Improve Apple Services with AirPort Base Stations
You can make iChat file transfers, iDisk, and Back to My Mac work better by turning on a setting with Apple AirPort base stations released starting in 2003. Launch AirPort Utility, select your base station, click Manual Setup, choose the Internet view, and click the NAT tab. Check the Enable NAT Port Mapping Protocol (NAT-PMP) box, and click Update. NAT-PMP lets your Mac OS X computer give Apple information to connect back into a network that's otherwise unreachable from the rest of the Internet. This speeds updates and makes connections work better for services run by Apple.
Series: Get Unwired!
Wireless networking can take the cable out of your walls... and the security out of your network.
Article 1 of 10 in series
The most common question I was asked at last week's Macworld Expo in New York (apart from the much-appreciated "How's Tonya?" - she stayed home with Tristan) was the standard, "So what's the most interesting thing you've seen?" This year nothing could compare to the iBook, which made its debut during Steve Jobs's keynote. What Is the iBook? When Steve Jobs regained the reins at Apple, he outlined a four-square product matrix with desktop and portable products for both consumers and professionalsShow full article
The most common question I was asked at last week's Macworld Expo in New York (apart from the much-appreciated "How's Tonya?" - she stayed home with Tristan) was the standard, "So what's the most interesting thing you've seen?" This year nothing could compare to the iBook, which made its debut during Steve Jobs's keynote.
What Is the iBook? When Steve Jobs regained the reins at Apple, he outlined a four-square product matrix with desktop and portable products for both consumers and professionals. The blue and white Power Macintosh G3 and the PowerBook G3 occupied both squares of the professional column, and the iMac was in the consumer desktop square. Left tantalizingly blank until last week was the consumer portable square. If you missed the massive media coverage, the iBook fills that final space. Or at least it will when it ships in September.
As with the iMac, Apple didn't skimp much on features with the $1,599 iBook, which boasts a 300 MHz PowerPC G3, 12.1-inch TFT active matrix color display capable of up to 800 by 600 resolution in millions of colors, 32 MB of RAM (expandable to 160 MB), a 3.2 GB hard disk, a 24x CD-ROM drive, internal 56K modem, a 10/100Base-T Ethernet jack, one USB port, a "full-size" keyboard, and a supposed six hour battery life. Those are impressive specs, and Jobs claimed the iBook would be the second-fastest laptop currently available after the PowerBook G3.
Attention to design detail is also evident in the iBook, which will debut with a choice of either blueberry or tangerine coloring. More interesting is the handle mounted where the two halves of the clamshell-style case connect. Using the handle makes the iBook's 6.6 pounds feel lighter than the bronze keyboard PowerBook G3's 5.9 pounds. Apple eliminated easily broken doors from the recessed modem, Ethernet, and USB ports. Also new is the complete lack of a latch: Apple took a hint from cellular phone designs in creating a hinge that holds the screen shut. (The previous three PowerBook designs - the PowerBook G3, the PowerBook G3 Series, and the bronze keyboard PowerBook G3 - all feature different latches.) Finally, Apple outfitted the iBook in polycarbonate plastic edged with hard rubber for durability.
Wireless Networking -- The most amazing aspect of the iBook, though, is its support for Apple's new AirPort wireless networking, based on technology from Lucent and the 802.11 DSSS (Direct-Sequence Spread Spectrum, as opposed to the incompatible FHSS, or Frequency Hopping Spread Spectrum) wireless networking standard. With the addition of a $99 card under the iBook's keyboard and a $299 AirPort Base Station, iBooks can share files, play network games, and generally do anything possible on a normal network, all without a single wire. This invisible networking is enabled by the AirPort card and a pair of internal antennas on either side of the iBook's screen.
The AirPort Base Station is shaped like a flying saucer or a pudgy Hershey's Kiss with three connectors in back. A 10/100Base-T Ethernet jack lets you connect an AirPort Base Station to a wired network for communicating with desktop Macs, printers, and dedicated Internet connections. A standard telephone jack belongs to a 56 Kbps modem, so the Base Station can connect directly to an Internet service provider. The third jack is a relatively dull AC power connector, but I heard that it uses 12 volts, making it easy to run via an adapter in a car or boat.
AirPort is theoretically capable of 11 Mbps, although it remains to be seen what sort of performance AirPort networks will enjoy in real world situations. Other limitations include a 150 foot range (diminished by thick walls or floors) and a 10 user per AirPort Base Station recommendation. The 10 user limit is not etched in stone; I heard of successful tests involving over 30 iBook users working with a single AirPort Base Station, although performance may suffer under heavy network use. AirPort will require Mac OS 8.6 or later.
Details on AirPort are still sketchy, but from conversations with knowledgeable people, it appears the AirPort includes NAT (Network Address Translation) and DHCP (Dynamic Host Configuration Protocol). Combine those with the 56 Kbps modem and any iBook connected to an AirPort Base Station that has dialed up an ISP can share that single Internet connection. That's amazingly useful, and better yet, if you have a wired Ethernet network connected to the AirPort Base Station's Ethernet jack, that network can also share the modem-based Internet connection. According to Apple, Airport Base Station Access Point software can enable an iBook to function as a base station; the network could then also connect to the Internet using the iBook's internal modem.
Software will let you protect your AirPort network, since otherwise anyone could sit on your porch with an iBook and use your network without permission. The connections reportedly use 40-bit encryption to prevent other people from eavesdropping on your network traffic as well. In addition, users must enter a password to log onto an AirPort network.
AirPort's pricing sets a new standard in the wireless networking market. Before this, you could expect to spend at least $300 on a PC Card and between $700 and $1,100 for a base station for a total of $1,000 to $1,400. Compare that to the $400 you'll pay for a complete AirPort solution, and you can see how Apple intends to bring wireless networking to the masses. My guess is that within a year, we'll see AirPort antennas available across Apple's entire line, with various styles of AirPort cards available from both Apple and other manufacturers.
I can't decide which superlatives to use with regard to AirPort, assuming the reality lives up to the promise. Just imagine the possible uses. Suddenly your entire house becomes network-capable without stringing a single wire. Classroom networking becomes much more of a reality than in the past. With AirPort Base Stations placed in strategic locations, college dorms and libraries could provide ad hoc Internet access to iBook-toting students. (Yes, this raises unknown issues about scalability, but we're imagining here, remember?)
If you want to add wireless networking capabilities to older PowerBooks, you'll need a WaveLAN PC Card from Lucent or the just-announced SkyLINE PC Card from Farallon after their testing confirms it is compatible with AirPort. (Both run at 2 Mbps.) The AirPort press release from Lucent also claims that Apple will offer a wireless card for the PowerBook G3.
Quibbles and Bits -- Although I'm impressed with the iBook and AirPort networking, I have a few quibbles.
A mere 32 MB of RAM is rarely enough, even for a consumer. Every iBook should have at least 64 MB of RAM, and I expect dealers will install additional memory at the point of sale as they do for iMacs. Dealers may like this setup, since RAM can be a high-margin addition. I don't know what form factor the memory modules will be, but I hope the iBook uses the same RAM as the current PowerBook G3.
The 12.1-inch screen, with a maximum resolution of 800 by 600 pixels, seems small and was undoubtedly one of the places Apple skimped to keep the price down. I wouldn't be surprised if future iBooks increased the screen size to 13 inches or more with a higher maximum resolution. The plastics would seem to be big enough to accommodate a larger screen.
Limiting the iBook to two colors - blueberry and tangerine - seems an odd decision, especially since tangerine is the least popular iMac color. I've heard various speculation, including the simple requirement for an alternative to blueberry, the need to use up an enormous vat of orange plastic, and the claim that tangerine is Steve Jobs's favorite color. The most credible explanation was that the other three iMac colors - grape, strawberry, and lime - simply didn't look good in the iBook's rubber attire.
