AirPort Blog

If you don't know what EAP-FAST is, you don't need it. Apple's Mac OS X 10.4.8 update includes new support for a Cisco-exclusive method of logging into a wireless local area network. EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) is a replacement for Cisco's LEAP (Lightweight EAP), which is still in use despite extensive documentation of its cryptographic weakness, including exploit software to extract passwords from transmitted data.

EAP methods allow a username and password or other credentials (such as a smart card swipe) to be passed through a wireless or wired gateway to a backend server that authenticates the validity of the credentials--that the password is valid or the smart card is authorized. Once that's approved, the user trying to gain access is given access. Before then, they're sort of shunted to the side in a way that only allows them to petition for access. This provides a pretty high level of security.

Unfortunately, EAP isn't secured, meaning that any of the data sent via EAP is passed in the clear. Various methods of secured EAP encrypt the authentication part, so that credentials aren't revealed to snoopers. The most widely used form of secured EAP is PEAPv0 (Protected EAP version 0), a method that's found in built-in software in Windows XP SP1 and later and in Mac OS X 10.3 and later. It's also available through free and commercial software for Windows, Linux, and handhelds.

Cisco has a document that describes EAP-FAST and its use, and its limitations.

Posted by Glenn Fleishman at 4:10 PM | Permalink | Comments (0)

The single biggest complaint I hear from Apple users that have Mac models introduced after 1999 and before 2003 is that Apple canceled production of the AirPort Card. Apple released the original AirPort Card in 1999 and it was more or less the same device through 2004, when it stopped being produced. There's a story behind it that I only have pieces of.

The AirPort Card was a modified version of a PC Card produced originally by Lucent. When Wi-FI was first introduced, there was Intersil and Lucent, and a few other players with very little marketshare. Intersil produced the Prism series of chips used by Linksys and many other companies; Lucent (which acquired its product line by buying WaveLAN) sold its cards under the name Orinoco and sold chips to Apple. Apple included a special slot for this card in iMacs starting in 1999. The original Wi-Fi flavor was 802.11b, which operated at a raw rate of 11 Mbps.

Intersil wound up becoming an also-ran in the Wi-Fi market as upstart Broadcom captured the early 802.11g market despite Intersil pushing the OFDM (Orthogonal Frequency Division Multiplexing) encoding method that became the way that 802.11g reached 54 Mbps of raw speed. Intersil later sold its wireless products to GlobespanVirata which merged with Conexant. Conexant now focuses its wireless efforts on integrated home gateways.

Broadcom grabbed a huge hunk of the 802.11g market, snagging Belkin, Buffalo, Linksys, and Apple. Lucent had, in the meantime, spun its chipmaking division off as Agere, which didn't provide 802.11g chips til a little too late for Apple and the rest of the marketplace. Atheros, meanwhile, which had started as an 802.11a company for the enterprise, shifted gears and signed up NetGear, D-Link, and, later, a lot of startup wireless LAN switch companies. Intel (via Centrino), Marvell, Atheros, and Broadcom are recognized as the leading Wi-Fi chipmakers today.

Apple sold Broadcom's package as a modified mini-PCI card that fits into a new special slot inside all current Macs. It continued to sell the AirPort Card, lowering the price in 2004 to $80 down from the $100 it had charged from its 1999 introduction.

Agere wound up selling its Wi-Fi product line to Proxim which first stopped selling to consumers, and then went into bankruptcy and had its assets acquired by Terabeam, which also acquired the Ricochet brand and system. (Ricochet was an early metropolitan-scale wireless system funded by Paul Allen that could offer speeds up to about 128 Kbps by its end, but like many Allen projects, it was a few years ahead of its time and ahead of the technology.)

It's pretty clear, though I've never heard it said, that at some point in this magical mystery merger tour that whatever company was still produced either the silicon or the complete package for Apple's AirPort Card stopped doing so: either the company's contract with Apple ran out or the company was incapable of continuing to run the product line. Either way, the AirPort Card disappeared and with it the hopes of a short generation of Mac users of having a simple way to connect wirelessly.

