I was just going to let this go, but after I watched this video, I just had to write about it. The video below is a recording of a presentation by Mickey Baker, N4MB to the Southeastern DX Club.
Apparently, to recover Logbook of the World (LoTW) after the attack, the ARRL hired the original developer who released LoTW in 2003 with no testing and no user documentation. In addition, LoTW is running on versions of CentOS (Linux) and SAP MaxDB—both of which has been unsupported for more than 5 years.
As one person on our club mailing list put it, “CentOS is end-of-life now, after Red Hat pulled the plug on it. . . running an OS after the vendor stops providing security updates is bad practice.”
I think it was very courageous of Director Baker, to come forward with this information. If he wasn’t on the ARRL CEO’s sh*t list, he certainly is now.
Another factoid in this video is really concerning. In the Q&A portion of the video, Baker mentions that he estimates that there’s been a 15 – 18% membership loss due to requiring members to pay extra for the print version of QST. I predicted that the League would take a hit for doing this, but I didn’t think it would be that drastic. A 15% loss of members would put the percentage of licensed radio amateurs who are also ARRL members well under 20%.
And, so it goes…

How about the part about the DXCC program which runs on Foxpro on a Windows 98 machine? CentOS itself is not EOL and it’s still being actively support, but past versions of it are EOLed. Not sure why anyone would run SAP MaxDB. (It’s bad enough to run their ERP products. LOL) MySQL and Postgres have been proven no-brainer database choices in the open source world for two decades.
I expect Newington to be citing N4MB for an “ethics violation” or some other nonsense in four, three, two, one…. He’s probably expecting the phone call, if he hasn’t received it already. Hats off to him for coming forward.
I don’t think it can be stressed enough that this is more an IT problem, it’s a leadership problem. Absent a CIO or CTO, the responsibility falls on the CEO to ensure proper IT practices and infrastructure in an organization.
In light of K3NG’s comment above, I need to stress that when ARRL had a CTO, it was, per the bylaws, a specialized advocacy position. The portfolio did not include IT.
73,
Brennan Price, N4QX
2nd and to date last Chief Technology Officer, ARRL, January 2010-October 2016
Hi Brennan,
Duly noted. Perhaps a CTO should have been overseeing ARRL IT as the CEO doesn’t appear to have had it/IT on his radar. :-|
The arrl leaders are a bunch of clueless lost in the sixties dinosaurs. Running computer systems
on twenty plus year old operating systems no longer getting security updates and long abandoned
by their creators was dumb and dumber.. Raising dues to compensate for a declining membership
and pay off ransomware hackers is a death spiral. Their iron rice bowl is cracking. Good riddance.
I had signed up for a 3-year renewal of ARRL membership in 2022 and chose the “mail me a paper magazine”. Then at the beginning of 2024, ARRL unilaterally decides to stop sending me a paper magazine (unless I coughed up an additional $25 per year).
That wasn’t my only gripe with ARRL; two others are that the content of QST has become “meh” (and was one of the reasons I started my newsletter Zero Retries) and that ARRL continues to lock its content away behind a paywall. That approach just makes it near-irrelevant in this day and age of freely accessible online content. Folks are learning more about Amateur Radio on (free) YouTube and 73 Magazine than they are from ARRL publications.
So, sometime in 2025, I’ll be one of those whose ARRL membership will lapse.
There was a statement some time back by former ARRL Board member N2RJ that EVERY time the ARRL has increased dues, their membership numbers DECLINE. If I remember correctly what she said, there has never been a case where increasing ARRL dues has resulted in a revenue increase. I think I have that right, because I was so shocked in reading that.
Agreed. What irked me the most was unilaterally cutting off the print magazine before my membership expired. Don’t change the terms in the middle of my membership term. I therefore let my membership lapse. Even if a print magazine had still been included, I’m not sure what I was receiving that was worth $59 per year.
ARRL allowed dues increases to become a crisis, by putting them off way too long. Instead, they should have been increasing dues on a yearly basis, following the current inflation numbers, instead of waiting until they were about to go broke, and then surprising everyone with a massive increase.
What a way to (not) run a business…
On the IT front, I find it depressing that even after all the mess over the IT crisis, ARRL is still not directing web browsers to their https address by default. This has been common SOP for the vast majority of web sites for years, now, but I guess that ARRL thinks they are somehow special.
Before watching the video a rough estimate was a full recovery could exceed the
entire arrl annual budget. After watching the video and hearing things like the burn
rate was $40,000 per month (less than five software developers) and the “team”
to address just one problem was a team of one (at the arrl there is an “I” in team).
They got hacked good and hard. The arrl will not recover in our lifetime and with
declining membership never is a better estimate. They’re doomed and I’m happy.
Mickey Baker is a “stand-up” guy. He calls a spade a shovel and is the type of director that ARRL needs more of. He doesn’t fall in lock step with the leadership made up of “good ole boys” at the League. He has plenty of IT experience and offered to assist the League, AT NO CHARGE, with recovering after the attack on the ARRL computer system, and THEY TURNED HIM DOWN. Most likely because he’s not IN with the IN CROWD. How short-sighted can that be? We NEED more Mickey’s representing ham radio on the board of directors, and not a bunch of guys that think, “We’ve always done it this way, so we’ll continue doing it this way.”