Authorize newsletter link database


1	Published?	Published?	Submit Date	Category	Domain	Date	Blurb	Comments
2			Oct 17, 2024	Article	4sg.nl	Oct 10, 2024	Many notable companies are participating in the CAEP / SSF interoperability event at the Gartner IAM Summit in Dec. This blog outlines the event and has quotes from Gartner and OIDF execs.
3			Oct 4, 2024	Media	www.youtube.com	Oct 1, 2024	The whole fwd:cloudsec conference in Brussels was recorded and now published online as a series of excellent talks on YouTube	Particularly interested in Entra and Build your own CloudTrail, which is actually about Cedar (!)
4			Oct 3, 2024	Article	aws.amazon.com	Sep 30, 2024	Blends the trendiness of ReBAC and the AWSness of Cedar and Amazon Verified Permissions
5			Oct 3, 2024	Article	www.umbrella.associates	Sep 30, 2024	Innovation around extending OPA to become a more fully capable PDP
6			Oct 2, 2024	Article	softwareanalyst.substack.com	Oct 2, 2024	"NHIs have been the hottest topic in my coverage (CISOs & Investors alike) behind AI security this year" and Service Accounts, Machine Identities, API Keys, Tokens, Certificates, Secrets etc	https://www.linkedin.com/posts/francis-odum-0a8673100_i-had-the-pleasure-of-speaking-at-the-first-activity-7244382210600943617-y_nO may have already run this headline, but I'm coming back to this article more.
7			Oct 1, 2024	Software	www.umbrella.associates	Oct 1, 2024	Roland: "I'm excited to share my little contribution to the authorization community: an extension to the Open Policy Agent that integrates SpiceDB into OPA! With this little extension, OPA can be used as a hybrid PBAC-ReBAC engine with SpiceDB as PIP in the backend. the extension currently supports check, lookup and even write/delete operations in OPA!"	https://idprofessionals.slack.com/archives/CKVHTJY2D/p1727716284514179
8			Sep 27, 2024	Event	www.linkedin.com	Sep 27, 2024	ABAC to school webinar already promoted in last week's newsletter - this is the link to the actual recording
9			Sep 27, 2024	Software	axiomatics.com	Sep 27, 2024	Axiomatics' Policy Companion is now Generally Available. People can trial it at their own pace.
10			Sep 20, 2024	Article	www.aserto.com	Sep 20, 2024	This is a hot take on AuthZEN's recently announced Implementer's Draft, and why it matters.
11			Sep 19, 2024	Article	strata.io	Sep 19, 2024	Whether you are brand new to the Identity space or you just want to make sure you haven't missed some of the fundamentals, "For Dummies" guides are a quick and easy cheat sheet for complex technical topics. Strata just published a new "Identity Orchestration for Dummies" book this week and there are a number of chapters on where authorization and policy orchestration fit into the IAM puzzle. Written by one of the co-authors of SAML and IDQL, it's a great way to dig into topics that have become a bit fuzzy due to jargon-y overuse!	Hi Rohit, Eve, and team - Mark here from Strata and we're submitting a link to a new "Identity Orchestration for Dummies" book that we published this morning. It contains quite a bit of information about how/where authorization fits into the IAM puzzle, and hopefully does so in a very approachable way. We also talk at a high level about policy orchestration and the role that IDQL plays in that equation... a relatively quick read, and not one that just screams "advertising" and "buy Strata". I thought it would be an appropriate submission as a result, and appreciate your all's consideration for the newsletter!
12			Sep 19, 2024	Article	4sg.nl	Sep 9, 2024	XDR offers a forceful response. CAEP complements it by adding precision
13			Sep 19, 2024	Article	4sg.nl	Sep 18, 2024	A packed Fall 2024 lineup will help you get on top of the latest advances. This blog post provides a perspective on what to expect.
