 All right, well, I think while Alex is figuring out the location, we can kick things off. Welcome, everyone, to the Ask the Experts panel for data privacy and governance. We have a bunch of great speakers here with us today. My name is Anishas Thana. I'm a software engineer working on the Open Data Hub. And I'm just here to moderate the panel. Mike, could you give a quick intro? Yeah, sure. My name is Mike Bussell. I'm part of the Office of the CTO at Red Hat. And I have the title of Chief Security Architect, whatever that means. And I'm also a co-founder of the MLARTS project, which is using trust execution environments for sensitive workflows and data and stuff like that. Very cool. Jamie? Hi, I'm Jamie. I lead the data governance policy here at Red Hat and have a lot of passion around and experience with customer data security protection and privacy. So I look forward to your questions. Absolutely. Adair? Sure. Thanks, Anish. Hey, folks. Uday Bapanna, product manager for data services, AI, and machine learning infrastructure at Red Hat. Also been involved a lot in the Open Data Hub since inception, trying to figure out the data services and the privacy and security aspects of it. This was a bit where I was going to ask Alex to introduce himself, but he just disconnected. Well, I guess I can introduce him. Alex is technically my boss. So he is one of the managers for the Open Data Hub team at Red Hat. And he's responsible primarily for running it. Oh, there you go. I'll let you do that, Alex. Who are you and what do you do? For the introduction, let me know if my internet starts to drop. I've just moved into a new house. And right now I'm at my in-laws who have that internet because my new house doesn't have internet yet. Like Anish said, I am a manager on Red Hat's internal data hub team. If you're familiar with the Open Data Hub project, well, I guess if you're not familiar with the Open Data Hub project, there's a platform for doing data science machine learning type things on OpenShift. And my team, we run an instance of that Open Data Hub here at Red Hat to enable teams at Red Hat to use the Open Data Hub to do data science-type workloads. And as part of that, we own a platform that stores and manages a pretty large amount of data. And we have plenty of challenges around that, sharing that data with various different teams. Awesome. So yeah, I guess I'll take things off then with some third. Jamie, would you mind telling us a little bit more about what a day is like in your life? What are some of the operational things you need to worry about, all that one stuff? All the amazing things that everyone is always interested in. So for me, I start my day looking at the news really to see what's happening in the privacy space. You see changes every day. You have Privacy Shield. You have the Brazil Privacy Law. You have yesterday I saw something from Washington State. Privacy is making its way through the headlines on a daily basis. So trying to think, what are our customers going to be asking? What are the requirements? What type of approach are we going to take? What are the guardrails that we can put in place? What are the business controls from an operational standpoint or a technical standpoint? Those are the things that I really think about on a daily basis and how we can always improve. So as things change, I guess it's an opportunity to improve the process and the experience as well. All right. All right, thank you. Sort of trying to leave from that. So there's a lot of open source projects within the space for data security. We have things like Open Policy Agent. The previous presentation talked about Open Scab. Then you have Enox, Datamash, Agiria. How do you sort of see those fitting into this bigger picture of protecting data? Both within Red Hat or in the industry as a whole? So I didn't kick that off, Anish. Yes, so there are a series of new open source projects that have been incubated over the last two, three years, specifically on the data privacy and security aspect. And these projects are good in that they are following the path laid out to the original database sort of a workload, right? You still have lots of unstructured data, but the policy, the security, the governance models and the requirements haven't changed. And we've seen a good amount of open source projects come up around those areas. The next step of evolution in what I see based on interacting with these communities is the need to put these projects together into a true solution right now. There's some good projects solving really good problems, but we need a way to connect them together. We need standards or standard interfaces to connect all of these together. So you get the security and privacy requirements, but also the end user and the admin and the chief data officer experience that they desire. So do you think companies are ready to start adopting some of these open source tools for security and data governance? Or do you think like the push is still towards some of the larger commercial close source offerings? So I'm gonna come to it from a slightly different direction. So my interest is more on some of the lower level tech that can support some of these capabilities. And I think we are definitely seeing a world where companies are getting wise to the fact, I'm not just companies, you know, larger organizations are getting wise to the fact that open source means that it's auditable. It means that, you know, you've got to be aware of the many eyes hypothesis where thing open is just better because more people look at it because security isn't like that. You need trained good people who are experts looking at it in a structured way. But when you have companies such as Red Hat or many companies out there supporting open source and security related products or projects and making sure that you do have expertise, I think that people are beginning to realize from the bottom up at least that actually there's a lot of benefit to that. And what's more, you know, if someone, if you don't need to have multiple people, multiple organizations auditing a project from different points of view, it can all be done once. And there's