Actually, there are potentially more vulnerability vectors.

1. On a number of platforms (Windows, OS X, Android, and Linux), any application can subscribe to the clipboard. So if you’re copying your login credentials, anything on your system that might be compromised can grab it.
2. Along the same lines, the vectors for leaking an unencrypted text file are actually quite high. While all of the password managers I know of are vulnerable to various forms of scanning (except 1Password on Windows when operated on the secure desktop), the text file is likely to be unencrypted in full in scroll back history or something similar for quite some time. There are ways to avoid this, but they’re tricky and error-prone; you can look at the history of PGP secure notes for some background here on all the ways to mess things up.
3. An encrypted text file can also be difficult to merge. While you may be able to automate the process to a degree, you are again put into a position where you have to run your decrypted password file through multiple tools, which again increases your attack surface. E.g., most naïve ways of doing this would at least temporarily store both versions of your file unencrypted on disk to feed to a merge tool.
4. An encrypted text file also cannot store anything other than logins and passwords, which makes storing other forms of secure data hard. E.g., in 1Password, I track what login pages of sites I haven’t been to look like, and explicitly track the full login page URLs, so that I can catch myself if I somehow fall for the first part of a phishing attempt. You can obviously do that without a password manager, but you’re now reaching for something like a LibreOffice document, which expands your attack surface and increases complexity.
5. Finally, most modern password managers provide several things beyond mere storage, including cryptographically secure password generation, service exploitation monitoring (e.g., WatchTower for 1Password), which lets you know when a site you use has had its passwords compromised, and more. It’s not that you cannot do these things yourself, but it requires a lot of effort (monitoring HaveIBeenPwned, hoping you know to use arc4random or an equivalent with proper distribution across your alphabet, etc.). Collectively, these can dramatically decrease your attack surface, by allowing you to respond more effectively and proactively to site compromises.

If storing all your passwords in an encrypted text file works for you, that’s fine; more power to you. But I don’t think it’s accurate anymore to claim that going that route is more secure than alternatives.

For the same reason you don’t manually decrypt and paste in your ssh private key every time you log in to a host—convenience.

A password manager can also do some checks that humans may miss or flub, like stopping the pasting of your Gmail password into a convincing phishing site.

You would like pass(1)

That would be hard to use on a mobile phone I think.

Depending on your use case, this might be the solution. I have written my own at http://pestilenz.org/~ckeen/blog/posts/pee.html

“Just use caps lock” = “you’re doing it wrong.”

I configure my editor and CLI such that it has a few nice shortcuts, but it is pretty close to stock. The advantage of this is that I can sit down elsewhere (read: ssh into a box) and get things done without having to set everything up again. Remapping core keys (and, by extension, muscle memory), breaks this completely.

The noise from vim users seems to be overrepresented. Now, I happen to use vim and would have some reservations about buying a laptop without an escape key, but we’re talking about less than 10% of the market. (Apples portion of laptop market.) How many Apple users prefer sublime or atom or whatever now? How many Apple users are even developers?

By now I’d wager that literally every single Mac vim user has weighed in, but none of the twenty Mac users sitting around me have made a peep.

I use Karabiner to map caps lock to both escape and control at the same time. (Tap for escape, hold for control.) Try it–it’ll change your life. OK, no, but it’ll reduce finger stretch in vim a lot!

If it’s automated, then how do you explain the extremely irregular timestamps?

With the tendency to “minimize” and obfuscate JavaScript, we’re essentially already running binaries, aren’t we.

But it’ll be fast mystery code!

I think the idea is that this will be a portable and relatively safe analogue of assembly in the browser. And you can disable it in browsers that implement it if you want. I hope they have some form of signed executables for this format.

function(e){function t(e,t,n,i){var r,o,s,a,l,c,d,f,p,m;if((t?t.ownerDocument||t:P)!==&&D(t),t=t||,n=n||[],!e||“string”!=typeof e)return n;

Is honestly harder to read than assembly.

Hi, I’m the author of the article, and I haven’t had trouble with Vultr yet despite some service warnings about degraded network service due to some recent DDOS issues. I’ve been using it a few months. I’ve only been spending $5/month since I just need the smallest tier for my little server.

I appreciate that Vultr has built-in support for mounting the OpenBSD ISO and just running with it. That said, the link you posted is still a fairly simple process, so that’s nice.