Wednesday, September 20, 2017

Three Distinct Antisemitic Trends in Vichy France

Paul Fischer
9/20/2017
Professor Zdatny

Marrus, Michael R. Paxton, Robert O. Vichy France and the Jews. Stanford, Stanford University Press, 1981.

Word Count: 752

Three distinct antisemitic trends in Vichy France

Vichy France and the Jews is research that has been done rereading evidence, correspondence, and documents from the persecution of the Jews in France during World War II. It is worthwhile to highlight some of the critical trends of antisemitism at the time, as well as that which separates French racism from other national discriminatory natures.
Some background is provided into the history of anti-racist measures, helping to establish the surprise with which the French encountered the success of racist movements (25-71). Foremost, loi Marchandeau prohibited antisemitism in the press and had been passed shortly before the invasion. It would be replaced with the Statut des juifs, legislation updated during the war (3). In the first statute effects were primarily felt by civil servants, but as the war drew on, its goals would be expanded in revisions to include mandatory identification, property sequestration, and ultimately death for all Jews in Occupied France. Other empirical restrictions on the activities of Jewish communities included race-exclusive leagues such as l’Ordre des Médecins established August 10, 1940 that effectively excluded Jews from medical practice (160). A similar measure was taken shortly afterwards for lawyers.
Reconciliation of trending French sympathies for the Allies that grew through the war and simultaneously increasing sanctioned persecution of the Jews can be difficult (201, 210). Three examples are useful in addressing this: that of Theodore Dannecker, SS judenreferat, of Xavier Vallat, Commissioner-General of the Jewish Question (CGJQ), and of Ambassador Otto Abetz.
Upon arrival August 12, 1940, Theodore Dannecker, a young officer of the SS, was tasked with bringing the “‘gut antisemitism’ - a visceral hatred undisciplined by reason, patriotism, or a sense of public order” of Germany to France (89). At the time, this proved complicated; even the Marshall Pétain had friends in his inner circle that he wished to ensure were exempted from early legislation (207). Dozens of property crimes and other violence had been directed against Jews in the countryside of France before German invasion, to be sure, but officially these had been hitherto rightly viewed as illegal acts (34, 182). The nature of these crimes were personal rather than organized, and did not near the level of the atrocities experienced during the war. Marrus and Paxton even point to the irony that legislation preventing refugees from getting jobs or obtaining worthwhile occupations created the very conditions of criminality that they were explicitly charged with preventing.
The invasion of France also saw antisemitism drift into the sphere of politics and diplomacy. For one powerful figure, the Ambassador Abetz, “antisemitism [was] one of the levers to replace the reactionary grip of the Church and Army in Vichy France by a popular, anticlerical, pro-European … mass-movement” (78). The use of antisemitism as a tangent factor in contingent political battles directed mass opinion in a manner uncharacteristic of the liberal or communist antisemitism extant in France before occupation.
Xavier Vallat was the Commissioner-General of Jewish Questions in France. Original enthusiasm led to his public admission that “aryanization had produced an unleashing of greed’” (156). He “proclaimed himself a champion of ‘state antisemitism,’ the regulation of Jewish existence by state agencies for the benefit of all Frenchmen” (89). The position was offensive to the Germans, though not entirely out of step with the general strategies that they employed, because the French created the position independently of Germany and without forewarning. While for some, it could be seen as a way of heading off some of the more strict German rules for Jews, it also behaved more harshly towards certain groups of Jews as well (83). Arguably, it is the deviation from German guidelines that may have led to his dismissal.

The successor of Vallat, Louis Darquier, would be a complete contradiction in terms to the first Commisioner-General. With three arrests, he took the level of antisemitism to another level (283). By the time he was appointed in 1942, Laval had taken office and persecution of the Jews already well outside the legal bounds of French sovereignty, began to escalate well out of all legal and moral bounds (251). While the Germans influenced Vichy France greatly, it is a tragedy that such a high level of complicity existed, and co-operation was present even outside of the specifically antisemitic departments, “it was not the PQJ who conducted the arrests and guarded the trains, but regular police” (294).

Monday, September 18, 2017

Technics of France in Crisis: Two Defeats in Strange Defeat

Paul Fischer
9/18/2017
Professor Zdatny


Bloch, Marc. Strange defeat: A statement of evidence written in 1940. No. 371. WW Norton & Company, New York, 1968.





