Presentations

AI models are rarely built from scratch. Through model reuse and transfer learning, organizations inherit risks they may never see. This session explores how backdoors, poisoning attacks, and evasion techniques survive across generations of models, exposing downstream systems to compromise.

Air-gapped networks promise protection, but real-world needs of updates, monitoring, & human access quietly reintroduce risk. This talk shows how air gaps fail in practice and presents an “air-gap++” approach to achieve stronger security while enabling business development.

As AI systems become more complex, developers are discovering that the database, not the model, is the real foundation of reliable AI. In this talk, I'll explore how Postgres can function as a full AI application server and control plane by combining Retrieval-Augmented Generation (RAG) with the Model Context Protocol (MCP).

We’ll walk through a real implementation: ingest pipelines, vector search, metadata ranking, caching, provenance tracking, and LLM tool-calling, with Postgres acting as the system of record and the control plane. Then we’ll expose those capabilities over MCP so LLMs can safely query, transform, and orchestrate data.

The result is an end-to-end AI system where RAG, tools, transforms,  logs, and automation are anchored in Postgres, providing a single, reliable foundation for AI applications 

This session will review essential performance tuning and configurations for Postgres.

This session will review the basic jobs, terminology, and technical details for DBA tasks in Postgres. 

This session will review essential query performance tuning and for Postgres, an essential skill for developers working with Postgres daily.

This session will review essential troubleshooting for Postgres, reviewing how to monitor and log Postgres, using Postgres’ internal catalogs, and common problems and fixes. 

PostgreSQL, maintained as an open source project, is an ideal database for teaching relational theory and demonstrating database internals. However, so far, few academic institutions have adopted PostgreSQL for their educational needs.

One of the goals of Prairie Postgres NFP, a Midwest non-profit, is to bridge the gap between Industry and Academia with the help of PostgreSQL. We advocate for using PostgreSQL in data management courses and invite students and faculty to participate in PostgreSQL conferences and meetups.

In this talk, we will share our successes in this journey and highlight the problems we are still trying to solve.

Join us at SCaLE for an engaging session featuring enthusiastic members of the PostgreSQL community! This is an excellent opportunity for attendees to connect with experts across various realms, including user groups, conference organization, core development, exhibitions, and advocacy. Whether you're a newcomer eager to learn or an experienced user with specific inquiries, our knowledgeable panel is ready to provide insights and answers. Don’t miss your chance to be part of this vibrant discussion!

Moderated by Ryan Booz.

Join us to hear about using Postgres for the very first time. 

A full PostgreSQL training day adjacent to the SCaLE LA event. 6 hours total, running for a full day as a single track (with 90 minute lunch break). Attendees can attend some or all of the event. Aimed both at new Postgres users and those migrating from other db systems. 

Power imbalances are everywhere, including in our OSS projects. Corporations hold power over projects that result in relicensing, forks, and other disruptions. This talk will cover these power dynamics and suggest steps that we can take to make better decisions about which OSS projects to embrace.

California's two largest public university systems—the University of California (UC) and California State University (CSU) —collectively serve over 750,000 students across 32 campuses. These universities also have a proven track record of building transformative open source projects and related technologies. If these two systems were to increase collaboration in open source and combine efforts, this could create a powerful engine for California's economic development and public good. This presentation will look at the potential of UC and CSU collaboration and how these efforts could create tangible benefits to the state and local communities, as well as provide pathways for greater industry-academic collaboration on new technologies

If you've ever had an application that needed hundreds (or thousands) (or tens of thousands) of connections to postgres, then you've probably needed a connection pooler. And if you've ever used PgBouncer as your connection pooler, you may have run into some challenges, or problems, or confusing behaviors, or all of the above.

In this talk, we will cover what can go wrong, how to fix problems, and how to monitor to keep your database, clients, and DBAs happy.

What if I told you there's a way to spot memory leaks, CPU bottlenecks & performance regressions—before your users feel them?

And if I told you it works across every runtime, in production, with zero instrumentation & near-zero overhead?

And if I told you almost no one is doing it?

Profiling has finally joined metrics, logs & traces as the 4th core signal in OTel. But while the spec is ready, most stacks—and teams—aren’t. Enter eBPF: the missing piece that makes continuous, runtime-agnostic profiling not just possible, but practical.

Can Prometheus help take care of your pet? In this talk, we’ll explore how to use simple IoT devices and open source tools Prometheus and Grafana to monitor your pet’s activities in real-time.

This session will demonstrate how observability can go beyond servers and improve the lives of our four-legged friends.

