An anonymous reader writes: I run a company that develops scientific computing software. Our core product is a traditional proprietary application — we develop the software and deliver the "binaries" to our customers. We're considering changing our deployment to include all of the source code and giving our customers some additional rights to explore and extend it. The codebase is HTML/JavaScript/Python/SQL, so a lot of the code is available in some form already, albeit minified or byte compiled.

Because we are in a scientific domain, most of our customers use Open Source software alongside our product. We also maintain Open Source projects and directly support others. We're strong supporters of Open Source and understand the value of having access to the source code.

We also support a free (as in beer) version of the software with a smaller feature set (production and enterprise elements that individual users don't need are removed). We'd like that version to use the same model as well to give users that don't need the full commercial version the ability to extend the software and submit patches back to us for inclusion in future releases.

Overall, we'd really like to find a model that allows our core product to work more like an Open Source product while maintaining control over the distribution rights. We'd like to foster a community around the product but still generate revenue to fund it. In our space, the "give the product away but pay for support" model has never really worked. The market is too small and, importantly, most customers understand our value proposition and have no problem with our annual license model.

We've looked at traditional dual licensing approaches, but don't think they're really right fit, either. A single license that gives users access to the code but limits the ability to redistribute the code and distribute patches to the "core" is what we'd prefer. My questions for the Slashdot community: Does anyone have direct experience with models like this? Are there existing licenses that we should look at? What companies have succeeded doing this? Who has failed?

dotarray writes with a snippet of news from Australia about expanded taxation for digital goods. From Player Attack comes the gist: Australians really are about to start paying more for digital services — including Steam games — as Federal Treasurer Joe Hockey has confirmed plans to introduce a 'Netflix tax' in this week's Federal Budget. As mentioned last week, this is not a new tax, but an extension of Australia's current Goods and Services Tax to include digital services, adding 10% to virtual items and services purchased online. Details have not yet been revealed, but potential services include not only Steam games but also Netflix subscriptions and even Uber trips.

Presto Vivace writes: The H-1B visa issue rarely surfaces during presidential races, and that's what makes the entrance by Sen. Bernie Sanders (I-Vt.) into the 2016 presidential race so interesting. ... ...Sanders is very skeptical of the H-1B program, and has lambasted tech firms for hiring visa workers at the same time they're cutting staff. He's especially critical of the visa's use in offshore outsourcing.

Trailrunner7 writes with this excerpt: A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week.

The Password Alert extension is designed to warn users when they're about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain a serious threat to consumers despite more than a decade of research and warnings about the way the attacks work.

Just a day after Google released the extension, Paul Moore, a security consultant in the U.K., developed a method for bypassing the extension. The technique involved using Javascript to look on a given page for the warning screen that Password Alert shows users. The method Moore developed then simply blocks the screen, according to a report on Ars Technica. In an email, Moore said it took him about two minutes to develop that bypass, which Google fixed in short order.

However, Moore then began looking more closely at the code for the extension, and Chrome itself, and discovered another way to get around the extension. He said this one likely will be more difficult to repair.

"The second exploit will prove quite difficult (if not near impossible) to resolve, as it leverages a race condition in Chrome which I doubt any single extension can remedy. The extension works by detecting each key press and comparing it against a stored, hashed version. When you've entered the correct password, Password Alert throws a warning advising the user to change their password," Moore said.

An anonymous reader writes: Federal health officials Monday changed the recommended amount of fluoride in drinking water for the first time since 1962, cutting by almost half the maximum amount of fluoride that should be added to drinking supplies. The Department of Health and Human Services recommended 0.7 milligrams of fluoride per liter of water instead of the long-standing range of 0.7 to 1.2 milligrams. The change is recommended because now Americans have access to more sources of fluoride, such as toothpaste and mouth rinses, than they did when fluoridation was first introduced in the United States,' Dr. Boris Lushniak, the deputy surgeon general, told reporters during a conference call.

An anonymous reader writes: Scientists working in the area of pancreatic cancer research have uncovered a technique that sees cancerous cells transform back into normal healthy cells. The method relies in the introduction of a protein called E47, which bonds with particular DNA sequences and reverts the cells back to their original state. The study (abstract) was a collaboration between researchers at the Sanford-Burnham Medical Research Institute, University of California San Diego and Purdue University. The scientists are hopeful that it could help combat the deadly disease in humans.