France in Crisis: Two Defeats in Strange Defeat


At the time Marc Bloch wrote Strange Defeat, France had lost territory and its political status was reduced to that of a puppet empire. 1940 was a dark year, and the coming years would force the French to lose hope in the goodness of their national Marseilles, motto, or constituent ideals as a competent force for good. The technics of war, from the point of view of a supply line Intelligence officer creates a distinct prism of analysis for historians that appropriately conveys the logistical predecessors of contingent and subsequent complete defeat at the hands of the Germans. That is, the two intertwining communications stressed in this book are the military losses during the rapid advance of Nazi Germany through France and the cultural capitulation spreading throughout France and the Allies like a disease under the stress of starvation, hardship, and absence of adequate leadership.
The importance of the Maginot line cannot be stressed enough in French plans. Like the Titanic, a great ship so formidably designed no one thought to include life boats except for cosmetic purposes, the French investment in concrete believed to stop a German incursion substituted for proper evacuation and withdrawal plans (52). The French hoped to avoid a war with Germany first through diplomatic means and if all else failed to repulse her by utilization of near limitless resources invested soundly in the same mechanics of warfare found in the First World War.
Germany correctly anticipated the French attachment to a static defensive structure (73). Engines had grown in size, and motorized transports, armored divisions, and even motorcycles traversed the countryside, sowing uncontrollable panic without even confronting the fortifications of the military (51). Bloch hypothesizes that if such an outcome were possible there may have been a path to victory in this early war with full and vigorous retreats to bring the French military together and to make a unified assault on German targets (40). Improper planning led to isolated units, without water or other necessary supplies, that Bloch was personally acquainted with as an officer of the fuel depots (38).
Hitler met with psychologists in the development of the Blitzkrieg in order to ensure that the war would exert the maximum effect on civilian and military populations possible. Mechanical means were used to boost the screech of dive-bombers, for example (54).  The Battle of London showed the Luftwaffe capable of a good deal more than was deployed into France. The French likely would have required more than simple modifications to withdrawals to counter German invasion forces, should such an outcome be conceivable without dramatically changing the fundamental makeup of the French Army. Only half of the battle was lost on the field, however.
By the conclusion of military operations dramatic social class differences in France were extant, and the occupiers sought to exploit these as liberators or bringers of a new form of government: the tyrant or dictator. In the process of authoritarianism, the French would lose hope in their national Marseilles (138). For the first time, the Germans began to fail. Where the military had instilled fear in the mind of France, appropriately enough, intelligence operatives from Germany were thugs. Improper targets were chased, and fifth columnists inappropriately exploited, becoming one of the targets of blame (25). As a consequence, the Resistance lived on.
At the time Marc Bloch wrote, the France that De Gaulle described in London was a fairy tale. Even among the regular French population, “the Germany of Hitler aroused certain sympathies the Germany of Ebert could never have hoped to appeal” and the war seemed lost for the French people as well as the military (150). To Bloch, the political right had sold out to fascists and vassalized France while detracting their political opponents as warmongers. These were elements of a social class conflict with the bourgeoisie as their target. They had “refused to take the masses seriously, or they trembled before their implied threat. What they did not realize was that, by so doing, they were separating themselves effectively from France” (167).


