What all is needed for WiFi support?

I’m guessing it’s something along the following?

• Actual wifi hardware support
  • SDIO, SPI support maybe, for some of them?
• A module that provides some standard wifi-specific control commands? I’m thinking list APs (including what type of encryption is in use), connect to an AP (with arguments for SSID and encryption key), disconnect from the current AP
• A GUI front-end that presents those commands (as well as relevant status information (signal strength, current network SSID) in the iconbar) to the user in a manner that’s consistent with the RISC OS user interface

Am I missing anything important?

Considering playing with the GUI front-end. (Looks like I need to buy the C/C++ tools to get the style guide, if I do that.)

Here’s a description of the Linux wireless stack (the best I could find, anyway). You need: MAC, for those devices that use soft- or half- MACs. Key and crypto management (TKIP, PSK, EAP, etc etc). Mode handling (infrastructure, ad-hoc, etc).

Am I missing anything important?

Don’t forget USB wifi adapters as well.

I wonder how much commonality there is between the different interfaces – I’d assume that if a manufacturer produces three different versions of a chip (SDIO, SPI, USB) then the same driver could be used to talk to all three versions, just by wrapping the commands up in the right protocol. If there’s a standard for how these commands are wrapped up (unlikely!) then we could have a layer specifically designed to deal with that (much like how SCSISoftUSB wraps up SCSI commands for sending over USB)

Ugh, I was under the impression that all of the cards were doing the crypto on-board, and had MACs on-board.

Depends whether you want to say ‘we only support Ferrari wifi cards’ or ’it’s got 4 wheels so give it a try’. I suspect there’s some model X that’s easy to deal with, but it won’t be the chipset in random USB wifi adapters that people have lying about. That’s assuming model X doesn’t go out of production after five minutes, or the same model of wifi adaptor won’t have a wifi chipset picked according to the phase of the moon.

Support the Realtek (sp?) chipset, and you have covered a large sector, I think.

Adaptors are not expensive these days.

For anyone who can, please do something.

Thanks.

The problem is, WHICH Realtek chipset? They make a lot.

And Atheros makes a lot.

And Broadcom makes a lot.

And, when we’re dealing with pre-designed devices, it’s a lottery as far as what we get. The chipset on the Arndale Board does do encryption internally, and I wouldn’t be surprised if the same chipset (an Atheros AR6003, if I recall correctly, rebranded as a Samsung chip) is used in the new ARM Chromebook.

SWB-A51His the device on the module fitted to the Arndale board, reviews of the ARM Chromebook don’t specify the inner workings but the list of ports and features seem to match.

The interesting (possible irritating) thing for anyone working on the Arndale is that the schematics and data cover the modules and the base board but never mention the central feature module – the processor sub-board.

The pandaboard ES also has wifi built into it too as well – this uses the TI WiLink 6.0

how big is the chance that wifi will work on Risc OS
on the pandora one day?

the pandora has only wifi to connect to the
internet. :-(

would be the smallest Risc OS portable ever.

How about an Ethernet-USB adapter and a trailing wire?

if there would be any. and then it had to be supported by Risc OS too.

wireless to usb exist, but Usb to wired i didn’ find yet.

WiFi: I’m afraid not in the near future :-(
The only way to use the Pandora and the Lapdock mobile is a UMTS stick and ComCentre. My ZTE K3565-K works very well on the Pandora, the RPi, the panda and the Beagle.

USB to wired works with EtherUSB. I have a Lindyadapter. You should look inside the EtherUSB readme to look witch chipset works.

I too would also like to use a Wifi Dongle that’s plugged into my Pandora when running RISC OS.

I too would also like to use a Wifi Dongle that’s plugged into my Pandora when running RISC OS.

I too would like to use a WiFi dongle period.

Ever since a lightning strike took out my Livebox, the (USB-attached) Livephone, and one of the attached VoIP “traditional” phones, I have been extremely wary of hooking anything to it. I might one day run a server or something off a Pi if I have a stack of them and losing one is no big deal. But no-way-no-how do I plan to plug in the Beagle. WiFi is the solution, plus allowing portability (all of my geek kit is nowhere near the Livebox, not even in the same room – everything except the local bedroom intranet is done with WiFi).

So, yeah, WiFi on RISC OS – here’s hoping!

It is easy to use a wifi to ethernet bridge. I do on my pi.

However would wifi support just for open networks be more likely?

Having that would be a huge step up from nothing.

However would wifi support just for open networks be more likely?

Like running an unprotected wifi network? In Germany at least that would be a breach of duty of care (Stoererhaftung). It’s not illegal to do so but could trigger claims for damages. While you’re under no obligation to have the newest and safest you could be held responsible for not using what was state of the art when originally installing your router.
Not sure I’d like to pay thousands because someone downloaded a few songs.

I was thinking of connecting to public access points. At home you’d either make *alternative security arrangements or use a cable.

• Hidden SSID, No DHCP and creative choice of IP configuration, only allow connection from specific MAC address, use router firewall to block anything you aren’t using, limit time router is active, limit range of access point. (I know some of these can be worked around by someone with suitable knowledge.)

If you havn’t seen it Fon is an open network which you must subscribe to either by buying credit or proviiding an access point. In the UK BT do this.

Hidden SSID, No DHCP and creative choice of IP configuration, only allow connection from specific MAC address, use router firewall to block anything you aren’t using, limit time router is active, limit range of access point. (I know some of these can be worked around by someone with suitable knowledge.)

The only item in that list likely to slow people down on connecting is the MAC table and a capture and decode using standard free tools should sort that bit in a few minutes. BTW. About the only thing hiding an SSID is good for is making the connection less reliable for the valid users.

