/2011/03/07/the-death-star-was-an-agile-project#comment-140Agile went perfect for death star project, the error was fully on client side… They trust too much on their security so they didn't ask for a indestructible death star, just for a mortal deadly, evil, enormous, piece of ultramassive destruction weapon.Remember Jedi's (or siths) sense things before they happened.Also, as justification for awesomness of Emperor and Darth Vader powers, They couldn't sense the danger coming because, it was an “In progress Jedi”; that kind of things lessons you don't learn until they explode in your face.procrastination is never good when is about your children. 2011-06-25T01:38:00urn:comment:140/2011/03/07/the-death-star-was-an-agile-project#comment-122I totally see where they went wrong here. They weren't using their SIS or JPAC reports correctly. If Mr. Vader would've called Dr. Perry and Heather he would have saved the death star from destruction.2011-05-25T21:31:00urn:comment:122/2011/03/07/the-death-star-was-an-agile-project#comment-139..you do need 2 get A LIFE..2011-04-01T23:43:00urn:comment:139/2011/03/07/the-death-star-was-an-agile-project#comment-121Perfect. As are all the comments this spurred. What it reminds me of is how little most coaches and instructors think about their analogies. This would get a lot of people to think about it. My least favorite has been the house. You want the 2nd floor bathroom first. But can't do it because of dependencies of course. Says who? Old waterfall guys. Ever heard of modular construction? Ships are in fact built with whatever they want first. You can make the radio shack (among the top most things on the ship) first, and even power it up and sit in it. Just can't install it till you assemble a lot more modules. This is an analogy to me. And: the Death Star suffered from a bad product owner. I suspect the guy with the Admiral Choking Power doesn't respond well to “you can have that feature, but will have to give up another one or two of the same difficulty.”2011-03-29T03:02:00urn:comment:121/2011/03/07/the-death-star-was-an-agile-project#comment-120After reading all the comments…. The fact that the weapon was built before the rest is not a failing of agile…. what agile allowed it to do was having *something* working. The client needed something, the rebels were turning up – it could sit there as an empty shell and be attacked, or sit there was some shields in place and a big gun. As it turned out, the gun helped and did it's job really effectively. The client asked for something, understood the risks – those risks failed, but for a while, the product was doing it's job – rather than nothing at all and the client would have been in a worse situation sooner. p.s. it was waterfall planning, agile implementation.2011-03-24T12:36:00urn:comment:120/2011/03/07/the-death-star-was-an-agile-project#comment-119Make sure you check out http://softwaremaestro.wordpress.com/2007/06/30/scrum-master-jar-jar/2011-03-24T05:58:00urn:comment:119/2011/03/07/the-death-star-was-an-agile-project#comment-118although, this does fly in the face of the dark side's methods… as Obi Wan says, 'only the Sith deal in absolutes'… maybe they were trying to change.2011-03-24T03:41:00urn:comment:118/2011/03/07/the-death-star-was-an-agile-project#comment-117That's right, don't you remember? When Han Solo and friends plant the charges in shield generator and are ambushed by the Empire, you can clearly hear the Empire forces leader say: “You Rebel Scrum!”2011-03-24T03:03:00urn:comment:117/2011/03/07/the-death-star-was-an-agile-project#comment-116Sounds like you are involved in a poorly managed Agile-monikered project…2011-03-24T00:38:00urn:comment:116/2011/03/07/the-death-star-was-an-agile-project#comment-115So what your saying effective Agile is a manifestation of the Dark Side of The Force?2011-03-23T18:35:00urn:comment:115/2011/03/07/the-death-star-was-an-agile-project#comment-114Read the Thrawn novels. Enjoy.2011-03-23T18:01:00urn:comment:114/2011/03/07/the-death-star-was-an-agile-project#comment-113I guess this goes to show you that Agile processes don't mix well with Application Security. The priorities were completely out of whack — the customer would have attained the most benefit from a non-thrown-into-reactor, non-blown-up-Death-Star scenario. If only a hardening sprint or two were spent on verification of coding and architecture standards using Hibernate or iBATIS ORM with named parameters and proper variable binding (with additional caution to avoid string manipulation and concatenation operations)! If only they had hired an application penetration-tester before the rebels had arrived! Back to the OWASP drawing board. I suggest the Evil Empire purchase a copy of Burp Suite Professional and implement an embedded ModSecurity and AppSensor for their Apache Tomcat with a monitored, whitelist approach to encoding and data validation issues next time. It takes about one day to implement AppSensor (i.e. part of a hardening sprint), a few weeks to implement ModSecurity (a longer, dedicated hardening sprint), and about a month to understand Burp Suite Professional (in order to perform a thorough pen-test). If faster times are needed, I suggest a copy of “The ModSecurity Handbook” or perhaps PortSwigger Ltd's official “Web Application Hacker's Handbook: Live Edition” training class. Yes, it should be the application developers doing this work — not the IT/Ops team. Perhaps DevOps would be best suited to the AppSensor and ModSecurity implementation, if such a team exists. App developers cannot and should not assume that an MCSE or CCIE knows anything about data encoding or validation issues — they probably don't even know what a parameter or Views folder is (let alone what a controller does).2011-03-23T17:58:00urn:comment:113/2011/03/07/the-death-star-was-an-agile-project#comment-112If you ask me, they weren't Agile enough. After the destruction of the first Death Star, they should have focused on preventing another.. disintegration. If they would just block the path to the core (by making it really narrow or/and twisted – with very sharp turns?) they would have succeeded.2011-03-23T17:50:00urn:comment:112/2011/03/07/the-death-star-was-an-agile-project#comment-111There are FREE ebooks on Amazon for Star Wars fans….2011-03-23T17:34:00urn:comment:111/2011/03/07/the-death-star-was-an-agile-project#comment-110And yet the Agile project blew up in the end!2011-03-23T17:21:00urn:comment:110/2011/03/07/the-death-star-was-an-agile-project#comment-109It worked out much better for Tyler Vernen and Troy in “Live free or Die” by John Ringo.2011-03-23T16:50:00urn:comment:109/2011/03/07/the-death-star-was-an-agile-project#comment-108As a matter of fact, even top agilists recognize Waterfall definitely works in some scenarios. Of course, they're talking about life-critical systems, which definitely have to be closed to changes in requirements. Not that it's the best for creating a web app. But bottom-line, yes, any tool can be useful if you apply it the right way.2011-03-23T15:04:00urn:comment:108/2011/03/07/the-death-star-was-an-agile-project#comment-107“So, it's a lesson for us all. When writing code, don't forget to account for Ewoks!” Greatest. Quote. Ever. 2011-03-23T14:07:00urn:comment:107/2011/03/07/the-death-star-was-an-agile-project#comment-106Actually, what I think you have really uncovered is the classic corporate struggle of trying to adopt agile practices. And, as I said in another post, no, they really didn't leave the reactor core accessible. That's what the shields were for. They just didn't have a back-up plan to account for losing the shields. And that's because they became agile only when Vader showed up, not before. So, it's a lesson for us all. When writing code, don't forget to account for Ewoks!2011-03-23T13:36:00urn:comment:106/2011/03/07/the-death-star-was-an-agile-project#comment-105But it didn't NEED to be completed. That's what the SHIELDS were for! They just weren't agile enough to account for Ewoks.2011-03-23T13:30:00urn:comment:105