Monday, September 11, 2017

One Thousand Pieces of a National Drama in the Unfree French

Paul Fischer
9/10/2017
Professor Zdatny


One Thousand Pieces of a National Drama in The Unfree French


Contemporary historians struggle to piece together the dramatic events that unfolded in France during the German occupation of World War II. There are a number of grounded facts that make analysis difficult, even contradictory, in practice. Ranging from former occupation to censorship such empirically founded agents of complexity are disambiguated in The Unfree French by Richard Vinen from the distinctly political and deliberate upheaval of institutions, persons, and property in France that occurred. Rather than dwelling on the tragedies in the course of war or the jubilation of victory and resistance, Vinen successfully navigates the integral developments through the war making a perplexing narrative tangible to modern historians.
The presence and widespread impact of prisoners of war in Germany and France blurs the lines between these two narratives; a political narrative was initiated in the hearts of every Frenchman, and stuck in the gut of the Frenchwoman as well (373-5). Uncertainty became a critical theme in this narrative early in the war, and though “it was probably in the bitter cold of January of 1941 that most prisoners finally accepted there was not going to be a large scale release” and that no orders to escape existed as for British soldiers, massive numbers managed to escape from early internment camps (157). On the countryside, both the confusion and the determination to serve France manifested in the panic of the exode.
While a popular film depicting the era, The Last Metro, includes a dialogue in which a woman refuses the implications of an agent of the censor by excusing herself as non-political to which he replies, “but you are wrong, everything is political,” the integral nature of politics to the era is matched by social considerations. Integrity of cached events deliberated through subsequent hunting is best reflected by the opinions of the survivors: “French people recalled the period in terms of what happened to them and those around them, the idea that these multitudes of individual dramas were part of a broader national drama only developed later” (16). The Unfree French succeeds in bringing this social collection of considerable import to political immediacy.
Intractability of the course of action of Vichy France cannot be dismissed as in the words of Bénoit-Méchin “the crowd possesses no organ for thought. Victim of its mental hallucinations and its nervous reactions, it is without defence against rumours and delirious dreams” (94). As much as silence defined the government of Pétain, and the subsequent Pétainism that dominated the colonies, circumstance dictated the actions of the individual French (31, 75). This occurred heroically, as one woman pinned a yellow star to her dog and others donned the symbol in protest though “gentiles who wore the yellow star were often themselves in some doubt about the precise significance of their act” (140). Even Marshall Pétain used the murky nature of the Franco-German occupation in a manner bordering on heroism, declaring to the Germans “if it would take you five days to invade France, it would take me five minutes to deliver my colonies and ships to Great Britain” (81).
The tale is not only one of gangsters and murder, of treaties and betrayal. There is also the final defeat of Germany, and the restoration of France. With the exception of some of the bourgeouisie, almost none found German occupation preferable to the Allied invasion: “Where the Germans had been systematically ruthless with the population, the Allies were confused and tactless” (331). Exposing the system of agents, censorship, and oppression that were in play in occupied territories through World War II helps an understanding of the formal initiation of military operations and of the subsequent blood bath to be formulated. 250,000 Gypsies in France were killed, as were 75,000 Jews. While death camp activity was lower among French citizens than many parts of Europe, and “Vichy aimed to exclude Jews from public life rather than to kill,” foreign born Jews in France suffered near complete extermination, and the highest kill rates of any civilian population in Europe was seen there (136).



Monday, August 28, 2017

Securing the Internet of Everything

Mr Philippe Roggeband
CISCO
Securing the Internet of Everything
Notes by Paul Fischer
Security not as a noun, but as an adjective. It must be attached to everything we do.

Opportunity to share with an audience the work in the cybersecurity space and also to listen, to learn, within the specific constraints of national security.

The people we are facing are highly paid professionals, they make higher salaries than we do. They get caught and after a few years in prison work for us as consultants.

I was recently in Dubai, and the cyber field was described as a graph with the skill level of the hackers and the focus of the hackers being the variables. Spearfishing, with one but not the other is not dangerous, but we need to concentrate on those who have both. Automation is possible for low skilled stuff, but the resources are needed for higher skilled efforts

Why does it happen? It is lucrative. It is lucrative because there is money, a Facebook account is worth about a dollar for each 15 friends. More and more devices connect, and bring formidable growth in efforts of conspiracy

application specific hacking and technology should be used with new objects, cross app of the tech will solve this problem.

Industrial control systems are a totally different beast. Isolated networks nonstandard, developed years ago…
Critical infrastructure were once isolated but no longer, and defense is paramount.  A German attack on a steel factory >> physical damage to the control systems.
Specific constraints, there can be no latency because there is a loop form to the code, any blocking of traffic can result in disaster (i.e., a control valve cannot be delayed when temp is changing), so IT solutions must be adapted for application in an industrial sense.

Next generation TVs with cameras will also create challenges, these techs offer promise, but also must be protected vigilantly.

Creation of the connected battlefield. Not possible without the paramount protections being offered to the field. There is no guarantee they can be 100% secure, but it may be possible to reduce problems. We have many partners, many of whom are committed towards creating such a battlefield, that are also helping to develop tech. For network segmentation, intro of latency, other points to develop this concept.

