upvote

points

by hparadiz23 hours ago |
comments
upvoteby curt1517 hours ago|
next
[-]
"Hey can you remove MDM from this Macbook so I can install Linux?"

Is there no MDM for Linux clients? How do the big tech companies with Linux developer machines (Google, Facebook, etc) manage their inventory? Do they roll their own MDM?

reply
upvoteby michaelt8 hours ago|
parent|
[-]
IT departments can mandate tools like ninjaone and kolide, which let them run queries across the fleet of devices, and (as I understand it) basically gives them root-level remote code execution.

The corporate VPN (or equivalent) can then perform 'posture checking' requiring that the tools be installed and working before connecting to the corporate network.

Obviously, 99% of Linux users have root on their device so nothing stops them wiping it and installing something new from scratch. But then they'll fail the posture checks until the device is returned to the approved setup.

reply
upvoteby hparadiz7 hours ago|
parent|
[-]
Kolide admin provides a web UI for osquery so you can query things. It allows remote osquery queries but not remote code execution. You generally pair it with CrowdStrike Falcon.

Kolide does a spot check like "is falcon sensor running" but if the user logs in, has the session token created, and then disables whatever the session token would still be valid.

Also Kolide doesn't actually count as an MDM. Has a bunch of missing features. I recently evaluated it.

reply
upvoteby wat1000023 hours ago|
prev|
[-]
Almost everything, and that's already three generations behind.
reply
upvoteby hparadiz23 hours ago|
parent|
[-]
I don't really need USB-C displays or Thunderbolt for my use case. The touch ID is easily replaced with a Yubikey.

Everything else just works. What is the problem?

reply
upvoteby Rohansi22 hours ago|
parent|
next
[-]
Sounds great for you! What about everyone else?

Many people prefer to get new devices so that they can be covered by Apple Care. That completely removes Linux as an option because Asahi Linux never supports any of the recent models.

reply
upvoteby MarsIronPI21 hours ago|
parent|
[-]
Many people don't care about Linux support in the first place. Generally these two groups are overlapping.
reply
upvoteby wat1000022 hours ago|
parent|
prev|
next
[-]
"Buy this computer, it's several generations behind and a bunch of stuff doesn't work" is not a ringing endorsement, even if it does work well enough for you.
reply
upvoteby hparadiz22 hours ago|
parent|
[-]
I still do all my work on an M1 MBP ¯\_(ツ)_/¯
reply
upvoteby Modified301921 hours ago|
parent|
next
[-]
That’s wonderful for you and apple.
reply
upvoteby Melonai20 hours ago|
parent|
[-]
What does Apple gain from this scenario?

Just to add, I also do my work from an M1 MacBook that I crammed Asahi onto. I got it used for a few hundred dollars last year and it's a perfectly fine experience (for me).

reply
upvoteby luipugs15 hours ago|
parent|
prev|
[-]
Same. If not for the required hardware refresh in our company I would have used it until it broke.
reply
upvoteby GeekyBear22 hours ago|
parent|
prev|
[-]
USB display support was demoed at a conference at the end of last year.
reply
upvoteby Shank22 hours ago|
parent|
[-]
We’re already almost halfway through this year. A demo half a year ago isn’t shipped. This is like when Apple demos something at WWDC that doesn’t ship until 9 months later in spring the following year.
reply