Slashdot Mirror

Many sites are reporting Swift as having "none of the baggage of C."

However, they also report that "Swift code can still be mixed with standard C and Objective C code in the same project."

Seems to me that if you can call C routines, C can happily malloc() and free() the heap and leave stale pointers into freed heap. Likewise, C can happily point into the stack and leave pointers into stale stack frames, and point past the end of arrays, etc.. I don't think they can get rid of the "baggage of C" withoud building all kinds of performance killiing safety checks into the C code. If I'm wrong about this, please don't hesitate to let me know!

Many sites are reporting Swift as having "none of the baggage of C."

However, they also report Swift code can still be mixed with standard C and Objective C code in the same project."

If you can call C routines, C can happily malloc() and free() the heap and leave stale pointers into freed heap. Likewise, C can happily point into the stack and leave pointers into stale stack frames, and point past the end of arrays, etc.. I don't think they can get rid of the "baggage of C" withoud building all kinds of performance killiing safety checks into the C code. If I'm wrong about this, please don't hesitate to let me know!

They have already duplicated every Google App, except Maps (no data) and of course search. ArsTechnica

Samsung is the only profitable Android phone maker. Business Insider

If they find a way to get good mapping data, they can drop Google. The real money is in ads (google is an ad company, over 90% of revenue), and Samsung would love to keep it.

I'm surprised there hasn't been a Kickstarter setup to re-implement TrueCrypt from the ground up. What would be the dollar cost to hire a team of developers to do it?

We know the cost of the audit:

Since September 2013, a handful of cryptographers have been discussing new problems and alternatives to the popular security application. By February 2014, the Open Crypto Audit Project---a new organization based in North Carolina that seeks formal 501(c)3 non-profit status---raised around $80,000 toward this goal on various online fundraising sites.

TrueCrypt audit finds ''no evidence of backdoorsâ or malicious code.''

It's reasonable to assume that any attempt to resurrect TrueCrypt would fail without an independent audit on the same scale.

We don't know the size of the TrueCrypt team or the man-hours invested in its development, but we do know it took ten calendar years to take TrueCrypt to version 7.1,

Comcast is in the wrong posision, here:
http://arstechnica.com/tech-po...

I can't comprehend the conspiracy theories flying around about this.

[TrueCyrpt] is a barely-maintained Open Source project (no updates in the past two years), with an outdated, messy code-base, serious build dependency problems, and lacking in full support for the newest Windows release. It likely only has a small development team - perhaps only one or two people.

The developers are absurdly secretive, and when they do come out of hiding to make a statement, they are confrontational (take, for example, their response to Fedora's queries over the clause in their license that reserves the right to sue for copyright infringement).

If this was any other project, we'd all just assume the developers had decided to call it a day. However, because of the nature of the software, everyone assumes security agencies or reptilians are involved.

Maybe the developer was a security researcher who has decided to retire to a tropical island. Or maybe there were two developers, and they have had a dispute. Maybe the primary developer took a job offer at a security firm, with a clause prohibiting him from working on external projects. There are an almost infinite range of possibilities... assuming that the cause was the devious acts of state-sponsored actors is leaping to a pretty big conclusion.

If I developed a piece of security software, and wanted to cease development, I'd make a similar statement.

"Don't use this anymore. It's not maintained, and should therefore be considered insecure".

Otherwise, if a vulnerability is discovered, everyone will scream: "Fix it now! Nobody told us to stop using it!"

''TrueCrypt is not secure,'' official SourceForge page abruptly warns

[Ars stats for Marlor: 1279 posts > registered Oct 3, 2003 > 0.01% of all posts > 0.33 posts per day]

I don't want to get a Windows PC. I really don't. BUT YOU LEAVE ME NO CHOICE!

Not true. You could get a Chromebox or any number of little computers running normal Linux (including on that Chromebox instead of ChromeOS).

Sounds more like they're actively disincentivizing other motivated parties from solving these problems for their respective communities.

Possibly a better comparison is Zediva - a company that tried to do exactly what the article is describing, with DVDs not CDs, and was shut down: http://arstechnica.com/tech-po...

As silly as it is, the law seems to be settled on this.

What secure, clean source?

Point of Sale systems usually operate under more controlled conditions than end user machines.

Hah!

I'm sure Target will be glad to hear that: http://arstechnica.com/securit...