It is easy to use a wifi to ethernet bridge. I do on my pi.

Is there an idiot’s guide to setting this up available? I bought such a bridge some months ago, with the intention of using it at a Raspberry Jam – but got nowhere and didn’t find any specific guidance online at the time.

I would think the network being unavailable when you aren’t using it would help rather a lot.

But don’t forget WEP can be broken very easily too, (and apparently WPA too, if you try hard enough.)

Blocking peer-peer on the router ought to help too.

But don’t forget WEP can be broken very easily too, (and apparently WPA too, if you try hard enough.)

True but that’s not the point. It’s easy enough to break into a car, yet you can get fined by the police if you leave it unlocked because you’re “encouraging theft”. The problem with unsecure networks however is there are law firms out there making a living from sending out cease and desist warnings. These will cost the unfortunate owner up to 100 EUR.
Of course you could implement other security measures but that would be far from trivial. Hence such a feature would need to be experimental (with appropriate warnings attached) and not suitable for public release.

The point is it would be for connection to open hotspots rather than home use.

But within certain situations it could be used at home.

Hidden SSID,

No good if you expect to fire up your computer/phone and get it to auto-connect. I found most of the time I tried it, things wouldn’t connect unless I told them too – and usefully Windows kept asking for the password which on my router is an obscenely long string of hex.

No DHCP

Again, making it harder for others to connect into the system when you want them to. I have DHCP enabled with ‘known’ devices using fixed addresses.

and creative choice of IP configuration,

Very strongly NOT advised. I’ve been there. Done that. Had to factory reset the router. IP is a pain at times and configuration trickery could blow up in your face.

only allow connection from specific MAC address,

I don’t bother with MAC blocking, the people that aren’t technical enough to spoof addresses will be put off by the router using encryption, and the ones who can spoof will already know how.

use router firewall to block anything you aren’t using,

This is the best advice – lock down ports you don’t actively use. It is also worth looking for ports known to be in use with various rootkits (TDSS etc) and blocking those in both directions.

However, same warning as above – get overzealous and you’ll find all sorts of stuff might cease working…

The sad thing is that if you snoop on a network, you can gain information. Open networks are dead easy (but, then, why bother snooping when you can just walk in the door?). WEP encrypted networks are moderately easy to crack open. WPA/TKIP is moderately hard (but suffers a weakness inherited from WEP). WPA2/AES is extremely difficult – as in “it is doable but unless somebody has a personal grudge against you, it is easier to find a lesser-protected network than to attempt to crack”. Experience says that there is always some dunce with a wide open network. Why waste time hacking when there’s an easier option?

The nice shiny new WPS should be turned OFF. The last digit of the eight digit PIN is a check digit, so there are 10,000,000 possible combinations. However, the protocol breaks the number in half and reports the validity separately – so you only need to check 10,000 combinations (first half) and then 1,000 combinations (second half (shorter due to check digit)). By BRUTE FORCE ALONE your network can be compromised with only 11,000 attempts. Would probably take an hour or two. Once the PIN is known, the WPA/WPA2 shared key can be determined. Whoever made this god-awful protocol should be fed to hungry llamas and the result televised.

As for WEP/WPA hacking, it works by capturing packets and running analysis on them. The speed of hack depends largely on how much traffic passes (ie how many “samples” are made available). If you Google, you will find an active WEP network can be compromised by a fast computer with decent GPU in about…….ten minutes. Reality is slightly longer, but I don’t think unfeasibly longer. I have not bothered to WEP hack my own network as it would be too much pain to revert stuff back to WEP to try it. I’m way too lazy!

The time is coming when you’ll be able to hack on an Android. It has been done to some devices by reverse engineering the firmware to get the WiFi into monitor mode, however it isn’t a simple app….yet.

Finally, if your router’s admin login is user “admin” password “admin”, for God’s sake change it. RIGHT NOW.

There are two schools of thought:

1. Pick something with punctuation/numbers/capitals/unusual characters – such as r!5Ç_0S – so long as you can directly type it from the keyboard… The example is just an example, you’ll want it to be 8-16 characters. Longer is better. Advantages – algorithmically solid if you choose well. Disadvantages – was that a zero or an oh? Cedilla C or cent sign? Dammit, upper or lower case. Which ‘S’ was the number, etc etc.

2. Pick a phrase that is bizarre but has meaning to you – such as ifatfirstyoudontsucksseedtrykibble [if at first you don’t suck seed (play on words), try kibble (slang name for cat food)]. Advantages – a good phrase is memorable, can be typed quickly, and will fail with a dictionary-based attack. Disadvantages – some sites (I’m looking at you ARM) pathologically enforce the must-have-mixed-case-and-a-number-and-some-sort-of-symbol school of thought.

For those who prefer to see this expressed as pretty pictures:
http://xkcd.com/936/

However… sorry, yes, this message goes on and on. HOWEVER one of the better forms of “protection” is assistance from the router itself. The Livebox (any version) needs to be authorised before it will let an unknown machine connect. This is achieved by pressing a button on the front. It may be possible to bypass with the correct level of spoofing, however for casual hackers, that plus WPA2/AES is slamming the door pretty hard. Anything that compromises will be illegal in most places.

The Livebox 2 (the square not-book-like one) has an additional useful feature. Sometimes you just can’t disconnect the router as it provides your landline phone (unbundled), however by long-pressing the wifi auth button, you can actually enable and disable the wifi. So the router stays on, connected devices stay connected, but WiFi is disabled when you aren’t around.