Published on 2024-10-19
I went to highschool in the mid 2010s. At that time it was very fashionable for schools to issue laptops to students, hoping these would enhance their learning somehow. My school, however, did not issue fully-fledged laptops, but chromebooks, basically an underpowered piece of plastic running a stripped-down OS, created by google.
As the name implies, it was associated with the browser, which was actually the only piece of software you could run on a chromebook. The idea was that, everything you need is accessible through the chrome browser.
Of course, since they were the school's property, they were locked down, and you had to log in using your school-issued account.
You might think that severely limited their functionality as a machine in its own right, complete with a processor, RAM, local (flash) storage, and the ability to run linux software. That is true, but I, along with a couple other people, found ways around the restrictions.
For one, they allowed you to install whatever extensions you wanted for a time. So we created our own extensions, and this naturally increased the number of things that were available.
It was impossible to use the devices without logging into the school account, which even came with content filters of what you can and can't search online, as well as against certain websites. Of course this was for our "safety", but even some relatively harmless words like "dice" were blocked, and searching them would throw up this huge, conspicuous red screen with a WARNING triangle in the middle.
Well, we found away around that, by creating an extension that was basically its own browser. That's all it did. It was just a viewport connected to a URL bar, but since it wasn't strictly speaking chrome, it didn't have to be logged into in order to use, so you could search anything you wanted.
Eventually, the school authorities caught on, and third-party extensions were blocked wholesale. I seem to remember getting them to work at a later point in time, but all of this was, at any rate, almost ten years ago, so I don't remember much of the details.
Actually, those chromebooks came with a little bit more than just a web browser installed. There was also this, extremely handy thing called an SSH client.
Now back then, I owned a very cheap Chinese raspberry pi knock-off brand called, an orange pi. I wired the thing up to the router in my basement, and attached an external 1TB hard drive using the USB port. And just like that, I had a little server.
I installed linux on it, and of course, a SSH server, and just like that, I could access it from anywhere, most alarmingly, from school using the chromebook's built in SSH client. This really opened the door to what I could do with the chromebooks, which were otherwise quite useless things.
If I wanted to store files, I could upload them to the little server. Through HTTP I could host webpages and run little web applications, on top of all the other things you can do with a linux instance that isn't locked down. There was a basic message board, and even a working MUD (multi-user dungeon). I remember killing hours playing around with that.
With this 'proxy'-like machine running in my basement, which I could tap into even in the middle of class, I even managed to overcome a few of the tougher content blocks instituted by the school's IT department.
For example, if you were logged into a school account, nearly every video on YouTube was blocked. Basically, unless it was specifically approved for "educational purposes", you couldn't watch it. But with my 'proxy', this was no longer a problem.
I created a really simple PHP script. You would enter the URL of the blocked video, and it would download the video (using ytdl) directly to the proxy machine, and then you could just stream it over HTTP in the web browser.
I used this all the time, and it became so convenient, I even began using the chromebook outside of school to watch videos and so on. It was quite a stroke of genius, when I think back on it now.
For a while I even let my friends use this godsent feature, and my little server became known among a small coterie of freedom-loving, high-minded high schoolers.
But as with just about everything of value, once you throw open the doors, it doesn't take long for the thieves to show up. As is often said, the few ruin it for the many.
Yes, that PHP script was very simple, and I was far too lazy to learn how to implement some basic features to prevent abuse. It didn't take long till my hard drive was full of countless identical 20-hour-long videos someone had "asked" the server to download just for the hell of it.
I never again allowed others to use my little server.
Return