- Staff Web Mail -
What's New               Services


VISA and Master Card Accepted

Staff Home       GoTo Notes       Computer Tips       HIPAA Info & Tips
Staff Area     ...don't hesitate to email me if you have any questions or suggestions.     

Webmail is Operational as of Friday Night.

A link to our restricted Staff area was incorrectly pasted into the Bing and Google search engines on the evening of the 10th, making the Staff area of the site open to the whole world and setting off a chain of events which required disabling Webmail for 20 hours to insure website security.

Please, when done with eMail, Sign Out! Not doing so is like leaving your home with your door wide open.

Fix Your WebMail with HTML

I have gotten a few email replies from Staff that are in plain text, including links that I have sent them-- which means the links are almost useless.

You may have seen warning messages or heard stories from "computer techies" about dangers involved with using HTML in your email, but in a nutshell anything you hear like that is simply from a Nut.

Our webmail is on a Unix/Linux server and HTML email is entirely safe and secure. Also makes email more readable and usable.

To enable HTML in your webmail:

1 - Log in to your webmail and click the "Options" link.

2 - Look for the option "Display Preferences" and click it.

3 - Under the heading "Message Display and Composition" you will see "Show HTML Version by Default:". Check the box.

4 - Save the settings and you are all set up!

With plain text email, if you get a message with a link to click, you won't even know that it's a link. It will look just like this: Read More.

With HTML enabled, you can see that "Read More" is actually a clickable link... looks like this link: Read More

HIPAA (Health Insurance Portability and Accountability Act) and SSL

Seems like every time you turn around there is a new internet law enacted. HIPAA has not made a new law, but they have recently strengthened their laws concerning privacy protection. This means that the ERC will have to use an added method of email security to ensure compliance.

I say "added" because we already use a security method for webmail called TLC, but we will now have to also use the SSL (Secure Sockets Layer) cryptographic protocol.

SSL is already set up on the Empire's web server, and it will involve no effort at all for Staff to use, but due to the chicanery and deliberate deception of the public by many internet corporations, the use of SSL for webmail should require that Staff be informed of this deception and given the truth.

When I change the webmail link (some time in early May), you will see something similar to the following in your browser... this first example is from my Chromium browser (a Linux version of Google Chrome):

Firefox will show this "dire" warning:

Whatever your browser, the warnings will be similar. Ignore the warnings-- they are absolutely phony and deceiving--the browser people are paid to frighten you. For Chrome, ignore the "Back to Safety" lie and click the "Proceed Anyway" button. For Firefox, click the "I understand the Risks" button. If you use another browser or are unfortunate enough to use Internet Explorer, just ignore whatever phony warnings are given and proceed.

Chrome (most versions) will take you to your webmail interface right away. Firefox likes to tease you though, and the next thing you see will be something like this:

Again, ignore Firefox's crap crud and click "Add Exception". When you do, you will then be presented with this:

Ignore the phoney baloney again. Be sure the box by "Permanently store this exception" is checked, and click "Confirm Security Exception". You will then be taken to your webmail login page, and once you get through all the browser crud the first time, you won't have to do it again.

The rest of this post will only be of interest to those of you who want to really know what is going on here. I will explain the truth of SSL encryption and how the SSL certificate sellers like Verisign and Thawte take free Linux Open Source code and sell it for anywhere from $500 to $1500 dollars for a one-year certificate, renewal annually, and spend much of their profits in paying browser makers to help them deceive and literally swindle the 99% of innocent (gullible) computer users who are not knowledgeable about SSL or the technical tools that they use.

The Real Truth Behind SSL Security

SSL was developed by Netscape in the early 1990s and released to the public as open source software. "Open source" was the original dream of those of us who helped evolve the old "Bulletin Board" learning systems into the internet, with the intent of providing free knowledge and software to the world. It was the Department of Defense that first "invented" the internet, by the way.

Corporate types, taking their cue from Bill Gates (don't ask me what I think of him) helped themselves to this free technology and began selling "SSL Certificates" to the public. Take a look again at this snip from the last image above:

That "different site" statement is true.... it is the BurstNet Data Center that the ERC's Linux web server resides in, and the SSL is provided to us as a part of their service. BurstNet has a very well respected reputation among tech-savvy types. The browsermakers know that, but remember-- they are paid to put these warnings up, by the commercial certificate panhandlers... and you should know that one of the biggest customers of these misnamed "trusted recognized authorities" are porn sites.

Not being recognized by a "verified authority" in truth means, again, a company like Verisign. And the "secure signature" refers to the certificate you get when you pay hundreds of dollars annually to literal con artists who got their open source SSL technology for free. There's big money to be made from the ignorance of the vast majority of computer users.

SSL works like this: when you log into your webmail, the first part of your link address will start with "https" instead of just "http". Adding that "s" to the link is what sends you to the SSL secured system. Everything you do from the time you click the SSL web mail link until you sign out is secure.

