Slashdot Mirror

How well do they run CUDA? From what I've done so far with ML/NNs it's CUDA all the way.

Almost all "How to use GPU for ___" come back with CUDA instructions first and OpenCL is nowhere near as close.

Looking at the tensorflow open tickets it's still very much a work in progress: https://github.com/tensorflow/...

There's an open source app called GadgetBridge that will support all the basics for Pebbles, and will keep working even if the Pebble cloud dies. You will still be able to load new apps and watchfaces and re-flash firmware. Apps that need to access the Internet may not work (for now, devs can contribute). As a side-bonus you get greatly increased privacy.

This is Android only, I don't know if there's an iOS equivalent (anyone?).

However, powershell *puroports* to have security features like execution policies and signing, so it draws more scrutiny.

Both terrible "security" policies. What would a signature possibly mean to me as a user if I don't know you? With or without a signature, my choice is still: either I run this script I need to my job, or I don't and I can't do my job (or it gets much, much harder). So basically PowerShell's security is no better than any other shell that's come before it; it projects a false sense of security, and like UAC before it, it just gets in your way.

So given the fact that getting a job done is king, and running scripts or programs written by potentially malicious people is the only reasonable way to do your job, then running arbitrary scripts must be made safe. The means to achieve this is the Principle of Least Authority (POLA), and POLA environments can and have been done before, even within commodity POSIX and Windows systems.

The earliest secure POSIX shell that I recall was Plash. Now we also have Shill (requires a kernel module) and the Capsicum shell (also requires kernel modules). Windows can be made POLA secure out of the box as was demonstrated with Polaris.

It's just amazing that we fail to learn the mistakes of the past even when solutions are available.

But can you program in Z80 and 6502 machine code? You really only need to know a few instructions, because the details are in the bits.

I wrote my own assembler and debugger for programming my Apple //e. I got fed up of typing in hex.

https://github.com/dj-on-githu...

nbind is a VM-neutral stable C++ / JavaScript API that already works across all versions of Node.js, Electron and recent evergreen web browsers. Binaries for Node.js and Electron can be compiled using GCC, Clang or Visual Studio targeting Linux, OS X or Windows. Asm.js binaries for browsers and Electron can be compiled using Emscripten. The API is the same in both cases, and work is ongoing to also provide a stable ABI across all versions of Node.js and Electron on a single platform.

Basically C++ classes and functions can be written using ordinary standard library types. Calling a special macro then invokes templates from nbind headers that autodetect argument and return types, handle type conversion and inform the JavaScript VM about the C++ API. nbind can also automatically generate TypeScript definitions.

Here's an example:

class VectorTest {
public:

    static std::vector getInts() {
        std::vector a {{ 13, 21, 34 }};
        return(a);
    }
};

NBIND_CLASS(VectorTest) {
    method(getInts);
}

To call it from Node.js:

const addon = require('nbind').init().lib

console.log(addon.VectorTest.getInts());

For notifications, try linconnect: https://github.com/hauckwill/l...

For file transfers, try DavDrive Lite: https://play.google.com/store/...

Although DavDrive says it is only supported on Ubuntu, I have used it on several rpm-based distros.

Use NoScript and forbid scripts globally and this will mitigate the exploit.

Or I think uMatrix will work? (howto)

the FBI is now openly issuing the general warrants

No kidding. Today there's a new Tor 0-day and its code looks a lot like the FBI's 2013 mass exploit "NIT" (Network Investigative Technique) against Tor.

https://github.com/umlaeute/v4...
If kdenlive supports v4l2, this might help. I don't have a dv cam to test this with, but the module builds just fine on my x86_64 kernel 4.8.11 system. All I did was clone with git and type make. Your distro might even have pkgs for it.

Team Password Manager (http://teampasswordmanager.com/)is self hosted and has a Chrome extension, and free for two users.

So you have to trust a closed source program, and run it on a server with PHP, IconCube, MySQL (with ALL privileges, no separation between user and admin rights) and Apache, and poke a hole in your firewall to reach its web server? That's increasing security?