I have to ask - why do you despise the lawyers, who only act on behalf of the entities they represent?

Because they have a vested interest in this sort of thing and clearly they do act in their own interest.
Trial lawyers are heavy donors to Democratic politicians, including Reid. A Washington Post article on Reid's fundraising during his 2010 campaign noted big-money fundraisers taking place at a Florida trial lawyer's home, as well as one held in California by the top securities class-action law firm, now named Robins Geller Rudman & Dowd.

I heard the problem at eBay was that an employee's login had been compromised (via social engineering apparently, but we might never know).
Regardless of how that happened, that an employee was able to login from a remote location shows the sad state of affairs of security today.

When I worked at a credit reference agency, security was top priority - as if you lost someone else's data (eg a banks) then said bank would withdraw your access to their data, and that meant you couldn't continue to do business.

So we had the production servers in a datacentre that were physically disconnected to the internet. You wanted to update your SQL, someone had to go there (it was very close :) ) to update things. The only connection to the outside world was the web servers, and they had access solely to locked-down services that in turn solely had access to the parts of the DB that they needed to read from.

Layers of security like this mean that if you get your web site hacked (as happens, frequently) the attacker cannot do much damage. They must hack the services layer as well (which means attacking the OS they run on, through a very narrow firewall) and even then they would have to hack the OS security to gain access to a limited section of data. They'd have to further hack the DB to get access to all the data.

So no-one could ever realistically dump the entire user table in that system. Why anyone lets websites do less is a mystery to me.

Note: Even so-called "security editors" fall intot he camp of thinking layered security is not necessary. In this ArsTechnica story, the 'promoted comment' describes a riposte where the poster says the web server needs a direct connection to the web server!!! I can understand some junior web dev thinking it, I can't imagine anyone who knows security taking it seriously, yet many did. This is why we have breach after breach.

Amazon: Big on Net Neutrality, not so much on Book Neutrality.

And biggest hypocrits, too. Remember the wikileaks saga? Wikileaks was hosted on Amazon cloud - for a few days, until some congress critters gave Amazon a nice phone call.

Amazon and net neutrality my ass. That was the day I decided to no longer do any business with Amazon. A bookstore and hosting service that engages in politically motivated censorship does not deserve my business, and the story posted here shows how far Amazon is willing to go.

Open source friendly?
http://arstechnica.com/gadgets...

The thing about OpenStack is that it has been under really heavy development for the past two years. Two years ago the product was buggy as hell. But they've made a series of 6-monthly releases since then. Each one of which offered substantial improvements. Its now pretty good and stable. There is really a incredible support for it. I heard of numbers of around 2000 developers so each release really is substantially better than the previous.

Now that it is basically stable, it will likely get real traction with users and there are big private deployments already. The Australian NeCTAR project will roll-out 30,000 cores by the end of 2014. CERN is looking at a huge deployment of over 100,000 CPUs.

http://arstechnica.com/informa...

Utter bull. Play store is included with AOSP.

Utter bull, indeed.

You're referring to the entirely closed-source bundle that you download from the not-at-all-sketchy-sounding site, goo-inside.me, right? The one that's signed with a self-signed certificate?

The same Google Apps that increasingly contains closed source versions of what used to be open source OS components? Yeah, I'm not sure what "evil" spin you could put on this totally "open" behavior of Google's...

It wouldn't be the first time that keys were used in this way. http://arstechnica.com/securit...

You mean this GnuTLS? (It had a "goto cleanup" bug similar to Apple's "goto fail" bug.) It isn't API compatible with OpenSSL, and OpenSSL came first. OpenSSL has first mover advantage, and more people are paranoid about GPL, even if it's LGPL.

The consensus among security experts seems to be that TLS (the protocol itself) sucks, OpenSSL sucks, GnuTLS sucks, NSS sucks, and TLS has horrible compatibility problems between implementations. They aren't giving us a lot of options, here.

So, I find it fascinating that OpenBSD is taking OpenSSL (which sucks) and trying to make LibreSSL into something that doesn't suck. I wish them the best of luck and funding.

