Elvenstats certificate expired

[Guurt The Destroyer]

Does anyone have any insight into www.elvenstats.com having an expired certificate?

My browser is saying this site is now a security risk.

 

[iamthouth]

I get the same. But this forum and Elvenar has also been down today, so might just wait and see.

 

[Enevhar Aldarion]

It is a fan site, so you would have to contact them to find out.

 

[Guurt The Destroyer]

Yeah, I understand this a fan site, but someone here might know something.

Also, thought it was a weird coincidence that in the same 30 minute time span the elvenstat sight became a security risk and the Elvenar forum went down. Probably just a coincidence, but odd never-the-less.

 

[Player9999]

Does anyone have any insight into www.elvenstats.com having an expired certificate?

My browser is saying this site is now a security risk.

ES's SSL certificate from EFF's free project just expired 8-9. The site appears fine, and should be safe to bypass the expired certificate alerts.

WAG, B's wife still thinks that his ambitious free repurposing of a cryptocurrency data system code project that was obsolete by the time it was ready, is secondary to caring for their kid who was born after we all got used to how helpful his game site is.

 

[ajqtrz]

One of the things that can cause certificate errors is, believe it or not, that your system clock is out of sync with the "real" time enough to make the certificate "expire." The solution is to make sure your system time is accurate and the solution to that comes in two ways: 1) manually reset your system clock -- PC only as mobile is synced by default -- or, better solution, set your system so it checks the time when you are online and corrects any errors against a time server. This is done in the settings (control panel) under "Date and Time," "Internet" tab in Windows 7, 8, 10 and probably all the other variants. Apple has the same setting as well though I do think it's set by default.

AJ

 

[The Fairy]

@ajqtrz it could also be because the certificate actually is expired

 

[Alram]

The site appears fine, and should be safe to bypass the expired certificate alert

Yeah, I'm going with NO.

 

[Darielle]

It's such a shame; I know I rely on that site and now I am afraid to use it.

Aj, if several people mention it at once, then it's safe to say that it is the actual certificate. But it's nice to know we can always count on your intellectual expertise for explanations of everything.

 

[Enevhar Aldarion]

Considering I have looked at it a couple of times the last couple of days, and just opened it now with no expired warning, I am thinking there is some glitch saying it is expired only for some people. Also, I am doing this with Chrome.

 

[ajqtrz]

It's such a shame; I know I rely on that site and now I am afraid to use it.

Aj, if several people mention it at once, then it's safe to say that it is the actual certificate. But it's nice to know we can always count on your intellectual expertise for explanations of everything.

What, exactly, did they mention? I can see they all thought the certificate had expired, but they offer only some suggestions rather than any evidence they are right. My comments are before such "proof" is delivered and thus, the question of "cause" was still up in the air. I answered based upon my experience with that error.

In any case, thank you for the compliment, but not "everything." On the other hand, after 26 years of running and IT company, I do suspect I do know something about certificate expiration. In over 15,000 cases the records of the company show that the certificate error seen is caused 90% of the time by the problem of which I spoke and fixed by the remedies I provided. Thus, while I don't agree with your assessment that you can count on me for "intellectual expertiese for explanations" of "everything," some things you can count on and PC repairs is probably one of them...until I've been retired long enough that things have changed enough that I'm no longer remotely up on the current tech...in about two weeks, I think. LOL

AJ

 

[Darielle]

Five people added input that elvenstats was down before your comment, AJ. When five experienced people mention something happening all at the same time, it is not "90 percent likely" that it is user error. But carry on as usual, AJ. I'm finished.

 

[ajqtrz]

Five people added input that elvenstats was down before your comment, AJ. When five experienced people mention something happening all at the same time, it is not "90 percent likely" that it is user error. But carry on as usual, AJ. I'm finished.

I see that I missed the idea of the site being down as the cause, and thought they were addressing the question of what might cause the error. Three said the site was down (not 5). I focused on the most likely cause of the error in general, (even though it was obvious that in this particular instance my comments did not apply), instead the cause shown in those three responses. My mistake. Having answered thousands of such questions in various forums over the years, I should have known to focus more on the thread instead of jumping to what has almost been the "go to" answer for the question. My mistake. Still, nothing wrong with a general statement of what to do if you run into a certificate error, right?

Hope this helps sooth the tattered nerves evident in your responses.

AJ

 

[Player9999]

What, exactly, did they mention? I can see they all thought the certificate had expired, but they offer only some suggestions rather than any evidence they are right. My comments are before such "proof" is delivered and thus, the question of "cause" was still up in the air. I answered based upon my experience with that error.

In any case, thank you for the compliment, but not "everything." On the other hand, after 26 years of running and IT company, I do suspect I do know something about certificate expiration. In over 15,000 cases the records of the company show that the certificate error seen is caused 90% of the time by the problem of which I spoke and fixed by the remedies I provided. Thus, while I don't agree with your assessment that you can count on me for "intellectual expertiese for explanations" of "everything," some things you can count on and PC repairs is probably one of them...until I've been retired long enough that things have changed enough that I'm no longer remotely up on the current tech...in about two weeks, I think. LOL

AJ

Any competent IT professional, or merely net aware engineer or competent netizen, would look at the certificate info I did, and that The Fairy screen shot posted just after. That's so obvious to anyone who understands what they're doing, I didn't see reason to spell it out.

It's been a long time since common mobile and desktop OS's didn't come preset to a major NTP server, albeit I might reset that to NIST -A or -B for one tier more authoritative, or another like NOS if far lower latency due to distance. However, that's entirely IRRELEVANT when the Certificate Authority info clearly shows expired status. In some physics projects, lumped latencies in GIS systems at the nanosecond level conversely can be critical, and have been badly mishandled by incompetent scientists, such as the Italians who claimed to have proven photons exceeding C in a fiber path back and forth to CERN. For casual users, common default settings generally are a few to few hundred milliseconds or less error.