The iBook keyboard has the fn (Function) key in the lower left corner of the keyboard, like the PowerBook G3s. I hate that location because it creates confusion when switching back and forth from a desktop keyboard, where the Control key is in that position. With Control being used heavily for contextual menus and applications using Option and Command with ever-increasing frequency, I wish Apple wouldn't change the order of modifier keys relative to the left edge of the keyboard.
It isn't clear if the AirPort Base Station's modem can connect to America Online or other non-Internet services. AOL is the most important, because the iBook is aimed at consumers, who often use AOL.
I could see an argument for adding FireWire so digital camcorders could connect to the iBook, but I suspect Apple's stance is that since the iBook's 800 by 600 screen isn't ideal for digital video, it's better to point roving digital video aficionados to the PowerBook G3.
The iBook is both heavier and larger than I'd like. Consumers want small and light portable computers as much as professionals do, so it would have been nice to see Apple drop the weight by a pound or two and shrink the footprint. The weight is probably due to the durable plastics, and also because Apple was trying to keep the price down: lighter components cost more.
Target Markets -- The iBook has been a topic of discussion on TidBITS Talk, with some people expressing disappointment and others raving about how perfect it is for their modest needs.
Remember that the iBook is not designed for professional use, and as much as a typical TidBITS reader might want additional features and capabilities, many of us aren't the target audience. Apple is targeting the consumer market with the iBook, and the designers obviously thought long and hard about which features could be cut to save money while at the same time differentiating the iBook from the PowerBook G3. Unless some as-yet-unforeseen problem surfaces, I think we'll have another iMac-style hit on our hands.
Article 2 of 10 in series
Back in 1999, Apple started the ball rolling on wireless networking by releasing the inexpensive AirPort Base Station and providing an AirPort option for all MacsShow full article
Back in 1999, Apple started the ball rolling on wireless networking by releasing the inexpensive AirPort Base Station and providing an AirPort option for all Macs. Wireless networking is clearly here to stay - in addition to the increasingly common individual and corporate use of wireless networks, there were tons of AirPort Base Stations on the floor at Macworld. And, for the first time ever, Jeff Carlson and I managed to maintain Internet connectivity for the entire show without once dialing a hotel phone. Jeff has a Ricochet wireless modem that provides roughly 28.8 Kbps of bandwidth (a different device will get the newer and more expensive Ricochet 128 Kbps service in San Francisco, but we couldn't acquire one in time), and he also has a Lucent WaveLAN PC Card that works with Apple's Software Base Station. Put the two together, and my PowerBook's Farallon SkyLINE Wireless PC card could connect to Jeff's PowerBook, then access the Internet via Jeff's Ricochet. Most interestingly, a few times when I was fiddling with the settings I ended up connecting to other nearby AirPort Base Stations. They had generic names ("Apple AirPort" and "Macworld") so I had no idea whose they were; perhaps people who don't mind sharing some bandwidth in such a situation could put their email address in the name so people who connect can thank them for the connectivity.
Proxim's Farallon division was at Macworld with a three-room "house" (it turns out you really can walk into an IKEA store and buy an entire room of furniture) set up to show off wireless networking. In addition to their existing SkyLINE 11Mb Wireless PC Card, Farallon was showing an extremely welcome addition: a SkyLINE PCI Card for older non-AirPort-capable PCI-based Power Macs (it's basically just a carrier card into which you plug a SkyLINE 11Mb Wireless PC Card, so the SkyLINE PCI Card costs either $70 by itself or $240 complete). Also new from Farallon was the NetLINE Wireless Broadband Gateway, which differentiates itself from Apple's AirPort Base Station by providing not only 802.11b wireless networking, but also two Ethernet ports, one for a cable/DSL modem and the other for a wired Ethernet. Those ports help make possible basic firewall capabilities, and the NetLINE Wireless Broadband Gateway software adds support for a variety of networking alphabet soup standards, including DHCP, NAT, PPPoE for DSL connections, and VPN with PPTP client and server pass-through. Farallon anticipates shipping the NetLINE Wireless Broadband Gateway in February for $400.
TechWorks was also showing a variety of differently configured AirStation 802.11b access points, its alternative to Apple's Airport Base Stations. Although the price of an AirStation is comparable to Apple's AirPort Base Station, the AirStation requires a Windows-based PC if you want to set it up from a machine on a wired Ethernet network. Also, although the AirStation line has four different models, only the $340 Local Router model offers anything unusual - in this case, an integrated 4-port 10/100 Ethernet hub.
More interesting for the future was Farallon's release of a Macintosh driver for Proxim's $130 Symphony PC Card, one of the products in the Symphony-HRF wireless networking suite. Symphony doesn't use 802.11b - the technology behind Apple's AirPort - but instead relies on a different 2.4 GHz wireless networking standard called HomeRF. HomeRF is currently slower than 802.11b (1.6 Mbps versus 11 Mbps), though Farallon noted that difference should go away by the middle of this year with the next revision of HomeRF. However, the main difference is that HomeRF is designed for applications other than data networking that require specific quality of service assurances, so later this year Farallon expects that we should start seeing consumer electronics devices that support HomeRF, such as cordless phones, stereos, video cameras, and more. Until that point, it's probably worth just keeping an eye on HomeRF, but it has the potential to become quite interesting as a way of providing wireless connectivity to a range of devices. And if that happens, Apple may be forced to pay close attention, since wireless technology is definitely a key component of the new digital lifestyle focus.
Article 3 of 10 in series
My brief story about setting up a wireless Ethernet network in our hotel room at Macworld Expo for the purposes of sharing a Ricochet-based Internet connection made some readers wish that they too could do such things (see "Macworld SF 2001: Go Wireless, Young Mac" in TidBITS-565)Show full article
My brief story about setting up a wireless Ethernet network in our hotel room at Macworld Expo for the purposes of sharing a Ricochet-based Internet connection made some readers wish that they too could do such things (see "Macworld SF 2001: Go Wireless, Young Mac" in TidBITS-565). I started to reply that it was really easy, which was when I realized I haven't written much about setting up and using an AirPort-based wireless Ethernet network, even though Tonya and I have been using one in our house for over a year. The reason for my oversight is actually quite simple - the AirPort network was almost trivial to set up, and once running, it just works. But simplicity, reliability, and elegance are the hallmarks of AirPort, and why I now recommend it as the first choice for networking all modern Macs.
iBook Online -- We decided to make the jump into using an AirPort wireless network at the end of 1999 because Tonya was finding that using her desktop system (a Power Mac 7600 with a pair of monitors) was increasingly difficult as Tristan approached the age of one and became mobile. He was especially intrigued by the 50-foot bright blue Ethernet cable we'd strung through the kitchen and dining room to Tonya's Mac, and although he was never seriously into chewing, that blue cable was an irresistible plaything. We figured that switching Tonya to an iBook would have numerous advantages, including clearing a desk and computer system out of our dining room, eliminating the decorating nightmare of a 50-foot blue cable from our kitchen, and letting Tonya work anywhere in the house. But since much of what Tonya does is tied to email and the Web, it was important to her to have access to our Internet connection, and AirPort wireless networking made that possible.
The two pieces that were necessary were the $100 internal AirPort card for Tonya's iBook, which we had installed at purchase, and the $300 AirPort Base Station, which connects to our wired Ethernet network and enables the iBook to communicate with our other Macs, our printer, and the Internet. At that point, Apple hadn't yet released version 1.2 of the AirPort software, which enables a Mac with an AirPort card to act as a software base station, and worse, we didn't then have another AirPort-capable Mac that could run the software base station. Although relying on a Mac and the software base station feature might seem like a great way of saving $200, that Mac would have to remain running all the time, and even though my current Power Mac G4/450 is usually running, I go through spates of restarting when testing software. Tonya would be less than pleased to lose network connectivity every time I restarted.
