From b92043ee867e8b8820f18527ba4b3f117d392500 Mon Sep 17 00:00:00 2001
From: Andrea Terzolo <andrea.terzolo@polito.it>
Date: Sat, 28 Jan 2023 17:37:38 +0100
Subject: [PATCH 1/5] update: `.vscode` folder should be ignore by `.gitignore`
 file

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
---
 .vscode/settings.json | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 .vscode/settings.json

diff --git a/.vscode/settings.json b/.vscode/settings.json
deleted file mode 100644
index 13ee2b041..000000000
--- a/.vscode/settings.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-    "nuxt.isNuxtApp": false
-}
\ No newline at end of file

From 0fa951aa9c10077beecbad6b1575a6a81eecce05 Mon Sep 17 00:00:00 2001
From: Andrea Terzolo <andrea.terzolo@polito.it>
Date: Sat, 28 Jan 2023 17:46:30 +0100
Subject: [PATCH 2/5] cleanup: format document before changes

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
---
 .../en/docs/getting-started/installation.md   | 20 +++++++++----------
 .../en/docs/getting-started/running/index.md  | 19 +++++++++---------
 content/en/docs/getting-started/upgrade.md    | 10 +++++++---
 3 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/content/en/docs/getting-started/installation.md b/content/en/docs/getting-started/installation.md
index b918c7ab3..8d91368c5 100644
--- a/content/en/docs/getting-started/installation.md
+++ b/content/en/docs/getting-started/installation.md
@@ -14,12 +14,11 @@ Then the Falco alerts can be consumed through read-only agents running in Kubern
 You can also run Falco directly in Kubernetes as a daemonset using Helm, see the [third party integrations](../third-party)
 {{% /pageinfo %}}
 
-
 If Falco is installed using the package manager artifacts below, you will have the following in place:
 
- - Falco userspace program scheduled and watched via `systemd`
- - Falco driver installed via the package manager (either kernel module or eBPF depending on the host)
- - Sane and default configuration file installed in `/etc/falco`
+- Falco userspace program scheduled and watched via `systemd`
+- Falco driver installed via the package manager (either kernel module or eBPF depending on the host)
+- Sane and default configuration file installed in `/etc/falco`
 
 Alternatively, it is also possible to use a binary package as [explained below](#linux-binary).
 
@@ -88,12 +87,12 @@ On January 18th, 2023 the GPG key used to sign Falco packages has been rotated.
     ```shell
     yum -y install falco
     ```
+
     Falco, the kernel module driver, and a default configuration are now installed.
     Falco is being ran as a systemd unit.
 
     See [running](../running) for information on how to manage, run, and debug with Falco.
 
-
 4. Uninstall Falco:
 
     ```shell
@@ -122,12 +121,12 @@ On January 18th, 2023 the GPG key used to sign Falco packages has been rotated.
     ```shell
     zypper -n install falco
     ```
+
     Falco, the kernel module driver, and a default configuration are now installed.
     Falco is being ran as a systemd unit.
 
     See [running](../running) for information on how to manage, run, and debug with Falco.
 
-
 4. Uninstall Falco:
 
     ```shell
@@ -168,13 +167,12 @@ It first tries to build the eBPF probe locally, otherwise to download a prebuilt
 {{% pageinfo color="warning" %}}
 
 If you are using the eBPF probe, in order to ensure that performance is not degraded, make sure that
-* Your kernel has `CONFIG_BPF_JIT` enabled
-* `net.core.bpf_jit_enable` is set to 1 (enable the BPF JIT Compiler)
-* This can be verified via `sysctl -n net.core.bpf_jit_enable`
+- Your kernel has `CONFIG_BPF_JIT` enabled
+- `net.core.bpf_jit_enable` is set to 1 (enable the BPF JIT Compiler)
+- This can be verified via `sysctl -n net.core.bpf_jit_enable`
 
 {{% /pageinfo %}}
 
-
 Configurable options:
 
 - `DRIVERS_REPO` - Set this environment variable to override the default repository URL for prebuilt kernel modules and eBPF probes, without the trailing slash.
@@ -197,4 +195,4 @@ The **latest trusted public GPG key** used for packages signing can be downloade
 | **Fingerprint**                                     | **Expiration** | **Usage**              | **Status** | **Download**                                                   |
 |-----------------------------------------------------|----------------|------------------------|------------|----------------------------------------------------------------|
 | `2005399002D5E8FF59F28CE64021833E14CB7A8D` | 2026-01-17     | Signing Falco Packages | Trusted    | [falcosecurity-14CB7A8D.asc](/repo/falcosecurity-14CB7A8D.asc) |
-| `15ED05F191E40D74BA47109F9F76B25B3672BA8F` | 2023-02-24     | Signing Falco Packages | Revoked    | [falcosecurity-3672BA8F.asc](/repo/falcosecurity-3672BA8F.asc) |
\ No newline at end of file
+| `15ED05F191E40D74BA47109F9F76B25B3672BA8F` | 2023-02-24     | Signing Falco Packages | Revoked    | [falcosecurity-3672BA8F.asc](/repo/falcosecurity-3672BA8F.asc) |
diff --git a/content/en/docs/getting-started/running/index.md b/content/en/docs/getting-started/running/index.md
index dc9f0947b..ca1e702c2 100644
--- a/content/en/docs/getting-started/running/index.md
+++ b/content/en/docs/getting-started/running/index.md
@@ -10,7 +10,6 @@ weight: 4
 If you installed Falco by using [the DEB or the RPM](/docs/getting-started/installation) package, then falco systemd service was already started and enabled for you.  
 In case you wish to stop or disable it, issue:
 
-
 ```console
 systemctl disable falco
 ```
@@ -49,10 +48,8 @@ Are you looking for userspace instrumentation? Please see [this page](/docs/even
 
 {{% /pageinfo %}}
 
-
 ## Run within Docker {#docker}
 
-
 {{% pageinfo color="primary" %}}
 
 Even using container images, Falco needs kernel headers installed on the host as prerequisite to correctly build the driver (the [kernel module](/docs/event-sources/drivers/#kernel-module) or the [eBPF probe](/docs/event-sources/drivers/#ebpf-probe)) on the fly. This step is not needed when a prebuilt driver is already available.
@@ -63,6 +60,7 @@ You can find instructions on how to install the kernel headers for your system u
 
 Falco ships a set of official [docker images](/docs/getting-started/download#images).
 The images can be used in two ways as follows:
+
 - [Least privileged (recommended)](#docker-least-privileged)
 - [Fully privileged](#docker-privileged)
 
@@ -90,11 +88,9 @@ Once the kernel module has been installed directly on the host system, it can be
         falcosecurity/falco-driver-loader:latest
     ```
 
-
 The `falcosecurity/falco-driver-loader` image just wraps the `falco-driver-loader` script.
 You can find more about its usage [here](/docs/getting-started/installation#install-driver)
 
-
 2. Run Falco in a container using Docker with the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege):
 
     ```shell
@@ -106,7 +102,6 @@ You can find more about its usage [here](/docs/getting-started/installation#inst
         falcosecurity/falco-no-driver:latest
     ```
 
-
 {{% pageinfo color="warning" %}}
 If you are running Falco on a system with the AppArmor LSM enabled (e.g Ubuntu), you will also need to pass `--security-opt apparmor:unconfined` to
 the `docker run` command above.
@@ -119,18 +114,19 @@ docker info | grep -i apparmor
 
 {{% /pageinfo %}}
 
-
 {{% pageinfo color="primary" %}}
 
 Note that `ls /dev/falco* | xargs -I {} echo --device {}` outputs a `--device /dev/falcoX` option per CPU (ie. just the devices created by the Falco's kernel module). Also, `-e HOST_ROOT=/` is necessary since with `--device` there is no way to remap devices to `/host/dev/`.
 
 {{% /pageinfo %}}
 
-To run Falco in least privileged mode with the eBPF driver, we list all the required capabilities: 
+To run Falco in least privileged mode with the eBPF driver, we list all the required capabilities:
+
 - on kernels <5.8, Falco requires `CAP_SYS_ADMIN`, `CAP_SYS_RESOURCE` and `CAP_SYS_PTRACE`
 - on kernels >=5.8, `CAP_BPF` and `CAP_PERFMON` were separated out of `CAP_SYS_ADMIN`, so the required capabilities are `CAP_BPF`, `CAP_PERFMON`, `CAP_SYS_RESOURCE`, `CAP_SYS_PTRACE`. Unfortunately, Docker does not yet support adding the two newly introduced capabilities with the `--cap-add` option. For this reason, we continue using `CAP_SYS_ADMIN`, given that it still allows performing the same operations granted by `CAP_BPF` and `CAP_PERFMON`. In the near future, Docker will support adding these two capabilities and we will be able to replace `CAP_SYS_ADMIN`.
 
 1. Install the eBPF probe
+
     ```shell
     docker pull falcosecurity/falco-driver-loader:latest
     docker run --rm -i -t \
@@ -143,7 +139,9 @@ To run Falco in least privileged mode with the eBPF driver, we list all the requ
         -v /etc:/host/etc:ro \
         falcosecurity/falco-driver-loader:latest bpf
     ```
+
 2. Then, run Falco
+
     ```shell
     docker pull falcosecurity/falco-no-driver:latest
     docker run --rm -i -t \
@@ -161,9 +159,10 @@ To run Falco in least privileged mode with the eBPF driver, we list all the requ
 
 {{% pageinfo color="warning" %}}
 
-Again, you will need to add `--security-opt apparmor:unconfined` to the last command if your system has the AppArmor LSM enabled. 
+Again, you will need to add `--security-opt apparmor:unconfined` to the last command if your system has the AppArmor LSM enabled.
 
 {{% /pageinfo %}}
+
 ### Fully privileged {#docker-privileged}
 
 To run Falco in a container using Docker with full privileges use the following commands.
@@ -230,6 +229,7 @@ docker run --rm -i -t \
 ```
 
 To use `falco-no-driver` and `falco-driver-loader` with the eBPF probe you have to remove the `-v /dev:/host/dev` (which is only required by the Kernel Module) and add:
+
 ```shell
     -e FALCO_BPF_PROBE="" -v /root/.falco:/root/.falco \
 ```
@@ -240,6 +240,7 @@ Other configurable options:
 - `SKIP_DRIVER_LOADER` - Set this environment variable to avoid running `falco-driver-loader` when the `falcosecurity/falco` image starts. Useful when the driver has been already installed on the host by other means.
 
 ## Rules validation
+
 It's possible to validate Falco rules without installation by using the Docker image.
 
 ```bash
diff --git a/content/en/docs/getting-started/upgrade.md b/content/en/docs/getting-started/upgrade.md
index 7605c1b65..016974e68 100644
--- a/content/en/docs/getting-started/upgrade.md
+++ b/content/en/docs/getting-started/upgrade.md
@@ -4,7 +4,7 @@ description: Upgrading Falco on a Linux system
 weight: 3
 ---
 
-This section provides upgrading paths for Falco if previously installed following the [Install](../installation/) section. 
+This section provides upgrading paths for Falco if previously installed following the [Install](../installation/) section.
 
 ## Upgrading
 
@@ -17,7 +17,7 @@ rmmod falco
 ### Debian/Ubuntu {#debian}
 
 {{% pageinfo color="warning" %}}
-If you configured the `apt` repository by having followed the instructions for Falco 0.27.0 or older, 
+If you configured the `apt` repository by having followed the instructions for Falco 0.27.0 or older,
 you may need to update the repository URL:
 
 ```shell
@@ -39,7 +39,7 @@ apt-get --only-upgrade install falco
 ### CentOS/RHEL/Fedora/Amazon Linux {#centos-rhel}
 
 {{% pageinfo color="warning" %}}
-If you configured the `yum` repository by having followed the instructions for Falco 0.27.0 or older, 
+If you configured the `yum` repository by having followed the instructions for Falco 0.27.0 or older,
 you may need to update the repository URL:
 
 ```shell
@@ -52,16 +52,19 @@ Then check that the `falcosecurity-rpm` repository is pointing to `https://downl
 ```shell
 yum repolist -v falcosecurity-rpm
 ```
+
 {{% /pageinfo %}}
 
 If you installed Falco by following the [provided instructions](../installation/#centos-rhel):
 
 1. Check for updates:
+
     ```shell
     yum check-update
     ```
 
 2. If a newer Falco version is available:
+
     ```shell
     yum update falco
     ```
@@ -82,6 +85,7 @@ Then check that the `falcosecurity-rpm` repository is pointing to `https://downl
 ```shell
 zypper lr falcosecurity-rpm
 ```
+
 {{% /pageinfo %}}
 
 If you installed Falco by following the [provided instructions](../installation/#suse):

From cab11e040ff44ea811b51feee2e60c9e55f85bf3 Mon Sep 17 00:00:00 2001
From: Andrea Terzolo <andrea.terzolo@polito.it>
Date: Sat, 28 Jan 2023 17:50:20 +0100
Subject: [PATCH 3/5] update(content): update info on falco packages and
 tarball

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
---
 .../images/systemd_dialog_1.png               | Bin 0 -> 20874 bytes
 .../images/systemd_dialog_2.png               | Bin 0 -> 14904 bytes
 .../en/docs/getting-started/installation.md   | 292 ++++++++++++------
 .../en/docs/getting-started/running/index.md  |  64 ++--
 content/en/docs/getting-started/upgrade.md    |  29 +-
 5 files changed, 259 insertions(+), 126 deletions(-)
 create mode 100644 content/en/docs/getting-started/images/systemd_dialog_1.png
 create mode 100644 content/en/docs/getting-started/images/systemd_dialog_2.png

