If you've found this post, please note that it's no longer active: We started this blog to track Apple-specific Wi-Fi announcements, but they've turned out to be both so sporadic and of such broad interest to the Mac community, that we write and post articles over at TidBITS.
The Month of Kernel Bugs (MoKB) project finished out November with a undisclosed flaw for AirPort Extreme: They had previously noted a number of Wi-Fi flaws, including a major one for AirPort Card users, now patched by Apple. In this case, they write that they communicated the flaw to Apple before announcing its existence, and haven't disclosed the full parameters of it. It's a similar flaw to others that have appeared, in which the kernel can be made to panic (crashing the computer), among other potential implications they're not disclosing, when improperly formed messages are sent to an AirPort Extreme Card. The security posting mentions "beacon frames" without elaboration. These frames are messages sent by an access point or base station that describe its parameters to an adapter that is looking to associate with a local network, or gathering information about the networks around it.
It's likely that Apple would be able to patch this quickly, as their September update covered a general category of malformed frames. The security team is probably now well aware of how to fix this kind of exploit. I'll guess we'll see an updated by Dec. 10 unless Apple deems this a much worse or much less severe problem than how it's being described now.
Apple released security updates for Mac OS X 10.3 (Panther) and 10.4 (Tiger) that fix the AirPort Card weakness: While there was no widespread (or even narrowly spread) information about this exploit in the original AirPort Card's drivers being taken advantage of in the wild, Apple has patched the flaw within a few weeks of its announcement. The flaw would allow a nearby attacker to crash a Mac with an AirPort Card under the right circumstances (see previous post for more details).
Security Update 2006-007 has six different versions, but the AirPort Card was only ever available for PowerPC computers--Mac models released between 1999 and 2002 could accept the card--but Intel-based Macs include fixes to other bugs and weaknesses in this package. The security update is available in client and server flavors to patch 10.3.9 and 10.4.8.
You can download the patches manually or simply use Software Update from the Apple menu to get the appropriate release for your system.
Mac OS X may be at risk via the original AirPort Card because of an attack methodology published last week as part of the Month of Kernel Bugs. The attack can corrupt some "internal kernel structures," and causes a kernel panic - a crash. The developer of the attack believes that he may be able to modify this with some effort into a root exploit in which control of the machine could be seized.
The approach as published works only with the AirPort Card, the internal 802.11b Wi-Fi adapter for Macs introduced in 1999, and used in all Mac models introduced until late 2002. Apple stopped selling the AirPort Card some time ago - much to the dismay of people whose adapter died on an otherwise usable computer. All Mac models introduced in 2003 and later sport a slot for AirPort Extreme (802.11g) networking; the AirPort Extreme Card slot is not compatible with the original AirPort Card.
Further, the developer of the attack notes that the exploit works best when a Mac has been placed into active scanning mode, which requires a command-line tool included with Mac OS X or the KisMAC utility. In a brief interview with Brian Krebs of The Washington Post's Security Fix blog, the exploit developer told Krebs that he found some vectors for breaking Macs with AirPort Cards that were in an idle, non-associated state, but hasn't produced results he wanted to discuss yet.
The exploit was published as a recipe for reproduction, more or less, so it's not embedded in a prefabricated application designed simply to crash computers, but it will be incorporated into the open-source Metasploit framework, which is a system to stress-test software and operating systems in an automated fashion using malformed packages of data and other techniques. (At this writing, the developers say it's part of Metasploit, but I don't see an item representing it in the list of modules.)
The Month of Kernel Bugs (MoKB) uses a small set of standard tools that stress test operating system kernels by generating massive amounts of arbitrary input - fuzzing - which can be associated with resulting errors on the attacked computer to figure out what input caused which exploitable errors or crashes. The project says they have five more Apple kernel bugs that will appear over the next 30 days. (No additional Apple bugs have appeared as of this writing.)
In a fairly irresponsible move, the MoKB coordinator said there will be no advance notice to the makers of affected systems in any systematic way prior to release of the exploit. Exploits that are released on the day the vulnerability is identified are called "zero-day exploits." In the security world, this is considered bad form, somewhere between taking a dump in a swimming pool and selling drugs to children. There's little reason to not provide advance information to affected parties unless you're trying to be clever, instead of smart.
The justification by the MoKB coordinator, identified only as LMH, is the tired old "Apple doesn't listen to security flaws and pretends it doesn't have any" argument. The industry soap opera that began in August, "To the Maynor Born: Cache and Crash," apparently has led many hobbyist and professional security researchers to decide that Apple systematically denies security flaws when they exist. In the case of that saga, it's fairly clear that only a handful of people have actually seen what was alleged to have been given to Apple, which means that relying on that case as an example of Apple ignoring security issues or misusing security researchers requires second- or even third-hand knowledge. (Apple told Krebs that they are investigating this latest AirPort flaw, which they learned about "recently.")
In comments to a post about this on LMH's Kernel Fun blog, he or she writes, "It's actually a matter of time to demonstrate that all the pro-Mac paranoia is just plain useless. Apple does good stuff indeed, but they obviously do [make] mistakes as everyone does." It's hilarious that anybody credible thinks that vocal Mac zealots represent the interests of the entire Mac community. A more realistic view by an experienced Mac user can be found as the second comment (by Dave Schroeder) on Ryan Russell's blog entry on this exploit.
