Profile

Cover photo
Cassidy James Blaede
Works at System76
7,441 followers|6,098,393 views
AboutPostsCollectionsPhotosYouTube+1'sReviews

Stream

Cassidy James Blaede

Shared publicly  - 
 
 
There’s common, mistaken assumption that any software bug can be turned into a security exploit.  In fact, most bugs aren’t exploitable and there are many things Android has done to improve those odds. We’ve spent the last 4 years investing heavily in technologies focused on one type of bug -- memory corruption bugs -- and trying to make those bugs more difficult to exploit. 

A list of some of those technologies that have been introduced since since Ice Cream Sandwich (Android 4.0) are listed here: https://source.android.com/devices/tech/security/enhancements/index.html  The most well known of these is called Address Space Layout Randomization (‘ASLR’), which was fully completed in Android 4.1 with support for PIE (Position Independent Executables) and is now on over 85% of Android devices. This technology makes it more difficult for an attacker to guess the location of code, which is required for them to build a successful exploit.  (For the layperson — ASLR makes writing an exploit like trying to get across a foreign city without access to Google Maps, any previous knowledge of the city, any knowledge of local landmarks, or even the local language.  Depending on what city you are in and where you’re trying to go, it might be possible but it’s certainly much more difficult.)  But we didn’t stop with ASLR, we’ve also added NX, FortifySource, Read-Only-Relocations, Stack Canaries, and more.

Like most advanced security technologies, we’re always assessing the effectiveness of these new approaches, and looking for ways to refine them to better protect users. We know that some bugs are simply not exploitable, even without exploit mitigation.  We know these technologies make exploitation more difficult — and that in some instances that they make exploitation impossible.  But the research community today is incentivized to find lots of bugs rather than to test exploit mitigation technologies, so it can be difficult to know if exploitation of bugs is actually possible.

So, to help test these technologies, we designed the Android Security Rewards [ https://g.co/androidsecurityrewards ] program to strongly incentivize researchers to actually prove that an issue is exploitable.  We will pay up to $30,000 for developers that provide working remote exploits against current Nexus devices.  So far we have had a few issues filed as security bugs, but haven’t had anyone submit an exploit in an attempt to be paid via Android Security Rewards.  (Some people warn me that it’s tempting fate to make that statement.  But that’s not true: this is an intentional request for researchers to start testing those defenses. We want to know about when Android’s exploitation mitigation works, and when it doesn’t work. So I hope this will result in an exploit being presented. The sooner we know about it, the sooner Android users will get better protections.)

Of course, if there is any chance that an issue might be exploitable, we’ll quickly provide a patch for the issue to our partners, to our Android devices, and to the public via the Android Open Source Project.

But updates are truly a last resort.  They should be neither the first nor the only step in a multi-layered stack of security technology. I’m optimistic that advanced exploitation mitigation technology in Android will help us to move beyond the period of time when fast patching was the only solution available to secure devices.  And I look forward to more research into how these technologies can be used to prevent exploitation on Android and other platforms.
1
Add a comment...

Cassidy James Blaede

Shared publicly  - 
1
Brian Haney's profile photo
 
I took it, but it felt pretty straight forward. Do you like action? A lot. Do you like customization? A lot.

Your profile: You like action and customization! Well... yeah. I don't know what else I should have expected though.
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
Get some swag. :)
 
Just a reminder that if you've been eying our merch store, Google+ fans get 10% off everything with the code PLUS at checkout.

Shop at elementary.io/store

Note: the store is currently US-only, but there's an open issue to get international orders back up and running. Hold tight!
8
Aditya Saky's profile photo
 
Open up international with adjusted pricing please. :)
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
 
We Could Use Your Help Answering Questions

Our +Stack Exchange site is really taking off! We're up to over 650 visits and 9 questions a day. Unfortunately that means our answer rate has dropped from about 95% down to about 90%.

According to our [Area51 Page](http://area51.stackexchange.com/proposals/82707/elementary-os) we need more users with more rep providing more answers to succeed during beta. We currently only have 32 of 150 users with 200+ rep.

