,EAAE,wEAAqFA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,yEAAsFA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,kBAA+BE,EAAEC,EAAE,CAAC,KAAK,qHAAqH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iEAAiE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,iBAA8BE,EAAEC,EAAE,CAAC,KAAK,6GAA6G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wJAAyI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,8CAA8C,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gMAA6ME,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,kDAAkD,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wFAAqGE,EAAEC,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,kLAA6K,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,sLAAsL,CAAC,CAAC,CAAC,CAAC,EAAeS,EAAuBX,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,OAAO,CAAC,SAAS,qBAAqB,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,0LAAuMF,EAAEC,EAAE,CAAC,KAAK,4BAA4B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,IAAiBA,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,8JAA2KF,EAAE,OAAO,CAAC,SAAS,wBAAwB,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,+ZAA4aA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,4BAAyCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sCAA8CE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,sEAAmFA,EAAE,OAAO,CAAC,SAAS,gCAAgC,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,8BAA8B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,kIAA+IF,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,mDAAgEA,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,UAAuBA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,sDAAmEA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,qBAAkCA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,eAA4BA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,aAAa,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sLAAmME,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,oFAAiGA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,6KAAgLA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,2RAAwSA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,8JAA2KA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,sEAAmFA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,wEAAwE,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0UAAuVE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,oBAAiCF,EAAEC,EAAE,CAAC,KAAK,2DAA2D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,2EAAwFF,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAEC,EAAE,CAAC,KAAK,+BAA+B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,mQAAmQ,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,cAA2BE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uBAAoCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,yDAAsEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uDAAoEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,oGAAiHA,EAAE,OAAO,CAAC,SAAS,+BAA+B,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,6BAA6B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,6BAA0CF,EAAE,OAAO,CAAC,SAAS,qBAAqB,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,8BAA8B,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,8BAA8B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,gBAA6BE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,sMAAmNA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,uPAAuP,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2JAAwKE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uBAAoCA,EAAE,OAAO,CAAC,SAAS,oCAAoC,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,8BAA8B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,sBAAmCF,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,OAAoBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,sEAAmFA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,oKAAiLA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,8DAA2EA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,iJAAoJA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,qJAAqJ,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uVAAoWE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uKAAuK,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wDAAqEE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+kBAA+kB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeU,EAAuBZ,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,wUAAqVE,EAAE,KAAK,CAAC,SAAS,0DAA0D,CAAC,EAAE,iDAAiD,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wPAAqQE,EAAEC,EAAE,CAAC,KAAK,wEAAwE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,uKAAoLF,EAAEC,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,+IAA+I,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,2TAAwUE,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,oDAAoD,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,UAAU,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,WAAwBE,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAE,wIAAwI,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oKAAoK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mFAAmF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oJAAoJ,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wFAAwF,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4hBAAuhB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4FAA4F,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,sCAAsC,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kDAAkD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2tBAAstB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qCAAqC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iEAA8EE,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,EAAE,mCAAgDA,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,2BAAwCA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,yNAAoN,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oHAAoH,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,YAAY,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mNAA2NE,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,8BAA8B,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,YAAY,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6GAA6G,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,YAAY,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gKAAgK,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,0BAA0B,UAAU,eAAe,OAAO,KAAK,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,SAAsBE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,mBAAgCA,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,mKAAmK,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,4BAA4B,UAAU,eAAe,OAAO,KAAK,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yCAAyC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gKAA6KE,EAAEC,EAAE,CAAC,KAAK,iDAAiD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,ySAAyS,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,mBAAmB,UAAU,eAAe,OAAO,KAAK,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oJAAiKE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,oCAAiDA,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC,EAAE,KAAkBA,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC,EAAE,KAAkBA,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC,EAAE,0HAA0H,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uhBAAoiBE,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,4BAAyCA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,mIAAmI,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,k5BAAk5B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8oBAA2pBE,EAAEC,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,2EAAwFE,EAAE,KAAK,CAAC,SAAS,0DAA0D,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,mCAAmC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeS,EAAuBb,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,0CAA0C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wXAAwX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oWAAqW,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAgCE,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAE,mMAAgNA,EAAEC,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,wFAAqGF,EAAEC,EAAE,CAAC,KAAK,2FAA2F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,wFAAqGF,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,ggBAAggB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mOAAgPE,EAAEC,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,yGAAsHF,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,EAAE,2HAAwIA,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,IAAiBA,EAAEC,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,wVAAwV,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,0GAAkHE,EAAEC,EAAE,