When you send an email, it goes from the ERC server to the network mail router, where it is then sent through the open internet as unencrypted mail... but you are "off the hook" at that point as far as webmail is concerned, unless you make the mistake of sending anything ePHI related. There is simply no technology available to send an encrypted email to some person requesting information from you by email,for instance. They don't have the decryption capability at their home.

However, once that email reaches the open internet HIPAA's requirements are fullfilled. Again, you need to be very careful not to put any confidential information in your email -- because after leaving our network it is on the open, unsecured internet.

I hope I have explained this well enough. If not, drop me an email any time.


Internet "Phishing" law and blacklisting

The ERC has been under a blacklist by ICAAN (Internet Corporation for Assigned Names and Numbers) for using email systems other than its own legally registered domain's email system. This places anyone doing so under suspicion of "Phishing" and possibly in violation of Anti-Phishing law.

Please take a look at this updated explanation of why the practice of using ATT, Yahoo, Gmail, Hotmail etc. for ERC business is potentially dangerous to our website and may very well also be legally hazardous for you as a staff member.

Get a Good Browser!

Internet Explorer is a dinosaur. Once the most popular browser used, its use has dropped from around 95% a few years ago to about 35% curently. And for good reason-- Microsoft has been and still is unwilling to adopt web standards.

If its use on the ERC site drops much more, as I am sure it will, we will no longer support it as we have been; it takes almost 5 times as much programming code to allow viewers to see the ERC web site's modern features even halfway correctly, than it takes for web compliant browsers like Firefox or Chrome. If you are reading this paragraph with IE, you won't know that it is written in a cursive font.... with FireFox, Mozilla or Epiphany browsers you will see it correctly; Chrome will show the font well, but with ultra thin lines.

Google Chrome is a fine browser, with the exception of user privacy-- and privacy goes hand in hand with security. If you are concerned about privacy or security, you may not want Chrome. Certainly Google Chrome is not dangerous in itself, but Google's idea that it knows what's best for you, and also its well-known habit of tracking and recording every ounce of information on you that it can possibly get can lead to serious problems if someone hacks into Google's relatively insecure databases. If you don't require good security, Chrome is a fine choice. Of course, you can stop 99% of Google's tracking if you use Linux and get the Linux version.

FireFox is also a fine open source free browser that has hundreds of free add-ons and plugins that you can use to customize it in almost any way that you want. I use the Linux version of FireFox myself because I need high security for web network conferencing etc.

You can get Firefox for free here:

Firefox for Windows

Firefox for Mac OsX

Firefox for Linux

You can get Google Chrome for free here:

Google Chrome for Windows

Google Chrome for Mac

Google Chrome for Linux (Debian/Ubuntu/Fedora/openSUSE systems)

How to Access Staff-Only Areas from Home

I know that some of you-- the more dedicated ones-- may want to be able to access secured and non-public areas of the ERC site like this one from home. Here's how to be able to do that....

If you want to be able to access this section from home, contact the webmaster and you will be sent the instructions on how to have your home computer cleared for access.

It will only involve a couple of steps to set things up, not a hard thing to do at all.

ERC Webserver Security Tightens Up

Security for the ERC web server is being ramped up. This should not be apparent except in a couple of minor instances, like web mail access and any other staff-only and non-public areas of the site.

The major reason for this tightening of security measures is primarily the sharp increase of Chinese government sponsored hacking of U.S. networks. It has been shown that the China-Based hacking of 760 Amerian Companies, including Google, Microsoft and Intel Corp., proves that a Cyber Cold War is under way. Our ERC web server logs show a 485% inrease in hack attempts since last Christmas, and I have traced 97% of those attempts to China.

So far none of the attempts have been successful, but security needs to be increased to be sure that none of these creeps do succeed. The live image below from internettrafficreport.com shows the current efficiency of our internet system. Up until a relatively short time ago, this average for North America was always in the 98% plus range, but during attack periods it often drops to the 70% range.

ERC web mail, this new staff section, and Invoice access are areas of the site that will be affected. These areas will be normally accessible from any computer at the ERC or OP, but not from your home computer unless you register for home access here:

Write down the link above and connect to it from your home computer. Be careful-- those are underscores in the link, not dashes.

The idea is to keep everyone who is not ERC staff from accessing anything but the public areas of the web site. It involves the simple placement of a cookie, and if you are one of the misinformed paranoids about cookies, read the article below this one.

What About Cookies?

In ancient times, people had fear of anything they did not understand-- in modern times, this is still true.

While most people today can use a computer and surf the web, most know next to nothing about the technology they are using. Cookies are one thing that some people are leery of, because they don't understand them. We'll try to fix that here.

Cookies are nothing but very small text files. Virtually every website you visit puts a cookie on your browser. Cookies can greatly improve user access and interaction, and some cookies track your web browsing activity-- but that's for advertising purposes for the most part, and harmless. They can only become a problem if you give the website personal information by filling out a form, such as when joining FaceBook, Google email, etc. Only then can the cookie track your web browsing habits and also know that is is you personally.