14			Sep 15, 2024	Event	www.linkedin.com	Sep 26, 2024	In this LinkedIn live we will cover the basics of policy driven authorization and best practices for policy authoring
15			Sep 13, 2024	Article	www.theinformation.com	Sep 12, 2024	https://www.reuters.com/markets/deals/mastercard-buy-threat-intelligence-company-recorded-future-265-bln-2024-09-12/ Recorded Future, which uses AI-powered analytics to identify potential threats, on a service that alerts financial institutions when a card is likely compromised.	There's a deeper point to be made about impact of boring PE buyers scooping up mature cyber sectors (Ping! ForgeRock! etc!) https://x.com/amir/status/1834382391424766206 "Compare that to the West coast, where people burn $25 million before they go to breakfast." https://x.com/semil/status/1834614543491940574 case for early private buyout over endless VC growth rounds. Once Insight took over, the prospect of easy money was over
16			Sep 13, 2024	Article	www.linkedin.com	Aug 30, 2024	Who is building AI agents for cybersecurity? "perceive an environment, process information, and take actions to achieve specific goals"	85-comment thread which appears to say "not much, not yet" For IAM, it might be automatically detecting a subset of a user group that doesn't need half the permissions, and proposing a split of a group into a low-priv set and propagating the changes. Visionary, or hallucinogenic?
17			Sep 13, 2024	Article	www.linkedin.com	Aug 20, 2024	Security Posture Platform (SPP), a dynamic map of our infrastructure’s security landscape that plays a crucial role in our Information Security program. Are we affected by vulnerability X? Is vulnerability X on devices exposed to untrusted networks? Who is responsible for patching host A? How do I patch vulnerability X on Windows 11? What is the highest risk vulnerability on my devices? What services are running on host X and who are the owners?	Needs to read in depth… I think it's due to Clint Gibler or another newsletter that referred it to me
18			Sep 13, 2024	Article	techcrunch.com	Apr 24, 2024		This is old, but apropos to our AI themes and the Plaid mention in the newsletter last week. Namely, can an intermediary published finer-grained authz than the world has today, because that will unleash more (& safer) innovation than straight-up phishing ever can?
19			Sep 13, 2024	Article	securitycafe.ro	Sep 3, 2024	reviewing the design choices, default settings and vulnerabilities that have been exploited over the years. We’ll focus on recuring issues that present constant problems also clustered: https://cyscale.com/blog/aws-iam-least-privilege in particular for AuthZ nerds, IAM Access Analyzer External Access without being too much of a sales pitch for their own UARs	via tldrsec
20			Sep 13, 2024	Article	science.nasa.gov	Sep 10, 2024	as our running updates on the heroic probe as a mascot for "every day we write new legacy code" here's a moral for going back to buggy code that no longer the worst alternative anymore!	for more color, https://www.amazon.com/Vinyl-Frontier-Voyager-Golden-Record/dp/1472956133 or _Year Zero_ for the royalty hell that descends upon aliens loving human music who have to either become pirates or bankrupt entire galaxies to pay off the RIAA :)
21			Sep 13, 2024	Media	www.mooreds.com	May 11, 2024	Timely, because the creator of CIAM weekly recently grew from 70 to 200+ subscribers	Call to action to the community that we won't have a neutral newsletter if we don't make this one sustainable.
22			Sep 13, 2024	Event	id4africa.com	Sep 16, 2024	substantiates last weeks call for ID Day with the 850M people who don't have papers, so to speak.
23			Sep 13, 2024	Event	www.nhi-security.com	Sep 18, 2024	first human + non-human identity conference, coming up in NYC. See also the 3-mo sprint from a new evangelist/community group NHIMG.org	Looking forward to talking to NHIMG impresario, out of London, about how investing in LI-first has worked out for their growth.
24			Sep 13, 2024	Article	cloudsecurityalliance.org	Aug 13, 2024	from CSA AI Technology and Risk Working Group describes the LLM security risks relevant to system design … Authorization considerations for the various components of LLM-backed systems. PDF requires free registration.	CSA research in to AI AuthZ failures and risks. Does not appear to have been covered in AuthZ news yet
25			Sep 13, 2024	Software	www.finsmes.com	Sep 10, 2024	Work AI platform that connects and understands enterprise data, to generate answers and automate work grounded in company knowledge. Using its search and RAG technology to retrieve the most relevant, up-to-date information	Doubled valuation in like 3 months (!) Glean is one of the permission-aware RAG foundations on the market — they can check whether the asker can ask, before letting an AI answer.