CAAC,KAAK,sGAAsG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,mCAAgDF,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,4DAAyEA,EAAE,SAAS,CAAC,SAAS,KAAK,CAAC,EAAE,yFAAsGA,EAAE,SAAS,CAAC,SAAS,KAAK,CAAC,EAAE,yDAAsEA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mDAAmD,CAAC,CAAC,CAAC,EAAE,iBAA8BF,EAAE,SAAS,CAAC,SAAS,KAAK,CAAC,EAAE,qRAAqR,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0BAAuCE,EAAEC,EAAE,CAAC,KAAK,2FAA2F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,6OAA6O,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,UAAU,uBAAuB,SAAsBA,EAAE,QAAQ,CAAC,SAAsBF,EAAE,QAAQ,CAAC,SAAS,CAAcA,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,oDAA+C,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,EAAE,4EAA4E,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,2EAA2E,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,oSAAoS,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,waAAwa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,eAA4BE,EAAE,KAAK,CAAC,SAAS,iBAAiB,CAAC,EAAE,0KAA0K,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gCAAgC,CAAC,EAAE,OAAoBA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,uOAAoPA,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,gQAA6QF,EAAEC,EAAE,CAAC,KAAK,gCAAgC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,qHAAqH,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sCAAsC,CAAC,EAAE,mFAAgGA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,sBAAmCA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,0IAA0I,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,goBAAgoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gMAAgM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kgBAAkgB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2GAA2G,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uHAAuH,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4EAA4E,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4MAA4M,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeY,EAAuBZ,EAAID,EAAS,CAAC,SAAsBD,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqDE,EAAEC,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,gBAA6BF,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,iDAAiD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,SAAsBF,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,+LAA4MF,EAAEC,EAAE,CAAC,KAAK,mCAAmC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,mGAAgHF,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,qBAAkCA,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,yBAAyB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,aAA0BF,EAAEC,EAAE,CAAC,KAAK,oCAAoC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,wEAAmE,CAAC,CAAC,CAAC,CAAC,EAAeW,EAAuBf,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,wDAAqEA,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,yBAAyB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,wBAAqCF,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,4BAA4B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,sDAAmEF,EAAEC,EAAE,CAAC,KAAK,mEAAmE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,6HAA0IF,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,uBAAuB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAEC,EAAE,CAAC,KAAK,uBAAuB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,gGAA6GF,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,wIAAwI,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,6EAA0FE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,iEAA8EA,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,kMAAkM,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wBAAwB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+LAA4ME,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,aAAa,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA,qBAAqF,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,gBAAgB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,6CAA0DE,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,uIAAuI,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA,sDAAmG,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,6NAA6N,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA,4CAAyL,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,wSAAwS,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA,uBAAsP,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,yLAAsME,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,6DAA0EA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,OAAoBA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,4HAA4H,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA,wBAAwM,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gOAA6OE,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,IAAiBA,EAAE,OAAO,CAAC,SAAS,YAAY,CAAC,EAAE,sEAAmFA,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA,uBAAyI,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,iCAAiC,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2lBAAslB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oIAAiJE,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,sCAAsC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,iCAAiC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,gCAAgC,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+aAAubE,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,sBAAmCA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,aAA0BA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,oLAAiMA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,oFAAoF,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA,8BAAmN,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,kDAAkD,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,wBAAwB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,4CAAyDE,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wFAAqGE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uMAAoNA,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,oCAAiDF,EAAEC,EAAE,CAAC,KAAK,yBAAyB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAS,CAAC,CAAC,CAAC,EAAE,IAAiBF,EAAEC,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA,2BAA2N,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,gCAAgC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,cAAc,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,sCAAmDE,EAAEC,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8JAA2KE,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA,mBAA4D,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0BE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,8GAA2HA,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,oJAAiKF,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,2GAAwHA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA,mBAA6E,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,wEAAwE,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6KAA0LE,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,qCAAqC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA+Y,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,0FAAuGE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,4CAA4C,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,sBAAsB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,iDAA8DE,EAAEC,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wIAAqJE,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,8GAA2HA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,gDAA6DA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,qBAAkCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,6KAA6K,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0CE,EAAEC,EAAE,CAAC,KAAK,iGAAiG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,6DAA6D,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoCE,EAAEC,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,YAAyBE,EAAEC,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,UAAuBF,EAAEC,EAAE,CAAC,KAAK,iEAAiE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,uBAAoCF,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAEC,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeY,EAAuBhB,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,IAAiBE,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAE,uZAAoaA,EAAEC,EAAE,CAAC,KAAK,sFAAsF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,wBAAqCF,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAE,OAAoBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,sDAAsD,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,yEAAsFA,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,EAAE,6FAA0GA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,0JAA0J,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,6KAA6K,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