We’ll cover using off-the-shelf components that can send data to Prometheus and react to alerts, visualizing water consumption and door use trends in Grafana, and alerting when something looks unusual.  We’ll review the architecture and see a live demonstration of this stack (hardware and software) in action!

Break down the mystery of NAT traversal and secure remote access.

The far edge is quickly becoming more than a home for IoT sensors and small devices. It's where local processing, automation, and AI inference increasingly need to run. As more intelligence moves closer to where data is created, teams face challenges around footprint, scale, and reliable operations across distributed and often unstable environments.

This talk looks at practical ways to run Kubernetes at the far edge to support both IoT and AI workloads. It covers several deployment patterns, describing how a single‑node edge cluster can serve tightly constrained locations, how an edge‑only cluster with both the control plane and workers running locally provides full independence, and how an externally hosted control plane—whether in the cloud or a datacenter—can manage remote edge workers to keep operations lightweight at scale. Using lightweight Kubernetes distributions like k0s and device‑orchestration tools such as Akri, we’ll show how open source tooling can surface sensors, cameras, and other devices as native resources and provide practical ways to push applications—including AI inference—to the edge.

Attendees will leave with a clear understanding of practical architectural choices and tooling for running IoT and AI workloads at the edge, along with strategies to build systems that remain manageable and reliable even in challenging environments.

Embedded Linux has quietly moved from desktops and servers into devices that were never meant to run an operating system, let alone a full Linux stack. If you're curious how to put Linux “where it doesn’t belong” (yet), this talk will guide you through the practical first steps. We’ll break down the fundamentals of board bring-up, bootloaders, kernels, and root filesystems in a way that’s friendly to newcomers. You’ll learn how Linux fits into embedded hardware, what tools you actually need, and how to avoid the early pitfalls that derail many first projects. Whether you’re building your first custom device or just wondering how that smart toaster works, you’ll leave with the knowledge and confidence to start putting Linux on your own hardware.

When building productive language‑model applications, the right context and organization‑specific data prevent unwanted outputs. But building full RAG pipelines—vector stores, embeddings, indexing—from scratch can be time‑consuming and complex. KAITO, a CNCF sandbox project, streamlines this process by exposing a RAGEngine Custom Resource Definition that hides infrastructure details behind declarative YAML. Developers can focus on application logic while KAITO handles the heavy lifting of data retrieval, embedding, and indexing. Join us to see how KAITO accelerates AI development, reduces boilerplate code, and makes building robust RAG pipelines accessible to all developers.

Recent enhancements to ARI with bidirectional communication over WebSocket have greatly simplified integration with external components, such as real-time billing engines. These components can now function almost like internal modules of Asterisk.
In this talk, we’ll explore the seamless integration between the CGRateS Billing Framework and Asterisk using the new bidirectional ARI, showing you how to build your own real-time billing system for your Asterisk setup.

As organizations rapidly integrate Large Language Models (LLMs), traditional WAFs and static analysis tools fail to catch probabilistic threats like prompt injection and jailbreaking. This session moves past theory into practical defense for engineers using LLMs. We will dissect the "AI Attack Surface" and demonstrate how to use open-source tools like Garak and PyRIT to automate Red Teaming. Attendees will learn architectural patterns for "Guardrails," methods to prevent "confused deputy" attacks, and techniques to verify model supply chain integrity. Leave with a blueprint for securing your AI workloads today.

Picture this: you're managing dependencies across 1,300+ repositories, security vulnerabilities pile up faster than dishes in a university dorm, and developers spend more time updating package.json than building features. That was us at Grafana Labs. 

What started as "let's try this [Renovate](https://github.com/renovatebot/renovate) thing" became a full automation and o11y adventure. 

If you're wondering whether large-scale dependency automation is worth it, this talk provides the roadmap we wish we'd had.

Join Stormy Peters (Head of Open Source Marketing and Strategy, AWS) and James Bayer (Product Leader, Flox) for a conversation on reproducibility as a social contract—the shared expectations that let teams and communities collaborate without re-litigating environments or “works on my machine.” They’ll explore what it takes to make reproducibility the norm, the tradeoffs involved, and why it matters in both enterprises and open source. As automation produces more of what we ship, they’ll ask whether reproducibility is now non-negotiable—and what it means for humans and machines alike.

Ready to spice up your Node.js applications with some RESTful flavor? Join us for a lively session where we’ll demystify the process of creating endpoints for a MySQL REST service and using JavaScript to access your data, without writing a single line of SQL. We’ll guide you through the essentials of building robust REST APIs, integrating seamlessly with MySQL databases, and performing CRUD operations without direct SQL queries. Whether you’re a seasoned developer or just getting started, this talk promises to equip you with the tools and confidence to serve up your own RESTful services.