|
|
January: Month of Apple Bugs
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
Coming in January: "Month of Apple Bugs" - Security Fix
January 2007 will be the "Month of Apple Bugs" where every day a OS X security issue will be published. In the short term this project will decrease security for the average Mac user one of the organizers said (I guess until Apple patches all 31 bugs).
"Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way," LMH said.
Typical smug Mac user attitude.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
I eagerly look forward to seeing what they come up with. Hopefully it's less made-up than that Airport hack that was supposed to destroy Mac users' smugness.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Location: Madison, WI
Status:
Offline
|
|
If someone decided to do Windows bugs, it would probably take just a day, as opposed to an entire month.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
I'm pretty sure Windows has still more than one bug.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Location: Madison, WI
Status:
Offline
|
|
Originally Posted by TETENAL
I'm pretty sure Windows has still more than one bug.
That was my point. You could find the same number of bugs in Windows in one day that you would take a month to find in OS X.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2002
Location: PDX
Status:
Offline
|
|
Oh noez! The big lie has been uncovered! Mac OS X has bugs! What ever will we do??
This dude is lame.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status:
Offline
|
|
Who ever thinks Mac OS X is bulletproof?
This guy is widely discredited as one who cares less about actual security and more about grabbing attention for himself by his sensationalistic practices.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Jan 2006
Location: Colorado
Status:
Offline
|
|
What? My Mac isn't pefect???!!? I'm taking them back!
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
That dude is such a lame ass. WTF ?
Why not just bash Macs outright. Loser.
-t
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2005
Status:
Offline
|
|
Originally Posted by - - e r i k - -
Who ever thinks Mac OS X is bulletproof?
This guy is widely discredited as one who cares less about actual security and more about grabbing attention for himself by his sensationalistic practices.
Agreed. What good can come from revealing bugs without notifying Apple first and giving the OS X engineers time to analyze the bug and fix it?
Answer: None. If you are interested in getting the bugs fixed, you report them as soon as you have sufficient details on what causes them and under what conditions. You don't "threaten" to make bugs public knowledge on a timetable; this helps nobody except those who would exploit those bugs. Posting one per day? That's just an attempt to get people to visit the web page repeatedly, boosting ad revenue. (I can't confirm this one, since I'm unwilling to go to the website and boost the visit count.)
It's just an attention grab, plain and simple. The ONLY way you will convince me otherwise is if the bugs posted are bugs known to Apple for longer than, say, three months. And even then, the bugs have to be critical in nature, allowing systems to be compromised with no user interaction.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Mar 2004
Status:
Offline
|
|
Originally Posted by frdmfghtr
What good can come from revealing bugs without notifying Apple first and giving the OS X engineers time to analyze the bug and fix it?
Where is your proof that notification has not already been given?
Have you read every bug report submitted to Apple or something?
|
-HI-
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Did you read the article?
"To the chagrin of some security experts, however, LMH declined to give affected vendors advance noticed before posting evidence of kernel bugs on his Web site last month. Eleven of those kernel bugs were related to Apple software and applications, including a serious security hole that prompted a software update from Apple just two weeks later. As with the kernel bugs project, Apple will be given no advance notice with the Month of Apple bugs, LMH said in an interview conducted over instant message."
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
If this guy's finding serious OS X bugs in his spare time that highly paid Apple engineers either cannot or will not find themselves, Apple should definitely try to hire him.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Mar 2004
Status:
Offline
|
|
Originally Posted by CharlesS
Did you read the article?
"To the chagrin of some security experts, however, LMH declined to give affected vendors advance noticed before posting evidence of kernel bugs on his Web site last month. Eleven of those kernel bugs were related to Apple software and applications, including a serious security hole that prompted a software update from Apple just two weeks later. As with the kernel bugs project, Apple will be given no advance notice with the Month of Apple bugs, LMH said in an interview conducted over instant message."
Hm, okay then. (Isn't that "hearsay" evidence though? Or maybe he's fibbing!)
NEVERMIND
Interesting nonetheless... I looked at the http://kernelfun.blogspot.com/ page
and don't see a single advertisement. So whatever the motivation, I don't think
it's about "generating clicks" as some have said. I think many are overreacting.
I'd guess by March this will all just be a memory, and MacOSX will be secured.
Cheers.
|
-HI-
|
|
|
|
|
|
|
|
Banned
Join Date: Jun 2003
Status:
Offline
|
|
Originally Posted by Big Mac
If this guy's finding serious OS X bugs in his spare time that highly paid Apple engineers either cannot or will not find themselves, Apple should definitely try to hire him.