Some guy who seemed to be educated in this matter wrote ( https://plus.google.com/103831... ) that the republicans wanted to stall the situation and keep it as it is where no solution can be reached which allows the ISPs to misbehave while the FCC cannot enforce the rules. Democrats voted to open the conversation for public and they're playing a bit dangerous game where they're betting that public will now go and comment and give their piece of mind at http://www.90so.tv/fccproposal and that way prevent the proposed "fast lanes", and get the ISPs reclassified under tier-2. But if that fails then the real shitstorm begins.

With that said I didn't quite understand why they cannot do so in the first place. In 2002 when they changed the classification to tier-1 it wasn't a big deal to them. But then I saw this article at Arstechnica...

http://arstechnica.com/tech-po...

Yeah... gg USA... gg...

It was being used to smuggle cigarettes into Lithuania by gangs operating in both countries, though the police claim that was not the only thing that was being smuggled.
More details and pics are in an Ars article . Seems pretty nifty, small gasoline engine, has all the control surfaces (rudders, ailerons etc.) , camera and an automatic GPS controlled route (making it a true autonomous drone rather than a remote controlled airplane).

I like to mention this: http://arstechnica.com/civis/v...

We all know this is BS. But we also know the FCC doesn't have much backbone.

They're not supposed to, not when you take a former cable and wireless lobbyist and put him in charge.

He's not there to have a backbone and "do the right thing" for us, he's there to ensure the cable companies get everything they want, all in the name of corporate profits.

And your senators and members of congress, they've probably also been bought off by the same companies to ensure they get what they want.

America stopped being a democracy (or a republic) long ago, and is entirely under the control of corporations. Sadly, some people view this as a good thing.

I simply don't believe the FCC has the desire (or the ability) to do anything which isn't entirely in the interests of the cable companies.

And, as I said elsewhere, for the cable companies to say this would stifle innovation is a crock -- because there isn't a damned thing the big ISPs have innovated in years.

Nobody got a refund from Amazon, you idiot. Didn't you read the policy link?

Curunir_wolf fails again!:

Reader Alex Gladd writes in to let us know that Amazon appears to be altering its standard downloadable game return policy when dealing with customer complaints about SimCity. After writing to Amazon through the "Contact Us" page to express his anger over the state of the game, Gladd got a reply stating, "as a standard policy, Games, Game Items, and Software Downloads are not returnable after purchase. However, because of the circumstances, I've made an exception and issued a refund in the amount of $54.99
http://arstechnica.com/gaming/2013/03/ea-not-altering-return-policy-for-furious-simcity-buyers/

That guy may have tried to make such a case with EA, but notice in the article comments that NOBODY got any such refund. Idiot.

False, idiot.

Get out of your mom's basement and try interacting with the real world a bit.

That's rich, coming from the guy who can't even use Google to figure out that Amazon did issue refunds, fool.

Or, I'll just assume you're a shill for EA. It's the only explanation that makes sense.

Yes it clearly makes sense given that I suggest you make remediation through the mechanisms set out in law of merchantability in your particular country. Now what does the law in your country say about how to deal with a breach of said law?

Now before you respond take a moment to think, research and comprehend your answer before you spout a bunch more idiotic bullshit that I will immediately disprove to show you as being the idiot you are.

Nobody got a refund from Amazon, you idiot. Didn't you read the policy link?

Curunir_wolf fails again!:

Reader Alex Gladd writes in to let us know that Amazon appears to be altering its standard downloadable game return policy when dealing with customer complaints about SimCity. After writing to Amazon through the "Contact Us" page to express his anger over the state of the game, Gladd got a reply stating, "as a standard policy, Games, Game Items, and Software Downloads are not returnable after purchase. However, because of the circumstances, I've made an exception and issued a refund in the amount of $54.99
http://arstechnica.com/gaming/2013/03/ea-not-altering-return-policy-for-furious-simcity-buyers/

That guy may have tried to make such a case with EA, but notice in the article comments that NOBODY got any such refund. Idiot.

False, idiot.

Get out of your mom's basement and try interacting with the real world a bit.

That's rich, coming from the guy who can't even use Google to figure out that Amazon did issue refunds, fool.

Or, I'll just assume you're a shill for EA. It's the only explanation that makes sense.

Yes it clearly makes sense given that I suggest you make remediation through the mechanisms set out in law of merchantability in your particular country. Now what does the law in your country say about how to deal with a breach of said law?

Now before you respond take a moment to think, research and comprehend your answer before you spout a bunch more idiotic bullshit that I will immediately disprove to show you as being the idiot you are.

