I've added a couple BlogEngine Extensions to this site and this post is mainly to test them out.

MP3 player:  Supreme Beings of Leisure - Never the same 

If you liked this post, please be sure to subscribe to my RSS Feed.

I can't quite call it a resolution, but I am going to try to write at least one entry in here per week.  I have a feeling that the topics wil shift more towards self defense and martial arts as it's easier for me to write them since I don't have to worry about formatting code and the like.

 

To that end...

 

How to make a proper fist

The fist is one of the most basic weapons your body has to offer.  Most non-martial artists think that just balling your hand up is good enough, but they couldn't be further from the truth. Punching something with an improper fist is not only not as effective, but can lead to serious injury - possibly even destroying one of your best weapons with your first strike.

 

There is a tutorial available on FightingArts.com that is excellent, but I disagree on one very important part - thumb placement.  The author states that thumb placement doesn't really matter, and mentions how different styles go about it differently.  For the purpose of this article, I'm talking about the basic fist from American Kempo.

 

To make a fist, start with an open hand.  Your fingers should be together.

 

 

Next, bend your fingers at the first and second knuckles until your fingertips are resting on the pads just below where your fingers connect to your palm. 

 

 

Continue to roll your fingers inward until your knuckles form a 90 degree angle.  I find that my fingertips naturally align on the "heart line" of my palm.

 

 

Tuck your thumb against the side of your index finger. 

    

 

Why does thumb placement matter? 

Let's take a look at the physiology of the hand.

 

(Image from Grey's Anatomy)

Notice the muscle groups of the thumb.  When you make a fist and bring the thumb underneath, you're stretching those muscles around the side of your hand.  While it would seem that this would make the fist stronger, it actually does the opposite.  When you bring the thumb alongside the fist, all of the muscles and tendons align together rather than those of your fingers going along the top of your fist and those of your thumb going around and underneath.

 

A simple way to prove this (and one of my favorite "martial arts parlor tricks") is to have someone make a fist with the thumb underneath.  Using one hand to brace the wrist and the other to push down on the top of the fist, you can easily "break" the wrist - causing it to bend.  If you have the person move the thumb to the side of the fist, it becomes much harder to do so.  This translates directly to how strong your fist will be when you actually hit a target with substance.  If your wrist rolls during a punch, chances are you're going to sprain it pretty badly and you could even cause permanent damage.

 

An added benefit is the time it takes in making a fist.  I tend to leave my hands open while fighting unless I'm actually throwing a punch.  That microsecond difference between bring the thumb around and tucking it to the side means that I can keep it relaxed longer, only tightening it on impact.  It also helps prevent getting caught on clothing as there is no point in which your thumb is separated from your fingers.

Do you agree?  Disagree?  Does you style use a totally different type of fist?  I'd love to hear about it in the comments.

If you liked this post, please be sure to subscribe to my RSS Feed.

I know. It's been a while since I've written an entry.

After MS ASP.NET AJAX and the AJAX Control Toolkit came out, I lost interest in the control I had written. However, I saw this video on Digg (you can always see a list of what I've Dugg lately in the righthand column) and wanted to share.

Her name is Satoko Shinashi, her record is 24-1-2, and she is truly amazing. I would love to see her fight in person.. though I have a feeling it would be over quickly. I really wish more women were featured in professional MMA here in the US. Watch a bunch of her fights on YouTube

If you liked this post, please be sure to subscribe to my RSS Feed.

Finally.. after many modifications, the AJAX AutoComplete for ASP.NET 2.0 web user control is available for download.  This web control contains a text box. As you type in the box, suggestions fill in a drop down, very similar to Google Suggest. 

There are many configuration options, so if you are looking for a quick fix, you shouldn't have to get your hands too dirty.  On the other hand if you're looking for a base to build on, all of the C# and javascript code is included - hack away to your heart's content. If you make something cool, leave a comment and let me know about it. 

