Retired Comedians and Missed Opportunities

Andrew Jaquith
Andrew Jaquith ∙ Managing Director, Markerbench
2 min read ∙ January 31, 2008

There’s this old joke about a comedians’ retirement home that goes something like this:

An aging comedian decides to retire to a community that has just other comedians living in it. On his first day there, he does down to lunch, and there’s a bunch of retired fellow comics sitting around the table.

The conversation they’re having puzzles the man a bit. One of comics at the table yells out, “12!” and everybody just dies laughing. Then another one says, “44!” and a three of them laugh so hard they roll straight out of their chairs and onto the floor.

When a lull in the conversation comes, the new guy introduces himself, and asks, “Hey, what’s going on? What’s so funny about yelling out numbers?”

One of the comics says, “Oh, you’re the new kid on the block, eh? Here’s what’s going on. We’ve all been retired for many years. We’ve been telling and re-telling the same old jokes for so long, we’ve assigned them all numbers. To save time, instead of telling the joke again, we just say the number!”

“Wow,” says the new guy. “I’ve never seen that before. That’s pretty cool. Mind if I join you?”

“Sure,” the other comic says, and beckons him to sit down.

The new guy is eager to fit in. So five minutes later, he yells out, “28!” NOBODY laughs—you could’ve heard a pin drop.

His voice qwavering, the new guy asks, “What’s wrong? Isn’t number 28 a good joke too?”

“Sure it is,” pipes in the other comic. “But it’s all about the delivery!”

I mention this because I can’t stand Jeff Jones’ quarterly festivals of FUD. Rather than complain yet again, and in detail, about how dumb vulnerability-counting is, why the methodology is flawed, why it has limited bearing on security, how the system is easily gamed, why it’s colored by Jeff’s obvious agenda, and why it’s a tragedy that Microsoft does not do what it should, namely mine the world’s most complete bug databases and code repositories for truly compelling information about code quality and application security metrics.

But I won’t do that again. I’m just going to, like these comics, just yell out the shorthand.

“Jeff Jones.”

Note that I’m not laughing.