All posts by wichita.sao

Spread too thin

A symptom of aiming to please each group that I’ve interacted with in my life was that I have split myself up and spread myself too thin. I’ve generated and worked in multiple personas depending on who I’m around at a given time. As a result I’ve never fully been open with anyone which has ended up as a recipe for being awkward and alone.

My Cambodian family self is separate from my American schooling self. My Martial Artists self is separate from my Video Gamer self. My Computer geek self is separate from my Car geek self. My own family self is separated from my work self. Add on top of that I have an entire very private side of myself that I’ve kept mostly closeted, and I do mean closeted – my orientation.

A big part of the crossroads I’m at is that the family self, the parenting and the maintaining of a household and marriage was a full time 24×7 responsibility. It left very little room for the other pieces and, as I struggled to enjoy those other aspects and interests, I still kept things cordoned off and separated. I burned out and worse I failed at my responsibilities and I failed to commit 100% of myself to my family.

Everything was in their neat little boxes, until the house of cards just came tumbling down. I now ask myself, why did I keep everything in those boxes? Cowardice? Fear of not being accepted or fear of being judged by any one of those groups? Laziness for not putting in the effort to put all of those aspects of myself on the table with everyone I met?

Sure the fear might have made sense in the days when folks still made jokes about “other people” but those times have passed for the most part, despite the social divide that we face today. The laziness is admittedly a character flaw. Perhaps it was pride, in each of the boxes I had one or two things I was really good at, I suck at taking praise, but fear showing weaknesses lest they detract from the accomplishments.

No good reasons at all for spreading myself too thin, so now I’m writing this to try to figure out a path forward. Suck up the effort and put it all on the table. Realize that I need people in my life that care about me no matter what and, if any of it is offputting, then those aren’t the people I need in my life.

So, to lay out the cards good/bad/TMI in order to stop the split and the burnout:

  • A Cambodian American, the firstborn of my family in this country
  • A person struggling to be socially and professionally functional with no example, rulebook, or guidance on how to navigate American society and norms from my predecessors.
  • Emotionally intelligent from all of the experiences of introspection and self-consciousness over the years; if I want to be accepted for my idiosyncrasies, I damn well should be open to accepting and empathizing with those of others.
  • A brain hardwired for engineering that includes overanalyzing and a need to optimize everything, even things that you just can’t optimize.
  • An incessant need to improve myself and the things around me, computers, electronics, home renovations, woodworking, martial arts, cars, my view of the world, the list goes on…
  • …but only able to focus on a few at a time
  • A person that tries to put others before himself to a detriment.
  • A person that doesn’t subscribe to one person being better than another as a whole. There may be aspects where one person can be more talented than another, but there are likely just as many aspects where that is reversed.
  • Anxious in social situations with a reasonable amount of desire to run away
  • Confident in my individual abilities
  • A fan of anime and manga stemming from a misguided youth of trying to find anything Asian related for me to make a connection with
  • Proud that I’m a black belt and ashamed I don’t still actively practice
  • [heterosexual]——————————–[bi]—————————–[homosexual]
    |——————–queer?———————-|
  • [masculine]————————————————————–[feminine]
    |——–here?———|
  • Likely watch too much pornography because of repressing the prior two bullets.
  • Desensitized to just about everything, not much can be offputting to me other than closed-mindedness
  • I’ll try just about anything once
  • I think anything can be healthy with the key being moderation.
  • Avid Video Gamer as an escape
  • Self-conscious that many of my interests betray my age and what my maturity level should be

Change to the blog

I haven’t updated this site since 2017 and I doubt any of the content is relevant any more. As such I’m archiving all my old posts and making this more of a personal journal/space for my thoughts. If that sounds interesting to you…I’m sorry, if it doesn’t, feel free to ignore this site going forward.

I am not deleting any old posts, so if you really need any of those old SharePoint nuggets, they are still there, just under the SharePoint nav link above…if you’re still using SharePoint 2013 or older…good luck, it loses life support next year.

My own worst enemy

I’m sitting here at a major crossroad in my life I never expected to be at left wondering, how did I get here? I feel like I’ve worked so hard to have a decent career, have a good income, provide for my family, and generally not do evil. How is it that I’ve ended up separated for a year, searching for a divorce mediator, and questioning so many aspects of my life?

I think the answer lies in questioning why have I done everything I’ve done up until now? Why did I work so hard to have a decent career? Why was income important to me? Why did I work so hard to be a family man when I’m realizing there are aspects of it I was just not in lockstep with my partner for?

Fundamentally, much of it was the pressures I was feeling from outside of myself. I am the child of an immigrant family. A family uprooted and thrust into a society they knew very little about, refugees from a civil upheaval in their home country. Escaping a situation where one could be killed simply for being well educated, or even just wearing glasses for that matter. I can only imagine that at the forefront of adjusting to a new country with two young children that their main concern was that everyone fit in, didn’t stand out, didn’t make waves.

As such those values of “fitting in” were ingrained in me from the start and all throughout my life. But what is fitting in? When I was split between my life outside of the house, just trying to keep lockstep with my peers as an American and my home life, expected to fulfill familial duties and expectations I was never even exposed to. What is fitting in, when you’re told not to stand out, but in order to succeed in corporate America, you have to stand out from your peers as having something they don’t?

In today’s context, how do I promote and live by an ethos of diversity, equity, inclusion, and justice when I come from a background of fitting in and not standing out? I don’t feel it’s a scenario unique to myself, but likely shared with anyone that feels like an “other” to varying degrees. And just as everyone is unique, so too is their approach to handling their situation.

