Even though I’ve written several times about martial arts training, including describing InfoSec as a Martial Art, I find that I’m at it again!

While most of my martial arts training has been karate (Wado-ryu, and Goju-ryu), I have had some exposure to Judo, Ju-Jitsu, and Aikido, along with some Yoga, which I would describe as “martial arts adjacent”.

Recently, however, I’ve shifted my training from karate to Tai Chi, and am really getting a lot out of it. As I’ve mentioned before, “martial arts” covers a spectrum from “true” martial arts (ie, military and law-enforcement training, focused on efficiently killing or neutralizing a target), to martial ways (ie, balanced between self-improvement and self-defence), to martial sports, which focus mainly on competition.

Needless to say, this is all highly subjective, and depends on both teachers and students. The key is to be honest with yourself about what you are putting into your training, what you hope to get out of it, and to ignore about 99% of the rubbish available on the internet.

Tai Chi is actually an excellent example of this. There are a wide variety of types, schools, and training methods. It should be noted that, while Tai Chi is a fully-developed martial art, it appears that the vast majority of students who are training in “Tai Chi” are practising components of the art, which lose many of the practical self-defence applications. As noted above, this is perfectly fine – so long as teachers are honest about it, and students understand what they are learning about.

In my experience, most people who practise Tai Chi are focused on health and exercise, especially around balance and breathing. This is perfectly fine, unless you are pretending (or deluded into believing) that practising breathing and forms, along with some “pushing hands” (partner drills which focus on balance and sensitivity), are sufficient for effective self-defence. And it’s even worse if you buy into “chi” or “qi” as anything other than breath training and a useful metaphor for intent and focus.

I’m finding it a great form of exercise, breath training, balance training, and an excellent companion to the other training I’ve done over the years. For clarity, I consider myself primarily a “martial wayist” – I’m not much interested in competition, but I have been hit a few times, and have done a bit of practical self-defence training as well.

(And for anyone wanting to claim that MMA is the best and that traditional martial arts are rubbish, I have three other letters for you: TBI)

One important feature of any sort of training is to make it as realistic as is practical. In martial arts, training, this often includes things like balancing forms, drills, sparring, and striking drills. If you never actually punch anything, you’d most likely break your fingers or wrist if you were to do so IRL (In Real Life).

Which brings us to another martial art – programming.

As I’ve mentioned before, coding is an art-form that fights back, and it’s also something you can practice safely (for the most part – malware coding and such are exceptional cases).

After a long time away from “real” coding (mostly in Pro*C and PL/SQL), a few years ago I tried to learn a bit about PHP and built a functional Kanban board on the LAMP stack (Linux, Apache, MySql, PHP). I learned a lot, but one of the decisions I made at the time was to write “functional” PHP, rather than “object-oriented”. I think it was a good decision under the circumstances, but it meant that I was “only” learning about how to use PHP to write traditional code, rather than trying to build a “modern” application.

And then, recently, I decided to try again. After spending time learning a bit about Python, I was debating whether or not I should try to build an updated Kanban board in Python, but I later decided to try and learn Rust, obviously because I’m a masochist.

This time, however, I wanted to build a full-stack application, using a “modern” development paradigm. This requires learning both the language (which has a notoriously steep learning-curve) and a new way of thinking about web development.

I started with some research, which included The Rust Lang Book, a playlist which goes through it (by Let’s Get Rusty), and then a Yew Tutorial (including building a ToDo list app) by Brooks Builds, along with a shout-out to Mike Code, who I also found helpful. For the design, I’ve been using the Atomic Design methodology, partly because it’s used in the Brooks Builds tutorial, but also because I find it a very interesting approach.

I started by going in parallel with the tutorial, but quickly encountered situations which caused me to branch out in a number of ways. For example, in order to avoid a direct object reference, I decided to add a UUID as a user identifier, so that it’s not possible to simply increment the user ID to locate the record of another user.

Then, when I encountered some “weird” errors in trying to duplicate some code, I discovered that the library used in the video had been updated, and I needed to do some re-tooling to get things working.

For this side-research, I used AI to help. I found it very useful for identifying things like typos and version incompatibilities, or how-to guides on certain features I was struggling with, but it also tried to lead me down some silly rabbit-holes – most often trying to confidently offer code which would not work on the current version of the software, or going around in circles from A -> B -> C, and then back to A. At present, I think AI probably has a lot of utility for experts trying to review and troubleshoot, but has a long way to go before it starts generating code which is functional, efficient, and secure. Maybe more on that later.

It will be a long time (if ever) before I can truthfully say I feel comfortable with Rust, but it’s been an amazing learning experience, and far more than I would have been able to get trying to duplicate a tutorial or even trying to use Rust to build an “old fashioned” application.

I may provide some screenshots at some point in the future, but I just managed to get the login page working again – after some issues which were a “great learning experience”. Let’s go with that, rather than “maddening and frustrating”... Sounds better.

It’s a learning experience, like being kicked in the head. Right?

Cheers!