ICS/Lotus (mostly), Linux, Travel, Skiing, Mixology, and Random Musing of Interest

"Let’s Get Ready to Logjam!" -- The Need to Know About This New Exploit

Bill Malchisky  May 22 2015 12:35:00 AM
Logjam (CVE-2015-4000) is the latest server exploit hitting the nation (world). In scope are 8.4x10**3 of the top 1x10**6 websites and 14.8% of mail servers in the IPv4 address space as per weakdh.org. The cause is a weakness identified in the Diffie-Hellman key exchange (explained here and here), with the exploit reported early by Ars Technica.

The root cause goes back to the 1990's. Recall when products like Lotus Notes had a North American encryption flavor and an International encryption flavor. That ended when encryption standards were lowered and the two offerings merged, for example. It helped the Feds crack encryption overseas, but now average users have incredible computing power available to them cheaply. Thus, algorithms can be broken with significant ease today, that were nearly impossible to do so 20 years ago. I expect more exploits of this nature in the months ahead.

"Logjam shows us once again why it's a terrible idea to deliberately weaken cryptography"
-- J. Alex Halderman, a key scientist behind the exploit's research, posted at https://weakdh.org



Work-around and a Solution

Initially, server administrators should disable support for DHE_EXPORT ciphersuites, as they downgrade connections of the Diffie-Hellman variety.

The solution for Logjam is akin to POODLE in that TLS is the way to go. Companies like Red Hat and IBM offered TLS solutions for POODLE and the Logjam research team provided a document on how to deploy correctly Diffie-Hellman for TLS.

For your browsers, jscher2000 in Silicon Valley, CA, via a mozillaZine Logjam post offers a four step process to Disable insecure ciphers.
"(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste ssl3 and pause while the list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)
(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)"
Then, test the success with the Qualys SSL Labs test in the next section.

Paul Farris, earlier this week, wrote a blog post on Domino SSL Ciphers, which is located here.


Establishing your Risk

Clients

Web browsers should be updated shortly (as of this writing). Internet Explorer on Windows 10 was the first to have a patch. Firefox and Chrome are in the works. Check here for clarity. As of this morning (21 May 2015), my browsers were still at risk.

Image:"Let’s Get Ready to Logjam!" -- The Need to Know About This New Exploit
For checking browsers beyond Logjam, Qualys SSL Labs has a browser check here which checks three key vulnerabilities, the protocol support and features plus cipher suites utilized

Servers

The TLS deployment document has a Server Test, which is easy and free to use. Here is the link. Just scroll down to the Server Test section. I tested many known sites and found that many were safe from Logjam style attacks, (which is on-par with the sub-ten percent of sites in scope), they could be further secured with Elliptic-Curve Diffie-Hellman (ECDHE).

Image:"Let’s Get Ready to Logjam!" -- The Need to Know About This New Exploit

They also offer two suggestions for many common application server programs (e.g. Apache, OpenSSH). The researchers also suggest that all your TLS libraries are patched and set to reject D-H Groups < 1024-bit in size.

Checking Servers

More detailed results are available from these two free resources
1. An open source site entitled SSL Decoder is available to decode well as you surmised a site's SSL connection. The output is robust and the licensing allows for use internally, so start testing;
2. Qualys SSL Labs' SSL Server Test - which provides links to additional information on each exploit tested, with several linked resources on each information page.

A side point to know is that DSA-1024 bit signing keys are quite insecure and should be at 2048 or higher, with 4096 recommended where possible. If your keyrings are light on the encryption bits, make a plan to get them upgraded this year.

Notation: Know that the client fix may block some websites lacking current updates. Thus, it is a good idea to ensure that your company site is current on web security patches.



Red Hat to the Rescue

Upon learning of the threat, Red Hat did their own research with threat assessment and published their security bulletin on this exploit. The good news is that RHEL 6.6+ and 7 are NOT vulnerable to Logjam, but if you are running early RHEL6 versions (get them patched -- see advisory RHBA-2014:1525) or RHEL 5, then you are vulnerable. Specifically, RHEL 7 omitted by design export-grade cipher suites in their initial release--offering piece of mind to those that upgraded early.

To their credit, Red Hat made it clear early that they will not update the default cipher list in RHEL 5, so you need to upgrade to at least RHEL 6.6 to be safe. I do like a vendor that gets to the point quickly in an unambiguous manner. Everybody wins with this type of communication, from my perspective.

