Robo-SPAM Recruiters

To try to weed through job SPAM (I get about 150 recruiter emails a day), I set up a rule in email to send them back an email.

I used the following ruleset:

  1. I only responded to emails marked with the urgent flag
  2. I only responded if the words in the subject had titles I knew were off target (like “entry level”, “mid level”, etc)

This is the email I sent (yes, it is probably a bit snarky):

Thank you for your interest in me filling your current job opportunity. You are receiving this email because your email was marked urgent and had certain words in it that do not fit my resume, like “entry level”, “mid level”, “developer”, “analyst”, “engineer” or “local only”. My current job position is senior architect who specializes in pre-sales, enterprise architectural assessments and new client setups. I have not worked as a developer for many years. I also do not work as a recruiter, so I cannot help you fill positions. If you could, can you adjust your response methodology and only send me positions that actually fit my resume or place me on your “do not call” list?

More than likely, you did a buzzword search on the job boards and emailed your position out to every single person who had the buzzword in their resume. If you received this email more than once, you did the same search on multiple boards and use the same mass email process on each.

If I find your position is of interest, I will send you a response to determine how we should proceed.

Peace and Grace,
Gregory A. Beamer

Here is one email that shows what is going on (not a major shocker):

Hi Gregory,

I am so sorry to disturb you for each and every position. As we are using some kind of third party software, it detects the resumes automatically and send our opening to everyone in the list. Unfortunately, we can’t remove/change your email from that list. But, you can Unsubscribe from that if you see a link in the bottom of the email. Thank you and have a great day. 

Thanks & Best Regards,


Technical Recruiter

So the crux is this

  1. They are using a third party software to copy and paste job requirements into the system
  2. The software automatically searches resumes for any buzzwords in the description
  3. Every time the resume search gets a hit, it automatically sends out an email (mail merge template) to everyone that has a hit
  4. The businesses that use the software cannot stop from SPAMming me
  5. In order to stop receiving these emails, I have to make the effort to unsubscribe from their list

#5 is the most telling, as I get around 150 emails a day, most of which have unsubscribe lists, from nearly as many companies. In order to stop receiving emails that incorrectly target me, I am the one having to make effort to stop them?

I know this Robo-SPAM is efficient, at least from the standpoint of reaching 10,000 people with a single click, but is it actually working? If TekShapers, Xchange Software and ZIllion Technologies (et al) did a study to determine whether it is actually working, would they answer yes? Is the damage to their reputation worth using software that sends out more incorrectly targeted emails than correctly targeted emails? Is the response rate high enough that it warrants such a lazy method of doing “business”?

Apparently they think so. I will never work with any of these guys. I thank “S” (name masked above) for actually taking a bit of time to respond to me. Of the more than 1000 jobs responded to with my auto replier, less than a dozen have actually contacted me back, primarily asking for my resume and some type of email explaining what exactly I would like to do for a living. The rest are in the vegans in a grocery store and I am a slab of meat.

Peace and Grace,

Twitter: @gbworld

How to be an Amateur IT Recruiter

I have received more than 350 emails over the past 2 days with job opportunities. While this sounds great (I am in demand?), most simply show the hallmarks of a amateur recruiter.

As a service to those desiring to be amateur recruiters, as opposed to professional recruiters, I offer the following guide to help you in your quest. Please include each of the following in your daily habits.

Email Basics

The first thing you have to master is email basics.

1. Mark Every Job Opportunity Email as Urgent

Contemporary wisdom says people pay attention to urgent emails more than non-urgent ones, so make sure you mark your email as urgent. True, nothing in your email is really urgent to the recipient (me? other IT professionals?), but who cares. This is not about me, it is about you. The only possible kink in this plan is other people might also be marking their job opportunities as urgent. Let’s look at a picture of my inbox job folder:


Wow, 100% of the job folder is marked Urgent. My suggestion is to unlock the secret “super urgent” button in your mail client and use it so I really know your email is urgent … to you.

You should also bear in mind that adding words like “Immediate need” add more punch.

2. Search By Buzzwords

There is no better way to reach masses of IT professionals and simply scream “I don’t know what the hell I am doing” like firing off job emails based on buzzwords. When I get a $10 an hour support tech email, I am thrilled at the opportunity to increase my stress level at a thankless job that pays a piddly fraction of what I am making now.

And while you are at it do the same blind search on multiple job boards using their massive Spam email generator to generate thousands of emails in a single keystroke. Efficiency at its best.

3. Send Multiple Emails To the Same Person

Nothing wastes more time than making sure you are not sending out multiple responses. Why take more than a few minutes to complete your entire day’s worth of work. Peruse multiple job boards and send out emails using the same buzzword. Sure, about 95% of your list just got multiple emails and knows you are a lazy moron, but perhaps you reach a handful that are only on one board.


The blessing here is you not only show me you have no attention to detail, but you show me I am just a piece of meat to you, completely invalidating my existence. Yes, I want you to be my recruiter, as I like feeling like I am nothing.

4. Bold and Highlight Lots of Sh*t in the Email

Sometimes when I am reading an email, I miss the important stuff, so make sure you not only bold it, but you highlight it as well. Otherwise, I might send in a resume for this VB6 position that pays nothing, in a state far away from my home. Thank God Abhilasha bolded and highlighted Perforce, or I might have done something dumb like send my resume in for the job. Whew! Dodged that bullet.


Even better, bold and highlight the entire email.


Or if you really want to annoy people highlight and use red bolding.


Bonus points to Calvin since I have never worked on a criminal justice application and that is a required skill.

7. Copy and Paste the Entire Email from the Client or Account Manager

Why take time to edit stuff out of the email before sending it out. That takes time and time is money. Let the candidate see how truly lazy you are by including stuff that makes absolutely no sense to the recipient.


Yes, that one is at the top of a job email.