some interesting things going on in a world out there about supply chain and how you manage that and the open source world, et cetera. But at least it's open, at least you can see it. And I think that, you know, companies are realizing that certainly from the bottom up. Now I can't talk to some of these, the sort of higher level constructs that are being put together about that other folks on the call can, but I would be surprised if that doesn't start happening if it hasn't already, frankly. So to add to what Mike said, what we're looking, seeing in open source is a lot of these good technologies being developed, right? But as I look at it from the community and the community composition perspective, this is a great area and a chance to bring the non-technical folks into open source, to bring the auditors, to bring the lawyers, to bring the legal folks, getting the right thing in security and privacy. And that domain needs a lot more expertise than just technical experience or documentation, right? We need the domain knowledge and we need to expand the scope of these open source communities to include those knowledge experts that can help the communities and then produce the right project and product. I think that's where we have a big step to go next. I didn't agree more. It worries me whenever we have any project which doesn't look just beyond the techies. Well, for pretty much anything, but particularly where you're in a world of compliance and auditing and things, you absolutely need to have that involvement. And as you say, in open source, there's a great opportunity to do that. Anyone have any ideas about how to encourage that? So my team, the Open Data team, and I absolutely echo what you guys have been saying. When we've been able to get people just, my team, which is purely technical, involved in these sorts of discussions, we've been able to see really great progress. If nothing more than identifying requirements and use cases for what we need as coming, our background is not purely managing data and building out big enterprise level systems for that. We don't have necessarily the use of expertise around that. I've done a really good job, at least within the Open Data Hub community seeking to actively pull out that engagement, or those engagements as community members, right? So, Mike, to your question, how do you get people involved? I think you have to be really deliberate in inviting people to come in and asking them to come in. I think we've found, and certainly across all the open source communities we've been in, people are really eager to help. They just want to know, they need to know what to help with, right? I think being very deliberate and intentional with, keeping your eyes open for people who have these expertise you're looking for, and inviting them to community meetings, inviting them to present with your team, inviting them to collaborate and think about, we need you experts on what three requirements do people need to have for data governance, right? Give them something specific to help with it. I think people are eager to help. And to what Alex said, one thing also that's different in here is, it's also more cultural in that open source communities have traditionally been looked at as areas for incubating great technology, right? But we need to frontend some of that with the classic, like you said, the closed source offering processes where we have wireframes or mock-ups that we can bring these non-technical folks into, but still get some really good feedback, make sure they understand, and we understand the requirements. I have a question. So, Sharad Griffin was asking, so I guess in that same way, many of the protection laws that have been put out there are vague policies and processes. Are you seeing anything being done from the open source communities to help bridge government policies with practical usage of being able to execute on these? I think an example here would be the foundational pieces that you're following for something like the GDPR, right? So, I mean, that's something that would be foundational from like a privacy by design, security by design lens, right? And then you would then create your own processes and guidelines and policies around how you're interpreting that and following that and how you can go back and audit it and basically verify and improve as you go along, right? So, I don't have any specific examples, but I think that is a guiding principle that you would as an example for a GDPR. So, I'm aware of one, which is being talked about at the moment. So, I talked about the NARCS project. That's part of a Linux Foundation project called the Confidential Computing Consortium, which is about using trusted execution environments to protect data in use. So, we're already thinking about whether we should be engaging with standards bodies to say, you know, GDPR says you're only allowed to keep stuff, I'm oversimplifying it. Let's say some of these things say you have to have things encrypted at all times if they're outside a particular jurisdiction. Is it acceptable to say, as long as it's encrypted in this hardware controlled and audited manner to be running stuff so I could let's say process data in this protected way because it's always encrypted from the rest of the host in a different jurisdiction. And I think they're HIPAA, there's some other things around there about we've got these new technical controls. Can we apply them in ways that meet the spirit of the law or spirit of the regulations where frankly, the letter is not clear? And I think there's some opportunities arising in a number of areas there actually. That's just one that I happen to be a big bit. Very interesting. Yeah, I really never thought about it from that perspective, you know, and to that. Taking a step back from open source, what are some challenges that we generally see our customers facing with requests regarding data security and privacy? So what? Yeah, I think, you know, for our customers, they think obviously it's, you know, data brief. And that's brand, that's reputation, that's money, that's fines, all the things, right? Liability, you know, they are looking to see, you