Never mind the mind boggling idea of using a browser extension to give your browser a backdoor into it to increase convenience.

LastPass doesn't provide access to source code, either. However, if Open Source == Security, that can be arranged. I have no idea how LastPass isolates its database. Really, the question is who I'm trying to protect my passwords from. Hackers by way of a firewall? At a purely technical level, yeah, LastPass probably wins this one, though my Untangle firewall is pretty strict. From three-letter-agencies and mass data dumps? If nothing else, security-through-obscurity would land squarely in my favor.

Regarding the Chrome extension, it works on Chromium, it's optional, and "Over a VPN" is a perfectly viable way to avoid poking a hole in my firewall.

Yep. Quite recently.

https://github.com/cloudtools/...

There is huge momentum behind the RISC-V software ecosystem, and you can see a partial list of all the software that has been written for RISC-V here: https://github.com/arunthomas/... Some highlights: Binutils, GCC, OpenOCD, LLVM, Linux, Fedora, Debian, FreeBSD

I recently observed how 'systemctl whatever disable' (or whatever the correct syntax is, I don't remember) would exit successfully, even if "whatever" is not even a valid service name. No warning either. In a script that would have shat itself, but oh well, scripts are evil, right? Too transparent and readily debugable.

Now, go ahead and explain to me why exiting successfully when trying to disable a nonexistant services is A-OK because if the service does not exist, it is kinda-sorta disabled anyway and thus totally not a problem.

To me it is the poor design shining through, and with this precedent how am I supposed to trust in that this was a coincidence and the rest of systemd does not have those basic glitches that can lead to extremely obscure errors down the line. Especially since I ran into this within the first 10 minutes of familiarizing myself with that shiny new blackbox. Fuck this crap. I went back to sysvinit on Debian, and I don't even like sysvinit, but systemd is orders of magnitude worse (at the same time also being orders of magnitude bigger. the amount of code that is PID1 alone is mind-boggling. If you don't believe it, Look at the goddamn source and, wait, no, don't just count the lines -- if you are marginally familiar with C, you will notice there is over a page worth of local includes. Are you marginally familiar with C and do you want to explain what this means wrt. to how much code is running as PID1?).

That said, other fancy new-school linux toys have similar issues. Especially the 'ip' tool or iproute2. If you script it, it better "work fine, thank you", and if not you're SOL.

Disclaimer: I'm currently being "forced" to run Linux at work, so I have to put up with this shit. I'll eventually be back on NetBSD and start enjoying watching the circus that is Linux again.

PS: You running systemd on what I assume are production servers gives evidence of carelessness. No matter how good or crappy systemd is, it is not mature. You don't run immature stuff on production servers, whenever possible. sysadmin 101.
Thus I'm going to assume 17 years means more like 5 years and you're a PFY. Thank god I don't have to work with you.

Just tagging this on:

Executor still exists, and is open source now. But it appears nothing is being done with it.

I told you this was coming but nobody listened.

the lack of a CDM specification was an intentional action by the companies currently drafting the EME for the express purpose of creating hardware dependance. While the EME does not preclude a system agnostic CDM specification, the companies drafting the EME have a vested financial interest in preventing it. If it's too late in the process to add a CDM specification, then the EME should be withheld from the approval process until an accompanying system agnostic CDM specification is approved.

This has already had real consequences.

Due to the lack of a proper CDM specification, Microsoft was able to make deals with major content providers to require Microsoft Playready 3.0 which uses a CDM that only works on a few browsers, only on Windows platforms and only if you have the latest Intel or AMD CPU. This is also the reason why Linux computers cannot view 4K videos on Netflix website. The only Linux computers that can view 4K content are SmartTVs made by companies that paid Microsoft.

Rather than just provide x86 emulation on ARM, we can use x86 emulation on ARM to run Oracle's x86 Java implementation. We can run the jRuby interpreter in that. And we can use jRuby to run this ATARI 2600 emulator.

I bet a lot of you folks can suggest a more absurd one than that.

