Regardless of the poor security guarentees and or personal disinterest in such a service. I don't think services which offer continuous services should ever have a "lifetime" price. With a lifetime subscription the incentive of the company is to offer poor service, or to stop alltogether when revenue from growth is no longer outpacing operating costs. I'd much prefer it if the $29/lifetime would just be $29 / 4 years instead, it would make me much more secure in onboarding onto your proprietary service as I would feel more secure about it's future existence.
For company stuff I love subscriptions, I don’t have to ask bean counters for money each time there is a new version, they just approve monthly payments and we are done.
Looking at their website it seems they're trying to target a slightly less tech savvy audience which are interested in checking on agents while away. Someone willing to blow cash on overpriced AI subscriptions, I could see justifying blowing money on this.
yeah Tailscale + mosh is the obvious answer for most people. but WebRTC has one specific win: corporate networks that block all VPN/UDP traffic. mosh needs UDP, Tailscale needs its relay port at minimum. WebRTC's TURN fallback is pure HTTPS port 443 -- you literally can't block it without breaking the web. so if your target user is 'I need to SSH into my Mac from a locked-down enterprise wifi', WebRTC is actually the right call.
> "pure HTTPS port 443 -- you literally can't block it without breaking the web."
Sure you can, you do Man In The Middle certificate inspection and then filter it aggressively like it was HTTP; that's the product companies like ZScaler offer, and basically any business/enterprise firewall device - internet filtering to protect your company and prevent or detect data exfiltration and malicious activity. Or perhaps you could say that does 'break the web' but companies do it anyway and pay a lot of money so they can do it. (ZScaler is a $23Bn market cap company).
Honestly, at that point I'd just run SSH over WebSockets with websocat. WebRTC only adds extra complexity. Tailscale DERP relay servers also run over port 80/443 anyway.
I had a play with it using mitmproxy and one thing is for sure, it doesn't implement certificate pinning. It happily connected to my self-signed certificate. When you set a master password for access to your Mac it's sent to their server (a Cloudflare Worker) as plaintext (albeit over TLS) rather than using it as input to a key derivation function. That makes me think it's probably stored server-side with little to no security. All in all, there ain't a bargepole long enough for me to touch this with.
Shell In A Box has been a thing for like two decades now, and gives you a simple web-based interface ssh interface you can use from any device. https://github.com/shellinabox/shellinabox
In no serious case have I ever considered connecting to my PC terminal using phone. Connecting from PC to phone makes sense, but when talking the opposite situation, phones simply are terrible at doing things from terminal. Keyboard takes roughly 40% of the screen, and displaying wide lines is awkward. Forget about TUI applications, Midnight Commander and such. Other than toying around and extreme emergencies, why?
Phone to PC VNC is my only way to start/stop a YouTube live stream remotely. I don't mean using the phone's webcam, rather there's a camera always sitting elsewhere. YouTube's app and mobile site are both missing that button. I would love to not need to do this.
I use ssh from my phone to my computer to run yt-dlp on YouTube videos that I want to save.
And I regularly ssh into my servers from my phone to run some small routine tasks.
Both these kinds of tasks involve extremely minimal amounts of typing, and little to no reading of output. So the small keyboard of the phone is not annoying, and neither is having a small screen.
IMO terminals are still the fastest way to do a lot of things on a phone, but it's a much better experience on Androids with keyboards for the purpose.
And even on an iPhone, it's just fine. Python works really well as a shell for quick calculations, and you can use a script with the -i flag to make it more accessible.
The keyboard is the biggest problem. I actually did a lot of terminal management from my old Blackberry, and later the Samsung Moment (early Android phone with a slide-out physical keyboard).
Yeah. I wonder why HN has become lax about enforcing the original title rule? I can understand editing the title to meet the character limit or remove hyperbole or make it less click-baity. But some changes really don't make sense - a recent HN Post ( https://news.ycombinator.com/item?id=47111039 ) was titled "The AI apocalypse for enshitification has started", where as the original title is "Large US company came after me for releasing a free open source self-hostable alternative!" - I am sure the original title would have got it more attention here.
I’m not sure I get why this is better. Something like Tailscale makes it trivial to connect to your own machines and is likely more secure than this will be. Tailscale even has a free plan these days. Combine that with something like this that was shared on HN a few days ago: https://replay.software/updates/introducing-echo
Then you’re all in for like $3. What about webRTC makes this better?