May I state for the record as a regular reporter on Macintosh matters that I don't reflexively believe that Mac OS X is invulnerable? In fact, I have written regularly about flaws that are reported, and about the risk that we face as a community of users that lack immunity. While Apple has built its operating system on a strong foundation, that in no way precludes exploits that use vectors that weren't considered.
Your high-level takeaway? No Mac model that shipped beginning in 2003 nor older Macs without active scanning enabled are known to be vulnerable. The vulnerability requires a nearby user, too, or one with a high-gain antenna who can reach your computer. I'm guessing Apple patches this relatively quickly for Mac OS X 10.3 and 10.4 users, and that they'll be working overtime to stay on top of other MoKB announcements.
Macworld's editor-in-chief Jason Snell and I talked about Wi-Fi and Apple on today's podcast: The Macworld Podcast (Wi-Fi Security and iTV) covers the Maynor/Ellch exploit controversy, and when 802.11n might arrive on a Mac (and whether iTV will sport 802.11n). In this podcast, I note that Apple's patches for what they term never-demonstrated-exploits, is the worst security hole in Mac OS X ever. But it's patched. (Download MP3.)
Long period of quiet on this blog, I know. The news tends to come in bunches, doesn't it?
The big news of the last few months has been the alleged security flaws uncovered by two researchers that would allow a network cracker to access a system running Mac OS X (along with some Wi-Fi adapters not yet identified used with Windows) by sending particular sets of data that would cause the AirPort driver to either crash the Mac, run some code it was sent, or allow a cracker access at a level that no one but a system administrator should have access.
There's dispute over whether the researchers provided information to Apple that led to Apple releasing patches last week that fix flaws that sound quite similar. The researchers have not directly stated publicly that they provided enough information to pinpoint the flaws; Apple says explicitly they did not. We'll leave that to whomever needs to figure out credit.
For detailed information on the history of this, you can read my coverage at Wi-Fi Networking News in the Security category.
For the purposes of this AirPort blog, I advise everyone running Mac OS X 10.3 (Panther) or 10.4 (Tiger) to use Software Update to install the appropriate AirPort patches immediately. These patches should make it currently impossible (to the best of Apple's ability to test) to use this entire category of attack to crash or hijack a Mac. Apple says no exploit code was found, but that these patches obviate any future exploitation of this kind.
The Wi-Fi sniffing and monitoring software gets revised to version 0.21a: This is the first stable new release in over a year following the heels of new maintainers of the open-source software project. Development has been ongoing, but it's taken a while to get a version that the programmers feel is ready for broader use.
The new version is a universal binary and supports Intel iMacs, but still lags in the code necessary for the slightly different Wi-Fi chips found in the MacBook Pro and Intel Mac minis. (The iMacs use chips from Broadcom, which hasn't open-sourced its driver code; the other machines use Atheros chips, which should do provide some details on accessing their lower-level functions.)
I know that this blog has been quiet again for the last few months, but there's been precious little AirPort-related news. Firmware is stable. The new Intel Macs seem to work fine with Wi-Fi. And no new products have appeared.
I expect this to change soon. The latest revision to Wi-Fi, the 802.11n standard working its way through a standards process, has already started appearing in early draft versions this month. 802.11n can boost the raw speed of Wi-Fi from the 54 Mbps of 802.11g (AirPort Extreme) and 802.11a to 600 Mbps in the most expensive version that has all optional elements included.
In the "slowest" version of 802.11n, expect a raw data rate of 150 Mbps and a net throughput of about 100 Mbps or better, nearly four times faster than plain 802.11g. Now Apple's AirPort Extreme and other manufacturers' enhanced versions of 802.11g can deliver rates of 30 to 50 Mbps depending on equipment and interoperability. The pioneer in multiple-in/multiple-out (MIMO) antenna systems, Airgo, has delivered chips that appear in Buffalo and NetGear equipment that already provide 100 Mbps or better real throughput, but only at a high cost and among like devices.
Because Apple was an early adopter of 802.11g, and because it's eschewed the proprietary and odd extensions to 802.11g that have appeared in intervening years--they adopted the more generally compatible improvements--they're ideally poised to make the leap from AirPort Extreme to AirPort FreakingFast or whatever super-duper name they'll assign to it.
My expectation is that Apple will announce the new technology at or before WWDC this August because the final draft of the standard should be finished or close to it before then, and at least four chipmakers will have been producing draft chipsets for months and worked out the bugs. Interoperability should actually be fairly decent, or achievable via firmware upgrades.
I predict that Apple won't offer any 802.11n products that work in existing AirPort Extreme slots. Rather, they'll only use a PCI ExpressCard style interface. (The onboard Wi-Fi in the first Intel Macs use this architecture.) So don't get your hopes up about Apple helping you to speed up a G4 or G5 Mac of any kind.
The higher pricetag on the new Mac mini with Intel Core Solo or Duo chips obscures the fact that it's not just faster, but includes both wireless networking options previously sold separately. The $100 or so you'd pay for AirPort and Bluetooth 2.0 with a $499 first-generation Mac mini is built into this unit, probably due to very high demand for that built-to-order option.
