NVX wrote:
fireboy wrote:
- A valid, signed certificate in this day of really cheap certs seems so little to me to ask for and I'm surprised there isn't one out of the box. Yes, even my crap TP-Link has a signed HTTPS website certificate.
Just on these two points, the way that most home routers seem to be using a valid https certificate is by using some generic hostname like gateway.manufacturer.com which in turn resolves to the IP of the router (often the DNS server on the router will spoof this address so it resolves correctly even if the routers IP has been changed from default), then embed the same public/private ssl keys into the router firmware for the gateway.manufacturer.com hostname.
While it does achieve the green tick, you're actually no better protected from being MITM'd than with a self signed certificate, and arguably slightly worse off if you're using say Firefox which lets you remember a specific certificate for a specific host, because at least the self signed certificate and associated key would be different.
I'm not worried about it so much from a security perspective (though that's a nice idea). It's more an annoyance that without setting up rules in every web browser I use on every computer I have in the house, that I constantly get nag screens from Firefox, Chrome and Edge that the site is not secure. Some let you push on anyhow (Edge), others require you to go and add the site to some local trust store that's not share across computers. I make it work, but it's annoying as hell, and frankly unecessary in my opinion. 
NVX wrote:I'm not sure if it's in the GUI, but NTP is pre-configured and defaults to using 0/1/2/3.ubnt.pool.ntp.org out of the box. Timezones also should work properly (although out of the box the default is UTC), configurable on the system tab. This uses Linux timezone information so should apply DST/etc automagically already (note you're specifying Country/City timezone, not a manual offset from UTC). Has this not worked for you?
All your other comments seem pretty on point and are definite no-brainers IMHO.
If I can't see it, I don't know and I can't trust it to know. It should be on the GUI somewhere, even if it's just in a static informational box. Some people may want to use a different time resolver due to network conditions, access, etc.
On your question about DST, I only installed the router in the last couple weeks, so haven't gone over a DST change yet, but there is nothing in the GUI to tell me that DST is enabled or that the router will use it or adjust the time in anyway. I agree if it's using the underlying Linux time system functions, then it SHOULD, but again, no easy way to know this from the data that's shown (and I can go dig around in the CLI and config, but should I have to?)