diff --git a/content/en/docs/getting-started/images/systemd_dialog_1.png b/content/en/docs/getting-started/images/systemd_dialog_1.png
new file mode 100644
index 0000000000000000000000000000000000000000..d84b7bdba078e2c08643e8573ead9ef9654730ff
GIT binary patch
literal 20874
zcmeFZbyQnlv^9zpD8)*lxKp4Mm*P^2m0|^oyE_4bYbh;Kthl?C;!rfWJH;&ocSs;W
zaCqT&zx&2FzH8&Y_s1J=jJwB3&dEOK<RokDwf9<c&LsSkiag#kif1S&D0m7VWYkem
z(4Z(NsEbcAkv+yVBZtV%6X1J=&rgxf@2N!?@-?}etd5%oz{<_j)YTHj+6mxj$pJKX
zwX}2s+5p^O=<O27lUN>4l6JK;b+ZLH(S5dcv_x?<b*1Cwr?a+nqT}V}<zuJg5fFL%
zR)mMg>6ls%1%(bpK}PDcSH|J8rysH9djH9|gJMm(%9rOp*gyaJY7i2id~z`1VyV|)
z|Ftt7FIt_oHRhA$vtP2C%fdo($nfLY*RRB^lk^GiUemY2pd+xDCm(*s;Zd%yUflUC
zA6W3+BzRkSw%?5K)yl2!#ps4Twt>pD{9H;phQ}sfw95IoHA8;}ecUn#<or*^|JdVy
zhQt52(XeW_i+MXc;$xvBEhr@;BlG0T8d1B`F7t<{{2TvHyt<0LS?XMlZ?n40-hpq5
z)aL3lGBB9tyoEBr+03fX@?lpSEw1<^Z^ifaS^~W_^6Yf=dVgzXNLpfj*P1~OiPzv1
z4QelV__4!YW(M(t${Q_UW~#!*Yo%M$ObH1I-*p<wM4RJRCjXgrNzg&%Z6JxaroIyH
z$FqKAI7zutV^GjXhPO;XNQjM&;YoO<3I78d2&{0B^E=1FLsxxj*{IjBJt6rg<efl_
z*q@BlEmNn>%2d&;2(D;JxCe6Xp+wF-@PkcmXHjY|d>&ncYIBzO_Cd4GqWASLF{%xm
z()hzSHscpvytM%zPy+*Vnfz{)F{hHYtE=h4SVZCwM`^B|VOqFhD@)Jgk4o#0;d7!o
z37RTR{nDY)tOgP_Oz7*<#?xkrFOS#c54;X`7@jfakxS&g#Kv0wJ8oS$x=~%nJcup=
zOtcmRa11im68nXZHu}DQ)0(+z+z=AM0${OTfzuIKM^pA3mE0_m%(rB@a5-6m_=5DI
zyPXRzm?qVCAg0KhSG2V*_F14hYHDiDJHw{b<o1Qmb?TQ1!r+2GN}G`yi$EvJi+fA4
zItN-U47RqFfl^6}T4t7ae~*gPzQ&vxIW`@A6KW9=rekpZpeMr0(5_PSUD8IKaQ>m)
zq^^*YDOJ=vP*(yJ^>nd8AxA&16FRbd>$(4|$YOTQY{Y~Irm8y<Yz#BAte~CR_>yN9
zpjVSvS&Pteh;4Ov+0Y)_DVS>c*$XVAnNYi59Hn%9p|?#EqEozO4GCqt+*wESNKC&}
z{Bh}UZ6^T+UKVe$>-Mi~Z)=c{D(mqPSV{G^x!*?rdM(lro^L<=+KhnktKn$;E-98)
z)tBCMG#yPx-TK@xl%HVXaF6Jrd#FK8oIYf}M=&+O09!(@KgD6?XYXkx`&w_LN!U^C
ze4X=4BFQl`+lt_%qxjt=-ng(lwCyt1yjMNTEDUh{eDcSE^n1Q4DT29t`QZy;=YlqY
z#rvC~tB^3O(G)Lp>k$5n&uy`~Fa53;3B;=FzrnOffR+(t8T8ZIjdnzpfMauE267K4
zPw4Ij<IuAj4s%jUe@$#5odHqfL$hRTR)5gRh<8*N8+df(q3&y{u&CG7%{H!BIpSQe
zcfk)16fRoJ8C`{nxyw;u;AnBL1&ep&7H8eb@wd0Pi6%F=nWAh77ZPh~?mJBUXg8Ys
z4X@xOC^v(2*3_{jby724I!j@&&62LdCZ4LwqDC~N=*Ydg6P4G7PQ9biXrEWccf!n^
z3cb0OU#mxBzq26p9O2l`2Y9%crdz$D`8zG$FmC2Ahsu;BWd`HV5*EybkA&%VhLoY`
z{or~b!6=^*__yDBB*P<8pJA;4xnkE7&#*^tmwKFTtI8g}#$P4q%5uP|8W?0_`S7}P
z*<$%x><7DZo!#J!zn={Gm$d@#8!P@5kfsW!<Q6JEZ85$|8E#p%LdIP8a2Y^xzKtg)
zQwx{14mYQBS=IrL9!;h~OQo7&`h2b!gT*hgyFWCwHD-T0?zHqh&pR12V!}Eo+n3;q
zOrr2Ro`~B>u~{t2*tFE)8g(3bC5B*q%>dzN(2=d;uS3=jH?|y}4+eF#&+c^I^&-%C
zN048)DxY9k0*h5atugYwE6M%HWmjLuJZr2(NqB+a#V&DG*Z|?{#)yH+IF>phK$If=
znhE{<o2@B9lGDxoXCuL2);?O?I|R>nrbI=#3>U&z)C^wfOaVWXJN9zb&hDeu&BcXY
zce0;oShzF}!YSATf2yN&OK-GJjgCE~=tl{~hE7a4f$K`we=;n+%~PGmZyOrkD5fI1
z=rcg*U{;qXxRqR6a4X&=DjKj$>hrqJyS^h2k$kr&<#E2YIA`_2+G)h7w{-Z&e50Kx
zrMBaaWJpAG@Rav%q+EMSD`{-Au(Q?OC%$7dF61<4CfZ3Y>gB17!Hh4GHJ=DlRiR^g
z7LX#4te}X7<sA}K?O8WWpVZ#(Wk~k<`3RSF48|z_3p#2eK?y7qt*YVyGuUD@`0KNg
z-|h0D&&BW>;$PEcqx5clq2vxGPNbH&6OH69&{q`;UJ_0{2NFiik*<P2ef;Y@!NQR>
z(0VSTg<$C??7v*{<*839xvn~j2-_~hxjq5$De5!`XEU+YdU>iz*tZ$?i;BN!swj*D
zg$?BHjueE=M{8=mowAqt3({xcXu+ql;$dsR5Z*Natub>xt5T|W;Ocvbz@u`rNq+YS
zHK;tbrR7)3i&EDc>VtZo(*5<%@@8VKFHmYzxOR@{`@g=scY+w}y?-8@;Bmr_NAD>@
zDL>VR_XOw4$&#G;Q(995hIcMBR)iaTrV_*WEPiHK;B;Alh>;<v^XQ_|*F_*IKYbjf
z_UCxpFugC#$D3`S9&gF}s2>eKz<WPeXVYoa)Z6HJ@|>cN9v`Q8F*+k9sul+5S%9M8
zA}JwurWIJW$HQRs#V&bm)Hu$^E3-b#I3JlfkPjv7P(tPyc)dF_)(sMVY2kN6v@z?W
z;3jMX&SwlH-|R;1@vt4WJaY9im1Z?=zhDGPx@<7LlWL0B-~#j=TVV>Blk??a*WNco
z97Sk34}K&id>QZqZS~`a?KG)e!{_#wabz=0UojMiu1@lM!Hr@+;v6v!-8!TKMGzm#
z%p_8plPcjH+-&nNo;>A-O))wA;O-zF^(HNJb)8B5IzQd#=6+<_Swt0p*+Lz^Yv^Cy
z0wN^MP8$I4`3_tLkSBA7=P2+KZ)$!b{?Zt*-1LW*{#@Ai+{fvmC__%U<&ToHv=ROA
z#h10{+~H0YAhHgSNOK`2ya`t_yWJ{@w4;<Y0Wx#>Hz#H@q`63?-8=`_sbFR#jln=N
z@w@mn=Dw(G0z1{rf>n~VqW+OhEu=)D0!11vM7IGSsR`Ynaa{^GXoXVh7yMZ*Wq8u*
z@~b6J)uG|9%6;`|S}GW&&E6k|u2~J}8aCxx<A&o)rh7cu<t}5~3E_1#&Lp?!M~G=T
zj9K^2sz3WZMzMML`j?*rkkI#crW3bcIIi8+FM|Ygp}nM};|To^MQ5;~+T;dH8GTxw
zq-<*8fUjz51%<`Vrk=(ha;bCFmMr8v;DowbeZSp>*_Y83%G0=^lWt>^Xr6?z-MlYU
z1C@4|V{&z4aP4=QAL}8&2qZ#-pvA`hvZs<VPgq_4(JshVjfzZX9vkH+=l`SQ?-89W
zGA|3r2jgTD*n8i%ZFK8pO&1_nt$+XgPtKA?DY9iZhwf1FKy>r5#&1Bb##DW%Z<KC2
z;$A6FVS73}!(~kJsxxptP6q$^D|>|f?cPu+nK&FxMe@j%Cet1kJn+z68%gd?`mkh2
z<Go?7V`Q>+njyKba-U9^<q;k>a3V`uOhZs+melGh84nrF9S!4aLUa`g0r_;_K45K^
zOT?Huf_FoE3dcT@z^^4G%;jOFjj%ENo@VME{waO=*07Ix%1h5)Fi<wrGcdsI3shG&
z-kFTLWqAWAIXL}(w#V43%FJvqjtM7E@)o}bQN84|##&Nj+~f5V@}FGBTh7=>D;>rV
zLl{Umyhj?RoEYrL)iG4LT{XIph`sY?iFA>zDg3&3BvW>6Jo|XJUD6^zju1-H+PFGP
zNfr++B{^2EAr0&puJj*_p>!<?Q+ieR@U)`EiGP{scV)%zI}cxyz>ap~hacY$YFU9-
zACzoWA5Qyu0=#PN4(ixH^0sY^4$__+)hNNg8l@HCnH<(7yZZbVEa0Nkn((_v+!X6b
z?pL-ryNBLkH7Aab_yV@~4r{&d7kK`7OxM#gr)oTO(H0eP+b)jcmJL+~ZN-yc6w78@
zUP?A{E;m))ul6-GofM5LWO@mTC*38NtdyC`mqhe<FgD&*EAHw7bMU(@?(73Cy86o-
z4;e^LA^Pv++R~W~RaW8YoaQ=gs!`?k+5krcP&3e2S2gGN;oA#?E^QRKSKUzmL{P{f
z-bo#8!y+{K_#8baGLl@w3p(muwt%i+7~<NyisG()1Gk$ah_9;z_myij5Iu3O+qxK+
z9Aa`TZRK@s-_BZjNMC2mT0f~)zG$}^Q7VGm2DU7p$r)w4q4CJwMPglE-2=3N56Oi>
zQ=A*U#p6ZaN%Ve%Q30PpJ*=&2tsEufK4OXV%`z-%v6~N-q6P?V`>418wj#74>ofhu
zQ%8l0d!OC;KbNKUwZ<1|%v<9MO8%5nf{eF3?CUEvvkYjcX32|s+AO7ltWKuy0JY_?
zUL~@*R2jaQBm3lP8*NnPn_yp)(_(O7|K}P|_GlxhvY;e(7#{P`f9fe7b#-W%F;Rw4
z=nRAQ4&-8wTwUu2wB@0TBkC<L{Mz)WUfrb;+3r0pr=_pGElas&Pi>WR*<jS3m`@$v
zUr6UJ6Cu{TM2C%uCWouGeMn=8=gJC*V}S~U`>xsf_!5v^Fiz`(?hbPnbUk^!Q?geP
zTwbf=e6|v6Y86LYPpD*iVJockG5U@diaOV(YTU4w%;M+hE{t3|P}9MLipzvKmdc!I
zJHqRC(}gXJh&d?`4s@-KFZeRKZSY%hZGhT0!j;f?pSB^%?c0Iq)3H~DcFAd}IG3D^
zUm-geuNHspoIEFt#VlTR^0Y#|@@AHc*RhLV!j|LRO-pZV1Yzwe?7%hIy<9OAYn4Rm
z+)ymp(<Fi;FXO#U)^)DsP~CECJq72$59G9*;_>=7KJVx8M>r02wI?E14BePninKyP
zI9qS{@_ayL4BN`y$uo{z+r0|;A1a1O3_&a!0s$|kBy{=*4n)5@clhjjT!-`DIFJ~#
zw<OR6GoZ$o0jz7g7BaC}1S_t)KHUU-8~L4+)4L$%GWF>N-WOuMKS$~fHIYS;EgtOt
zafa{Y$C^#~Yb&#cuvQG;RZf}NXGIAaw9+417Yhb48*#Jcxsc;CY{c6vo_zuExRXB)
zY3H-<5mUrj(`LPJG8RBMs$L~WUerLJ<@oQRNTjskP^oO7Ay1Ue3-q9#u;6T6UNbVG
zKUm|EC*r3bk!B7*(76Y1og~QB#G9%BZd<4Oj$*hi3LG}eMa0&w?CyTD$VpsH-T9&1
zrJ+!<zm*n*sisUpB+ZN=t2t%g$v#`b)i>2dX_$wQ9Gz>W%*+7lG+2>Zt&j-Wfv8t)
zCPHQ_DpRjuto$OSw1y(}h3@gM5nSx3Xp}lFWhwAmRs-NR<=Zp|40JLDebzrBvCq4F
z$hAY`$y2X+G}?7!);j2WbW;89W-$GN0oET{2=xN(jUC^rOseh@sizYRPDPI$A=(Y7
zqn6^*cCDe!<xf-(Tsv^CxX(j;CFe?7kmlh&V{A;-JP3Z3wV0UXOCZ!O9|JjZ8RPtA
z$x>RP;k_n=kDGUcm#5kT^b-V-?nEi~nL6!&g!RMreQEsjN(D+APMjw;_Cvi-_Vf3G
z!@{UIFg!uPo)@InCR?PROr$1b>pi`XKdX*}1O<I>y7<$m`OyViM(*YpPs9ER;ZgOx
zfk7npKi2pl5hY6d%VcN?m~uT|e8`Fch=61S9(Zx?(`X25*pR5{JW*BwrDAc~81hY{
z%gOj1jlG_p7aYW;OdU(-3h4Iq#pE%&aA<?Xb%f7dbbvh5pI;O5GR9qA4pbRXIW&sP
zXaT+vDtvxLOqvLfc!?KUDhR%5;@q0?X#bW^+o}F>7}w0qf2Qv*9WOIQgIe;cQ7F92
zjf#v%oP1I6Yx}5f2Qs)AyiW=I8Wx5-*nU%wp9|A4FifrzgOA2yW$f&zW+TtbII3(s
z|4f18UP*8zyd>EuUPM(lQc`OQn$v!%V+S&{WK`I9Cuukr!5QK8xWA<a+@HQJy1g@O
zR&I-{aOxmbR^m?}ls!!v#U5`}q~aHG5xO(-k4{~2VD#P*^C-v|7^s+0ISc(u(5-f5
z{PwFW-MiyY_Ca{uU2dq^nnp^ow1^|J+LW&MIF%Q4K?lzN__^@W&&V*?>m|k5vfO&x
zH)^b<lEZ1=c%W|77>(X74~zGCaW&w#Z55RV17A5rL%U(VS|GGmiGFDr8Hx-@h2ywv
zvPQ^X_NuQj67wIt&n0!Y5)!^$N^_18i+CKXRr`>$eMG#JnW!l&6Ug8DTdlAqrLlB`
zzZq6w+puQfre_}scJP3;l82U3w>EpT>WO7%|G-yzCv|(@Y{+WegRt5R=PA27!!WuL
zi9r<O7y6%9mexV#x7bV7)ILb<LF!Wu2j@TDS6`M>J&2HSu`OSWzw3LJMCxU;QnJNm
zrAfes^kh~ahr_vu{!~eDyx{@wz_Or9fItOADHF;@1ckrfJm5>Yhv06H84Y9zr}p5J
z$&A}6w(JAM(Ad3C9>_d<l?{*!)ZsKtIy{X3>1ZP@7T9*jbt6@=5wPEVYddZucW(cK
zktP1+ioYVHga8QJtESJuj42q`Wwg0F!V)`mX4n{0U}5$Yo?;m<EV$E=yEyySNPXEJ
z`2FFgYY;nl$|jvExbDDOBBc#gb<U;WsC7AmuzPj5@9$QO#^sVsqs<74h>Z5nR(D24
zt3Xwgvz1h#7S8sML<-}vEI)6ru*zIKw))lvvHWs>IZEQ@f!uP@VaJ1iEYDiFU+yFU
zE-ymK$>a>E7hh6zs||rkvvPG8_6oe~PiO42Ysya)3<O^#R5RV)G(q|}l+Hz7kok-~
zFOs-K<qDh#r&P85xKMN9ZMp5lo)=><9@J$>^R6l(<M93MJGx@3VYtR0YeCUg%;ySz
z@j46${F(+zX)G`A)w{vN*OBIb>kRE6X!Vf3?mTt?i>_{=&<5MM3NkCKE?x}~<2Kvn
zyAQaBSWy51&d9m^G(T{^2}&}&1{&#o9<bLIw<U$IqSF}p_>+t;pVGXHjj~yJV4!J)
zvWqlIuZ*R}eZ)Gzu~Nz!9cy`UERehLMbT?DjqnEQgSzVEi%B3B+Ywmo*CYRsA?;BT
zG0)8EcIeKVKe-=3i=%C4e9h!9qp}oFHhG!6gKD=#AU_-n<_*A6Rq>82g+%1&UgR41
zoP?KM_1B0rl+Wg2A(QpjZT?#d_n>~M_zITO{&ddbO0Kg)wKd52`CF&8k~uo7znWq~
zYm#CY+pPw0rJs!mbTXikWPMAbVW?iWAx+AXwKL2eP*cB{a0em+tQ(?S&_VB4JygJ+
zRC1FWn-V<%!VxV6Q$i*ETo(Z8sL-&mX-USDvwpV*h`G%yV>d-JcDr!U+lQ?X{r0@O
z?CdpFmTLzOLZcZ1ZvVwpEXXao|5<k-1A{si5{e<{h)kWrzxHapyopBE0_yQr;4L9b
zwHhE%dcC71!alpUb>XQKrA@=%N9eXD`zwg5SV^GmLg+zIJZ4_t?y|e*RAJ7c4q1xK
zr#v3aaBE!?mH_4EF1h@na%+UMN;K8vE+JEL20Z14VB*IL<3A}){!Oj&Uw1gabwhvE
zA{Q;xo}2#23(=?X0QHc_v%@>Sf5pMcFE$d|nj(;&k;?er#i0M6k|x(%pG)GA=yt`7