To expand on this, not only do they not assign security bugs the priority they deserve, they actively hide them.

http://arstechnica.com/securit...

FWIW, I love Linux and used Slackware for almost a decade.

It should make sense to you.

A keyboard is easier to intercept than hardware, won't get bios flashed, and will never be ROM checksummed by most people. When embedded, it may last for years -- has a reliable power source, and a handy hardware spec ... (USB).

As a USB device, it's capable of emulating virtually any other driver that can run over USB -- such as bootable drives, network appliances, and of course... sending keystrokes.

If you read the TAO catalog (he used to have a post of the day over at schneier.com), you can verify for yourself that there are established off-the-shelf (to NSA) components capable of being inserted into a keyboard (drop in usb port replacement, chips, or wiring) that could be dropped into keyboards. Their systems tend to set up their own wireless channels.

To save you the thinking and googling you won't do...

http://arstechnica.com/informa...

https://www.schneier.com/blog/...

To be *really* clear, the keyboard intercept capabilities are nothing new at all -- I've bought hardware to do that off of Amazon, and you can too. The agency ones are presumably much smaller and probably better hidden ...

So yeah... when you're targeting somebody, you go through all channels. A keyboard is a good one...

We need one more big surge of traffic, ideally starting Monday or Tuesday morning at around 10 AM Eastern, to get the Net Neutrality petition to 100k votes on time. I've been tracking the vote rate and it runs fastest on Tuesday, during the work day. We will get the most traction if as many people as possible promote the petition on their social network channels starting early this week. Please consider raising the issue and the petition on your social network channels to help generate the final surge in traffic we need to hit 100k signatures. The petition may not have as much legal authority as we would like, but at least it is a potent rhetorical device for Jessica Rosenworcel and Mignon Clyburn, the two FCC commissioners who are already raising opposition to allowing a fast lane.

Sensationalism. Propaganda. We'll be sure to think of the children as ew teach the tairists a lesson.

Think about it.

Knight was an active duty enlisted member of the Navy assigned to the nuclear aircraft carrier USS Harry S. Truman. He worked as a systems administrator in the carrier's nuclear reactor department. He is accused of conducting some of his unlawful hacking while aboard.

Feds: Sailor hacked Navy network while aboard nuclear aircraft carrier

That cuts a little too close to the bone.

It gets better:

''Essentially I am in trouble for posting all of the stuff on Twitter,''Knight told ABC News by email in his first interview. ''Although a lot of people are saying I was the leader of some crime organizations that was out to get people which wasn't true. Just a group of people that were dumb and did dumb things.''

In criminal information filed Monday, prosecutors allege that while Knight served in the Navy as a systems administrator in the nuclear reactor department of the USS Harry S. Truman, he was also leading a double life as a self-proclaimed ''nuclear black hat'' and the leader of a hacking group called Team Digi7al that stole or attempted to steal confidential or private information and post it online.

After the attacks, the group then bragged about their accomplishments on Twitter, with Knight acting as the main ''publicist,'' according to the Department of Justice.

The court filing noted that three alleged members of the group were minors when they joined.

Prosecutor Ryan Souders, who is involved in the case, told ABC News that generally when a suspect is charged in a criminal information filing, rather than an indictment, that means the defense has indicated they will not contest the charges.

Alleged Navy Hacker Says His Group Just 'Did Dumb Things'

I

More "open"? Look at who wrote most of it's specs - it's Mozilla and Google. At the end of the day, if Mozilla stop supporting it, you're screwed. Just like if Google stop supporting Android, you're screwed. Why B2G ever got off the drawing board is a mystery.

The code itself is open, contrary to android, and the hardware requirements are much lower (hence, lower cost).

Roses are red,
Violets are blue.
You're not at all clever,
And we're all onto you.

BURMA SHAVE

Roses are red,
Violets are blue.
You're not at all clever,
And we're all onto you.

BURMA SHAVE

"This new Microsoft has not only removed the problematic restrictions on its licenses, but also worked with Xamarin to solicit design feedback, and published documentation under a Creative Commons license so that it can be redistributed."
http://arstechnica.com/informa...

Then why aren't the developers of Linux kernel getting paid?

I think the question you're looking for is "Why are only 83.1% of the developers of the Linux kernel getting paid?'