sEAAsE,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiDE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAEC,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,sGAAmHF,EAAEC,EAAE,CAAC,KAAK,4EAA4E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,8IAA8I,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,gCAAgC,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+BAA+B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kJAA+JE,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,2BAAwCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,0BAA0B,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4CAA4C,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qCAAkDE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,0CAAuDA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uDAAuD,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gBAA6BE,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,wBAAqCF,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,8EAA8E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,yDAAyD,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA,uBAAqD,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,2NAA2N,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4KAA4K,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sEAAmFE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,kFAA+FA,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,mCAA2CA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA,uBAAmD,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,kBAA+BE,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,kBAA+BA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,qHAAkIA,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAE,sGAAmHA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uIAAoJA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,yMAAyM,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,QAAqBA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAE,uBAAoCA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,8HAA2IA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,mHAAgIA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,oHAAoH,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,uBAAoCE,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,SAAsBF,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,2DAAwEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uIAAuI,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,eAAe,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,mBAAgCE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,SAAsBA,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4FAAyGE,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,0NAA0N,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,wBAAwB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wBAAwB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sCAAmDE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,4CAAyDA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,0QAAuRA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+LAA+L,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0CE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,qGAAqG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,4BAA4B,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,kCAA+CE,EAAEC,EAAE,CAAC,KAAK,uGAAuG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,2BAAwCF,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,qDAAkEE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,iKAAiK,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,yHAAsIE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,gPAAwPA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsCE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,yDAAsEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,6DAA6D,CAAC,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,6KAAwK,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4VAAyWE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,uGAAuG,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,qCAAkDE,EAAE,KAAK,CAAC,SAAS,iBAAiB,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAE,KAAK,CAAC,SAAS,8DAA8D,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAmCE,EAAE,KAAK,CAAC,SAAS,8DAA8D,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,6DAA6D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAea,EAAwBjB,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,yEAAsFE,EAAEC,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,+MAA4NF,EAAEC,EAAE,CAAC,KAAK,iDAAiD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,6FAA6F,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,gBAA6BE,EAAEC,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,sKAAmLF,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,qQAAqQ,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,yLAAsME,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,mCAAgDF,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,6IAA6I,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,+CAA4DE,EAAEC,EAAE,CAAC,KAAK,+DAA+D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,gaAAsZ,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0BE,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,sIAAmJA,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,QAAqBA,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,wCAAqDA,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,QAAqBA,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,4HAAyIA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,KAAkBA,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,OAAoBA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAE,gVAAgV,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,oEAAiFE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iIAA8IE,EAAEC,EAAE,CAAC,KAAK,iDAAiD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,wLAAwL,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,kNAAkN,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+XAA0X,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,8BAA8B,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,iGAAiG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+CAA+C,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,6nBAA6nB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kIAA+IE,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,odAAieA,EAAEC,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAE,8DAA8D,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2CE,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,QAAqBA,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,kNAA+NA,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAE,2XAAsX,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,mBAAmB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wCAAwC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,oQAAiRE,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,mTAAmT,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,cAAc,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mPAAmP,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6SAA0TE,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,0EAA0E,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0CE,EAAEC,EAAE,CAAC,KAAK,iGAAiG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,6DAA6D,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgDE,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiDE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAE,IAAiBF,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoCE,EAAE,KAAK,CAAC,SAAS,iEAAiE,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,0EAA0E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAec,EAAwBlB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,0PAAqP,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+FAA4GE,EAAEC,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,yHAAiIF,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,6IAA0JA,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,6HAAwH,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wHAAgIE,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,eAAe,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,mFAA2FF,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,uSAAkS,CAAC,CAAC,CAAC,CAAC,CAAC,EAC7i/IiB,EAAqB,CAAC,QAAU,CAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,mBAAqB,CAAC,KAAO,UAAU,CAAC,CAAC", "names": ["init_ssg_sandbox_shims", "richText", "u", "x", "p", "Link", "motion", "richText1", "ComponentPresetsConsumer", "t", "CodeBlock_default", "richText2", "richText3", "richText4", "richText5", "richText6", "richText7", "richText8", "richText9", "richText10", "richText11", "__FramerMetadata__"] }