The first version of the AirPort software was, frankly, pretty bad. Apple clearly rushed it out, and although it worked, the interface was poor. I didn't have much trouble using it for my Macs, but when I tried to help a PC-using friend see if it would work with his PC laptop and an Aironet 802.11 PC Card, it took quite some thrashing about before we got the PC to work and fixed the settings we'd screwed up in the process. Apple has now updated the AirPort software to version 1.2, which appears to have improved the interface significantly. Since the AirPort Base Station is a "set and forget" device, I haven't had any reason to use the new software.
Alternative Connections -- I have one of the old Farallon SkyLINE 2 Mbps PC Cards for my old PowerBook G3; the 802.11b wireless Ethernet standard is backwards-compatible with older, slower versions of 802.11 like that supported by my 2 Mbps card. The standard also allows devices to step down in speed from 11 Mbps to 5, 2, and then 1 Mbps to keep a clear connection. I've used the Farallon card on occasion at home, but there's little point, since the primary function of my PowerBook at home is to play MP3s, which means it needs wires for power and speakers. One more for the network isn't a problem. 2 Mbps is fine for playing MP3s and browsing the Web; the only time I noticed the speed being a problem was while copying hundreds of megabytes of files. The 2 Mbps SkyLINE card's range isn't as good as Tonya's iBook's range, something I attribute to the iBook's internal antenna. I have used the SkyLINE card while travelling with success, though I find its software a little funky.
None of our other Macs need wireless Ethernet access, but options are starting to become available for older Macs that aren't AirPort-capable. Farallon now has a $190 11 Mbps SkyLINE PC Card, the main competition for which is the sub-$150 Lucent Orinoco Turbo PC Card (previously called the WaveLAN Turbo). The advantage enjoyed by the Lucent card is that it's actually at the heart of both Apple's internal AirPort cards and the AirPort Base Station, so Apple's software just works with it (at least under Mac OS 9.x).
PC Cards will satisfy PowerBook users, but people with most older PCI Power Macs aren't out in the cold any more, thanks to the $70 Farallon SkyLINE PCI Card, a carrier card that accepts a SkyLINE 11Mb PC Card (get both for $240). It's perfect if you have a Power Mac 7500 or similar PCI Mac in an area that's awkward for wiring.
For even older Macs that use NuBus or other expansion slots, Lucent makes the Orinoco Ethernet Converter that works with a Lucent Orinoco PC Card to convert a standard Ethernet port into a wireless Ethernet connection. It could theoretically provide access to older Macs, but it's a fairly expensive solution at about $370.
DSL, Cable, and Modems -- We have a dedicated 56K frame relay connection to the Internet that runs through a Livingston router and BAT Technologies CSU/DSU. The AirPort Base Station works perfectly with our setup, but we don't use many of its capabilities. Complicated connections like ours are unusual now, since cable and DSL are cheaper and easier, and most people still rely on modems. In those situations, the AirPort Base Station (or the software base station software) can distribute your connection to all your networked computers, whether they're wired or wireless.
The trick is that the AirPort Base Station supports a pair of networking technologies, NAT and DHCP. DHCP stands for Dynamic Host Configuration Protocol and lets the AirPort Base Station dole out private IP numbers to all the computers on your internal wired and wireless networks. NAT - Network Address Translation - enables the AirPort Base Station to have a single IP address from your ISP (either dynamic, where it changes each time you connect, or static, where it's always the same) and do the necessary routing of Internet traffic to the internal machine that requested it. For instance, if your iBook requests a Web page, the AirPort Base Station sends the request out as though it came from its own IP number, and when it receives the response back, it sends the data on to the iBook properly, rather than any other Mac on your network. You can think of the AirPort Base Station as a traffic cop directing packets of data (and it's worth noting that if you have another router doing DHCP and NAT already, you can easily turn off the AirPort Base Station's NAT and DHCP capabilities).
So if you have a dialup connection to the Internet, you just plug the AirPort Base Station into your telephone line and then give it the number to dial and your login information in the AirPort Admin Utility (assuming you haven't already done this via the AirPort Setup Assistant, which transfers Internet settings from your computer to the AirPort Base Station). It dials out automatically when an Internet application asks for a connection, and it hangs up after a pre-specified amount of idle time. Full manual control, which might be important if you're charged for phone or ISP connections, is available through a pair of third-party utilities. Larry Rosenstein's AirPort Modem Utility 1.1 lets you connect and disconnect the modem manually, and Pascal Werz's AirPort Modem Config 1.0.2 lets you prevent your AirPort Base Station from dialing automatically.
The AirPort Base Station can't connect to AOL, and Apple has been dinged for this in the past, but anyone who complains should instead direct their ire at AOL for continuing to rely on proprietary technologies to keep people using the AOL application - this is the same policy reason Eudora and other standard Internet email applications can't pick up email from AOL. The AirPort Base Station works with ISPs that use Internet standards, and the responsibility to fix this problem lies with AOL, not Apple or anyone else.
Less fussing is necessary if you have a DSL or cable modem connection. They generally come into your house in the form of an Ethernet connection that you can plug directly into your AirPort Base Station if you have no machines on a wired Ethernet. If you do have a conventional network, instead plug the DSL or cable connection into the uplink port on an Ethernet hub, after which you run another Ethernet cable to your AirPort Base Station and to any other Macs that need access to the wired Ethernet network. Configuration of the AirPort Base Station in these situations is much like configuring the TCP/IP control panel (and may not even be necessary if the AirPort Setup Assistant has done its job). If your ISP gives you an IP number via DHCP, you can select that from the "Connect using" pop-up menu in the AirPort Admin Utility; otherwise choose Manually and enter the appropriate settings (which you may need to get from your ISP). The main gotcha is that the AirPort Base Station doesn't support PPPoE (PPP over Ethernet, a silly technology used by phone companies to monitor usage). Farallon's new $400 NetLINE Wireless Broadband Gateway lacks a modem but promises to handle PPPoE for DSL connections that are so hampered.
Apple's PDF document "Designing AirPort Networks" (available from Apple's AirPort page linked above) is a helpful overview of the different approaches to setting up your wireless network and connecting it to the Internet.
Technical Difficulties -- I hate to sound uncritical, but we've had basically no problems at all with our AirPort network. The only annoyance occurs when printing. Our LaserWriter Select 360 is next to my desk, down one floor and at the farthest point in the house away from the AirPort Base Station. If Tonya brings her iBook down and sits next to the printer and sends print jobs from MYOB, sometimes they fail to print. We suspect it's related to a combination of distance-related retransmission errors and the SE/30 running LocalTalk Bridge that makes the LocalTalk-only LaserWriter accessible to the Macs on Ethernet. If she moves closer to the AirPort Base Station, the problem goes away, so it's hard to complain too loudly.
Perhaps the most frustrating thing about using an AirPort network is that it's fuzzy - you never quite know what range you'll achieve, since it's dependent on variables like the type and number of walls in the way. Apple claims a 150 foot range, but they're being conservative in most cases, since the antennas inside iBooks and recent PowerBooks can do better than that. I've gotten Tonya's iBook to work almost to our neighbors' living room, easily 300 to 400 feet away.
Such limitations aren't specific to the underlying 802.11b wireless Ethernet technology that the AirPort uses. If you attach a better antenna to an AirPort Base Station, you can significantly increase its range. I know little about adding antennas and increasing range, though I've found a page detailing how to hack an AirPort Base Station to connect better antennas, and friends at MacHack recommended Brumleynet Wireless Networking as a source of wireless networking hardware.