Used and never-opened AirPort Cards continue to sell on eBay, now typically for $120 to $140. The problem with used AirPort Cards is that both they and the original AirPort Base Station were notorious for going on the fritz after a year or two. I had two AirPort Base Stations die; this is a fixable problem, however, and the folks at BSR Tech offer repairs for graphite and snow ABS's and newer AirPort Extreme Base Stations, too.

What prompted this reverie is that I noticed on Dealmac today, my favorite bargain-promoting site, an offer for a $100 refurbished AirPort Card from TechRestore.com. Use Dealmac's coupon to get the discount. It's odd to see this card listed as "refurbished" because it's a solid hunk of circuit board. It either works or not. It's possible they did some burn-in tests to confirm that the card works, but that's unclear.

Older Mac owners do have other options that cost under $120 to $140, and even under $100. I wrote a few weeks ago about several options. My favorite, because it's the most flexible and interesting, is the $75 Zyxel AG-225H, a USB 2.0 device that will work with USB 1.1. USB 1.1 is limited to about 12 Mbps, so even though the Zyxel works at 802.11g speeds, pre-USB 2.0 Macs will be limited to about twice what an AirPort Card's throughput would be. (11 Mbps for 802.11b translated to about 5 Mbps of real data flow. The Zyxel should run at full bus speed, however, on USB 1.1.)

Posted by Glenn Fleishman at 9:26 AM | Permalink | Comments (0)

This one deserves an exclamation point. Rogue Amoeba has used their very clever brains to extend AirPort Express wireless music streaming (AirTunes is Apple's name for it) so that any application can stream its sound to an AirPort Express. Here's that exclamation point: ! Coming in 2005.

Posted by Glenn Fleishman at 9:51 PM | Permalink | Comments (0) | TrackBacks (0)

Are you a suffering from heartbreak of File Transfer Protocol (FTP) over AirPort Express or AirPort Extreme? Do you know someone who suffers from dropped, halted, or interrupted transfers? Take the latest firmware micro-releases for the two base station models, and don't call me in the morning.

Apple released two micro-releases today that add to their recent major upgrades to Extreme and Express firmware: AirPort Extreme Firmware 5.5.1 and AirPort Express Firmware 6.1.1.

These micro-release numbers belie the major fixes: improving hard reset feedback through LEDs, reinstating printers that should work but failed after the last firmware upgrade, fixing a slow crash problem for WPA used with WDS, and this major FTP problem. A PPPoE garble added in the last firmware update for Extreme is also repaired.

Posted by Glenn Fleishman at 2:11 PM | Permalink | Comments (0) | TrackBacks (0)

Posted by Glenn Fleishman at 10:40 AM | Permalink | Comments (0) | TrackBacks (0)

Posted by Glenn Fleishman at 11:15 AM | Permalink | Comments (0) | TrackBacks (0)

Posted by Glenn Fleishman at 2:00 PM | Permalink | Comments (0) | TrackBacks (0)

In TidBITS today, I present the problem and solutions to dealing with AirPort Express's single Ethernet port. The new base station will ship any day now from Apple, and it includes streaming music, USB printer sharing, and but one Ethernet port. That port can't do double duty to share your network connection without polluting your service provider's network with bad dynamic addresses. What to do? Read the article for advice.

Posted by Glenn Fleishman at 6:41 PM | Permalink | Comments (0) | TrackBacks (1)

Mac Skeptic columnist says Mac OS X Bluetooth easier than Windows: It's partly an integration issue, which is odd given how many tools are "integrated" with Windows XP. Mac OS X has Bluetooth on its mind; with Windows, you have to install drivers. (This will change for most Bluetooth adapters under Windows XP Service Pack 2 due out later this year.)