zM=cHcEZzAJq%&k2B^zYA6#nnK|8Ja>tAi}_=^R!l&%qi!IP03y3+KB0{9>*mw@<o1
zDC}F%Y@=eP@GxH^w=eqg56{09c~pWlZMOc{<2^zL<tnOkoPJ&kL}Hi@>9t`l*(A@M
znVgp%&Q09Pf;8*n6$r{LjB+4p&q=cW@D~|oDMhNCe|foCD%iG>n`jkWfAGsIkKA8N
zp7W4OnW&Pe*tB~46a#$bh%Eq}=_DsSqXb8uy^c6y<4bK4pa07tB9bL^?`*C*76TqE
zDAqdl*OeCh6+{i#@O_0hvvOTFckHqkb=TM|Tqd#V|GM5@B%aGwX-rVD@gxH6O_z4*
zhgJ>eWF#!@xOoU3ZKV8lUv%`s#)<gn0)G(AL|<(7F`HRZLX{m*!l+v|B1vNXXy!Kf
z<1Qrnq;=!?Ii0;PsxWH&=oQu#9e&cu>Cp0%NR)$T<>o7Yot<SS0nYk;%xUZc!|TIG
zQuqt;#{PkLi}=uvrYO_9k@68qh_tU`A7jD^o^>l;p~UqKTSbG(7KsFS;Tv0s+v*`x
zL~8vF+2=Pen4dw_t&2dcwQ*@xi`G0sK>EArwSt5_0y6>S9P1I1+oN>_d`wos46kTI
zqUet%r&drO7rw^0l*?qN$S|8-5^9cMIqcX*+^0^<BZd!)@3(U$g6_Oq&b1&sj)uY4
zi5GKWN}FBuJdJlvel5E~Vxq1&ArvvjS1!ltW+Z$Y{eGMhd|A~j%<vOm;RFG<bQwE^
zPQ(2X*wIjgQO8ih5>JKbPu-5ir0O#}((mokxE9;B6_#j*za2LeoQ4|X(<j=MaYyqr
z$xtOh9$TlQhfzwpYU=Jj)1Bd@*&Y7NnZ)Ju1A%WSfKsHiJTGPaZhGyq^mGiGGXEDM
z?TfXv!@fPFdWzjh0fe<0lJB3L_9l3XH4owDLVVUwc+WQLGgcV0JgQaR{1}?Aa$y0C
zgS&29S``+hKI*YmkS8f+TM^29{#@mB<N-;kPQ3EoZgaG&Gj`^_{7U3il^pNSf~Qx%
zBT3MJRYp<#Yq=!T%iiEw_)QX)=JClU%-eMtRc(U2ca@O(O1j-E?bA?RQ@YNANR+*Z
z$UKiHkG5ZiD&4n}4(C%48`fzcHT7Xidzv;I1<<9^OHW41MTI2ru3v-%%U;kaTCUt{
zyB<*h)5qJ+c}Su6dyCm&(Ft1Nb1}uxdVPm?;Ps7@vs{?v68HANlMhD9*O@!5pB^x+
zUf$n;I4T|W`o`N<r+Ki^as1c)lV}A+icGN#sY-jccvEkgL0qTC%9h59{m*V3LpX))
zbpghuy$46dm!A-|!3k%x20&Nd);MvQ)PQ=x=vsWG!0|ovLmO9`oCUjel*-mR=R{8e
zDUba&i7P=9klmvkJo<a3cdFH%57RHHTks>)jHvm&oWmgdn6+%ZRKuSnTnFs*2I5c7
z9Rd&%W#I;2s;F{T0f!+=?|Rt{lBlN5yb1%zdU9wRS2-T3;At(BAd*N*nvyGqgG9<q
zvFjjJF4saAaEKDc?6<Qgg3-^2^8C*ZXW~pp5r}TO5?=~cquHc*eVO%=V~zcAx>jpZ
znwEMb#ucD@xONdCYw97vCO}#xQ3>a7&^78?9K9-=&lnG}Q?wkJRM!FwJ;GdY0`m7%
z1^7o@;w(&;X0{^#ss)(j9ST~DEP$0{HkCPgA@t2EKi~7eiXOOS(6ZEA4Ld&sjpb-<
zki0hUPV&=o;51V;0X*R7sLiY>_uh2t99>gFPo5^m(`0Uh@v;k8ZpM42ID1|CNW<hC
zscqY*?Zn=btt|dNa`{^Tpoqy>h@`=0))%y>b+#wpny5yi?i7H5y4jkR=hynl7j@EY
z5Ie(4sVSp9F`zD`iqjf%ivGy<do0$Ybe{WtquX3ZO}HQ!mu5LJ-M4@8Raejw<tS`y
zZ)8_46e4XUMWa~D5jpS#v%aMLphl)knGb5FYK6^KkJ*^x$%iTO=F$R)9ThSSE)Zjj
zkk8T|1v|ccf`UtsUqLlME9xUmzua%1`u(%<viX*U>-Z_9&dZ6&(EI7sAgE5WfZ*k-
zv+XwB`*J}8v&ltgSzo~r-M%>(*T#u#Zvur%T7%<z(E4u)A#*ZcJ)$%rlbfzBFdRYy
zH>UvZ;2Dy~ri{D|u0QD}%{?TI*s4w9HBFM*4+{{J1cx>;#$y?QhY;u<`rJSq&-Oos
za41Efg86Z$1e@VW##`=Y`1;28;gn+tP2?GWRug}!mFc{^Q)$?ou})t?IVw9H1J94$
z-($0OV7TYWv?8d3{1I{I6PPfYX&5FD!O<_h5Ahd!zj++DI1+A(vCxu#RyAyauMeQU
zCUlZt<f<bl;QMw`Uam)tMdoHh88KHipxg38A2ME^(dmIqwnt=l71!;xjb7iC58o{2
z8UgAm=3b7=7QbaClw46Y?(xU@ctXkPlQ9w6A9_jV?@Dyvz#3s-{KDETs>3wZA*~^D
zNn((tK2ZDK#e-33dLXsX;*hsG&hQU_<~vYRt(7L5VJ&Z!Q^2x@IsfO6wy3aQuT6SA
z;^Xn>^Z41a9c`nU{#f%5N{~9S@PFh*3GTUknlXKw!@80*evP7|MJ}qy9>#a<L-l<9
z_sXXOJOZo|>h*9Qx++VyO7=HJ(`aRMO9B?vjxeoo?6XL$5wo_8Wa(%OVvAGA<cko3
z^SDXQtRgwnsK3+|cj~1^{6BK@=a9@nC88cMqt!OQkg&o+d-t-X(7v9x{EZAs!cKyE
z+XVoR+X+vC2A?3x9JfPNWnyh=ZEe3?QL^huho*SVx<(w7@a3hn*$Sr^ZEd=+y{pb2
z&d|iAH~W8sos+d2=K9x=MqG19dpABm^xy=kWehCW!`TaSF-OTt&{-6zd2K_bOettW
z0>5ezgL6dO%BK2xeq^wwfjh(~7**3oJf-NBT}86whf<w}4yCUdBQ64-{Y+?xu(XU$
z>s$^qo3?CiYOTfUmx5<4T@7QQcec`UkrY{?kdR?&K4^-%|3VJp7EWBc6k`=cu2a&Q
z`vwrD^BLkZj-5Bg%M>pcuVoq9ziU;8$$G9bTJ|dtTd7iHRe;m=931iE_L2Y*ib>HB
zLQ8;!k7c4Oj|&VfZQ#6n+F<UTF&nB3)IK#(r`TwgpW@{B?qSPnV2Yt53SbJnvQXVh
z&JB4}8C@Ck80Uk8TNMU+=8d*90<l_Hx67`eFy0Pl(Qve?H}kC*{){?f(D$p{!+(^B
zIyy|>-L>*Xd`tccnomk>NKam=XpTuPR)}gBj*lmw8Vp8{uLEiw&jDN)jGm$Q<F9o>
zOhpbeF|o4F@mq~>>|t+`@(ub7bzXFI1@m!!mBX~4-V9zq5_Aq|NDt=WA+q>X!_HTK
zUEdHg8yzHS68;j?Flkf>!~B6F_Uh8^q}u1_iO^45>K0)CrkAjeFNKd7yX1GKcNys^
z1I_Ya^T`;!$jb6W(v!6%N%%s)k-C2W1Y0Y)`E}2P?WZ^9$=k=1v(G(E$c9S~4mLhj
zHZ1ZEzllkg;mh91Hs}%!y{un@W3ghaJFi8c+<xg+I5Um0MK}JuC3`N*gsPvBOo(cj
z@kYM0N(rp>yx}F-la5^T!9!mwc+7+>Hj$4<XN%n^OWG<teD63G(xuzrp)2)cm`xIG
zorocfmyUrcx*qFQ_|Jp7+s$OOkYFv=w){qxw!!PDCStu+yM?dz*O$i>iCfIY0@hwL
zy(LyEG>WdMp)nd*f(#QV+6LxhM{B*|y@)99Lx+x48n8xBh&m3HM976I-Rzfn57rDM
z=+>$|eDbUOZ~th4m<cN8iDvQ9L0)HnH#<G!QV(wiKVY-s6zl!`4dM0)o^DEC0|NJj
z9`hszL?Nf(TViRA7x3E0>JSx|K-o;%Q7UYUI=9_4P_o>zwKMaIovXfsup6fG;gv1y
zk`g(~s;&(MR0{>ILKy_EP_1!U3gp*O^7Qy~18+_D1;qGO-OO~D^*xeoQX}U>tiXlQ
z?29m;7<rE!?R1P%lieg%Tnr^u&wFsSac~{y&%|NX@1w%v0zanY>REhk$+0uj`RZK^
zC9TlP7C(ncazy_+ixvy8<f9s0xApmRjv1j_Q~i}EoMsXKXmB%{Y4eGa2bbZn^a^Px
zKhEdlQ!5BKW#IfMpUlHZG9+WI_z7t>p;TK&TyGgW&R2{UQ6OnIm&5yy*%h~f;_sUJ
zmH*(NH9e{Te44-fJ$6CJQVTPUp@fDesi2Ss%b({dH(_)#K+>C|0ndP!&ZgKb*_-(@
z9Z)5O3+X?h1IENUAf(ZM_K&h#-bJHm5eb%b`<~e8VPg~x4gs`}*MFmEmESDA+o(>~
z?3_IBeIhC|)#i>%D48&K6fkQlS<xlhRwsFnFsk$Zc7o^I`g6JoT{VlUGs}?4Vf0+u
z4|ka&Xp3ueCpc3=^y|+d(f5Jf4*_~0AC3na$Te>${SJTLQ4X|ap)|u#_Bkbtei7qJ
zl5=B}mR=`gv{*8Es$KiZo!rHClT)ErdjI4fcyulnDWT$=1(p_fwk$b)WXT8gsYno2
z_E3#?z>tW<=<D8@W{kNgJB4vLJH%+K@|1PL@pKMeStz@iu97C`QoUWuaqDG5f!ze5
zJ8jn)Jdh-f-SCXdc%e8qd*b%d`TPAkF3Bl0fk_O0<TSg9(Rsu?#BO~)zLeSu3tnXK
zU3lXZXil`^#8%w3@hUGbQgfI$<!tg%k)mhIA)N85xM!-)oyt&Oj!@fOfR0DF9$q~=
z!S9NmQkKz_A-}y{Q%=mlpe!(E+`p8r)X_y-h4Al~wG*>r+jPO<_Uxl5DraR7T`iD}
z5NfWE&W{==Gz+A(5&J!8&=#MF8oZ0I;8uCcmGZrv)|7fhFQ(r}o@~YEm#1nUzEv4(
z5j$_(pJ^E%{;!7|pp@I~j}o}<LB0czk#K$-pjYY>bcCbjJe7cJWksxE)2N{0w!zL}
zIWu&03($4hB7HwR4kpk(uFQTm$g})M!K3>Apspn_Wl9X<p>P)Y1+FZb5??yci7<VY
zb)OPF{}14>Uw0eJIEH1?H)4CPH+~#$JZA@TzG$dF|KTs3=l{nuv6`MM47+hXjrXLF
zKSWla-S5Ho{>*$CFv@~u+DOLhfpT%dn<DNmLBM%x|1fkidd$6Eg9=V0*{q%0KD}H_
zTX}kL18mNvdP95YFJ^G--yd2hR-&M2DYL2FJM;Uks^RPtd0UJoOOm$v4`zlYBu7?#
zZ@wd{YSH{2W~>4}!a7#zM{TP8aB_{XSj||*iblz%1{Efn@sxCnXO8}nHo!|?jEwHw
zMA|en%TK<Bpjuj%=_ilg7+Z0d{>s(&^y3BApX`=e7W89Oi#?wlt(SFRX3*(K*GR6l
zKh45yB{MGIBnHcFYBQzOMTOqC9t}`_B-6D3j9MXPL!3fC+_5cW4rd@q#%Hn36TKx!
zxZzQ(O72+_AJXi#<JD^O0m;X1e)!L@33Yj?ku78O>x*`EuXDW3Y|ocha}d?RX{MBW
zpR(EZuhv}6KWk~zRL||ox)NJ_HnuXnduvA)+}+x@NY#M>UP(Op(Dgw57{g5Dz2Qqp
z-Hp3>;&U&U;~S6OH4%SYH9<ou3$Ek#b7I+Xu0D~Zi$0E}0T6-M7|6HTbwhd%XhuXm
zi@enJcEZrIz$x-IIM9n&)ph;8Kjge$&4s0RWh`gCCQF821QT^JyLTt%K68*#-(@SG
z=+aP;dh+o~KlPzl5m(dC1V>2Pa7;jXHQldFEJsaTuye$8Y>MFYFivR9e-*#4NDlfi
zHM^(O7(fyg!V=Hp`!WbWzv({m1;l$zQ2-?Bda~^4YPtwH`i}|Mz^m7c=6%FjzCap#
z#5?umTmv4VPve=7@KZ^_TZ|WSmQMsNf-2vRCHP4EDMKS^KYJPz=;%C@ecz)gp2vd^
z?gPsf@qEJ$6id9+gu!<ynIf}<f+nJ7PY}L}tmTVkW~2Pj%rgPDjZl|U^uV>Y6P7hY
z1W7zJb*#@HXOH9Ac57Ebv6aT+ff+PlS0G@;AL}8t<)`|cMg1cRg`Vb;Tve^*|6u{_
znn4=XMXlNHu6Zl;U4G~zD`R-h+P$R>7I)lk;5GIcboy)Is02&p+$R-iV&80be5wS1
za)J4eTSB$XH7@VE>UL1L`5q<4-|u6PWh4M??bmpw<aBg^$``sYwG+3rZ9vnq#lI*L
zM04cqnAss+d(cpcbOr-*^kF9-VkAhM2wTM{o@C86LrQCh81^LYwK$J-2FiAds&ZE8
zrXX^}kk|S957b_*YGm&|e}0mXs5O>=RjUJPBU9aRaw|btcK<_5eJ|6m#UY~m7beI9
z_EB*M0{1`LU8dRLdP9OVJGLZ-r?8J~DeKLF;-&dmhiAWYM*pf<v~Pzc*c<Vjvw2Tx
zano-Y$n_wz##IASbN@mqL}l`s`Y5CuwMh0aTABI}MLOQaP|&r8xI~^f2~%&cW@l@{
zByVtvj&U7nl$3=MKQvh7;t}P0Ozx;MYeo|!uL*{Ru+}sAF_U5Q1v>IFPYAyhPYHv)
zRDcM-6W&VBHw>Fw+y9GcnQP<{+v+7wr1bLFlv@5*s$>5+Ig#iu#iKSt7?T)W2t^b9
z<+YAIRA0Q&>PZFd2@%R*P-s7VBgbUTw~^YQV?b>7!=vbLb#Tm&nPDBZnhU9jJWEAg
zN4cq7^Z4JZkTezQj6=O-DQMe@9=z7&+{(?E{PDd>kninOW_HUZE;opVvlC`iWlH!G
zNc#C605L=J?uRDJ-~mVj0ynthJOT!5<CBT>JpP3`$h^QC7rPaxC8=2LPu1|=Txd%8
zBbhlNE}ob!{0~IGo`h5-7&{dGHSUAT!j6YVmUGA9k7k+<g1%vNH{T*ONXN7K*%4^`
zOZeb0tP=>6bUByMTEW4~yD{o=?+#qgRW;f^C!*Q9E?AUYiua%=kXT(SoU=Xwi^J3i
z7s3#CT<bvxV|m?e-(i?M!4>PB*bi$>g0QVP>#sd^v>hp@*VS9)hu6Ca$eVt^dld8A
zb{&(Yoexy`a0G6KouZ~7A=}njr0$mi;quF`>f*%t<bs-Z7GA*2k%%<T|4YdDFIVwL
z>eLkAgZu&u+fxTfkgkInzg@WfF1d`65Q?>obVFrI>V?7Z#>x#UH!hZwF&YO5cfF;Q
zb2Y(3jSMBlA#jJL!rw)CtFoN}-++cz!EsX9c0|^|)fFf2jo_=s6Gta1$*9OxF8fp5
z)Q+W#%y-k(dl|^@dW*^0s7S4=qhD{vT)43(NhP0wW50nmR4gg4mZWg_fY){TGGpB3
z)!ELze(2Pssd{X~_a>O~PPnLNH%<f4PQ4COB%KeQG)xxv^gfTBB#=MTlcqI>{S<I}
zl^{2xqAYCd*;i*U*{@xjC0F7Vty%oIj0iqrhy&rL>!RTm_kXMCg{X;GuXicmz%gIM
z+VFqgKt$Lm={-oexuBkze=0Sb1tWxONr;_?et9A4{vJ=%SOYK%KFgiaqo;lHIFI+c
znIJf%@W33ri30^U;`<A&_1KNSd>paJXkdz@5?XID!RP=;waV&8#6`lqfN*&~5PN(}
zPI8egI+^cLVMf-zxI=mLYc4hXh?>b~_;c^OlRxU&V;Nf?nKdZX{ezBAaub8MUZ;M7
z_CHH7El-u+>rdxyexT9bxK?Zq8qIcnpw<|K1_*3G+v1AkIEN+gX~$R2`L}C5UF2%*
z-1Vj2d>nr5o|>@ZU@>dYw?LfQhld`IA86^}EGX)kE|ixaUQwMZTb1{1o#Em>6qhCI
z*9Wm@7s%139)rB^?vpunpYHAim_VoV2AP}iL<3&Gt}*@W8#73Pr|vSs%qWB3Zbiv!
z4my|+mEH4)V3r4dt#X6!0NmLDyF+#~A9$U6-7Q9z8(ghU(J5_SyyhzYGfk)SC-XZ%
zbvvG&rJVCfahM_<QwLFr9eJf)7n(6D^sralR8))9C?dm<7CAGDM9<17wNQH6vd%8j
zzV^LnPiP^FfNkFk?KAdc3RHRN@@!pcG;WUw+T9L5!{m;uSGRFz$hE_Z%%6DPrz)0N
zuR;{KrV?<!?hgsrg~>>`2__fGYO#5WR~mX^RBGN$IrmR_Pve1IT$a#{Ua6?}L;C8_
z^GnNPVsc#A%Ds>ZvDoXvRZjW-u&&s}YS#sY3uq%nvfA-9Wdh#8_Xg0-hjIK&T^UnC
ze&Hi4n#P>BW9aEbgsKkbxJS{&hRI`^q{T&3rGRI>+AH0nfKltSJLwC+fkS7ir{Qo_
