If you have systemd-resolved, it tries to validate DNSSEC by default and replies with SERVFAIL if it fails. Same happens here, I go through some privacy focused DNS servers and they sometimes remove the signature.
I invite you to scientifically work on this important topic. Catch up on previous work by others and then use a proper statistical methodology to do proper research and validate your hypothesis.
Other possible factors that could explain it apart from your theory on SSRIs: more exhaustive news reporting, less wealthy parents and thereby more kids brought up in poverty conditions, more parents with lead poisoning, more kids exposed to plastics, more weapons per household, more exposure to violence and/or mobbing, violence in video games, less third places that kids have for socializing, more social media, more mobbing at school, more unrealistic beauty standards and many others. Some of them might've been researched already and some might not.
Even though you're not trying to do a degree you can always do proper science and maybe also prove a novel explanation.
I'm pretty sure religious fundamentalists from all beliefs would love to get rid of Eurovision song contest. Excluding Israeli citizens from it hurts their moderates more than it hurts the hardliners.
Ask Donald Epstein how they chose locations for Miss Universe during cold war times. They'd never exclude the countries they wanted to ideologically reform.
So the guy was Google's planted ~expert~ lobbyist for the European Commission and now he's rich enough to quit, and makes a blogpost about it because people are rightfully skeptical about his motives?
It's just sad that these kind of bugs still slip through. So many people lack the ability to come up with the most straightforward edge cases for their validation code.
To me it feels like people who build LEGO their whole lives but never once stray away from the step-by-step manual and never have built something "outside the box".
Respectfully, it sounds like you just haven't dealt with any significant tax or regulatory tasks.
There's entire industries of experts who work on these tasks, and they don't just work for people trying to skirt the rules. I've hired people for both tasks and the reason was specifically to comply.
NIST, MS, and the security community all recommend against forcing people to change their passwords on fixed intervals. They should only be changed when there is an indication they have been compromised.
PCI requirements demand mandatory 30 day rotation intervals on user passwords for users with administrative privileges, IORC. Something like that.
They haven’t kept up. So until they change the rules you can either be PCI compliant or implement the current best practice. Not both.
Your example completely ignores the temporal dimension.
The best practice was to rotate your passwords, but we discovered that this led users to picking less secure and easier to remember passwords and patterns.
Once technology offered up solutions to problems like password managers and breach notifications, that recommendation changed.
PCI used to mandate password changes for in-scope accounts (meaning they have access to credit card flows). Now that MFA is widely deployed that requirement only remains for accounts that do not have a second factor for authentication.
If you were ahead of the curve and implemented strong password policies that did not conform the the PCI baseline, all you had to do was explain to the auditor why. Assuming what you were doing genuinely increased your security posture it would be approved.
Other standards all used to recommend password rotation. Most have amended it to deprecate or even prohibit password rotation.
> Once technology offered up solutions to problems like password managers and breach notifications, that recommendation changed
It wasn’t just that.
The original recommendation for password expiration failed to take into account the human practices that resulted.
Everyone has worked in an office with passwords on post-it notes, or seen passwords numbered with sequentially incremented integers at the end. Password rotation isn’t merely a baseline level of assurance, it has a negative impact on security because of the effect it has on password hygiene. In practice, passwords that expire can be easily guessed by appending something to the end of the prior password. And they are more likely to be written down in plaintext.
Permanent, non-expiring passwords without MFA are stronger in practice than expiring passwords.
https://z.ai
reply