This Week In Security: Apple Backdoors Curl, Tor’s New Bridge, And GhostRace

OK, that headline is a bit of a cheap shot. But if you run the curl binary that Apple ships, you’re in for a surprise if you happen to use the --cacert flag. That flag specifies that TLS verification is only to be done using the certificate file specified. That’s useful to solve certificate mysteries, or to make absolutely sure that you’re connecting to the server you expect.

What’s weird here is that on a MacOS, using the Apple provided curl binary, --cacert doesn’t limit the program to the single certificate file. On an Apple system, the verification falls back to the system’s certificate store. This is an intentional choice by Apple, but not one that’s aimed particularly at curl. The real magic is in Apple’s SSL library, which forces the use of the system keychain.

The current state of things is that this option is simply not going to do the right thing in the Apple provided binary. It’s documented with the note that “this option is supported for backward compatibility with other SSL engines, but it should not be set.” It’s an unfortunate situation, and we’re hopeful that a workaround can be found to restore the documented function of this option. Continue reading “This Week In Security: Apple Backdoors Curl, Tor’s New Bridge, And GhostRace”

CATS mobile transceiver in a 3d-printed case

CATS: A New Communication And Telemetry System

CATS is a new communication and telemetry standard intended to surpass the current Automatic Packet Reporting System (APRS) standard by leveraging modern, super-cheap Frequency Shift Keying (FSK) transceivers rather than standard FM units. The project is in the early stages, but as of this writing, there is a full open source software stack and reference hardware for both Raspberry Pi-based gateway devices and an STM32-based mobile device.

CATS packets are called ‘whiskers!’

From a radio perspective, CATS uses raw FSK rather than the inefficient AFSK used by APRS. A real killer for channel utilization is the PTT time; this is the dead time around a packet APRS requires for ‘keying up’ and ‘keying down.’ The CATS standard is aggressive with PTT timing, enabling the channel to get going on sending the data sooner.

Additionally, compared to APRS, the packet baud rate increases from 1200 baud to 9600 baud. Other key points are using LDPC encoding for forward error correction and data whitening (a useful PDF guide from Ti) to smooth over any burst errors.

One of the neat concepts of APRS is the APRS-IS (APRS Internet service). This enables amateur radio services to be connected over the Internet, vastly improving range. The CATS equivalent is called FELINET (if you’re not spotting all the ‘cat’ references by now, go and get another coffee). Together with the I-gate hardware, FELINET bridges the CATS radio side with the current APRS network. As FELINET expands to more than the current few dozen nodes, APRS services will no longer be required, and FELINET may well replace it. Interestingly, all software for FELINET, the APRS relay, and the I-Gate firmware are written in Rust. We told you learning Rust was going to be worth the effort!

On the reference hardware side of things, the CATS project has delivered a Raspberry Pi hat, which uses a 1 watt RF4463 transceiver and supporting passives. The design is about as simple as it can be. A mobile transceiver version uses an STM32 micro to drive the same RF4463 but with supporting power supplies intended to run from a typical automotive outlet. Both designs are complete KiCAD projects. Finally, once you’ve got some hardware in place and the software installed, you will want to be able to debug it. CATS has you covered with an RTL-SDR I-Gate module, giving you an independent packet log.

APRS is quite mature, and we’ve seen many hacks on these pages. Here’s an earlier APRS IGate build using a Raspberry Pi. Need to hook up your PC to a cheap Chinese transceiver? You need the all-in-one cable. As with many things amateur-radio-oriented, you can get playing cheaply.

A Look Inside A 70-GHz Electromechanical Attenuator

It might not count as “DC to daylight,” but an electromechanical attenuator that covers up to 70 GHz is pretty close, and getting a guided tour of its insides is quite a treat.

Perhaps unsurprisingly, this one comes to us from [Shahriar] at “The Signal Path,” where high-end gear most of us never get a chance to work with goes for one last hurrah after it releases the magic smoke. And indeed, that appears to be exactly what happened to the Rohde & Schwarz 75 dB step attenuator, a part that may have lived in the front end of one of their spectrum analyzers. As one would expect from such an expensive component, the insides have some pretty special engineering. The signal is carried through the five attenuation stages on a narrow strip of copper. Each stage uses a solenoid to move the strip between either a plain conductor or a small Pi pad with a specified attenuation. The attention to detail inside the cavity is amazing, with great care taken to maintain the physical orientation of the stripline to prevent impedance mismatches and unwanted reflections.

The Pi pads themselves are fascinating, too, especially under [Shahriar]’s super-duper microscope. All of them were destructively removed from the cavity before getting to him, but it’s still pretty clear what’s going on. That’s especially true with the 5-dB pad, which bears clear signs of the overload that brought on the demise of the whole attenuator. We suppose a repair would have been feasible if it had been just the one pad that needed replacement, but with all of them broken, it’s off to the scrap bin. Or to the recycler — there appears to be plenty of gold in there.

We thought this was a fantastic look under the covers of an exquisitely engineered part. Too bad it didn’t rate the [Shahriar] X-ray treatment, as this multimeter repair or this 60-GHz phased array did. Oh, well — maybe next time.

Continue reading “A Look Inside A 70-GHz Electromechanical Attenuator”