8. Send Out Emails to People Who Fail an Absolute MUST qualification

For example, let’s say you have a job for a person that must be local to Florida. Send it out to everyone. There are bound to be a few people that are ACTUALLY FROM FLORIDA (CAPPED in response to the email).


This particular email really took the cake as it was a complete forward (see #7).

Make The Candidate Do the Work for You

Why actually interview people when you can have them send you all the interview details to


This is a simpler one. Some have dozens of questions that have to be filled out.

Phone Basics

It is not enough to reach the coveted complete amateur title without having amateur phone skills. Here are a few things that can help you in this regard.

1. Show You are Using a Very Old Resume

I, like many people I know, no longer include a home phone on my resume. In fact, I have not included the home phone for about 6 years. When you call me on my home phone, it pretty much says “I don’t have your latest information” and “you are just a slab of meat to me”.

2. Ignore The Candidate’s Requirements

Your job is to convince the candidate to take the job no matter what. Don’t let things like “I currently make twice the max you are offering for this position” deter you from suggesting how much of a “great place to work” it is. If you can keep the candidate talking, maybe he will work for minimum wage.

It should also be of no importance that the candidate states “I do not want to move to Siberia”. If the position is in Siberia, then your job is to keep hounding them until they decide to take up. As long as they are still listening to you, you have a chance, right?

3. Insult Their Spouse

Since your culture devalues women, there is no reason to be polite to an IT candidates wife.

4. Be Demanding

Just because the candidate stated they are busy is of no consequence. Demand they take your call NOW and treat them like the meat slab they are.

5. Call Numerous Times

This is a two parter. In the first part, hang up and call back when you get their answering machine. Many candidates will screen the call until you irritate the crap out of them. In the second, if a candidate states “send me the job requirement and I will look at it later”, call them back every half hour until they convince you they really aren’t interested. Do this even if you get an email stating they are not interested and repeat #2 above.

6. Illustrate You Have Not Read the Resume

Nothing states you are working towards a complete dufus award than asking me a question about an item that appears prominently on my resume. Bonus points if it is both prominent and sits at the top of my resume.


While much of this is tongue in cheek it still amazes me how many think recruiting is simply a matter of finding slabs of meat and sending them to a processing plant. Considering recruiting companies, even subcontracting recruiting companies, can make a good amount with candidates, you would think we would have more professionals out there.

The reason there is a problem is very simple. IT, especially on the development side, has been a seller’s market for over 10 years. This has led to the worst developer on the team making more than 90K (or $50+/hour consulting), but it has also made it somewhat profitable to be lazy as hell and do bare minimum when it comes to recruiting.

There are plenty of professionals out there, and I know quite a few locally. But my inbox is routinely filled up with the amateur yo-yos.

In the next few days, I will show you my method of combatting the yo you farm.

Peace and Grace,

Twitter: @gbworld

74 “School Shootings” since Sandy Hook. Really?

I saw a posting from the Examiner posted that school shootings are on the rise. Here is their chart:


When I see a chart this far out of skew, I start to wonder. Are the numbers being charted the same as previous numbers. In other words, what are we calling a school shooting?

I also saw this article that stated there were 74 school shootings since Sandy Hook. You can also see a map in the Washington Post.“Of the shootings, 35 took place at a college or university, while 39 took place in K-12 schools”. This is even more dramatic, as the Examiner only stated there were 7 “school shootings” last year.

Here is the table from the link that posted there were 74 school shootings.