zA7=&)S5$iO&rR`pK?1CaQPGLkP)-%(D2g>#>@@5e=&+f?WKrbi!^!nEyDW8<AtJ)F
zl$mI;1irtwTm6`;jKi{(nre~y93*%}X%r{wQDpxk>CtopmGSC7rqxh}0o2DS;pe9m
zXj)IA<=TQJ4t_N)PL!r6=k=ammF#w02VVwG6rra#hGs5EMGm}fN#lLg#8FN}f~J*C
z@GKiz<f?$Q21ju&mr7;sIIIt57=Ngvimk=(+<yO;4C~_JIefWHuPTfoR5ph{^t@Jb
zqji*KvVyXMt3vfLQm$SisgPzD{@%CzFM;>(hjw<%5>v>qSsPVa(N>tcU1l|$u$&vj
zgR!zcthQ@Ntmg-g(SxRC9pZ^a5F)8+wr>O5r$-Ds+F^!YOog1~E<f1Kgs&(!#wrHR
z85E}@L%v5VvS*4`v}+L!yBMhqES-bPM+?z@A?GWeu@^@Ub2Hk|AuL~70@A>h6H^XV
zyUBulr18SS@Q}*n$L;)=uaDOJ?{x$SYj!bKeTR#}^4(g|FR~xL19C)f-F3c?Tn^KE
z!Taf0&1pAR0(W)1QS_Vq5IgBt{qH4}$3WTIfL*_7tonyg>!#fxB~GssQ%(nOG5>ZB
zt8MW)_~k_a3T}7MQu4cD&R`+fZycdQLt;!6=B1UUP<vwoX_OA<RXEZF@nZ_+oa=G%
z`p-3+=sTkTz>P~=izk7)>DB{JAZ@TGdC|%{NYg~yKZCx&WZvEZsJC_F^+`?YrwF&G
z5#Ju8A5=g;q~Vl-dq)hndMNiQFPdXWqrcr7_#Zgyi735+*K=RA?uohVIC-sks3`wN
z$o4K|#5Nf8{ggQ-wXD9(-)lMD^|we3+!!zB|Lrj}rU2rr*ou>AOFQTP*b6KZVM1oS
z8A!+HH(1jYPCavpIf{5VzdAR{td*v{h8p#N>yqP=pmd)1ezOIL+>3hevhs_?7$U+b
zg@ct)PR=g@xOSQ&X-g8;vtQ9v$X^=2J-{cE&_f)Ken}V#ldyP4G*l4~2avoDGVC6s
z^EP(%d_I>;z>=YJ)P(f-3$15RSGO{TTMY>PJb(&<P!wVYLZJA#d+i|)Bg+Gcwo$s=
z*5W1770dyPE$9OLgGRTgT<r)ZNvDBA2Hx1|d&Wk1^Msq~ueRI5e<SDXka|=9dhjw@
zkR`CEVVHLi$Hz8J;7j$K(a>HAgd*te<BHg_2UKT)D92bnSndnj&#Ub-R4+eu3Osz_
zBbQ>Ka)%R`vY0>#wdw16@at7g?e)?-TmPyLFi~o*#7AvJ9Etv998yf^&MW(ahJ)W!
zzNW}jUKd<h>ruT_p!cX}jlC|4F%*6?3%_7Boc{4E0%S^6TB6l0yNKP2eb1fk4kA5W
zPOHbIA-jkOZu-xX^%ZXR|0r26wetR##fR%87#Y;iwsd(IWq(QAmRR82lwX?VeNARk
z_RIL}Eg~SDpafjd=yHeJV1fld->0cC!s~!2n2%Y!FVLtpVq#)A_4d+jmgdm6oABGT
z1ltE$Tk^s}rcFov&a*kI8dlyYQ{;m6Q1l!;I=0Lly=#+a?_fh%_ByxmS4v*%0~=@l
zIvwayv%4?H2UYjHk4k9g#oEa5brE#!s5jTHWAjJ3yM5T+Xn3K!9Dvdw;96DKNAh2&
z@H+k@O`Bb>uIxxUoU?SvXe1(D?kL?Bx+tDna}u9|=oFDNS}EDa8TvO8yIMv$b2%gN
zqyP@;cY=Lca}gJ`MxB%F@hZ6n#FS<?BbnL2Iqz(k<CBWU=*XrUtucoHlT79yxa&tn
zysxrLx|awGi9y%N{mHgz2cs{R4{04KfttPp3z4VU0crLk_5tr?WL{ArbL42Hk(ia7
zmi1SD*8Gx)8IUNi#XDglNu+A`L@>_gu<Yu>gv5T1bYl-3#W~|-yM6$PQW+C|EKX_x
zI8>dZWqP!)PNpmVxM?|BT<%VQ#K#seZnDYdJJv0G6LwVB()d<>sU^O|HF@P&_;+9C
zeN-*}qZkg@VUC5!f9a?XBdCYY>$EuJ<P3<6#N#vcAcQIKOmBOpY!CQPNTHiMT#%ik
z(0i3lX-}Z7o<*JO-07mb_OafKB%Y^Oru=dTHEDzR>S(vZ{`^v-hlyL=`3WJvQ{hV(
zGHM^03-|a_>cT0H_2zBN3@vgk)=z{zXvfLsiIil7=iXjT3bX+t!MwG?w$5ny_)no)
zti4Rn$&d2;qFDc_iqaz@cu?i5{<SP(V!({$nP`l%>s)5ft9qK2;lW2>@Rx$+Eji&y
z4^4_%)Q9yAMuK*&<-M{6iSCY$E?l05P_Trj*io}vMYGV`Oe24d*KOA{5N~^ld>CzW
zpuRQESj&N4$Xk!KGcQ}P*!NekPOHDvGJ-If3z}vjO&OVjw%3h{%N77eow%5*X~#`T
z%~RF;c4O6mp;Q^kK*9=iA`7ynsWGcbM$HEyXXQr1@Npc=@4c5L9y!UR8lRn3&owdJ
zi%E@%6Ot1(#My3!hp;~f{%@+bk{QE&Jnrb3H?hrsDn+!PIqC_qj*q+={x<J#P22Ly
z^H6DynB%cpv$a98`+^**y%)|f3e#k~Y_(fBZ$|R6lm)C$h?4g}SYvm-Q@(f7vg|dv
zk|fs`*?-ZVkt4Ndn$7@a<j;!Qbd#kjQa^5SjNCaGw5Fm=+zbQj^0fuIjM=lsRb|EZ
zNDVh=crWkp!BET$dx=Fvs_%R%bx&AiS1BtHIYk*WVR)9L|LPN(qMY+%KNiQtk4!3Q
zT%7CXDh_!SCt)3xbKXFEJklK=Daw+W0^U-}7E6vpJgh)k`}K86FKHes>bM-{4W2aN
z;9`e-d66`ILPD1p*Kf-_F)23Ho1eL_^tO1+z9u4Rv^q6S*w9KudFm)*WMuk~*|y+a
z2!$8zTdpwIcH^E=NJm@Q6*@aB$6J%r)0UOM&UM}KQ}gPDgVS5Y>Fw-chOqZ|Kbq!^
z^}cb&PguZy=+)wQ-&QMMh(-V1+|B_|umExBTzNKlvXh+{PTRup;OqiVsx?ZkZuPX>
z_)*xjL)uWhF*3fn9-p4&`x>h&f_h~P@9I1cG^t)*nC}Qox?L~6y07VrY~OXiYQ51w
z{Sy4udB?KU<u?7aWSHU<@BmBl+lzx)Yft5ppDs3R)<oQknFj)m)D*HeAgQXY5BgV=
ziOJh7TpmR$DRWz8g35#NQUPdPdx&;M?C^a_U>mSE=5!;l?Jecf{*>qOaSJ@f*1P)>
z`r!AMl&`IVBLY67NLr{~QdA)i#Ehm$)`bNEAR-6c_C07FQongu&&J#4msT%{!0^4j
z8~2CeQ87^k*D0_);=l#vi>sJ1t=Q>h+ho9@FJkY0K7H^l3d-v*&R8g4(4Kn!|7&;J
z^8#gFQYGCRVbtDk3w^uH{{jUCfx(CT4}ni8d{8bvt65YOqpXoebd-0f-$YSRh~ND;
zb|pq`v{6u=PdxrFz<=kuoHh^^3Q9+t`{GC~$oJ_XmK7KkB?sm4*~rQ%&3DwOT@d{N
zZqi4Mg7S>+pJQGB)vm-B?D^rlmHVEE#em5xE+=1<)j~q3^K;Rwb#JWOl<e#jztzqX
zF6SkTW!^s0{UlXY7?d8RLt;an{Qq#NJveAbO>t#A@#?hGp0~}`n!-+5x7tx>yNour
zUo-$T<IBuGz{V!d_YiJ=8a!(k7ad9NV+`@PQQQ~7ADvNT*^WkhY`Ei?$FdWxap*j6
zf?qEISK=wB(u~OYuYZj+A9syN{1(Q#X?MDzeu!%@sG;Mi6DRnb#(Osj*z9KEcROfA
zF=FR~b^z^m>)1)7d>Hx>c8b6{wkY><@~J>uPKr8q#`_M>=r;f4&2sem;)+?mhDwTL
z<8VaR(MZ0w|C@)6sg?1sp|ckD_P!o<5{a4wcW-cLofM8@U^z>g*ZAX?;TyazU13z}
zI|qcXlgT|_>lnr~Ps8>{#{7*`L9T~6iNa-RZii%9fO4wTDDkA7BgR=P=kY}0R@kwh
z{{d`VYxZr$n0NQA<-0=8;n|q+a}K;4ro%T;?t2T6)Y%umtDOyp0VBz6cRG5_zsZl&
z7Q9zvr(9*m9lb5?RbAy{pft-k8j@?uSD^7$R@-*IZ1EeuD{p(xn5U0!`;_+4FeI8L
zL${JTYs#ovJp1Ob`$}`CO`<1B>2N0T;~Q_csomR~v5;wx=&`S}?y1Y*)aurTBA0`l
z*6h!YgC&f~RtEm?vng|6Z=ZziN<;T`R7mxPYj3KuuHW1~*m);Jtg5ayEOjN=(6Rqo
z>^Q=^>11|uS`m_={nl-35Tkv>{HX4;kLn;spr~m7dF3negrJ=^$$oeDyY2pZP*&sH
zmFE2<_JGy!GRS07MF@mk%*U@N>vT55bG?e6Sz+;X_~Cr)cKJ5bR$`AsxV=Bm0Oahg
z=Mz1o0P_MsJg*1DmyW8<HJw`b_YDMLonqB4))dzSV=03yR*0p01`SL};3lHX$jiUY
z`<%;ld{TKqZBDQ|MvS?3Oi~aa*1QsNUG3VRsl82fO2O+mJ1A_s-f_k)Oh9GvO_Vq<
zS2df;bEGQ6<?v^Vm5KlF63hM&j)gYbXiZ0l;hc{gC2uXy$F9ZI46@&fQmETQQbTCU
zh21Kx-7F4QLwU<e`1Z&$?6vU*`|flm4MjZ)%e|eg#&(lar~0j~%nx|2C(=gz3z+mT
zP83Fljpge(o7jLm;0(&0<>VRaP^+#p!JWU&uj*#m{T<w!)fMhyE61us4-IQ(_W5)T
z6qgtqwy{oWRbr&1ftM4NO5;ge-p6akTcG61j}jLPE&gB#K(O4?AQ=`#kv$=u?h1>K
z+1W9^w(4uWHWxlkr2`nJ(i-_F+@C{>r!-57s#UWs4t|3LFZ#*dCR2U8TG<YE0_bUP
z`(+ml>_@(+<?|K*rIVI{z&1E6#-e-0I4gqr+^@4z#(lMlss_IAcM?3eWh}2UcBae6
zYrk#p>b26Gd=E!El<uO&w@PfL67cvimcq+k91TlHJy+O?t_S<h4UM#VIyxCH)*Ew@
zmV92C`mCT{Iv!oIB9=y-iC1E2{l=YouSvVR&blW{;`dCQm6x>ZN&xO|bfF?#JGpXb
zGe2Z|dQjSRolSmoc|&gVtK(A5F?6QM^yC^0((QbpH!Qbzg|+DOT94g=s|z?nBeUZ)
zIB#uKQhh$l@x#J*DvrGOODd+-6~=?mCvUv1bJ%Rf{N(NtiVx!b)DxZ;l!}h_PPe<p
zJEsxa)@zQ#r^bEMSu5KBjzrU1*Fn<p@mR-G*FpXE3|Udy;ouk#DE5V(9<)(F8+_wt
z=N`;^4v>gz7j~EN@u;&rziY7GqxVJpIp{RF3naA$`s}#F9^5#E%|Gnhmp45O(+-AK
z8Yfa#G;`F(WW}O#Id8X!TyOgA;!MF;w7}UIlIht^bN=*_S3a;7_%~bOJ3JQa#ZCJ5
zQ+EPq6KqeRu(#2)$(0$Buf#zfmV5c7uA}1iz|+bGOY?r(Kxp=UFG7I>Z((*Kw(Xol
z*!K9E-9X~i5@LA3<6v<j2?X<F@Lai)@u8aJVrjAappq&k#G)+Dt6{vvMcaD2cIS0g
z<1XfG2|1mhwRD743kUQGUu}k}4)8Ggitku5ah<hP?WCNL2i!O|?Qd`CUVOG+6m71t
zwX}}Y69CM|Rcz|687agt_E{>KtC!#p{cKCLkha!a@?f(4Fqzs94S2l-ifazH-lXP}
zKg8c|&LR&O86<DB=E@wV8MsStj+?HzPO99RG=>JW*aH>qN-XC#Vs-|j$;prNNMcHg
zE(QjLH@+et)JwJN(C=3Z%BQDCF?V#v)b3iG4?95D0#B8k^h*RfR;?aKrh<C8;&|5i
z-g2!(D+QZE|9xv7XjV77UT;#6+V)y`bY}ANT-H$S{cXc<U69NBw#8;n7-gNnoe$UW
znNcvjdltRgS(8cJXS&c+!#~aUvuD5cPS#x1j@BHbIA!S`cp@z+Y1Uz-jgfk<?&5q)
zLEUzY{_b~40iPqK;Q!Um{RSnS=WzgMr&+xjJ-5x9>D0`;J=X2A+Hfxy|Isdau32`w
zrJSU=t_f@Sr+_q4pi?KWt(6sB41wQo%YQ?fr7QUd2=6*g#k53B<%jqWR1`!|L4i2x
z!OcFr=4S5EJ^MU*f4}p2^nHD1KHr8q_8wC*fs(RJnhQb!hoKgDiquk<6dPk(1vAGK
z3Oy3pRKGnKMHG&*&W`-Z&Q_j@gKreO;it`oJ_>+-)v}A3axm$VQ<AhMikW&*{Rm}5
z*pCRy_@Y#h{b*(JUK|tnzU8A|Kj)W(@A+q*W4l~zmT}3Gm1)!`wSmao^&fco+U8&?
zg+`|jPeLZ6e4;G?uNF-fWT5Y}0u_9pvC;Aq=g=22hoA4&3u;*@;RP9T-0)&~3}E0s
zyB~>Q*tW$j)R?k>wxjKb{D5aR`juE#FP%oV*WN*DZhwZ%`!?OTB1_$d429Z0426V8
zn18S=B%tVdkBxjE>iHSFoiYR!8XTCqoYC5o;Tc#wfPl|=sY0StmR!FLc*SjOW-MK?
z8la8Qe$HAGX;r5?A;g|q@HUejcMmR|NH4qX_<NxhszHcP!*52B)1uZ`?2Cf>e6{v$
zE8O4jDE<rvv5uUTj6gi?iPp}UKJl_2ILHNvHR_2~Lx>0)#&CM3w@)@_**9kGc7oY#
zPKCgP6f|jY-Dj(NcY_w?f9Z=RyB8&B#>-vUoP}*Uq)uu%gi$@O?60`KaBDxBJZpWQ
zYAJcY^WyS=eV9?01*V?HEw6y?=NdWVq62eo!Ll!vF?h7xbTZquS>F|$iTu3?Fmocw
zw%$8bnpx+$DEVE(`d-$maK+|l^DX;r)vB0w#qDhV@OM!Zbu0An+f!Q91lyloMNRYF
zCO~b{!H&$_!RW?-!6I;qhg3VO?DO16gvm-amotHC%xFT$Rox9An@U4HZ{u%GqLR7V
zoAntd9qb6Pu|C*9i;psbrL|*|k8D97E6^cZ8x<jUbN`shh<Gn@Y;zaJCXkKydyhmA
z(y)7hirhhd<$Js^grxPrvZ1;v)dF%d)9(rVA_HSKY+oj3C9$~8lF$c?myID017k7g
z64e$NB-R>vmg`5PlH&~{;f|{qR)g~AZ~6x)Jc<>UTf~pk&bP{>RXqoka%bOu4)w)T
z^7iNrAKgFlruPLxcXkT-;iTc&x=zBH_fjb3SUgp491Oc#UGE^Z^+KI#$K$hbz?14k
zP0<I5da9Vk&;Eck_h=y%q!DC&P%ABE=)x3de{mv#F6(PjKdou}<m}I6Rc~_pl~Xw#
zxo3d3pKRby)wn0jp(c;Ap{Dk1*<5~b-}h1o&==rFbRZwd2SpzRY;C4b6fRguOMJD`
zEZ)Awc!?A-E?Zwv6P%!yz#Y?Qb8+Q=m6x7h_9v4Zre?8K1ZUN<qMm|3nm<%kJ(v<j
zdAwRecj{%d5#Cr9QD5#;#pk)27t6$Gc+#s0InG%L)l|v=+f@<!(A)6S_th-DK31Ky
zdjSfKAhvJRAgEtSlco4LK)l^*f7w%-aV(wY7BBrcfIj!PQ7l%zUOlm8ecGTEK3Mc7
z_QTx$X1sa?8i9~YQZbKey1FjtEOL0D{yu}vIG6a0Q~VPD`LKWHV%ETS?3vCqRa(--
zMkz2+8SQr+k2T-(ToED~HvQQL+7+wv%VYVGrZ1*8|BUhKj_h(W1gqR5K>)`BSXbP+
zh*x%|h7qt?oV-=6B&of*BZ=8V(=TE)C6^@m1gg2w+<f|Rh~k0$Q;z^^=Ht!rJIL7%
z4u=LYO)4c8H~AOeKWPsi76m(`<japyt|wck0G=&z!$UWM=1VXU6{8AI)Es&Xx)z`r
zAnw*0;LELf*&{WpKkPxKeHDNEs4hRJBYU9I<5k!~t}`*GgBU$_kopPng2EGg7?~2Q
z3mP8ksYso?_>Nb}z%@CFcuxoG(#Yj5AN^*2{^o+eF`Z7IEqaX@TcOf0?ey!;`L|mE
z^BS$rF>YCrJ6hUzw9M~-!Hhw>-XL$r3kG|4=bN%|p!>6?@SJ9`Q|V#ay5WH{Zsx$=
zy|x40v7>-Pc@@-E@GDq1`J%w{KVe{Zn895j#{()A8U~x*_stuteckKWciH9W*GaHF
z$KRfng(TfOd8Qt-%iX>PJIY33xN>-JpYzs~{RLlN>$DrJceRsZ*$IPv3j5z4|BIXa
kzkK_d#DCwjX%wvS*0FKM!wJ{02L_9cjz8Y~`PW7N0!oAXK>z>%