26			Sep 13, 2024	Software	blog.intigriti.com	Sep 3, 2024	A single missing access policy can often introduce security risks, data leaks, or other unintended consequences. In this article, we will cover some of the most common security misconfigurations in AWS S3 buckets.	good overview
27			Sep 13, 2024	Media	blog.gitbutler.com	Sep 11, 2024	GH actions are a well-known example of AuthZ vulnerability. Also a sign of a sea change in app dev habits. so AuthZ startups should pay attention to it. Here was an early member's perspective: 1. GitHub started at the right time 2. GitHub had good taste	The accompanying HN thread has some fireworks for quote flavor too: https://news.ycombinator.com/item?id=41490161
28			Sep 13, 2024	Article	www.cloudsecuritynewsletter.com	Sep 13, 2024	Welcome to a great new newsletter in the space from the hosts of the long-running and ever helpful Cloud security podcast. This one's a blockbuster that kicks off with key fundamentals and practices from eight leading Cloud security practitioners	This one's more of a reference piece than news of this week specifically. High hopes for it.
29			Sep 10, 2024	Event	www.nhi-security.com	Sep 18, 2024	The 1st Non-Human Identity Security Conference September 18, 2024 \| 8:30 AM – 1:30 PM ET World TRADE CENTER \| New York, Ny Join us for a dynamic half-day conference focused on the cutting-edge trends and tactics in NHI security.	https://www.linkedin.com/posts/lalit-choda-5b924120_nhisecurity-cybersecurity-cloudsecurity-activity-7235194542327574528-IafB/
30			Sep 10, 2024	Article	www.acm.org	Sep 5, 2024	seven years on the Zanzibar team, I improved the system’s scalability, reliability, and security as its workload and use cases grew.	Bio and interview of one of the founders of Google Zanzibar, author of a paper that launched many startups…
31			Sep 10, 2024	Software	cloudsecurityalliance.org	Aug 13, 2024	exploring the pitfalls in authorization and security, it also outlines LLM design patterns for extending the capabilities of these systems "Granting APIs broad permissions can lead to unintended data access and actions. Define and enforce fine-grained permissions."	CSA semi-standards like working group report
32			Sep 10, 2024	Article	www.reuters.com	Sep 10, 2024	Rapid doubling again in valuation for a permission-aware unstructured data store that can be a core for RAG applications.	Glean can import data with flattened ACLs, not necc the complete AuthZ semantics of the origin system
33			Sep 9, 2024	Event	www.linkedin.com	Sep 9, 2024	The Identerati Office Hours webinar this week focuses on a defense-in-depth architecture for Authorization, with guest Omri Gazitt.	Ideally published in the Monday Sept 9 edition...
34			Aug 23, 2024	Software	github.com	Aug 23, 2024	cedar-go is getting a major upgrade! For any teams using Go, please check out a new way https://github.com/cedar-policy/cedar-go/blob/1da3cb2aaef0715c9131a34f587bfbbf6af5ed66/ast/ast_test.go	cedar-go is maintained by StrongDM
35			Aug 23, 2024	Event	www.strongdm.com	Aug 23, 2024	Sign up for StrongDM's September 4th installment of the Policypalooza Summer Webinar Series on Fine-grained Policies with Cedar - Action Control Unleashed: Fine-Grained Policies for Database Security	John Martinez@StrongDM for more info
36			Aug 22, 2024	Article	sgnl.ai	Aug 14, 2024	Regulations and critical market position make financial services particularly sensitive to unauthorized access. Zero standing privilege is a strategy that can dramatically reduce their cyber risk.
37			Aug 22, 2024	Article	sgnl.ai	Aug 20, 2024	Zero standing privilege and manual privilege management are two different access control strategies that can lead to vastly different outcomes.