Hey, folks. There's a couple places I could probably post this, but figured this was as good a place as any. ;) With fake news being a big problem, I wrote a quick open-source browser extension to highlight articles from comedy or low-quality news sources. Tried not to be biased, but I'm sure there's some present.

Anyway, you can check it out on the Chrome web store: https://chrome.google.com/webs...

Or hit up the GitHub repo: https://github.com/Fortyseven/...

Some of their tech is available.

https://github.com/facebook
https://github.com/uber

I briefly considered using Facebook Folly in a C++ project, but ultimately I used Boost instead.

Some of their tech is available.

https://github.com/facebook
https://github.com/uber

I briefly considered using Facebook Folly in a C++ project, but ultimately I used Boost instead.

Normally locked to the HTC Vive (has an explicit check for the make/model of your headset). But Shockfire's wedge dll spoofs the headset ID strings and makes it work perfectly on the Oculus Rift (and it really is gorgeous).

Best used with motion controllers too - I use an old Hydra (works great), but pre-release Oculus Touch controllers, Playstation Move wands, even a Leap Motion will get you there. Keyboard controls are available too, in a pinch.

Not really. Unless they figure out a way to own https://github.com/torvalds/linux, or to convert most people and companies to using Microsoft's fork of Linux (the existence of which is still just speculation on your part), then it will remain as it is.

Dear Mark Zuckerberg,

I'm writing to you with a concern of critical national importance. I hope that you will read what I've written and consider it carefully. I believe that Facebook has a moral duty to act.

I've spent the last 18 months or so participating in our political process on Facebook. I've joined Hillary Clinton and Donald Trump groups. I've attempted to argue my position with my neighbors and fellow citizens, trying to explain to them why I think Donald Trump's proposals, policies, and distortion of truth are bad for the country. But that's not what I'm writing to you about today.

I'm writing to share the depravity I witnessed and participated in – a torrent of personal attacks, of name-calling, of ad hominem, of attacking the individual instead of the argument. I was called a "fag", a "pussy" and a "libtard". I watched people who shared my position call others "baggers", "stupid fucks", "bigots", "inbred", and "fuckwits". I did it. I am ashamed. These insults don't demean a position, or idea, or way of thinking. Those can easily be discarded by people. They can be shed. They're not an identity, no matter how much identity politics wants us to believe that. I participated in it. I am culpable. You are culpable. We are culpable.

I'll refrain from discussing James Comey's misconduct or RNC obstruction. That's all been well documented. Hillary Clinton called 25% of the country "a basket of deplorables". Not their positions, not their conduct, not their statements – them. That has an impact. It causes social pain. This is a well-documented thing in human health. It exists.

Trevor Noah of the Daily Show, America's least-appreciated successor to Jon Stewart, made a critically important point in my opinion: the basket is actually the most offensive part of this. It conjures images of a portion of the nation about to be thrown away economically, a portion that has been or will be left behind, a portion of the country that – true or not – fears they have no place in human progress. That is toxic. It cannot stand in a free and open society.

I watched my fellow citizens literally hunt down pictures of peoples' children, photoshop text on to them (sorry Adobe), and use them as political ammunition in blind rage. I've watched people use Facebook's comically understaffed and unsophisticated reporting system as a means of retaliation, to get accounts pulled, to remove peoples' ability to participate at all instead of attempt to address their arguments. This is sick. This is depravity. This cannot stand.

Facebook must add tools for fact-checking positions. It must add tools to redirect people away from personal attacks, from tracking down peoples' employers, from mining through the personal lives of others in retaliation for expressing a dissenting opinion, no matter how misguided. It must stop the spread of fake news from Veles, Macedonia designed to channel our collective outrage at things that aren't even true into Google AdSense payments. It needs to stop placing news from domains like USANEWSPOLITIC24.COM on equal visual footing with the New York Times, The Washington Post, and The Oregonian. Facebook owes it to the world, it owes it to the country, and it owes it to its shareholders, who would like to see this grand experiment in social participation actually survive long term.