SUSE has a security bulletin with some information on resolutions, located here.


Additional Reading

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice -- outlining specific attacks and how the researchers broke the 512-bit DH group
Logjam Attack Proof of Concept Demonstrations -- which lists the susceptibility to each of the three attack styles
Guide to Deploying Diffie-Hellman for TLS
Logjam: TLS vulnerabilities (CVE-2015-4000) by Red Hat
MITRE CVE's Logjam dictionary definition
NIST NVD's entry (National Vulnerability Database)
"Logjam TLS Attack (Weak Diffie-Hellman) and Novell Products"

Train Tips for European Traveling -- Chapter III

Bill Malchisky  April 22 2015 12:30:00 AM
This year I needed to travel from Zurich, Switzerland to Ghent, Belgium by rail. In contrasting the route through Paris two years ago, I decided to take a chance and transfer instead in Cologne, Germany.  This post describes the lessons learned and useful tips to make your next rail experience even better.

As I needed to work and needed to increase the chances for power, I chose first class end-to-end on this trip. The rates were reasonable enough that the service upgrade proved cost-effective on my route, which is quite unusual I learned. Note that information on previously reviewed trains --- two years ago --- included second class, which is in contrast to this year's experience and updates.


Route

1. SBB IC from Zurich to Basel
2. Transferred to the DB Bahn ICE through Germany via Cologne to Brussels
3. From Brussels to Ghent I transferred to the local Belgian rail line IC (express) for the last segment
This route proved excellent overall with fast and easy connections.


Swiss Rail -- SBB

The Swiss train chosen is different than last year's service to Thusis via Chur. The IC express to Basel in 53 minutes. Very nice trains, comfortable seats, and power on some of seats. The one-by-two seat configuration allowed groups of four to sit together facing each other or two people to share a table if sitting against the window on either side. Just wide and deep enough for a 15" laptop with the power brick to lay alongside. Comfortable and impeccably on-time.


German Rail -- DB Bahn ICE

I last utilized the DB Bahn during the 2006 World Cup, so it was interesting to see the changes in the past nine years.

To increase my changes to work unimpeded, I sat in the quiet car, which worked well for me. In speaking with German colleagues at my conference, I learned that all 2nd Class seats have power now on ICE, so that is a good tip and definitely saves money on rail fares.

The seven hour journey did not disappoint from a rail experience, but know that just because they offer a Boardrestaurant or Boardbistro does not mean you will get food. In my case, the first train lacked water in the food card, so they had no hot meals, just sandwiches on a mobile food cart with water, juice, coffee, and some spirits as I recall. The second trip (2.5h) lacked any food beyond meat-based sandwiches (fine for some, but not for vegetarians). The German diet is mostly meat based, so the lack of sandwich variety met my expectations--a perfect time to dive into my travel food bag.

If you require customer service when booking your tickets, know that e-mail is their preferred option and in my case took three business days (plus the weekend) to receive a response. Thus, before booking your tickets, double check every detail. Otherwise if you were to make a mistake when purchasing your ticket and unless you purchased well in advance, you might have to seek assistance upon arriving at the train station and wait on line there before boarding your first segment's train.

On-board WiFi

When looking at trains two years, ago, I commented in my first train tips post that DB Bahn wanted to include WiFi on their trains out of Frankfurt; as this trip routed via Cologne and did not travel to Frankfurt, I am unable to accurately comment on WiFi progress therein. But know that WiFi on my route was non-existent and remains today a problem in much of Europe with all trains. For this reason and my train experiences over the past three years, I must confidently state that the US' Amtrak Acela service and regional trains in the northeast are significantly better in this regard.

Train Station WiFi

As the Cologne's station's WiFi refused to send me an SMS access code for the free Internet--which meant no Internet access during my time there. If you lack a data card for your smart phone, you need to know that you might have problems getting the mobile rail ticket to display on your phone (app specific). As a hedge against a no ticket situation with a short transfer, pre-print your ticket before leaving so you have it on your person and no matter what happens, you can board safely.

Note:
In the Zurich and Basel rail stations, getting WiFi proved easy and reliable. As long as you have a cell phone to receive a text message (SMS), you can get online. This doesn't work with WiFi only tablets, so be warned that you need a cell phone to retrieve the code (which you can then enter on your tablet) in these stations too.

