mmrasheed

Hi, My app generates custom map based on photos in user's device. Although, the app is free to access, the custom map generation takes place in the server, and is a paid service. Users can also upload their photos to the website through the web browser and generate the same map (after payment). The output files are in pdf or kml formats, so they can be opened with or without my app. In this case, am I bound to use Google in-app payment? Or, can I use third party payment processor as well?

Would I get to discuss with a Google app consultant before they would red flag or ban my app for third party payment processor integration?

Being a freelance developer most of my career, I never felt much for the security of the code and machines as whole. I used to keep everything in my MBP until the project was done. Sometimes I used to backup the project files in an external drive. I used to carry the MBP here and there and seldom felt the urge to secure it with full drive encryption. However, as I am transitioning towards specific product development for my startup, I often feel the urgency to secure my development environment from various external or internal issues. Those issues include system failure, spying, physical device theft, targeted robbery, project files theft, etc. Sometime I feel it is paranoia, but other times I feel why not?

How do you guys manage the security of your code and machines? How much emphasis do you put on security for your projects? Do you copy and take your whole project in your laptop to work on go? Or you break down your project into pieces during development? How often do you backup? Do you only think about security after you product is a success? or you plan ahead? Please share your experience.

I'm curious why Microsoft, the unbeaten OS maker in the world, doesn't release its OS in hardware chip (only). The way I see it-

Advantages:

. Flash memories (specially NAND) are dart cheap these days. And if Microsoft decides to go for it, NOR memories won’t remain expensive given the volume of the OS Microsoft sells.

. Microsoft is losing significant amount of money to the hackers and crackers. And OS in chip only solution will force the customers buy the OS.

. OS hack will be significantly more difficult, if not impossible. Custom design of the chip will make hacking infeasible.

. Loading OS from flash to RAM will require significantly less time.

. Unique hardware identity per cheap (Apple’s iPhone 5s+ like) along with crypto engine will make the users and their data more secure.

Possible solutions:

. RAM Slot: OS in a RAM slot comes to my mind first. A RAM stick can have the OS along with RAM chips. Users plug and play the OS. No more hassle to install OS. It will ensure OS license/user.

. Single chip: Single chip containing flash memory, cryptography engine, MCU and RAM for data and OS update/upgrade management will be shipped with the motherboards of the devices. It will ensure OS license/machine.

. BIOS replacement: replacing the decades old BIOS with a full fledge OS chip makes sense in terms of dynamic hardware detection, and security of the system.

What's the catch?

Why is peer to peer ad hoc communication among physically nearby commercially available end user devices still impractical in the 21st century? Why 5+ smart devices sitting on my desk and 20+ smart devices around my house can't communicate, sync or exchange information without going through servers thousands of miles away? What stops companies implementing simple both way fm radio, or ad hoc wlan communication, or mesh of all the smart devices? Even, IoT which once came with the promise to remove this digital divide is now forming on infrastructure centered model. Smart devices now a days mean always-connected-to-the-infrastructure devices. What is the reason behind the huge gap between physically nearby and digitally nearby for today's smart devices?

Possible reasons that come to my mind are-

. Technically not feasible.

. Significantly less value from business perspective.

. Government(s) discourage companies to improve significantly in peer to peer ad hoc technology for security reasons.

Any idea? What's going on?