Analysis of app level data or metadata can allow understanding of patterns in normal actions and warrant intercept actions on abnormal behaviors
The concept of being watched too much is somewhat of a generation thing
In the former generation, there is an assumption that everything made is private unless made public, in this generation that assumption has changed
3 phases
Before you are attacked (two types of firms, those who know they have been compromised and those who do not know they have been compromised)
Deploy tools to decrease attack surface and vulnarability level. This will not stop the attack ,but make the hacckers job more difficultP
Phase two: detect the attack.
Low-skilled attacks warrant no effort, they will be detected. 
Finally, the after phase, what has to be done after the attack has been detected and contained. Forensics and investigations Back to the before phase… 
Don’t just change the locks, but check under the bed for an accomplice of the villain.
CISCO uses TALOS to scout for attacks and to inform consumers of the attacks. Security architecture against the threat of the month, do not present a manageable premise…
Consistency is key to achieving success in security.
The first thing is to establish a context when there is access authenticated to a network
Where how time, etc, if no authentication it must be profiled, and if authenticated, a granular image of the user is uploaded.
Sometimes data can be in a grey zone of action, a device or a file.
Then we initiate device lateral tracking or file lateral tracking. This tells us every device or file that the file uploaded to or device connected to. This allows us after TALOS determines that an attack occurred somewhere to clean up and destroy all traces of the attack.
Growth rate of new attacks on android is hitting 800% per year, which presents a new crisis for us and we have been put in a permanent catch up situation. Hackers have identified the system as lucrative in nature.

Bring visibility on what is happening by leveraging the network, extracting everything from the fabric, 
consistent control, a single source of truth on the topic
Advanced threat protection and intelligence, because no one can match the firepower of TALOS

Finally, reduce the complexity of the system through an architected approach.

Collective Cyber Defence

Collective Cyber Defence - A State and Industry Perspective.

Notes on Professor Dr. Marco Gercke, Director of the CyberCrime Research Institute
by Paul Fischer

under international criminal law
Misconception no prosecution occurs
Critical standpoint against int. Law
e.g. drone attacks
Currently unprotected, they will be. /
Is a cyber attack an act of war?
The cyber world has changed dramatically
No longer the sole domain of the military and other government organizations
It will be prosecuted as a matter of criminality
We are creating our own weapons as governments which will not be able to be once they retire or leave gov. Service
NATO independent states, instead of working on our own in the cyber world we work together, this can be difficult, there is an idea we can learn from.
Now it is time to think like a criminal
They are sharing knowledge free of charge, about cybersecurity attacks
Tools are also being distributed free of charge. Only the developers need to be smart, many criminals simply hit a button.
What is shared among states and industries is very limited.
CIO in an example refused to share information about another company at first even when one was contracted by both companies.
dist. Or otherwise for virus distribution, is a serious crime, but no one reports this, as a company. The state is unable to do anything about it, and may harm the image of the company if made public
This changed two years ago, and big companies began to stand up and say, we have a problem, we have been hacked.
States still do not engage in this behavior.
We are blind until you don’t report it, forcing people, to report, is coming up in Brussels and in Washington, under the Obama administration.
2 ways, report analysis and big data
The question arises about what to do with big data.
The state still does not have the power to protect, so the big data would need to shared with industries powerful enough to offer protection.
Necessity to discuss and to exchange information in the same way the criminals currently are.
Discussion of realtime exchange about attacks.
Prioritization of data sharing, this could be real.
The next step is making sure the companies work together in the defensive
Not every company could build the cyber machine for defense, opinion that cloud computing creates a big problem. The Patriot Act as an example that gives certain government agencies access to the data on your servers where otherwise it would not have that data.
In the industry there is a discussion to reduce the military expenditure but to pool resources more effectively
Let’s apply this to the states as well. Borders and infrastructure may be protectable by states, but the people cannot be protected in cyberspace by the state alone.
Change is the only constant we have, but more corporation is expected.
Transparency can be tough…
… governments are realizing that information will anyway leak, but it is better to have a straightforward process by which that information is disseminated.
Beyond NATO more states are more concerned about sharing standards and technology. States are not yet ready to talk the same language in strategies. We need to carefully move in this direction.

German membership to a convention changed the meaning of the international convention entirely. Translation issues and technological obsoletion created negative outcomes.