The styling for all of the components is done with CSS contained in an external file.  All you need to do is set the control's properties to the class names for each element.  There are other display options, optional features like AutoPostBack, case-sensitivity, server-side caching and other search options as well.  For more information on what you can do, read the documentation.

Or if you're one of those people who are more of a hands-on learner, you can play with the demo which is also included in the .zip file.

Download the Visual Studio 2005 Solution .zip file (18k)

I designed this control to be very easy to use, however it does assume you have a working knowledge of ASP.NET.  I will do my best to answer any questions, but the software is offered with no guarantees.


If you liked this post, please be sure to subscribe to my RSS Feed.

I've noticed over the past few days that I've been getting a lot of hits on the AJAX Autocomplete post I made, so I've decided to package up what I've done into a downloadable and reusable user control.  At the moment, I'm taking a lot of the options I had hardcoded (case sensitivity, whether it autocompletes based on "Starts with" or "Contains") and creating them as Parameters.

Check back soon for an update or better yet, subscribe to the RSS feed to know when it's been released.

EDIT:  It is now available - More Information

 

If you liked this post, please be sure to subscribe to my RSS Feed.

Edit: 4/12/06

I'm going to make this available as a download as soon as I have it cleaned up.  See here for more details.

Edit: 4/21/06: It is now available - More Information

Tonight, I was able to get my category AutoComplete feature working using AJAX in ASP.NET.  I have a query text box that fill the matching categories into a textbox as you type, similar in idea to Google Suggest.

Here's how it works..

As you type, the onKeyPress event is triggered, sending the query back to the server in the background.  On the first call of the page, it checks the Cache to see if the category list is already loaded.  If not, it goes out to the database and loads it into a Generic List object and then saves that object into Cache.  If it is located in Cache, it just grabs the Cache Item, casts it to List<string> and uses that.

Then I take what the user has typed so far and use List.FindAll() to find all matching values. Since it's coming out of memory most of the time, it's pretty fast.  There also aren't many categories, so even when it needs to go out to the database, it doesn't take too much time. Once it has all of the matching values, they are concatenated with commas and sent back to the client side.

The Javascript then takes that string, splits it along the commas and adds a new line to the textbox.

function fillAutoComplete(result, context) {
    fields=result.split(',');
    var txtAutoComplete = getObj('AutoComplete');
    txtAutoComplete.obj.value='';
    for (var i=0; i<fields.length; i++) {
        txtAutoComplete.obj.value += fields[i]+'\n';
   }
}

Currently, I have it just filling a textbox for test purposes, but eventually, it will be in a clickable dropdown.  The key to this is making it easy for the user to select a category of food to either add to their daily diet tracking or for the classification of custom foods.  This UI interface is a great blend of browsing and searching.  As you type, a search is performed which progressively limits the items you have to browse through.

It's coming along.. slowly, but surely.

If you liked this post, please be sure to subscribe to my RSS Feed.

I know I have been neglecting the self-defense aspect of this blog lately.  I'll try to keep it more balanced.  Today, I helped one of my fellow students test for his black belt.  I received mine about 2 and half years ago.  Unlike other dojos where testing is a formality where you perform a kata in front of a panel of judges, our test are hard.  Really hard.  3 Days Long Hard.

Unfortunately, I can't tell you more about it.  Our tests are closed door.  Nobody except the people testing and black belts are allowed into the test.  No parents, no spouses, no spectators.  Today I was an uke, which translates roughly as "human punching bag".  I attacked while my partner - who was the one testing for his black belt - performed the technique.

There were 3 other people testing and they all worked hard and they all did really well.  One point, we were free sparring 3 vs 1 on the testees.  Afterwards one of the other people testing came up to me and asked if I was a black belt from this school.  I told him that I was.  He asked if I had trained anywhere else and I said no and asked why he asked.

He told me it was because I didn't fight like anyone else he's fought against in our school.  Most people come in on you quickly, take a couple shots and then get out quickly.  Very common when you train sport karate or point fighting.  You get in, score your point and get out.  It's very controlled.  He said I came in like a truck.. there was no stopping, no jumping back out.  I came in hard and just kept coming, blocking when I needed to and striking every chance I could.