literal 0
HcmV?d00001

diff --git a/content/en/docs/getting-started/images/systemd_dialog_2.png b/content/en/docs/getting-started/images/systemd_dialog_2.png
new file mode 100644
index 0000000000000000000000000000000000000000..44a5fcc27d69708eb75dc509271fa33d48042a16
GIT binary patch
literal 14904
zcmeIZcT|(zyCxhgs3@qfBCkkMX%d<Rkd8EIQiMPxl&JL3dnZ^B1p(<uZvjF`P#}~9
zhz*b~HT2LS2>~gggf{VaerML2IcH|pcjo(MzCR9suotW+&wlp(-22XTU)QzY85?S|
zvvIQl004Gf9ZeGe;MfWPz%qK8mH8hiU*|G&IN_tN3p&mG2|aE1mihNpU#%y;rXCKy
z0nfbc0gmn-ZuSyBw%+#k?mkW)zN^OxD$I*S{#>NtZU4;I*~9%h$l1*v;P%Y>`d#Vk
zj`r@?@7}(9PyG5FSp^vxg?o3bTHwO~z;%GGrWz<PYk4BzsoDJ3)-_VSfZ~nUA3j|0
zS3eyB<gmM?fo1@odYL0&yqqpr&VbLHmT1&-UO&!@Cs?%9641v|g|3HasGk;iX15r(
zahL#LQCn?3$F~!H$l~6uyePlT=iap4Rxe^c9<k`k!hA+Kv^*??IRXITeA67v;qM5~
zQ_SJqgSz9)f%W?MpR0~vU`7NG!E!o)IeY=UR%8xO0pEC;!)?HSe(XO(@}F7qAKo}$
z%*KubUfv0@TOH*)2Ke$I>`f1nb^}28``*8|=eoU40Y)HeBkBiUYRG+&9heSvC?nLg
z;M;L4%aKtmw~~VPu75Loswo#KFrUvYETb!B7y)T`nl^OVQqMiRpsB6fw#l_K9Pq{B
zrRS*#;KJLt#t)MefR&By?cxJ0dyA{4V*5hO51>@KeU`F@1+5d8lg-E-Ez73>SwhVH
zUn*FnrGK!UD%fn^)LVJ^uOA9l1{q5uikUi-Vcfg5{L+Qh(Wfjlx|0t85%*3qYeR~>
zczrfU<P(uYZ;NjCM#X@%D{dXc?qj*GX_jZs_zh4C7H~*6P2(4EUxZf1{Q#73xm=z^
zR4Cg!Hq)4eceol4+w5y0f!D+BD<<-fI@@~ttPw!=Gml{%b`t}Hgzi|s6Id1a3dh9u
zj01X&{1eAzkW~>QqL-+#cuvVk0RLu5@H`73FO^xsj6af6TNl9=h|Da*s4PxS%Vex&
z5||I9lkJIh;x7B0sE%$QMV)Wu)Fn{M@<r8hj%Z>7bG;;&0pa-lRKy3*G>~!WJjt;v
zeC#3Tw7Uzb9UDAVs61+G$;N*Eai9fqNRm|08gQA~M#A=;>{To8;VixqOZ_>$?aW;8
ze6WO8t2RovNT@BpI3eph2cSfNSwexLV-0E=d?e3JRxuEmorZZP(QYd%Evox{)fsV?
z`%N+-V$?okYchbb_~vF9zSy|7NV6m8n@sML!%??jc$IdIz@x?r_li?^P2l*J^Wu>5
z=wB9V?qAa?;t8XL%Hg8*E{cub2FinNBour<B*kHFeo6K0wXzVxI*qkbMLYY%!F1e-
zwgBUb#!rv<7cJVCM&c~||3<<|Uqu?i81K)>DE*bkxVQqi@cMU=0<6xzqD5TF*f1Z=
zmz#|5NwpJOeSi#Q6COVpts_UUxwZ|~CA{%}2dWcl^DcW9BPgTP0GbS!P`%!E5vkuD
zZ<-|}Dr`gaefw)UNUMF)`vIQjBxLyleID>s_)jp-=;{-PEtAZ)HBEc`KNp96dL&gY
zmUMIi{A6wCC1F`FJONxI=$LKXoNI?0gU&t9hbG?Bq!+|VUcPqeW>oZ?)OzWcRJ)Tk
zDpQZV_d6MF4pT4gu`sicWqp3mX@+rkciy;z&yD`10;k83)|7c08V_Gp{;Di)5!K@_
z-+OXKNK3oU4*96*6`~!BD7y5cM&KJ-CrS|h(fh2cC@wVrAgX<?VuvxEbKWlO>)!4G
z002@|d2s^3QmNkntP!%vr;JM)ieBW9-;ab;^_N`g##*`$o=LOY!wTSybND5ujA0wN
z=t@Bkht$KWYGW<`-F5kE0kAF1I#yxk`5+P_2+wzr{ArdW5p;fKaE?=Jz0JgX<B1UD
zMaAmU4iB4O3VetDplR{P-i2S`008V5vr1gJ4mPp&dq0VkI?qW(kuy0-Hy-T~X#=ex
zMu`pGI({&|f_FjoqY57N?h_aC<<d0hiq!*!i(2hBM2ihBO$;j;Rd`4aW$DJqz{@Nz
zu2YPWrfK8JMJl?fbMJe<G@Z#f=;gDQvPMveb(bLvk6(bj2i@{WIRTpujEJFtbO9?Q
zyH({@V71rQHqOoM^>ZE$?8=CFfJ0qexUo#cKSE^V!E)XB*&1%ISlW6>+-j0$5$ppg
zPK^>KkDlAswRx1SPz!ZAC^kr*8CRLN<L@h@ovIEefVI2jydJ`)46>yg9K#T;3PSPP
z&2h$9SW<aRoMsJTXX|S4bW1U1<TmJry-LcP*P?}C_mso5I||cYo(l|%s`php@?|%S
zH)-f7DKCEo!5-w*aPq-b9s%}P0HywaK+ulR(CwDxghrQ;(}0Nn;py`wd`J0%D&H3e
zT0A3w&F}xmNaxG^br!&vt38c#SfF)o33b8@r*i#5=f4M=<XU+h@Am*3gZuj#;>6T>
z&s)+!n^;IdpV09mBLd|~{Lyu6OGUXyv6GG38w}3}%+f4;+7VqL^|uO*5nOE(yy$`+
zF}ohmTV`X_R2U`Yc?x?4zI9powr}-Nuuz+cFCj{1E5BPIT;hdffCI8?@&1Lcu|4=X
z8SCvIvewEJ3v1H*T^WFOuTVtM2Y)biTCEGzAZ4oB`4L&mXH(99D5oC3WiZuhg8f#~
zc`|8py88uXgaA}8FC%ijE)WVnnwLuM-<4ISmw=k<c%u#34iUrz&(C}zi##boKGJlu
zqs#%<pP8E%?_XDolTxxV$V@@HKZ!lZ5utWE;6Y-cjZe1EVZApBFInGE0#V*|Y+P@N
z${>ZM2WN$I0$%NGcqd!)6w8J&O7*GG+pDx_P^d}K+%~YCeyP<iuVcD;9_EA2xn?$2
z2=G+6IsRf+{?fo=w0p3}ntGQdq@1tuCa`IW*kqqeQC;mCnCaRxyK<$Z+J`|&Rm2$Y
z;l6ftjGa8{C&4!gWUaTrjVjXgCAj8Zo`ceENMrRXuyKp>K*s9?&YDo!qFkofDnwm7
zLjZ3_t85<r#<(ABn9u_c?I(IiuMST&T-#i5Gje`hQ9^HVlh`Z_;obIgA>NGTJ4m^L
z9xYxD)2b|_h+!@HC!{yo{N5^thrYv6zY0q1u8K?a06{u>BGw^C*4)DiCaHo!sY~@=
zkA8Kk<7dM8ot%!&w;xefO7~PlHPc#HFBYnyD=0Z6fxW#g;UF=0i=!X(3?W_f^k9CU
zvPWj__v`K)&iTJm;y9*+n>$Yl-2FIPADs(@FNkn&;YZ4dB`<2i8_g#N#5VCAF`H}D
zd)SEy6Qc5#$bo`@`0s<$-l5kf4_~eDr%B`r)@P9KS7gtDt{&Y$XDis)s#uoGSnO67
z&I~rpMslx@sZmnD^qhWi@9H#1Rs`PJ79qFjOkHr@4Mwz!B3%zoDDUoww6ESZCh#ZZ
zFC9n8>}G!s-anIT6FSW;bN>0=!Dvd+p)!?{DZf$8SOEEz)>Xh)kEC5b8lmB18nM8p
zBlCIx<1?`G_rA3%W1qB6(XK=*Vv-JmGO^E~=@5JAMAO9kj`$kIem}CrLGopO3GMLW
zg?RoF5k86jjf!*Tkoh%Eslj0+c<Hb;xBvJGFJqIxhdQyS`WS!T!x*QZh;Lj8^+|TG
zX@qR8s*(q@Sb`VYnqX5Oij13ooRELT^Mg^g<>h~i+^$NVnB?27B=o)2b|{_x<meY7
zQX&}j%{CrW-jYj-sJ%Asb>SBLc56ouGH#Jb(6$(Qz`kdz(Ri?|sf;I-9NrF1uOaM3
zw-`b4#rT!M(=S%Eja#cUx+=odR}b1ndZO=eZ}nj=tyWnVae62tT2&-W#!#oo`FL(%
zrEh$A`h6q)+TGIuQ|Gknj*CpaeQ%yz)Omatm@6jM+h<hl;^Hb5`?rdY^>-m;EJSO0
z(Bo)5vbcOFWo4E7uOC;`2izZ=7Ye&$36-c<<Ly41G)Ke)L0wX+8sE^%pkD4_W*+xH
zea6E2L0jntqsugu9QcK-gjMl)5k{fJ;<ZwytaD~YSwL_QxlVz7=u$S2q^d!CUWMJs
zKMDEdme<z@jC^edJ&58kseQ<yOOsy8FwEHR1fqxM!NCGiMHiX{2f*)@qS<SUKHM7A
ze`Gu(TC0;sMKM}Ou095zxtK^0*OTnX|1=yZB+LgzVAu9pn<k#dy?SucuVKF&78s5W
z%)U3J?q_J!8(k#jmuG53rzGch4zh2yz04k6Oyib6HW5D+=Lq&y7Shz8tTWDDmMDW0
zT^o<ck}`bj?;nnjm(OUlq6eGywAOdu`A<Fi6GYIV+s5znb@O8g_DnX;zOwAm*ZkJN
z$}mNQBB8g19x}I@@z=m93u|QKfGW)=b`OSJ$3yd+6!m=^+|1{8&o90FuBuY;hIXhF
zHPhFh{G?9(TID_k;_*@CZ+SgcU-*MUep>M|-O?<>8v_}XS87p0rz@$=I${QjvowIf
zjkZ)H73g~oo^@(EsvCC=Wsy{P<lp+^mU^aN=@)Z!SxW2fCdu8nRqe|d$4np+$g)x)
z*v1CdtTS6H(YSbVx>7JQDoRhN8K@FkI@A*W(|o#&zq;4GoEjo4zoMtcAy4+7djF4X
zk?I7$C`wo8oj>Ejh5Dq!789+sm1(b2RG{waCM6E~MJnTEAHc(1VuNfkO<l@HVcX$o
zc|}TD>#D-iZwvZh<pe-3vqVfe6esHn1nG9`xw%j3iBip-tS!W7lb<Xvk|hRzit6&A
zLyoR0%eED++@CCJ#TDI>?M#I4NgvF6oSj!}YR&Gp-Tq!_*Op31#W&XQE%t}uF%j|1
zmmJgpO3CAMq%P%hw3P+^mWa|=ALFzwM;v@W?`xb~x4aY0zQuki;@+`8MaFT=-+otp
zphnANcNcG-ep8?*abG<ML{>F)&S%q;(9(REqi!V+s?g^53vo<#=$t^Z;<;{#)JHLD
z(Y`Rv3u9QGdAMTn)rLvan9~71Sodk-Fg+97JzCnrMM4<*kbYItGtEAYm_T|K=2_+@
z3Op7ZM2lAogPn8~dHL!CazV?gk+h*ySWr0118*MD<=;1dY{EUSRW0wOoK4wgAcnG7
zI}{h9-+Sk=_wXs-sXU338)|L<#}nb7Sb2JCwX0Mu%QYTb51{m$$7}CdNSF$k)wm<f
zIeBe<nSX8Pge=CJz&cFvlX%X4i-QnNmxF2|eKPAf%uCk@Te|PBFhzqz$GuB7ORdn*
z4o_VLuM9onRZ98bIbary(&U9G8uf!)N^OZCKiXeq^SSUsdZaEa#bzz(bP$Mwz0Ak^
zn0!2%&+W<PD~_CR4)K+9-t~yYyD4UE%kw?u6&X3CTtB@rcGJLgkol9+%3P~mBXO=J
z|Klng$2gbP{#stM>hJOR)EZ{S+mm{8tj070s{!p9@gLuyr1fm;53zqa@mleETP|KJ
z=E|W_mFnITDdo-AHr6vk^#N8TXXC8sHy&AImQli|7APr>EiPM$W)LOYtcOhsP%R18
zrRca42FthGe#`KDZaa@(j2T}#t$(WSDEWmu(FBw!t2YQS$o^!4KO0@`(UlhL(moX7
z=omk5oFt268>=+lpw&>amP`t}-OTp8j?v!gnNpLZA1h=c^;?~28TSl)?&;5MFSvAc
z25eSbJrzD3zrh1b%($sNbj%>9{-LG+GRVO^hs`KRc4Kh}Y~8ckBOggqm>H<i(AZ5i
z7~H!DcBYN8LvlY>@GDEJ)?4L`vHzAk4f@im|Ebl7U6r85zs<ta)AW3vHd#1<-*yVH
zLAs6=z8r6yKbj2FL2!Ou)u9xUtWt`~;}0<+lRJ7FY3QNtvx}5h1Z5;KE%4>oc|glF
z=;{NLk@HELo4}~?-ZfZXSxop|rwp#Zr_uJNg5WGMI9T)TWGKAmq4FJF`)BllnXDV!
zUacv52SNm}2pWZJh8H(DaFJg!R5|h=)KZ-WpxYCT8dC4W4Qmb9%uM!jaML(G$kBSc
zDR&y)KBKQZXmkYmDnm}l5q8Qi`rr{1>x8WSUcqBtggaVMW9OyEP1Y}(H#%vFAttoA
z@0Jr<VzZbjf*!smw29XWa1XScCGDUbt_02p_?<pfSWzplz%jGv(!M`0?9PtO1eWR-
zwzJ-!VM0m6?=^BO7L*jcd?NXa#_G#+0{C`TsBX6YO)e=felM3lS2YBe(_s5vHZXqD
zW#)H?%;UuIMe=7Oe&h4Cf@12t?r=T05ktpTCASD39;|ctGf-xAK!YfAmU8?Q;GA7E
zdmyGp^$P0=*R7wESmoEiMeC#d6&ySjqO=};I4*Gar|EeBAcelF_#{y}tmXBkNgFdI
z>s3r2o#n;T7T!|MnrMHI{+jHM3`V0=O7;L4zGPT^91xKtF#ZBEO-$A8q2?QL+$wgy
zKOrCb2?Cxa|IH*lLtiTzi)Fz=h_}MLz;5wOay0!Vs+~!I{?9p54DdMU&cBD%8!=l;
z;Gz4b(iPV=z#KZ@P3Lfypq_vV*w44()_X1Y7=DGOA3aJV59quD3=32GT6Hs|$~K;Z
zQ7~BK!$09oyzZy}wEG0$f>Kimz^wCM;5amRJ6l_(bcD=+cK!>J=c4-lF5j7GlOYfe
z$0LKcX{+|NjheMep1CW8CiH%XFzg4k#3_p4(8A<`t8UM7fMmc$Gf6j@S@syy9}2uS
z*z&j*&lifyow4O01W}8HBQs@|XXhaaAqZ}wsx@hV1z-sNQw(bD8&>MK^%3mwN4)0Y
zrCvTnv65j#-9i}siw_ZHTMD(9<r~bNO{DL<CZR%_gQO<;CkN4Rn=-y0Lb)PD@zr=4
zx&Tdrb>efKC)>q&e{0>kGi$|;J78tkiTTw#w=EVhQW8u(uz*xL=jvG{MC-ff`>>MA
z@Oy%0jL#MT>V|l)&#R;SkC9O&*{Z*O9r7n14Ng4XhVQ(UjAdWwdYBg<1I?V=D|{0+
z`Q$!_m-E*mt<m6L=-0Abl;RK%&}z$#lp%`(bicOCK>A5Yu2^#|8JXF$eHhq*zv8^P
zR8j3TC~LnemdI-cMNTl5iu1vx8dlAPe+?X(uWd}nnT5`86fXZYzi_3E!>wTWbOA5(
z-F)Mf>)di0#8&`O{q{J=Ik&Ra@d`hvN0OOAiFshHQ9qQArzDJ4(T9$oDA05vgzxMN
zG;aOYUnej=Ng4s;6_0X8g4d*Gu~k$*ZhsfC=H2tRLcZ%sO!(-8^RhQb3@y4>D3W*(
znQj%S2YW`rGL8{BL6sHUa)P3uJ9h^6E*(=mQZ%sg#J(Z?esfp7a&u5$YAH8<*KCoV
zPvLo{Tj}TYbu4(lc@<Q0WDr~)aGbLuqj;NSjd-p&pYFHoQ{#faXPq|LXQaE<>pkZP
zJKXUKp6R`-eANCFQP0U-Ieo)RJpL|$2LbPrG|e2tm~a221ckBy9A*D3U9vwv8MWCH
z5(4Z_EV4sLyO<h`0e`*hy@bV#_yy0dbpX{(U}H@$^j5;HE~!kE9uoA^^b_H&!fxXF
zeF%+k1fTQ#*&1?a93!WXp?*2Z7<y;@mh5<<dI3o4j@mmJ85UQevLo870mKV^6MgF-
zA}1qwNiK{*!%_yM9;T`qLE(3ydzm)ql2vMngP|^OMn{VLBlsR;*sT7a2sbg`|MLiB
z|JN~zVOe8mXAaR{2WZOT?BC(EY-PRgPz%J)SNKrUtBfoMeh@2j&wHMV^DLuBT7znZ
z4fVI(hbmJdfy#0a!olFF*3h=CAp2%VAjuGHt?ykVZFY&s(-r7aO|c#^aD&L2CcXBQ
zH}VR@0*mS)GOCQq*;3LYXD_}kQo1OVAnUzb<3bb8oso1#J&X$Y6%C5&mYCaT{Q68?
zpLcGaJHxH&gOHu)F?syas3vrM_qp%X2dG-uR#RDSe7hdlsq-31w~_zXTT9E_E%0v^
zKvom8jkqoL==0}iWeJ#du3Ll$dQ00Ov2`_V@dZ6>v4hi9ay;w|vXMZ$bnyOt?(K2u
z`78PtMYCmg4)HQYVZOV8ubx2ND#vfIp~m~o)4zQ$`u6hqNaCEBxz{_yQu<H55jRnB
z1wD6^cU?&J%7NqNuwXon6qv+EO)MC`t$#@C-%KM&BufqVXO=N`OB*QTkK7dJj3LCW
zG9PXwrpV-TaplXiRJ(&8g6R2MM>BT}mgt9ef)J6jGTO-ng++fwqMjALQT3s`)>zBN
z4Dc&hi|*=IhtO-eH!8NJ8T^+9S0*e6hIp45W#+fzW2_;i$KrkMA`aE(7ssOCmIi*G
zdv9!42ZERccQTZO5bNemU-4R`&MuQjByIYy5B>`Kz2>Vb$Q_U*_Q_z6w!L}XjA<e#
z7w>XZ8Vf+~N}4R-n2E|+*OYmx@!IsuO|bx%VvZc?%N>qM9c*XK{P)wWx(1Qfuh~)$
zj5^N7Nm=D8<s>y+^L#D(*_xl7Ow=4Y3>yvEc`l|_(UaIQpQ_gm+KN#Ly*4*HGg4|V
z78AeUkM~Onm%ChWg&f=NSf6c>oI@GNiM7NY{X9?}t#rr7HDcatBW(1idoQLqv?`B&
zS~|t6)Fub_hNJ$(Q^y3Vyfw6e!(Vf(ISvTF>M;Hy;z=~D{~?m`#8jjl)Cw(WtGC5W
zW>lJ`nl1ha@cMyti+ZyjrewC-Q;wQs*O+^&X96j7k}r44hR;60?#?<Lgw;vgP1Wng
z0{fdfB^Za)$aR~w^X#jagmu@&LoLsT%@0H_I+j|zavBLSr}i7kiWSk&?WdKM8om(0
zcjRPr4H9hspsbOHV8?-kv5T0xIXNv>y1z<YYqR%dmqTjBEu>upvku8n8=Xfjj&4qP
zsXf|#k1xaoACgXTZ*P_`dcb7d;*4fWc~*I?<8lhRv{1}j)-)}ym+`z?x{DTq4;Bfk
zc3X*J5Z@p7&i-vrbKI(B?f|{eYpvv*XSrgBO>ioiMO7t*6%g^@;>v>vo>&I82_LW&
z+1o>|(aqO`kxcJf5jCh#o1n^&(&niUKO%-mpYAYn(L+L4R<>cwZ*!s(=iL44AMRIS
zRCo?Ps_YT(kAjy?9;sJC{3(czyKy$e@sC->pgl1I__hm8#aK{Fuynqj=<>s3kFTEb
z?&TBG^yhyIo8%&?b*FagG_z5b9;b;7wa{Nt^&CRgG=%D8ND}TL-()djX~Vt0|N9~8
zv2D%(y<!Jc(p=9SXmFqQH-2>~xLn8YXyO&O0)@BHrw1L}8*Q$KkCC=}0*}2WPkr6f
z+(Yv)Q{~qlS>HWSSh2ea0K9ZyVx_oM;eTZ~<%Bp15zY{?*uQ;BaGpb_BVc`m)u+0B
zn^!Lx28Nie`8MM9h^J1x^!ab(JSKbjfZg*JJ(Wv_o;u3M+_($RTmD~=e*YnS8Hyb2
zabTEw*O#kqOsxT{eB#TKe{!fytR~0e@S2Ie$ZxLxZwb%)3m`!0bEdF%#;JZpAcWZN
zkAj%3o&rq$NN37v|3>Wgj8g=Fjysag4}wV!Sh3E>8<i&YoCWm;7@}BjH*Cy-bS-45
z$IWWpom7<XVFxR*4#x}Rzk7JlRNt3vpK;GW;gIo4+aDWy3}9@{oFM`>1so|rZFzu$
zEs*0f)m=e80k9||Hs`DYwXX97HP5oKNcNP4L?wAe8GrU(j>-hPL8iqZ=8qQuP<(To
zC69Y&;#~$WJkG|w&mbn-Jl3_!)iJdNz5UZ866q0tqS-RB&^-}Dy8w)$_3qb?j4q=R
z@&SM{mXdbB1DW5N)q~eACN7I(QOH=Pl*ClvFdl<XV*9wsWpj;?fzSC0uXQG~vbpiN
z@;+C*MjJYFskV{3)b!Pb$UWuu?#})Ji%glIOzp$(F%~yqAvQh}L&`Q}FG+c2zWEiY
zfsEB!O0&oLvbW?AK<ORk%lmS*NL)<cmKb8McyklQg7&o}ddj=TUtu=s2HFl|5<>nk
zG}zs>%tq9GcZ&-a(xlNQk?6bq%Me%fapR}=8S8t}>tJ1qF|nevYp+_cN)z$;4kdvP
z@fI?w4Un_EGs^*R{0k5AS#Y2-Hd|oH5Gb!;kWVFjx=gQ%hIztH21C8pou)<f=>rAN
zgT&JmtR}U3pcjy0!9q)gZun$JOFg$Mg{M2rCo8cykM-~r-9!ORiA1Y*#~NM$>@rg=
za!jx66ptPIP=3m?-fqMu?7o!gHL>iml}F{MxI6Q3kKxaV!_ngX)i|eGaornjcVG*{
z2&G);$X@h3wvdyEjkSrHM0pG?I+K}f(1?ZqrY|?(K`hftG4;qc4YsnqCnMh2G;SZ1
z@tH9!)+YCDBDzM<!d=GwN=ZvAX@X`F*u3am+XXFoyml3b4NJ~&6hs9*tYp%cqo1C}
z@?~eBlpH2l@>-aZrYGzAu2}SF&Ag%{=0J##bJ!&7D9<KjIwWl0lx_{l6P@Lv#`Fjz
z4;95JU=91eNcts*+hnk!fA(j7OjZO8Tvo|q0}OttJn$Y<sdpnKa6wQrB=<4%F01S7
zKSJ^6DN*W{-kQ|Dv$L1sb5*5=GOh{bmbm89ePMmSYt2aOa?{Czn`jHXzOBkg5xG9G
z{DRPrfdw1Dmysyuo-OsRfh>P4N(ebmSz6VVFzw+j95hW-Eo$U*9zk!tS!^2|{uqRt
zI-(#)f@m_urpT?!I(I(bi1yY!#Z@to-kfM;5{d#f{t^S#heRjWlLVR{qO6tMw&q;u
zk`7}mdBRLt((_8YO|{<k!u=tSV8K#-?>g=ux`@bTNM=2hR4zU+-BY>X-qpKV6o@ro
z13!dRtMBvCMm}ppyC;i8v!*xzGSPo@a7Sm;nd|I^<&77U(GWCCeEH!!q5XCnynz7G
zeea#U>%7}&{^EUF=}a%P-#NMX@2NchG{=O>aRSPQnUYdZ8SNMV#`-^!@gsnXNk>ug
zz=IjZAmVB=9F7E4yc_3&B0s&zp7R8^3fGbe0S6YgHF}~%6*SSq1Nl93&C#g$xJK*J
z)S$rT5HGpm_wk7QKLw`DfvZi?xuJb)Ai?F!gGf?H)i(v*oX=8aQ&{^-8fCl=Isy&H
zoQx{-697a&zWg`~0Lh41ttjT2>Ab2dtfi}H$5pB#JtuurCWas9)5{zue<b|U5pC9&
zafZ|cpL71Xd=8MM7HGf>)MBEU{HRbHTT+$t%Q@9sdk^StBNrzOh?^A^2DwK4(TTZ`
zzKXC8Vd}`<O7EAB3L@w6)xqQNBaqnk9?HWL5CMJ7j5qh=o1_J66T3_DNvI735wR&I
zWs2YTkoGdf7^Y6!Q$?2AT3cNVTs;oLe-s8&R$?xH_Acjx&s=g_1I_*h07~BfxyjRt
z?1IEygtv{~$MNYwyoA{FP4?xhnE50^pTp|A)LZ{bnNQpg{SfTuTqwx}MNMyS8UJXJ
zlD5~fpmSURc<TM}G`R0wLGI*2+ey=`T2}o<j9SM?<i_B^ptMV>a2Pm`KkU(9t^PGx
zPGFIlA{MzReDfdl@dnoGASbDN;5Yzwo>?>okx#Sr4jIKty=h|WUsb$^ehIN;8AuJu
zEHb3wGfK2|-fb=XlSnO-C!nIZ`n&%^%yM#G`HPvu+<&S(F4+}Ku989(RpW2+@!tX$
znfZ*>P?o;EP&V^8;9}UBk-ea2P3>NT5}~EGhK^DaAT=c7?N6O1dB7Lvw?qd(DaRyF
z%E3l1u+1I)R>UJk5wiew*MLCFP<J_CLq)6Ag!SFK-FDbVv7ixL3dGEJ=b`0EF|bp%
zsvc6}(#`@it~W5u>T1>{nY`Gw2&(>>>Y^j!ykU~!hS|xOPb~D)u7B=wJ(l+j&hA$|
zV+k45zNVNQI(PON#oHb#^Klz#6C`X{dkA&WT0K(BZBYEf_K~CGZVal*0v`PO6KU8M
z%dYHl(!NTNYN&Oq)o}Ag^aqh6A@E{GdVkI3K^hoW-d4+9MIVkYePg!|F^WIko4MLE
zR4O8j6fe(#WZlygSgA8Xt|XOn0E|)pxMSQKwh(ey<lvlawt?S9CO>&$)+0b>(7+?E
z-#``jN@LCX6eR(3+{G@CnS62mfB%1EXp2DAFfB51jBVb~PC`jfy0N|hbEaFZ|CErK
z=v*(|f{8Xt#2o$`c=gY+@qfruXN6T}0-gxdLBi@3({E&K`%eV)<<Dc@9%3TFxZV5r
ze#<5O`Ih~UxB&?fXC7c7yI)P!BuIxXQ>jdp<*HV9+%e&groJN!g$Ya$aE=ij-Kdm1
ztgwGDcqf=<r1z%w%<2AnqhZ!8N8X#^=y#ocDQED>7tMjSyv3awx*0VhTA7X7X*fJx
z30wV5Ccp(8W-|9-&Mbyi%op5vOumu6*_$fM=(ZgkwaI$C{FhtqeG6M*sex#>Jy6l<
zL61@Mw8?NhD>in3e0VFQDa1@8C%xnteuh=-QDbhX_Ic<OX3&e}f#0(h-UqRs+O9<2
z*xE7|&CfS^!z1Nl1`1ZLO!NlgO~PkVZV5XixxW=l?&lzW%O*4Udu_Dzu+NtJgP+a`
zc3D>GpNdujiYb(4yBwD6QrYZ|_Ss<BoJr;HWy!F91+CA9ac2RJD$Io7nLg*&Znj|R
zoC3D|h#TrL(TJLp&>ezTaXUkoI3^Mk3t#^hXMd|ZG<GUnNuP4AZHTUm=X8|Eh8evP
z=Bh&p-9ld|`KGMG`Oz3<_Jc61AIo@J$hObX?02<jZ)FKl{aXW~y6qFj1sN+m`yNG?
zVNhd;IypkY?!Q%~t4eFMPXGpEJWqA|r<$^72ru>dBn}cR@@+!hvkw<h6oX}O=4pbs
z#ps7IkZLl{K23J8p<sghGT9V1z!J$*3SZ9VIY}Wp#q?R5gol?sT#ZRBfkpYfR+O<W
ztT^32gBZ!c*;SbH{=Rx=mgg4UF5Wy$SsNNIKo6NAQl_?C#u_}Zy|x|El;V6iU(p5y
zl1LFd#645!Syf%19j-)^mI$_vE^B4z_DQHXK~e9F!M%Zv(QCd3k-BUNf<c=!l6yaN
zF%?+ZdST*koDP2vDgWi~7K#^D8Rzk!FnS)CygYE<R<-YkJPPXvMUMMj8Yo~2+nbq3
zrnRrXTW;M7Ikaos>m@S6^)Y%`cl6u`b<-vTvoSERNGU&8NZR{eQ=f5)pEEz*=~9KU
z@FL6KOwiD6va;lqO%&Bl3orns1*Y*-npFl6*ig?b<32netaWYUF!e{GZbn;=n$4v0
zS^xu_5-7Yr=POJu4c!v$6bZVtxz?>oL$xGsr6nWf?y7}JVG5fXO|iDK?gp0C`uB#o
zmL6~t-XY~}c!#S&_lmpv(tONsjaeEo^*0DTD{=Xz+eo?uLA)N~XHFcp)gPLc%WAHP
zCc+Di7BHqx2duD34C32ae<wQb$a(ypB7!ToUxM5keod6&UeI#C+qj?g8KlXr${{Wo
zOwQ)-=Ztzao`f*U4OOp@>PRDb-x5@SD10&%a|kVFC}T=b2N1S811;d8;R)-@7n)_<
z%QZ<hZb#v%lRM8Ew^a7tuQ>7Z{T7&hYh>a&q#ZmTe~BJk7)J>sH{+^3xMbqJav0yw
z0<cVbaknrt$xJW#1=R}DJKjFd(qB)x?6TV@-t{D>(4*!uxPyE%^?TuM{Y09{yQ80I
z;99*s3Y6N9`fWSfTbLXzS(UA&=dUkTb|<gVQkJ~n=wD_##!4aHdCXPwsMne-${oD)
zVL_^6XrMWyTB+y#%WW=N-@1I2jN7PHSS|9&=c^OGZM1kwVvbwNUltd84%K;;meM5j
zr`Noq70BnR5g!(~s6B-%gF()B=1I4gk2BVLNmNAhNCx3)l)Ih>rf}D#Lk|ZsYVa<E
zaQ5_Gy1#E3qjw)hXN79jjRAL7Y-4S5q{b|u%16K79{!Tjnm&APUtv`$@tM;FXo-%W
zv@BQBB9A{4p#PYE=RKkY*<ID%{5_YQq2T|56^no3#nPRnn6cISN@}}r^)47T3HFh(
zo#|lg({5oK^3qtXhO`?Mg!uyYS-z0pF{63&##M6gY>Q^(UPrb4cSD067451azCM-J
z9@2IiTTP5>z28r&*?ZIj<-fL^4&yX=%Tg0kHqtJ;j3lBVHFhX<Tk6tFj(4~s+n2$c
zu85q)f!;zULDYf<v#*xj!R_^mw!hOG++|`Xf>P)U1(|5MX=kAqO{!--67uIF&r16b
zanMwr2*wjD#>I05ErUX~JEY9m0`&8p$*_wzE#eq@?>`qcs&I0q>3Zw0JI_|i05|o!
zWz(obO``K(m(PK{OH}kQPhvdwfap%Ter1aCo@(&=*!tK((8)@Bl<S6r+lEbfU7jT0
ztTCuC4j1aAZ5{5Ce>bg*2<~U9YON~0ma(TOAK}(0^HA**o*A?DY;u{yHKB=fo<OB>
zM5$-mO?B}$%SK1vF_pAvH_?YSk-SJ9%V&o1<$6%n_WZ0cG~K+{eS#>b?N?BP3eXG-
zgMcn^eXG38O#y+@^%L^r)|cpJO710!j-}r;c$n#m%*)e>j1*c2&J1sK2(?9nTzR9!
zcbTRtqmwn4Lka@S4<{JwQt{OJ)vb=BLX97Z#Esd2P{Wd{8G{UsxbM_zw~<8gT{F*8
z;~MdLN~_qRpixP7E;Rg|HvGk1uq1e4%~Dd-WX(wFoNDV<YO1Qr$!6f1A}2TBO-a4u
zf5cbME25Too7w|KqXWDUxpM0ruF1IoLnwHZDZAX;x#}YwV%_A8dbTyO`tFy_m`On)
zNcWkIMYH?JdZ}8ecB*(v%EMdR=^?LSVd3xBqt#_<J>xOa;=Q|cpUti<yLq#N--5a~
z{GR)U@3G>FOvC)#E)-nQjjRvKPzXyamYgVIXHCY7*?zD&{QVrAs|tob%FO4AicP8V
z3ZdhQ(ik><24p(0xD<U_#>gPicG^FPDAC{dD$Lgl;k~_g;4R0q?v{;ei`nX^xPV}1
z6!JA;(20c-5{y<_FeO=Xdd3*^s7Rca7O<)^&p@z>ybTb$Ym$(fyy%WlB<;pv<a^ay
z(Y5=$sS>1k(zE2Mj%p9u^R9gu#v#1XMDgGqWnl05#F3tnpHU1aIQ-PpV@x#ywUd%r
zZ^`elGBk{QMj2MINDFYuJA2Q>7fii85q@3&yfWc)dyhzMm>(ARGhg;`IHJ`JJofG3
z=(QRRWdSz}Z<wiCdAng?kEg^q@d1~XgP0`HG)+?o7OFM~&-;~~iaGD0Yo1jYD(l}B
zP0PSJr7gINnZI*ROY<U{1y`U_CaJ)Qght3lQ#!&q$!2hI^-WptE|Hv|y@&kRpI@vj
z1)|jPLZEe;N4tBi(G7)Zkh(3GiG4DJ#}B=7WLB_TFteWfT8@I8)#6S0YxaXuCf31r
zP1MG(6*&-x=9G79VjD8(SG+e$Jq(Y%oPU>QqoD0V-7>4V!XckoV?L%}np_W0Duy>$
zaZQXcEyB8g>e7yRmA?#;o`#hRj*jC*C_GM0UVXe!EFKght-6qz>CrD88|ct*#W4s}
zYj&UBIP1l}H1d#L?lW)1Gp4>EZl9LAwAXC8c`$=6>%VT8mX%bl-_OH_N<~LHwM|~O
z{<~g-{kuQRX|y|fOd{n<$x?@g2tg&pSxulzavc340YNcWwe&g5?QFyu-|ejk!iD4t
zOHLw?V%}KV`?@^5#>F<8FZq{0Zu5Rr^)5b$u|B5GX}+9M*an#Jo4BdG{`KL!#MKIs
zwD%Qtx%yWFY%C9J7ia_dD_jg<K&?ZgB4n-clHU~GIiulw#gr=cx^8Mg4}U3jtm2nt
z$F|d?D*wPsxVD&ymICN<S&a7PV`i{Kt6yOn>t9`Is<awY2{R{r<ShB2(Dzk&&ul5-
zxg;-!Dv7FwfNlL;q1s6SG-6Hs!=>7oYe2~#h@Ht=>NLv4j_a~$dB=6-!$70#esPGE
zK5GP$8LV<g>Qh6EuwmPvW{Cy{rXcjgbU@R?Jzy#NH4m0UDq)PPxbvl*!Ni2I#bGYa
zG5re7Ezc%Fk&{0G5q?LP+vlelf@mRSNw6VU%!1iNAJ+QUJs+6)Cg$4{nc{KIv?Vs4
z9Qh{KsZ-=^^>Y_YG;e~Q)2KODk#>q>ke%biZra#f;OxCFC_VD9>T^zCHx;F}XwX}C
z@??qZl>h;2<>#*{;X4V!T^4A!`jf!8w_rvj*V0ResHD;Sxeoq;7%x-lh1p$5jdQKH
zchRqOO)PA}hHDcRI)2Li`+(chs-NvNT*lA2*xzF`&$@<5Bc7d4o1@6-d{@jF^<<gy
zea<AKS01H9zF9o~7ua7&zp7HwQoC!C8H9uT^#GwYvYz`aC4|GUQ~HU;J?Wm`#!%7!
zYOIy<ddK>wLm*sWw%Y%uF_|j6`^BP2R>i7*{Z&vfva2B?ZSi;>0Fd?fG)Eo;OISnx
zIb6YX=NP8^Y5)EooNgj|wO;+>g=aF;%)aTrI)WX>y&h($*s8lR&lUjk^!}sW(m&Ti
z%3>?rWClZzxM;HuNx?Av3wb!E82@h<`hVp-Rvq(**aNq9raVv+#eAd-7yfT{u>WWK
z<^P=Re_?R>|Is197e^ko96HPd1)Mm5PsBX{p9b8%&OAi*zyIrkf3VW%m6R8+{@h$w
M%TN=e{`BR40h(?A_W%F@