The new Mac mini base model includes more memory, too, and gigabit Ethernet, but its more powerful video card uses main system memory instead of dedicated video memory, obviating that price difference.
I've been asking Apple for a couple of months to let me talk to engineers or product managers about the problem I wrote about in two issues of TidBITS: Adding Tiger's AirPort Preferred Network List and Tiger Still Resists Showing Preferred Networks.
The reason they resisted is apparently because they fixed the problem in the very latest AirPort Update for Tiger, released Nov. 2. A similar update was added for Panther (10.3.3 and later) on Nov. 8.
I've already emailed one of the folks who had Panther-to-Tiger upgrade problems with AirPort and this patch fixed it; I'm waiting to hear from the rest.
If you've had a problem as described in the two TidBITS article and this update fixes it (or doesn't), please email me.
We've just released two ebooks: the revised version of Take Control of Your AirPort Network, and a new book, Take Control of Your Wi-Fi Security.
The AirPort book is a hands-on guide to using Wi-Fi under Mac OS X, with details covering Jaguar, Panther, and Tiger, and tips for Mac OS 9 and Windows XP. The book focuses on Apple's AirPort network hardware and software, but broadly includes details of other gear, including the most popular router from Linksys.
Each book is $10, but collectively, $17.50. Click links at upper right to visit our store.
Here's our publicity blurb on Take Control of Your Wi-Fi Network.
Learn how to keep intruders out of your wireless network and protect your sensitive communications!
It's ten o'clock - do you know who's using your wireless network? If you haven't changed the default network name or admin password someone could be eavesdropping on your email, plucking your passwords out of the air, or sending spam through your Internet connection right now! When you're using a wireless network - whether a Macintosh with AirPort gear or Windows with any Wi-Fi equipment - you're exposed to risk unless you take steps.
Wireless networking experts Glenn Fleishman and Adam Engst have spent years researching and covering wireless security issues on Glenn's Wi-Fi Networking News weblog and in two editions of The Wireless Networking Starter Kit. Now they've distilled that experience into this essential guide for anyone using wireless networks, whether at home, at work, or on the road. You'll learn how to evaluate your real security risks; the best way to restrict access to your network using WPA; how to secure your data in transit with PGP, SSL, SSH, and VPNs; and how to protect your computers from viruses and attacks. The ebook provides extra advice on how to secure your small office wireless network, including details on choosing VPN hardware and software and on setting up 802.1X for secure Wi-Fi logins. The final section of the ebook helps you determine how successful your security efforts have been by showing you how to perform a detailed security audit on your wireless network using the same freely available tools that crackers might use against you.
Read this ebook to learn the answers to questions like:
• Should I worry about someone eavesdropping on my home wireless network?
• How can I find out if someone is snooping on my wireless network right now?
• Do I need a VPN to protect my sensitive work communications?
• Can I control access to my wireless network by user name and password?
• What software can I use for secure email and file transfer?
• How does public-key encryption work?
• Our office has only 15 people in it - can we afford the best Wi-Fi security?
• Is it really possible to break a WEP key in less than a minute?
• How can I better manage all my passwords to keep them secure?
If you haven't already read it elsewhere, AirPort Software 4.2 includes support for WPA2. Here's the article I wrote a few weeks ago for TidBITS about it:
A few days after Apple pushed out Mac OS X 10.4.2, which includes client-side changes to AirPort software to support a newer, stronger encryption system, the company released AirPort Software 4.2, incorporating the necessary base station support. Separate versions are available via Software Update or as stand-alone downloads for Mac OS X 10.3.3 through 10.3.9, 10.4.2, and Windows.
This update adds full support for WPA2 (Wi-Fi Protected Access version 2), which provides an access point the capability to offer AES (Advanced Encryption System) encryption keys. Only newer hardware sold starting in late 2002 can handle the computation required, so original AirPort cards and base stations cannot be updated to handle WPA2.
The original WPA, which appeared as an update to Panther, offers a superior encryption algorithm and other improvements for Wi-Fi security for AirPort Cards, AirPort Extreme Cards, and AirPort Extreme and Express Base Stations (see "AirPort Firmware Updates Fix Major Bugs" in TidBITS-760). WPA2 is a further refinement - technically, it's the full ratified version of IEEE 802.11i - that works only with AirPort Extreme Cards when connecting to WPA2 Personal- or WPA2 Enterprise-configured networks. AirPort Cards cannot support WPA2 because of limitations in silicon; WPA was designed to be backward compatible with early 802.11b cards, such as the AirPort Card.
Some businesses have been waiting until WPA2 was released before deploying their Wi-Fi networks because of its government-grade encryption. WPA2 also has a few features that add to WPA, such as fast reauthentication, which allows a laptop using WPA2 Enterprise - a system that uses a unique login that produces a unique session key - to roam without a long delay when moving from base station to base station.
AirPort 4.2 includes new versions of AirPort Admin Utility and AirPort Setup Assistant, and firmware updates for both AirPort Extreme and AirPort Express Base Stations.