New submitter grimmjeeper writes: IDG News reports, "A group of Republican lawmakers has introduced a bill that would invalidate the U.S. Federal Communications Commission's recently passed net neutrality rules. The legislation (PDF), introduced by Representative Doug Collins, a Georgia Republican, is called a resolution of disapproval, a move that allows Congress to review new federal regulations from government agencies, using an expedited legislative process."

This move should come as little surprise to anyone. While the main battle in getting net neutrality has been won, the war is far from over. The legislation was only proposed now because the FCC's net neutrality rules were just published in the Federal Register today. In addition to the legislation, a new lawsuit was filed in the U.S. Court of Appeals for the District of Columbia Circuit by USTelecom, a trade group representing ISPs.

An anonymous reader writes: As reported by TechCrunch, the Japenese Chiba District Court issued a preliminary injunction forcing Google to delete two anonymous reviews for a medical clinic. Although negative, neither review violates Google policies. "The decision is based on a defamation suit from the clinic, a key part of which included an affidavit from the doctor who interacted with the anonymous reviewers and denied their claims." And here is the key part: "The court ruled that Google not only removes the content in Japan, but across the entire globe too." Google is currently considering it's options including an appeal.

Toshito writes Desjardins Insurance has launched a smartphone app that tracks driver behaviour in return for the promise of substantial savings on car insurance. Two years ago, Desjardins began offering a telematic device that plugs into a vehicle's diagnostic port, to track acceleration, hard braking and the time of day you were driving, for instance. Now, there's no plug-in device required. With Desjardins's new Ajusto app, all you need is your smartphone. But this comes with great concerns over privacy, and problems have been reported where the device was logging data when the user was riding a bus instead of driving his own car.

msm1267 writes: What's next for TrueCrypt now that a two-phase audit of the code and its cryptography uncovered a few critical vulnerabilities, but no backdoors? Two alternative open source encryption projects forked TrueCrypt once its developers decided to abandon the project in early 2014, giving rise to VeraCrypt and CipherShed — and both are ready to accelerate growth, compatibility and functionality now that the TrueCrypt code has been given a relatively clean bill of health.

ciaran2014 writes With Microsoft proudly declaring its .NET runtime open source, a colleague and I decided to look at the licensing aspects. One part, the MIT licence, is straightforward, but there's also a patent promise. The first two-thirds of the first sentence seems to announce good news about Microsoft not suing people. Then the conditions begin. It seems Microsoft can't yet bring itself to release something as free software without retaining a patent threat to limit how those freedoms can be exercised. Overall, we found 4 Shifty Details About Microsoft's "Open Source" .NET.

An anonymous reader writes A few days ago it appeared that Google began requiring new versions of the Linux kernel for the Chrome/Chromium web browser. To some people, such requirement smelled funny, and it turns out that those people had the right hunch. Google does not intend for there to be a hard requirement on the latest versions of the Linux kernel that expose SECCOMP_FILTER_FLAG_TSYNC, but instead many users are hitting an issue around it. A Chromium developer commented on the related bug: "Updating the title so that people who have been mislead into thinking non-TSYNC kernels were deprecated immediately understand that there is simply 'some unknown bug' hitting some users." Of course, a user having the TSYNC feature in his kernel will still get a security benefit.

An anonymous reader writes: Some Blu-Ray disc interactive features use a Java variant for UIs and applications. Stephen Tomkinson just posted a blog discussing how specially created Blu-Ray discs can be used to hack various players using exploits related to their Java usage. He hacked one Linux-based, network-connected player to get root access through vulnerabilities introduced by the vendor. He did the same thing against Windows Blu-Ray player software. Tomkinson was then able to combine both, along with detection techniques, into a single disc.

mpicpp writes with this excerpt from Fortune: Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October. The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers' credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached. Now, Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers' names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16, the company said.

Mr. Jones writes: My 11-year-old son is fascinated by games — game mechanics in particular. He has been playing everything from Magic to WarFrame since he was 5 years old. He seems mostly interested in creating the lore and associated mechanics of the games (i.e. how a game works). If it was only programming I could help him, but I am lost when it comes to helping him learn more formal ways of developing and defining gameplay. I really see a talent for this in him and I want to support it any way I can. Can you suggest any conferences, programs, books, websites, etc. that would help him learn?