Ok, so I’m setting up this AIS transponder. It works as intended, but I found some poor practices during this exercise. To configure the device, one can use a program running on a telephone or the manufacturer’s web site to generate a config file. This file is sent using some undocumented protocol by the app or copied onto a USB drive and plugged into the transponder. So far, so good (actually, so far, so buggy, but this happens and the vendor quickly made a fix). However...
The way this is done, the entire configuration is stored on the manufacturer's servers. The app does not generate it locally. This includes, because the transponder will act as an NMEA to WiFi bridge, the credentials for accessing the ship LAN. Not ok for random companies to store access credentials.
The config file is obfuscated somewhat. Really, it is just a set of key=value pairs. These are base64 encoded, one per line. One wonders why they bothered to do this; perhaps to make it easier to parse WiFi SSIDs that contain emojis on the ESP32 microcontroller embedded within...
Precisely, it makes parsing files with funny characters (tabs, newlines etc) much easier.
@kravietz Yeah, that's fine, I've written that program before. I just wish they wouldn't copy my credentials to their database without telling me and then send them back to me in email with a copy to the sales guy for good measure... Now I get to change the password on all the things, including the ones that I've forgotten about...