This update brings Apple current with the rest of the industry. Interestingly, older WEP (Wired Equivalent Privacy) encryption is all that is available for the software base station created through the Create Network command in the AirPort status menu. WEP is cryptographically broken; one hopes Apple will eventually offer at least WPA for improved security of ad hoc networks.
We've let this blog run dry for several months owing to configuration problems and time commitments. But we're trying to prime the pump again, hence the several posts you'll see today.
In case anyone was wondering, there's no news from Macworld San Francisco's keynote address or from Apple that relates to AirPort today. The new Mac mini has AirPort Extreme and Bluetooth support, but they're built-to-order options. You cannot install either option (or memory) after purchase yourself, but will need to have an Apple service center do it--this isn't one of those "you might void the warranty" situations. There's a pretty tightly fitted together set of innards.
Are you a suffering from heartbreak of File Transfer Protocol (FTP) over AirPort Express or AirPort Extreme? Do you know someone who suffers from dropped, halted, or interrupted transfers? Take the latest firmware micro-releases for the two base station models, and don't call me in the morning.
Apple released two micro-releases today that add to their recent major upgrades to Extreme and Express firmware: AirPort Extreme Firmware 5.5.1 and AirPort Express Firmware 6.1.1.
These micro-release numbers belie the major fixes: improving hard reset feedback through LEDs, reinstating printers that should work but failed after the last firmware upgrade, fixing a slow crash problem for WPA used with WDS, and this major FTP problem. A PPPoE garble added in the last firmware update for Extreme is also repaired.
Apple released AirPort 4.1 software today. The update include AirPort Express 6.1 firmware and AirPort Extreme Base Station 5.5 firmware. The update allows you to use WPA (Wi-Fi Protected Access) security over a network that's wirelessly bridged using Wireless Distribution System (WDS). This was a major complaint for people who wanted to use better security for their entire network. You can now also rename USB printers attached to a base station; this changes its Rendezvous name for network discovery. And support for Keyspan's remote control device is now included.
Update: I've written up an extensive run-down of the update for MacWorld.com/MacCentral. You can read that story here.
Apple has apparently stopped selling AirPort Cards (the original 802.11b flavor) directly to consumers, meaning that if you have a Mac model that wasn't revised in 2003 or later, you can't turn to Apple to add Wi-Fi support. (This may be old news -- I'm not sure when they actually stopped the direct sales, but have been reading that AirPort Cards go for $100 or more on eBay right now!)
There are alternatives, depending on which computer you have and which Mac OS version you're running. For instance, Belkin's 802.11b USB adapter has support for Mac OS 9.2, 10.1, 10.2, and 10.3! PowerBooks and Power Macs have PC Card and PCI Card options, even in Mac OS 9; more options are available in 10.2 and 10.3, however.
I have an appendix covering a range of options for alternatives to AirPort and AirPort Extreme for older and newer machines in my ebook Take Control of Your AirPort Network. We just released the 1.1.1 update to the book: it's now $10 instead of $5, but it's 150 pages instead of 89! I added a full configuration guide for AirPort Express among many other additions and improvements.
Apple says it's shipping the AirPort Express. You can order it from Amazon.com for $124.99, five bucks below its retail price. If you choose the slowest shipping method, you don't pay for shipping, either, in the U.S.
If you were wondering when the AirPort Express would be shipping, Amazon.com may have slipped the news early on their site: they say it will ship July 20.
Update: Some sources are saying the Express will ship as early as today, even.
If you're looking for a solid book on using your AirPort network, pick up -- electronically! -- a copy of my latest ebook, an 89-page guide for $5 about the ins and outs of wireless networking on a Mac, Take Control of Your AirPort Network. It's an electronic book, so as soon as you purchase it, it's in your hands.
Here's the promotional blurb:
Make your AirPort network fly with the help of Wi-Fi networking expert Glenn Fleishman! Glenn shows you how to select the best networking gear (AirPort hardware and cheaper options!), position your base station for optimal performance, configure your devices, and lock out snoopers. Learn the four things to consider when purchasing hardware (and what device to avoid!), solutions to six common configuration problems, and four ways to extend your network's range. Whether you're just getting started with wireless or you have an existing network you want to expand or make more secure, you'll find up-to-date information that will save you money and time. Cool extras! Locate adapters for older Macs and get the scoop on AirPort Express and AirTunes!
Apple posted a link to a 200K download that allows Mac users access to Verizon Wireless's high-speed 1xEV-DO cellular data network available in just two cities (200Kbps to 1Mbps down) as well as the 1xRTT service available nationwide (about 50-70K down, slower up). The software supports the PC 5220 card under Mac OS X. Cell data is an increasingly popular way for mobile workers to remain connected. The Verizon service costs $80 per month for unlimited 1xEV-DO and $50 per month for unlimited 1xRTT. The EV-DO service will spread more widely by year's end. Verizon Wireless will spend $1 billion over the next 12 months to expand the offering.
Here's my take in today's TidBITS on AirPort Express:
What's slightly larger than a PowerBook power brick, has three ports, and talks Wi-Fi? Apple's latest wireless entry, the AirPort Express, a 6.7-ounce (189 gram) 802.11g base station. Announced today, the AirPort Express will ship in mid-July for $130, replacing the low-end AirPort Extreme base station, which cost $200.