Transfer Times

If you see station with a four minute connection window, it is actually reasonable to make your connecting train, but best to get a map of the station first so you know where to go. Small transfer times can be managed easily in Germany and Switzerland. Belgium can require more walking, so it is best to check the map. As a goal, the transfer time is based upon what is reasonable for a local traveler to be able to accomplish sans rushing. How much luggage that includes remains unclear, but if you require red cap services (luggage porter) at each station, then look for a longer window.


Pricing and Payments

Swiss trains offer Super Saver fares on certain trains, for sub-14 day purchases, which are dramatically cheaper than the normal fares. If the desired train is expecting low to medium occupancy, wait. Caveat, ticket is pre-paid, and can not be changed. In this case, you need to  either buy another ticket or get a ride.

Belgium train tickets now accept American Express, MasterCard, and Visa at the rail station. At the time of this writing, they still allow both micro-chip and magnetic strip cards, so if your credit card company has yet to replace your card with increased security, you are fine. The payment option expansion are a nice change since the 2013 trip.


Summary

Traveling via DB Bahn is hands-down easier to go from Switzerland to Belgium than via the TGV. The Cologne transfer over the Paris transfer alone (see Tip 4 below for the painful details) warrants due consideration for this route. The Belgian rail experience improved dramatically by removing the Belgian only bank card rule for non-cash payments. In Germany, even if you travel in first class does not mean that you get a meal on the German trains. And you can of course forget about WiFi on-board. I do enjoy traveling by rail and found this route and connections to be easy, efficient and cheaper than air travel. Looking forward to my next rail adventure. Overall, one of the better train travel days I had.

In a future post, I will contrast Acela to the European trains as a means to offer more tips for non-locals of the northeast United States, and way to incorporate it into your rail travel to reduce costs when flying to the US..
.

Additional Tips

1. Read The Man in Seat 61 for specific tips on your chosen city pair. It is a lot of information to keep current, but overall, he is on-the-mark and provides an invaluable collection of rail knowledge. Mike Smith suggested that site two years ago, and it proved valuable on many levels.
2. Rick Steve's Travel Tips: Trains & Rail Passes
3. Train Tips for European Traveling - Part II (2014)
4. Train Tips for European Traveling (2013)

Ten Behaviors That Could Kill Your Career

Bill Malchisky  April 13 2015 11:30:00 PM
A few weeks ago, Jack Welch wrote an article for the Daily Mail covering common pitfalls stalling one's career. Many items listed were taught to me when I worked as an employee or through customers along the way, thus, I appreciated his wisdom. If you have not read the piece, I wanted to share it. Perhaps you know someone that can use the information to better himself or herself in their current job, or apply an item below to your own aspirations.

I find point three is particularly important. To paraphrase a customer from about 18 years ago, "Come to the table with solutions, otherwise you are being spiteful." I always remembered that point (and glad I had a solution).

The excerpt below is included verbatim from the article.


If you recognize your own behaviors here, make it your mission to change them - before you have to. In time, you’re likely to see your career move from a stall to a soar.

1) Misfiring on performance or values - Overcommitting and under-delivering
2) Resistance to change - Failing to embrace new ideas
3) Being a Problem Identifier vs a Problem Solver
4) Winning over your boss but not your business peer group
5) Always worrying about your next career move versus focusing on the present
6) Running for office - it’s totally transparent to everyone but you!
7) Self-importance - exhibiting a humorless, rigid attitude
8) Lacking the courage and conviction to push back on the system
9) Forgetting to develop your own succession plan for when you get promoted
10) Complacency - you’ve stopped growing.

Jack Welch is executive chairman the Jack Welch Management Institute, where he is directly involved in preparing MBA and Executive Certificate program graduates to transform their companies and careers.

If you’re experiencing a stalled or faltering career - and most of us do at some point or another - take a good look in the mirror. Are you guilty of exhibiting any of these common behaviors?

http://www.dailymail.co.uk/ushome/strayermanagement/article-2943312/Business-guru-Jack-Welch-warns-common-pitfalls-getting-ahead.html

How To Kill a GHOST: The Next Vulnerability

Bill Malchisky  April 10 2015 12:10:00 AM
The first big vulnerability for 2015 launched during IBM ConnectED. With conference and presentation prep the past several weeks, I checked Planet Lotus to see if GHOST was previously covered. Not seeing any posts, I wanted to write about it now.