literal 0
HcmV?d00001

diff --git a/content/en/docs/getting-started/installation.md b/content/en/docs/getting-started/installation.md
index 8d91368c5..68965ddd3 100644
--- a/content/en/docs/getting-started/installation.md
+++ b/content/en/docs/getting-started/installation.md
@@ -11,18 +11,32 @@ Falco can be used for Kubernetes runtime security.
 The most secure way to run Falco is to install Falco directly on the host system so that Falco is isolated from Kubernetes in the case of compromise.
 Then the Falco alerts can be consumed through read-only agents running in Kubernetes.
 
-You can also run Falco directly in Kubernetes as a daemonset using Helm, see the [third party integrations](../third-party)
+You can also run Falco directly in Kubernetes as a Daemonset using Helm, see the [third-party integrations](../third-party)
 {{% /pageinfo %}}
 
-If Falco is installed using the package manager artifacts below, you will have the following in place:
+There are 2 main ways to install Falco on your host:
 
-- Falco userspace program scheduled and watched via `systemd`
-- Falco driver installed via the package manager (either kernel module or eBPF depending on the host)
-- Sane and default configuration file installed in `/etc/falco`
+1. Falco packages (`.deb`, `.rpm`)
+2. Falco binary (`.tar.gz`)
 
-Alternatively, it is also possible to use a binary package as [explained below](#linux-binary).
+## Falco packages
 
-## Installing
+{{% pageinfo color="secondary" %}}
+
+The Falco packages shipped with `Falco 0.34` support for the first time other drivers besides the kernel module. The new Systemd units' names are:
+
+* `falco-bpf.service`
+* `falco-kmod-inject.service`
+* `falco-kmod.service`
+* `falco-modern-bpf.service`
+* `falco-custom.service`
+* `falcoctl-artifact-follow.service` (related to [Falcoctl](https://github.com/falcosecurity/falcoctl) tool, see next sections)
+
+This is still an experimental solution so our suggestion is to avoid relying on Falco Systemd unit names since they could change between releases. The final idea would be to have a single `falco.service` configurable through usual Systemd logic, but due to how Falco works today this solution is not viable.
+
+Even if different units are available, you shouldn't run multiple Falco in parallel! Our units are not meant to be run in parallel!
+
+{{% /pageinfo %}}
 
 {{% pageinfo color="warning" %}}
 
@@ -30,169 +44,269 @@ On January 18th, 2023 the GPG key used to sign Falco packages has been rotated.
 