<http://www.apple.com/ airportexpress/>
The AirPort Express plugs directly into any electrical outlet and supports alternate power standards with no external adapters. It has three jacks: Ethernet, to link in a single computer or an Ethernet hub or switch; USB, to add a printer; and audio, to support either analog two-channel or digital 5.1 with surround. If you need cables to connect the AirPort Express to your stereo, Apple sells the $40 AirPort Express Stereo Connection Kit with Monster cables: it includes a Monster mini-to-RCA left/right audio cable, a Monster mini-to-optical digital Toslink audio cable, and an AirPort Express power extension cord for greater flexibility in placement.
The audio feature is the most intriguing. The system, called AirTunes, works with an iTunes 4.6 update, due out later this week, and software built into the AirPort Express. Anyone on the wireless network with iTunes, whether for Mac OS X or Windows, can choose to direct music to the speakers connected to an AirPort Express base station. In one sense, AirTunes turns a Mac with iTunes into the ultimate remote control for your stereo.
<http://www.apple.com/ airportexpress/ airtunes.html>
<http://www.apple.com/ airportexpress/ unwireyourlivingroom.html>
If multiple AirPort Express base stations are on a network, each one can have a separate set of speakers controlled uniquely by a separate copy of iTunes. iTunes recognizes available speakers through Rendezvous. iTunes and the base station negotiate control so that only one copy of iTunes may play through a given set of speakers at once. The stream of music is sent losslessly but in encrypted form between iTunes and an AirPort Express unit to protect the music "from being stolen," Apple said.
The new AirPort Express base station can connect directly to a broadband DSL or cable modem via its single Ethernet jack, or it can use Wireless Distribution System (WDS) to join an existing AirPort Extreme or AirPort Express network. Apple said that while the AirPort Express's version of WDS might work with base stations from other companies (we've found compatibility with gear from Buffalo Technologies, for instance; see "AirPorts Where the Buffalo Roam" in TidBITS-696), the lack of a standard for WDS meant they could only guarantee it would work with Apple equipment. If your existing network doesn't support WDS, you must tie in the AirPort Express via its Ethernet jack.
<http://db.tidbits.com/ getbits.acgi? tbart= 07341>
The AirPort Express doesn't have all the features of an Extreme unit - exactly which ones are missing won't be clear until I see its configuration software - but the specs say it can only support 10 users versus 50 on the $250 models. That's a guideline based on processing power and other parameters, of course, but one worth keeping in mind. The $250 models also have antenna jacks; one offers Power over Ethernet and a fire-safety rating, while the other includes a modem. Apple said the AirPort Express, like the AirPort Extreme, could share an Internet connection using DHCP and NAT, among other similar features.
The portability of the AirPort Express shouldn't be understated. In a survey a few months ago, I tried and failed to find an effective portable base station. Similar devices cost substantially more than the AirPort Express and still require a tangle of cords. The AirPort Express's small form factor and weight mean it will become a standard item for business travelers to pack for maximum flexibility in working on the road.
<http://www.apple.com/ airportexpress/ onthego.html>
What's the real difference between AirPort Express and just turning on Software Base Station/Internet Sharing in Mac OS 8.6/9 or Mac OS X? At home, you're not dedicating a Mac to a problem that a standalone box with great features can solve. On the road, you're not stuck connecting your laptop to an Ethernet cable on a carpal-tunnel inducing desk with a cruddy chair. Additionally, Software Base Station/Internet Sharing doesn't offer WPA (Wi-Fi Protected Access) encryption, which some users find important, especially when traveling.
From our perspective at TidBITS, the AirPort Express is an important step. Apple has once again followed its traditional strategy of charging somewhat more than the bare-bones competition, while including far more capabilities. With the AirPort Express, Apple has dropped the price of a wireless base station to a far more competitive level while combining features rarely found in a single device such as print sharing, wireless bridging, and audio streaming. If you were to try to assemble the same set of features using the best, cheapest products from other makers, you'd easily spend $300 to $500. The AirPort Express also offers a compelling form factor that enables true portability and adds an elegant method of integrating wireless into your home entertainment system. Barring any nagging technical problems that might arise, AirPort Express could be another hit product for Apple. Wall Street may already be anticipating sales: Apple's stock closed today at its highest price in four years.
Apple's new AirPort Express base station hangs from a power outlet and bridges to existing AirPort or AirPort Extreme networks. It includes audio, USB, and Ethernet connections in its slim form. It can stream iTunes music from a Mac or PC. It's rated to support 10 users instead of the 50 for the higher-end base station models.
It weighs seven ounces, and Apple is billing it also as a portable access point. It has a universal power adapter, meaning it can work with any electrical standard given an interchangeable plug. The unit ships in mid-July for $129.
Audio is streamed using a lossless encoder, and it's encrypted between the machine running iTunes and the base station to prevent copying. Each copy of iTunes can control a single set of audio output at a time, so if you have several sets of speakers or stereo, you can use different machines to control those different speakers on the same network.
This base station replaces the more expensive $200 AirPort Extreme Base Station model. The two higher $250 AirPort Extreme models are still available, but are now targeted really at schools and business with their more advanced features.
