
Enjoy!
Here's random stuff related to what I am working on or interested in during my work day or in my personal life. I'm a nerd. The content will be nerdy.

There has been a lot of talk about index funds in the last six months.
Warren Buffett recently said he recommends you, and his wife, don’t pick your own stocks, but simply “buy an S&P 500 low-cost index fund”.
I recently heard on the news that at least 60% of the money in the market is in index funds.
Some Wall Street types are referring to Index fund investors as “dumb money” and worrying that no one is looking a company stats any more.
I am not going to talk about these things. They are for more nuanced investors. I am just a fairly smart guy who is a bit risk averse and likes things that make some sense.
We know we should not pick our own stocks unless we really understand the business sector that a company is in and the performance metrics of the business. Very savvy investors even look at management teams and may even compare them to the management teams of rival companies. Most of us to not have time to do that for more than a company or two. We can’t even look at one whole market sector, let alone the whole market. It really does make sense from this perspective to look at index funds, but wait…
We are also told to diversify our portfolios. All the more reason to use an index fund. Only…
We are also told to not put all our eggs in one basket. We should have a good speared of U.S. and foreign stocks, we should have a lot of different business sectors. There are international index funds, so we are covered there too.
BUT WAIT
You and I probably thought that if we bought an S&P 500 Index fund that we’d be getting a good mix of the S&P 500. WRONG!! All your eggs are in one basket! If we look at just the top 25 holdings, 12.5% of your portfolio in in Tech stocks! That’s right, the index is weighted, usually by market cap or some sort of adjusted market cap. If you go down the list, the top is dominated by Tech, finance, pharmaceuticals, and finance
Breaking down your ownership by sector in the top 50 of the S&P 500.
|
Sector |
% |
|
Aerospace |
0.64 |
|
Consumer Goods |
2.77 |
|
Finance |
6.13 |
|
Insurance |
0.87 |
|
Oil |
3.02 |
|
Pharma |
4.28 |
|
Retail |
0.56 |
|
Soda |
1.61 |
|
Technology |
16.4 |
|
Telecom |
2.96 |
|
Tobacco |
1.44 |
|
(blank) |
6.8 |
|
Total |
47.48 |
That’s right, just under 50% of your investment in 500 companies is in only 50 companies, and a very unbalanced 16% is in the tech sector. If we look at the bottom 50 companies, you only have 1.4% in them.
As always, these are just things to consider. I have no useful money advice.

“My password is expired so I can’t login, but I need to RDP in to change my password!”, is the cry we constantly hear.
This happens when your users login to their local machine using one account, but need to RDP into to a machine using another account in a different domain. This is often because the systems they need to work on are in a different domain in order to segment access. Think Corp creds for email and HR vs prod creds for the company’s web sites.
NLA is not really a security control, it simply changes when you authenticate. With NLA on, you authenticate (using CredSSP) before getting the remote session and GUI. This is designed to reduce the load on the server. This however removes a user’s access to the login GUI where then can change their password at login.
Everything you are likely to find on this issue will tell you that the issue in Network Level Access (NLA) being required for RDP. NLA is not supposed to be required by default, but I have seen and heard that it often turns on on domain join. I have seen this even though there was no GPO setting it. (We are both wrong, but I’ll get back to that later) This could be related to all sorts of build and domain join automation. If you have the issue, why is not particularly important. You will just need to go and set the GPO or edit the registry on the machine or via GUI.
“Mark, I made the change, but I still can’t get in!!” That’s right, you can’t. NLA probably wasn’t even turned on. As I mentioned above, we were wrong. So why can’t we login and change our passwords‽ We can’t change our passwords because most RDP clients, such as mstsc.exe or rdcman.exe, just assume NLA is on and try to authenticate you first anyway. This fails and you are kept out.
You need to tell your client not to use CredSSP for your connection. If you are implementing your own RDP client via the activeX library MsTscAx.dll, set EnableCredSspSupport to false.
One caveat is that there is no way to send the password anymore, say from your local cred manager or a password management tool. You will have to type the old password once and the new password twice, so it’s a bit of a pain.
Don’t let your password expire…
The Tyranny of Network Level Authentication and CredSSP