Salt doesn't necessarily solve the breached hash problem if you're using simple dictionary words. It forces a per-hash computation, so they can't use a rainbow table of pre-computed hashes, but dictionary words will still be the second thing criminals will try (the first thing is a quick-list of top password offenders). Sure, it significantly slows the process down, but once the database is offline, there's plenty of CPU horsepower available to do that sort of thing.

Actually, it may be more accurate to say that there's plenty of GPU power available for that, as cracking software often makes use of banks of high-end videocard GPUs to perform massive amounts of hash calculations per second. GPUs are optimal for this task because of the massive number of parallel processing cores in each card. The only real way to thwart this sort of decoding effort is to use memory-hard hashing algorithms, but I don't think those are in wide-spread use yet.

So, let's assume a worst case of a billion hashes a second, which I don't think is out of line for today's top-of-the-line video cards, easily within financial reach of your typical internet low-life. We'll use a dictionary of perhaps 20,000 of the most common English works, and let's say we'll throw in enough combinations to round it up to a million hashes that we'll try per user (capitalization + common numeric suffixes). That means that even something like "Pencil92" isn't safe. Let's also assume that we've got a million user hashes to check in total. Total calculation time for a first-pass dictionary attack on every entry in the database? About 1000 seconds. That means we've got plenty of time to try even more complex combinations of passwords after the simple first-pass check.

Ultimately, the best defense is password complexity, since no amount of hardware can possibly cover all the combinations of a very long and complex password, since length + variation = a combinatorial explosion of possibilities.

Also, sorry to hear about the storm mess. Never fun to clean up after stuff like that.

Or how about this? ISPs creating congestion

The problem is that password crackers can now crack strings of words relatively easily. On page three of the article it even mentions that comic specifically as an example of what crackers can now break.

Two factor authentication is the solution. If you can't use that then a long, random password stored in a password safe app is the best bet. Anything you can remember is crackable.

That is patently absurd. The argument that the FAA has no authority to regulate aviation that isn't interstate in nature implies an ability to differentiate that traffic, and it is NOT INHERENTLY SEPARATE. When I go flying around the pattern I'm using the same airspace used by someone who is arriving from or going to an airport in another state. ATC has no way to differentiate between traffic that is inter and intra state. That aircraft they see departing the local airport may be staying local, or it may be going somewhere in state, or it may be going two states away. They don't know.

The FAA regulates space around airports, because it is interstate. The FAA does not have authority to regulate airspace that is not interstate, like 300' above my backyard. It is ridiculous to claim they use the same airspace. How many times when you are flying have you had to compete with airspace with RC airplanes?

Either the FAA is going to have to start regulating RC airplanes, which is preposterous, or they are going to have to leave drones alone.

And who is creating straw men?

Not I, because a judge found the same thing. I'm sorry but the caselaw is in agreement with me. http://arstechnica.com/tech-po...

"The basics on backdoors in security systems" on How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer. I thought the "pool ball" analogy was very interesting.... "The backdoor allows anyone with knowledge of a secret user agent string to log in and modify settings on any router running the vulnerable software,"... "The values for the points P1 and P2 could have been chosen randomly or they could have been chosen with a deliberate relationship. If they were chosen deliberately, there is a backdoor." Is there any way to tell if they were chosen deliberately or not, and if not is this a possibility for any of these programs out there?

Yeah but the NSA probably doesn't want back doors to exist just as much as we do, if not more so... Think of the extremely dangerous consequences for the NSA that could happen if they DID exist or if someone from inside did know a "secret user string" and used it against them... (hint, think Snowden)

"The basics on backdoors in security systems" on How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer. I thought the "pool ball" analogy was very interesting....

"The backdoor allows anyone with knowledge of a secret user agent string to log in and modify settings on any router running the vulnerable software,"... "The values for the points P1 and P2 could have been chosen randomly or they could have been chosen with a deliberate relationship. If they were chosen deliberately, there is a backdoor."

Is there any way to tell if they were chosen deliberately or not, and if not is this a possibility for any of these programs out there?

Older article, but talks about how ISPs are making huge margins while actually reducing their capital investments:
http://arstechnica.com/tech-po...

Two more recent articles looking at the margins ISPs make:
http://techcrunch.com/2011/07/...
http://gigaom.com/2011/05/12/n...