If you're using tmux, you can try my plugin https://github.com/bjesus/muxile . It sends your tmux session to your phone, with quick QR code scanning and WebSockets.
I wanted a way to access my mac terminal from my iphone without setting up any vpn or weird router rules and then buying a separate ssh app in app store. So I built macky.dev as a fun side project.
When the mac app is running it makes an outbound connection to my signaling server and registers itself under the account. iPhone also connects to this same signaling server to request a connection to this mac. Once both the host and remote are verified it establishes a direct p2p webrtc connection.
Regardless of the poor security guarentees and or personal disinterest in such a service. I don't think services which offer continuous services should ever have a "lifetime" price. With a lifetime subscription the incentive of the company is to offer poor service, or to stop alltogether when revenue from growth is no longer outpacing operating costs. I'd much prefer it if the $29/lifetime would just be $29 / 4 years instead, it would make me much more secure in onboarding onto your proprietary service as I would feel more secure about it's future existence.
sure, but I fucking hate subscriptions.
If you want to sell software, fine, but I want to buy it then.
Release a v2? Sure, I’ll probably buy again.
I have bought 4 versions of littlesnitch and 3 versions of prompt (5 if you count the macos versions too).
But if I see another subscription I’m just clicking off.
For personal stuff yeah I hate subscriptions.
For company stuff I love subscriptions, I don’t have to ask bean counters for money each time there is a new version, they just approve monthly payments and we are done.
The pricing is extremely steep for a tech-savvy audience that could just set up Tailscale or MOSH.
Looking at their website it seems they're trying to target a slightly less tech savvy audience which are interested in checking on agents while away. Someone willing to blow cash on overpriced AI subscriptions, I could see justifying blowing money on this.
Here is an implementation you might like
https://github.com/artpar/terminal-tunnel
P2P with webrtc (pion ftw) with e2ee
client side is webui so you can use on any device
ps: the default Cloudflare Worker from my account is already maxed out so you will need your own exchange (self host on your account)
yeah Tailscale + mosh is the obvious answer for most people. but WebRTC has one specific win: corporate networks that block all VPN/UDP traffic. mosh needs UDP, Tailscale needs its relay port at minimum. WebRTC's TURN fallback is pure HTTPS port 443 -- you literally can't block it without breaking the web. so if your target user is 'I need to SSH into my Mac from a locked-down enterprise wifi', WebRTC is actually the right call.
> "pure HTTPS port 443 -- you literally can't block it without breaking the web."
Sure you can, you do Man In The Middle certificate inspection and then filter it aggressively like it was HTTP; that's the product companies like ZScaler offer, and basically any business/enterprise firewall device - internet filtering to protect your company and prevent or detect data exfiltration and malicious activity. Or perhaps you could say that does 'break the web' but companies do it anyway and pay a lot of money so they can do it. (ZScaler is a $23Bn market cap company).
Honestly, at that point I'd just run SSH over WebSockets with websocat. WebRTC only adds extra complexity. Tailscale DERP relay servers also run over port 80/443 anyway.
In the company where my father works some HTTPS services are blocked too…
Reticulum shell is also an option, and would also work over LoRa
https://pypi.org/project/rnsh/
Especially for a tool that only work on macOS and iPhone, and only serves one purpose.
Pretty much every developer out there has some kind of tooling that does this already, that also does more.
This is a cool little project, but I cannot imagine paying for it.
I had a play with it using mitmproxy and one thing is for sure, it doesn't implement certificate pinning. It happily connected to my self-signed certificate. When you set a master password for access to your Mac it's sent to their server (a Cloudflare Worker) as plaintext (albeit over TLS) rather than using it as input to a key derivation function. That makes me think it's probably stored server-side with little to no security. All in all, there ain't a bargepole long enough for me to touch this with.
Shell In A Box has been a thing for like two decades now, and gives you a simple web-based interface ssh interface you can use from any device. https://github.com/shellinabox/shellinabox
What is with all the insanely insecure projects and services making it to the FP today? Nobody should be using this.
It is not at all safe and should absolutely not be on the FP.