Mark, you have a duty to act. Your silence is disconcerting. Please. America can learn a powerful lesson from this tragedy of an election. The whole world is watching.

Please publish this letter anonymously. Please withhold and protect my identity for a minimum of one year. I genuinely fear reprisal and retaliation. I fear for my country and I fear for my life.

https://github.com/livefreeord...

I've been playing around with a Playstation VR Headset. It works just fine on Linux, has head tracking built into the headset and is detectable over USB. thanks to libpsvr: https://github.com/adawarp/lib... it is really easy to make the headset switch from Cinema mode into VR Mode. I am currently working on Adding VR support to Vegastrike and Freespace 2.

*** "enhance!" (+ rinse and repeat)to blow up a single pixel of a reflection in a car's side mirror captured by a fuzzy analog security cam into a glorious full hd image.. nope. that's even worse

Turns out that ones kind of working now.

https://github.com/alexjc/neur...

Use a real keyboard or an emulation and wifi won't be required. The side channel will be audio, easy to distinguish by an unaided human ear, from the next building.

Funny. A few months ago I started trying to write a Land of Devastation clone. It's not very far along, but here

VGA out, and it runs a host of old hardware. Sega, NES, Amiga, C64, Apple II, too many to mention.

And they come with a full development kit. Altera Quartus and GCC, and you can make it do pretty much anything you want.

~£28, it would be interesting to know from someone experienced in this level of hardware how low the cost could be driven down by selecting an appropriate size FPGA based on the HDL and low frequencies those chips ran on the NES.

Check out the MIST FPGA https://github.com/mist-devel/... and Zx-Uno http://zxuno.speccy.org/index_... projects.

Both have an open-source NES core supporting many games (forks of the same original project). They are more expensive than the NES mini, the ZxUno at 70 euros (without case nor VGA adapter), and the MiST at 200 euros with a case [but bigger FPGA = supports more systems such as Atari and Amiga]. There are a couple of gotchas though: neither connects to carts (they could in theory, but the focus was to make them generic so they use SD cards), and more importantly neither has HDMI. That isn't a huge problem but you could expect a slightly higher price to add the necessary parts.

TL;DR the solutions exist, price could be made comparable but probably they can't be bothered to find a hardware guru to do it.

And the public should be able to examine the change logs to see whose office put in what to each bill.

Yes, we need LawHub. https://github.com/divegeek/us... (note that I stopped updating that repo years ago so the content is quite stale).

This one caught my eye - https://github.com/bro/bro - presented to you by the DoE
> Bro is a powerful network analysis framework that is much different from the typical IDS you may know.

Not particularly, considering that it runs a customized version of OpenWRT Chaos Calmer, with sources available at https://github.com/Vonger/open...

Yes I have. It is 100% secure. I have audited the code.

Then it looks like you've got some serious 'splain' to do, since some folks have found
a few issues with your "100% secure" assessment.

So how do you know Lastpass is secure?

Gee, I don't know. Maybe you could just audit the source code, the same as you claim did for KeePass. LastPass is open source too, after all.

These kind of "promises" by closed-source software security companies are rather worthless. If they want to, they'll have all your passwords

1) They're open source: https://github.com/LastPass/la...

2) The only way they "have all your passwords" is as an encrypted blob. See #1 if you want to confirm it for yourself.

3) Your master password that could decrypt that blob never leaves your system.

And then there's this discussion about the quality of code in KeyPass, which seems to call into question some of what you said. While your ideas about open source probably work fine as generalizations, they should not be stated as absolutes, since they oftentimes fail in particular instances.

As long as LastPass' software is not open-source, you can only hope they are telling the truth. I can put keepass in a debugger and see what it does.

1) It is open source. The command-line underpinnings are available here on github, and you can easily look at the source for any extension by just navigating to it in your file system and opening the various files. Admittedly, the desktop GUI and cloud backend aren't available, but neither is necessary for verifying that the cloud never receives data it can decrypt, and neither is necessary to use the app.

