Perils of Software Applications

The modern amateur radio station is filled with software. It has been a long time indeed since this was a hardware hobby. Not only is there a lot of software, many of these applications communicate with each other and are connected to the public internet for our convenience and to access external services and to allow updates and maintenance. 

Amateur radio software is no less susceptible to privacy and security flaws and risks other devices in our homes and pockets. Hams can be very trustworthy, however that trust comes with risks other than the assumed good intentions of the software authors. Danger lurks in the margins. What tweaked my current interest was an article about a backdoor in a popular SDR application.

This article is not specifically about that compromised software. I have nothing to say that isn't covered better elsewhere. This is an example of the software author, supposedly with good intentions, leaving a gaping security hole in its users' shacks. Exploiting the vulnerability is straight-forward, if you know that it's there. Some did know.

With that introduction let's look at a small sampling of the potential dangers of software. This is meant to make you wary and not to scare you away from ham software. I know hams that avoid all software they absolutely cannot live without. That's extreme and it's an attitude that will diminish your enjoyment of the hobby.

Signing authority

Signed software is safer than unsigned software. An application signed with a digital key issued by a reputable CA (certificate authority) provides a degree of assurance that the software came from the expected source. If in a subsequent download (e.g. update) the key is missing or different, or from a different CA, it should raise alarm bells. Don't install the software until you can verify that it is legitimate. In a minority of cases there may be a good reason for the change.

I have previously held the signing keys for two companies. They were closely guarded. An attacker that gains access to the keys can cloak malware as legitimate software. Losing the keys causing grief for the author and for the application's users. When you install digitally signed software you are trusting that the author has kept the keys secure.

I have a product that uses a root CA that is unrecognized by Windows. This is risky and Windows will understandably pester you about it. This CA issues the keys for the drivers used by the VNWA3 from SDR-Kits. I accepted the root CA and all is well. Users of products like this need to be diligent. Check user forums and other sources to validate as well as you can that it is safe before you proceed with installation.

Of course, quite a lot of ham and hobbyist software is unsigned. There is a cost involved to acquire and maintain the key, which hobbyist software authors may want to avoid. The CA is a business which has expenses and it must maintain high standards. 

You can never easily know the trustworthiness of unsigned software. If it's open source you can inspect it for potential malware or flaws and then compile it yourself. However that is a tedious and difficult process that few of us would willingly undertake. It is easy to miss exploits, even by software professionals, since they can be disguised in many ways. You can hope that another user will spot the malware and make it public, yet the one mentioned earlier either went unremarked or unreported to the user base for years. Software updates must be similarly validated.

Desktop sharing

Desktop sharing apps have been around for a long time. Original uses included remote PC maintenance by IT personnel, and as a brute force means to share presentations and other live communications between individuals and groups. These applications are used for station remote control by allowing the station owner or another operator to use the station PC as if they were in the shack.

It should be obvious that protection of credentials is critical since if they are acquired by a bad actor (and it could be another ham!) the PC is compromised. After sharing credentials they should be revoked. New credentials can be created as required. 

You probably want a free desktop sharing app, but don't be so cheap that you ignore who produces it and where it comes from. Commercial software is often more secure and that may be worth the price.

Phone apps

I have several radio related apps on my phone, and many hams have more. There are apps to monitor DX spotting networks, ham chat groups, radio remote control, and much more. The major apps stores -- Google and Apple -- are quite good at preventing malware from being distributed but cannot catch everything. For example, user privacy is often disrespected. 

The app may ask for security permissions it does not require and the user may not be able or be interested in scrutinizing the app before installing it. Some of those permissions can be quite risky. But if you disagree you cannot use the app, and that will reduce the value of the associated hardware and software products: you are damned if you do and damned if you don't. Exploits can persist for a long time before being discovered. By then it could be too late. 

It is safer to stick with reputable vendors but that is not a guarantee. Some risk taking is unavoidable. One thing to consider, particularly for Android, is to avoid side loading of apps. Side loaded apps are not scrutinized by the name brand app stores. The only apps I have side loaded are those I developed myself.

Don't click!

There are endless sites on the internet that promise free software and manuals for everything you can imagine, or that you can't imagine or wish you hadn't. Many of the popular search engines filter or flag suspect sites and those known to host malware. Not all do. Even the best may not have identified the latest rogue site.

In the pursuit of free too many people are tempted to click first and ask questions later. This is one of the highest risk things you can do on the internet. There are many zero-day exploits not yet patched by the browser and OS vendors, or your PC may not be up to date with patches for those vulnerabilities. Anti-virus software offers little protection against zero-day exploits. You must rely on your own good sense.