School Name

School Type

1. 1/08/2013 Fort Myers FL Apostolic Revival Center Christian School K-12
2. 1/10/2013 Taft CA Taft Union High School K-12
3. 1/15/2013 St. Louis MO Stevens Institute of Business & Arts College/University
4. 1/15/2013 Hazard KY Hazard Community and Technical College College/University
5. 1/16/2013 Chicago IL Chicago State University College/University
6. 1/22/2013
Houston TX Lone Star College North Harris Campus College/University
7. 1/31/2013 Atlanta GA Price Middle School K-12
8. 2/1/2013 Atlanta GA Morehouse College College/University
9. 2/7/2013 Fort Pierce FL Indian River St. College College/University
10. 2/13/2013 San Leandro CA Hillside Elementary School K-12
11. 2/27/2013 Atlanta GA Henry W. Grady HS K-12
12. 3/18/2013 Orlando FL University of Central Florida College/University
13. 3/21/2013 Southgate MI Davidson Middle School K-12
14. 4/12/2013 Christianburg VA New River Community College College/University
15. 4/13/2013 Elizabeth City NC Elizabeth City State University College/University
16. 4/15/2013 Grambling LA Grambling State University College/University
17. 4/16/2013 Tuscaloosa AL Stillman College College/University
18. 4/29/2013 Cincinnati OH La Salle High School K-12
19. 6/7/2013 Santa Monica CA Santa Monica College College/University
20. 6/19/2013 W. Palm Beach FL Alexander W. Dreyfoos School of the Arts K-12
21. 8/15/2013 Clarksville TN Northwest High School K-12
22. 8/20/2013 Decatur GA Ronald E. McNair Discovery Learning Academy K-12
23. 8/22/2013 Memphis TN Westside Elementary School K-12
24. 8/23/2013 Sardis MS North Panola High School K-12
25. 8/30/2013 Winston-Salem NC Carver High School K-12
26. 9/21/2013 Savannah GA Savannah State University College/University
27. 9/28/2013 Gray ME New Gloucester High School K-12
28. 10/4/2013 Pine Hills FL Agape Christian Academy K-12
29. 10/15/2013 Austin TX Lanier High School K-12
30. 10/21/2013 Sparks NV Sparks Middle School K-12
31. 11/1/2013 Algona IA Algona High/Middle School K-12
32. 11/2/2013 Greensboro NC North Carolina A&T State University College/University
33. 11/3/2013 Stone Mountain GA Stephenson High School K-12
34. 11/21/2013 Rapid City SD South Dakota School of Mines & Technology College/University
35. 12/4/2013 Winter Garden FL West Orange High School K-12
36. 12/13/2013 Arapahoe County CO Arapahoe High School K-12
37. 12/19/2013 Fresno CA Edison High School K-12
38. 1/9/2014 Jackson TN Liberty Technology Magnet HS K-12
39. 1/14/2014 Roswell NM Berrendo Middle School K-12
40. 1/15/2014 Lancaster PA Martin Luther King Jr. ES K-12
41. 1/17/2014 Philadelphia PA Delaware Valley Charter HS K-12
42. 1/20/2014 Chester PA Widener University College/University
43. 1/21/2014 West Lafayette IN Purdue University College/University
44. 1/24/2014 Orangeburg SC South Carolina State University College/University
45. 1/28/2014 Nashville TN Tennessee State University College/University
46. 1/28/2014 Grambling LA Grambling State University College/University
47. 1/30/2014 Palm Bay FL Eastern Florida State College College/University
48. 1/31/2014 Phoenix AZ Cesar Chavez High School K-12
49. 1/31/2014 Des Moines IA North High School K-12
50. 2/7/2014 Bend OR Bend High School K-12
51. 2/10/2014 Salisbury NC Salisbury High School K-12
52. 2/11/2014 Lyndhurst OH Brush High School K-12
53. 2/12/2014 Jackson TN Union University College/University
54. 2/20/2014 Raytown MO Raytown Success Academy K-12
55. 3/2/2014 Westminster MD McDaniel College College/University
56. 3/7/2014 Tallulah LA Madison High School K-12
57. 3/8/2014 Oshkosh WI University of Wisconsin – Oshkosh College/University
58. 3/21/2014 Newark DE University of Delaware College/University
59. 3/30/2014 Savannah GA Savannah State University College/University
60. 4/3/2014 Kent OH Kent State University College/University
61. 4/7/2014 Roswell NM Eastern New Mexico University-Roswell College/University
62. 4/11/2014 Detroit MI East English Village Preparatory Academy K-12
63. 4/21/2014 Griffith IN St. Mary Catholic School K-12
64. 4/21/2014 Provo UT Provo High School K-12
65. 4/26/2014 Council Bluffs IA Iowa Western Community College College/University
66. 5/2/2014 Milwaukee WI Marquette University College/University
67. 5/3/2014 Everett WA Horizon Elementary School K-12
68. 5/4/2014 Augusta GA Paine College College/University
69. 5/5/2014 Augusta GA Paine College College/University
70. 5/8/2014 Georgetown KY Georgetown College College/University
71. 5/8/2014 Lawrenceville GA Georgia Gwinnett College College/University
72. 5/21/2014 Milwaukee WI Clark Street School K-12
73. 6/5/2014 Seattle WA Seattle Pacific University College/University
74. 6/10/2014 Troutdale OR Reynolds High School K-12

Here is a map for those who are visual.



I am not one to take something at face value simply because someone states it, so I Googled each of the “school shootings” above.

Before starting with my findings, you have to cross off either #68 or #69 on the list, as there were not two shootings in two consecutive days at Paine College. You should only count one of the incidents, as there was only one incident. That leaves us with 73 incidents to investigate.

Of the shootings mentioned, at least 5 did not even occur on a school campus at all. Here is the list:

There is also a shooting that took place in a mall that houses a community college in addition to other tenants. Not technically a school shooting. This takes us down to a maximum of 67 “incidents” that took place on a school campus.

The next thing we have to do is define what a “school shooting” means. Does it mean a madman hunting down students only? Do we include gang related offenses or disputes, in which a specific person was targeted and just happened to be shot on campus. Do we including incidents in school parking lots that are not related to the school at all (including a mother gunned down by her estranged husband after dropping off kids and a gunman escaping police who had a shoot out at a community college)? And do you include self-defense shootings, like the teacher shooting non-student assailants at Martin Luther King Jr Elementary School)? And what about things happening on a school yard after hours? Are these all “school shooting”? I would venture a no on most, if not all of these. Your mileage may vary.

Here is a listing of the shootings that are probably not what you would normally call a “school shooting”, by category:

Description Number Dead Gunmen dead Wounded
Off campus (non-school shooting) 6 6 1 3
Parking Lot 26 11 0 15
Suicides 8 8 0 8
Drug Related Shootings 2 2 0 1
Gang Shootings 2 0 0 2
Robberies 5 1 0 6
Self Defense Shootings 2 1 1 2
Accidental discharge 4 0 0 2
Fights/Disputes 34 16 2 22
Student with Gun, no shots fired 1 0 0 0
Shot by rifle from long distance 1 0 0 1

Now, let’s look at incidents that might be called a school shooting. First the targeted shootings.

And, finally, the mass murder type of shootings like Sandy Hook:

  • Shooting #19: Six people killed (including the gunman). June 7, 2013, shooter kills his brother and father and then goes to Santa Monica college where he has a shootout with police in the library.  Six dead (including the gunman), four injured. Three of the dead (including the gunman) died on the campus.
  • Shooting #73: 1 person killed and two wounded. Shooter stopped by pepper spray while reloading his handgun.

NOTE: I am not going to glorify the shooters by calling them anything other than shooters.


Here is how things stack up:

  • Incidents: 73
  • Incidents with injuries or death: 65
  • Incidents that should be excluded
    • Incidents completely off campus: 6
    • Incidents in parking lots: 26
    • Robbery incidents: 5
    • Fight/Dispute incidents: 34
    • Suicides: 8
    • Accidental discharge: 4
    • Gun on campus, no shooting: 1
    • Self-defense shootings: 2
  • Incidents not Classified in above: 6 (including Reynold’s High School yesterday)
  • Incidents with mass shooters and random targets: 2 (only 1 targeting a school at start)

  • Looking at the list, we had 6 incidents in the last year and a half that we might classify as a “school shooting” (person comes to school with intent to harm, especially if shooting random victims) . This is close to the Examiner’s numbers. Of those, there are only 2 that could have been like a Sandy Hook (although both were at Universities and the shooters were stopped or killed rather quickly).