We should not stop. The development of a 3D printer is a beautiful thing, but it has been used to print guns and other thiings. That does not mean development should have been impeded.

Thursday, July 20, 2017

Notes on Eric Fischer: Federal Legislation of Cybersecurity

Notes on Eric Fischer: Federal Legislation of Cybersecurity
Necessity to change the current legislative framework for cybersecurity
Role of the federal government complex.
sector specific responsibilities
individual federal agency demands pertaining to various systems

Currently 50 statutes in place but no overarching framework
infrastructure, private
sharing of CI among private and gov
DHS authorities for federal systems
workforce
R and D
cybercrime law, data breach notification and defense related cybersecurity

Several attempts to enact comprehensive legislation have failed.

Passage in the house but not the senate led to reform FISMA and DHS workforce and information sharing inadequacies

The continuing evolution of technology and threat environments has created a scenario in which legislative reform is necessitated

Enacted statutes currently only allow federal involvement in securing federal and non-federal systems in specific statutes, but without an overarching framework mentioned above.
Counterfiet access device and computer fraud and abuse act of 1984
electronic comm privacy act of 1986
the computer security act of 1987
paperwork reduction act of 1995
clinger-coven act of 1996 - CIO and responsibility burdens placed in hierarchy for information security, mandatory standards
the homeland security act of 2002 
cybersecurity research and development act
the e-government act of 2002 - primary legislative vehicle for federal IT management and initiatives to make information and services available online
the federal security management act of 2002 clarification and amplification, federal incident center, redistribution of responsibilities

40 other laws include provisions relating to cybersecurity

Executive branch actions
NIST in the department of commerce > cybersecurity standards promulgated by OMB and prosecuted/enforced by DOJ
US Cyber Command > responsibility for military cyberspace operations
Comprehensive National. Cybersecurity Initiative (2008)
12 subinitiatives declassified in 2010: consolidation of external access points to federal systems, deploying intrusion detection and prevention systems, research coordination, info sharing, ad education… mitigation of risks from the global supply chain for info tech

“cyber czar” - created in 2009 to orchestrate federal cybersecurity activity, no direct control over budgets, NSA is argued to pre-empt

FISMA gives OMB authority to automate continuous monitoring of federal info systems by agencies in April 2010, delegated a few months later to the DHS
Within 2 years an interagency program called FedRAMP was established for cloud-computing cybersecurity

Protection of cyber infrastructure
Information sharing, coordination
Responsibilities and authority
Reform of FISMA
research and Dev.
Cybersecurity workforce
Data breaches resulting in theft or exposure of personal data such as financial information
Cybercrime offenses and penalties
National cybersecurity strategy
International efforts


Discussion of proposed revisions
Posse Comitatus Act of 1879
Ch 263 20 stat. 152
18 U.S.C. §1385
Restricts use of military forces in civilian law enforcement unless it is within a federal governement facility
Violations of the act include direct active use of military investigators, use of military pervades the activities of the civilian officials or when the military is used so as to subject the civilians to military power regulatory prescriptive or compulsory in nature.

There are difficulties identifying when a cyberattack involves national defense
some argue that defense of US information systems must be the purview of civilian agencies such as DHS and FBI due to privacy and civil liberty concerns unique to cybersecurity, even If the other option is more feasibly implemented

Anti trust laws
Sherman Antitrust Act
Wilson Tariff Act
Clayton Act
Section 5 of the Federal Trad Commission Act - prohibits unfair and deceptive trade practices

These are relevant to cyber law reform because any sharing of information will give companies an edge to compete unfairly with one another.



National institute of standards and tech act



Federal Power Act
Authority over interstate sale and Transmission of electric power
Must change in light of the development of smart-grid systems

Communications act of 1934
FCC - all wired and wireless communications
Presidential authority to control all stations capable of emitting EM radiation
To close such facilities as well.
This could be considered an internet kill switch interpreted directly (section 706), there has been considerable debate about whether such an authority exists, or whether further authority needs to be meted through legislation to clarify and delimit

National security act of 1947
Created NSC CIA and Sec. of Def.
Precedures of access to classified information

US information and educational exchange act of 1948 (Smith-Mundt Act)
Domestic dissemination provision originally applied to the now defunct USIA

