We have just released version 7.0.3 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes for this release (and all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes:

• We fixed an issue in which the LDAP SDK did not properly handle certificates with a notBefore or notAfter timestamp that fell in the year 2049 if that timestamp was encoded with the antiquated UTCTime syntax (which only uses two digits to encode the year). It incorrectly used a year of 1949 instead of 2049.

• We updated the ldifmodify tool so that it will report an error if any of the sourceLDIF, changesLDIF, or targetLDIF arguments refer to the same file. Previously, the tool would run, but could yield incomplete results if an input file was also used as an output file.

• We updated the IP address argument value validator to improve performance and to catch additional types of malformed IPv4 addresses that were previously accepted due to leniency in Java’s InetAddress.getByName implementation.

• We simplified and improved the toLowerCase, toUpperCase, and getBytes methods in the StaticUtils class. The former implementations were more efficient than the versions provided in the Java String class in older Java versions when primarily dealing with ASCII strings, but this is no longer the case in newer versions of Java where strings are backed by byte arrays rather than character arrays.

• We updated client-side support for the Ping-proprietary transaction settings request control to make it possible to request that the server acquire a lock using a client-specified scope under a specified set of conditions. This allows more control in the event of lock conflicts in cases where the client is able to determine which operations are most likely to conflict with each other. For example, in a multi-tenant server, it may be useful to specify a scope that includes a tenant-specific identifier so that only operations associated with that tenant will be affected by the scoped lock.

• We also updated the transaction settings request control to make it possible to override the conditions under which the server may attempt to acquire a single-writer lock. This was previously only controlled through the server configuration.

• We improved error reporting in the dump-dns tool for use with the Ping Identity Directory Server.

• We updated client-side support for the Ping Identity Directory Server’s version monitor entry to handle attributes used to indicate whether the server is running in FIPS 140-2-compliant or FIPS 140-3-compliant mode.

• We updated the documentation to include the newest versions of the draft-bucksch-sasl-passkey, draft-bucksch-sasl-rememberme, draft-codere-ldapsyntax, draft-ietf-kitten-sasl-ht, draft-ietf-kitten-sasl-rememberme, and draft-schmaus-kitten-sasl-ht specifications.

We have just released version 5.1.4 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository.

The release notes contain a more complete overview of the changes included since the 5.1.3 release, but here’s a quick overview:

• We fixed an issue with the fewest connections and round-robin server sets that could cause them to leave a background thread running if one of the servers it had been using goes away permanently.

• We updated the TLS cipher suite selector to improve compatibility with JVMs (like the one provided by IBM) that use an “SSL_” prefix for all cipher suite names, rather than using “TLS_” for suites associated with the TLS protocol and only using “SSL_” for suites associated with legacy SSL protocols.

• We have updated the TLS cipher suite selector to improve the order in which it returns the names of the recommended suites.

• We have added new key and trust manager implementations that can use X.509 certificates and PKCS #8 private keys read from PEM files. We have also added new utility classes for reading certificates and private keys from PEM files.

• We updated the LDAP SDK to support running in a FIPS 140-2-compliant mode using the Bouncy Castle FIPS provider (and the associated JSSE provider). The Bouncy Castle libraries are not provided as part of the LDAP SDK, but if they are separately obtained and included in the classpath, then the LDAP SDK can be configured to operate in a FIPS-compliant manner.

• We have updated the manage-certificates tool to support managing certificates in BCFKS (the Bouncy Castle FIPS-compliant key store format) files.

• We have updated the TLS cipher suite selector to exclude suites that rely on the SHA-1 digest algorithm from the recommended set of suites when running in FIPS-compliant mode.

• We improved an error message that could be used in an exception if a connection becomes invalid in the course of trying to send a request to the server.

• We updated the ldifmodify command-line tool to allow ignoring duplicate attempts to delete the same entry, and attempts to delete or modify entries that do not exist in the LDIF file.

• We have updated support for the proprietary get user resource limits request control to allow clients to request that the server not return information about the user’s group membership in the response control. This can help improve performance when using the control, especially in servers with large numbers of dynamic groups.

• We have updated the LDAP SDK documentation to include the latest versions of draft-coretta-x660-ldap and draft-ietf-kitten-password-storage in the set of LDAP-related specifications.

I always try to go into a movie knowing as little about it as possible. This always means trying to avoid any knowledge of the plot, and sometimes it even means that I try to avoid knowing who’s in it. The buzz around It Comes at Night was so positive that I did my best to go in as blind as possible, so it was a surprise to me when the Joel Edgerton appeared. And it immediately lowered my expectations for the film.

The film features Edgerton as Paul, a history teacher turned survivalist living in a post-apocalyptic world with his wife Sarah (Carmen Ejogo) and son Travis (Kelvin Harrison Jr.). The world has been overrun by a mysterious contagious disease, so they’re doing their best to keep to themselves in their house in the woods and to keep from drawing any attention to themselves.

That second part didn’t go so well because one night, they awake to hear someone trying to break into the house. It’s Will (Christopher Abbott), who claims that thought the house had been abandoned and he was just looking for supplies for his wife (Riley Keough) and toddler son Andrew (Griffin Robert Faulkner). Fearing that turning Will away might cause him to come back with reinforcements, Paul decides to go check out his story and then invoke Will and his family to move in with them, pool their resources, and help them defend their property.

Sadly, there is nothing in this movie that makes me care in any way about any of the characters. It’s very vague, especially at the beginning, which I assume is trying to create mystery or intrigue, but came off as pretentious and off-putting. There are a lot of dream sequences that are probably meant to fool the audience, except that they’re obviously dream sequences and therefore just annoying.

It’s a fairly short movie (only 91 minutes), but so little happens that it feels much longer. And when things do happen, most of the tension that the film wants you to feel comes from the stupidity of the characters, and especially Edgerton’s Paul. He has good instincts and ideas, but his frustrating hesitancy in following through on them is responsible for just about all of the advancement of the plot, and it gets old very quickly.

It feels like It Comes at Night is trying to be a cousin to The Witch (which I refuse to spell with two vees). Knowing that would’ve also helped appropriately set my expectations for the movie, because I hated that movie, too.