Is school shooting on the rise in 2013? If you look at Wikipedia, you see the following on incidents:


Incidents Deaths Injuries
1999 5 16 33
2000 4 4 2
2001 4 3 19
2002 3 4 3
2003 3 5 2
2004 4 1 5
2005 3 11 10
2006 6 10 8
2007 4 36 29
2008 9 15 27
2009 7 2 13
2010 10 14 21
2011 14 50 31
2012 31 25 33
2013 31 19 38

The problem is the Wikipedia table suffers from the same problem as the earlier arguments, or same two problems:

  1. Some incidents that are not “school shootings”, including some that happen at night, incidents in parking lots, fights and some incidents not even on school property, show up in the list.
  2. The data set is incomplete, as you can only find what is searchable on the Internet. You will naturally find more “incidents” this year, as the media is quick to call something a school shooting and is more apt to report on every “incident”.

But it does provide a completely different chart than the Examiner:


What I like here is the fact the chart is all over the board shows how sporadic the data is and strongly suggests the data set is more and more incomplete as we move back in time. It also shows spikes when mass murder school incidents have happened and illustrates how rare they really are.


Here is how I look at this.

  1. It is tragic when people are killed. Especially tragic when it is children and even more so when it is Elementary School children.
  2. The number of ‘’”incidents” may be on the rise, but, if so, it is only slightly. The majority of press on “rising incidents” uses “incidents” we would not normally classify as a “school shooting” (like man killed in a school parking lot at 2 AM after altercation). NOTE: This does not mean we should not do anything about it, but we should be sensible and not panic and knee jerk into another stupid direction.
  3. The number of mass murder type incidents is not on the rise. These, like Columbine and Sandy Hook, are the ones that should really scare us, as they are individuals intent on causing a huge amount of harm to innocent victims.

If we objectively look at the ‘’”problem”, we should notice that our children are not in real danger. School shootings are extremely rare incidents. When there is a school shooting, it is normally individuals targeting people they dislike for some reason, including bullying, gangs, bad grades, etc. In these instances, like any other assault or murder, it is an issue between two people and not some mass murdering clown.

As for the list that started the topic, I find it to be an unscientific bit of tripe. At best, it is an emotional argument crated by someone trying to show his emotions are justified. At worst, it is a bold faced lie. You decide.

Peace and Grace,

Twitter: @gbworld

Why Develop Using Gherkin?

I was having a conversation with David Lazar in the services wing of UST Global (my current company). During the conversation, we started talking about using SpecFlow and I detailed how I used Gherkin with SpecFlow to create a “paint by numbers” kit to drive offshore development.

As I sat and thought about it, I was reminded of a question someone once asked me about breaking down requirements which led to the question “why gherkin?” At the time, I am sure I came up with a clever tactical answer to the question, but now that I think about it more, the question is both tactical and strategic in nature.

To understand this, let’s look at specifics on how I break down requirements with me teams, when I am given some leeway on how the requirements get broken down.

Setting Up the Problem

I am going to start with the assumption that the requirements documents suck. I know this is not always the case, but I find it more likely than not that the requirements are insufficient to get the job done. This has led many company managers to the belief that there is something inherently wrong with offshoring, but the real problem is not so much where the work is being done, but the definition. Let me rathole for a second to explain this.

Company A sends work offshore and it comes back with less than stellar results. When the same work is sent inside the building, the results are much better. So, there is an assumption that it works onshore but not offshore.

But I will contend it IS NOT working onshore either. Things are still getting broken, but the feedback loop is generally much shorter as the business owner can walk over to the development pit and say “what were you thinking?” All of these trips are forgotten when comparing offshore to onshore. In addition, the employees have greater domain knowledge than the offshore team, which reduces the problem domain.

Let’s take this a step farther and compare onshore contracting to offshore. We now have less domain knowledge than employees, unless we are paying top dollar. We still have a short feedback loop, however, so this seems superior.

ASIDE: I have built and led teams in various countries and each has its challenges, As India oft ends up the whipping boy, let’s look at India. In Indian culture, there is a push to get to a higher level title. For this reason, you rarely see very senior resources. The bulk of any team will be somewhere between Freshers (fresh out of college, less than 1 year experience) to Senior Developer (approximately 5 years, maybe 7), with much of the team in the 1-3 years experience range. This is part of why the rates are so low, but it is a trade off. With lower levels of experience, you need more firm requirements.

The point here is the problem is not necessary offshore, it is just exacerbated. Let’s look at an example:

Requirement: At Elite Last Minute travel, a successful flight out is described as:

  1. Client is picked up at home in a limo
  2. Client is delivered to airport and given all pertinent documents by the travel consultant
  3. Client’s luggage is checked into his flight
  4. Client is escorted to the plane
  5. Client is flown to destination
  6. Client is met at destination by a limo
  7. Client is driven to hotel and checked in

Pretty straightforward, right? But what if the client wants to see the Lincoln Memorial (Washington DC) and is flown to Miami, Florida and checked into a hotel there. By the requirements, this would constitute a successful flight out.

This example is a bit on the absurd side, as it seems any idiot should know that the destination is part of the equation for success. But consider this: Once we gain tribal knowledge in a domain, we start to assume it is self-evident, as well. Unfortunately, it is not. Add culture changes into the mix and you might find the assumption leads to disaster.

