Comments for A Blog by Tim Bishop

Comment on Zopa by David

David — Wed, 14 Oct 2009 16:57:29 +0000

The problem of late is the tax issue relating to the HMRC ruling on the treatment of bad debts. Like you Tim i have had some great returns from zopa but as my bad debts increase the tax treatment of them is starting to knock the returns.

Comment on PAM – Locking out accounts when using external authentication by Tim Bishop

Tim Bishop — Sat, 10 Oct 2009 13:45:52 +0000

Hi David,

Thanks for the info. A similar solution to what you suggest is netgroups, or so I’m told. The groups exist within the directory rather than on the local machines.

In my case though it’s not quite how you describe. Each machine points at a separate OU in the LDAP directory. So we can control which accounts can access which machines using our central host management system.

The problem I’m solving is the case where the user account does need to go on the machine (eg. it could be a Samba server), but the user shouldn’t be able to log in.

Using the method you describe would work, but would require additional groups to be created and managed (and there’s an annoying limit on the number of groups an individual can belong to with NFS). Groups in our setup are not currently managed by the central system either.

The route I’ve chosen works using the password field sent by the management system, which we can control centrally. And my LDAP management code can then lock out (or unlock) an account on the LDAP server without ever touching the end system.

Thanks for your comments though, it’s useful to know about other solutions. And it’s refreshing to get a non-spam comment

Comment on PAM – Locking out accounts when using external authentication by David Bell

David Bell — Sat, 10 Oct 2009 11:09:02 +0000

As I understand it, you have a bunch of machines using pam_krb5 for authentication (and also LDAP for NSS). You want some users to logon to some hosts, but not all hosts, i.e. you want to deny some users from logging on to certain hosts?

In GNU/Linux there exists a different approach than the one you have suggested for Solaris/FreeBSD. You can use the pam module pam_access which will then allow you to deny groups of users to logon:

http://blog.evad.info/2008/11/27/manage-access-to-your-linux-systems-via-groups-pam_access/

Sadly Solaris lacks an equivallent to pam_access, such that many people port Linux PAM’s pam_access to Solaris. I don’t believe there is an equivallent under FreeBSD either.

Once you place pam_access in your PAM stack (under “account”) you can use one configuration file in /etc/security/ and you’re done. The security file will remind you how how compat mode used to work in /etc/passwd in the days of NIS. You simply prefix the lines with “-” to deny and “+” to allow.

I hope this is helpful to you, however given its a Linux specific “innovation” which has not been replicated to other free operating systems its usefulness to you is probably limited. This, at any rate, is probably why pam_unix on Linux PAM is less useful than its cousins.

Of course, this should work with external authentication even if “auth” isn’t being consulted because “account” should still be consulted by the SSH Daemon (or some other access system). Let me know if you find a better solution, right now I’m still using NIS at work (shudder) so the problem does not yet exist for us.

Comment on Automating tarsnap backups by Gabriel

Gabriel — Sat, 05 Sep 2009 15:22:30 +0000

Works well on Linux, except tail expect a -n flag before +$DAILY, +$WEEKLY and +$MONTHLY.

Thank you for your script !

Comment on Questions about the Fidelity MoneyBuilder UK Index Fund (MT) by Rimas Balsys

Rimas Balsys — Tue, 11 Aug 2009 02:27:17 +0000

I’m not a die-hard Fidelity fan (having worked in their stats & inv info dept), but I’m drawn to defend them here. There’s no difference between your holdings’ income being reinvested to increase the nav of the Fund as a whole, and your holding’s income being reinvested to increase the nav of just your holding. Mathematically, the two have the same effect on your holding. Although everyone else benefits from your holding’s income, you benefit from from everyone else’s holdings’ incomes.

Comment on Zopa by Tim Bishop

Tim Bishop — Fri, 26 Jun 2009 21:45:32 +0000

Edd – good point about the £10 diminishing over time. I hadn’t thought about it that way, although it’d pretty damn obvious

From what I’ve read on the forums when the money turns to bad debt you’re unlikely to see any of it. They pass it on to their debt collectors, but I think they say you’ll only get a small percentage back, if anything.

Still, if you spread widely enough it should help lessen the blow. I guess it’s just easy to get worried by the bad stories others give on the forums…

Good luck with Zopa, it sounds like you’re doing well!

Comment on A new router (Soekris, Draytek and NanoBSD) by Tim Bishop

Tim Bishop — Fri, 26 Jun 2009 21:39:02 +0000

Cavac – that’s exactly what I did

See this post.

Comment on Zopa by Tim Bishop

Tim Bishop — Fri, 26 Jun 2009 21:31:21 +0000

I just thought I’d follow myself up on this. I’ve noticed a significant improvement in rates recently, so I’m starting to put a bit of money in again. I’m still cautious (in life generally, actually), but I’m enjoying the process.

I still have concerns over the money being locked away for a minimum of three years. It’d be great to see a loans market, but I’m not really sure how that’d work.

Comment on Starting out with investments by Tim Bishop

Tim Bishop — Fri, 26 Jun 2009 21:28:36 +0000

Hi Chris,

Regarding the S&S ISA, I definately think it’s a good idea. Unless you’ve got some other use for the allowance it’s good to make use of it whilst you can. As you say, down the road it may save you from capital gains tax. One other thing I have been thinking about is a SIPP, but the money is definately locked away then, and I’m not sure I understand them enough to make a decision on it yet.

I did go with a tracker fund in the end, and I luckily put my first sum in at the current bottom of the market (by pure chance!). I’m under no illusions that it won’t be a rough ride from here, but the past couple of months have started to look more positive. However, over the long term who knows what’ll happen

Thanks for the recommendation on A Random Walk Down Wall Street, I think it’s on my list already.

Something I’ve found useful lately is listening to podcasts. I have some slots in my day when I’m doing other things but my brain is idle, so I use that time to educate myself. Generally I just listen to news style podcasts like the money ones from Radio 4 and 5, but I also find the Motley Fool ones interesting. I don’t think they’re always directly applicable, but I don’t pick up a lot about the general state of the economy.

Good luck with your investing.

Tim.

Comment on Starting out with investments by Chris

Chris — Fri, 26 Jun 2009 20:37:33 +0000

Hi, I really enjoyed reading your article, I am very much in the same position as yourself and am in the process of selecting a tracker fund, I will suggest you to read A Random Walk Down Wall Street which outlines very well the attractiveness of the index fund versus managed funds. another thing I was considering was about whether or not to place the tracker fund into a stocks and shares ISA, what do you think about this? I think if you are investing long term you get the insurance against capital gains tax – some also have no annual management fees but its something im still researching. I also concur that whilst it is a bit scary as a first time investor like myself to invest in a time when the index is going through the floor, it makes sense when “eggs are on sale, then its time to buy eggs” im in this for the long term too.