A problem that is endemic to the 802.11b standard is the fact that it shares the 2.4 GHz radio spectrum with other devices, including 2.4 GHz cordless telephones, future Bluetooth devices, and HomeRF devices (a competing wireless networking technology in which Farallon parent Proxim is heavily invested). A journalist friend covering this space said that virtually every company he talked to admitted that they had seen conflicts between different 2.4 GHz services, significantly reducing throughput as packet loss forces retransmissions. In practical terms, if you have a 2.4 GHz cordless phone and use it near an AirPort Base Station, throughput is likely to suffer when you're talking on the phone and using the network at the same time. For more on this, check out Scott Mace's three-part article, "The 2.4 GHz Traffic Jam" at the link below.
Another issue that has arisen is security: most people don't bother to turn on the AirPort Base Station's 40-bit encryption. To show the problem with that, one group at MacHack wrote EtherPEG, a utility that displays all the images travelling through the air on unencrypted wireless links. So, if you're concerned about someone sniffing your traffic - or even just using your Internet connection from the street - be sure to turn on encryption using the AirPort Admin Utility. However, even that may not be sufficient if you have truly sensitive data flowing through your wireless network. A research group in the Computer Science Division of U.C. Berkeley found that 802.11's WEP (Wireless Equivalent Privacy) algorithm was vulnerable to a number of flaws that could be exploited using inexpensive, off-the-shelf equipment. So if you're concerned about industrial espionage (or the more traditional sort), be sure to use additional security measures.
Finally, as with any technology, things can go wrong, and Apple has posted a variety of articles to the Tech Info Library. If you run into troubles, it's worth a visit.
Public AirPorts -- There's no reason wireless networking must be limited to offices and homes, and we're starting to see public wireless networks popping up all over. For instance, Seattle Wireless aims to create a totally free, Internet-connected community wireless network throughout Seattle. And in Oregon, Ashland Unwired plans to provide high-speed wireless Internet access at local businesses, starting with Starbucks and a bed & breakfast. Numerous other locations are experimenting with public wireless networks as well; some have come up in discussion in TidBITS Talk.
The Ashland Starbucks may be hearing from Starbucks Headquarters at some point, since Starbucks just announced an exclusive deal with MobileStar to provide wireless Internet access in all Starbucks locations in the known universe (well, 2,500 locations by January of 2002, and over 5,000 by January of 2003). In San Francisco, a company called Surf and Sip has started wiring independent coffeehouses and other public spaces.
The only public space in which I've connected to the Internet wirelessly is Seattle-Tacoma International Airport, which enjoys wireless access thanks to a company called Wayport. It was brilliant - while waiting for our plane to leave from Seattle on the way down to Macworld, Jeff Carlson and I were able to connect, get email, and browse the Web. Wayport's service is free for the next few months; like MobileStar and Surf and Sip and other companies in this space, they'll have to come up with a convenient way that people can pay reasonable rates for access time without having to slog through complicated setup ahead of time.
I wouldn't be surprised to see these companies shift their business models and concentrate on charging only the businesses that install Internet connections and make them available via wireless Ethernet. Wireless Internet access could help those businesses attract and retain customers, whereas forcing everyone to pay for monthly accounts or hourly rates seems a more difficult proposition and destroys the fundamental convenience of wireless networking.
Closing the Net -- The future is wireless. Wires are still undeniably useful, but wireless just makes so much more sense for any device that might move around or need to communicate with other nearby devices. I feel sorry for those people who went to the effort of wiring their homes, offices, or schools just before wireless Ethernet became readily available.
One closing thought. Although no one from the PC world will ever say this, Apple deserves thanks from the entire computer industry for AirPort. As with so many other technologies (think about the mouse, 3.5" floppies, CD-ROMs, and on-board Ethernet), Apple may not have invented 802.11b wireless Ethernet, but Apple's endorsement put it on the map. Building AirPort slots into all Macs and dropping prices far below what others were charging may have hastened widespread adoption by several years. At first, PC users who wanted cheap AirPort Base Stations were falling over themselves to make nice with Mac friends, since configuration required an AirPort-capable Mac. And only now, over 18 months after Apple introduced AirPort and the iBook, are PC manufacturers finally building antennas into their laptops to avoid the awkward bulge of today's wireless Ethernet PC Cards. Thanks to Apple's gamble, wireless Ethernet is here today, and it's here to stay.
Article 4 of 10 in series
by Geoff Duncan
AirPort 1.2 Update Available -- Apple Computer has released AirPort 1.2, the latest version of its wireless networking software for configuring AirPort Base Stations and enabling any AirPort-equipped Mac to act as a software base stationShow full article
AirPort 1.2 Update Available -- Apple Computer has released AirPort 1.2, the latest version of its wireless networking software for configuring AirPort Base Stations and enabling any AirPort-equipped Mac to act as a software base station. AirPort 1.2's base station software ships with a default configuration that disables AirPort-to-Ethernet bridging, does not assign DHCP addresses, or share a single IP address on an Ethernet network via Network Address Translation (NAT), but all these services can still be enabled from the AirPort Admin utility. We know that's a mouthful: in a nutshell, these changes make it easier to introduce AirPort base stations into existing networks without disrupting services. AirPort 1.2 also supports closed networks in which the name of the AirPort network is hidden; this provides an additional level of obscurity in that users must know the exact name of the AirPort network to connect to it. Apple also says the AirPort 1.2 software improves stability and performance. The software is a 4.5 MB download and requires at least Mac OS 8.6 or higher (with Mac OS 9.0.4 recommended). Apple has also released a PDF document called Designing AirPort Networks and is conducting an online survey of AirPort Base Station users so Apple can prioritize future development. [GD]
Article 5 of 10 in series
Farallon Ships 11 Mbps Wireless SkyLINE Card -- Farallon Communications is now shipping its SkyLINE 11 Mb wireless networking card, which the company announced in FebruaryShow full article
Farallon Ships 11 Mbps Wireless SkyLINE Card -- Farallon Communications is now shipping its SkyLINE 11 Mb wireless networking card, which the company announced in February. The SkyLINE card enables Macintosh PowerBooks and PC laptops with PC Card support access to wireless networks based on the 802.11 networking standard, including networks using Apple's AirPort cards and base stations. The $200 SkyLINE card offers throughputs up to 11 megabits per second (though the actual throughout will undoubtedly be lower), a range of approximately 150 feet (roughly 50 meters), and multi-platform drivers for use with the PowerBook 190, 1400, 2400, 3400, 5300, and G3 Series (running Mac OS 7.5.5 or higher), plus PC laptops running Windows 95/98 or Windows NT (Windows 2000 support planned). Owners of Farallon's 2 Mbps SkyLINE card can upgrade to the 11 Mbps version for $160, although it's worth noting that if you primarily use wireless networking for Internet access, the 2 Mbps throughput of the older SkyLINE card probably isn't a bottleneck. [ACE]
Article 6 of 10 in series
AirPort 1.3 Adds PPPoE Support -- Apple has released AirPort 1.3, a new version of the software for the AirPort Base Station and AirPort Card. (See "Going to the AirPort" in TidBITS-567.) Foremost among the changes is support for PPPoE (PPP over Ethernet), an ugly yet common technology that enables ISPs to make always-on DSL connections act like session-based connectionsShow full article
AirPort 1.3 Adds PPPoE Support -- Apple has released AirPort 1.3, a new version of the software for the AirPort Base Station and AirPort Card. (See "Going to the AirPort" in TidBITS-567.) Foremost among the changes is support for PPPoE (PPP over Ethernet), an ugly yet common technology that enables ISPs to make always-on DSL connections act like session-based connections. A number of DSL providers, including Apple partner EarthLink, require PPPoE for DSL. PPPoE software for the Mac has generally received poor reviews, so adding it to the $300 AirPort Base Station so you don't have to run PPPoE software on a Mac makes the AirPort Base Station all the more attractive. Other changes in AirPort 1.3 include DHCP client ID support, enhancements to computer-to-computer mode, support for AppleScript, and access point density adjustments for sites with multiple base stations. Also, the AirPort Base Station and AirPort Card have received Wi-Fi certification, which ensures interoperability between 802.11 wireless Ethernet products from different manufacturers. The free update is a 7.4 MB download. [ACE]
Article 7 of 10 in series
Apple started the wireless networking revolution with AirPort (and the rest of the industry acknowledges its role) but the AirPort Base Station is largely unchanged since its introduction nearly two years ago - no drop in price and only a few software updates that added overdue and welcome featuresShow full article
Apple started the wireless networking revolution with AirPort (and the rest of the industry acknowledges its role) but the AirPort Base Station is largely unchanged since its introduction nearly two years ago - no drop in price and only a few software updates that added overdue and welcome features. However, Apple is no longer the only provider of low-cost wireless access points as home users increasingly hooked up multiple machines, often with different operating systems, tied into broadband cable or DSL modems. Several companies now offer affordable wireless home gateways, which tie together firewall, router, and base station features into a single package costing between about $250 and $340.