A single mouse click can ruin your day. There may be no recourse by the time you realize what has happened. Free can have an outrageously high price. It is better to pay for software and manuals. The companies and individuals deserve recompense. You will receive little sympathy for falling prey to the attackers that rely on your desire for a "good deal".

There's more...

This article touched on only a few potential security risks associated with ham software. There are too many for me to list, and I certainly couldn't make a complete list. The only difference with ham software compared is that the authors are usually individuals or small companies that may be unwilling or lack the expertise to keep their software secure.

My intent is to make you stop and think when you next download and use software for your station. Even software that comes from reputable manufacturers can pose risks since they may be cavalier about your privacy and security, or their internal security so lax that a third party or disgruntled employee can surreptitiously embed malware.

Consider this article food for thought. Think about risk the next time you download and install software onto your PC or phone, or update the firmware on your equipment. Guarantees are impossible but you can reduce the probability of becoming a victim by being sensible, careful and a responsible consumer of software and software products.

High Power SO2R Novice

I am not very good at SO2R contesting. It takes a lot of skill and practice, and I have little of each. I am working at improvement, but slowly. The IARU contest last weekend was particularly challenging for me since I was not at my best (bad year for allergies). It was my first SO2R experience with high power. My band pass filters are built and working and the two amps are wired up and ready to go. 

I've come a long way since I first tried SO2R. The filters were an interesting project that will in the future (but not the near future) be a topic for the blog. They are prototypes, built from kits, that the designer plans to develop into a product.

Since everything in my SO2R setup is manually switched, all the equipment has to be on the operating desk where I can access the controls. The desk is becoming very crowded (and my photography skills have not improved).

When I change bands on one of the two operating positions the actions I must perform are:

• Change the band on the rig
• Switch the band pass filter band
  
• Switch the antenna
  
• Switch the amplifier band
  
• Tune the amplifier

Over time my intention is to make all but the first automatic. That will take a lot of work and, yes, money. Some are not so difficult (filters follow the rig or software band data) while others require home brewing (antenna selection) and the purchase of auto-tune broadband amplifiers.

The following notes describe my SO2R experience with high power in the IARU contest. There are no great revelations. I document these items to help me decide what work to do on the station and which operating skills to improve. Other contesters might benefit from these notes as well.

The attraction of power

Big signals attract big crowds. This is great in a contest, if you deal with the pile-ups and weak callers. It takes skill and talent to make the most of it, and even more to do it SO2R. Having your concentration and focus rapidly alternating rapidly increases the challenge. With two radios the challenge is more than doubled. The progression is not linear. With power you run (and must run) more frequently and that imposes a discipline that is difficult to perform well without years of experience and dedicated practice.

I admire those who can reliably isolate one caller among many. It is more difficult when (on CW) they have almost identical audio tones, stations call out of turn, all amidst the QRM of a popular contest. Mortals like me often resort to sending partial calls (hoping the rest standby) and narrow filters. When the two QSOs slip out of sync (it's inevitable and frequent) you end up having to copy on both receivers at the same time. It is difficult but it can be done.

Weak callers are a different and in many respects a more difficult problem. Pulling out a weak signal may require temporary adjustment of receive audio level, RIT and selection of antenna or receive antenna (low bands). Many of those weak stations aren't QRP but stations in a direction not favoured by your antenna. Remember, you have a big signal so hams everywhere will hear and call you, not just those you're pointing at.

The solution is practice, practice and more practice. At the moment I am struggling to deal with the many callers a big signal attracts. It can be a lot of fun but, oh, what a mess!

Signal quality

SO2R is one of those rare occasions when you have to eat your own dog food. Does your transmitter have key clicks, phase noise, excess harmonics, IMD, hum and other signal quality problems? You have to put up with it on the other radio. The majority of hams never really know how their signal sounds to others on the band, and most hams are too polite to say. The transceiver monitor feature is of no use to assess RF signal quality attributes that impact others on the band.

For low power BPF the transmitter harmonics are strongly attenuated. This is not the case for amplifier generated harmonics. No amplifier is perfectly linear so there will be harmonics; the BPF on the other radio does not filter in-band harmonics. You remove harmonics with band-switched notch filters (coax stubs) or more expensive high power BPF.

This is more frequently a CW problem since the harmonic relationship of the HF bands permits more opportunity to encounter harmonics your own harmonics. One avoidance technique is to operate near the lower end of the higher band and the higher end of the lower band. Compare the potential interference of the combinations 7020 and 14040 versus 7040 and 14020.

