The intended use of this is "maintaining" internet of things devices.
So it's not really meant to be a secure system, think of it as a botnet CnC and this makes a lot more sense.
It's why the system is supposed to be run on OpenWRT (which most cheap IOT things are based on), it why there's not hostnames, it's why it supports hundreds or thousands of devices.
> The intended use of this is "maintaining" internet of things devices.
> So it's not really meant to be a secure system, think of it as a botnet CnC and this makes a lot more sense.
Is there anything to back this up? While the mtls initialization looks less than ideal and there's downright stupid stuff in the README like credentials in URI parameters, this doesn't look any different than the other web terminal gateways we've seen on HN over the last few weeks.
> which most cheap IOT things are based on
Most cheap IoT devices I'm aware of aren't remotely capable of running OpenWRT, do you happen to have examples for this?