38			Aug 22, 2024	Media	www.aserto.com	Aug 19, 2024	With Docker, Kubernetes, and most other CNCF projects written in Go, it is clearly the language of the cloud-native world. And adding fine-grained ReBAC-based authorization to a Go app just got a lot easier - find out how in the latest of our Go article series.	(moved from blurbs doc back to spreadsheet)
39			Aug 12, 2024	Article	www.aserto.com	Aug 12, 2024	This article describes the various options for building RBAC in Go - "vanilla" (i.e. without any library), using goRBAC, and using Casbin. Then it describes the externalized authorization approach using Topaz.
40			Aug 4, 2024	Article	idpro.org	Jul 30, 2024	A "big think" article that envisions a new paradigm for secure computing.
41			Aug 2, 2024	Article	www.aserto.com	Jul 29, 2024	Omri’s article on policy enforcement points / scenarios, including the OIDC authN ceremony, the resource server, the API gateway, and service-to-service authz. It also plugs AuthZEN as the "OIDC for authorization" :)
42			Aug 1, 2024	Article	www.docker.com	Jul 23, 2024	Authorization plugins bypassed for Docker's very coarse-grained authorization model? Well, it's hard to have access control when that happens. Luckily, "[t]he base likelihood of this being exploited is low."
43			Jul 31, 2024	Other	authzed.com	Jun 27, 2024	AuthZed has secured $12 million of Series A fundraising! This is our first additional capital since our original Seed funding back in early 2021.	We missed this earlier in the news cycle, a huge vote for Zanzibar-driven approaches
44			Jul 25, 2024	Article	4sg.nl	Jul 22, 2024	I wrote this blog post after many conversations with people either dealing with NHI (non-human identities) access issues, or folks who work exclusively in this space. But still, this a developing area where I'd love to get more insight. Coincidentally, we presented an update on Transaction Tokens (a new NHI related standard) the same day at IETF 120!
45			Jul 25, 2024	Article	4sg.nl	Jul 25, 2024	A case study of how a customer uses Zero Standing Privilege as a product differentiator for their own services!
46			Jul 25, 2024	Event	openid.net	Jul 19, 2024	The OpenID Foundation is soliciting implementers to participate in the CAEP interoperability event at Gartner IAM Summit in December
47			Jul 22, 2024	Article	techcrunch.com	Jul 22, 2024	Linx is trying to map orphan authorizations to UNused identities.	Very high grade investors, but little on substance as yet.
48			Jul 19, 2024	Article	www.aserto.com	Jul 19, 2024	Platform engineering teams have long looked for a scalable way to enforce authorization rules at the API gateway. They finally have a solution that combines OPA and Zanzibar, the two predominant modern authorization ecosystems.	Additional link: Part 1 of the series: https://www.aserto.com/blog/an-easy-button-for-api-authorization
49			Jul 16, 2024	Media	youtu.be	Jul 9, 2024	"PostgreSQL has a very sophisticated role privilege system that can control access to database objects on a very granular level…if you use it properly!" "This talk is an introduction to the user and role system in PostgreSQL, how to configure it, how to set up secure defaults, and how to use it for both database login and granular control over access once a user is logged in."	Great stills, wish I could find the original slides. Has a movie ref, too: the "To Serve Man" cookbook! https://www.meetup.com/postgresql-1/events/301567188/
50			Jul 14, 2024	Article	www.wsj.com	Jul 14, 2024	Largest deal ever by Google if true?	No paywall at https://www.msn.com/en-us/money/companies/google-near-23-billion-deal-for-cybersecurity-startup-wiz/ar-BB1pXWQP
51			Jul 13, 2024	Article	posts.specterops.io	Jun 13, 2024	Example of how complex AuthZ can become in the context of a hosted database, which has policies at the cloud-, network-, table-, and service-level. "Ask yourself, “Can you answer which users can use the DATASCIENCE Database in your Snowflake deployment?” With this graph, that question is trivial to answer, but without one, we find that most organizations cannot answer these questions accurately."	Related to the ongoing snowflake breaches, including AT&T, and found in a link @Atul shared on LI, namely July 2nd's https://www.darkreading.com/cybersecurity-operations/three-ways-to-chill-attacks-on-snowflake
52			Jul 12, 2024	Article	cwe.mitre.org	Feb 29, 2024	Closest CVE for the concept of "authorizing the right identity, but the wrong principal" because the identifier has been recycled or corrupted — someone has taken over an old email address, or purchased a lapsed domain name, etc	From an insightful running thread on IDPro Slack by Hirsh Singhal: https://idprofessionals.slack.com/archives/CKVHTJY2D/p1719944219629689
53			Jul 12, 2024	Article	blogs.oracle.com	Jul 12, 2024	A recent post from Oracle Cloud showing a worked example of using their authorization policy language to grant access to a shell based on both 1) identity, 2) permissions, and 3) network origin.	Good authZ often requires locking down IP and IAM. Uncommon to see OCI in the mix.