Breaking down Requirements – Defining Done

The first step we have to go through is breaking down requirements to make sure done is properly defined. Let’s start with a simple requirement:

3.1 Multiplication
All multiplication in the system must return the correct answer

In an Agile environment, this is generally started by stating each requirement in terms of the user:

As an math idiot, I would like to have multiplication done for me, so I can look like a genius

Neither of these defines done, however, without the assumption the coder fully understands multiplication. To fully define done, we need to look at what some of the rules of multiplication are, Let’s say we start with the following:

  1. Multiplying two numbers is equivalent of the sum of the first number added to itself the number of times represented by the second number (okay, my ENglish sucks here, as this is on the fly)
    Example: 5 * 5 = 5 + 5 + 5 + 5 + 5 (there are five 5s in the additional side of the equation)
    Example 2: 2 *2 = 2 + 2 (there are two 2s in the additional side of the equation)
    Example: 5 * 2 = 5 + 5 (there are two 5s in the addition side of the equation)
    Example: 2 * 5 = 2 + 2 + 2 + 2 + 2 (there are five 2s in the addition side of the
  2. Multiplying any number times 0 results in zero (makes sense as the addition side would have zero {number value}s)
  3. Multiplying any number times 1 results in the number (also makes sense, as there is only one of the number in the “loop”)
  4. Multiplying any number other than 1 or 0 times the maximum value of an integer results in an error

This is not the complete rule set, but we can now break the problem down by these rules. I find the easiest way is to set up an Excel spreadsheet with inputs and outputs. For the above, I would use something like this:

Input A Input B Output
5 5 25
2 2 4
5 2 10
2 5 10
5 1 5
2 1 2
1 5 5
1 2 2
5 0 0
2 0 0
0 5 0
0 2 0
0 MAX 0
MAX 0 0

Done is now much better defined. If we take our previous example, we can break down the additional clarification too). NOTE: The actual inputs and outputs are more complex and then get separated out based on the unit being tested.

Input (Desired Attraction) Output (Destination City)
Lincoln Memorial Washington DC
Disney World Orlando
Grand Canyon Flagstaff

If you have not caught this, we are creating acceptance criteria. It is one way of “defining done”.

But What About Gherkin

Gherkin is a language that helps us use the acceptance above. If each line represents a single criteria in the acceptance matrix (the tables above), we might end up with something like:

Given that I chose the Grand Canyon as my desired location
When I fly to a destination
Then I will arrive in Flagstaff

So why is this important? For the same reason that user stories are important. It is a form of ubiquitous language that can be shared between business and IT to ensure everyone is on the same page. Provided we either make each of the lines into users stories and Gherkin statements (or code the acceptance table into Gherkin), we now have a definition of done.

Gherkin adds another value to me, when I am using Spec Flow. I can use the Gherkin statements to produce test stubs that I can send offshore. I call this a paint by numbers kit, as I can open them up in the morning and make sure the right colors were painted in the right spots (ie, they filled the assumptions in the given method, the action in the when method and the test result in the then method(s)).


This is just a brief intro into quality, as subject I am going to explore in detail as the year goes on. And while this may not express it clearly, as it started with an ADD (or ADHD) moment, the important takeaways are these:

  • Business and IT need to be in alignment with language. Here I am using user stories and Gherkin as the ubiquitous (shared) language, but you can have others. Domain Driven Design, which I will focus on later this year, also deals with the ubiquitous language concept, although it is more concerned with modeling the domain than defining done.
  • Most offshoring problems are a combination of expectations (a different understanding of what junior and senior developer means) and incomplete requirements. Fortunately, when we are in the same office, we can walk over and talk and give immediate feedback (not true in offshore engagements)
  • User stories and Gherkin can be used to bridge the gap from improperly defined requirements to a proper understanding of what done looks like (not true in ALL cases, but it is a good start)

Peace and Grace,

Twitter: @gbworld

Big Thrill Rides

I saw a picture posted on Facebook about the X Scream on the Stratosphere in Las Vegas. Here is the picture:

This is a ride called insanity on top of the Stratosphere in Vegas. The tower is 1149 feet tall, with the deck up around 850 to 900 feet (from Wikipedia heights of the thrill rides.

Stratosphere Thrill Rides (Strip, Vegas)

There are 4 rides on the Stratosphere: Big Shot, Insanity, Sky Jump and X Scream.

Big Shot

The Big Shot fires you up at high speed from the top of the Stratosphere tower (at 1,081 feet, the highest thrill ride in the world). You can see this in the POV video below:


Insanity hangs you over the edge of the tower. This is the one in the original picture. At 900 feet, it is the second highest thrill ride in the world. Here is a video:

Here is a POV shot of the ride:

Sky Jump

The Sky Jump mimics skydiving from the tower. It rolls you out and then feels like it is dropping you. At 855 feet, it is lower than the rest and Wikipedia does not have where it is on the list of highest thrill rides in the world. Here is a video from a wrist cam.

And here is one at night.

X Scream

X Scream drops you off the side of the tower. It is the third highest thrill ride in the world. Here is a video that shows the ride from the side:

Six Japanese tourists got stuck on the ride during a power failure in 2005.

Old Ride: High Roller (GONE)

This ride no longer exists, but it was the first thrill ride the Stratosphere had. It was at 9809 feet and the highest roller coaster in the world.

Other Thrill Rides

While these are not necessarily sitting on top of some tower somewhere, they are considered the best thrill rides in the world.

X2: Six Flags, Magic Mountain, Valencia, California

This is the first “4D” roller coaster. The ride has spinning seats to change the angle of the ride, so you can be moving forward but facing backwards, and vice versa.

SkyScreamer: Six Flags Over Texas, Arlington, Texas

A 400 foot tower swing.

Eejanaika, Fuji-Q Highland, Fujiyoshida, Japan

Another “4D” roller coaster, with a longer track. You can see the spinning seats in the off ride part of the video. (Turn down the volume on POV if hearing the videographer screaming annoys you):


Kingda Ka, Six Flags Great Adventure, Jackson, New Jersey

Tallest Ground Based Roller Coaster at 456 feet. Shoots you up at 128 MPH and then back down.

Formula Rossa, Ferrari World, United Arab Emerates

This Ferrari styled coaster is the fastest in the world at 149 MPH. Here is a POV, but it does not seem all that fast on the video, as the ride does not have as many heavy drops. You see the speed a bit better on the later non-POV section.