AirPort, at its heart, is an implementation of the industry standard IEEE 802.11b, now also known as Wi-Fi (Wireless-Fidelity). Because Apple and its technology partner Lucent adhered to the standard, virtually all PC and Mac equipment is seamlessly interoperable. All the equipment surveyed in this article works with Apple's AirPort Card, as well as PC and PCI Cards, and more exotic USB and Ethernet adapters from other manufacturers.
The only difficulty a Mac user faces in using these other gateways is proprietary Windows configuration software; this survey excludes gateways with that limitation. All gateways noted in this article, except the AirPort Base Station itself, use a Web-based interface.
Wi-Fi Basics -- Wi-Fi lets you set up a short-range network of a few hundred feet using a high-frequency wireless data exchange. A base station, called an "access point" by non-Apple manufacturers, acts as an always-on relay that shuttles data back and forth between wirelessly connected machines and a wired network connection (Ethernet or dial-up). Some access points can relay traffic among each other to extend the range without requiring a wired Ethernet node.
You can also turn a single computer into a pseudo-base station using AirPort and other software, but that machine must be left on - and not crash - for others to relay through it. (For a general overview of Wi-Fi, see "Going to the AirPort" in TidBITS-567.)
The advantage of the new generation of home gateways is that they add firewall protection to the mix; some of them also allow you to protect both a wired and wireless local area network (LAN). The AirPort Base Station offers only a single kind of firewall-like filtering and doesn't help a wired LAN at all.
These home gateways generally lack the network management and service robustness needed for corporate infrastructure, but easily handle the needs of a home or small office with less than a dozen machines and no high-traffic Web or Internet file server. Some gateways have built-in artificial limitations that restrict the number of simultaneous connections to 10 or 12, so it's worth reading the specifications carefully if you plan to put a large number of machines on a gateway.
Common Features -- The gateways mentioned below share a number of basic features in common.
DHCP Server. A DHCP (Dynamic Host Configuration Protocol) server hands out IP addresses to local machines on request. This avoids messy management of addresses. Many DHCP servers embedded into home gateways work in a bridge mode that enables them to offer DHCP service to machines on the wired local area network as well as the wireless one.
NAT (Network Address Translation). Most gateways that support DHCP also support NAT, which is a way to give machines on your network access to the Internet without requiring an Internet-reachable address for each one. When a machine behind the NAT gateway accesses the Internet, the gateway passes the request on to the Internet, then returns data to the original machine. The rest of the Internet is aware only of the NAT gateway - it never "sees" the machine which initiated the request. Since machines behind the NAT gateway aren't directly accessible to the Internet, some manufacturers are promoting it as a firewall feature. Some NAT gateways allow you to "punch" through by creating a permanent inbound route through the gateway - this usually done on a port-by-port basis, so Web traffic (on port 80) could go to one machine behind the gateway, and SMTP traffic (on port 25) to another. This port mapping makes it possible to run Internet-reachable servers behind a NAT gateway.
DHCP Client. All of the gateways sport a DHCP client to request an address from a broadband provider. The gateway requires this client in order to route traffic through the provider if you don't have permanent Internet addresses for your network.
PPPoE (PPP over Ethernet). Some broadband companies use PPPoE as a security measure and/or as a session length control tool. Of all the gateways surveyed, only the Orinoco currently lacks this feature; Agere's FAQ says it's coming soon. Asante hasn't noted this detail yet.
Ethernet. All gateways include an Ethernet port for the wide area network (WAN), or Internet connection, and at least one port for the LAN. Many gateways offer switched 10/100 Mbps ports to increase network throughput among separately connected segments. For instance, on an office network, you might connect servers to one port and other machines to another, to keep office traffic from interfering with Internet traffic.
Modem. The Apple and Orinoco models include a built-in 56 Kbps modem that enables them to share a dial-up Internet connection with the rest of the machines on the network. The SMC Networks gateway has an RS-232C port - which can be converted to the Mac's old-style round serial plug - to connect to an external modem or ISDN device.
Print spooling. The Asante, Linksys, MaxGate, and SMC Networks gateways have a parallel port (as an extra option on some) to allow the unit to function as a print spooler for printing from Windows - not much of a bonus for most Mac users.
Dynamic DNS. Dynamic DNS services enable you to map a dynamically assigned address to a fully qualified domain name (like host.example.com) whenever the machine gets a new address from a DHCP server. Although some ISPs offer this service, only the MaxGate unit has a built-in DNS server and a trial subscription to a provider that handles the dynamic updates.
Configuration -- Apple made an obvious decision early on, perhaps due to their relationship with Lucent, to require a Macintosh application to configure the AirPort Base Station. However, a Java-based configuration tool originally designed for Lucent's residential gateway will also configure Apple's AirPort, and it works on all platforms with Java installed. (Lucent, in the meantime, has spun off its wireless and related divisions as a new company called Agere. Agere's RG-1000 gateway comes with Windows-only configuration software, which tends to confirm the exclusivity theory.)
Most companies instead opt for Web-based configuration. The biggest disadvantage of a Web interface is security. Because of the huge increase in wireless networks and the behavior of most equipment to announce new networks as they become available, it's trivial for neighbors or even passers-by to manipulate your gateway maliciously, or set it up for their own use. Most gateways offer simple password protection to access the gateway's settings; I recommend instantly setting that password before proceeding.
(More obscurely, you can limit access to the specific Ethernet adapters on your network by entering the unique Ethernet Media Access Control (MAC) address of each machine, found in Apple System Profiler as Hardware Address in the AppleTalk section of Network overview, or in the Info dialogs (switch to Advanced mode to access them) of the TCP/IP or AppleTalk control panels.)
Web interfaces are wonky at times, applying settings incorrectly or generating strange errors. Web forms also limit the kind of data you can enter easily, along with the overall ease of interaction. Adding lots of machines and complex firewall settings can become tedious. Luckily, you only have to do it once, since the gateways all store settings in continuous memory that's retained even when the device is unplugged.
Many gateways also use flash RAM to store their firmware (the software that drives the hardware). However, you may need to use software specific to a platform to update the firmware. Farallon, for instance, makes both Mac and Windows software packages to update firmware rather than rely on a Web interface to upload a file and apply it.
Encryption -- A separate issue is network encryption, which keeps outsiders from connecting to your network and provides some semblance of protection for the traffic that passes across it. Apple's AirPort, as well as most of the gateways surveyed, offer a simple form of limited security called Wireless Equivalency Protocol (WEP). It's taken a lot of heat lately as weaknesses have been revealed, so if privacy is paramount for you, don't rely solely on WEP. Corporations typically use some sort of Virtual Private Network (VPN) software with its own strong encryption to prevent breaches.
