There are some sites where it truly doesn't matter.

I don't believe that. You may think it doesn't matter, but when it comes to identity theft, any little crumb of information may be useful to an attacker. And if you use the same weak password across a whole slew of supposedly "unimportant" sites, an attacker may be able to piece together a lot of information about you... enough to surprise you with cell phone bills you didn't sign up for, credit cards in your name, etc.

But I sure as fuck am not going to put ALL of them into ANY app or single program - there are backdoors built into routers these days, you expect some start-up (or even established) "password keeper" doesn't have that possibility? I am concerned for your common sense.

Woah, woah, woah, chill out!

I have the complete source code for my password manager. And guess what... I've even read the source code!

It uses "openssl bf" to encrypt (that's the Blowfish cipher). In spite of all the warnings about OpenSSL holes, I don't believe anyone's yet found a problem with its Blowfish implementation, and though Blowfish is old and there may be weak keys, I don't believe it has serious vulnerabilities especially when only used to encrypt small files.

If you don't have Internet access, then remembering your password for a web site is moot.

If you have only insecure Internet access, then you don't do anything important unless you can use HTTPS and make sure you validate the certificates.

That means they are both weak to being cracked/tampered with, and should your device be stolen, you are without all your passwords.

To defend against the first attack, you choose a strong master passphrase and you make sure your password manager uses a properly-implemented and secure encryption algorithm such as AES. To defend against the second attack, you regularly back up your password database. It's not rocket science.

I have two off-site backups: One to an encfs partition in my office and one to an encfs partition in a colocated server 200km away. Next question?

I use something called TkPasman, which runs on my Linux desktop. I don't use a mobile device much to surf the web, and never to log into any sites I care about because it's just too painful.

I could access it in a pinch by tunneling X over SSH back to my main computer, and I have done so in the past. Another thing I do is sync the password database to the handful of Linux desktops I use on a regular basis.

The password manager keepassx is available for Mac OS, Windows and Linux and you can sync the databases. I'm not aware of one that also works on Android or IOS, though. :(

The linked paper did mention password managers in passing, but dismissed them as being vulnerable to client-side malware which could compromise all your passwords. That assumption is true if you're running your password manager on a Windows system, I suppose, which is likely the only thing the "Redmond researchers" are even aware of. But if you keep your password manager on a separate device or run it under a secure sandbox in a secure OS, you're much better off than the paper implies.

Following up on myself: That research paper is awesome! Never before have I seen the use of partial differential equations to justify unequivocal bullshit. Amazing! They must've really worked hard on that.

That is just so stupid. Use a password-keeper and use strong passwords everywhere. Then you only need (1) physical access to your password keeper and (2) to remember one strong passphrase.

The "Right to Forget" could be a good ruling if the EU added two conditions:

1. A fee (lets say between $25-$50) for each takedown request. That is a small enough fee that it won't deter someone who really wants to get rid of an embarrassing search result, but it's big enough to deter organizations like the Scientologists from making thousands of requests.
2. A determination by a judge, tribunal, etc. that taking down the search result is in the public's interest.

If I'm a victim of slander, I'll go after the slanderer and the site publishing the slander, not Google for indexing it. Existing laws are quite sufficient to handle this case.

I hope this makes people think twice before filing a forget-me request. It ensures they'll be remembered.

Is this really news? Are we going to have an exposé entitled "Meet the model railroad enthusiasts the FBI and NSA have been spying on" ?

TL;DR: We hereby decide that those who believe in supernatural creators, talking snakes and magical rib-women are more qualified than medical professionals to decide who gets what medical treatment.

Thank you,

The Christian Republic of United States (Supreme Court Fatwa #1)

It was not your over a regulated banking system that prevented the problem It was good business sense.

I disagree. I don't think Canadian bankers have any more business sense the US bankers. If they could have gone on the wild subprime mortgage ride, they probably would have. But strict government regulations limited what they could do. So our banks had "dismal" profits in 2007 compared to US banks, but at least they were all still standing in 2009. See this analysis for example.

One study in the U.S. concluded that smokers save society 32 cents for every cigarette they smoke

OK. Here's something I don't expect Americans to grasp, but I'll say it anyway:

Sometimes there are more important values at stake than financial consideration.

The laws as expressed by government should be a reflection of the values of the population. If all the population cares about is money and nothing else, then that's not a society I'd care to live in.