The Joker, Six Flags México, Ciudad de México, D.F., Mexico

The park, in the southwest part of Mexico City, has a variety of rides. But the spinning Joker coaster is one of the favorites.

Hope you enjoyed this.

Peace and Grace,

Twitter: @gbworld

DRM in Consumer Products? Bad Idea for Consumers

I just saw today where Green Mountain decided to include DRM in its next line of Keurig single cup brewers. I am sure they are going to sell it as a protection for consumers against knock-off cups, but the reality is this is a move to protect the company from losing part of the licensing money stream and not a protective measure for consumers.  And they are not the only ones.


Image from SlashGear, where I saw the announcement.

Here is how I envision this working. Each K-cup will have a cheap chip, like an RFID with an encrypted code on it. More than likely, to make sure future licensees cups work in all single cup makers, the encrypted key code will be numeric when the encrypted value is correct and the brewer will refuse to brew one that fits either category below:

  1. No chip
  2. Chip that does not decrypt to correct types of values

The brilliance of this, from a business standpoint, is anyone who breaks the encryption to use their machine with non-licensed cups is guilty of committing a crime under different DRM laws (brewing a cup of unlicensed coffee may even mean you are guilty of a felony under some versions of DRM laws). And, anyone who breaks the encryption to make unlicensed cups work is guilty of a DRM violation allowing the government to shut them down.

In short: You will only drink more expensive licensed coffee.

With the prevalence of other single cup brewers on the market, I hope this one causes enough consumer backlash to get them to turn around on this bad idea. It is not in the best interest of consumers to have a machine that only allows coffee cups that benefit Green Mountain in some way. You, as a consumer, should have the choice to brew what you want. And if you pick “inferior” coffee, so be it.

I own a Keurig. I only buy licensed cups, or I use the licensed basket ($19.99 ouch!) to brew the ground coffee I want to brew. But if my brewer breaks down and I have a choice of a DRMed Keurig 2.0 or a competitor, I am going to go for the competitor. End of story.


Renault has taken this even further with their electronic car Zoe.

From Boing Boing article “Renault creates a brickable car”.

If you buy a new Zoe, you can only rent the battery. If you miss a payment, they can make it so your vehicle is a brick until you pay. The problem is hackers could potentially get into this system and cause serious problems, as well. I am not sure if the battery is DRMed to the point you cannot buy an unlicensed competitor’s battery (most likely there is a patent on the system now that protects them so it is unnecessary), but Renault, like Keurig, has created a product that protects their revenue stream.

DRM: How it works

How do these types of products protect the company? Certainly the consumer can do what he wants with the merchandise he pays for, right?

Yes … and no. Under SRM laws, if protections are added to a system, like encryption, breaking the encryption scheme is against the law. As an example, copyright fair use laws allow you to make personal copies of copyrighted material you purchase. For example, you can photocopy a book you own, or make copies of your CD collection.

But, while you can legally copy things like DVDs under copyright law, DRM law makes it illegal to break copy protection schemes to make copies. Any software created in the US that breaks copy protection schemes is illegal. In the late 90s, entertainment companies came up with a scheme called CSS to protect DVDs. In 1999, however, a program called DeCSS was created to decrypt the copy protection on DVDs. The stated purpose of DeCSS was to get DVDs to play on Linux machines, but it was also used by pirates to decrypt and make pirated copies.

Under DRM laws in various countries, coding a program that breaks encryption on materials like DVDs is illegal, so the one of the programmers, Jon Lech Johansen, was arrested in Norway for helping create the program. The scary thing here is this type of law has been used to stop a great many software advances by making a practice that can be used for very beneficial purposes illegal.

If this were the extent of where DRM has gone, it would be scary enough. But the laws go farther. If you use a product to copy a DVD, even for your own collection (copy a kid’s DVD for example, so they do not destroy the original), you have broken the law. And, under some DRM laws you can even be arrested and charged with a felony. Imagine that, it is just as serious to make a copy of a kid’s movie as shooting someone and killing them.

Unintended Consequences of Government?

The stated purpose of DRM laws was to protect artists and other copyright holders from pirates. But they ended up protecting media giants more than the actual artists, who continue to get a much smaller portion of the profits than the giants.

Despite the intent, if you place the proper code in any device, you can protect it from being reverse engineered or “decrypted” (actual decryption or otherwise) under a great many DRM laws.

What this means is you now may buy a product but leave control over how it is used in the hands of the manufacturer.

There Should Be a Law, Right?

I am not sure one bad law to combat a worse law is the proper reaction. Instead, I think people should inform there friends and blog readers, etc, about the potential dangers of DRM in products and get more people to vote with their wallets.

In the case of Zoe, the sales of the car were about 10,000 in 2013, around 1/5th of their target of 50,000 in sales. I am not sure if the DRM battery caused this, was a contributing factor, or merely something people like me are concerned about. If DRM contributed to the slow sales then I think the market has spoken saying “you don’t own the car, I do”.

In the case of Green Mountain, I am not sure what will happen. The market may be wowed by the newer features and accept the extra payment to Green Mountain for every cup of coffee, simply for brewing it in a Green Mountain Keurig machine. In other words, the inconvenience of only being able to brew more expensive, licensed coffee may be secondary to brewing a larger cup (or other planned enhancements). If I were a competitor, I would use this as an opportunity to gain market share, as I am sure some people will be appalled by the anti-competitive measure and spank Green Mountain for taking control of what they can brew.


I think DRM is necessary in some instances, like protecting internal documents that are private property of a company. When it moves out into the public, and restricts consumer choice to create additional profits for corporations, I am not in support of the idea. I do, however, think the market should decide if the intrusion is warranted. If any law is passed it should be one to inform the consumer the DRM exists in the product.

Peace and Grace,

Twitter: @gbworld

Troubleshooting: The Lost Skill?