Apple's included software really does make the difference. The writer complains about the number of steps and odd non-reproducible performance under Windows XP when adding a Bluetooth keyboard and mouse, where with Mac OS X it's a single long wizard. Likewise, she gave up on syncing her Palm with her Sony Ericsson phone (which itself could pair up just fine) under Windows, but it was practically a single leap from pairing the phone to syncing data on the Mac.

Posted by Glenn Fleishman at 10:13 PM | Permalink | Comments (0) | TrackBacks (0)

If you haven't seen MacWireless.com's site lately (or ever), take a look if you're in the market for any Mac-based and Mac-supported Wi-Fi products. The company started wih a modest set of 802.11b products almost two years ago, and has expanded into offering antennas, 802.11g (AirPort Extreme compatible), outdoor systems, and even the WiJector, a combination Wi-Fi hub and VGA adapter that lets you remotely display to a video projector from a Macintosh.

Posted by Glenn Fleishman at 1:52 PM | Permalink | Comments (0) | TrackBacks (0)

I've just released a new book, Take Control of Sharing Files in Panther, a 96-page, $10 electronic title published by the fine folks at TidBITS. The book is about networking, and I do have issues that will be of interest to wireless and wired networking users alike, especially on the security front. You can read more about the book via that link.

Posted by Glenn Fleishman at 2:54 PM | Permalink | Comments (0) | TrackBacks (0)

Apple told me in a briefing today a very interesting wireless fact: the new laptops introduced today include new Bluetooth firmware and software that allows these Bluetooth devices to use adaptive frequency response to avoid stepping on frequencies in use by Wi-Fi.

Although this has been legal in the United States for months following an FCC decision which allowed devices using Bluetooth-like frequency hopping patterns to hop among fewer frequencies, this is the first device I'm aware of for sale by a major manufacturer that incorporates this notion. There are some gateways and individual pieces of equipment that try, but Apple's Steve Joswiak said that the Bluetooth and Wi-Fi drivers exchange information within the operating system.

This adaptive response is part of the IEEE 802.15.2 task group's standard, and Bluetooth will apparently include it in Bluetooth 1.2, due out later this year. Joswiak said that the driver update would work on all Apple built-in Bluetooth and all but the very first series of D-Link USB dongles. The very first dongles did not feature upgradable firmware.

Watch for a Bluetooth firmware/software download, apparently.

Posted by Glenn Fleishman at 6:43 PM | Permalink | Comments (0) | TrackBacks (0)

Most of the security packages that change out WEP (Wired Equivalent Privacy) encryption keys are corporate/enterprise oriented packages that involve lots of components, and often use 802.1X, a standard for logging in over wireless and wired LANs. WEP keys can be cracked in somewhere between 300 and 10,000 packets, depending on many factors and who you talk to.

Saferwep is a clever Java-based alternative for Macintoshes that rotates WEP keys to improve network security by reducing the chance of a brute-force crack. It's not optimal, but it's an interesting idea.

Posted by Glenn Fleishman at 10:02 AM | Permalink | Comments (0) | TrackBacks (1)

If you want to check out what wireless signals abound as you travel around, MacStumbler 0.7 is the ticket. The latest version adds GPS (Global Positioning Satellite) support so that as it finds and logs access point (base station) details, it can put a virtual pin at a point.

Network administrators have long found the 'stumbling programs useful, as they help plan service areas, chart obstacles to signal strength, and find rogue wireless base stations. Those of us with no system admin duties like to see how many people are using Wi-Fi -- and whether we can hop on for a few minutes of email. Not that I advocate that.

Posted by Glenn Fleishman at 4:24 PM | Permalink | Comments (0) | TrackBacks (0)

Constantin von Wentzel dissected an AirPort Extreme Base Station -- with pictures!

Posted by Glenn Fleishman at 10:43 AM | Permalink | Comments (2) | TrackBacks (0)