Cracked it?

I attended a local Linux user group this week, at which someone gave a talk on using PGP | PGP. I've previously nosed around, generated a key etc, although I don't think I've ever used it in anger. I went along, was asked to take my signature with me and identification (the key signing party idea). I duly took mine, listened and was asked to sign someone's key. When I got to work I followed the instructions, and was told nothing had shown up on the keyserver. Eventually I studied the man pages a little more, and found the right mantra to whisper to Linux. This made my signature show up, which I duly noted and forwarded to my colleague. He swiftly replied that I'd revoked the key! Not that I recall doing this, but so I had. I then went to my machine at home and tried to repeat the procedure. This is where fate takes a hand. My home machine is where I first produced a private key. Rather than viewing the passphrase as a password, to be entered on a regular basis, I thought it was a one off thing, so for once I chose to enter a significant password. You may guess where this is going. I don't write down passwords, but I do often note hints. So last night I took my hint (four terms, logical combination, a few variants) and a spreadsheet to work through the combinations. I did, and each time gpg politely told me I'd got it wrong.

So this afternoon I calmly gave up on that one, I don't believe there is anything I can do about it. Someone made the suggestion I encrypt the password in an encrypted, signed email to myself. Then I realised I'd need the password to get into the email. Catch 22 in a big way. I now have a key that is valid, unusable and floating. I doubt I'm on my own, but I do feel a bit daft. I can see why people fall back on using the dogs name, or something equally insecure. Roll on biometric passwords.

At least having done it once, and made the notes, I cleared out my keyring, generated a new key, imported my colleagues and signed it, saving both to the keyserver. I also exported it to this machine so I can use the key on this one too

From one of my blogs (Joe Gregario) I picked up on sparklines (see bitworking), which I found amusing and of no use, other than for creating tiny graphics in Python. Then I found this which for me put a whole new light on it. The idea of using glyphs to put over an impression of a trend (something we do quite well as humans) is really insightful. I'm sure this idea could be extended in quite a few directions. I wonder what the RDF brigade could do with them for rdf graphs? Nice one Joe, especially thanks for the Python code. What a language!

Uche (of 4suite fame) has been defending xupdate on xml-dev this week, he's using it to solve a niggling problem when you are writing about XML in HTML, or XML. That of having running code (XML based) which can then be pasted into the article. He implemented xupdate for this purpose. Sort of xinclude with a difference? It seemed to me a natural for that depressing job of inserting another record into table like data, perhaps a log file or similar. XLST is nearly there, but if you are not naturally in an XSLT world, it's not intuitive. Xupdate seems just right for this task. Please insert this record after the element[position()=last()] which is exactly what is wanted. I've yet to find out how it fits with what I have in mind, updating the metadata when an item is inserted into the repository.