Pfft, security is so last year. We're all about the vibes now. Get on the AI train or be left behind, dinosaur.
/s
I use https://github.com/tiann/hapi self hosted with Tailscale, took seconds to setup, it's free, and it has more features.
In no serious case have I ever considered connecting to my PC terminal using phone. Connecting from PC to phone makes sense, but when talking the opposite situation, phones simply are terrible at doing things from terminal. Keyboard takes roughly 40% of the screen, and displaying wide lines is awkward. Forget about TUI applications, Midnight Commander and such. Other than toying around and extreme emergencies, why?
Phone to PC VNC is my only way to start/stop a YouTube live stream remotely. I don't mean using the phone's webcam, rather there's a camera always sitting elsewhere. YouTube's app and mobile site are both missing that button. I would love to not need to do this.
I use ssh from my phone to my computer to run yt-dlp on YouTube videos that I want to save.
And I regularly ssh into my servers from my phone to run some small routine tasks.
Both these kinds of tasks involve extremely minimal amounts of typing, and little to no reading of output. So the small keyboard of the phone is not annoying, and neither is having a small screen.
Do you have an Android or an iPhone?
IMO terminals are still the fastest way to do a lot of things on a phone, but it's a much better experience on Androids with keyboards for the purpose.
And even on an iPhone, it's just fine. Python works really well as a shell for quick calculations, and you can use a script with the -i flag to make it more accessible.
It's better to have it and not need it than need it and not have it (emergencies come to mind, as you've noted).
Conveniently running Claude Code while sitting on the toilet?
Hello, hemorrhoids!
The keyboard is the biggest problem. I actually did a lot of terminal management from my old Blackberry, and later the Samsung Moment (early Android phone with a slide-out physical keyboard).
Just use iSH and use the local terminal on the iPhone from which you can connect to the Mac terminal. Works well over tailscale, too.
How do I know iSH app isn’t exfiltrating data?
Previously:
https://news.ycombinator.com/item?id=47122939 (yesterday, 3 points, 4 comments)
https://news.ycombinator.com/item?id=47103613 (Sunday, 1 point, 0 comments)
Lol i thought no one would look at my project so just closed and went to watch some Kill Tony and I come back and like wtf, people are debating!
You are connecting to the Mac shell, not the Mac terminal. The remote app running on the iPhone is the terminal.
Why stop at just one terminal? (shameless plug for https://github.com/rcarmo/webterm, which works pretty well on mobile)
Or... use something like https://shellbox.dev
Title: Connect to Mac Terminal from iPhone
Yeah. I wonder why HN has become lax about enforcing the original title rule? I can understand editing the title to meet the character limit or remove hyperbole or make it less click-baity. But some changes really don't make sense - a recent HN Post ( https://news.ycombinator.com/item?id=47111039 ) was titled "The AI apocalypse for enshitification has started", where as the original title is "Large US company came after me for releasing a free open source self-hostable alternative!" - I am sure the original title would have got it more attention here.
What guarantee is there that the connection is not being MitM? Closed source app from an unknown developer versus OpenSSH is a no-brainer to me.
I’m not sure I get why this is better. Something like Tailscale makes it trivial to connect to your own machines and is likely more secure than this will be. Tailscale even has a free plan these days. Combine that with something like this that was shared on HN a few days ago: https://replay.software/updates/introducing-echo
Then you’re all in for like $3. What about webRTC makes this better?
If you're using tmux, you can try my plugin https://github.com/bjesus/muxile . It sends your tmux session to your phone, with quick QR code scanning and WebSockets.
How do you do data transfer with only blind signaling when either user is behind a NAT?
Or … just run clawdbot.
Just kidding
For connecting two devices I already pay for a service allowing that, it's called ISP (Internet Service Provider).
No, use wireguard or ssh or both.
Its a very handsome website.
I wanted a way to access my mac terminal from my iphone without setting up any vpn or weird router rules and then buying a separate ssh app in app store. So I built macky.dev as a fun side project.
When the mac app is running it makes an outbound connection to my signaling server and registers itself under the account. iPhone also connects to this same signaling server to request a connection to this mac. Once both the host and remote are verified it establishes a direct p2p webrtc connection.
What portion of the security-critical code is written by a human? A shell is literally keys to the kingdom in every regard.