Harmonics are broader than the fundamental signal, being two and three times broader at the second and third harmonics, respectively. The harmonics of a dirty signal can be brutal. These include key clicks, phase noise and IMD. The second 40 meter harmonic of my FTdx5000 can wipe out 15 to 20 kHz of usable spectrum on 20 meters. This is with the latest firmware and options set to minimize key clicks. High power worsens the problem by 10 db, which is a lot.

I am increasingly disillusioned with the quality of Yaesu equipment. Signal quality flaws have been baked into their designs for decades. When the shack equipment is updated the Yaesu transceivers will be replaced.

Managing the amplifiers

Both amplifiers -- Drake L7 and Acom A1500 -- are tube amplifiers that must be manually tuned. Correct tuning of the latter is more difficult due to the power tetrode design. The grounded grid triode design of the L7 is more forgiving.

For every band change, large frequency shift or antenna selection the load and plate controls require adjustment. A quick antenna swap to work a multiplier is easier with the L7 since you can get by with a mistuning for a QSO or two. The A1500 is less forgiving. For that reason I strove to have the left radio with the A1500 always running. In the long run it saved time.

One particularly annoying aspect of tuning the amps is the transmitter power setting. Not all transceivers have a front panel control for power: the FTdx5000 does and the FT950 does not. For the latter it's a menu item. Before the contest I set the menu to the entry for power for rapid access. Rigs with small physical size are more likely to hide this item in a menu to save panel space. The power level must be higher when using BPF to compensate for filter losses -- in my case, from -0.22 to -0.55 db.

Eventually I hope to have all low SWR antennas and broadband amps, perhaps with an ATU. When that happens there will be no need to repeatedly fine tune the amps. Band and frequency changes would require no operator action in most circumstances. Not always, of course, since not all antennas are so perfect and weather can play havoc with antenna impedances. There will always be a need for manual tuning or reprogramming of the ATU

Time spent tuning is time not spent working stations. It is also a task that accelerates operator fatigue. SO2R is particularly difficult since you are working stations on the other radio while tuning the amp. I had to be quick or be interrupted by the QSO in progress.

Hot as heck

The typical efficiency of a linear amplifier running in class AB is no better than 60%. For a power output of 1000 watts there will be 700 watts or more of heat dissipation, plus that of the filaments (tube amps) and heat due to the inefficiencies in the power supply. The same is true of the transceivers. Luckily the duty cycle is not 100%. To be more precise, it isn't 100% on each radio but close to 100% overall with SO2R.

Since the objective is to transmit at all times, by alternating the two radios there is always a transmission occurring. With CW or SSB the effective duty cycle is about 50%. Put it all together and the continuous heat dissipation in a high power SO2R station is around 600 watts. It will be different in each country for those operating at the legal limit (e.g. 1500 watts in the US).

Our summers are short, hot and humid, and the peak is July. A mid-July contest guarantees that the shack will be uncomfortably warm. The air conditioner is not a perfect solution since the thermostat is not in the shack. Dress accordingly and have liquid refreshment within reach. In our cold winters the amps keep the shack warm and cozy.

Software reliance

Computer hardware and software are integral components of the modern contest station. You can resort to the 3 P's in an emergency -- pen, paper and paddles -- at the expense of time, rate and a horrible mess to deal with after the contest. Suffice it to say that the machinery should be kept in good working order.

I had computer and software issues for the first hours of the contest. SO2R was very difficult. From diagnosing the problem I discovered that Windows 10 was waging a forever war against a privacy protection app running in the background. The 2 keyboard feature of N1MM Logger+ is very sensitive to latency and I had severed latency. Key presses frequently went to the wrong radio's window. Once I corrected the problem the software preformed as it should. Microsoft won this round.

There is more to be done to reduce the severity or recurrence of problems like this. The PC is dedicated to the radios and I typically have no other apps running during contests. 

I have modest RFI issues with the PC which are exacerbated by high power. This is primarily a 40 meter problem since that is the only HF contest band for which I have an antenna nearby. The RFI has not yet caused a computer or interface failure. More ferrite chokes on cables must be installed to reduce the risk. I've been lucky so far.

Physical condition

SO2R is intense. It demands a lot from your mind and your body. You must remain alert for long periods and have the physical endurance to manage the equipment, listen, log and make frequent choices about bands and directions to target. With 2 keyboards the physical demand is greater due to swivelling back and forth between radios, and some awkwardness using the paddles and mouse which may be difficult to reach and use amid the desk clutter.