In my opinion, this vulnerability gained less traction than POODLE and Shellshock due to the limited scope. GHOST (CVE-2015-0235) impacts the glibc gethostbyname() and gethostbyname2() calls. Applications using DNS resolution are primarily impacted, but any application utilizing glibc is a potential issue. As most non-hosting companies do not offer public DNS servers, the crisis is somewhat muted especially as the risk becomes internal only. However, the issue's importance became escalated on several sites in my opinion, due to the ease of which one can exploit the vulnerability--which I will intentionally leave undisclosed in this post.

It is important to note that IBM Domino is NOT affected by GHOST.


Additional Reading

Common Vulnerabilities and Exposures' official write-up on CVE-2015-0235, including scores of references links
National Vulnerability Database's summary via the NIST is here, revised 6 April 2015
ZDNet's GHOST article


Checking The Vulnerability

Using the Red Hat Access Lab glibc (GHOST) Detector, one can quickly and easily ascertain the risk. This detector provides a small shell script which you run locally. Just change the permission to add executable access, then run the script. The results will tell you if you are vulnerable or not.
Note: this tool only works for RHEL, CentOS and RHEL based systems


Other options include, the Cyberciti post, and using OpenWall's C script


Fixes

To address this vulnerability, you just need to update the glibc version. If you have a fully patched system, this is trivial. If you have lagged on upgrades over a period of time, you might have several dependencies needing resolution. Each major distro has a page on this issue, with a suggested fix for their build.

Red Hat -- they offer a fix for RHEL4 - RHEL7, with a caveat for RHEL4. They also suggest performing init 6, but recognize that is always less than convenient, so they provide a temporary method of restarting public facing processes in-scope. The full process list running glibc using the older glibc version, viewed through this command:

lsof +c0 -d DEL | awk 'NR==1 || /libc-/ {print $2,$1,$4,$NF}' | column -t


SUSE -- Issue announcement , their bugzilla report and resolution page
Canonical's Ubuntu -- Security Notice USN-2485-1, their CVE-2015-0235 reference sheet, and Wiki reference sheet
CentOS
Debian Linux -- DSA-3142-1, addresses their eglibc, which is their version of glibc
Oracle Linux
Cyberciti.biz -- general testing and fixing for Linux distros with several included flavors

Product Specific -- Red Hat's rhev-hypervisor6 security update

IBM Specific Product Technotes

Technote 1696618 covers their Security Proventia Network Enterprise Scanner product and lists a product fix
Technote 1696526 covers their Security Virtual Server Protection for VMware with includes fixes
Technote 1695835 covers their Security Access Manager for Enterprise SSO Virtual Appliance
Technote 1696243 covers their WebSphere Transformation Extender with Launcher Hypervisor [for RHEL]
Technote 1696602 covers their PureApplication System
Technote 1696600 covers their Workload Deployer
Technote 1695860 covers their QRadar SIEM, QRadar Risk Manager, and QRadar Vulnerability Manager products
Technote 1696546 covers their Tivoli Access Manager for e-business
Technote 1697649 covers Domino not being in-scope

IBM's Product Security Incident Response site lists all of the IBM GHOST related Technotes

Flying SWISS? Avoid Selecting These Seats

Bill Malchisky  April 6 2015 12:30:00 AM
Just providing a perspective to those that travel, based upon my recent experience. If this helps someone have a more comfortable flight in the future, than I am happy to write about my trip.

Airbus A330-300 Trouble Seats

The SWISS Airbus A330-300 configuration is losing its luster, included in that is seat 24B--completely substandard. As SWISS decided to place the entertainment system controls inside rectilinear solid cases below every seat in the main cabin, some aisle seats have significantly less foot room than you might expect and thus, less storage space during take-off and landing. Aisle seat 24B is the worst I experienced on SWISS. My laptop bag which fits under many seats sans issue, could not fit under the seat in-front of me (23B). The flight attendant moved my bag to a storage unit opposite 22D.

Making matters worse is that the aisle shifts slightly at row 23, so the support bar for seats 23A/B is offset making the space under 23B smaller than 23C across the aisle. So, if you remove your shoes, your feet and shoes can't occupy the same space simultaneously, unless stacked. I understand that if you have tiny feet and shoes, this relaxation annoyance may not be an issue. For guys with big feet, it is a problem.

