I can reliably reproduce the issue by asking the MDM to list updates on the client. That puts the device in a bad state until the next reboot.
But even without the MDM taking action, the client can enter this state as long as it's enrolled in the MDM. My guess is there a background download/check that happens at an unspecified interval.
Yes, I'm sure. MDM does have a feature to defer updates (which is a mess on its own) but that's not what is happening here. The MDM can see the update, but attempting to install it fails. The logs clearly indicate that the client tries and fails the download.
Fleetsmith has always been one of the only two commercial products I've endorsed for Mac management. They do great work and have the right vision.
I work a lot in this space on https://micromdm.io/ an open source service, and have industry experience doing device management at various organizations.
According to Wikipedia, SimpleMDM doesn't provide "Device Lockdown" and "Expense Management", whereas there are some vendors provide all (all green in a row). [1]
Also as far as I know, SimpleMDM pricing[2] is not the cheapest in the market either, their feature set is similar to Mosyle's, but Mosyle's cheaper.[3]
Picking products based on feature checklists is how people end up buying horrible enterprise software, and then spend enormous resources trying to make it work. Doing everything implies not doing anything well.
SimpleMDM doesn't try to do everything, as the name implies, but instead they focus on doing what they do extremely well.
If you been in an enterprise RFP process, you will understand "Picking products based on feature checklists" is commonly being done to compare software products because if you don't provide the feature that your competitors provide, you are pretty much out of the competition.
My experience has been that my MBP gets hot if I try to share a specific window. Switching from a window as a source, to a full screen source has improved OBS performance quite a bit.
Tangentially related, I've seen that behaviour with Google Meet as well. Sharing a specific tab takes a much bigger performance hit than sharing the whole screen.
Tab sharing has code deep into the Blink rendering engine... To the extent that it's actually possible to share a specific <div> or other HTML element, even if it isn't visible! (Not sure if you can do that from javascript, but you can totally do it from C++)
The side effects seems to be that a bunch of the code that prevents the same thing being re-rendered with every frame if it hasn't changed gets bypassed, and I'd bet that kills performance.
Knowing what the Fullstory product is I'm a bit un-interested in what they're doing with cool new technologies.
This is a bit like reading how palantir is using Kubernetes.
> When a device goes missing and can’t connect to Wi-Fi or cellular—for example, a MacBook left on a park bench—it begins periodically broadcasting the derived public key Pi for a limited period of time in a Bluetooth payload. By using P-224, the public key representation can fit into a single Bluetooth payload.
This is clever, and the reason Apple chose P-224 specifically.
Facebook has since transfered the project to the Linux Foundation, and the group behind osql is largely the same group of maintainers on the current osquery.
But even without the MDM taking action, the client can enter this state as long as it's enrolled in the MDM. My guess is there a background download/check that happens at an unspecified interval.