We could use some help answering questions! The StackExchange format is super cool and has produced some really great comprehensive answers to common questions. But ever-curious users are still coming up with really good stuff :)
Q&A for developers and users of elementary OS and applications
2
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
Ever wonder why +elementary develops/distributes a whole OS instead of just making a DE? Check out this Q/A on StackExchange. :)
26
Chris Smart's profile photoCassidy James Blaede's profile photo
2 comments
 
+Chris Smart well, we don't use GNOME Control Center and we are moving away from using any GNOME panes for Switchboard, so hopefully that'll get easier. :)
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
This had me laughing so hard I was crying. Speech recognition (and the approach to it) has come a long way.
17
3
Aleksandar Stefanović's profile photoXmetal's profile photoAnass Eljondy (SilverTrigger)'s profile photoMartyn Lewis's profile photo
5 comments
 
I like how it analyses what the user sees. For example, if I say "press send", it will automatically press the send button, or highlight multiple choices. Neat-o! 
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
4
Add a comment...
In his circles
1,345 people
Have him in circles
7,441 people
Andres Garza's profile photo
T.R SHINE's profile photo
LATOYA RAY (Toya)'s profile photo
hether mowray's profile photo
Zach Pro (xXSTABYOASSXx)'s profile photo
Sergio Berlotto Jr's profile photo
General Skarr's profile photo
Moises C's profile photo
Nwaogbo Peace's profile photo

Communities

5 communities

Cassidy James Blaede

Shared publicly  - 
 
Using Hangouts for texts on Android? Be sure to uncheck this box. There's a security hole in MMS that could be exploited to run code on your phone.

Using another app for SMS? Look for a similar option, or turn off messages from unknown senders.
19
20
Bill Grasser's profile photoGuy Van Sanden's profile photoAbid Ali's profile photoRodney “GeEk” Coleman's profile photo
4 comments
 
However the flaw is in the framework that processes the videos, and is not limited to MMS.
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
I see more and more “Made for +elementary​” apps being featured across the Internet. #FeelsGoodMan
 
There is nothing to compare between Gnome News and Feed Reader, but I want to focus on another thing here. 

When you first run Feed Reader it will place a "start-up" service in your session, so every time you log in, this service is running and updates the news. To use Feed Reader you log-in on 3rd party services, and therefore you can use it together with more applications and devices. Pretty cool, and in general it is a pretty cool and feature rich desktop news application.

As a side note here, Feed Reader developer updated the window controls that previously (when I 1st blogged it) were only properly working on +elementary

Gnome News at least for now doesn't support third party logins, instead you manually add the feeds. Now the part I want to talk about, is that Gnome News uses Tracker to retrieve and to store the feeds.

That actually means that if you reset Tracker database, which personally is something I often do, you will also lose all the feeds you added. 

At least is what happens now, and I'm saying in case you're wondering where the feeds were gone!

#GNOME   #News   #Feed   #RSS  
 
25
2
Daniel Foré's profile photoDavid Kasurak (DragonZlaver42)'s profile photoDaniel van der Valk's profile photoMatt Hartley's profile photo
2 comments
 
but RSS is dead lol ;D
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
+Christian Hergert I'm not sure if you're planning on implementing this (an option to show whitespace only in highlighted text) in Builder, but if so, you could snag > $100 from +elementary. ;)
9
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
 
Loading +The Verge's website:
9.5MB across 263 HTTP requests

Most of it is third party tracking scripts and ads.

You may be thinking "That's why I run AdBlock!". Well, I still believe +The Verge deserves to be paid for the bandwidth, and the writers deserve to be paid for their labor. And selling your visit is how they pay for their free content you enjoy.
The other fair solution, is to just not visit the site. Shit, add their domain to your AdBlock, since you're running it already ;)
TL;DR: Did you know that The Verge delivers you to around 20 companies for advertising & tracking purposes? I didn't. That might foul up your mobile web experience a little bit. Maybe we should try something different.
4
Daniel Foré's profile photoAleksandar Stefanović's profile photo
2 comments
 
+Daniel Foré there's more freaking ads everywhere. Billboards, TV, flyers, radio, newspaper, the Internet, advertisments are everywhere. The whole world needs to find a new business model.
Add a comment...

Cassidy James Blaede

Shared publicly  - 
 
Meh, I have tried using an 8-inch 4:3 tablet and a 9.7" 4:3 tablet. I hated both and immediately yearned for my 7" 16:9 Nexus 7.

Perhaps this is because I use my tablet mostly for reading (in portrait, which is the same size and aspect ratio as a paperback page), or movies (in landscape, which is the standard aspect ratio for video displays).

Perhaps this is also because I have (and LOVE) a small phone. I want my phone to be pocketable and easy to use in one hand, and then if I want a bigger consumption device, I use my Nexus 7 or a laptop.
 