Smith Micro's QuickLink Mobile for Mac OS X now supports additional options for cell data support over USB or Bluetooth or via a PC Card and a driver. The latest version adds EDGE, PC Card driver support, and Wi-Fi profile management. EDGE is a roughly 100 Kbps service offered nationwide by AT&T Wireless. The only comparable high-speed network is run by Verizon in just two cities. Cingular, which is acquiring AT&T Wireless also offers EDGE in limited areas, but will have national coverage by this summer even without AT&T Wireless's network being integrated. EDGE plans cost about $50 per month for unlimited usage; less with certain packages.
OrangeWare offers $15 driver to Mac users to pick up extra speed: Mac users now have access to many more options for wireless networking through the OrangeWare driver, which can support a/g cards that use chips from Atheros, including its Super G features, which include compression and frame bursting, among other non-radio-frequency improvements in speed among similar devices. A free trial version is available for download. (Some competitors and testing labs believe that the Turbo mode causes interference with nearby non-Turbo Wi-Fi networks. Atheros denies this.)
The driver lists support for a couple dozen cards (PC Cards and PCI cards) and works with Mac OS X 10.2 or later. These cards are typically less than $50 or even as low as $30, while an internal AirPort Extreme Card--if available for a given model--is $100. The driver only shows WEP, not WPA support.
Asanté's firmware upgrade for the FR1104 802.11g router brings it up to speed against the AirPort Extreme Base Station: For a list price of $117, the FR1104 offers the most significant AirPort Extreme Base Station differences at a little more than half its cost: WPA (Wi-Fi Protected Access) encryption support; 802.11g speeds; and AppleTalk support for backwards compatibility with Mac OS 8/9 systems, with OS X boxes running AppleTalk servers, and printers that only talk AppleTalk.
Missing is the WDS (Wireless Distribution System) offering that lets the AxBS work as a base station and a bridge to other base stations. It can now also log to the standard Unix syslog facility, which Apple added in the latest firmware for the AxBS as well.
The previous generation of Asanté routers didn't offer roaming: that is, you couldn't set multiple base stations to the same SSID (network name) across a single network and have your wireless card automatically switch you to a better base station signal as necessary. It's unclear whether roaming is supported or not in this release, but it's not a significant issue unless you're setting up a multi-access point Wi-Fi network.
You own a Titanium PowerBook. You have an AirPort Card. You've been frustrated with its range, possibly for years. You could buy and install a third-party card using AirPort Software 3.2 or later and get the benefit of 802.11g's 54 Mbps. And that will improve your range somewhat, often substantially. But...you...want...more...
QuickerTek says they have the answer: they combine the Buffalo 802.11g PC Card with a whip antenna to produce four times the range of a native Titanium with AirPort Card. It comes at a price: $170 less a $35 rebate if you send them your AirPort Card. (You can get about $60 on eBay for the item, but you have to deal with the whole transaction and fulfillment.)
You can purchase the Buffalo card separately for as little as $50 after a $20 rebate. It works with Mac OS X 10.2.6 or later, but I believe it requires that self-same AirPort Software 3.2 noted above.
(The one flaw with this package is a legal one; while it's legal for QuickerTek to sell the antenna to use with the card, it's illegal for a user to combine an antenna with any wireless equipment that hasn't been specifically been certified by the FCC to work together as a system. Now, you're not going to get arrested by the FCC police for this act, nor have we ever heard of anyone being fined or prosecuted for it. Still, it's wise to know when you're breaking the law and when you're not.)
Apple released a tool today to make LAN managers -- or even those of us with two or three Base Stations -- leap with joy: AirPort Management Tools 1.0. The AirPort Management Utility provides a way to view and modify the settings of many AirPort Extreme Base Stations all at once. It's a sophisticated tool that should dramatically reduce the staff cost in administering a network of Base Stations -- academic institutions must be ecstatic. The client tool lets you monitor speed and traffic over time, which can help you better troubleshoot a network's problems. (This tool is similar to a monitoring tab in the original WaveLAN/Lucent/Agere/Proxim Orinoco software.)
The management tools requires AirPort 3.4 and Mac OS X 10.3. AirPort 3.4 was released this morning, and it includes a firmware upgrade for AirPort Extreme Base Stations that adds the ability to push logs to an external "syslog" daemon, which is a standard Unix service for recording error messages and warnings. It's part of Mac OS X, so if you reconfigure an always-on box on your network, your AirPort Extreme Base Station(s) can push its/their messages directly to that system for centralized monitoring.
Apple is now offering an AirPort Extreme Base Station that uses Power over Ethernet (802.3af) which allows you to forego running AC power to a base station, and instead "injecting" it over the same cable used for Ethernet. It's a growing technology for access points, often located in places where it's expensive or impossible to run AC power. Even better, existing Ethernet wiring can often handle the power injection. The PoE base station has no modem but does include an external antenna connection and retails for $250.
Apple announced today that the entire PowerBook G4 line would include AirPort Extreme and Bluetooth as standard, built-in features--no more build to order delays. Certain models of the PowerBook G4 already included these features, but now even the introductory 12-inch (boosted to 1.33 GHz) has all the wireless you could ask for.
