I wouldn't have a career in IT if I hadn't spent many hours at ages 11 to 15 trying to get round my schools network security. My logon was frequently disabled for misuse and I was even suspended for a couple of days once but I learnt more that way than in any class I've ever taken.
I was really lucky that our Computer Teacher/IT guy (this was back in the early 2000s) was really cool and allowed us a bit of leeway to break things. After the first time we got caught (there was three of us) he sat down with us, and essentially gave us some rules of engagement, anything we got around, or defeated we had to write up a short report and turn it into him, explaining what we were able to accomplish, the level of access we were able to get and the steps to reproduce. So we did so, and he actually gave us class credits for it. (Our school system had some "special projects" class credits that could be earned to give students and teachers some leeway on allowing students to learn things that weren't part of the curriculum)
We managed to figure out how to override our typing program to give certificates saying we typed 200wpm at 100% accuracy. By passed the internet filter to access gmail (back in it's early days, we held onto that ability for a while) and a few other things I forget about now. He was one of my favorite teachers.
> he sat down with us, and essentially gave us some rules of engagement, anything we got around, or defeated we had to write up a short report and turn it into him
This is really wholesome. Like that guy. Be like that guy.
Exact same story. I was having way too easy a time in my comp sci class in high school, so I wrote a program that simulated our login screen, saved whatever you typed into the box to a text file in my home dir, gave the "bad username or password" error, and then seamlessly sent you to the real login screen.
After a week, I'd stolen the credentials of everyone in my class and the class after mine. And then, I did... nothing with it, because I was already able to finish the homework in class and had a high grade.
The teacher busted me because I had a file in my home dir called stolen_passwords.txt. But instead of punishing me, he made me help him patch all the security flaws I'd exploited. It inspired my decision to go to college for comp sci. Best high school teacher ever. (a few years later, I had graduated with a comp sci degree. and he was trying to recruit me into selling amway. oh well.)
lol I did exactly this at school too. My first version wrote the passwords to local disk and whenever I logged in anywhere myself my login script would gather them up. Til I realised I could leave myself logged in and write to my home dir.
I love how this same vulnerability was discovered independently and exploited by students all around the world!
I relate to this. As someone currently in high school, messing around with web proxies and code deployment sights, and web-based IDE's trying to run Dwarf Fortress in my school browser has taught me more about computers and networks then just about anything else. It is painfully easy to get around school filters these days. I've never really messed with unenrollment because you do need enrollment to access the testing websites but I've been trying to get into Developer Mode to get linux apps, but the IT guys must have thought ahead on that one.
Chromebooks don't even have a Terminal for the kids. Vim's great, but VScode with Jupyter Notebook support would make the computers we bought for them into great offline calculators, too.
VSCode on a Chromebook requires VMs and Containers which require "Developer Tools" and "Powerwash"; or the APK repack of VSCodium that you can't even sideload and manually update sometimes (because it's not on the 15-30% cut, and must use their payment solution, app store with static analysis and code signing at upload).
AFAIU, Chromebooks with Family Link and Chromebooks for Education do not have a Terminal, bash, git, VMs (KVM), Containers (Docker/Podman/LXC/LXD/gvisor), third-party repos with regular security updates, or even Python; which isn't really Linux (and Windows, Mac, and Linux do already at present support such STEM for Education use cases).
> Is WebVM a potential solution to "JupyterLite doesn't have a bash/zsh shell"? The current pyodide CPython Jupyter kernel takes like ~25s to start at present, and can load Python packages precompiled to WASM or unmodified Python packages with micropip: https://pyodide.org/en/latest/usage/loading-packages.html#lo...
It looks like there are now tests for VScode in the default Power washable 'penguin' Debian VM that you get with Chromebook Developer Tools; but still the kids are denied VMs and Containers or local accounts (with kid-safe DoH/DoT at lesat) and so they can't run VScode locally on the Chromebooks that we bought for them.
Why do I need "Developer Tools" access to run VScode and containers on a Chromebook; but not on a Windows, Mac or Linux computer? If containers are good enough for our workloads hosted in the cloud, they should be good enough for local coding and calculating in e.g. Python. https://github.com/quobit/awesome-python-in-education#jupyte...
Systemd-homed is portable.
Still, "Reprovision" the broken userspace for the user.
Local k8s like microshift that does container-selinux like RH / Fedora, with Gnome and Waydroid would be cool to have for the kids.
Podman-desktop (~Docker Desktop) does k8s now.
K8s defaults to blocking containers that run as root now, and there's no mounting thee --privileged docket socket w/ k8s either. Gitea + DroneCI/ACT/ci_runner w/ rootless containers. Gvisor is considered good enough for shared server workloads.
Repo2docker + caching is probably close to "kid proof" or "reproducible".
VScode has "devcontainer.json".
Scipy stacks ( https://jupyter-docker-stacks.readthedocs.io/en/latest/using... ) and Kaggle/docker-python (Google) take how many GB to run locally for users < 13 who we don't afford cloud shells with SSH (Colab with SSH, JupyterHub (TLJH w/ k8s),) for either.
Jupyter Notebook and Jupyter Lab have a web terminal that's good enough to do SSH and Vim. Mosh Mobile Shell is more resilient to internet connection failure.
Again though,
Running everything in application-sandboxed WASM all as the current user is a security regression from the workload isolation features built into VMs and Containers (which Windows, Mac, and Linux computers support in the interests of STEM education and portable component reuse).
Dad did a PhD in something with a lot of math and so we had a computer even when I was a kid. Got exposed at a young age.
Eventually I figured out how to use the dial up to see naked pictures. Old man changed the dial-up password, wouldn't let us use the computer.
Occasionally, when he was around he'd let me online for legit school stuff. I'd heard of keyloggers -- featured prominently in stories about catching cheating lovers -- so while allowed on for legitimate reasons I got on Altavista and was successful in downloading and installing one. Couple days later I had an opportunity to kick off the program while no one was around. It worked -- got the password.
Ended up in military signals and then cyber. Now a fatass IT guy working remotely. Adversarial relationships spark learning, it seems, be it parents, school, war, etc.
Although I was already well into programming by then, my final "huh if I enjoy this so much I might as well pursue it as a career" push came from a similar incident, except it was about getting access to the faster wifi for the teachers in exchange for showing my calculus teacher how to bypass the website blocking.
I had the 'benefit' of a poorer school district with basically no IT. The extent of blocks on our computer labs was an application running at startup. Being Windows 98, I just booted into DOS and renamed the executable.
Teacher didn't care if we bypassed it, as long as we put it back before class was over.