Restrictive to USIA, claimed to be a Cold War Relic to protect Americans from being propagandized by their own federal agencies.
State Department Basic Authorities Act of 1956
DoS org counterterrorism and HIV response efforts
3 exemptions the act about withholding information pertain to cybersecurity:
Information properly classified for national defense or foreign policy purposes as secret as established by an executive order
data specifically exempted from disclosure by a statute, if that statutes meets criteria laid out in FOIA
trade secrets andcommerical or financial information obtained from a person that is privileged or confidential

Omnibus Crime Control and Safe Streets Act of 1968
Federal grant programs and other forms of assistance to state and local law enforcement
Comprehensive and electronic eavesdropping statute outlawed both activities in general terms but permitted federal and state use of them under strict limitations

Racketeer Influenced and Corrupt Organizations Act (RICO)
Enlarges civil and criminal consequences of organized crime
Repeated recommendation to include computer fraud within the definition of racketeering.

Federal Advisory Committee Act 

Specifies the circumstances under which a federal advisory committee can be established and its responisibilities and limitations requires that such meetings be open to the public and records be available fro public inspection

Privacy act of 1974
Limits disclosure
Requires transparency in cases pertaining to an individual
Code of fair information practices for collection management and dissemination of records by agencies including requirements for security and confidentiality of records

Counterfeit Access Devic and computer fraud and abuse act of 1984
First incident of criminal penalties including asset forfeiture for unauthorized access and wrongful use of computers and networks of the federal government or financial institutions or in interstate or foreign commerce or communication
Criminalized electronic trespassing on and exceeding authorized access to federal government computers
Statutory exemption for intelligence and law enforcement activities


Electronic communications privacy act of 1986
Balance between the fundament al privacy rights of citizens and the needs of law enforcement
Internet was much smaller at the time of passage
Prohibition of the interception of wire oral or electronic communications unless an exception to the general rule applies
Prohibition of wiretapping or electronic eavesdropping
Disclosure of information secured through court-ordered wiretapping
Terrorism Risk Insurance Act of 2002
Risk provided for concrete losses during an act of terror, such as oil fields
Does not currently apply to cybersecurity, and modification may be appropriate

E-government act of 2002

Serves as the primary legislative vehicle to guide federal IT management and initiatives to make information and services available online

Wednesday, June 7, 2017

Notes From Docker Swarm and Kubernetes

Lecture by Jayesh Nazre
6/7/2017
Notes Transcribed by Paul Fischer


Containerization vs virtualization 

Docker terms
Client docker build
Pull
Run
>>>
Docker host

Daemon to images or daemon toregistry to images
To containers

ISO files into drive can be installed, an older form of images
Images need to be stored somewhere, obviously some repository out there
Dockerhub or Google repository are out there, you can make your own as well, in a similar fashion to Git Hub

You do not want those images for federal or state projects to be out in the public
Explanation of the images shortly, but for now think of those as images
.ami docker calls these images

Using two ways of launching the container from the image, running instance of image is what is meant by container
Apache web server can be in container, with application inside it such as word press, create multiple instances of those and create cluster of those creation of say a cluster of web applications
eg. 3 web servers can run the web code and you can create an image of those and tell docker to create three ‘replicas,’ thus if one of the instances fail, docker tax can tell the image to try other instance

DockerSwarm - Linux monopoly until the last two or three years
Three tier architecture with a docker swarm application data and ???? Layers
App layer

Manager to worker
Manager to host 11
Subnet1 10.0.1.0/24 communicates between docker layer container between manager and worker
App data and other layer also communicate through similarly formulated subnets 10.0.2.0/23 etc…


Docker Swarm
Allows a chain of managers and workers this gives a conceptual view of dockers the daemon layer exists between the manager eliminating the mhierarchical problems while retaining the capability of the system to maintain scaling or addition of more managers and workers


Instances serve the docker swarm through the containers

Q: can a host hold more than one role?
A: No behind the scene this host is the via and the docker or unix daemon. Most of the tech supported by docker is linux based, java is more simple to use and is natively supported. A three tier architecture and shebang running on the server is more fun than the desktop

Q: Can you pick a leader to be the manager?
A: another can be substituted for a former leader and that is typically what happens


Docker compost file allows a dialogue between  various clusters with one lines commands


Services vs Tasks vs Containers


3 nginx replicas (service [swarm manager[ branches into three instances of the abstractionnginx.1 2 and 3
These are worker nodes