" This past year has seen an exhibition of iPad clones emerging, culminating in Samsung’s perfect pair of Galaxy Tab S2 copycats: they’re the same size as Apple’s iPads, use a similar metal frame, and even have the same 4:3 aspect ratio. This isn’t competition. It’s capitulation."
In the hyper-competitive world of technology, victories are usually fleeting. Asus once led the world with its Eee PC netbook, BlackBerry once held the messaging crown with BBM, and Nokia was once...
4
Brian Haney's profile photoAnthony Kiniyalocts's profile photoMatt Katzenberger's profile photo
3 comments
 
Meh. Too small. My nexus 5 is a 5'' tablet, and it's considered "too small" for a phone compared to most of what comes out today.

I miss the 10 inch, widescreen tablets to be honest. For me the future of tablets isn't ipad shapped, and isn't smaller. It's bigger and more powerful. My next tablet will probably be a Surface. 
Add a comment...
Cassidy James's Collections
People
In his circles
1,345 people
Have him in circles
7,441 people
Andres Garza's profile photo
T.R SHINE's profile photo
LATOYA RAY (Toya)'s profile photo
hether mowray's profile photo
Zach Pro (xXSTABYOASSXx)'s profile photo
Sergio Berlotto Jr's profile photo
General Skarr's profile photo
Moises C's profile photo
Nwaogbo Peace's profile photo
Communities
5 communities
Work
Occupation
UX Designer, Front-End Web Developer
Skills
UX design, documentation, writing, tech support, being a friendly person, HTML5, CSS3, FTP, distributed development (bzr, git, svn), bug reporting/triaging, social media, UI sketching/whiteboarding
Employment
  • System76
    UX Designer, Front-end Web Developer, 2014 - present
    Front-end web development of the System76 website. User experience and interaction design. User testing. Distributed development/version control (git, bzr). Issue tracking and triaging. Catalog management.
  • elementary LLC.
    Co-founder, UX Designer
    User experience design, bug triaging, user testing, bitesize bug fixing in Vala, social media, developer communications, online chat- and email-based user support, high-level decision making, bookkeeping, corporate communications, press releases, developer documentation, end-user documentation
  • Visual Logic Group
    User Experience Intern, 2013 - 2014
    Icon design, front-end web development, print design, whiteboarding, UX design, UI design, user testing.
  • Blaedesign
    Consultant, 2005 - 2014
    Soldering/prepping audio connections; Researching, selecting, installing, and configuring PC A/V hardware and software; Training clients on PC A/V hardware and software; Assisting in the installation of audio and video presentation equipment.
  • University of Northern Iowa ITS Network Services
    Network Engineer Assistant, 2012 - 2013
    Upgrading switch firmware & configuration; Cacti Monitoring Service; Wireless Site Surveys; Configuring Enterasys Switches; Provisioning and configuring wireless APs; Handling RMA procedures; Utilizing NetSight Console for network management; Utilizing RingMaster for AP management; Creating and managing wireless heatmaps with Ekahau; Tracking tasks and progress in a ticketing system.
  • Waukee YMCA
    Day Camp Counselor, 2012 - 2012
    • Assist in preparation and delivery of positive activities. • Assist in the development of an activity schedule. • Perform routine checks on equipment and program area to ensure safety. • Demonstrate and enforce the policies and procedures for the day camp site. • Know all emergency procedures and be able to demonstrate them. • Educate participants on emergency procedures and policies. • Encourage participation in all activities. • Establish positive relationships with program participants and families.
  • LCS
    Technical Support Analyst, 2011 - 2012
    • Provide support to internal staff and external clients via help desk. • Assist staff/clients with password resets. • Assist staff/clients with software installation, configuration, etc. • Write and maintain documentation through Sharepoint. • Communicate technical concepts to facilitate understanding. • Rapidly learn and master varied systems and programs. • Track tasks and progress in a ticketing system.
  • Webspec Design, LLC.
    Web Developer, 2008 - 2011
    • Slice web designs into dynamic HTML/CSS/JavaScript/PHP. • Utilize PHP for low- to medium-complexity backend systems. • Create and work with MySQL databases. • Be familiar with Adobe Photoshop and Illustrator. • Utilize JavaScript and jQuery for enhancing web sites. • Know and love HTML5 and CSS3 for cutting-edge web development. • Use FTP and Linux servers. • Communicate with and train clients in person and over-the-phone. • Write easy-to-understand documentation for clients.
Story
Tagline
User Experience. Open Source. Geek.
Introduction
I'm an open source collaborator, front-end web developer, UX designer, tinkerer, and all-around geek.

Cofounder of and UX designer for elementary.