High power is more demanding because the rate is higher. QRP SO2R can be quite relaxed since there is often just one QSO happening at a time. Low power boosts the rate enough that it is almost never relaxing. High power SO2R is frenetic.

As we age our concentration and physical endurance deteriorate. On the positive side, SO2R helps fight the decline: use it or lose it. Although I am fit for my age it still becomes a grind as the hours accumulate. Although I practice and do the best that I can, I will never be an great SO2R operator. Oh, to be young again! Actually, I doubt that youth would help me. The inherent talent is weak in me. We can't be good at everything, so we do the best with what nature gifted us.

Next steps

For the next while my focus will be on antennas and not station automation. I'll live with the shortcomings of my SO2R setup until then. I could move faster to get everything completed sooner but, hey, it's a hobby.

Aircraft Scatter on 6 Meter FT8

Aircraft scatter has long been used by microwave enthusiasts. Enthusiasts monitor aircraft data and operate remote to get the best from it. Although the propagation mode is artificial in a way, it is very useful for getting over mountains and other obstacles, and to make the contact when more natural propagation is uncooperative. On HF aircraft scatter is of little value since ionospheric propagation is very reliable, and in any case the scatter is poor because aircraft are too small to be good mirrors at the longer wavelengths of the HF bands.

On 6 meters, aircraft scatter is not terribly useful since there are other and better propagation alternatives. It is of no benefit for my focus on DXing, and can be a nuisance. Aircraft scatter is easily seen on the spectrogram window of digital communication apps, when you know what to look for.

For our summertime amusement let's look at aircraft scatter on 6 meters FT8. For those within about 100 kilometers of a major airport it is common.

The example below right shows aircraft scatter for a signal source less than 100 km from me, as the crow or aircraft flies -- the intervals are compacted because I was transmitting during the odd/second periods. 

The distance matters since you will only see this for stations not too far away. This will be explained later. 

Those images look like and are often incorrectly identified as distortion. Sometimes they are decoded and sometimes not, depending on the coherence of the scattered signals. Above is a report I received from a ham in the Montreal area (about 175 to 200 km away), when we were both new to FT8. He wondered what was going on, wondering whether there was something amiss with my transmitter or his receiver. So did I at first. It is interesting that the primary signal at 314 Hz was not always decoded when the scattered image was.

The spectrogram at right is from a station in Ottawa (80 km away). There are two of these shadows, due to at least two airplanes. We live underneath the busy air corridor between Montreal and Toronto, and there are medium size airports in Ottawa to the north and Syracuse to the south. In this airspace there can be many aircraft scattered signals. The multitude of local airfields contribute little to the aircraft scatter we see because their traffic volume is low and the aircraft are small with a small reflection surface.

If the station is farther than a few hundred kilometers and you see these images, and they're not decoded as coming from other stations, it might indeed be distortion. For comparison with aircraft scatter the spectrogram below shows actual distortion on an FT8 transmission. There are similarities and obvious differences.

 The diagram below is a simplified view of aircraft scatter. It is not to scale and it is restricted to just two dimensions. That is enough for us to get started.

There are similarities and differences with CW (continuous wave) Doppler radar systems. The receiver (A) and transmitter (B) are widely separated and the two signals are not brought together for processing. I have commercial experience with products incorporating low-power CW radar so investigating aircraft scatter recalls memories from years ago.

Because A and B are far apart we have a large area (2) that is atypical of conventional radar systems. It is the most common scenario for aircraft scatter because for (1) and (2) the path loss is substantially greater and tropospheric refraction is required when the aircraft is below the radio horizon for one or both of A and B. Diffraction may be needed to get around tall buildings and hills when the elevation angle is small.

Since the aircraft velocity is high and the fuselage has a complex shape, the specular reflection is not coherent and varies with time. Also, the projected cross section and orientation of the aircraft affect the amplitude and coherence of the reflection. We are not concerned with calculating a precise reflection signal so we need only be aware that several factors impact signal amplitude, variability, Doppler shift and FT8 signal integrity.

Now we come to the radar equations. The first impacts path loss. The inverse square law tells us that signal strength decreases 6 db when the distance between the transmitter and receiver is doubled. For radar the path loss is 12 db because the path loss is 6 db to and from the target. For aircraft scatter, the radar equation for path loss is a limiting value as the aircraft distance goes to infinity. In most cases the path loss is intermediate and is close to the inverse square path loss when the aircraft is between A and B: case (2) above.