Apple released these new drivers for the Apple Wireless Keyboard and Mouse, which use Bluetooth to communicate with a Macintosh.
Apple includes an obscure note in its documentation for the Panther 10.3.3 micro-update that third-party wireless networking PC Cards are better supported. But it mentions and provides a little more information about the Honda AH-G10 PC Card. Google matches only Japanese sites about this card.
Apple's 3.3.1 release of the AirPort Software fixes a potential crashing bug when you switch locations. All 3.3.0 users should update to avoid problems.
The AirPort 3.3 software includes the latest Wi-Fi security update--for AirPort Cards: Apple has finally added Wi-Fi Protected Access (WPA) support to the original AirPort Card. AirPort Extreme users have been able to use WPA for a couple of months.
This upgrade is available only to Mac OS X 10.3 (Panther) users, and Apple has historically not released AirPort software for versions of the OS older than about 6 to 9 months, so a 10.2 or 9.2 update seem unlikely.
WPA fixes the weaknesses found in the original Wired Equivalent Privacy (WEP) system that was the only method of encrypting the wireless link between a card and a base station until WPA was released. WPA provides robust security that's more than enough for any small office or home.
You can only use WPA with base stations or wireless gateways that support it, of course. According to information provided to me a few months ago, it's clear that the original AirPort Base Station does not have the capability to be upgraded to WPA compliance.
AirPort Extreme Base Stations support WPA, as do devices from Buffalo, Linksys, and others.
For more on WPA, you can read about it in the book that Adam Engst and I co-wrote on Wi-Fi and wireless, The Wireless Networking Starter Kit, 2nd edition, which was published Nov. 2003, and includes details on WPA. An update on using Apple's WPA tools is on the Web site, too.
OrangeWare is offering a trial version of its driver that supports Atheros's 802.11a and 802.11g chipsets used in equipment from D-Link, NetGear, and others. The driver works for 10 minutes and then requires a purchase; it's $15.
This is the first time I know of that you can use 802.11a on a Mac. 802.11a runs at 54 Mbps, but uses the 5 gigahertz (GHz) band; both 802.11b (AirPort) and 802.11g (AirPort Extreme) use the 2.4 GHz range of spectrum.
The opening paragraph on OrangeWare's site has several factual errors. They write, For several years now, Apple® users have chaffed at the issue that most wireless cards (CardBus and PCI) don’t work with Apple’s Airport® access points. Why is that? It’s because the Apple® client driver only works with the Broadcom chipset.
The Broadcom chipset has only been used since January 2003 with AirPort Extreme. From 1999 to 2003, Apple's AirPort used a Lucent (later Agere) chipset for which a few generic drivers were offered. The statement about wireless cards not working with Apple's access points is incorrect: they meant to say that you couldn't use non-Broadcom cards (a minority of the market) with a Mac.
QuickerTek is offering a $50 adapter that lets you use other antennas with an AirPort Extreme Base Station. The company's press release states This wireless adapter enables the Airport Extreme Base Station to recognize non-Apple external antennas that heretofore have not been compatible with Apple's design. The company hasn't yet updated their site to show this item.
IOXperts have updated their 802.11b driver for Mac OS 8 and 9 to version 1.0.3. A Mac OS X update is coming soon. Their driver, which has a demo period, allows the use of a variety of non-Apple cards with Apple PowerBook 2400, 3400, G3, and G4 systems.
My full-length coverage in TidBITS on Apple's WPA update: In this longer article, I provide more details and more of the limitations of Apple's initial foray in Wi-Fi Protected Access. Sources say that AirPort Card support isn't too far in the future, while AirPort Base Station support isn't going to happen at all.
It's been a long-awaited moment, but Apple has finally shipped the AirPort 3.2 upgrade which includes Wi-Fi Protected Access (WPA) support to the AirPort Extreme Base Station and AirPort Extreme Card. That's right folks, if you've got plain old AirPort cards and AirPort Base Stations, you're out of luck. I'll try to get more information out of Apple about their plans for older devices.
According to the WPA standard, older devices should be able to connect to a WPA-enabled network using a WEP key derived in some fashion from the WPA key. In this release, at least, Apple states categorically that devices without WPA support cannot connect. We'll see how this evolves over time as it's in opposition to the principles of WPA and 802.11i, the larger standard that's a sort of superset of WPA and is due to be finalized next year.
MacWireless.com has introduced its PC and PCI-based 802.11g cards. These card required Mac OS X 10.2.4, and are almost certainly generic versions of the Broadcom firmware and hardware that drives Apple's own Extreme cards. However, these cards will work (as will those from Linksys and Buffalo) in any machine that supports Mac OS X 10.2.4 and has the appropriate slot.
I received Apple's wireless Bluetooth mouse today. I'd ordered it last week and expected it wouldn't be in til October, based on reports, but it appeared with a CD-ROM containing the updated Bluetooth software and firmware.
The Bluetooth updates should be included with the Mac OS X 10.2.8 upgrade released today as well via Software Update. (It's not yet on the Apple download site.)
Configuring the mouse was a piece of cake. We put in the batteries, installed the software and firmware updates, and then turned on the mouse. You can select the Bluetooth tab from the Keyboard & Mouse system preference, and then click Setup New Device. Choose Mouse from the kind of device, and then follow directions; it automatically configures it.