Things of which I'm a fan:
  • elementary OS
  • Android
  • Open Source
  • Design
  • Typography
  • LEGO
  • Star Wars
  • PlayStation
  • Tesla Motors
  • Minecraft
  • Destiny
Bragging rights
elementary cofounder. Married to a beautiful woman!
Collections Cassidy James is following
Basic Information
Gender
Human
Birthday
February 1
Relationship
Married
Apps with Google+ Sign-in
  • Monument Valley
  • WordKick
  • Tomb Raider I
  • ICE
Cassidy James Blaede's +1's are the things they like, agree with, or want to recommend.
One Ubuntu PC maker is kicking Adobe Flash off its Linux systems
www.pcworld.com

Citing security and irrelevance, System76 stops bundling Flash with Firefox, and recommends that all customers purge the plug-in from their

Sunrise Calendar – Android-alkalmazások a Google Playen
market.android.com

Sunrise is a free calendar made for Google Calendar, Exchange and iCloud! With an amazing design, Sunrise is a new experience that will make

Steven Universe - Movies & TV on Google Play
market.android.com

Check out a special behind the scenes look at Steven Universe.

Firefox para Android - Aplicaciones Android en Google Play
market.android.com

Nosotros hacemos Firefox. Tú hazlo tuyo. Conoce nuestro navegador Android más personalizable hasta la fecha. Rápido, inteligente y seguro, e

Progressive - Android Apps on Google Play
market.android.com

Insurance that's quick and easy to buy and use—anytime, anywhere. That's exactly what you get with the Progressive App.You can use the Progr

Star Wars: The Empire Strikes Back - Movies & TV on Google Play
market.android.com

For the first time ever on digital, discover the conflict between good and evil in the electrifying Star Wars: Episode V - The Empire Strike

Star Wars: Revenge of the Sith - Movies & TV on Google Play
market.android.com

For the first time ever on digital, discover the true power of the dark side in Star Wars: Episode III - Revenge of the Sith. Years after th

Star Wars: The Digital Movie Collection - Movies & TV on Google Play
market.android.com

Experience the heroic action and unforgettable adventures of Star Wars, the most iconic film series ever made – now available for the first

Ringtone Maker & Music Cutter - Android Apps on Google Play
market.android.com

Ringtone Maker & Music Cutter is a free and beatiful application to create ringtones, alarms, and notifications from MP3, WAV,AAC/MP4, 3GPP/

ZCal: Zimbra Calendar Sync
market.android.com

ZCal is a Zimbra calendar sync client for Android. Due to its implementation as sync adapter it integrates seamlessly with the default Calen

Big Hero 6
market.android.com

With all the heart and humor audiences expect from Walt Disney Animation Studios, Big Hero 6 is an action-packed comedy adventure that intro

Telegram
market.android.com

Telegram é um aplicativo de mensagens focado em velocidade e segurança. É super rápido, simples, seguro e gratuito. O Telegram sincroniza au

elementary OS Freya Beta 2 available For Download [Screenshots]
www.webupd8.org

Six months after the first beta, elementary OS Freya beta 2 was released yesterday. Based on Ubuntu ...

Slack
market.android.com

All your team communication in one place, instantly searchable, available wherever you go. That's Slack.* Real time messaging, file sharing,

elementary Freya Beta 2 Released
www.omgubuntu.co.uk

The second beta release of elementary Freya is now available for download, and arrives some six months after the first beta was released to

Elementary Website Goes Open-Source
www.omgubuntu.co.uk

The new version of the elementary website is being built entirely in open-source technologies and will be privacy conscious from the start.

My wife and I moved in a year ago (June 2014) and have mostly loved it. They recently switched management and I think that’s gotten rid of most of the complaints I see in the reviews. The complex is relatively clean and welcoming, the staff is friendly, and the couple of times we needed it, the maintenance was prompt. The location is the selling point, though: right on the light rail and only a 20 min ride from 16th St Mall and downtown.
Public - 2 months ago
reviewed 2 months ago
Public - 9 months ago
reviewed 9 months ago
Public - 11 months ago
reviewed 11 months ago
My wife and I visited around lunchtime in the summer, which meant it was very busy. Overall, though, we loved seeing the otters, touch pools, penguins, and other sea life.
Public - 11 months ago
reviewed 11 months ago
58 reviews
Map
Map
Map
Public - 11 months ago
reviewed 11 months ago
Cute little upstairs coffee house! Their mochas taste great, they have a variety of drinks and pastries, and the view out from the patio is fantastic.
Public - 11 months ago
reviewed 11 months ago