know, what, you know, certifications you have, you know, they're looking to see how you, you know, how are you, what are your controls for how you implemented, you know, something in the privacy or security space? You know, what are you doing in these areas? You know, there's a lot of questions that we get asked, but, you know, those things, you know, help us to understand, you know, the new requirements coming down, right? So you asked me what was top of mind of my every day is always making sure that I'm up to date on what's happening in the world because we are going to get a question from our customers asking, hey, I just saw this, what are you guys doing about it, right? So, you know, really just making sure that we are, you know, we acknowledge that we, you know, are following and, you know, understand that we, you know, we are implementing, you know, as we kind of go along, as well as things, you know, change so quickly. So, yeah, so from my role of talking to our customers and trying to understand across the management's chain and what the challenges are, one thing that always keeps pops is trying to balance this idea of security and privacy and compliance with keeping the data set meaningful enough to do something useful with it, right? You can't anonymize every element of a data set and then make it useful. You have to find that right balance. And then the other key challenge that goes with it is it's also about automating that process of solving the challenge, right? Even if we know how to sanitize a data set, are there tools, are there projects out there that can automate it? Because a human being cannot look at so many lines of our data sets and anonymize it manually, right? Is there a standardization process that can be done? Like here is standard process of anonymizing the medical image. Here is what you do if it's payroll data, right? The missing link there is that there aren't many projects or software solutions in that area too. Yeah, that's a problem space that we work in a lot. I'm worried more, let me know if it is. But my team is the only kind of a general purpose data lake here at Red Hat, right? So we have countless numbers of discrete data sources in our system added every day, right? For us to be able to manually audit that entire data set and know what has information in it, what needs to have restricted access, et cetera, you could never try and scale to do that all on our own. So looking for open source tools that will let us automate the process is key. We're fortunate to have some great partners here in the opposite of the CTO at Red Hat, building AI ops type pipelines where we try and do things like automate scanning of data to identify what needs to be masked. That's a big kind of area where we see a lot of potential there to be able to scale out. Yeah, so I was lucky enough to be able to take part in a Red Hat research day early this week where this came up specifically. I've just put the link actually in the chat. The sessions were recorded and should be available to watch soon, but there's some really interesting academic work going on, some which is beginning to bleed through. I'm sure that Alex and folks are aware of this. And we have some interesting links with Harvard and Boston University and folks, people who are working on a sort of area. I just thought it might be interesting for people to have a look around there. Really complex stuff, it turns out, and really interesting too, but it looks like some of the stuff is beginning to bleed through into real world use cases, which is fantastic. So I guess this may be a loaded question, but are you trying to see some engagements between these academic research things and open source communities in the space? Or do you foresee that being something that should be happening? One very specific example of a corpus that's been put together for that is called Open DP, Open Differential Privacy, or Privacy if you're a Brit like me, which is trying to bring together some of those tools and make them open source. The algorithms, the tools, the frameworks as well. I think it's an area where academics are realizing that actually it's a great way to get some visibility is to go more open source. Again, I'm not hugely in a great position to talk about this. I just watched the talks and I'm passing on what I found. Really interesting. I'd hardly recommend that anyone who's interested. We've got some more questions. People keep asking questions that awkward. That's a good thing, right? They're engaged. So Ricardo asked, with the growing number of privacy laws in the world, how can a company adhere to all of these laws? What guidance should they be looking for? Yeah, that is a great question. And I think the GDPR bar was so, is that like foundational, really made us think about privacy in a totally different way than we ever have, right? And a lot of companies took a global approach. Redhead has taken a global approach. So when you take that global approach, it makes it a lot easier to then adjust to the Brazil law as an example, because it's kind of a copy of the GDPR, yeah. So there's some differences, but there's a lot of similarities in how you would implement it, right? And the ones that really get tricky are the ones that are on top of the GDPR and the ones that are state specific in North America as an example. There's so many different nuances that you have to follow. So if you take like the highest bar and you say, okay, we're gonna take the global approach that you cast such a wide net that you can then be able to move with the changes rather than be more proactive versus a reactive mode. And you also have some time to implement based on when things kind of go in effect and how you're enforcing. So Jamie, a quick follow up question then to that is, I mean, what you said seems pretty similar to what we see in the tax law side of the world, right? Every county, state, a country has a completely different way of doing things that may not fit together, but that has been to a certain extent automated with the softwares and such, right? So do you foresee something like that being possible in the security and privacy area and then would