Personally, because the guy is such an ass about the whole thing, I think Apple should fix the bugs (if they truly are bugs or security problems), not give him credit and not pay him a dime.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2005
Location: Seattle, WA, USA
Status:
Offline
|
|
Yeah, I'd heard about this guy. If he really gave a damn about security, he'd quietly submit the bug reports to Apple instead of making them available to the public en masse. Not to mention the fact that for he has 31 bugs to release means that he's been stockpiling them for some time now.
Jack@$$.
|
Any ramblings are entirely my own, and do not represent those of my employers, coworkers, friends, or species
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2006
Location: "Working"
Status:
Offline
|
|
Originally Posted by Macola
If someone decided to do Windows bugs, it would probably take just a day, as opposed to an entire month.
Originally Posted by Macola
That was my point. You could find the same number of bugs in Windows in one day that you would take a month to find in OS X.
No, he has 31 bugs in Mac OS X, and he's going to release one each day. He's not going to spend a month trying to find bugs.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2000
Location: Washington, DC
Status:
Offline
|
|
Big deal...
1) Few people think OS X is "bulletproof"
2) Finding a security bug is only a big issue if it can be implemented remotely (no physical access to the system).
EDIT: I'm not saying it's not an issue, but I'm really not worried so much about hypothetical situations where someone could hack my system if I install a trojan.
I'm guessing that it's going to be a bunch of "See, because you can fake an icon, this could be a trojan and someone could XYZ" MAJOR SECURITY BREECH!!!
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Mar 2004
Status:
Offline
|
|
Two (of many) possible viewpoints...
"Best-case" scenario
This LMH character does the responsible thing: he notifies Apple privately.
So what happened?... one guy submitted some reports to Apple.
QUESTION: when do those problems get fixed?
(Heck, I'll bet dollars to doughnuts that Apple already knows
about many of these bugs... without anyone telling them!!!)
ANSWER: whenever they get around to it.
"Worst-case" scenario
This LMH character goes ahead as planned: each day a new bug is published on the web.
So what happens?... the **world** learns about new bugs.
QUESTION: So, when does each problem get fixed?
ANSWER: I'll bet dollars to doughnuts that they'll move way **way** up on Apple's "to do" list.
--
Here is a comment someone made at the Washington Post article:
The smugness of all too many Mac users is relevant
because it gives Apple a motive not to pay as much
attention to security as it might - because many Mac
users will defend the company out of a misplaced
tribal loyalty rather than, as intelligent users would,
holding the company to account.
Maybe so, maybe not.
Everything isn't black or white... red state or blue state, etc.
There is a spectrum of colors and shades in anything complex.
I suspect this ill wind just might blow something good our way.
So, the sooner the better.
(
Last edited by Hal Itosis; Dec 29, 2006 at 01:07 AM.
)
|
-HI-
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status:
Offline
|
|
Originally Posted by TETENAL
Wasn't this hole already patched?
|
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
There's something for OS X Server that has to do with RTSP, but I didn't find any for OS X Client, so since this asshole can't report the bugs ahead of time to Apple so they can get patched in time, I've used More Internet to reroute the rtsp: protocol to the Chess application for the time being.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Mar 2004
Status:
Offline
|
|
Originally Posted by CharlesS
There's something for OS X Server that has to do with RTSP, but I didn't find any for OS X Client, so since this asshole can't report the bugs ahead of time to Apple so they can get patched in time, I've used More Internet to reroute the rtsp: protocol to the Chess application for the time being.
Ever try RCDefaultApp?
It's more internet than 'More Internet'.
|
-HI-
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
Originally Posted by Macola
If someone decided to do Windows bugs, it would probably take just a day, as opposed to an entire month.
You, sir, are an idiot.
|
|
|
|
|
|
|
|
|
Baninated
Join Date: May 2005
Location: England
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Wow, the second day and he's already reaching for Linux programs.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status:
Offline
|
|
Originally Posted by kick52
God, that was pathetic. I'd hope that Apple had more than one bug he could find at least.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status:
Offline
|
|
Originally Posted by - - e r i k - -
God, that was pathetic. I'd hope that Apple had more than one bug he could find at least.
Tomorrow he releases a bug found in IE 5.1 for Mac.
Friday will be an issue with System 6.0.7.