2) Given that you said "I can put keepass in a debugger", rather than "I have put keepass in a debugger", it's pretty clear that it's not something you've ever done. Likewise, I'd wager you're like the rest of us and have never confirmed that someone you know and trust has done a security audit of KeePass*, so it's fair to say that you've been placing your trust in blind faith to keep KeePass secure.

3) Since you're relying on blind faith for security, either you don't actually care about security, even though you may think otherwise, or else "if it's not open source, I don't trust it" has become a form of dogma for you (i.e. "open source" = "stamp of approval"), rather than being the practical means for ensuring better security that it's supposed to be (i.e. "open source" = "now it's up to us to review the code").

More or less, it's abundantly clear that you didn't look into LastPass at all and that you're not holding KeePass to the same standard you're applying to LastPass, so it's rather disingenuous to suggest that the issues you've raised are any sort of genuine concern you actually have. As it so happens, I strongly agree that open source is a great means for providing enhanced security, but I also recognize that I can't treat it as a religion, so if I'm not reviewing the code or confirming that someone trustworthy is, then it might as well be a closed source black box, for all the good its openness is doing me.

*I'm not saying KeePass has never had a security audit. I'm expressing my doubt that you ever bothered to check.

(Disclaimer: As I said in my previous comment, I've got no horse in this race. Both seem like decent apps, so far as I can tell.)

Here you go: https://github.com/lastpass/la...

Just going to leave this here... https://github.com/mattermost/...

Slack kicks the crap out of IRC. I say this as a DALnet admin and Undernet oper.

Since LastPass is open source whats your complaint?
https://github.com/lastpass/la...

https://github.com/LastPass/la...

Oh look at that, a shill posting a boilerplate explanation from his company's own website.

Unless you have "evidence" to the contrary, I'm gonna say that your opinion is irrelevant because it isn't your own, your corporate pimps handed it down to you and you sucked it up like the good little whore you are.

This is where we thank the wonders of open-source, so you can freely read the code and see for yourself how it works.

Not that I suspect, of course, that you ever have done that, ever wanted to do that, or ever will do that. At least I'm the honest whore.

For the moments that your phone is on, YOU decide if your apps can use the microphone.

This should be standard in the Android OS. Tells you something about Google that it's not.

For your phone:
1) Use an android phone. If you have an iPhone, forget it. There is no way to help you* on the iphone, except installing no apps at all.
2) Root your phone. I hope you thought about buying a rootable phone in step 1).
3) Install XPosed http://repo.xposed.info/
4) Install XPrivacy https://github.com/M66B/XPriva...
5) Consider donating for XPrivacy to get a Pro-Key and to help them develop this awesome project.
6) Think about installing AFWall+ as well, to cut internet access for some apps. XPrivacy can do this, but using AFWall is an easy way.

* Maybe with a jailbreak, i do not know the ecosystem of free apps for jailbroken iPhones. On the other hand, who wants to fight with apple all the time, who tries to lock you out again with each update? Just upgrade to an Android Phone. Nexus phones are a good choice.

The license (APL) is such that Google does not control the source code. Now that it's out, there's no going back. Microsoft's license on there other hand has some caveats.

It's right here. What caveats does it have? It's effectively MIT. If you haven't even bothered to read the license then I have little confidence you have any knowledge relevant to be capable of giving an opinion on the source code.

I've been running an Acer C720 chromebook for years. I bought it off a friend for $75. Now I use it for work, and for fun at home.

It's got SeaBIOS hack, and Ubuntu 14 with ZSWAP (compress RAM as a "Swap" to increase your effective RAM). It "was" running Huge Green Bug ( https://github.com/hugegreenbu... ) but either the guy stopped updating it, or, he upgraded the only distro he supports and all my repos stopped working. So I told it I was actually running Ubuntu and ran a full distro upgrade. It broke some of the special fixes he added, like the mousepad scroll rate is super fast, and a couple other things. But I mostly got it running fine again.