open source be a good area so we can all have a common code base to build upon? What do you think of it? Yeah, no, I think it'd be great. I'm always looking for open source, solutions with, you know, compliance and I just would love to see more of it. I think this is a space, it's a huge opportunity where even in the commercial space, you don't really see a good solution, right? They're all kind of the same. They're not really, they don't really fulfill all the requirements. So I mean, I would love to kind of, you know, see an open source version that would help on a global level, right? Someone who can, you know, something that would encompass, you know, everywhere that we can kind of put it together and put the similarities together so you can see it holistically, right? And not being so, you know, region specific, if you will. But yeah, I think it's a great opportunity and there's a lot out there to kind of, you know, kick off. Interesting. So, well, speaking of that then, right? Like do you see intelligent automation of all of this stuff being very important, right? Like since with all the data growing, it's just growing, right? More and more companies keep getting more data. We have more data centers everywhere. I think, well, I say, I think, what do you think of like building our open source systems with this automation built in from the get go, right? Was this sort of trying to go back and apply some ML principles through it? Yeah, and I think that goes back to the principle of just treating data as an asset, right? I think, you know, we really have to look at it in that way and then the rules kind of are like the guardrails to kind of ensure that you're moving that forward. But yeah, there's no way that we could do this manually at all and we shouldn't be doing it manually in 2020, right? So I think you definitely need this technical, business controls and policies to safeguard, you know, you along the way. Yeah, like automation is going to be required. What I think will be interesting to see is automation gets pushed out to like the end to use an overloaded term of where the data gets generated, right? It seems like trying to do all this automation on a central data lake would just entail these massive batch jobs that would take forever because of how much data they have to operate on, which, you know, might not produce the best results or at least add some latency, right? Can we push that automation out closer to the source of the data to know as data's coming in, you know, flag identify whatever sensitive data gets generated, do whatever masking we can or at least, you know, flag it for future processing kind of thing. I think that will be an interesting space to see what. That was again something that came up and on the research day, it was talked about a bit there's some interesting things going on there. It's worth finding out about. I try not sound like an expert, cause I'm really not. That's a. Very cool. So we've been talking a lot about GDPR and CCPA, right? You know, like not quite specifically, but sort of dancing around those questions. What have you seen for your customers who are already using open source products, right? And it doesn't have to be products for data compliance or data security, but just, you know, general usage of open source products. How is it affecting their day to day with sort of their workflows and, you know, going more specific, how is it affecting what they try to do with AI and machine learning? I think GDPR is your individual right to privacy and your California Consumer Privacy Act is really focused on the consumer, right? And kind of protecting a specific demographic, right? For their right to privacy. I think, you know, there's, we need to find a better way to automate. I think that's been like the theme here, right? You know, for sure is something that we need to do, but understanding the difference between the two, right? Is that that they all kind of mesh together, right? I think that just the requirements, we need to make it easier just to audit and to make sure that those business controls are the ones and technical controls are the right ones and that we can adjust along the way. Yeah. So, yeah, so it's from people, customers using open source. The feedback has been good. So they see a project that's open so they can go look at the code and figure out and make sure it does exactly what it does and there's no approaching horses hidden inside or no loopholes, right? So the place where open source helps is for security and privacy is, you don't just get to control your data on paper, you can have you or a friend look at the code and say that it really controls and does the right thing, right? So that's where we're seeing a lot of positive feedback and then good vibes on the open source side. Yes, I think we need to still work on the open source aspect is one, make sure we put the right usability framework around it, right? Most of these tools in the end are supposed to cater to a non-technical audience, highly technical in their fields, like the legal and the auditing field, but not technically in the computer science a sense of the world, right? So we need to make sure we make these tools applicable and easy enough to their workflows and to their usability standards. That's where I think we have a gap that we need to close fast. And then comes, this is where the commercial aspect of open source comes, right? We have a solution, but there's also the legal certifications that we have to go through these agencies that we have to go and run their test feeds or have them look through the code and certify that the tool is the right tool to use. And that is where some of the commercial vendors dealing in open source can really help because they already have staff that can do that or have had those relationships in the past. So that's another area where we can really help out. So to kind of hop a little bit on the technical user tasks, Felix, have you seen any problems with this internally, right? Since you manage a big data lake, do you have any thoughts to share here? I think the biggest challenge we have is there are all these open source tools in this