Fathom is the name of a company that coded a custom content management system for ARRL because we are unique and special and could never use off the shelf standardized software.  It has also become synonymous with our website software stack.

 

Deciding that we would build our own content management system was a monumental mistake in judgement.  It has tied us to aging software, not the least of which is an ancient version of Firefox that is required for making any content changes to the system.  Upgrades to every underlying part of the system is impossible because we are so many versions back.  And that IT decided to “wash their hands” of website support has further exacerbated the situation.

 

I was hopeful that we could ‘kick the can’ down the road for a year or two to deal with some of those other systems issues that would take others only 24 hours to address and fix.  It would seem that the website needs more urgent attention, especially depending on what the feedback is from the security consultant.

 

I will keep you informed as we move forward and will be reaching out to our board IT gurus for their assistance.

 

David

 

From: Mark J Tharp <kb7hdx@gmail.com>
Sent: Sunday, February 14, 2021 9:09 PM
To: Minster, David NA2AA (CEO) <dminster@arrl.org>
Cc: arrl-odv <arrl-odv@arrl.org>
Subject: Re: [arrl-odv:32014] IMPORTANT: Update on arrl.org

 

Fathom, was perhaps the single biggest mistake the league has ever made. 

We have fought stupid code, inability to change things, and flat out going backwards in what we had prior to them from a SM, and I have to assume ODV, perspective. 

I know, we can not change the past but they SUCK. 

 

And now you all know how I feel about that. 

 

Any SM from that time period will validate my opinion, and some of you here now, can as well. 

 

Thanks, David, for jumping in feet first and working to resolve this.

 

Mark, HDX

 

 

On Sun, Feb 14, 2021 at 5:05 PM Minster, David NA2AA (CEO) <dminster@arrl.org> wrote:

Here’s a “while it’s happening” report regarding our website:

 

I experienced an adware pop-up on Friday night with our HamCation video.  I had Bob and Kathleen immediately begin to dig into why it might be happening.

 

As of today noon, the only thing we can ascertain is that it is one specific image related to ARRL At Home from iPhone using Safari.  We have tried many other OS/browser combinations and it doesn’t happen.

 

We reached out to Fathom for ideas – they are out-of-business on websites.

 

We reached out to Rackspace.  Their security team did a deep dive on our site and found nothing.

 

Because the event is over, I directed Bob to delete the image from rotation on our homepage and the ARRL At Home page itself from the website.  It’s possible it has something to do with embedded links to YouTube, but I doubt it.

 

There are some other things that came to light that will now further my inability to sleep at night.  I can’t believe the website has gone so many years without being properly dealt with.

 

We will be reaching out to website security specialists with the intention to hire one and perform a deep dive on the website.  I just quietly did that on our internal infrastructure and as you’d imagine the results were not great.

 

If you have suggestions, please respond off list to me directly.

 

Thanks.

 

David

 

 

_______________________________________________
arrl-odv mailing list
arrl-odv@reflector.arrl.org
https://reflector.arrl.org/mailman/listinfo/arrl-odv