Seems the site is struggling - archive cache:<p><a href="https://web.archive.org/web/20230130125805/https://sh1mmer.me/" rel="nofollow">https://web.archive.org/web/20230130125805/https://sh1mmer.m...</a><p>Github:<p><a href="https://github.com/CoolElectronics/sh1mmer">https://github.com/CoolElectronics/sh1mmer</a>
I wouldn't have a career in IT if I hadn't spent many hours at ages 11 to 15 trying to get round my schools network security. My logon was frequently disabled for misuse and I was even suspended for a couple of days once but I learnt more that way than in any class I've ever taken.
I thought this was fairly doable for some time. Surprised it hasn't been an issue before.<p>I used to do tech support for a school district with some ~5000 Chromebooks in circulation and we did all of our repairs in house. This meant I spent the first few weeks of COVID bringing home boxes of damaged devices and spare parts and getting them back into working order. Occasionally I would have to do a board swap for a bad power jack or something which meant you would have to overwrite the serial number on the new board to match the old one so that it would join Google admin as one of our devices. If I remember right the process would have worked the other way around too, to change the serial number to one we didn't control.
This is hilarious, and quite impressive given the presumed age of the kids that'd be interested in doing this. I'm sure some K-12 tech staff are stressing over the exploit right now.
The silliest thing about it is probably this. Google seemed to have just kind of forgotten to add code that would verify the rootfs on shims, even though they had everything they needed to do it already set up.<p><a href="https://chromium-review.googlesource.com/c/chromiumos/platform/initramfs/+/4180190/3/factory_shim/bootstrap.sh" rel="nofollow">https://chromium-review.googlesource.com/c/chromiumos/platfo...</a>
I stand with everyone on Hacker News in admiration for young’uns sticking it to the man and learning about command-line secret power.<p>_However_, I’m a little more ambivalent knowing that most of them do that to look at naked ladies, presumably. Maybe create pictures of naked ladies (again: very impressed by Generative AI, with the caveat that it’s widely used for pr0n)<p>That doesn’t feel ideal for the emotional maturation of middle-schooler. In my time ::shakes fists at cloud::, hacking the school network meant you risk exposing yourself to people with strong opinions about plot points in Buffy The Vampire Slayer. Nowadays, it also means risking ending on a psyops from Russian secret service, whatever Andrew Tate is (and please, don’t tell me: that’s one shred of innocence I want to keep) or, inexplicable, worse. I remember ridiculing music producers who were saying that if you didn’t pay for CDs, you would end up empowering “pedonazis”. That felt ridiculous at the time. It feels less so now, both not paying for music and enabling actual pedophiles and actual nazis by sticking blindly to open-web principles.<p>I am very happy that the kids stick it to the man. I feel like we grey manes need to put our heads together and think about how we talk to them about emotional maturation, bad people, and safely exploring. It will sound ridiculous coming from the generation that cared about Facebook, but I feel like we can’t just stand in the bleachers and clap every time the JV red team scores a point.