LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Incognito (https://www.linuxquestions.org/questions/incognito-85/)
-   -   Problem getting wlan to work with Broadcom BCM4311 + other problems (https://www.linuxquestions.org/questions/incognito-85/problem-getting-wlan-to-work-with-broadcom-bcm4311-other-problems-753288/)

RobF 09-07-2009 07:16 AM

Problem getting wlan to work with Broadcom BCM4311 + other problems
 
Using a Dell Inspiron 6400 laptop with Broadcom BCM4311 wlan chipset and Incognito 2009.0-beta.

I'm interested in anonymizing, secure live Linux distros principally for two reasons: I want to browse the Internet anonymously, and I want to learn through hands-on experience about current issues of privacy and surveillance that may affect me. For that reason, I've been checking out Incognito, Privatix and Polippix.

I had to jump through a lot of hoops to get Incognito to work on my system, and it still doesn't work very smoothly. One serious limitation is the fact that changes to system files and configuration are not persistent, only changes in the user's home directory are.

My laptop uses the BCM4311 chipset from Broadcom to provide wlan functionality, and that's the only way I can connect to the Internet. There are two drivers that support this chip in Linux, a Windows driver that can be used with ndiswrapper and a Linux native driver (b43). Both drivers require proprietary software from Broadcom that has to be installed by the user. As of kernel >2.6.26, the native b43 driver is to be preferred, as it often works better than using ndiswrapper with the Windows driver, esp. with WPA encryption. To get the native driver working one has to extract firmware microcodes from the Broadcom Windows driver and as root put them in a folder /lib/firmware/b43.

So, first one has to download the prepackaged Windows driver from the web (how do this without a functioning Internet connection?), extract it e.g. with cabextract, then extract the firmware from it with fwcutter and put the firmware microcodes in the proper location in the Incognito file system. This requires root privileges that are not granted by default. However, I was fortunate to have done all of these things beforehand in my main distro, Arch Linux.

The way I finally got wlan to work was to boot Incognito with the parameter "debugcode" on the kernel line (use TAB to get there) so as to be able to do anything as root. Incognito will boot to the desktop but it will not recognize the wlan hardware. I then have to copy the b43 folder containing the Broadcom microcodes from my persistent home dir (I've installed Incognito to a USB flash drive and picked the "persistent" but non-encrypted home dir option) to /lib/firmware (which is not persistent). This has to be done as root, either from a root console or with su -c "<command>" from a user console. Next, I have to modprobe the b43 driver, and with that the WiFi LED will light up.

Then I have to configure wlan0, e.g. with the KNetworkManager applet, which means keying in the network passkey by hand with every boot. Or I can automate this by running the script shown below which includes setting up WPA2-encrypted wlan manually through wlan_supplicant. However, if I do the latter, KNetworkManager will not be fully functional, e.g. its Connection Status display doesn't work. Perhaps wicd would work better.

Next, I have to restart Tor (/etc/init.d/tor restart), in TorK press the Play button and in Firefox uncheck "Work Offline". After doing all of that I finally have a working Internet connection, through the Tor network.

Here's the script that I run in a root console that automates some of that:

Code:

#!/bin/bash

# === icwlan ===
# wlan0 startup script for WPA2 encryption in Incognito Linux
# Boot Incognito with the parameter "debugmode" appended to the kernel parms line
# (use TAB key to get there)
# This will enable you to run commands as root: $ su -c "<command>"
# or directly use a root console

# Open a root console to run this script

cp -R /home/incognito/b43 /lib/firmware                # copies Broadcom firmware microcodes
# create wpa_supplicant config file for WPA2, incl. running the passphrase command,
# and copy it to /etc
cp /home/incognito/wpa_supplicant.conf /etc/wpa_supplicant.conf
sleep 2
modprobe b43                # loads b43 driver; WiFi LED should light up
iwconfig wlan0 essid xxxxxxxxx
sleep 15
wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf
sleep 15
dhcpcd wlan0
sleep 5
/etc/init.d/tor restart

I was also having problems browsing with Firefox with Tor disabled. Toggling the Torbutton to "Tor disabled" alone will not do it; I found that I was still connecting through Tor. If I want to browse w/o Tor I have to bring down the firewall (/etc/init.d/iptables stop) AND shut down TorK AND restart Firefox AND uncheck "Work offline" in Firefox AND toggle the Torbutton to "disabled".

If I then want to go back to browsing again through the Tor network, I have to restart the firewall (/etc/init.d/iptables restart) AND restart Firefox AND uncheck "Work Offline" AND enable Tor through the Torbutton AND optionally start TorK again. That's really tedious. In Arch Linux in which I've installed Tor, Privoxy and TorK (and the arno-iptables-firewall), I merely have to toggle the Firefox Torbutton to enable/disable browsing via the Tor network.

I think anonym's idea of migrating Incognito to *ubuntu is a good one. If it were based on Kubuntu (supposing you want KDE) and included the Ubuntu program usb-creator (with its two dependencies mtools and syslinux), then one could create a fully persistent install of Incognito to a USB drive, with persistent home AND system dirs, obviating the need to run a script like the one above manually after every boot.

Perhaps a better way could then be found to get around this catch-22 situation with the Broadcom wlan chips that are out there by the millions. Of course, the best solution would be if Broadcom were to freely make available their proprietary firmware microcodes and they would be included with every distro in /lib/firmware. Why they put everyone through this neverending torture I don't know.