Cookies are no more dangerous than the text you see on every website you visit-- that text is also kept in a "cache" by your web browser. So, to worry about text whether in a cookie or on your screen-- both the same thing-- is utterly ridiculous.

The ERC website uses no tracking cookies whatsoever, and we never will; we are under strict federal privacy/anonymity laws which forbid that. All cookies used by the ERC are only to expedite your use of the website. For instance, a cookie is used for web mail, which recognizes your login name and connects you to the right account.

For staff to be able to access web mail or other non-public areas of the site from a home computer is fine, as long as we know it is ERC staff that is connecting. There are two ways of doing this:

The first is to use your IP number, if it is static (unchanging). Unfortunately, most web connections use dynamic IPs (a new IP every time you go online).

The second method is to use a cookie.

If you want access to ERC non-public areas from home, you can go to this link from your home, http://empirerecovery.org/staff/home_access_setup.php, and simply enter your issued web mail user name in the form-- so I know you are bonafide staff-- and I will then add a line of encrypted code to those staff areas which will see the cookie and let you view the page from your home.

How to Retrieve Sent eMails

Retrieving sent email is done like this:

1. On the left side of the window, click "Sent". The folder with sent emails will then appear.

Example image 1

2. Check the box next to the email you wish to retrieve, then choose which folder you want to move it to... in this example, the Inbox. Then click the "Move" button.

Example image 2

3. Email is retrieved and in your Inbox.

How to Set Up a Contact Group Mailing List

You can easily set up a mailing list to a contact group with the ERC webmail.

1- Log in to your webmail account and click on the "Addresses" link at the top.

2- Fill out the "New Address" form at the bottom of your address list. List all the email addresses you want included in the group under "E-mail address" as shown below. Separate the addresses with a comma and a space, for example: larry@example.net, curly@fubar.net, moe@sample.com (You can make up your own nickname, it doesn't have to be "group1")

3- Click "Add Address". If you get an error message like this, then just put a dot (a period) in the "First Name" box and hit "Add address" again..... now you are a hacker ;-)

4- You should then see this, below. To send an email to every address you put into the group, check the box for "group1" and click "Compose to selected".

Your Composition window will then come up and you can write your email.

A word of caution: Very recent law has been enacted that prohibit you from adding people to a mailinglist like this unless they voluntarily opt in, or you know them and regulary correspond with them. If you add people you don't know or send emails to more that 25 or so recipients at once, you may well be tagged as a spammer.

02:31 PM, 06/19/13:
As of the end of this month, June 30, the domain empirerecovery.org will no longer represent the Empire Recovery Center. I am not required to give this notice because I am a volunteer and always have been, but I decided to do it as a courtesy.

From its inception in Feb. 2000, according to my records the ERC has paid approximately $4,462 of the hosting and server expenses, while I have paid above that amount in excess of $12,005 out of my own pocket. This is not the reason for shutting down the site however, it is only presented to show my sincere effort and dedication to Recovery. The above is in addition to the thousands of programming hours over the 13+ year period, strictly as a Volunteer.

The reason is this: I spent over 217 hours on programming the site to be fully HIPAA compliant under the tightened laws that became effective this month. We passed requirements with flying colors. Then, in response to a request by the Director to give clearance to a Board member for secure webmail and staff area access, I sent her a restricted link for his clearance. She promptly posted that restricted link on two major search engines, Bing and Google, and all our security simply went down the tubes. I can not be responsible for HIPAA compliance as a webmaster when a lead staff member does such irresponsible things.

It took me five 15-hour days to clear up the mess created by that thoughtless act. I have had no replies at all from her to my last three emails, let alone even a simple apology... and I don't think that will happen; it takes a certain quality of character to overcome personal vanity and admit a mistake.

As a secondary contributing factor to my decision, despite repeated requests, I have gotten no information about the Golf tourney, Campouts, Picnic, Christmas activities etc. for two years now-- the things the website's visitors constantly request and want to see. With very few exceptions, most updates have been for the Director's page and the "thanks" section of Upcoming Events and the Newsletter.

Lastly, because some of you are friends of mine, I want to earnestly warn you about using free public email systems for official ERC correspondence-- they are NOT HIPAA compliant, not even with a confidentiality statement appended. Anyone who tells you otherwise is simply ignorant.

Post Your Note Here

Visitors Currently Online --- Live 5s Update

How a webserver "sees" the Internet:

We fell from an average of 4574 pageviews* per day in early January of this year as a result the blacklisting. Due to those of you who are making the effort to use the correct (and lawful) email for ERC correspondence, we are making a rapid recovery, despite remaining on the "watch list status" for now. I want to sincerely thank you all very much.

Below is an excerpt of a raw graph from one of our network monitors. To help you read it easier, 1 is January, and 2 is February etc. The very recent decline started when SSL was enabled... c'mon folks, it is not that hard to use.

* A pageview is counted if a visitor remains on a page for 30 seconds or more and also clicks at least one more page and stays there for 30 seconds. Click-throughs, or what are commonly called counter "Hits", are not counted; they are not valid technical evidence of visitor traffic.