For me, up until this point in my life, I’ve chosen the path of least resistance. I have tried to fit in with what I perceive as social norms. Get good grades, get a decent job, have a wife and kids, buy a house. I’ve done all of those things and I’ve been lucky to have had that opportunity. But again as I sit here going through a divorce, no longer in that house I worked so hard for, not being a part of my children’s lives in the way I always saw myself as being, and I can only blame myself.

I realized that I’ve failed at all of those because I’ve never allowed myself to just be myself. I’ve invested so much into trying to check all the boxes I never asked, are those the boxes I really wanted to check? How do I invest myself in anything when I don’t even know what it is I have to invest?

I have been extremely privileged to have had the opportunities to achieve what I have. I have no regrets that I met, married, and still continue to have an extremely intelligent, diligent, and honest best friend. No regrets that I have two extremely intelligent, happy, and charismatic children. The regret I do have is that I have not been able to give them 100% of myself, 100% of what they deserve.

So, now at this crossroad of a major regret, I’m trying to flip the script. I am no longer concerning myself with what is normal, what is expected, what is fitting in. I’m taking the time to truly figure out what will make me happy and who am I as a person. To take the harder path because I already know that I may be met with resistance and criticism, possibly from some of my own family. But, there are a handful of people that I want to always be a part of my life and to be a part of theirs. The very least I can give them at this point is 100% honesty, and that starts with figuring out and being honest with myself.

SharePoint 2013 – Office + Claims

With newer releases of IE and Office, we’re seeing more and more of our SharePoint sites using claims authentication present users with login prompts directly in Office applications. As a security best practice, we avoid leaving persistent cookies around on end user devices. The only issue with this is that when a user attempts to click on a link to an office document, Office will often try to directly open up the file directly from the SharePoint site as opposed to local cached or downloaded copy. When it does so, it will not be able to “share” the authentication session and there will a fresh login prompt. Depending on the level of customization of your SharePoint site, and the inner workings of your trusted identity provider; your user may never get to the document. In any case there are a lot of extra clicks and a poor user experience.

So, how do we get back to the old ways where a user is prompted with the download dialog, Open/Save/Cancel.

Block all of the “enhancements” that have been added to IIS to let IE and Office “discover” that you’re on a SharePoint site.

In IE9 and IE10, IE will see that the mimetype is an office document, launch said office prodcut, and send along the document URL.  At this point Office says, well, lets check this URL to see if it really is SharePoint.  Office will execute direct http requests with the HTTP Verbs Options and Propfind which (assuming you login) SharePoint responds well to and says, yeah sure I’m a SharePoint site.  Office then gives the user options for checking in and out directly from the Office client

Fix: Block the HTTP verbs Options and Propfind HTTP Verbs

IE11 makes use of a newer response header called X-MS-InvokeApp.  This tells IE hey, this is an Office Document, hosted on SharePoint, and you should invoke whatever office application you have.  If it happens to the full MS Office suite, lets go ahead and try to open in integrated mode.  On top of that, just to be sure Office will also execute a HEAD http request and check the response headers itself.

Fix: Remove/rename the X-MS-InvokeApp response header in IIS and also block the HEAD tag. (in addition to the IE9/IE10 fixes)

My frustrations with the Distributed Cache

The distributed cache was a great idea introduced with SharePoint 2013.  It truly allows for a load balanced, highly available SharePoint farm where a user no longer needs to retain server affinity.  If I logged in on web front end 1 somehow get routed to web front end 2, no issues, lets just pull your login tokens, viewstate, and news feeds from this new cache shared across all the servers.

That said, so far maintaining it in a large enterprise environment has been a challenge. I have the opportunity(curse) of working in an environment of hundreds of SharePoint servers on premises. Our 2013 footprint is quickly growing; quickly enough that we can’t keep on top of say, manually, gracefully shutting down our distributed cache services every time an OS patch window rolls around.

Oh and what about those times that Windows just doesn’t want to play nice and a server blue screens, or worse just hangs. At this point we’re left with a server with an empty cache, which every other server in the farm thinks should have all of our logon tokens!

SP: Access Denied!!!
Browser: but I have a valid FedAuth cookie still!
SP: Yeah well I have no idea what happened to your claims so I’m not sharing
Browser: but…FedAuth
SP: I’m just trying to be nice, but I just don’t think this site has been shared with you.

So where do we go from here. The ideal situation is that before a cache server is restarted, the service is gracefully stopped, then removed.

Stop-SPDistributedCacheServiceInstance -Graceful
Remove-SPDistributedCacheServiceInstance
*thank the MS Gods for autocomplete…

And after reboot, re-added.

Add-SPDistributedCacheServiceInstance

But, can we fire that automatically for all reboot situations? Well, no, not easily.

1) Any shutdown tasks will not save you in the case of a blue screen, hardware failure, or a guy in the data center tripping over the power cord.   The other servers in the farm will not know to rebuild the cache, it’ll just keep sending the requests to the bads server.

2) There is no ideal way to run the Powershell on start up, as a farm account, and please don’t tell me your farm account is Local Service or Network Service on a multi-server farm.  The closes you can come is a start up script assigned to the local policy that calls a secondary script that has hardcoded credentials to impersonate a farm admin account.

What we’re doing:

1) record the last time each server had its distributed cache gracefully started.  SPServer.Properties is a good place for that

2) Every 30 minutes or so, check this against the server’s last boot time (WMI)

3) If the last reboot is more recent than the last graceful dist cache start up, tell the farm to rebuild that server’s cache.

Sprinkle in some (lots of) error handling and call it a day.