In this manner if one of the containers fail then the swarm manager will reallocate the worker load to the other nodes that are available

In production there can no docker containers in the manager node if possible
So this previous image of the docker swarm formulated must be amended to move the docker containers to the worker nodes and allows the entire host to spawn on individual nodes


Docker network types
bridge
none
host
overlay

Node1
Br0 network names cape branches into vets and VTEP the VTEP:4789/udp communicates through the VXLAN tunnel to an identical branch under node 2 at a different IP address
Together this constitutes a layer 3 IP transport network
The tunnel is allowed to be created by the docker network type
Layer 3 IP. Transport network should be thought of as the physical infrastructure through the mountain between two nodes, but a VXLAN tunnel allows communication like a tra between the two
In the end in a nutshell you get packages of information between the two nodes
Packets get moved from. One package to another package, the VXLAN tunnel is a well established concept but there are other open source drivers and options that are available 

Docker provides the network and allows multiple nodes, not just two but even three four etc to communicates

Q is the VXLAN traffic encrypted
It does not have the capability of encryption alone, but if the network has its own encryption then the information is safe
If someone uses sniffer or other software on layer 3 IP transport networks. The VXLAN tunnel will not be sen directlys


Docker compose v3
Version:’3 ‘
Services:
webserver:
image: myapache:10
ports:
-8085:80
networks:
-mywebnw
deploy:
replicas: 2
environment:
-mytomcat=mystack1)appserver
sappserver:
image: mytomcate:10
networks:
-mywebnw
-myappnw
0mydbnsw
deploy:
replicas: 2
environment:
JDBC)CONNECTION _STRING=jdbc:mysql://mystack1_mysql:3306/web)customer_tracker?useSSL-false
mysql:
image: mylocalsql:10
networks:
-mydbnw
deploy:
replicas: 1
Networks:
mywebnw
drier:overlay
spam
driver:default
config:
- subnet: 10.0.1.0/24
Myappnw:
driver:overlay
spam:
driver: default
config:
- subnet: 10.0.2.0/24
Mydbnw:
drier: overlay
spam:
driver: default
config:
- sunset:10.0.3.0/24



You do not really need a 3d architecture for the functionally hacker-proof  by allowing a hack of the web server instead of the database server in the event of an offensive action
The reason for the logical reference seen in my tomcat
Iso called images published by apache created by a container on the machine was deployed and a custom image was deployed called my tomcat which can then be used to spawn multiple images.

The logical reference was in mystack1 as the name of the cluster when it is deployed appserver must be the same throughout allowing a logical reference to the server

Talking to six through the communication
In mysql there is only oe replica being referenced, but in order to be logical the environment must be referenced
The image can be uploaded to the cloud or manually loaded into your cluster

One replica because there are some things which must be taken into consideration
It is difficult to have a system that relies on a container for a replica, recreation of two systems
One will write information into the container

The two are not synchronized this resynchronization with multiple replicas will require an FS locally, but one replica is recommended for for local work with a database

You can do aamysql dump to basically allow anything to occur out of the box, through shipping or with the launch event of the container you go out on the network share and pick  up the instance later data file pick. Up, for performance reasons.
With a large database you may experience performance problems with instance loading. There is no need to create docker clusters with the system that is used, and the networking is done for you

If you do want to do it in amazon with out using iOS you can stope your transaction and your data information  and somehow restore it when it dies

If I delete my container I will have to launch whatever data I had in order to have this returned

File systems for schedule errors, you can define a volume

Q launch data and the entry point for the data
Yes, that is there you can put that under networks my. Webnw and driver overlay

Everything must be written in the docker compose file described above

Stateless architecture and micro services coming together to deliver something, designation of a solution that is monotony is not what is wanted, so the databases  must be merged and converged
You do not want this to be in the logical reasoning described above. 
The end result can be incrementally added up to get to the server

When you have a big file you may want to slice it and dice it.
There is only one replica in the example, but three networks are provided using the version before
When the network is created externally I get a copy of the network as well, the program is self cleaning, so when I take down my network the entire network goes down… hence a one-command take-down of the system is possible or conceivable.