54			Jul 12, 2024	Article	www.propublica.org	Jun 13, 2024	Whistleblower from Microsoft's IAM security team alleges long-standing weaknesses in Active Directory Federation created unauthorized access risks that were later exploited in Solarwinds attack.	Bit of a backtrack in the news cycle, but very fascinating to see the details laid out. Came up in my research into a hot-of-the-presses headline warning of persistent Chinese hackers from 8 nations, https://en.m.wikipedia.org/wiki/APT40 and https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3830375/nsa-joins-in-releasing-case-studies-showing-prc-tradecraft-in-action/
55			Jul 12, 2024	Article	www.calcalistech.com	Jul 8, 2024	"Sola Security has completed an impressive $28 million Seed round" … "Four months ago, Flechter left Palo Alto, where he served as Chief AppSec Officer, to establish the new startup." … "Sola does not yet have a product"	Maybe we need a category for startups/funding/industry news?
56			Jul 12, 2024	Article	pulse2.com	Jul 7, 2024	There's enough political pressure for attribute-based access control (ABAC) to only authorize adults that externalized approaches are emerging, in the US and other markets. As a counterpoint, though, see the latest Communications of the ACM for a warning not to use AuthN, but only store the 1-bit attribute for AuthZ instead: https://cacm.acm.org/opinion/age-verification-systems-will-be-a-personal-identifiable-information-nightmare/ (June 10, 2024)	More AuthN with verifiable attributes than AuthZ, but age-gating is also a quintessential AuthZ decision, and externalizing it seems like an improvement over DIY. Good companion for contrast is the CACM piece
57			Jul 12, 2024	Software	github.blog	Jul 10, 2024	Github rolls out an Organization-level role to grant permissions that apply to all the repositories, along with pre-defined groups of permissions to serve specific needs.	rare case of an IAM announcement with details from a non-Cloud vendor
58			Jul 12, 2024	Media	ojs.wiserpub.com	Apr 26, 2024	Academic paper surveying progress in AuthN and AuthZ spotlighted on Identity Woman's newsletter [To-read]	Have not done enough research to fill out a valid blurb. Categorizing this paper as "Media" as an experiment; not sure if that's right.
59			Jul 12, 2024	Media	www.strongdm.com	Feb 29, 2024	"Managing access to your organization's most critical infrastructure is like Forrest Gump's box of chocolates: You never know what you're gonna get." This is a recording from John Martinez, DAM Evangelist at StrongDM.	Just stashing this away for a future cinematic meme :) This Forrest Gump take was from February, and comes with artwork or a gif at https://www.linkedin.com/posts/strongdm_forrestgump-cloudsecurity-infosec-activity-7167220028185018368-eRay/
60			Jul 11, 2024	Article	4sg.nl	Jul 10, 2024	Minimize the impact of identity breaches by implementing zero-standing privilege authorization
61			Jul 11, 2024	Article	openid.net	Jul 1, 2024	Important new drafts are out for review by the authorization community. Review period ends August 11th