Next, the space between seat 24A (to the left) and the fuselage is 3". Overall, just a poorly engineered seat configuration. Trying to get up from 24B sans grabbing the top of 23B when 23B is fully reclined is quite a feat requiring expert yoga moves if one lacks arm strength--complicated by the lack of floor space and shifted arrangement. Getting to the bathroom from this seat is hardly trivial for tall or big people.

As a courtesy, if you sit in 23B, don't stretch your feet onto the bulkhead in-front of you to recline further... that just forces the open table into the mid-section of the passenger behind you. If said passenger has ample proportions, I can only extrapolate to the level of discomfort they would experience.

Bathroom Impacted Seats Aplenty

This plane only has four (4) restrooms---between rows 28 and 29---for 183 coach seats and zero at the rear galley--surprisingly. The aisle seats five rows beyond (29-33 B/D/G/J) and two in-front (27-28 B/D/G/J) are perpetually filled with people, making for a less than relaxing flight for those seated passengers. The Seat Expert and SeatGuru listings cite rows 28 and 29 as potentially suboptimal; I believe the issue extends beyond those two rows. My seatmate and I observed throughout much of the flight, problems with the restroom queue filling the aisle. In fact, when I visited the rear galley five people stopped by asking if I was in queue for the restroom there--but there was not one there to their surprise. This plane really needs two restrooms at the rear of the plane to make the aisles less occupied.


Summary

If you fly SWISS and have the Airbus A330-300 configuration, avoid seat 24B along with the opposite aisle 24J for the same reasons. Skip the restroom seats, and row 45 next to the rear galley and you have several good seat options remaining in the main cabin.

Finally, I submitted this feedback to Seat Expert and SeatGuru as in my opinion they lacked complete information for this plane configuration.


Bonus -- Flight Attendant Call Button Issue

I'll also add that with this plane, if you depress the flight attendant assistance button, it is passively displayed in the rear galley. The crew only knows assistance is needed if they are looking right at the LCD console. I observed this when visiting the galley later in the flight and saw their interaction with the wall mounted console. Some planes have an audible control so that an in-aisle attendant knows to look for an at-seat attention indicator.

My neighbor had a spill and we sought assistance to get some napkins. I ended up getting up, going into my bag in the overhead bag and pulling some tissues and a napkin from that bag. Five minutes later the attendant arrived.

So if you need help on an Airbus 330-300, walk to the rear of the plane. It's faster and less frustrating. Makes me long for a Boeing 787 Dreamliner, quite honestly... more shortly on that experience.

Running Traveler 9.0.1? Hold off on that Upgrade for Now

Bill Malchisky  April 3 2015 06:54:38 AM
Saw a few colleagues communicating on a recent upgrade issue with Traveler 9.0.1.3. Once resolved, one may choose to author a more detailed blog post, but I wanted to at least offer a place holder hopefully to save you time and keep your end users happy.

If you are running Traveler on Windows 2008 R2/64bit with Domino 9.0.1 FP3 HF241 underneath, you might want to delay holding off til resolved. Traveler can crash every few minutes in this configuration (as of this writing). (Other hot fix levels may be in-scope, but unreported and uncertain currently.)

This issue seems isolated to this exact version of Windows and running Traveler on Linux appears for now to avoid the matter.

Engage 2015 was Exceptional -- Plus New Domino Script Released

Bill Malchisky  April 3 2015 02:30:00 AM
Image:Engage 2015 was Exceptional -- Plus New Domino Script Released
This year, the Engage 2015 crew accepted my abstract to present at their conference in Ghent, Belgium, for which i am grateful. The experience overall proved gratifying on many levels.

First, the top-notch planning and execution by Theo Heselmans and his team proved quite exceptional. From the amazing city and venue to the flow of the event. Details properly covered and enhancements seen throughout the event all proved to be well received. With 30 sponsors this year, Theo's Engage by BLUG brand is well received and to me is recognized as a means for vendors to connect with both prospects and customers. I wish continued success to him and his event.

Next, Ghent proved wonderful as both a host city rich in history, a beautiful layout full of town squares and churches, plus and an easy location to location. The venue really proved to be something special: fo`r example, the speakers' room's ceiling being painted in c.1230 AD.

