[westurner]

Chromebooks don't even have a Terminal for the kids. Vim's great, but VScode with Jupyter Notebook support would make the computers we bought for them into great offline calculators, too.

VSCode on a Chromebook requires VMs and Containers which require "Developer Tools" and "Powerwash"; or the APK repack of VSCodium that you can't even sideload and manually update sometimes (because it's not on the 15-30% cut, and must use their payment solution, app store with static analysis and code signing at upload).

AFAIU, Chromebooks with Family Link and Chromebooks for Education do not have a Terminal, bash, git, VMs (KVM), Containers (Docker/Podman/LXC/LXD/gvisor), third-party repos with regular security updates, or even Python; which isn't really Linux (and Windows, Mac, and Linux do already at present support such STEM for Education use cases).

From https://news.ycombinator.com/item?id=30168491 :

> Is WebVM a potential solution to "JupyterLite doesn't have a bash/zsh shell"? The current pyodide CPython Jupyter kernel takes like ~25s to start at present, and can load Python packages precompiled to WASM or unmodified Python packages with micropip: https://pyodide.org/en/latest/usage/loading-packages.html#lo...

There's also MambaLite, which is part of the emscripten-forge project; along with BinderLite. https://github.com/emscripten-forge/recipes (Edit: Micropip or Mambalite or picomamba or Zig. : "A 116kb WASM of Blink that lets you run x86_64 Linux binaries in the browser" https://news.ycombinator.com/item?id=34376094 )

It looks like there are now tests for VScode in the default Power washable 'penguin' Debian VM that you get with Chromebook Developer Tools; but still the kids are denied VMs and Containers or local accounts (with kid-safe DoH/DoT at lesat) and so they can't run VScode locally on the Chromebooks that we bought for them.

Why do I need "Developer Tools" access to run VScode and containers on a Chromebook; but not on a Windows, Mac or Linux computer? If containers are good enough for our workloads hosted in the cloud, they should be good enough for local coding and calculating in e.g. Python. https://github.com/quobit/awesome-python-in-education#jupyte...

[swhan]

Good point. Wasn't aware of the Family Link restrictions. Will see what can be done here.

Disclaimer: I work on ChromeOS.

[westurner]

VSCode + containers + the powerwash feature would enable kids to STEM.

Are flatpaks out of the question? Used to be "Gnome and Chrome" on ~Gentoo.

Shouldn't the ChromiumOS host be running SELinux, if the ARC support requires extended filesystem attributes for `ls -alz` and `ps -aufxz` to work?

Chromium and Chrome appear to be running unconfined? AppArmor for Firefox worked years ago?

https://www.google.com/search?q=chromium+selinux ; chrome_selinux ?

It seems foolish to have SELinux in a guest VM but not the host.

[westurner]

Task: "Reprovision" the default VMs and Containers after "Powerwash" `rm -rf`s everything

`adb shell pm list packages` and `adb install` a list of APKs and CRXs.

Here's chromebook_ansible: https://github.com/seangreathouse/chromebook-ansible/blob/ma...

Systemd-homed is portable. Still, "Reprovision" the broken userspace for the user.

Local k8s like microshift that does container-selinux like RH / Fedora, with Gnome and Waydroid would be cool to have for the kids.

Podman-desktop (~Docker Desktop) does k8s now.

K8s defaults to blocking containers that run as root now, and there's no mounting thee --privileged docket socket w/ k8s either. Gitea + DroneCI/ACT/ci_runner w/ rootless containers. Gvisor is considered good enough for shared server workloads.

Repo2docker + caching is probably close to "kid proof" or "reproducible".

VScode has "devcontainer.json". Scipy stacks ( https://jupyter-docker-stacks.readthedocs.io/en/latest/using... ) and Kaggle/docker-python (Google) take how many GB to run locally for users < 13 who we don't afford cloud shells with SSH (Colab with SSH, JupyterHub (TLJH w/ k8s),) for either.

Task: Learn automated testing, bash, git, and python (for Q12 K12CS STEM)

[westurner]

> It seems foolish to have SELinux in a guest VM but not the host.

- [ ] task manager: optionally show SELinux contexts like `ls -alz`

[westurner]

>> *Is WebVM a potential solution to "JupyterLite doesn't have a bash/zsh shell"?"

"ENH: Terminal and Shell: BusyBox, bash/zsh, git; WebVM," https://github.com/jupyterlite/jupyterlite/issues/949

[M1m1c]

I actually use a Web Assembly port of VIM on my school computer.

[westurner]

Nice. TIL about vim.wasm: https://github.com/rhysd/vim.wasm

Jupyter Notebook and Jupyter Lab have a web terminal that's good enough to do SSH and Vim. Mosh Mobile Shell is more resilient to internet connection failure.

Again though, Running everything in application-sandboxed WASM all as the current user is a security regression from the workload isolation features built into VMs and Containers (which Windows, Mac, and Linux computers support in the interests of STEM education and portable component reuse).