I laughed and explained to him that was because of my instuctor.  Within my school, my class has a certain reputation of being the people who like to fight.  The ones who don't mind getting banged up.  We train as if it were a real confrontation.  You don't want to punch an attacker a couple of times and stop.. you want to finish that fight at any cost, and that's the mindset we train with.

Though I study Kempo and there is limited grappling involved, in my class a lot of fights end up on the ground.  Why?  Because that's how a real fight goes.  There's nobody there to say, "Stop!" when someone trips or someone grabs you around the legs and takes you down.  We try to fight each other the way we would fight in the street because we all want to have faith that if we really did have to use this stuff that it would work.

Don't get me wrong, we're not trying to hurt each other.  The punches are still pulled a little and there's good sportsmanship all around.  But the strategy and the intensity is more like a real fight than a classroom.

They (and I'm using sweeping generalizations here, there are plenty of individuals who train the same way we do) don't have that mindset in a lot of the other classes.  My class is probably the smallest in the school because it takes a certain masochism to actually want to get hit.  In helping out this morning, I got two minor bloody noses and peeled a decent chunk of skin off of pinky toe via rug burn while getting thrown.  It happens.. you need to fight through it.  I'm used to it from being a little more rough and tumble and I know that if I get in a fight and someone gets a lucky shot that I can take it.

I find that many people who study in another class will come to ours because their instructor has told them to go to my instructor to "learn how to really fight".  And they'll come in with gorgeous form and perfect technique.. and get mauled by most of the people in our class.  That mindset is all they're missing.. but it doesn't take long to beat them into it.

 

If you liked this post, please be sure to subscribe to my RSS Feed.

Finally.. I've made it through the nutrition database for TrueWeight and normalized all the data.  There's still some work to do on assigning the foods to categories.  I'm trying to decide between putting them in one-to-one heirarchical categories or using a one-to-many approach.  I'm leaning towards the latter.  Though it will make the back end a little messier, it will make the foods easier for the users to find and after all.. the main goal of this projects is to create something that is easy to use.

Next step will be creating the actual interface parts to select and add foods to the daily menu.

 

If you liked this post, please be sure to subscribe to my RSS Feed.

So I got an email today...

NOTE: The addresses have all been changed.

The email was a delivery failure notice from a Yahoo address I didn't recognize. It was a Paypal phishing scam. You get them all the time.. "We're updating our records, please log in and verify your account"...

===========
Return-Path: <myemail@hotmail.com>
Received: (qmail 89555 invoked from network); 13 Feb 2006 23:22:35 -0000
Received: from unknown (HELO User) (11@buyerbwhere.us@68.17.xxx.xx with login)
by smtp106.biz.mail.re2.yahoo.com with SMTP; 13 Feb 2006 23:22:29 -0000
Reply-To: myemail@hotmail.com
From: support@paypal.com<myemail@hotmail.com>
Subject: You have added new email address to your account
Date: Mon, 13 Feb 2006 17:22:29 -0600
===========

I did an nslookup on the from IP and got adsl-068-017-xxx-xxx.sip.mob.bellsouth.net. Great. I know the message came from a Bellsouth DSL subscriber. I contacted their abuse team and filed a report saying that one of their users most likely has a backdoor virus and is being used as a zombie mail relay for a fraud spammer.

Continue further down the email...

===========
glasshk32@comcast.net> and if you need assistance with your account, please click here to login to your account.
===========

So the person had a bad address in the link but left the email address in the message. Quick check on that led to this. That's the exact email I got, only I have HTML off, so I just saw the code. The screenshot at the bottom is of the page that you see when you click the login link above.