Now back to usability. Ubuntu with Unity freaking rules. I'm NO canonical fanboy but Unity has absolutely beautiful hotkeys for a Netbook once you get used to them. With different combinations of SUPER + ALT/CONTROL I can easily run four virtual desktops, move windows between them, INVERT a Window (or all of Linux) for easier-than-Windows night mode browsing. (I hardcoded Ctrl-Alt-Shift-N to "negate" a window, and Cltr-Alt-Shift-I to "negate" the entire system.) I also use Guake which is a drop-down console like Guake has. The key thing about Guake is, it _doesn't_ change with virtual desktop, so I've got a drop-down terminal (with tabs) that stays the same at the push of a button and it's always there regardless of what "task = virtual desktop" that I'm working at. So I'll have personal stuff on one virtual desktop, then one or more independent tasks in the rest. So I can have gmail on one, then work notes on the next, and Audacity on the next for recording a conference call, and work internet on the last desktop. AND, Guake then has three or four tabs that have random terminal stuff as well as htop (task manager), Wavemon (Wifi manager), and a custom bash script with various statistics like RAM availability.

Now, flaws? Other than some initial setup issues, my biggest and only real flaw is: LACK OF RAM. Mine only has 2 GB of RAM. For the LOVE OF GOD, get more than 2 GB of RAM if you plan to use multi-tasking AND internet. A single Google Document webpage is a RAM whore and will eat up at least 200MB. And once you hit the end of RAM (and ZRAM), you are SCREWED and the system will start lagging and if you don't hurry and stop the "too many tabs", the system will completely halt to the point it's faster to reboot than to recover. On the brightside, the SSD on that laptop means it reboots in less than eight seconds!

So, get a 4 GB RAM laptop, and any Netbook with the CPU of an Acer C720 or later should be more than enough. (C720 has an i3 model but I think it's only 2 GB. So you have to decide between 4 GB or a better CPU.) There _should_ be better netbooks out there these days though. But mine is just fine. It also has a battery life of eight to ten hours!

They're not actually building a new browser engine, much less calling it Quantum. This is an internal project name (project, not product!).

If I understand correctly, they've been experimenting with Servo, a browser engine they've built using the Rust programming language. Rust aims for speed, concurrency and safety, which is highly desirable but hard to achieve on modern (multi-cpu/multi-core) devices using conventional programming languages.

Now their plan is to gradually replace bits and pieces of Gecko (the current rendering engine) with parts from Servo. This is a process they already started and which will take some time to complete. Some of the benefits are already present in their nightly browser builds, others at least sound very promising.

If you want to learn more about the project and/or the resulting transition, take a look at these articles (the post at softpedia is quite misleading IMHO):
- https://medium.com/mozilla-tech/a-quantum-leap-for-the-web-a3b7174b3c12#.s4zttcbxe
- https://billmccloskey.wordpress.com/2016/10/27/mozillas-quantum-project/

(I hope this helps to clear up some of the confusion)

The solution is very simple: use a keymapper. I map my Caps Lock to Escape. I use Karabiner for macOS. And better yet, recently the Japanese developer Takayama Fumihiko open sourced it: https://github.com/tekezo/Kara...

For many years, he has been maintaining Karabiner, and with every update to OS X/macOS, he was ready with a new version to support the new OS. It's astounding, really. Every year, I donate because it's worth it to me: https://pqrs.org/osx/karabiner...

They provided the direct link to the apk file. Scroll down in the README.md displayed on the github link to the heading "Android GUI app" found here. The first line of the paragraph has the phrase "Android app" as a link to the drammer.apk file. You can use this to sideload onto your device and perform the check. They also tried to provide a link to the Google Play page for the app in that section of the doc, however it looks like Google disabled it as against the TOS (link now goes to a 404 page).

All that said, this is probably one of those apps you'll want to first read the source and see for yourself what it's doing, then install the Android NDK on a PC to compile it; from there sideload the apk you built. This way you can at least be a little more certain of the build to make sure that it only does exactly what the code says it should...instead of trusting someone else's build to not have any added features

The name of the bot is Mirai.

