Shut Down a Mac?

[terryzx]

Is it possible to shut down a Mac using the remote?

 

Do you have to be on the same network and could that be done from a different location too?

 

Thanks in Advance!

[Scott Goldman]

On 10/19/2018 at 8:51 AM, terryzx said:

Is it possible to shut down a Mac using the remote?

 

Do you have to be on the same network and could that be done from a different location too?

 

Thanks in Advance!

I'm new to this forum and just saw the post.  I too would like to use the Alfred Remote app to access the controls, well, remotely.  Based on everything that I've read Alfred Remote is limited to controlling a computer that is on the same network as the iOS device on which you've installed the app.  I find this disappointing and am currently using a various combination of iOS shortcuts, SSH and AppleScript to shut down my Mac but find it unreliable.  If the good folks on Alfred's development team but their minds to it I'd bet they could come up with a more consistently reliable solution.  

 

Having a tool that would allow control over the various functions available in the Alfred Remote app outside the network - such as from a cellular network when you're away from your home or office - would be incredibly valuable to me.  The app currently costs about $5, which strikes me as a complete waste.  If it could perform these functions outside the same network as the computer it's controlling is on I'd gladly pay 5X as much (yes, that's a lot but that's how important this ability is to me).  

 

In the meantime I've taken another approach.  I currently use BLEUnlock to automatically lock my Mac when my device of choice (I use my Apple Watch but you can use your iPhone or iPad just as easily) is more than X feet away from the computer.  (There's also a mechanism to use it by RSSI, or signal strength, but I find the proximity measurement to be so useful that I've not had the need to dig further into the settings.)  It's a terrific app - and free - and is as reliable as the sunrise.  It doesn't do everything the Alfred Remote app does but for this one function it's perfect.  

[deanishe]

4 hours ago, Scott Goldman said:

such as from a cellular network when you're away from your home or office

 

Can't you connect to your LAN via VPN and use Alfred Remote that way?

 

I doubt Alfred Remote will ever work from outside your LAN. Setting up your own network to allow incoming connections from the Internet is complex. Having Alfred's Remote server connected directly to the Internet where anyone in the world can poke it with a stick has huge security implications. And the UX would need redesigning to provide some kind of feedback mechanism: currently Remote doesn't tell you much about what's going on because it's assumed you can see/hear the computer you're controlling.

[Scott Goldman]

On 6/1/2021 at 9:05 PM, deanishe said:

 

Can't you connect to your LAN via VPN and use Alfred Remote that way?

 

I doubt Alfred Remote will ever work from outside your LAN. Setting up your own network to allow incoming connections from the Internet is complex. Having Alfred's Remote server connected directly to the Internet where anyone in the world can poke it with a stick has huge security implications. And the UX would need redesigning to provide some kind of feedback mechanism: currently Remote doesn't tell you much about what's going on because it's assumed you can see/hear the computer you're controlling.

Thanks for your reply.  I'm aware of the potential security risks and presumed that Alfred would be able to build this functionality in the same way that Keyboard Maestro has built their "Remote Trigger."  There is certainly a risk, albeit a infinitesimal one, when using KM's Remote Trigger because of the trigger ID that's assigned to it.  The system simply calls a URL, which contains a lengthy/complex ID, that is connected to their version of a remote server.  

 

Alfred's functions offer tremendous powers and the ability to harness them from outside. the network would be helpful.  Those that didn't want to incur the security risks would always have the option of not using the "outside the network" remote functions.

[Mr Pennyworth]

In the meanwhile, https://tailscale.com/ could come in handy. I use it to keep my devices connected, and love it.

[Scott Goldman]

That looks interesting enough to check out.  Thanks for the tip.  👍

[deanishe]

16 hours ago, Scott Goldman said:

There is certainly a risk, albeit a infinitesimal one

 

The risk is not "infinitesimal". You can't even make KM use a real TLS certificate instead of its self-signed one. It's not safe to connect that directly to the Internet without a VPN or a reverse proxy with properly-configured TLS in front of it.

 

KM hasn't solved the issues I raised, it has just left them for you to deal with.

Edited June 4, 2021 by deanishe

[Scott Goldman]

My configuration is safe. I do appreciate your concern. 
 

At the risk of starting an argument or debate, which is not my intention, let me state here that I stand by my comment about the risk being infinitesimal. Everything is relative. While the risk is not 0% it is certainly far lower than an enormous number of other risks and vulnerabilities that users face daily.
 

There is always a continuum between security and convenience.  Neither extreme is practical. This risk, while extant, is at what I deem sufficiently secure and adds a layer of convenience that I - and probably many others - find useful and productive. 
 

Again, your concern is noted and appreciated. Mine is just another view. 

 

[deanishe]

6 hours ago, Scott Goldman said:

what I deem sufficiently secure

 

Alfred has thousands upon thousands of users. You need to consider how what you're suggesting affects them, not just you.

 

What advantage does your proposed solution have over connecting via a VPN, like @Mr Pennyworth and I both suggested? (Which you can do today.)

 

Bottom line is, no feature is going in if it isn't done right. We can spend some of our time on the forum getting your request closer to "clear win for everyone" than "good enough for Scott's purposes", or we can leave it as-is, and you'll have to hope that Andrew does that work instead.

[Scott Goldman]

My preference, given the narrow way you frame it, is, naturally, a clear win for everyone. That said, I wrote that this works for me and that it is one spot on the continuum of of security vs. convenience. YMMV
 

While I respect your knowledge and what is clearly a deep concern for Alfred users and the product, I am merely stating that this is MY point of view.  Neither my perspective nor yours applies to everyone all the time in every scenario. I’m offering an alternative.  

[deanishe]

1 hour ago, Scott Goldman said:

My preference, given the narrow way you frame it, is, naturally, a clear win for everyone.

 

That's more requirement than preference.

 

Let's assume that Andrew has added the remote-from-anywhere feature exactly as you describe it. So now we have thousands of Alfred users with a new webserver running on their machine, serving a TLS certificate every browser on the planet will show a scary warning about. It's still not accessible from the Internet, of course, because they haven't punched a hole through their firewall with port forwarding yet. That done, they still can't access their machine from the Internet because they don't know how to find their router's WAN IP or they don't know how to set up dynamic DNS.

 

The things I've marked in bold are complex topics, and would cause lots and lots of support requests. As long as that is the case, the feature is effectively off the table.

[Scott Goldman]

I believe that I’ve my made my position  clear, as have you. I tried to carry on the discussion civilly and understand that your passion for ultra security and the product may have made it difficult for you to do the same, but you have shown admirable restraint in not allowing this discussion to denigrate. 
 

I suggest we end the volley here understanding that reasonable minds can differ. Have the last word if you wish. I won’t be responding any further. 
 

Thank you again for your initial support about my inquiry.