space, right? There are all these different places where you might store data. For us, it's Elasticsearch and Kafka and S3, right? And there's all these different tools that process it and there's all these different tools that people use to analyze data. And in the past, I think, you know, there were a few big players in the space that it was easier to build a solution and it worked for that one big player. But today, people want to use one of, and different tools they want to be able to pick the best of breed of what's available to them. And so from an auditing and security side, it has to work with everything and do its job really well with everything. That's the challenge we're really trying to overcome. And so that's honestly what has made progress a little slow for us, you know, trying to figure out what is the lowest hanging fruit the highest priority thing to try and try and tackle in the security space or in a solution to build with these open source tools. Well, it's like you could read my mind. You just said of my next question, to some extent. So we're talking about all these like transitions to technology, right? And like these different paradigms where you have a lot of these different tools coming in, good, but then this might be for you. How do you think the evolution of like how we store and access this data has affected these, the tools organizations are using, you know? That certainly with GDPR, you know, adding constraints on where data can be stored, it forced people to be more flexible in how they ran. So previously when like, you know, corporations controlled all the data and could decide, you know, where to run the data, whatever is easiest for them, they didn't necessarily have to like worry about all the added complexity, just do whatever is easy for them, pick the best product and just run it, right? For us having to be able to build a solution that works across all of, you know, whatever cloud provide you pick in the world, whatever country pick in the world, whatever on-prem thing you pick in the world has kind of, I guess maybe not leveled the playing field but forced us to build better solutions that work across a wider range of these cases. And I think there's a couple of things also going on that are forcing the trend, Alex, right? There's one, it's just the classic, the volume and scale of data, right? Organizations are now starting to think, how do we manage this data at the largest scale that we have them? It isn't a data warehouse or controlled by a vendor anymore, right? You have a lot of data coming in. So how do we apply these policies at scale and how do we scale out the tools and the processes to support it? And the second one is just the amount of data coming in, right? In the past, when you had structured data warehouses and databases, you had data coming in a very structured format, you knew exactly where it was going in, in a table or a column. You don't anymore, right? It could go anywhere from a text file to CSV to whatever image user uploads now. Just the variety of data has grown so much that they are realizing it isn't a single tool that can solve it. You have to have multiple tools that and then have to collaborate to make a solution happen. OK, yeah. We answered quite a few of the questions. I think you pretty much answered most of the ones I prepared. I had a question which I was thinking about, which is we hear a lot about your CFO or your COO or your Chief Risk Office or whatever getting involved because there's now liability at the board level for making sure that your data governance is managed. How much do we think that they care about the technology? Obviously, they want things automated. Are we seeing pressure from that direction at all? Do they care about open source? Do you see what I mean? Because often you'd expect the decisions around this sort of thing to be a level down. But if the board really cares, how much are they getting involved? Is that something anyone can talk about? I have no idea. I know that at some companies, it is at the board level. It is on the P&L level where they're tracking it as well. I'm not sure what the connection to the open source is. But it is, I know, something that it's becoming more and more aware. And I think, Mike, you bring up a really good point because I think with now COVID, I think privacy and security is at the forefront of everyone's mind. Everyone is going to the doctor, whether you want to or not. You hear about it. How are they going to track to make sure that I'm six feet away from someone? Or how is my information going to be protected? And what are they going to do with this analysis now if I got tested? So I think that everything is just really starting to bubble up. And I think privacy got a wave with GDPR three years ago. And now you're on this wave now with COVID, right? With, hey, it's even more important now. And it's so important that individual states within the US are now considering, OK, what do we want to think about with HIPAA? Do we want to put that with some components of that with CCPA? Or do we want to put components of that with something else? It's a different conversation than it ever has been before. And I think until you see enforcement in that area, it will become real. But I know that some companies are putting on their P&L. And then Mike, again, it's a discussion point, like you said. I don't think we have an answer. But do they care for the technology part? Do they care? I think it's not about the technology pieces they care. But in my view, being open source gives you an extra level of security, right? So you have the multiple eyes who can get things at that same code base, which certainly, if you are a board member, you would rather have something that's been widely accepted that your peers have accepted and looked at. So that aspect is where I think open source is at the top of the mind all the way up to the CXO level or even the board level is that multiple eyes issue, right? And the second area where open source is up to their mind is it's just extending it easy, right? If you have a specific use case in your company because you're in a slightly differently regulated industry, it's