Despite the recent reports, it's not a bad idea to use WEP as a reasonable and free line of first defense. There are some difficulties in setting WEP passwords that work under both Macs and PCs, or even among different PCs. First, you want to set only a 40- or 64-bit password, because that's all the AirPort system supports. (The two are identical: the 24 missing bits are an initialization vector, which is used only for marketing purposes to pretend the encryption is stronger than it is.) Second, you must convert the password from the five hexadecimal format numbers that PCs use (base 16 numbers) into the text that the Apple AirPort software requires. Apple's AirPort Admin software offers an Equivalent Network Password option, which is the hexadecimal sequence that PC software can employ. But none of the gateways surveyed offered an obvious method to take passwords in the other direction.
Firewall Protection -- Because all the wireless traffic must wend its way through the gateway, most makers have put in firewall protection that blocks traffic and examines data as it passes between the Internet and your computers. All of the makers except Apple also provide two or more Ethernet ports so that a local wired LAN, if any, can also be protected by the same controls.
The amount of control over firewall features varies by maker, as does the difficulty of allowing certain kinds of traffic to pass through. Some units log attacks; the only manufacturer mentioning this feature is MaxGate. The Farallon specifically does not log, and Asante hasn't released enough details about their unit yet to say one way or the other.
Gateway Rundown -- Here's a summary of the unique features of each gateway.
Asante FriendlyNet FR3002AL. Announced in April at the Seybold trade show, details about this gateway are not yet entirely available. However, it is known that the gateway features two switched 10/100 Mbps Ethernet ports, one each for WAN and LAN connections. (Actually, it may have two LAN and one WAN; the report is unclear.) It also has a parallel port and built-in print spooler. The list price is expected to be $320.
Linksys EtherFast Wireless AP + Cable/DSL Router w/4-Port Switch. For $260, the Linksys gateway offers Web-based administration and four LAN and one WAN Ethernet ports; online documentation is scanty.
Farallon's NetLINE Wireless Broadband Gateway. The NetLINE's firewall controls allow different machines to be set up with varying levels of protection, and for specific ports (for services like a Web site or a mail server) to be exposed to the outside world while protecting the rest of a machine. For $300, the NetLINE Wireless Broadband gateway provides one 10/100 Mbps LAN port and one WAN Ethernet port.
MaxGate UGate-3300. Also $300, this gateway offers one WAN and one LAN 10/100 Mbps Ethernet port. It also features a built-in DNS server that works with an external service provider for dynamic DNS. Its firewall and access logging description make it sound like it's using a combination of NAT and packet filtering to provide security, rather than offering true port-based firewall protection.
SMC Networks Barricade 11 Mbps Wireless Broadband Router 4 Port. This $339 gateway has a parallel port for print spooling, three switched 10/100 Mbps Ethernet ports, one 10 Mbps WAN port, and firewall protection. It also has a unique feature: an RS-232C serial connection for an external modem or ISDN device so the company can provide the option of routing a dialup Internet connection without the expense of bundling a modem.
Making the Choice -- Apple's AirPort Base Station clearly doesn't have as many features as some of these newer gateways (though it boasts a slick design and configuration through real Macintosh software). Of the newer gateways, my call goes to the Farallon NetLINE Wireless Broadband Gateway. In testing, I found its speed and reliability fine, and its configuration only mildly obscure. Most impressive is the NetLINE Wireless Broadband Gateway's firewall feature set, which rivals the best and most expensive personal firewall software available for Mac or Windows. If you're looking for an alternative to Apple's AirPort Base Station, you won't go wrong with this competitor from Farallon, and it's worth looking at the other units as well if you need specific features they offer.
[Glenn Fleishman is a Seattle journalist who covers technology for publications like The New York Times, Fortune magazine, and Wired magazine.]
Article 8 of 10 in series
AirPort security is dead. Not the airline terminal kind, but the built-in variety found in Apple's AirPort technology and other 802.11b (also known as Wi-Fi) wireless networking hardware from many different manufacturersShow full article
AirPort security is dead. Not the airline terminal kind, but the built-in variety found in Apple's AirPort technology and other 802.11b (also known as Wi-Fi) wireless networking hardware from many different manufacturers. Although security experts have warned for months that gaping holes in the Wireless Equivalent Privacy (WEP) protocol rendered it unsafe for serious use, two academic papers released this month put the nails in the coffin.
WEP was supposed to ensure a first line of attack against data sniffing. Because 802.11b devices send traffic wirelessly, anyone within range can intercept this traffic. If the traffic is sent without WEP encryption, simple packet sniffer software can grab packets out of the air and turn them back into email messages, Web pages, and so on. (EtherPEG, a program developed at MacHack in 2000, sniffed graphics off Web pages being transmitted to Web browsing attendees.)
If you enabled WEP by entering a passphrase (AirPort) or encryption key (most PC systems), only other systems with that key can access the network. It turns out, however, that WEP's underlying algorithm - the way in which the encryption system is implemented - is extremely weak. The two recent papers show that a key can be extracted with no knowledge of the networks after only a few minutes of watching network traffic. Encryption algorithms have to rely on a huge number of non-guessable, non-repeatable chunks of data passing by that would require either unreasonably large amounts of interception or impossible computation to break. The common algorithm used by WEP turns out to rotate a small number of combinations overlaid with an identical pattern of network headers.
The first paper was written by three authors including Adi Shamir, the "S" of the influential RSA encryption algorithm, an early approach that led to commercial systems. Their paper describes logical weaknesses that allow key cracking through passive sniffing of a network. (The paper is not yet online, but an EE Times story documents it well.) The second paper is a practical discussion of successfully implementing the attack; it came out just a week after a draft of the first paper.
What To Do -- Most serious wireless advocates, including the industry consortium WECA (Wireless Ethernet Compatibility Alliance, of which Apple is a member), have urged users with sensitive data to employ an additional encryption layer on top of the now-minimal protection offered by WEP. This advice also holds true for users or systems that use no WEP protection, including virtually all of the public networks (free and for-fee) spreading around the country, and now at over 500 Starbucks outlets.
Corporations typically use virtual private networks (VPN) which use PPTP (Point-to-Point Tunnelling Protocol) or IPSec (Internet Protocol Security) to encrypt traffic and pass it seamlessly from a user's laptop or remote computer over the Internet through the company's firewall and onto the local network.
Individual users may want to try using SSH (Secure Shell) and SSL (Secure Sockets Layer) products, both of which enable secure encryption of connections travelling over insecure networks. Only a few SSH- and SSL-capable programs are readily available on the Macintosh, though more may be coming for the Unix-based Mac OS X, such as Stalker Software's industrial strength mail server, CommuniGate Pro. We're all familiar with SSL from the Web: secure sites (like online retailers) use SSL to manage encrypted connections between your browser and the site. Less typical, but increasingly available, are SSL plugs into more familiar software like Eudora. With an SSL-equipped mail server, you can use Eudora without passing your name and password or incoming and outgoing email in plain text.
SSH was designed to replace Telnet, by allowing remote, secure access to a command line on a Unix or similar system. The free NiftyTelnet 1.1 SSH and MacSSH support SSH for Telnet-style connections, and F-Secure offers a $120 SSH Macintosh client that can communicate securely with Internet services tunneled through the F-Secure SSH Server for Unix or Windows NT/2000. Under Mac OS X, the free OpenSSH has already replaced standard Telnet access to the Unix shell with SSH, but SSH could also be used more broadly to "tunnel" traffic to POP mail servers or through proxies that would offer end-to-end encryption from your machine to the destination server.
All of these security concerns are predicated on the idea that someone wants your data, either indiscriminately (such as a sniffing in a public place with wireless access) or specifically (breaking into your home or company network). Most home users have nothing to fear, because even though the attack is fast and relatively simple for someone with the appropriate hardware, software, and networking skills, it's unlikely to be employed indiscriminately against private individuals in their homes. Quite simply, the standard email and Web browsing activities that comprise the majority of normal Internet traffic just aren't sufficiently interesting, so the bad guys aren't going to have much interest in sniffing wireless network traffic.