Currently, the only serious competitors to Incognito appear to be Privatix 9.07.19 and Polippix 2.1. Privatix seems nice but it makes a regular HDD install of Debian 5.0 (Lenny) to the USB thumbdrive rather than using a squashfs filesystem and running much of the system from RAM. Doesn't running a regular HDD install from a flash memory drive ruin the drive rather quickly (incessant writing of bookkeeping system files to flash memory storage which may quickly exhaust the EEPROM memory cells)? Or is this not an issue anymore with present-day flash memory technology? Also, Privatix seems to run rather slowly (not just the browsing via the Tor network that would be slow with any distro). Is this due to the fact that the entire filesystem is encrypted and the system software has to be decrypted on demand and is running from the flashdrive rather than from RAM?

Polippix v.2.1 may also be quite nice but their procedure of installing the distro to a thumbdrive isn't streamlined, and it looks as though this is a regular HDD install, too. On the other hand, this version is based on Ubuntu 9.04, and as such it may be possible to install it on a USB flashdrive using usb-creator.

To sum it up, to me it looks as though Incognito would currently be the best anonymizing live distro out there if the described inadequacies could be ironed out. Good luck with all of that!

BTW, all three of these distros include much interesting documentation about the issues of privacy, surveillance, security and their supporting technologies. It's a brave new world out there on the Internet, and there is a real need for this type of Linux distro!

anonym 09-07-2009 04:19 PM

Quote:

Originally Posted by RobF (Post 3672937)
I had to jump through a lot of hoops to get Incognito to work on my system, and it still doesn't work very smoothly. One serious limitation is the fact that changes to system files and configuration are not persistent, only changes in the user's home directory are.

Making it possible to do a completely customizable install wouldn't be a problem I guess, but there are serious security implications with respect to malware etc. so I'm not sure this is a good idea. The *idea* is that Incognito should work out-of-the-box, so massing with the system directories shouldn't be necessary. The main goal of Incognito really is to make anonymity available for non-linux geeks, so if you want full control you might be disappointed. To me it seems like you have the skills necessary for installing your fav linux distro and then simply borrow the settings from Incognito to harden it.

Quote:

Originally Posted by RobF (Post 3672937)
I was also having problems browsing with Firefox with Tor disabled. Toggling the Torbutton to "Tor disabled" alone will not do it; I found that I was still connecting through Tor. If I want to browse w/o Tor I have to bring down the firewall (/etc/init.d/iptables stop) AND shut down TorK AND restart Firefox AND uncheck "Work offline" in Firefox AND toggle the Torbutton to "disabled".

If I then want to go back to browsing again through the Tor network, I have to restart the firewall (/etc/init.d/iptables restart) AND restart Firefox AND uncheck "Work Offline" AND enable Tor through the Torbutton AND optionally start TorK again. That's really tedious. In Arch Linux in which I've installed Tor, Privoxy and TorK (and the arno-iptables-firewall), I merely have to toggle the Firefox Torbutton to enable/disable browsing via the Tor network.

All this is fully intentional. Preventing messing up anonymity (by toggling Torbutton by mistake, for instance) is priority number one. In fact, it's part of Incognito's design to not allow non-anonymous communication, so if that's what you need Incognito might not be for you.

There are, however, situations were a direct connection is necessary (see this FAQ entry), so once I actually implemented all this in a development branch. We'll see what happens in the official releases with respect to this in the future. It's certainly open for discussion.

Quote:

Originally Posted by RobF (Post 3672937)
I think anonym's idea of migrating Incognito to *ubuntu is a good one. If it were based on Kubuntu (supposing you want KDE) and included the Ubuntu program usb-creator (with its two dependencies mtools and syslinux), then one could create a fully persistent install of Incognito to a USB drive, with persistent home AND system dirs, obviating the need to run a script like the one above manually after every boot.

At the moment it seems like Debian will be the way to go (their live-helper tool for creating LiveCDs is far superior to anything I've seen available for *ubuntu).

Quote:

Originally Posted by RobF (Post 3672937)
Of course, the best solution would be if Broadcom were to freely make available their proprietary firmware microcodes and they would be included with every distro in /lib/firmware. Why they put everyone through this neverending torture I don't know.

Neither do I, and for as long they keep it with redistribution restrictions there's nothing I can legally do about it. But I guess the situation is the same in other distros, so this isn't anything Incognito specific (?).

Quote:

Originally Posted by RobF (Post 3672937)
Privatix seems nice but it makes a regular HDD install of Debian 5.0 (Lenny) to the USB thumbdrive rather than using a squashfs filesystem and running much of the system from RAM. Doesn't running a regular HDD install from a flash memory drive ruin the drive rather quickly (incessant writing of bookkeeping system files to flash memory storage which may quickly exhaust the EEPROM memory cells)? Or is this not an issue anymore with present-day flash memory technology?

I think modern flash memory is pretty good at not wearing down. In any case it would be pretty easy to mitigate this problem by mounting /tmp, /var/log etc. in a tmpfs in RAM. I don't know if they do that, however.

Quote:

Originally Posted by RobF (Post 3672937)
Also, Privatix seems to run rather slowly (not just the browsing via the Tor network that would be slow with any distro). Is this due to the fact that the entire filesystem is encrypted and the system software has to be decrypted on demand and is running from the flashdrive rather than from RAM?

With modern computers the impact of encryption is negligable compared to the read/write speeds of harddrives, flash memory etc. Also, the situation when using encryption should be pretty much the same as for any linux system since everything that's loaded from the encrypted drive will stay in memory unencrypted. At least AFAIK.

Quote:

Originally Posted by RobF (Post 3672937)
BTW, all three of these distros include much interesting documentation about the issues of privacy, surveillance, security and their supporting technologies. It's a brave new world out there on the Internet, and there is a real need for this type of Linux distro!

I agree, obviously. BTW, you might want to check out amnesia too.


All times are GMT -5. The time now is 01:51 AM.