Aircraft scatter is therefore more likely when the aircraft is not far from both A and B, and is unlikely for cases (1) and (3) when the aircraft is more distant. The projected surface area of the fuselage is at a minimum in the latter cases cases, which contributes to a scatter signal too weak to be detected. 

The second radar equation is for the Doppler shift. It is double the value of conventional Doppler shift because it applies for the incident radiation and for the reflected radiation. For (2) the Doppler shift is lower than for conventional radar because it is positive in one direction and negative in the other, and the sum can be a small Doppler shift. Despite the reflection not being visible on the spectrogram it can interfere enough with the direct signal to reduce the probability of decoding success. The decoding algorithms are fantastic but they don't handle overlapping synchronized signals very well.

Let's do a calculation. The maximum air speed of a commercial aircraft is very roughly 1000 kph. Yes, it can be higher when at cruising altitude and travelling east within the stratospheric winds, but those are uncommon for the scatter scenarios we are likely to encounter. We do not require high accuracy for this exercise, so 1000 kph is useful as an appropriate maximum velocity.

The Doppler radar frequency shift is easy to calculate. A speed of 1000 kph is 278 m/s, or 0.00000093c, where c is the speed of electromagnetic radiation. At a frequency of 50 MHz the Doppler shift is therefore 92 Hz. At higher VHF and UHF bands the shift will be greater, in proportion to the frequency. 

It is a coincidence that the aircraft scatter Doppler shift and the FT8 42 Hz bandwidth are of the same order on 6 meters. Since the 92 Hz maximum is uncommonly seen, the majority of shifts are closer to that of the FT8 bandwidth. When the shift is less than the bandwidth of an FT8 signal the direct and scatter signals will overlap.

When the two signals overlap the effect is more likely to be mistaken for distortion. The effect reduces decoding probability but it is not the fault of the transmitting station. Be very certain of your signal analysis before criticizing the operator!

Perhaps the most obvious example of aircraft scatter is the one at right. Do you see what is happening? The aircraft is most likely turning to a direction that increases the relative velocity with respect to A or B. The aircraft rolls during the turn, orienting its belly to present a greater projected surface area. When the rolls ends the scatter surface is reduced. Doppler shift continues to increase as the aircraft gains speed.

This is most likely occurring soon after take off with the usual turn from the runway direction to the desired heading. Certainly there are other explanations consistent with that spectrogram, however, even if my interpretation is incorrect the depicted characteristics of aircraft scatter are illustrative of the general phenomenon.

We are not done. Our antennas play an important role in another characteristic of aircraft scatter on FT8 signals. The amplitude of the scatter signal is not constant, as is easily seen across the long 15 seconds on-off intervals of FT8 transmissions. That alone is highly suggestive of the effect not being due to distortion.

At right is an example. Both the scatter and direct signals vary in strength, however they do not vary in tandem as they would for distortion. The scatter signal strength also oscillates over time. Again, although there is more than one possible explanation for that specific spectrogram I want to focus on one in particular and probable explanation.

VHF antennas develop numerous elevation lobes due their great height relative to wavelength, and far filed interference with ground reflections. The greater the height, the more lobes there are. These multiple lobes come into play when an aircraft enters the field, and they do so in a manner that is far more evident than far slower propagation path changes involving the troposphere and ionosphere. 

The elevation angle between the aircraft and both the receiver and transmitter changes quickly as the aircraft races past. It traverses those lobes and nulls as illustrated below. As before, the diagram is not to scale.

The elevation angle from a fixed point changes with the aircraft's position. The elevation plot is for my own 6 meter yagi that is up 24 meters (4λ). With all those lobes the signal strength to and from the aircraft will oscillate in a regular pattern for several minutes. The more rapid oscillation at VHF and UHF bands above 6 meters will see the oscillation occur within a single FT8 interval. At lower HF frequencies the oscillation may be mistaken for ordinary propagation effects.

Most 6 meter operators will observe a lesser effect because their antennas are lower and will therefore have fewer elevation lobes. There is a similar effect in the azimuth pattern for aircraft moving across the field of view (transverse motion) which is less observable because the Doppler shift is small and there are fewer lobes in the azimuth pattern of a yagi.

So much for fun with 6 meter FT8 aircraft scatter. Now it's back to working the DX on 6 meters. It's hard to believe that the sporadic E season is beginning its decline and soon my attention will turn back to HF. I'll have more to say about this year's sporadic E season in mid to late August when it is done. All I will say right now is that it has been interesting, challenging and rewarding.