Here is the source: https://github.com/jgamblin/Mirai-Source-Code

I concur that the benefits of "upgrades" have been a matter of diminishing returns for quite some time now. Even if there's upgrades and features now, I worry that in five years from now, the real value will be "not losing access to your data".I share your staunch aversion to software subscriptions for that reason.

The problem with relying on the Open Source community to fill the vacuum is that there are lots and lots of factors that are involved. People genuinely do appreciate and benefit from ubiquitous access to their data. That's certainly possible with a whole lot of self-hosted software, but those methods require back end resources, a firewall of consequence, backups, and an internet connection that not only has enough upload bandwidth to support these applications, but an internet connection that doesn't block ports 80 and 443. Here at Slashdot those things aren't a problem, and the Synology NAS units (as well as a few others) help to streamline these through things like QuickConnect, but now we've left OSS solutions.

If we're looking at desktop applications, Quickbooks' greatest asset is the fact that every accounting firm will take a .QBW file, and any Main Street business owner can talk to any other Main Street business owner and probably find out how to do what they need to do. Meanwhile, virtually every OSS accounting package I've looked at has either had a Spartan UI, doesn't do payroll, is gross overkill, or is cloud-only...and all of them are double-entry. The closest I've found from a UI perspective is Xtuple, but its server requirements are insane compared to Quickbooks for a single-machine install. Thus, I submit that the reason why Intuit (whose level of evil in the software world is only eclipsed by Oracle) owns the small business accounting market is because there aren't any single entry OSS financial management applications at all...and with the exception of GNUcash, the only reason why there are the higher end OSS products is because all of their commercial packages have massive price tags attached to them that will rival Intuit's enterprise editions.

On the creative software front, OSS is still very difficult to acclimate to. GIMP can generally do the job in spite of its suboptimal interface, Inkscape is limited but can do the basics well enough, and Scribus is in the uncanny valley between Publisher and InDesign. KDenLive isn't the worst thing ever, but video editing = patent encumbered formats = OSS license hell. Ardour and Audacity can do the job, but they definitely lack the polish of Audition. Honestly, the best competitor to Adobe is Corel, not Github.

There are lots of places where OSS shines (pick just about anywhere in the server closet - you're crazy to run Windows Server as a router, but pfSense, Untangle, Smoothwall, Endian, ClearOS......). There are, however, going to be areas where OSS just will always play second fiddle to commercial software houses. As my very loose rule of thumb, I've found that the further away from programming a discipline is, the worse the OSS software packages are for it.

apt-get install bucklespring (there's a Mac build, dunno how do you install there -- or if you even still can install anything not from the App Store)

The author of this program has sampled the sound of every key on a real Model M, so you can install this and pretend you have a keyboard for grown-ups. On the downside, everyone in your building can learn what you type without requiring a VoIP link.

Apple tore down the walls of its own garden a few YEARS ago, when they started allowing full-blown Sideloading of any ol' iOS App the User wanted.

They did? I can just go to an alternate app store and download an app to my phone and run it? I mean, I can do that on my Note 5, nothing else needed! So iOS now allows that, too?

More or less. The "official" way to do so is to use XCode 7 or later. Which means that you will be compiling from Source. Here's a list on github of Open Source iOS Apps. Some (indicated) are also in the App Store, by some are not. By the way, it is also a good way to learn how to code iOS Apps in Swift or ObjC. By the way, you will note that one of the Projects is for VLC, which famously withdrew itself from the iOS App Store.

However, there is also a tool called "Cydia Impactor" for Mac, Linux and Windows. While I don't know much about it, it purports to work to install non-blessed Apps without the need for jailbreaking, nor need for a Mac, nor XCode. It is supposed to be able to Install non-blessed IPA files. Here's an example of installing Moviebox using Impactor.

And now we're past the end of my knowledge on the subject. But it does appear to be as open as say, Linux, at this point, as far as App installation/development goes. No, you still don't have the source to the OS; but you don't have that with any DELIVERED Android version, either.