The Bluetooth tab shows the battery life left in your wireless keyboard and mouse. I'd wondered how you would otherwise know that the life was ebbing away before they went dead.
Apple announced its new 15-inch PowerBook G4 model today, which is AirPort Extreme ready in the cheaper version and includes an Extreme card in the more expensive configuration (see specs). The 12-inch and 17-inch models were also refreshed. All the models now also include Bluetooth built-in -- no more dangly USB bits.
This leaves just the consumer iBooks as the only non-Extreme models; they're also the last remaining G3-based systems that Apple offers. The eMac, iMac, PowerBooks, and Power Mac lines are all sped up.
Apple announced its new iMac models this morning, and they now all feature AirPort Extreme. Until yesterday, only the revised 2003 17-inch iMac had AirPort Extreme support.
MacWireless is now offering eight antennas, four each for graphite/snow and Extreme base stations. You still have to take apart the graphite/snow models to get to the antenna jack inside, but it's nice to buy from a company that's dedicated to these models.
The updater is currently only available from the Software Update system preference, but should be added as a download from their Web site soon. The release notes don't explain anything about this specific update, but it includes firmware release 5.1.1 for the AirPort Extreme Base Station.
Adam Engst and I have updated our addendum to The Wireless Networking Starter Kit that covers the AirPort Extreme/802.11g standard now that the standard's been ratified and we have more details.
Download it as a PDF file (190K), or visit us in a few days (we'll post again) when it's converted to HTML.
Darn those nit-picking product numbers! Alert reader Dale Rice pointed out that Buffalo Technology actually sells two 802.11g PC Cards: the $60 WLI-CB-G54 card is not actually compatible with AirPort 3.1, whereas the $80 WLI-CB-G54A is compatible. Make sure you get the right one!
Dale also noted that he'd seen reports of AirPort 3.1 working with a Belkin 802.11g PC Card. More interesting, for those people who would like to connect a Power Mac to an AirPort Extreme networking, are anecdotal reports of 802.11g PCI cards from Buffalo Technology and Linksys (the Linksys WMP54G PCI adapter) working with AirPort 3.1. The moral of the story would seem to be that compatibility is broad, but check for specific compatibility claims or at least user reports before buying.
[Adam Engst originally wrote this article for TidBITS: permanent link]
Owners of pre-AirPort Extreme PowerBooks with PC Card slots can now connect to higher-speed AirPort Extreme networks using third-party 802.11g cards. It turns out that Apple's recent AirPort 3.1 update also provides support for PC Cards that use the same Broadcom chip set that Apple uses for internal AirPort Extreme cards.
So, if you've been lamenting the poor signal strength of your Titanium PowerBook G4, you can improve signal strength and jump up to 802.11g's faster throughput with a third party card. Both Asante and Buffalo Technologies claim their 802.11g cards work with Mac OS X and the AirPort 3.1 update; other manufacturers using Broadcom's chip set are likely compatible as well.
Buffalo Technology's card costs about $60 and is available now; the Asante card costs $100 and should be available this month.
[Adam Engst originally wrote this article for TidBITS: permanent link]
Asante ships its $99 PC Card for PowerBooks with PC Card slots running Mac OS X 10.2.6 and AirPort 3.1 software, released last week. Of course, this means Asante is leveraging the Broadcom software release incorporated by Apple.
SmallNetBuilder reveals that Apple won't offer support for the new security standard WPA (Wi-Fi Protected Access) til the end of this year when Panther appears.
WPA fixes the broken encryption system in today's Wi-Fi and 802.11g, while adding better support for corporate-style network authentication and security.
As a reader posted in comments in the previous news item, the new Apple AirPort 3.1 release adds a third bridging mode when you use the WDS (Wireless Distribution System). The WDS originally let you connect up to four base stations, called remotes, directly to a unit that was hooked up to the Internet, or a master. The new software introduces a relay to which up to four remotes can connect, and which itself connects to the master, according to Dave Russell at Apple, the director of portables and wireless marketing. You can only have one relay per networks, he said.
Apple also released the AirPort Extreme Admin Utility for Windows in beta/preview form. It will work with Windows XP and 2000 equipped with any 802.11b or 802.11g wireless card -- they hope. There are a lot of cards, and they did a lot of testing. They're looking for feedback before they finalize this version because of the variables.
Finally, Apple's adding a packet burst mode for 802.11g-to-g communication that should increase the throughput by a reasonable amount, or actual data transferred after network overhead is subtracted. Their chip supplier was saying 25 percent improvements when all devices use this new packet bursting technology.
You can now download AirPort 3.1, the 802.11g final ratified version compatible AirPort Extreme software. Apple may have updates in the future, but they'll be tweaks compared to this.
MacWireless has a few new offerings.
First, their Extreme Power over Ethernet (PoE) kit, which, for $90, lets you locate a base station far away from electrical power by running low voltage over the Ethernet cable. (Warning, by the way: it's illegal in many states for installers without electrical contractor certification to install PoE style equipment, or even Ethernet! Individuals and business owners can do what they want, of course.)
Second, the $100