Bugs can be found with any freaking piece of software you throw on your computer.
|
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Manchester, UK
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Feb 2002
Location: NY
Status:
Offline
|
|
This is kind of funny:
Month of Apple Fixes:
Landon Fuller
This guy is patching each bug found on the original website.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2001
Location: The Sar Chasm
Status:
Offline
|
|
Originally Posted by kick52
4pple suxx0rz b-cause if you DL a program wit a bug, ur 4pple will have a bug!
WTF.
|
When a true genius appears in the world you may know him by this sign, that the dunces are all in confederacy against him. -- Jonathan Swift.
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Location: France
Status:
Offline
|
|
Originally Posted by - - e r i k - -
God, that was pathetic. I'd hope that Apple had more than one bug he could find at least.
This is covered on the site's index page :
3. Are Apple products the only one target of this initiative?
Not at all, but they are the main focus. We'll be looking over popular OS X applications as well.
I think the guy's initiative is interesting.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status:
Offline
|
|
Originally Posted by Axel
This is covered on the site's index page :
Quote:
3. Are Apple products the only one target of this initiative?
Not at all, but they are the main focus. We'll be looking over popular OS X applications as well.
I think the guy's initiative is interesting.
In the BBC article "LMH" says "that he expected Apple to respond and produce official fixes". This guy is lame. Apple is not going to "fix" VLC, it is not their product, it is open source. Apple is not going to resolve the MySpace issue, it is not their web site.
|
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Location: France
Status:
Offline
|
|
Originally Posted by wingdo
In the BBC article "LMH" says "that he expected Apple to respond and produce official fixes". This guy is lame. Apple is not going to "fix" VLC, it is not their product, it is open source. Apple is not going to resolve the MySpace issue, it is not their web site.
How does that contradict anything ? He expects Apple to fix the OSX bugs, of course he knows they won't intervene in the VLC development ! At least I hope he does.
FYI, he's only posted one third-party bug so far out of 4, maybe a bit early to point out his lameness.
Also, from what I understand, what you call the "MySpace bug" is actually a security hole in Apple Quicktime.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Apr 2000
Status:
Offline
|
|
Originally Posted by Axel
How does that contradict anything ? He expects Apple to fix the OSX bugs, of course he knows they won't intervene in the VLC development ! At least I hope he does.
FYI, he's only posted one third-party bug so far out of 4, maybe a bit early to point out his lameness.
Also, from what I understand, what you call the "MySpace bug" is actually a security hole in Apple Quicktime.
People here are pretty defensive it seems. Apple can do no wrong it seems...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by villalobos
People here are pretty defensive it seems. Apple can do no wrong it seems...
Or this guy is a lame attention whore, it seems.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Location: France
Status:
Offline
|
|
In that case people like you attacking him for listing some bugs are definitely helping his case !
Seriously, if someone did such a thing about any other platform, would you call him that ?!
As a programmer, I do enjoy reading his reports and fail to see the lameness. Plus it's bringing some results, as the VLC team brought a fix to their code hours after the report.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status:
Offline
|
|
Originally Posted by Axel
FYI, he's only posted one third-party bug so far out of 4, maybe a bit early to point out his lameness.
Also, from what I understand, what you call the "MySpace bug" is actually a security hole in Apple Quicktime.
First, when I made my post only three bugs had been posted so at the time 1/3 of his bugs were non Apple bugs during the month of Apple bugs.
Second, I was incorrect in the MySpace bug blurb. I Googled MySpace Hack and got a bazillion results and nothing on the first three pages resulted in anything Apple related. Lots of hacks involving Flash. I should have investigated that further.
Third, I have nothing against security holes being brought into the light as that is how they get fixed. The iPhoto bug can be a major problem, not really sure what the code may be capable of doing, but I doubt it is good news.
Here are my issues with LHM and the MOAB.
First LMH says he has no vendetta against Apple. Fine, but it sure does seem that way. The very second bug he brings up is in an open source project that runs on just about any operating system. How is that an Apple bug? I also wonder why he has to post all the code and results for everyone to see. Seems to me that someone who really wanted to help make things more secure would not go out of his way to show every Tom, Dick and Harry out there how to quickly write something to affect Apple products.
As for his first bug (QT bug) there are various reports already out on the internet from different companies saying they either couldn't or seldom could reproduce the takeover. I have a friend in a west coast university's IT department who's group spent a day on various Macs trying to reproduce the problem but never could. Makes me a bit suspicious as to the validity of the very first bug posted.
