← Back to context

Comment by hparadiz

1 day ago

I think it's a feasible option I just can't use it for work because here's how that goes:

> "Hey can you remove MDM from this Macbook so I can install Linux?"

No.

> "Hey can I get a linux laptop for a hardware refresh?"

Sure.

Asahi on an M2 Macbook Pro supports almost everything https://asahilinux.org/fedora/#device-support

15 comments

hparadiz

Reply
curt15  18 hours ago

"Hey can you remove MDM from this Macbook so I can install Linux?"

Is there no MDM for Linux clients? How do the big tech companies with Linux developer machines (Google, Facebook, etc) manage their inventory? Do they roll their own MDM?

  • michaelt  9 hours ago

    IT departments can mandate tools like ninjaone and kolide, which let them run queries across the fleet of devices, and (as I understand it) basically gives them root-level remote code execution.

    The corporate VPN (or equivalent) can then perform 'posture checking' requiring that the tools be installed and working before connecting to the corporate network.

    Obviously, 99% of Linux users have root on their device so nothing stops them wiping it and installing something new from scratch. But then they'll fail the posture checks until the device is returned to the approved setup.

    • hparadiz  8 hours ago

      Kolide admin provides a web UI for osquery so you can query things. It allows remote osquery queries but not remote code execution. You generally pair it with CrowdStrike Falcon.

      Kolide does a spot check like "is falcon sensor running" but if the user logs in, has the session token created, and then disables whatever the session token would still be valid.

      Also Kolide doesn't actually count as an MDM. Has a bunch of missing features. I recently evaluated it.

wat10000  1 day ago

Almost everything, and that's already three generations behind.

  • hparadiz  1 day ago

    I don't really need USB-C displays or Thunderbolt for my use case. The touch ID is easily replaced with a Yubikey.

    Everything else just works. What is the problem?

    • Rohansi  1 day ago

      Sounds great for you! What about everyone else?

      Many people prefer to get new devices so that they can be covered by Apple Care. That completely removes Linux as an option because Asahi Linux never supports any of the recent models.

      1 reply →

    • wat10000  1 day ago

      "Buy this computer, it's several generations behind and a bunch of stuff doesn't work" is not a ringing endorsement, even if it does work well enough for you.

      4 replies →