The biggest concern of working on an open wireless network (or one someone has cracked) is that passwords you send for email, FTP, Telnet, or non-SSL Web sites - such as those stored in the Keychain or Internet Explorer's password management system - can be swiped relatively easily. Having passwords stolen not only puts your data at risk, it also potentially opens your computers up to be used as zombies in denial of service attacks or as relays for hiding the attacker. The best protection for your passwords is to use programs that encrypt passwords whenever possible, to change passwords frequently, and to use different passwords for different services (using the same password for your POP email as your Unix login makes it more likely someone could break into the Unix account).
Stay tuned, since I plan to look into the topic of security on the Macintosh in a future issue of TidBITS. If you're dying to know more right away or want a book-length discussion, check out Peachpit Press's just-published Internet Security for Your Macintosh by Alan Oppenheimer and Charles Whitaker.
Article 9 of 10 in series
Whenever Tonya and I move, two of the early priorities are to create an internal network for file sharing and printing, and to bring up an Internet connectionShow full article
Whenever Tonya and I move, two of the early priorities are to create an internal network for file sharing and printing, and to bring up an Internet connection. Looking back on our last few moves offers a trip through networking technology.
When we moved to Seattle back in 1991, the network between my SE/30, her Macintosh Classic, and our QMS-PS 410 laser printer came up quickly via phone cables carrying LocalTalk. The Internet connection was trickier, requiring me to find a host that would give me a UUCP feed (Unix to Unix CoPy, an old form of transferring information around the Internet). When we bought our first house two years later, I didn't have to change anything with the UUCP connection (though I later switched to TCP/IP-based Internet access via SLIP, then PPP, and then a dedicated 56 Kbps frame relay connection). But for the first time, we had offices in separate rooms, which meant that our interim LocalTalk network required patching several phone cables together with extra PhoneNet connectors to cover the distance (for some reason, our cats decided they liked to sleep right on top of the cables). The next move was to a much larger house, and for that I bought a 50-foot phone cable for the interim LocalTalk network until we got someone to pull Ethernet cable throughout the downstairs offices and to the kitchen upstairs. At least the network worked there - that was the house where we suffered with a single phone line for voice and dialup Internet access for six months, and waited another three months before US West (now Qwest) was able to provide a 56 Kbps frame relay connection.
The days of LocalTalk are long past, and the concept of living with only dialup Internet access for more than a very short while fills me with dread. So for the latest move to Ithaca, New York, I resolved to set up a proper network and Internet connection right away. But as they say, the best laid plans... We've been in the house for over two months, and although I managed to bring up networking and Internet connectivity quickly, the whole setup feels like it's held together with spit and baling wire. Or at least it would be if there were any wires involved.
Go Wireless -- Wiring a house can be difficult and expensive, and I hate drilling through walls and floors if I can avoid it. Since the four Macs that Tonya and I use regularly (my Power Mac G4 and iBook (Dual USB), her blueberry iBook, and the PowerBook G3 Series that serves as our kitchen Mac) are all capable of using the 802.11b wireless networking technology that's at the heart of Apple's AirPort, I figured I'd use our AirPort Base Station to make that connection and use wired Ethernet for our older machines. Bringing our LocalTalk-based LaserWriter Select 360 into the mix would be done via Apple's unsupported LocalTalk Bridge running on one of our older machines that supports both Ethernet and LocalTalk. And indeed, that all works like a charm, though our cat Cubbins doesn't get the pleasure of sitting on any networking cables.
Then came time to add in an Internet connection. I have two options, a cable modem and, more interestingly, a long-range 802.11b wireless connection. My master plan is to use both of these connections. They're both inexpensive, so I'd be paying less for two megabit-plus connections than I was paying in Seattle for a single 56 Kbps frame relay connection (even without ISP fees). But neither guarantees reliability, and losing connectivity for even a short while at the wrong time can be maddening in my position.
I haven't yet figured out how all this will happen, though I'm still investigating using Open Transport's hidden single-link multihoming capability of answering to multiple IP numbers, running two separate AirPort networks, or doing some fancy routing. My tardiness in figuring all this out is due to needing to set up the long-range 802.11b wireless connection (I'm still learning about the necessary antennas, which can be used with normal 802.11b gear to extend range significantly). Of course, I also have to get my work done every day and finish moving in, so in the meantime I'm using just the cable modem connection, and therein lies the rub for my wireless network.
It turns out that this particular cable modem service memorizes the MAC address (the address of an Ethernet card) that connects to it and provides it with an IP address via DHCP (Dynamic Host Configuration Protocol), which means it can't be plugged into an Ethernet hub which lacks a MAC address. One seemingly obvious solution is to plug it directly into the AirPort Base Station's Ethernet jack and serve just our wireless-capable computers temporarily. But that doesn't work for reasons I don't entirely understand yet, even after reading Apple's somewhat confusing Knowledge Base documentation and trying all possible configurations.
Various Alternatives -- Clearly I needed another approach, and since I knew I could get the cable modem working if it was plugged directly into one of my Macs, I immediately thought of running IPNetRouter from Sustainable Softworks on our Performa 6400 with a pair of Ethernet cards (which I happened to have lying around) in its two PCI slots. First came some fussing with how DHCP works (if you ever open your TCP/IP control panel and see an IP address starting with 169, that means your Mac hasn't gotten a real IP address from the DHCP server - try switching the connection from Ethernet to PPP and back again to force a retry). Then I had to fiddle with the two elderly Ethernet cards, one from Farallon and one from Sonic Systems, since they conflicted with certain combinations of drivers and slot order. Eventually, though, I got it all set up and working with IPNetRouter (which was itself easy to configure once I had everything else working properly). I then plugged our other wired Macs into the Ethernet hub along with the AirPort Base Station, which I set so all it did was bridge between the wireless and wired networks (all the Macs used manual addressing with IP addresses in the private 192.168.0.x range). Plugging a PhoneNet connector into the Performa 6400's Printer port and enabling LocalTalk Bridge brought the LaserWriter into the mix, and all was happy. Here's what it looked like:
Network #1 via IPNetRouter +---------+ | | Performa Performa Cable modem --- Card A | Card B --- Hub --- Wired Macs | | PhoneNet cable | | via LocalTalk Bridge | AirPort Base Station --- Wireless Macs | LaserWriter Select 360
There was only one problem. I had managed to force the two Ethernet cards' conflict into an uneasy truce, but skirmishes still broke out every few hours that took down the Internet connection. A restart fixed the problem, and since I was desperately trying to get other things done, I hacked around the problem by installing Maxum's PageSentry, telling it to watch our main Web site, and if it lost contact to restart the machine via a one-line AppleScript. It wasn't elegant, but it kept the connection up 99 percent of the time.
It worked for a while. After about three weeks, late on a Friday afternoon as I was pushing to finish an article, one of the Ethernet cards threw in the towel. At first the connection would go down after only a minute or two, then the Performa 6400 refused to boot at all until I removed one of the cards. Desperate to bring something back up, I realized that I actually had other Macs with multiple Ethernet cards, since AirPort cards speak Ethernet too. So I connected the cable modem's Ethernet cable to Tonya's iBook, turned on the Software Base Station feature of Apple's AirPort software, reset my Power Mac G4 to use DHCP in the TCP/IP control panel, and managed to finish my work for the day. Though functional, this setup wasn't ideal, since neither the wired Macs nor the laser printer could be on the network. Plus, when Tonya came home, she expressed a certain level of displeasure at her iBook being tethered to the cable modem (my iBook was off at Apple getting a new keyboard because of a partially broken keycap). But, here's what that configuration looked like:
Network #2 via Software Base Station +---------+ | | iBook iBook Cable modem --- Ethernet AirPort --- Wireless Macs
Our kitchen Mac PowerBook G3 was the only other dual-Ethernet Mac available, since although my Power Mac G4 had an AirPort card, on-board Ethernet, and a free PCI slot for an Ethernet card, moving its 20" monitors into the same room as the cable modem is not a job to be taken lightly. The unusual thing about the PowerBook G3 is that it uses an old Farallon SkyLINE 2Mbps card for access to the wireless network. I wasn't sure if or how I'd be able to work that into the system, since Farallon's software has no provision for acting like a base station.