easy to get pulled on an open source project and add stuff in there to suit your industry. It's not so easy for a proprietary software. I think that's where also boards do is, I mean, boards and CXOs look at M&A for an year or two down the lane. They plan for strategy, right? And the tools need to support those M&A operations or extensions easy enough. And I think that's where open source is gaining mind share. Justine. Yeah, I mean, you mentioned COVID, Jamie. There was a case last week or so, 18,000 COVID patients. All of the COVID positive patients in Wales, which is part of the UK, PII, Personal Identifiable Information was released by accident as a big breach. And the thing about that is, of course, they may have other underlying health conditions. They may have other genetic or other conditions or other information which is unrelated to COVID but is now being released as well. And it really does bring to the fore. You're right, we need to be thinking about these things. And it's not just companies, it's governments. It's charities. I'm aware of an organization and not anything to do with Red Hat, I should point out, where they have a whistleblowing policy and all good stuff. And someone was searching for the whistleblowing policy on their internal intranet and found not only the policy, but all the cases of whistleblowing with all of the information and all of the details of how it had been managed. And that is the sort of thing you really don't want to be happening, right? And these are very different types of cases, but they're what we should be worrying us. And which I hope folks like you can sort out. It'll be great. So, I think you've been interested in a topic that a direction that we can take the conversation is. So, till now we've been focused on the front end, right? How do we make sure we respect the security laws, the privacy aspects and the privacy issues of individuals? But you bring up a good point. So, what about post-breach? I mean, these things happen as we have seen, right? So, once there is a breach, once things get out, what are some things we could do, both from the software automation aspect of it and even from the process side to contain the amount of damage that's happening? Or how can we contain the blast radius once there's a breach? One of the most important criteria that we... Sorry, the one of the most important criteria that we focus on in building out solutions is auditability, right? When a breach has happened, you need to know what has happened and what the scope is. That's kind of box number one that we're trying to check is with the solution we're building together with all these tools, how can we know who accessed what data when? Yeah, and this is tricky stuff. I don't have... We don't have ways to wipe people's memories or wipe all the machines that things have gone to. I'm kind of pleased to say, I guess. I think there are some techniques from cryptography and the world of sort of certificate management around revocation that we should be thinking about. Now, what can we revoke? Are there... It doesn't stop things being exposed, but if you can revoke access or you can make it clear that things are not certified or whatever, it's really hard. But I think we need to think about some of these time-specific capabilities. Maybe we should be removing data. These days we want to keep data for as long as possible, but there are occasions actually when removing and deleting data is the right thing to do. Just because we've got the space to keep it doesn't mean we should. Yeah, and I think understanding the why, right? I mean, reach has happened because it's human error most of the time, right? And just understanding why did that happen, right? And why was that a good idea at the time? Because what had been a good idea three years ago is not a good idea today, right? And I think just being just a trust in transparency, making sure that you are saying, hey, this is what we're doing. These are the steps that we're following. And I think that goes a long way of rebuilding your brand and relationships because that really is what it comes down to is how are you gonna be that trusted partner once this does happen and customers then have the assurances that, hey, hey, they do have those controls in place. I feel good about it. This is how we kind of all came together and move forward. I think that's the other side of it. So that raises another question, maybe we don't have much time, which is that are consumers getting blasé? Are they getting stuff leaks all the time? Should they be more worried about leaks? Yeah, I mean, especially with your COVID example, right? I mean, I can't imagine just from a discrimination standpoint or all the things that could happen with that, right? I think people do care. I think it does matter. It is in the news daily and I think it does impact consumers choices as well, right? It's the whole trust thing, right? Am I gonna really wanna do business with a company that just exposed my credit card? Probably not, right? Especially if I hear that it's a repeat, right? Breach, that's where I think it becomes really a bad situation. The thing that excites me about open source is I think it's creating those choices for people. People don't wanna feel like they're locked in. They don't trust somebody, but there's no alternative. I think with open source, we're creating alternatives. A lot of interesting discussion here, folks. Thanks for your time. We have like a minute or two left, but I'm finally calling it right now. Just as a general announcement for everyone here, we have, I think that'll be 35 minutes between, well, for lunch now. So the next set of sessions will be starting around at 12.50 Eastern time, which is in converted to your time zone. I think schedule it, schedule it, let's you do that. So yeah, thanks a ton, guys, for hopping on to this. And please come along to the session. I'm co-leading at 10 past five on NRT, which will tell you about a very specific technology. I'll just plug that. Thanks, Anish, for leading us through this. It's been fun, folks. Thanks, folks, and thanks, Anish, for reading the discussion. Thanks everyone. Bye. Bye.