1/ So here's the deal: it's not always clear that our perspective is necessarily the "right" one and the NYT's is the "wrong" one. There's good reason why the NYT might reasonably disagree. But...
https://twitter.com/thegrugq/status/1369086674848813059
2/ ...but it is still a clear difference between how the NYT reports things and how the either the tech press (Wired, Ars Technica, etc.) or the rest of the mainstream press (e.g. Associated Press) reports things.
3/ The NYT prides itself on not simply giving the "facts" but telling "narratives". In other words, as the paper of record, they don't simply want others to repeat their facts, but repeat the spin they've put on stories.
4/ You see that in how the NYT claimed the EternalBlue was responsible for the Baltimore ransomware attack. It was a narrative that EternalBlue was responsible for a lot of damage, even if it wasn't factually true it was involved in Baltimore.
nytimes.com/2019/05/25/us/…
nytimes.com/2019/05/25/us/…
5/ In other words, the story listed a lot of things where EternalBlue was involved -- so their is a narrative there even if the title and lede of the story turned out to be false (EternalBlue wasn't used in that specific ransomware).
6/ The problem with the NYtime's spin/narrative is that the rest of the facts are also debatable. For example, it misrepresents a DHS warning about Emotet, which also did not use EternalBlue as implied.
7/ Lastly, it's spin that vulns two years after a patch is available can be blamed on the "vuln" instead of "not patching". It's an op-ed, the NYTimes opinion, not "news".
8/ Now the fact that somebody blames the EternalBlue "vuln" when cybersecurity experts blame "not patching" doesn't mean the experts are right and the other side is wrong.
It's just that this is their opinion, spin, narrative -- and not "news".
It's just that this is their opinion, spin, narrative -- and not "news".
9/ However, there are cases where experts should be given more deference: when explaining basic concepts. There's a constant conflict between experts claiming an explanation is "wrong" and the NYTimes claiming "no, it's simplified".
10/ But it's not simplified. The NYTimes is trying to explain things they don't understand. You can't write a simplified explanation if not you are qualified to write the complex explanation.
11/ So the explanation isn't something simplified, but something that's twisted in support of whatever narrative or spin they are trying to tell.
12/ Other press outlets are more humble. Knowing they aren't qualified to simplify a complex topic, they ask experts to help them simplify it.
13/ The NYTimes notably DOESN'T CONSULT EXPERTS, they consult ELITES. The people quoted in NYTimes stories are anonymous senior administration officials and Washington thinktanks (aka lobbyists). They rarely quote techies.
14/ Note that this is problematic ACCORDING TO THEIR OWN JOURNALISTIC STANDARDS. It's the "Washington game" where in exchange for allowing government types to push their agenda, the journalist gets access to them. 
15/ It hurts us expert techies that we aren't treated as the elites we believe ourselves to be. I mean, techies are notorious for being the most stuck up bastards around, insisting you must do it our way, and cybersecurity techies are the worst of the lot.
16/ But at the same time, over the last year we've had the debate about "respecting the experts" on issues of health and masks. We live in world where the surgeon general is a physician and a chief economist an economist -- but cyberczars are never techies.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