62			Jul 11, 2024	Article	openid.net	Jul 10, 2024	A spirited recap of the CAEP panel during Identiverse 2024.
63			Jul 11, 2024	Event	www.brighttalk.com	Jul 25, 2024	Traditionally, Authorization has been coded into every application […] Join Mickey Martin, VP of Sales Engineering, PlainID, and Hub City Media’s CTO & Co-founder, Steve Giovannetti to talk about how homegrown and legacy authorization solutions do not align to modern business standards, driving the demand for an Enterprise Authorization solution
64			Jul 11, 2024	Article	www.aserto.com	Jul 8, 2024	Scaling a fine-grained authorization model for APIs can be tricky, especially when you have hundreds or thousands of them. Topaz just introduced "API Authorization on Autopilot" - an automated pipeline for securing your services and endpoints.
65			Jul 7, 2024	Article	securitylabs.datadoghq.com	Jul 7, 2024	Who polices your policies? Azure policy abuse for privileges escalation and persistence (To-read)	Via Marco's cloudseclist #245 today
66			Jul 6, 2024	Media	docs.google.com	Jul 6, 2024	This newsletter has covered a lot of ground in the first six months and first three meetups. Here's a handy sing-along cheatsheet for I'd like to learn more about ;)	First draft prompt for a future talk synthesizing what I've learned from the first six months of the newsletter
67			Jul 6, 2024	Article	www.rand.org	May 30, 2024	it's an impressive overview of what it takes to protect a startup from threats ranging all the way from script kiddies to State actors. It's timely because hackers have apparently gotten into openai, but also relevant to people protecting any corporate system across a spectrum of threats, especially because we've all heard everything is going to be AI all the time, we have to ensure authorized access to AI training, artifacts and algorithms and models in any company.	I only recently came across this article, but but it's timely because of the stories about hackers intruding at OpenAI. The hat tip is to Kaliya Young's newsletter this week for posting a much wider scope plea for AI model researchers to assume they are a national security risk.
68			Jul 6, 2024	Article	www.nytimes.com	Jul 4, 2024	There are several intersections between "AI" and "AuthZ", from protecting what employees submit to external LLMs to using generative AI to understand and apply policy changes. Above all, though, are the immense risks of unauthorized access to frontier models and the labs working on them. While the alleged incident behind this recent story is over a year old, the national-security implications of this messaging hack are a reminder how high the stakes are for defending access controls in every SaaS entry point to an organization, not just Cloud provider IAM (CloudSec) or individual application entitlements (AppSec).	Bridge from Kaliya Young's newsletter https://newsletter.identosphere.net/i/146198556/ai linking to the "whistleblower" concerns about China https://situational-awareness.ai/lock-down-the-labs/ to the year-old incident in this story back to the RAND research report on defending AI
69			Jul 6, 2024	Software	www.redactive.ai	Jul 2, 2024	Redactive.ai addresses another facet of AI intersecting AuthZ: controlling a chatbot's access to information, a challenge they described as "Blocked by LLM access, security and governance?" This newsletter spotlighted them last week, and now they turned around and announced their seed funding round for their thesis that "GenAI was too big an opportunity for a security team to block but too big a threat for security team to ignore." Originally covered exclusively by Axios (below), this Australian startup team is aiming to "connect to a variety of enterprise data sources while enforcing permissions live at query time, so that only the right user can see information they have access to" https://www.axios.com/2024/07/02/exclusive-redactive-ai-75m-felicis-blackbird	Nice followup to a startup first mentioned last issue. I've chatted with the CEO, but not for the record, so I don't want to add a quote or such. But, it seems to me like they ping the actual backends, for their current prototype — they'd agree it's a future vision to check ACLs from any standard process.
70			Jul 3, 2024	Article	devblogs.microsoft.com	Jul 3, 2024
71			Jul 1, 2024	Software	www.petrgazarov.com	Oct 18, 2023	Salami is a declarative domain-specific language for cloud infrastructure based on natural language descriptions. Salami compiler uses GPT4 to convert the natural language to Terraform code.	https://github.com/petrgazarov/salami https://news.ycombinator.com/item?id=37953955
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000