 {{% /pageinfo %}}
 
-### Debian/Ubuntu {#debian}
+### Installation details
 
-1. Trust the falcosecurity GPG key, configure the apt repository, and update the package list:
+Before looking at the installation on different distros, let's focus on what we should expect when we install the package.
+The Falco package will look into your system for the `dialog` binary, if the binary is there, the package will prompt a simple configuration dialog, otherwise, it will install the unit files without starting any `Systemd` service.
 
-    ```shell
+> _Note_:  If you don't have the `dialog` binary installed on your system a manual configuration is always required to start Falco services.
+
+Even if you have the `dialog` binary installed, you can disable the interactive prompt by using the `FALCO_FRONTEND` env variable, you should simply set its value to `noninteractive` when installing the package.
+
+```bash
+FALCO_FRONTEND=noninteractive apt-get install -y falco
+```
+
+Let's see an example of how to install the package in a Debian-like system, for example, `Ubuntu`.
+
+1. Trust the `falcosecurity` GPG key
+
+    ```bash
     curl -s https://falco.org/repo/falcosecurity-packages.asc | apt-key add -
+    ```
+
+2. Configure the apt repository
+
+    ```bash
     echo "deb https://download.falco.org/packages/deb stable main" | tee -a /etc/apt/sources.list.d/falcosecurity.list
+    ```
+
+3. Update the package list
+
+    ```bash
     apt-get update -y
     ```
 
-2. Install kernel headers:
+4. Install some required dependencies that are needed to build the kernel module and the BPF probe
 
-    ```shell
-    apt-get -y install linux-headers-$(uname -r)
+    ```bash
+    apt install -y dkms make linux-headers-$(uname -r)
+    # If you use the falco-driver-loader to build the BPF probe locally you need also clang toolchain
+    apt install -y clang llvm
+    # You can install also the dialog package if you want it
+    apt install -y dialog
     ```
 
-3. Install Falco:
+    > _Note_: You don't need to install these deps if you want to the modern BPF probe
 
-    ```shell
+5. Install the Falco package
+
+    ```bash
     apt-get install -y falco
     ```
 
-    Falco, the kernel module driver, and a default configuration are now installed.
-    Falco is being ran as a systemd unit.
+#### Installation with dialog
 
-    See [running](../running) for information on how to manage, run, and debug with Falco.
+If you have the `dialog` binary installed on your system, you should see something similar to this:
 
-4. Uninstall Falco:
+![](/docs/getting-started/images/systemd_dialog_1.png)
 
-    ```shell
-    apt-get remove falco
-    ```
+From here you can choose one of our 3 drivers `Kmod`, `eBPF`, `Modern eBPF` or a [`Manual configuration`](#installation-without-dialog-manual-configuration).
 
-### CentOS/RHEL/Fedora/Amazon Linux {#centos-rhel}
+Here we select the `Kmod` case as an example. After the first dialog, you should see a second one:
 
-1. Trust the falcosecurity GPG key and configure the yum repository:
+![](/docs/getting-started/images/systemd_dialog_2.png)
 
-    ```shell
+[Falcoctl](https://github.com/falcosecurity/falcoctl) is a tool revamped with `Falco 0.34` that offers shiny new features! One of the most important is the [automatic rulesets update]()!
+Our suggestion is to enable it by default, in this way you will always have your Falco instance running with the most updated rules!
+
+##### Rule update
+
+If you set the rule update as default, typing `systemctl list-units | grep falco` you should see something similar to this:
+
+```text
+falco-kmod-inject.service                         loaded active exited    Falco: Container Native Runtime Security with kmod, inject.
+falco-kmod.service                                loaded active running   Falco: Container Native Runtime Security with kmod
+falcoctl-artifact-follow.service                  loaded active running   Falcoctl Artifact Follow: automatic artifacts update service
+```
+
+* `falco-kmod-inject.service` injects the kernel module and exits. This unit remains after exit to detach the kernel module when the `falco-kmod.service` will be stopped.
+* `falco-kmod.service` instance of Falco running the kernel module. Since the kernel module is the default Falco driver, you can also use the `falco` alias to start/stop it once enabled.
+* `falcoctl-artifact-follow.service` instance of Falcoctl that searches for new rulesets. This unit will be stopped when `falco-kmod.service` terminates.
+
+The Falcoctl service is strictly related to the Falco one:
+
+* when the Falco service starts it searches for a unit called `falcoctl-artifact-follow.service` and if present it starts it. Please note that following this pattern, if you enable the Falco service and you reboot your system, Falcoctl will start again with Falco even if you don't enable it through `systemd enable`! You can disable this behavior by stopping the Falcoctl service and masking it `systemctl mask falcoctl-artifact-follow.service`.
+* when the Falco service stops also the Falcoctl service is stopped.
+
+##### No Rule update
+
+In this case, the Falco package will only start the `falco-kmod.service`. Typing `systemctl list-units | grep falco` you should see something similar to this:
+
+```text
+falco-kmod-inject.service                         loaded active exited    Falco: Container Native Runtime Security with kmod, inject.
+falco-kmod.service                                loaded active running   Falco: Container Native Runtime Security with kmod
+```
+
+In this mode, the Falcoctl service is masked by default so if you want to enable it in a second step you need to type `systemctl unmask falcoctl-artifact-follow.service`.
+
+##### Final remarks on the dialog
+
+When you choose a driver from the dialog (in our case `Kmod`), the `Systemd` service is always enabled by default so it will start at every system reboot. If you want to disable this behavior type `systemctl disable falco-kmod.service` (if you are using the kernel module like in this example). If enabled, the Falcoctl service will follow the same behavior as Falco so it is enough to disable the Falco service.
+
+#### Installation without dialog (Manual configuration)
+
+If you remember well, in the dialog we also had the `Manual configuration`. This option installs only the Falco units into the system without starting any service, this is the equivalent of not having the `dialog` binary installed on the system so we will analyze that case in this section.
+
+If you don't want the dialog to start, remember to use `FALCO_FRONTEND=noninteractive` when you install/update packages.
+
+To see an example of how to run some services look at the [Running section](../running/index.md#falco-packages)
+
+### Installation on different Distros
+
+We have already seen [the installation steps](#installation-details) on a Debian-like system, let's see some other Distros.
+
+#### CentOS/RHEL/Fedora/Amazon Linux {#centos-rhel}
+
+1. Trust the `falcosecurity` GPG key
+
+    ```bash
     rpm --import https://falco.org/repo/falcosecurity-packages.asc
-    curl -s -o /etc/yum.repos.d/falcosecurity.repo https://falco.org/repo/falcosecurity-rpm.repo
     ```
 
-    > **Note** — The following command is required only if DKMS and `make` are not available in the distribution. You can verify if DKMS is available using `yum list make dkms`. If necessary install it using: `yum install epel-release` (or `amazon-linux-extras install epel` in case of amzn2), then `yum install make dkms`.
-
-2. Install kernel headers:
+2. Configure the yum repository
 
-    ```shell
-    yum -y install kernel-devel-$(uname -r)
+    ```bash
+    curl -s -o /etc/yum.repos.d/falcosecurity.repo https://falco.org/repo/falcosecurity-rpm.repo
     ```
 
-    > **Note** — If the package was not found by the above command, you might need to run `yum distro-sync` in order to fix it. Rebooting the system may be required.
+3. Update the package list
 
-3. Install Falco:
+    ```bash
+    yum update -y
+    ```
 
-    ```shell
-    yum -y install falco
+4. Install some required dependencies that are needed to build the kernel module and the BPF probe
+
+    ```bash
+    # If necessary install it using: `yum install epel-release` (or `amazon-linux-extras install epel` in case of amzn2), then `yum install make dkms`.
+    yum install -y dkms make
+    # If the package was not found by the below command, you might need to run `yum distro-sync` in order to fix it. Rebooting the system may be required.
+    yum install -y kernel-devel-$(uname -r)
+    # If you use the falco-driver-loader to build the BPF probe locally you need also clang toolchain
+    yum install -y clang llvm
+    # You can install also the dialog package if you want it
+    yum install -y dialog
     ```
 
-    Falco, the kernel module driver, and a default configuration are now installed.
-    Falco is being ran as a systemd unit.
+    > _Note_: You don't need to install these deps if you want to use the modern BPF probe
 
-    See [running](../running) for information on how to manage, run, and debug with Falco.
+5. Install the Falco package
 
-4. Uninstall Falco:
+    ```bash
+    yum install -y falco
+    ```
 
-    ```shell
-    yum erase falco
+6. Uninstall Falco:
+
+    ```bash
+    yum erase -y falco
     ```
 
-### openSUSE {#suse}
+#### openSUSE {#suse}
 
-1. Trust the falcosecurity GPG key and configure the zypper repository:
+1. Trust the `falcosecurity` GPG key
 
-    ```shell
+    ```bash
     rpm --import https://falco.org/repo/falcosecurity-packages.asc
+    ```
+
+2. Configure the zypper repository
+
+    ```bash
     curl -s -o /etc/zypp/repos.d/falcosecurity.repo https://falco.org/repo/falcosecurity-rpm.repo
     ```
 
-2. Install kernel headers:
+3. Update the package list
 
-    ```shell
+    ```bash
+    zypper -n update
+    ```
+
+4. Install some required dependencies that are needed to build the kernel module and the BPF probe
+
+    ```bash
+    zypper -n install dkms make
+    # If the package was not found by the below command, you might need to run `zypper -n dist-upgrade` in order to fix it. Rebooting the system may be required.
     zypper -n install kernel-default-devel-$(uname -r | sed s/\-default//g)
+    # If you use the falco-driver-loader to build the BPF probe locally you need also clang toolchain
+    zypper -n install clang llvm
+    # You can install also the dialog package if you want it
+    zypper -n install dialog
     ```
 
-    > **Note** — If the package was not found by the above command, you might need to run `zypper -n dist-upgrade` in order to fix it. Rebooting the system may be required.
+    > _Note_: You don't need to install these deps if you want to use the modern BPF probe
 
-3. Install Falco:
+5. Install Falco:
 
     ```shell
     zypper -n install falco
     ```
 
-    Falco, the kernel module driver, and a default configuration are now installed.
-    Falco is being ran as a systemd unit.
-
-    See [running](../running) for information on how to manage, run, and debug with Falco.
-
-4. Uninstall Falco:
+6. Uninstall Falco:
 
     ```shell
     zypper rm falco
     ```
 
-### Linux generic (binary package) {#linux-binary}
+## Falco binary
+
+In these steps, we are targeting a Debian-like system on `x86_64` architecture. You can easily extrapolate similar steps for other distros or architectures
 
 1. Download the latest binary:
 
-    ```shell
+    ```bash
     curl -L -O https://download.falco.org/packages/bin/x86_64/falco-{{< latest >}}-x86_64.tar.gz
     ```
 
 2. Install Falco:
 
-    ```shell
+    ```bash
     tar -xvf falco-{{< latest >}}-x86_64.tar.gz
     cp -R falco-{{< latest >}}-x86_64/* /
     ```
 
-3. Install the following dependencies:
-    - kernel headers for your distribution
-
-4. Install the driver as explained [below](#install-driver).
-
-Once the driver has been installed, you can manually run `falco`.
-
-### Installing the driver {#install-driver}
+3. Install some required dependencies that are needed to build the kernel module and the BPF probe. If you want to use other sources like the modern BPF probe or plugins you can skip this step.
 
-The easiest way to install the driver is using the `falco-driver-loader` script.
-
-By default, it first tries to locally build the kernel module with `dkms`. If not possible, then it tries to download a prebuilt one into `~/.falco/`. If a kernel module is found, then it gets inserted.
-
-In case you want to install the eBPF probe driver, run `falco-driver-loader bpf`.
-It first tries to build the eBPF probe locally, otherwise to download a prebuilt into `~/.falco/`.
-
-{{% pageinfo color="warning" %}}
+    ```bash
+    apt update -y
+    apt install -y dkms make linux-headers-$(uname -r)
+    # If you use the falco-driver-loader to build the BPF probe locally you need also clang toolchain
+    apt install -y clang llvm
+    ```
 
-If you are using the eBPF probe, in order to ensure that performance is not degraded, make sure that
-- Your kernel has `CONFIG_BPF_JIT` enabled
-- `net.core.bpf_jit_enable` is set to 1 (enable the BPF JIT Compiler)
-- This can be verified via `sysctl -n net.core.bpf_jit_enable`
+4. Run `falco-driver-loader` binary to install the kernel module or the BPF probe. If you want to use other sources like the modern BPF probe or plugins you can skip this step.
 
-{{% /pageinfo %}}
+    ```bash
+    # If you want to install the kernel module
+    falco-driver-loader module
+    # If you want to install the eBPF probe
+    falco-driver-loader bpf
+    ```
 
-Configurable options:
+    By default, the `falco-driver-loader` script tries to download a prebuilt driver from [the official Falco download s3 bucket](https://download.falco.org/?prefix=driver/). If a driver is found then it is inserted into `${HOME}/.falco/`. Otherwise, the script tries to compile the driver locally, for this reason, you need the dependencies at step [3].
 
-- `DRIVERS_REPO` - Set this environment variable to override the default repository URL for prebuilt kernel modules and eBPF probes, without the trailing slash.
+    You can use the env variable `DRIVERS_REPO` to override the default repository URL for prebuilt drivers. The URL must not have the trailing slash, i.e. `https://myhost.mydomain.com` or if the server has a subdirectories structure `https://myhost.mydomain.com/drivers`. The drivers must be hosted with the following structure:
 
-    Ie., `https://myhost.mydomain.com` or if the server has a subdirectories structure `https://myhost.mydomain.com/drivers`.
+    ```bash
+    /${driver_version}/falco_${target}_${kernelrelease}_${kernelversion}.[ko|o]
+    ```
 
-    The drivers will need to be hosted with the following structure:
-    `/${driver_version}/falco_${target}_${kernelrelease}_${kernelversion}.[ko|o]` where `ko` and `o` stands for Kernel module and `eBPF` probe respectively.
+    where `ko` and `o` stand for Kernel module and `eBPF` probe respectively. This is an example:
 
-    Eg., `/a259b4bf49c3330d9ad6c3eed9eb1a31954259a6/falco_amazonlinux2_4.14.128-112.105.amzn2.x86_64_1.ko`.
+    ```text
+    /a259b4bf49c3330d9ad6c3eed9eb1a31954259a6/falco_amazonlinux2_4.14.128-112.105.amzn2.x86_64_1.ko
+    ```
 
-    The `falco-driver-loader` script fetches the drivers using the above format.
+You are finally ready to [run the Falco binary](../running#falco-binary)!
 
 ## Package signing
 
-Most Falco packages available at [download.falco.org](https://download.falco.org/?prefix=packages/) are provided with a detatched signature that can be used to verify that the package information downloaded from the remote repository can be trusted.
+Most Falco packages available at [download.falco.org](https://download.falco.org/?prefix=packages/) are provided with a detached signature that can be used to verify that the package information downloaded from the remote repository can be trusted.
 
-The **latest trusted public GPG key** used for packages signing can be downloaded from [falco.org/repo/falcosecurity-packages.asc](https://falco.org/repo/falcosecurity-packages.asc). The following table lists all the keys employed by the organization currently and in the past, including the revoked ones. We recommend to update the revoked keys to download their revocation certificate, and eventually remove them from your package verification system due to signature made with them not being trustable anymore.
+The **latest trusted public GPG key** used for packages signing can be downloaded from [falco.org/repo/falcosecurity-packages.asc](https://falco.org/repo/falcosecurity-packages.asc). The following table lists all the keys employed by the organization currently and in the past, including the revoked ones. We recommend updating the revoked keys to download their revocation certificate, and eventually removing them from your package verification system due to the signature made with them not being trustable anymore.
 
-| **Fingerprint**                                     | **Expiration** | **Usage**              | **Status** | **Download**                                                   |
-|-----------------------------------------------------|----------------|------------------------|------------|----------------------------------------------------------------|
+| **Fingerprint**                            | **Expiration** | **Usage**              | **Status** | **Download**                                                   |
+| ------------------------------------------ | -------------- | ---------------------- | ---------- | -------------------------------------------------------------- |
 | `2005399002D5E8FF59F28CE64021833E14CB7A8D` | 2026-01-17     | Signing Falco Packages | Trusted    | [falcosecurity-14CB7A8D.asc](/repo/falcosecurity-14CB7A8D.asc) |
 | `15ED05F191E40D74BA47109F9F76B25B3672BA8F` | 2023-02-24     | Signing Falco Packages | Revoked    | [falcosecurity-3672BA8F.asc](/repo/falcosecurity-3672BA8F.asc) |
diff --git a/content/en/docs/getting-started/running/index.md b/content/en/docs/getting-started/running/index.md
index ca1e702c2..9eac41491 100644
--- a/content/en/docs/getting-started/running/index.md
+++ b/content/en/docs/getting-started/running/index.md
@@ -4,51 +4,63 @@ description: Operating and Managing Falco
 weight: 4
 ---
 
+## Falco packages
 
-## Run Falco as a service
+If you installed the Falco packages using the `dialog` all your services should be already up and running, while if you chose the `Manual configuration` or if you used the `FALCO_FRONTEND=noninteractive` env variable you have to configure services by your hand. Here we show a simple example with the `eBPF probe`.
 
-If you installed Falco by using [the DEB or the RPM](/docs/getting-started/installation) package, then falco systemd service was already started and enabled for you.  
-In case you wish to stop or disable it, issue:
+Let's imagine we want to start the `falco-bpf.service`.
 
-```console
-systemctl disable falco
-```
+1. Type `systemctl list-units | grep falco` to check that no unit is running.
 
-```console
-systemctl stop falco
-```
+2. Now you have to decide if you want the Falcoctl service running together with the Falco one or not. If yes you don't have to do anything, if no you have to mask the Falcoctl service with `systemctl mask falcoctl-artifact-follow.service`. As said [in this section](../installation.md#rule-update) the Falcoctl service is strictly related to the Falco one so if you don't mask it, it will be started together with the Falco service.
 
-Then, to enable or start it back, you would need:
+3. Type `falco-driver-loader bpf` to download/compile the BPF probe.
 