I could speak to the difference between lazy, reckless, too dumb to own a computer, tin foil hat club, and such dominance of CATV or retail brand PC support calls, versus about 10% typically valid issues, but B who developed Elvenstats is a legitimate professional. Some of us who've played this game longer than Gems, ES, and K's EA have been around, and know about the people behind them or their development, may have communications outside the game when issues are noticed.... say when D who's doing most routine Gems work A used to, has caused some serious issues at times.

Guurt framed his observation and question accurately; not saying it was down, but gave a security alert. In that condition, it's generally best for most users to assume there is a security issue. I have the engineering and IT background to inspect such issues, and some awareness of what's supposed to be there, and did identify reasons to consider the servers uncompromised and functioning normally.

That's not true for companies like Facebook that are an ongoing crime by design, Google turned evil, LinkedIn, Equifax, or similar predators that have faced major fines and legal actions that sadly only amount to minor wrist slaps, or Zoom that lied to users and is about to pay Class Action damages to many of us, also in that fraud scamming in concert with Facebook and LinkedIn. There is a freely available security tool for Linux that acts as a security proxy to block 300 domains associated with Facebook, most intended for devious info harvesting across domains few users realize are abusing them. Discord as used by many gamers is also problematic, as even in cases where they've not been hacked, their system design loads image or document files, or malware archives pretending to be that, on systems of forum viewers who merely view what might appear to be text discussions, rather than server generated previews they appear to display, and which would block such malware, absent any user download requests. (Discord needs to be pressured to change that - and their hex dummy file name with no extensions in a hidden caching directory - horrendous bad security design. They're trying to sell out, and avoided certain infrastructure investments by contracting cloud servers and offloading many usual server side tasks to user systems, but with that one MAJOR reckless vulnerability not by accident, but intentional design choices.)

On the positive side, the Let's Encrypt project EFF started, funded in part from Grateful Dead lyrics royalties, was a good choice for B's ES site, and deserves praise and promotion for its work to improve our online world.

 

[Player9999]

Considering I have looked at it a couple of times the last couple of days, and just opened it now with no expired warning, I am thinking there is some glitch saying it is expired only for some people. Also, I am doing this with Chrome.

"B" had an ooops, but fixed it the next day (expired 8-9, updated the 10th).

The only reason for variable warnings or not would be some systems configured to ignore such issues most now default to intercepting these days, or after the renewal for the next 3 months, propagation issues for the new valid certificate.

I can name a major insurance and financial document signing company that places unsecure and third party advertising on what is supposed to be a high security transaction authentication site, which is far more reckless with security than B's part of a day lapse. Or, don't look too closely or major cel carriers may not actually implement 5G anti-IMSI-catchers and other security features they advertise, while pushing mobile device firmware that hides those details from customers.

The biggest problem with Elvenstats is an awkward data importing system, alongside lack of developer time to do revisions to parallel certain data elements where Inno made changes, and broke stuff, now only partially and slowly revised to the Inno changes. That's an important enough site to players, it might be nice if staff actively helped on such details, at least as to sharing specifics of changes they've made or intend to make soon in data records syntax or elements. (and noting the keying of cities to Konover's E-Architect)

 

[ajqtrz]

@fckm When you said: "Guurt framed his observation and question accurately; not saying it was down, but gave a security alert. In that condition, it's generally best for most users to assume there is a security issue. I have the engineering and IT background to inspect such issues, and some awareness of what's supposed to be there, and did identify reasons to consider the servers uncompromised and functioning normally. "

You are right. I was, again, only addressing the "quick and dirty" response. I didn't take the time to examine all the details and got it wrong. I do hope this satisfies the desire/need to show I didn't do my homework enough to lay the matter to rest. That I didn't pick up on your technical response is not surprising. As I've said, I've been away from actually repairing things for a long time and spoke out of my experience from years ago. I unclearly indicated this with my ending comment of how I might be completely out of date in a week or two. Sadly, my own lack of doing a close reading of your post missed what you said, probably because, like many people, I thought I knew the answer already and didn't bother looking carefully. Sorry, but that's a weakness in my own approach to many matters and I suspect it's a temptation to many.

And I don't wear a tin hat because if I did nothing would get through.

AJ

 

[Talaedraiia]

: I play on iPad and visited site yesterday. Had no warning. Slightly offended by fckm’s comment about being to dumb to own a computer. I was using computers when you had to use dos to make them work, which some of you may not even know what that is. I gave my PC away because of space and comfort issues, not knowledge issues.

 

[Lelanya]

: I play on iPad and visited site yesterday. Had no warning. Slightly offended by fckm’s comment about being to dumb to own a computer. I was using computers when you had to use dos to make them work, which some of you may not even know what that is. I gave my PC away because of space and comfort issues, not knowledge issues.

You are assuming that he was speaking to you.
FYI if he says the Security Certificate was renewed, then it was, and that is great news for everyone.

 

[hvariidh gwendrot]

snorefest

 

[Henroo]

: I play on iPad and visited site yesterday. Had no warning. Slightly offended by fckm’s comment about being to dumb to own a computer. I was using computers when you had to use dos to make them work, which some of you may not even know what that is. I gave my PC away because of space and comfort issues, not knowledge issues.

I remember DOS! You could reformat the hard drive of the computer you were working on with a 1 line command. I shudder to think what would happen today is such a thing were still possible! LOL