True revenue and profit reports aren't easy to get ahold of for the big ISPs. Yes, I'm sure the profits are higher in higher density areas. No, I never made any comparisons to prices paid in North America vs. Europe and Asia. The fact remains that the big ISPs took huge amounts of money SPECIFICALLY to provide broadband to rural areas. They can't then turn around and say they couldn't do it because the cost was prohibitive due to population density. They knew the populations when they took the money. You make a statement like the big providers are going bankrupt and tell me I have no idea what I'm talking about, without providing any sources?

Ultra-ever dry wears out eventually anyways. The guys at Arstechnica tested it, and it apparently lasted about a week before fading. But on the plus side your car will look REALLY new for that first week!

The Link

Just another day's work for AC...

So EFF, EU and Senate investigations into Google's privacy practices are non-existent and considering that Google is now one of the biggest lobbying concerns in DC I guess that it still can do no evil? Sorry the information is out there, like ignoring "Do Not Track" does anybody remember that one? It's pretty bad when Facebook even calls Google out for ignoring it. Oh wait, how about Google Buzz and the consent decree that went along with that? Sorry Google is a business and the business model it has is to mine users of its services by what they do, who they communicate with and where they go in the world. That's why I opt out, remove their shit and avoid it as much as possible and don't fucking trust little click boxes that presumably turn things off. Do Not Track in Chrome for example is one of those check boxes that didn't work. Today, quite honestly, I fear more from Google than I do the NSA because at least I have elected representatives that I can go after for that problem with NSA and privacy even with the slim chance that I may be able to change what the NSA does. With Google I have a CEO who thinks "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." That myopic, retarded view of privacy is what's at the heart of why I'm anti-Google because it permeates everything that Google owns or produces. So blithely saying "we don't do that" doesn't cut it because as long as my elected officials, the EU, the EFF and the ACLU are worried about Google, then so am I.

This site is reporting his leaving as meaning that forced integration of Google+ will end

http://arstechnica.com/gadgets...

Great description - between 1 and 4, the Obama administration appointed the former head of the Cable Industry lobbying group and also former head of the Wireless Industry Lobbying group to be in charge of the FCC (Wheeler) - he's excited about all the "innovation" that's happening here.

http://arstechnica.com/tech-po...

From Ars article http://arstechnica.com/tech-po... "The proposed rules would prevent the service providers from blocking or discriminating against specific websites, but would allow broadband providers to give some traffic preferential treatment, so long as such arrangements are available on 'commercially reasonable' terms for all interested content companies," the Journal reported. "Whether the terms are commercially reasonable would be decided by the FCC on a case-by-case basis." To me it sounds like you can pay for faster access but are not allowed to block or discriminate against competition. This sounds like a better deal than you have to pay for access and we will block all of our competitors.

Here's a good graphic showing the FCC heads revolving door.

Obama nominated Thomas Wheeler as head of FCC in 2013: "Wheeler is currently the managing director at Core Capital Partners, a venture-capital firm based in Washington, D.C.. He has also been a top lobbyist for the wireless and cable industries. From 1979 to 1984, he served as president of the National Cable Television Association and before that he was CEO of the Cellular Telecommunications & Internet Association." -- http://www.usatoday.com/story/tech/2013/10/29/tom-wheeler-confirmed-fcc-chairman/3309333/

Why don't you ask Interop why they basically returned a Class A network address block?

Interop Returns 16 Million IPv4 Addresses

Interop gives back a month’s worth of IPv4 addresses

Apparently Interop, the holder of the 45.x.x.x block since 1995, no longer needs that much space. They're now returning 99 percent of it to ARIN, the American Registry for Internet Numbers, which handles IP address distribution in North America. Interop is holding on to a small fraction of the 45/8 block that's currently in active use.

So I went to closed-source hardware, specifically an Asus router, and it works just great. No problems. Lots of bells and whistles and enough horsepower to cope with actually doing what the buzzwords on the box say it can do, without crapping out. This thing is a beast. Never needs nursing. It just works.

Uh, I chose an 802.11ac Asus router for the hardware, too. However, I would not characterize it as "never needing nursing".

The closed source firmware sucks, apparently has a development team that can't comprehend basoc security, and the QoS system it has sends throughput down to telegraph-operator speeds. I would love to load OpenWRT on it, but I will settle for DD-WRT.

I would give the router four stars if it cost $45, but it cost ~$200.