I also have a lot of misgivings about LMH being this "cloak and dagger" kind of guy. Who the heck is he? If he is on the up and up, what does he have to hide? Why would you hide the fact that you can find bugs in Apple's OS that Apple engineers cannot find or found but hasn't bothered to fix? I'd be damned proud. How do we know this "person" isn't a team / group of people working in some basement lab in Redmond just looking to trash any non MicroSoft product? I am not saying that is the case ..... but prove that theory wrong. As long as LMH is just some mysterious set of initials there is no way of knowing what is really behind this. There are 12 months in the year, why pick January when you know that is Apple's big yearly event.
As an aside, these bugs which are coming out, do they just affect the Intel Macs or do they affect PPC Macs as well?
|
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by Axel
As a programmer, I do enjoy reading his reports and fail to see the lameness.
As a programmer, would you rather I send you a bug report or send an e-mail to all your users detailing how buggy your software is (of course, including bugs in other software that can be used along with yours)?
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jun 2006
Status:
Offline
|
|
WOW!!! I guess MSFT is sending out some predators to attack Apple since Shitsa is coming out soon.
|
16 GB 2nd Generation Black iPod Touch w/Contour Showcase
White Core 2 Duo Macbook with: 2.0 GHz/1 GB Ram/80 GB Hard Drive
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
Originally Posted by Chuckit
Or this guy is a lame attention whore, it seems.
Or... both?
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally Posted by Chuckit
As a programmer, would you rather I send you a bug report or send an e-mail to all your users detailing how buggy your software is (of course, including bugs in other software that can be used along with yours)?
Not to mention you making public a bug in his software that allowed people to do malicious things, and telling people how to do it without giving him a chance to fix it first.
LMH is NOT doing this responsibly. The ethical way to do this is to report the bugs to Apple first, and give them time to fix them. If not fixed in a reasonable amount of time ("reasonable" depends on the severity of the big), then disclose the vulnerability to the public AND DON'T DETAIL HOW TO EXPLOIT IT TO THE PUBLIC!
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
I'd like to see someone hack his webpage or his AIM account to expose LMH's true identity. Would serve the jerk right.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2003
Location: 127.0.0.1
Status:
Offline
|
|
Here is the first zero-day from these guys. Enjoy.
MOAB-05-01-2007: Apple DiskManagement BOM Local Privilege Escalation Vulnerability
- No sanity checking by the system yet again (just like the TextEdit, iWeb, Finder overwriting debacle)
- When coupled with one of their previous vulnerabilities (e.g. QuickTime's RTSP vulnerability), this can allow the remote exploit to gain root privileges and execute without any user interaction
- It's only a matter of time before a black hat can use this to compromise OS X boxes out there
- No APE haxie can save you from this one (like that was ever a good idea to begin with)
Makes you wonder how many other zero day exploits are out there shrouded in secrecy.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Now, that is an interesting one. I expect to see a patch to that one pretty soon. It shouldn't be hard to fix, either, from the sound of it.
By the way, just to keep score, the guy is still a dick.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
BTW, just to clarify: MOAB-05-01-2007 requires the execution of code with permissions of an administrative user. The hole is that you can trampoline from admin to root permissions without user interaction.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
It also uses the Repair Permissions mechanism to do the privilege escalation, if I am reading the article correctly, so if you don't run Repair Permissions then this shouldn't affect you.
The Cult of Repair Permissions are probably slitting their wrists right now, but the rest of us can just hold off on using that feature until this is patched, unless I'm misunderstanding something.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status:
Offline
|
|
Originally Posted by Chuckit
Now, that is an interesting one. I expect to see a patch to that one pretty soon. It shouldn't be hard to fix, either, from the sound of it.
By the way, just to keep score, the guy is still a dick.
Totally agree on both points. It is a very interesting and somewhat scary problem.
And yeah, still a dick.
|
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
Originally Posted by CharlesS
It also uses the Repair Permissions mechanism to do the privilege escalation, if I am reading the article correctly, so if you don't run Repair Permissions then this shouldn't affect you.
The act of repairing permissions is carried out by a setuid root helper tool inside the DiskManagement private framework. This is self-restricted using authorization services to members of the admin group. If you have local code execution rights as an administrative user, which you need to be to modify the BOM files anyway and is the whole premise of this exploit, then you can invoke repair permissions without user interaction (easiest being through diskutil(8), but almost certainly not terribly hard to interface with the framework directly).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|