Looking forward to learning of next year's event and submitting an abstract.

On that note, I posted the slides for my presentation -- The BASHing Admins: The ICS Shell Scripting Class. I enjoyed speaking before a wonderful group of attendees who wanted to learn to be more efficient at work through scripting and get more done in less time on their Linux systems.


Finally, during my session, Daniel Nashed launched his latest Domino Start Stop script with systemd support. He appeared for the launch to answer any questions, while also receiving a well deserved ovation for his scripting excellence contributions over the years. You can get latest code at http://tinyurl.com/dominostartstop

Overall, just an exceptional experience and thrilled to be a part of it.

Image:Engage 2015 was Exceptional -- Plus New Domino Script Released

The 2015 Linux Jobs Report Is Out -- Strong Demand Continues

Bill Malchisky  March 5 2015 04:42:27 PM
"Unstoppable Linux Job Market Shows No Signs of Slowing Down"

The Linux Foundation in cooperation with Dice released their March 2015 Linux Jobs report. In a phrase, growth for Linux professionals remains strong once again and is growing stronger. If you are looking for a new opportunity, or to expand your existing skill set, Linux is a great way to do that. As I reported in 2013, the trend line for Linux talent progressed upward from 2012 through 2013 and that remains true today. Cloud services, mobile devices, application servers, perimeter devices, security tools, smart appliances all use Linux. In fact, most pro-Windows techs utilize Linux in their daily lives and just may not realize it. The market permutations are expanding due to its quality, ease of use, and ability to work with just what you need for your task at hand (e.g. micro-installations). Plus, the price is more than reasonable too.

This year's report is available here. It is free, but you do have register for the download.
The Linux Foundation's press release is available here.
Dice's press release page is here.

Three key bullet points from the report
1. Nearly all hiring managers are looking to recruit Linux professionals in the next six months
2. The rise of open cloud platforms is creating even more demand for Linux professionals with the right expertise
3. Linux-certified professionals will be especially well positioned in the job market this year

Remember, "Employers are hungrier than ever for Linux talent." (Page 3). Don't get left behind: learn Linux and stay marketable.


Training Available
If your or your company is interested in training your ICS administrators on how Linux can work with your company, or to learn how your company save money by using Linux on some of your servers, please let me know. I have an extensive track record with Linux training and would thoroughly enjoy helping people learn Linux, and provide a perspective on decreasing costs. Thank you for your interest.

"Age is Just a Number..." -- George Jedenoff; 97.5 Year Old Skier In Another Inspriational Interview

Bill Malchisky  February 19 2015 11:00:00 PM
Last year, I commented on George Jedenoff and how much he loves to ski. Well, the passionate 97 -1/2 year old skier returned for another year of carving at Alta, Utah and did another interview with the Ski Utah crew. The adventurous Mr. Jedenoff skis trees, has a great relaxed form, and loves Wasatch powder. This year, he answered several questions from Ski Utah readers and provided fun candid answers, on longevity, diet, how he preps for each ski season, and how he finds ski buddies. An inspirational four minute video that may just make you smile.


"Age is just a number. If you let the number bog you down, you are going to bog down. You forget about the number, and live every day with what you got, you are going to last longer." --George Jedenoff

IBM ConnectED (LS15) Saturday Community Events Time Changes

Bill Malchisky  January 24 2015 11:38:36 PM
Due to the overnight and morning rain, I started working on logistical changes to get the day's Community events included with minimal overlap to other already scheduled Saturday events.

This should serve as the Master Schedule for now... as due to traveling to this event, the wonderful teams for the Totally Unsupported IBM Notes Session Database  and  the AngularJS and Domino demo site. by Mark Roden and Mark Leusink, will not be able to get their sites updated in-time, which is completely reasonable and inappropriate to ask with such short notice.

Saturday, 24 January 2015
Soccer Saturday - 11:30 AM to 1:30 PM
BALD - 2:00 PM (ish) to 5:30 PM
ESPN 7:30 PM til 11:30 (Unchanged)

Note: All locations remain the same.

There is a lot going on today (24 January) outside of these events. As such, I am happy that we can work with Mother Nature and still enjoy our day with friends before the event commences on Sunday.

Powered by IBM Lotus Domino 8 | Lotus User Group | Get Firefox! | This blog is listed on Planet Lotus   IBM Certified

© 2010 William Malchisky.