In the end, though, it turned out to be easy. I set the SkyLINE software to create a computer-to-computer network (which it calls "ad-hoc"), configured IPNetRouter as I had on the Performa, and plugged a PhoneNet connector into the Modem/Printer port and installed LocalTalk Bridge so we could print (plus access the wired Macs slowly, since all of them can also use LocalTalk). I had to reset my Power Mac G4 back to a manual IP address, but everything worked, albeit a bit more slowly due to the SkyLINE card's lower throughput and the increased reliance on LocalTalk. Here's what this network looked like:
Network #3 via IPNetRouter +---------+ | | PowerBook PowerBook Cable modem --- Ethernet | SkyLINE --- Wireless Macs | PhoneNet cable | via LocalTalk Bridge | | +---------------+ | | LaserWriter Wired Macs
Not all was perfect, though. Tonya's iBook worked with the new setup, except that the SkyLINE card was powerful enough to reach only the door of her office, not the desk six feet further in (this is the farthest room from where the PowerBook had to sit next to the cable modem). Then, after a few days of this setup, my Power Mac G4, also on the opposite end of the house and up a story, stopped being able to receive the signal from the SkyLINE card. I have no idea why, but I was able to solve the problem by moving the PowerBook G3 a few feet closer.
The next wrench thrown into the works was my doing. During all of this, I'd ordered a 14 dB Yagi antenna and appropriate cabling to bring up the long-range 802.11b wireless Internet connection. To test the gear when it came, I got the bright idea of removing the Lucent WaveLAN PC Card that's inside Apple's AirPort Base Station and using it in the PowerBook G3 (the only PC Card-capable machine I have) with the AirPort software. The WaveLAN card was ideal for this test, since it has an antenna jack, unlike Farallon's SkyLINE card, and it was external, unlike Apple's AirPort cards. It was good I did the test, since although the antenna worked in many locations (I drove around the neighborhood with the PowerBook hooked to the antenna), it didn't pick up a strong enough signal at our house. A different antenna I've ordered should work better.
With plans for the long-range wireless network temporarily quashed, I set up the PowerBook as it had been before. However, I ran into another vexing problem. I replicated the setup exactly, down to the placement on the counter, and it worked fine with the iBooks (mine had returned from Apple in the meantime). But my Power Mac G4 couldn't pick up the signal reliably. I tried switching the PowerBook G3 to the Lucent WaveLAN card and using Software Base Station, but that didn't help either. The only thing I found that worked was to set my iBook (Dual USB) up with Software Base Station (as in the Network #2 diagram). Since the iBooks actually have two antennas, one of which is always used for transmitting (either of the two may be used for receiving), my problem was solved. Of course, there was no way to include the wired Macs (which aren't essential, as you may have realized) or the laser printer, but we worked around that problem temporarily with a USB-based Epson Stylus Photo 870 that we normally use only for color printing.
After a few days, my Power Mac G4 once again stopped getting decent reception, and none of the small changes I could think of made any difference (Tonya's iBook and the PowerBook G3 continued to work fine during all of this). Clearly, the only solution was to lessen the distance, so I took a deep breath and started drilling from the server room (where the cable modem must live) into the floor of my bedroom closet on the second floor. It was, as I anticipated, much harder than it should have been, thanks to a thick and well-insulated ceiling/floor, but eventually Tonya and I were able to snake Ethernet and phone cables up from the server into our bedroom. From that vantage point on the same floor as my office, the Power Mac G4 had no trouble picking up the signal from the iBook, and even when I switched back to the PowerBook G3 and SkyLINE card (as in the Network #3 diagram), the reception remained fine.
What's He Smoking? At this point, you're probably wondering why I haven't thrown a little money at the problem and bought a broadband gateway like Proxim's NetLINE Wireless Broadband Gateway, Linksys's EtherFast Wireless AP + Cable/DSL Router w/4 Port Switch, or one of the others that Glenn Fleishman looked at in "Flying into Other AirPorts" in TidBITS-578.
I'm not just being cheap. For one, I learn best via repeated trial and error, and this effort has given me a greater appreciation of just what IPNetRouter and Software Base Station can do, not to mention the fuzziness of 802.11b wireless networking. Plus, I know that I'll need additional hardware when I bring up the long-range 802.11b wireless Internet connection, and I'm trying to avoid buying hardware that will turn out to be unnecessary. A networking expert might be able to diagram everything and be relatively assured of having the final network look similar, but I'm not at that point yet when mixing wired and wireless networks and two separate Internet connections. I prefer to move slowly, using what I have on hand, until it becomes clear what additional pieces are necessary. I'll be sure to pass on more about this network setup as I figure it out.
Article 10 of 10 in series
About two years after making wireless networking affordable for home and small business use, Apple has introduced new versions of its AirPort wireless base station, card, and softwareShow full article
About two years after making wireless networking affordable for home and small business use, Apple has introduced new versions of its AirPort wireless base station, card, and software. The new AirPort adds 128-bit encryption, support for America Online (AOL), a built-in firewall, and a second Ethernet port on the base station, as well as expanding access to up to 50 users per base station. The products still cost $300 for the base station and $100 for the card for each computer.
From the networking standpoint, the new AirPort's second Ethernet port enables the base station to share its Internet connection with multiple computers on a wired network, keeping the wired network separate and thus more secure. This LAN port is a 10/100Base-T port matching those on most of Apple's computers, allowing for high-speed networking. The other network port (WAN) remains a 10Base-T port, offering up to 10 Mbps for a DSL or cable connection.
Security-wise, Apple has improved encryption to take advantage of the full 128-bit password capability of the 802.11b wireless networking specification. (However, see "Wireless Fishbowls" in TidBITS-592 for details on recent major security problems with wireless networking. Although 128-bit passwords support longer encryption keys, the underlying WEP encryption system can be compromised easily by determined attackers.) Using 128-bit encryption will require the latest AirPort card in users' computers, or a third-party card with 128-bit capability. The older 64-bit encryption method is still supported for older cards.
The new AirPort features basic firewall protection, preventing unauthorized external users from accessing network resources on your local network. Users can selectively enable inbound port mapping, which permits external access to specific services (like a Web server) on AirPort-connected machines. The new base stations offer RADIUS (Remote Authentication Dial-In User Service) support for central user access management of multiple devices, so schools and businesses can set up a central user list and apply it to more than one base station, just as they do with dialup modem pools and the like. The AirPort client software now supports Cisco LEAP (Lightweight Extensible Authentication Protocol) for authentication with Cisco access points.
Perhaps most significant, AOL users will now be able to connect wirelessly via the AirPort's built-in modem to their accounts and access the Internet, but Apple says sharing the connection among multiple simultaneous users will require multiple AOL accounts. The company says the AOL compatibility feature supports only the U.S. version of AOL 5.0. No other wireless access point is compatible with AOL at this point, giving Apple an advantage over other wireless access points that tend to be cheaper and more full-featured.
The AirPort 2.0 software, released at the same time, supports all old AirPort base stations and cards. The software adds AOL compatibility to old base stations, and upgrades old cards to 128-bit encryption. (Old base stations will still be able to do only 40-bit encryption.) The latest software is available for download by existing AirPort owners via Apple's Software Update mechanism. Some users have reported trouble when letting Software Update install both AirPort 2.0 and the update to Mac OS X 10.1.1, also released last week, so be sure to upgrade Mac OS X 10.1.1. first, then take off with the new AirPort software.