This blog entry comes from an email I received this morning asking me to “check in files”, as my failure to do so was causing a work stoppage. After a very short examination, I found the following:

  1. I had no files checked out (absolutely none)
  2. The problem was a permissions problem, not a check out problem, or the person who could not check in their files was not being stopped by my failure to act, but by someone else’s incorrect granting of permissions
  3. I had no permissions to solve the problem (i.e. grant the correct permissions

Further investigation of the problem would have revealed it was a permissions issue. In this case, the only consequence is another day lost of productivity, and a wonderful opportunity to learn. In some cases, the consequences are more dire. Consider, for example, Jack Welsh, the CEO of GE.

Jack made an assumption and ended up destroying a manufacturing plant. In one telling of Jack Welsh’s story, the dialog goes something like this:

Jack: Aren’t you going to fire me now?
Manager: Fire you? I just spent 2 million dollars training you.

Considering Jack Welch is now one of the most successful executives of all time, it is good his manager was able to troubleshoot the aftermath to a problem Jack had worked through on assumption. The point is plain: When we don’t troubleshoot a problem, we go on assumptions. In the email I received this morning, there was an assumption I had files checked out. Rather than test the assumption, work stopped.

Tony Robbins tells a story in his Personal Power program about a suit of armor. As he is walking on stage, every time he moves close to a suit of armor there is feedback. The audience eventually starts screaming at him “it’s the armor”. But he continues to stand near the armor and the feedback eventually goes away. He then moves away and the feedback comes back. Turns out there was a fire on a very close frequency and the messages were interfering with the microphone.

Personally, I think the above story is a myth, as I know the FCC is very careful on doling out bands and it is unlikely a microphone has the same band as emergency services. But this is also an assumption, and proper troubleshooting would have me examining the issue.

The path of least resistance

On Facebook … nay, on the Internet as a whole, a large majority of items are written out of assumptions or biases, and not an examination of the facts. For most people, whether you agree with Obamacare or not is not an exercise in examining the facts completely and then drawing conclusions. Instead, a quick sniff test is done to determine if you feel something smells, and then action is taken.

Let’s take an example. In 2006, the news media reported on the Duke Lacrosse team raping an African American stripper. The case seemed open and shut, as the evidence piled up. Duke University suspended the team and when the lacrosse coach refused to resign, Duke’s president cancelled the rest of the season. The case seemed so open and shut, Nancy Grace (CNN) was suggesting the team should be castrated.

When the assumptions were removed, a completely different story was told. Not only was the evidence thin, much of it was manufactured. The District Attorney, Ray Nifong, was disbarred and thrown in jail for contempt of court.

We can also look at the George Zimmerman case, where the initial wave of “evidence” painted another “open and shut” case. But the “open and shut” case, based on assumptions, began to crumble when it was discovered ABC edited the 911 tape to paint Zimmerman as a racist and carefully choose the video and picture evidence to paint a picture of a man that had no wounds and was the obvious aggressor.

The point here is not to rehash these cases, but to point out that assumptions can lead to incorrect conclusions. Some of these assumptions may lead to dire consequences, while most just result in a less than optimal solution.

Now to the title of the section: The path of least resistance.

When we look at the natural world, things take the path of least resistance. Water tends to travel downhill, eroding the softest soil. Plants find the most optimal path to the sunlight, even if it makes them crooked. Buffalos would rather roar at each other to establish dominance than fight, as the fighting takes precious energy. And humans look for the least amount of effort to produce a result.

Let’s pop back to Obamacare, or the PPACA (Patient Protection and Affordable Care Act), as it illustrates this point. Pretty much everyone I encounter has an opinion on the subject. In fact, you probably have an opinion. But is the opinion based on assumption? You might be inclined to say no, but have you actually read the bill? If not, then you are working on distillations of the bill, most likely filter through the sites you like to visit on a regular basis. And, more than likely, you have chosen these sites as they tend to fit your own biases.

I am not deriding you on this choice. I only want you to realize this choice is based more on assumptions than troubleshooting. Troubleshooting takes some effort. In most cases, not as much as reading a 900+ page bill (boring) or many more thousands of pages of DHS rules (even more boring). But, by not doing this, your opinion is likely based on incomplete, and perhaps improper, facts.

Answering Questions

I see questions all the time. Inside our organization, I see questions for the Microsoft Center of Excellence (or MSCOE). I have also spent years answering online questions in forums. The general path is:

  1. Person encounters problem
  2. Person assumes solution
  3. Person asks, on the MSCOE list, to help with the assumed solution – In general, the question is “How do I wash a walrus” type of question rather than one with proper background of the actual business problem and any steps (including code) taken to attempt to solve it
  4. Respondent answers how to solve the problem, based on their own assumptions, rather than using troubleshooting skills and asking questions to ensure they understand the problem
  5. Assumed: Person implements solution – While the solution may be inferior, this is also “path of least resistance” and safe. If the solution fails, they have the “expert” to blame for the problem (job security?). If it succeeds, they appear to have the proper troubleshooting skills. And very little effort expended.

What is interesting is how many times I have found the answer to be wrong when the actual business problem is examined. Here are some observations.

  • The original poster, not taking time to troubleshoot, makes an assumption on the solution (path of least resistance)
  • Respondent, taking path of least resistance, answers the question with links to people solving the problem posted
  • If the original poster had used troubleshooting skills, rather than assumptions, he would have thrown out other possibilities, included all relevant information to help others help him troubleshoot, and would have expressed the actual business problem
  • If the respondent had use troubleshooting skills, rather than assumptions (primarily the assumption the poster had used troubleshooting skills), he would have asked questions before giving answers.

To illustrate this, I once saw a post similar to the following on a Microsoft forum (meaning this is paraphrased from memory).

Can anybody help me. We have a site that has been working for years in IIS 4. We recently upgraded to Windows Server 2008 and the site is no longer serving up files located at C:\MyFiles. I just hate Microsoft right now, as I am sure it is something they changed in windows. I need to get this site up today, and f-ing Microsoft wants to charge for technical support.