The address the link is to is http://xxxx.us/redirect.html. A whois lookup of the domain gives us John Doe. I gave Mr. Doe a call at the phone number listed and asked him why his website was pointing to a Paypal phishing scam. He wanted to know why he kept getting these calls. He claimed to have never heard of the website - even though it's pretty much his last name. He confirmed that the contact info was his, but denied all knowledge of the site. I advised him to run a virus scan on his computer.

Since Yahoo is the domain contact, I sent an email to their abuse team as well advising them of the situation. Maybe the guy is innocent, but since he's listed as the contact and the site is so close to his name, I doubt it.

.. which brings us to actual redirected page : http://999999999:89/ssl/index.php. 999999999 is an IP address in DWORD format. If you convert it back into its decimal form, it's 24.11.xxx.xxx. Do an nslookup of that and get c-24-11-xxx-xxx.hsd1.mi.comcast.net. File a report about it with Comcast's abuse team.

I looked at the page.. almost all of the links call a javascript function that loads a fake login page. That Javascript removes your address bar and then creates a new one with a paypal address in it.. so that it looks like you're at Paypal. That page asks for your Paypal user/pass and when you put that in, it asks you to confirm your credit card number, complete with box for "PIN verification". I had logged in with a fake name, and I put in fake credit card info here. I know a bunch of test credit card numbers that validate a mod10 check from using them at work to test the apps I write. Once you submit that page, it cleverly redirects you to paypal's site and logs you in.. so you'd never know it happened.

At this point, I had found the machine actually hosting the scam. Comcast is mostly a home service, so I did some more poking around. I noticed that it was running PHP, so I typed in a fake page name to see if it would give me an error. It gave me the default apache error message and listed admin@zzzzzzzzz.net as the contact. Whois on that showed nothing, so I figured it was made up.

I then tried port 80- the default HTTP port - since the URL was calling 89. I got a prompt to log in, so I tried the Guest account, but it was denied. I canceled that and noticed that I got back an IIS error message.. meaning that was a Windows box. Either port 89 is forwarded to another box on the network, or someone is running IIS and Apache and PHP on the same box.

I tried doing a Remote Desktop.. and got a Windows 2003 Server log in screen. I've never been a great hacker, so after trying to crack that with a couple of brute force dictionary attack tools I found (that work on Terminal Services connections), I gave up. That's the only part that kills me (though in retrospect, it's a damn good thing since then I would have had access to the stolen info and would have fucked myself). It would have been awesome to take control of the web server, just to say I did.. I didn't get that thrill, but it did give me another piece of the puzzle.. the computer's name was BREAKxxxx.

The Apache error message I got also had the version, so I looked up some Apache/PHP exploits. I noticed a lot of them had to do with OpenSSL. I tried the IP address as https at port 443 - the default SSL port. I got a certificate acceptance button meaning SSL was installed, but the certificate was made on that machine and not signed by any Certificate Authority. I viewed the details of the certificate and lookie there.. the company was listed as breakxxxxonline.net. I tried http://breakxxxxonline.net:89/ssl/index.php and there was the phishing page.

Jackpot.

The name on the cert was close enough to machine name, and the URL worked. That ties someone there to it, since it's on their network and most likely involves 2 computers since someone had to either route that traffic or installed Apache and PHP on a Windows box.

Since there was nothing at http://breakxxxxonline.net, I went to http://web.archive.org and Google's cache to see what used to be on the page.. Looked like it used to be the website of a legit company.

I did a whois on that and got the contact info, then called Network Solutions (since they were the registrar) and filed an in-depth report, explaining it all. They said they would be getting in touch with me once they resolved it. I really want to find out what happens. I wonder how much follow up any of those companies - Yahoo, Comcast or Network Solutions - will actually do on this. I'm not claiming to be some super sleuth or have extraordinary skills, but it'd be pretty cool to think I broke up a spam phishing ring, even if it only means one less message for my filter to process.
If you liked this post, please be sure to subscribe to my RSS Feed.

The button I created for the new Google Toolbar to post links to del.icio.us was accepted and is now in the Tools section of the Button Gallery!

If you liked this post, please be sure to subscribe to my RSS Feed.