You can only do things through the master node, administratively, there is no control in the worker nodes
To log in the master:
root@ubuntu: `#docker node ls
Return of the list of nodes in the closter, these are physical nodes with status availability and the manager status, which returns leader when it is selected as the managing node
So I could have two web servers two app servers, and one SQL

~# docker stack deploy -C /mysoftwares/mydocker/myfinal.yml mystack1
Deploys the file with a logical reference to the Docker Composition provided above, you can use some scripting to make this dynamic as well
So I could have two web servers two app servers, and one SQL >>>> these should now be servecies and networks which have been created appropriately.

~# docker ps
Will give the master status of the system ad the log of when the containers were created at which ports

~$ sudo -s
Will test the system in a sudo system

“Portainer” can be used to create a background backdrop or a graphical interface such as images provided by different providers to deploy in the cluster. All that is done here can be deployed on the command prompt, which may be provided if there is time, which is unlikely

The information is being accessed through the tomcat on the java and attaining the data through mysql database.

Q:
Log files, SSL keys etc. how are these injected or pulled out of the containers
An easy ay to create an image of what you want, and you can do what you want with your baseline, pretty much a unix box, multiple applications web app and data and other systems in place, if you do that your container will die. The recommend to run processes through separate credits Mongoldb these systems will be something along these lines. Think of this container as something that you threw away, you will not try to figure out what is wrong with it it or anything, you will just throw it away and create a new container regularly. Everything done with the unix box will be possible within this program, but you can sell into the container…


If you are new to containerization, docker is strongly recommended before going to kubernetes


Kubernetes:
Host1 master node
Communicates through the API server to hosts 2 and three the worker nodes
This was a contribution from google used to spawn between 40k and 100k containers, contributed to the opensourec community, so many have moved on to kubernetes
In this case it relies on dockers, but can be used to rely on any other container system
The same architecture that is shown here was seen before with the master and worker nodes and master/manager
The difference is the scalable CNI plug-ins Comuter network interface plugins are somewhat alaguous to the tunnel described above, different open source team s such as flannel or calico, create an open source container to create the magic of containers within Pods allowing all of the different functions, from the node proxies to the docker engines to communicate in an interconnected fashion
The Pod Concept
the system must abstract the container that thehdocker is running from its managers
so the master node does not manage the containers they  manage pod. This addresses the hierarchy problem described in the Docker swarm system described above…’
This actually predates docker swarm, and some services have been borrowed between the two
Abstraction of parts, there is no container, there is now the handling of pods


Q: If either of these can containers be migrated across hosts?
A: Yes all of the capabilities described above remain in Kubernetes

Recommend production of 3 systems if possible in a nutshell to create all of the boxes API server, container manager, LCD, such to be easily accessible

The easiest way to instal kubernetes into your laptop is using qinikube
Another option is kubeadm
this allows multiple aDm to be in a cluster, while qinikube allows one admin and to play with the concepts of the swarm


Allowing you a graphical way to instal the kubernetes cluster


For a company the best bet is hosted

Options o fate graphical interface allow the cluster on multiple providers
Google has the system allowing how many masters and how many workers are necessitated in order to maximize efficiency

Amazon EC2 container service dis not related to kubernetes, but for docker but works better wtihAWS and should be used for those experimenting with that.

You can build all of the earlier systems


Kubernetes - sample app (deployment)

apiVersion: extensions/v1beta1
Kind:  Deployment
Metadata:
name:mywebappdeploy
Spec
replicas: 2
template:
metadata:
labels:
app: mywebapp
spec:
containers:
-specname : 
….

apiVersion:v1
Kind: Service
Metadata:
name mywebappservice
Spec:
prts:
- port: 80
protocol: TP
selector:
app: mywebapp
type:NodePort


Master talks dialogue with hipster that has dialogue with storage backend, Kublt cAdvisor on connected nodes as well as the containing node


Graphical version of managing your cluster exists in both, but this does not ave to be done in command prompts

Q: are there advantages, which can be used for dockers forms today?
A: unless it is a cost concern I would d not recommend it for production, but for rfinished products, the costs of VMs if you have an old provisioned instance then this could be used


Use a docker paid center and it would be a very large charge, and to get into the infrastructural awareness


Use it for the tear down, to integrate with Jenkins or other ALM extant.

~$ minkube status
~$ minikube start
~$ kubectl get pods — output = wide
Will show you the pods, the restarts, ages IP and status

~$ minikube dashboard