The first answers dealt with how to solve the problem by turning off the feature in IIS that stops the web server from serving files outside of the web directory structure. While this was a solution, troubleshooting the problem would have shown it was a bad solution.

Imagine the user had written this instead.

We recently upgraded to Windows Server 2008 and the site is no longer serving up files located at C:\Windows\System32.

Turn off the feature in IIS would have still solve the problem, but there is now an open path directly to the system for hackers. And, if this is the way the person implements the solution, there is likely some other problems in the code base that will allow the exploit.

The proper troubleshooting would have been to first determine why ASP.NET files were being served from C:\MyFiles instead of IIS directories. Long story, as the reason had to do with an assumption developing on a developer box generally, perhaps always, led to development of sites that did not work in production. So every developer was working on a production server directly. The C:\MyFiles was created from an improper assumption about security, that is was more secure to have developers working from a share than an IIS directory. This led to kludges to make the files work, which failed once the site was moved to a server with a version of IIS that stopped file and folder traversing. This was done as a security provision, as hackers had learned to put in a URL like:;

Or similar. I don’t have the actual syntax above, but it was similar to above and it worked. So IIS stopped you from using files outside of IIS folders. Problem solved.

Now, there are multiple “solutions” to the posters problem:

  • Turn off the IIS feature and allow traversing of directories. This makes the site work again, but also leaves a security hole.
  • Go into IIS and add the folder C:\MyFiles folder as a virtual folder. This is a better short term solution than the one above. I say short term, as there is some administrative overhead to this solution that is not needed in this particular case.
  • Educate the organization on the proper way to set up development. This is not the path of least resistance, but a necessary step to get the organization on the right path. This will more than likely involve solving the original problem that created the string of kludges that ended with a post blaming Microsoft for bringing a site down.

Troubleshooting The Original Problem

I am going to use the original “Check in your files” problem to illustrate troubleshooting. The formula is general enough you can tailor it to your use, but I am using specifics.

First, create a hypothesis.

I cannot check in the files, so I hypothesize Greg has them checked out.

Next, try to disprove the hypothesis. This is done by attempting to find checked out files. In this case, the hypothesis would have easily been destroyed by examining the files and find out none were checked out.


So the next step would be to set up another hypothesis. But let’s assume we found this file as “checked out”. The next step is to look at the person who has the file checked out to ensure the problem is “Greg has the file checked out” and not “someone has the file checked out”.


Since the name Greg Beamer is not here, even if the file were checked out, he cannot solve the problem.

Next, even if you have a possible solution, make sure you eliminate other potential issues. In this case, let’s assume only some of the files were checked out when examined, but the user was still having problems uploading. What else can cause this issue.

Here is what I did.

  1. Assume I do have things checked out first, as it is a possible reason for the problem. When that failed, look at the user’s permissions on the files in question. I found this:
  2. Hypothesis: User does not have proper permissions. Attempted solution: Grant permissions
  3. Found out permissions were inherited, so it was not a good idea to grant at the page level. Move up to the site level required opening in SharePoint online, where I find the same permissions.
  4. Now, my inclination is to grant permissions myself, but I noticed something else.

    which leads to this

    which further led to this (looking at Site Collection Images):

The permissions here are completely different. The user is not restricted, so he can access these.

I did try to give permissions to solve the issue:

But end up with incomplete results:


I further got rid of the special permissions on some folders, as they were not needed. More than likely added to give the developer rights to those folders. I still have the above, however, which means someone more skilled needs to solve the problem.

The point here is numerous issues were found, none of which were the original hypothesis, which was reached via an assumption. The assumption was

I cannot check in, therefore I assume someone has the files checked out. Since Greg is the only other person I know working on the files, I assume he has them checked out.

Both assumptions were incorrect. But that is not the main point. The main point is even if they were correct, are there any other issues. As illustrated, there were numerous issues that needed to be solved.


Troubleshooting is a scientific endeavor. Like any experiment, you have to state the problem first. If you don’t understand a problem, you can’t solve it..

You then have to form a hypothesis. If it fails, you have to do over, perhaps even redefining the problem. You do this until you find a hypothesis that works.

After you solve the problem, you should look at other causes. Why? Because you either a) may not have the best solution and b) you may still have other issues. This is a step that is missed more often than not, especially by junior IT staff.

Let me end with a story on the importance of troubleshooting:

Almost everyone I know that has the CCIE certification took two tries to get it. If you don’t know what CCIE is, it is the Cisco Certified Internetwork Engineer certification. It is considered one of the most coveted certifications and one of the hardest to attain. The reason is you have to troubleshoot rather than simply solve the problem.

The certification is in two parts. A written exam, which most people pass the first time, and a practical exercise, which most fail. The practical exercise takes place over a day and has two parts:

  1. You have to set up a network in a lab according to specifications given at the beginning of the day.
  2. After lunch, you come back to find something not working and have to troubleshoot the problem

Many of the people I know that failed the first time solved the problem and got the network working.So why did they fail? They went on assumptions based on problems they had solved in the past rather than worked through a checklist of troubleshooting steps. Talking to one of my CCIE friends, he explained it this way (paraphrased, of course):

When you simply solve the problem, you may get things working, but you may also end up taking shortcuts that cause other problems down the line. Sometimes these further problems are more expensive than the original problem, especially if they deal with security.

Sound similar to a problem described in this blog entry? Just turn off IIS directory traversing and the site works. Both the poster and the hacker say thanks.

Please note there are times when the short solution is required, even if it is not the best. There are time constraints that dictate a less than optimal approach. Realize, however, this is technical debt, which will eventually have to be paid. When you do not take the time to troubleshoot, and run on assumption, build in time to go back through the problem later, when the crisis is over. That, of course, is a topic for another day.

Peace and Grace,

Twitter: @gbworld


Get every new post delivered to your Inbox.