-```console
-systemctl enable falco
-```
+4. Now running `systemctl start falco-bpf.service` and typing `systemctl list-units | grep falco` you should see something like that (supposing we didn't mask the Falcoctl service):
 
-```console
-systemctl start falco
-```
+    ```text
+    falco-bpf.service                                 loaded active running   Falco: Container Native Runtime Security with ebpf
+    falcoctl-artifact-follow.service                  loaded active running   Falcoctl Artifact Follow: automatic artifacts update service
+    ```
 
-You can also view the Falco logs using `journalctl`.
+5. If you want to stop both services in one shot
 
-```console
-journalctl -fu falco
-```
+    ```bash
+    systemctl stop falco-bpf.service
+    ```
+
+### Custom run
 
-## Run Falco manually
+You may have noticed a Falco unit called `falco-custom.service`. You should use it when you want to run Falco with a custom configuration like a plugin or Gvisor. Please note that in this case you have to modify this template according to how you want to run Falco, the unit cannot be used as it is!
 
-If you'd like to run Falco by hand, you can find the full usage description for Falco by typing:
+## Falco binary
 
-```console
+Here you can find some examples of how to run Falco after having [installed](../installation.md#falco-binary) it using the binary package
+
+
+```bash
+# Kernel module (default driver)
+falco
+# eBPF probe
+FALCO_BPF_PROBE="" falco
+# modern eBPF probe
+falco --modern-bpf
+# For more info see all available options
 falco --help
 ```
 
-{{% pageinfo color="primary" %}}
+{{% pageinfo color="warning" %}}
+
+If you are using the eBPF probe, in order to ensure that performance is not degraded, make sure that
 
-Are you looking for userspace instrumentation? Please see [this page](/docs/event-sources/drivers/#userspace-instrumentation).
+* Your kernel has `CONFIG_BPF_JIT` enabled
+* `net.core.bpf_jit_enable` is set to 1 (enable the BPF JIT Compiler)
+* This can be verified via `sysctl -n net.core.bpf_jit_enable`
 
 {{% /pageinfo %}}
 
-## Run within Docker {#docker}
+
+## Docker {#docker}
 
 {{% pageinfo color="primary" %}}
 
diff --git a/content/en/docs/getting-started/upgrade.md b/content/en/docs/getting-started/upgrade.md
index 016974e68..5dcec435c 100644
--- a/content/en/docs/getting-started/upgrade.md
+++ b/content/en/docs/getting-started/upgrade.md
@@ -6,19 +6,24 @@ weight: 3
 
 This section provides upgrading paths for Falco if previously installed following the [Install](../installation/) section.
 
-## Upgrading
-
-According to the installation method you chose, you first have to remove the active kernel module before upgrading Falco to the latest version:
+{{% pageinfo color="warning" %}}
+If you are using the kernel module, please remove it before upgrading Falco to avoid issues during the upgrade.
 
-```shell
+```bash
 rmmod falco
 ```
 
+{{% /pageinfo %}}
+
+## Falco packages
+
+Here there are no specific steps to follow, you just need to type the specific commands for your distro. Please remember to specify the `FALCO_FRONTEND=noninteractive` env variable if you don't want to use the dialog during the upgrade
+
 ### Debian/Ubuntu {#debian}
 
 {{% pageinfo color="warning" %}}
-If you configured the `apt` repository by having followed the instructions for Falco 0.27.0 or older,
-you may need to update the repository URL:
+
+If you configured the `apt` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fill free to ignore this message**
 
 ```shell
 sed -i 's,https://dl.bintray.com/falcosecurity/deb,https://download.falco.org/packages/deb,' /etc/apt/sources.list.d/falcosecurity.list
@@ -30,7 +35,7 @@ Check in the `apt-get update` log that `https://download.falco.org/packages/deb`
 
 {{% /pageinfo %}}
 
-If you installed Falco by following the [provided instructions](../installation/#debian):
+If you installed Falco by following the [provided instructions](../installation/#installation-details):
 
 ```shell
 apt-get --only-upgrade install falco
@@ -39,8 +44,7 @@ apt-get --only-upgrade install falco
 ### CentOS/RHEL/Fedora/Amazon Linux {#centos-rhel}
 
 {{% pageinfo color="warning" %}}
-If you configured the `yum` repository by having followed the instructions for Falco 0.27.0 or older,
-you may need to update the repository URL:
+If you configured the `yum` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fill free to ignore this message**
 
 ```shell
 sed -i 's,https://dl.bintray.com/falcosecurity/rpm,https://download.falco.org/packages/rpm,' /etc/yum.repos.d/falcosecurity.repo
@@ -72,8 +76,7 @@ If you installed Falco by following the [provided instructions](../installation/
 ### openSUSE {#suse}
 
 {{% pageinfo color="warning" %}}
-If you configured the `zypper` repository by having followed the instructions for Falco 0.27.0 or older,
-you may need to update the repository URL:
+If you configured the `zypper` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fill free to ignore this message**
 
 ```shell
 sed -i 's,https://dl.bintray.com/falcosecurity/rpm,https://download.falco.org/packages/rpm,' /etc/zypp/repos.d/falcosecurity.repo
@@ -93,3 +96,7 @@ If you installed Falco by following the [provided instructions](../installation/
 ```shell
 zypper update falco
 ```
+
+## Falco binary
+
+For the Falco binary we don't provide specific update paths, you just have to remove the installed files from the old `tar.gz` and download the new version of Falco as described [here](../installation/#falco-binary)

From 6a8c0cf4c342266943e7ec65018768700e3cac2c Mon Sep 17 00:00:00 2001
From: Andrea Terzolo <andrea.terzolo@polito.it>
Date: Tue, 31 Jan 2023 17:58:42 +0100
Subject: [PATCH 4/5] fix: address some review comments

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
---
 .../en/docs/getting-started/installation.md   | 20 +++++++++----------
 .../en/docs/getting-started/running/index.md  |  6 +++---
 content/en/docs/getting-started/upgrade.md    |  6 +++---
 3 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/content/en/docs/getting-started/installation.md b/content/en/docs/getting-started/installation.md
index 68965ddd3..092ef9af1 100644
--- a/content/en/docs/getting-started/installation.md
+++ b/content/en/docs/getting-started/installation.md
@@ -23,7 +23,7 @@ There are 2 main ways to install Falco on your host:
 
 {{% pageinfo color="secondary" %}}
 
-The Falco packages shipped with `Falco 0.34` support for the first time other drivers besides the kernel module. The new Systemd units' names are:
+The Falco packages shipped with `Falco 0.34` support for the first time other drivers besides the kernel module. The new systemd units' names are:
 
 * `falco-bpf.service`
 * `falco-kmod-inject.service`
@@ -32,7 +32,7 @@ The Falco packages shipped with `Falco 0.34` support for the first time other dr
 * `falco-custom.service`
 * `falcoctl-artifact-follow.service` (related to [Falcoctl](https://github.com/falcosecurity/falcoctl) tool, see next sections)
 
-This is still an experimental solution so our suggestion is to avoid relying on Falco Systemd unit names since they could change between releases. The final idea would be to have a single `falco.service` configurable through usual Systemd logic, but due to how Falco works today this solution is not viable.
+This is still an experimental solution so our suggestion is to avoid relying on Falco systemd unit names since they could change between releases. The final idea would be to have a single `falco.service` configurable through usual systemd logic, but due to how Falco works today this solution is not viable.
 
 Even if different units are available, you shouldn't run multiple Falco in parallel! Our units are not meant to be run in parallel!
 
@@ -47,7 +47,7 @@ On January 18th, 2023 the GPG key used to sign Falco packages has been rotated.
 ### Installation details
 
 Before looking at the installation on different distros, let's focus on what we should expect when we install the package.
-The Falco package will look into your system for the `dialog` binary, if the binary is there, the package will prompt a simple configuration dialog, otherwise, it will install the unit files without starting any `Systemd` service.
+The Falco package will look into your system for the `dialog` binary, if the binary is there, the package will prompt a simple configuration dialog, otherwise, it will install the unit files without starting any `systemd` service.
 
 > _Note_:  If you don't have the `dialog` binary installed on your system a manual configuration is always required to start Falco services.
 
@@ -97,7 +97,7 @@ Let's see an example of how to install the package in a Debian-like system, for
 
 #### Installation with dialog
 
-If you have the `dialog` binary installed on your system, you should see something similar to this:
+If you have the `dialog` binary installed on your system, you will be prompted with this:
 
 ![](/docs/getting-started/images/systemd_dialog_1.png)
 
@@ -107,8 +107,8 @@ Here we select the `Kmod` case as an example. After the first dialog, you should
 
 ![](/docs/getting-started/images/systemd_dialog_2.png)
 
-[Falcoctl](https://github.com/falcosecurity/falcoctl) is a tool revamped with `Falco 0.34` that offers shiny new features! One of the most important is the [automatic rulesets update]()!
-Our suggestion is to enable it by default, in this way you will always have your Falco instance running with the most updated rules!
+[Falcoctl](https://github.com/falcosecurity/falcoctl) is a tool revamped with `Falco 0.34` that offers shiny new features! One of the most important is the [automatic rulesets update](),
+our suggestion is to enable it by default, in this way you will always have your Falco instance running with the most updated rules.
 
 ##### Rule update
 
@@ -142,15 +142,13 @@ In this mode, the Falcoctl service is masked by default so if you want to enable
 
 ##### Final remarks on the dialog
 
-When you choose a driver from the dialog (in our case `Kmod`), the `Systemd` service is always enabled by default so it will start at every system reboot. If you want to disable this behavior type `systemctl disable falco-kmod.service` (if you are using the kernel module like in this example). If enabled, the Falcoctl service will follow the same behavior as Falco so it is enough to disable the Falco service.
+When you choose a driver from the dialog (in our case `Kmod`), the `systemd` service is always enabled by default so it will start at every system reboot. If you want to disable this behavior type `systemctl disable falco-kmod.service` (if you are using the kernel module like in this example). If enabled, the Falcoctl service will follow the same behavior as Falco so it is enough to disable the Falco service.
 
 #### Installation without dialog (Manual configuration)
 
-If you remember well, in the dialog we also had the `Manual configuration`. This option installs only the Falco units into the system without starting any service, this is the equivalent of not having the `dialog` binary installed on the system so we will analyze that case in this section.
+If you remember well, in the dialog we also had the `Manual configuration`. This option installs only the Falco units into the system without starting any service, this is the equivalent of not having the `dialog` binary installed on the system.
 
-If you don't want the dialog to start, remember to use `FALCO_FRONTEND=noninteractive` when you install/update packages.
-
-To see an example of how to run some services look at the [Running section](../running/index.md#falco-packages)
+Since no service is started, you have to manually configure services after the installation phase. You can see an example of how to configure the `falco-bpf` service in the [Running section](../running#falco-packages)
 
 ### Installation on different Distros
 
diff --git a/content/en/docs/getting-started/running/index.md b/content/en/docs/getting-started/running/index.md
index 9eac41491..000575352 100644
--- a/content/en/docs/getting-started/running/index.md
+++ b/content/en/docs/getting-started/running/index.md
@@ -12,7 +12,7 @@ Let's imagine we want to start the `falco-bpf.service`.
 
 1. Type `systemctl list-units | grep falco` to check that no unit is running.
 
-2. Now you have to decide if you want the Falcoctl service running together with the Falco one or not. If yes you don't have to do anything, if no you have to mask the Falcoctl service with `systemctl mask falcoctl-artifact-follow.service`. As said [in this section](../installation.md#rule-update) the Falcoctl service is strictly related to the Falco one so if you don't mask it, it will be started together with the Falco service.
+2. Now you have to decide whether you want the Falcoctl service running together with the Falco one. If yes you don't have to do anything, else you will need to mask the Falcoctl service with `systemctl mask falcoctl-artifact-follow.service`. As pointed out [in this section](../installation.md#rule-update) the Falcoctl service is strictly related to the Falco one so if you don't mask it, it will be started together with the Falco service.
 
 3. Type `falco-driver-loader bpf` to download/compile the BPF probe.
 
@@ -31,11 +31,11 @@ Let's imagine we want to start the `falco-bpf.service`.
 
 ### Custom run
 
-You may have noticed a Falco unit called `falco-custom.service`. You should use it when you want to run Falco with a custom configuration like a plugin or Gvisor. Please note that in this case you have to modify this template according to how you want to run Falco, the unit cannot be used as it is!
+You may have noticed a Falco unit called `falco-custom.service`. You should use it when you want to run Falco with a custom configuration like a plugin or Gvisor. Please note that in this case you have to modify this template according to how you want to run Falco, the unit should not be used as is!
 
 ## Falco binary
 
-Here you can find some examples of how to run Falco after having [installed](../installation.md#falco-binary) it using the binary package
+Here you can find some examples of how to run Falco after having [installed](/docs/getting-started/installation/#falco-binary) it using the binary package
 
 
 ```bash
diff --git a/content/en/docs/getting-started/upgrade.md b/content/en/docs/getting-started/upgrade.md
index 5dcec435c..1f5e9d6a5 100644
--- a/content/en/docs/getting-started/upgrade.md
+++ b/content/en/docs/getting-started/upgrade.md
@@ -23,7 +23,7 @@ Here there are no specific steps to follow, you just need to type the specific c
 
 {{% pageinfo color="warning" %}}
 
-If you configured the `apt` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fill free to ignore this message**
+If you configured the `apt` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fell free to ignore this message**
 
 ```shell
 sed -i 's,https://dl.bintray.com/falcosecurity/deb,https://download.falco.org/packages/deb,' /etc/apt/sources.list.d/falcosecurity.list
@@ -44,7 +44,7 @@ apt-get --only-upgrade install falco
 ### CentOS/RHEL/Fedora/Amazon Linux {#centos-rhel}
 
 {{% pageinfo color="warning" %}}
-If you configured the `yum` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fill free to ignore this message**
+If you configured the `yum` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fell free to ignore this message**
 
 ```shell
 sed -i 's,https://dl.bintray.com/falcosecurity/rpm,https://download.falco.org/packages/rpm,' /etc/yum.repos.d/falcosecurity.repo
@@ -76,7 +76,7 @@ If you installed Falco by following the [provided instructions](../installation/
 ### openSUSE {#suse}
 
 {{% pageinfo color="warning" %}}
-If you configured the `zypper` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fill free to ignore this message**
+If you configured the `zypper` repository by having followed the instructions for Falco 0.27.0 or older, you may need to update the repository URL, otherwise, **fell free to ignore this message**
 
 ```shell
 sed -i 's,https://dl.bintray.com/falcosecurity/rpm,https://download.falco.org/packages/rpm,' /etc/zypp/repos.d/falcosecurity.repo

From e3546dd5a601ef57f5d5c4769d5a29747757fe78 Mon Sep 17 00:00:00 2001
From: Andrea Terzolo <andrea.terzolo@polito.it>
Date: Wed, 1 Feb 2023 18:42:55 +0100
Subject: [PATCH 5/5] fix: some broken links

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
---
 content/en/docs/getting-started/installation.md  | 2 +-
 content/en/docs/getting-started/running/index.md | 4 ++--
 content/en/docs/getting-started/upgrade.md       | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/content/en/docs/getting-started/installation.md b/content/en/docs/getting-started/installation.md
index 092ef9af1..ad50d1cb6 100644
--- a/content/en/docs/getting-started/installation.md
+++ b/content/en/docs/getting-started/installation.md
@@ -107,7 +107,7 @@ Here we select the `Kmod` case as an example. After the first dialog, you should
 
 ![](/docs/getting-started/images/systemd_dialog_2.png)
 
-[Falcoctl](https://github.com/falcosecurity/falcoctl) is a tool revamped with `Falco 0.34` that offers shiny new features! One of the most important is the [automatic rulesets update](),
+[Falcoctl](https://github.com/falcosecurity/falcoctl) is a tool revamped with `Falco 0.34` that offers shiny new features! One of the most important is the [automatic rulesets update](https://github.com/falcosecurity/falcoctl#falcoctl-artifact-follow),
 our suggestion is to enable it by default, in this way you will always have your Falco instance running with the most updated rules.
 
 ##### Rule update
diff --git a/content/en/docs/getting-started/running/index.md b/content/en/docs/getting-started/running/index.md
index 000575352..f07610ef9 100644
--- a/content/en/docs/getting-started/running/index.md
+++ b/content/en/docs/getting-started/running/index.md
@@ -12,11 +12,11 @@ Let's imagine we want to start the `falco-bpf.service`.
 
 1. Type `systemctl list-units | grep falco` to check that no unit is running.
 
-2. Now you have to decide whether you want the Falcoctl service running together with the Falco one. If yes you don't have to do anything, else you will need to mask the Falcoctl service with `systemctl mask falcoctl-artifact-follow.service`. As pointed out [in this section](../installation.md#rule-update) the Falcoctl service is strictly related to the Falco one so if you don't mask it, it will be started together with the Falco service.
+2. Now you have to decide whether you want the Falcoctl service running together with the Falco one. If yes you don't have to do anything, else you will need to mask the Falcoctl service with `systemctl mask falcoctl-artifact-follow.service`. As pointed out [in this section](/docs/getting-started/installation/#rule-update) the Falcoctl service is strictly related to the Falco one so if you don't mask it, it will be started together with the Falco service.
 
 3. Type `falco-driver-loader bpf` to download/compile the BPF probe.
 
-4. Now running `systemctl start falco-bpf.service` and typing `systemctl list-units | grep falco` you should see something like that (supposing we didn't mask the Falcoctl service):
+4. Now running `systemctl start falco-bpf.service` and typing `systemctl list-units | grep falco` you should see something like that (supposing you didn't mask the Falcoctl service):
 
     ```text
     falco-bpf.service                                 loaded active running   Falco: Container Native Runtime Security with ebpf
diff --git a/content/en/docs/getting-started/upgrade.md b/content/en/docs/getting-started/upgrade.md
index 1f5e9d6a5..92abbefaa 100644
--- a/content/en/docs/getting-started/upgrade.md
+++ b/content/en/docs/getting-started/upgrade.md
@@ -17,7 +17,7 @@ rmmod falco
 
 ## Falco packages
 
-Here there are no specific steps to follow, you just need to type the specific commands for your distro. Please remember to specify the `FALCO_FRONTEND=noninteractive` env variable if you don't want to use the dialog during the upgrade
+Here there are no specific steps to follow, you just need to type the specific commands for your distro. Please remember to specify the `FALCO_FRONTEND=noninteractive` env variable if you don't want to use the `dialog` during the upgrade
 
 ### Debian/Ubuntu {#debian}
 
@@ -99,4 +99,4 @@ zypper update falco
 
 ## Falco binary
 
-For the Falco binary we don't provide specific update paths, you just have to remove the installed files from the old `tar.gz` and download the new version of Falco as described [here](../installation/#falco-binary)
+For the Falco binary we don't provide specific update paths, you just have to remove files installed by the old `tar.gz` and download the new version of Falco as described [here](../installation/#falco-binary)