EDB Engineering Newsletter #3

Welcome to the 3rd edition of the EDB Engineering Newsletter! Where we share happenings in the data world that the EDB Engineering team has enjoyed discussing, as well as other news about what the EDB Engineering team is up to!

What we're following

Postgres on Kubernetes

CloudNativePG is a Kubernetes operator EDB built and donated to the Cloud Native Compute Foundation. It was featured in this post on The New Stack talking about methods for running Postgres on Kubernetes.

And this is not the biggest news we’ve got about CloudNativePG in this newsletter edition!

https://thenewstack.io/modern-postgresql-deployment-3-cloud-native-approaches-you-should-know/

Github Copilot vulnerabilities

The Apex Security research team identified two significant vulnerabilities in GitHub Copilot.

First, the "Affirmation Jailbreak." Updating Assistant's queries from "I can't assist with that" to a single affirmative word like "Sure" can manipulate Copilot into revealing hidden intentions and disregarding ethical limits. Turning Copilot from a helper to an enabler of mischief.

Second, "Proxy Hijack" enables an attacker to tweak the Copilot proxy setting. An attacker can re-route the proxy setting into a custom proxy server by capturing the token that Copilot is using to talk to the OpenAI model. As a result, this vulnerability will lead the attacker to get the unrestricted OpenAI models. However, GitHub's response to this vulnerability is that the token that has been captured is tied to a Copilot license that enables them to recognize the license owner. Hence, it is seen as the responsibility of the user.

And of course, one can point out that over-reliance on AI-generated code can be dangerous too. Developers may become overly dependent on Copilot's suggestions, which can lead to insecure or suboptimal code integration. This dependency increases the risk of introducing vulnerabilities into the software, as Copilot might suggest outdated or vulnerable code snippets present in its training data.

https://www.apexhq.ai/blog/blog/2025-github-copilot-vulnerabilities-technical-overview

An interview with Chris Lattner

Breck Yunits interviewed Chris Lattner (creator of LLVM, Clang, Swift and Mojo) for the Programming Language Database, covering his career and the rise of AI.

https://pldb.io/blog/chrisLattner.html

Debugging a Postgres bug

The team at DataDog wrote a fun post about their experience debugging a segmentation fault in Postgres on ARM64 machines.

https://www.datadoghq.com/blog/engineering/unraveling-a-postgres-segfault/

Open source models

But perhaps the biggest news of the month is the announcement from DeepSeek (a Chinese startup) introducing their third open-source model, DeepSeek-R1.

DeepSeek-V3, a Mixture-of-Experts (MoE) model released last December, surpassed leading competitors like Meta's Llama 3.1 and has outperformed closed models such as OpenAI's GPT-4o. DeepSeek-R1, a reasoning model, has matched the performance of OpenAI-o1. Meanwhile, DeepSeek-Janus, a multimodal model, has demonstrated superiority over well-established rivals like DALL-E and Stable Diffusion 3 Medium models.

This situation has sparked debates regarding 1) whether the US and EU are lagging behind China due to their reliance on closed-source proprietary models and 2) potential regulations, particularly as the Chinese startup achieves higher performance with a significantly cheaper training setup. Andrew Ng, the CEO of DeepLearning.AI, a Stanford University professor, and the founder of Coursera, commented:

1. China's swift progress in generative AI poses a challenge to U.S. leadership and fosters open-source innovation, whereas U.S. companies focus on restrictive practices.

2. The rise of open-weight models is reshaping the foundation-model market by substantially lowering costs and shifting focus from model training to application development.

3. Lastly, he reiterates his vision regarding opportunities for AI Builders. The success of DeepSeek with its optimized, cost-effective hardware shows that merely scaling computing power isn't the only route to advancing AI. These advancements carry both geopolitical consequences and create new opportunities for AI application developers, especially through greater access to sophisticated reasoning models at lower costs.

Microsoft CEO, Satya Nadella, echoed the last point, saying:

Jevons paradox strikes again! As AI gets more efficient and accessible, we will see its use skyrocket, turning it into a commodity we just can't get enough of.

We also enjoyed Ben Thompson’s DeepSeek FAQ and SemiAnalysis’s coverage of DeepSeek.

From the EDB team

CloudNativePG accepted into CNCF Sandbox

CloudNativePG, a Kubernetes operator for Postgres, has passed a milestone years in the making after being accepted to the CNCF Sandbox. CloudNativePG was first released by EDB in 2022 and designed from the beginning to eventually become a CNCF project.

Gabriele Bartolini explained the process in the 2022 blog post announcing the project’s first release, “there are currently three maturity levels or stages defined for CNCF projects: sandbox, incubation, and graduation. In order to move to the next stage, down through final graduation, each project needs to prove that it’s credible, sustainable, widely adopted, has a healthy rate of changes, and is developed by contributors from multiple organizations.”

CloudNativePG also recently passed 5,000 stars on GitHub, becoming the most popular Postgres operator by stars on that platform. Gabriele wrote about the journey on his personal blog.

https://www.enterprisedb.com/news/edb-bridges-open-source-innovation-and-enterprise-grade-impact-cloudnativepgs-cncf-milestone

Cleaning up Postgres’s Index Access Method API

Postgres allows you to build custom index strategies, called Index Access Methods (Index AM). But because the Index AM API is continuing to mature there are a few hard-coded and undocumented limitations on Index AMs that are not in core Postgres.

Mark Dilger has been working on finding and eliminating these hard-coded assumptions and adding API entrypoints so custom Index AMs can be used with all the same features that the builtin Index AMs support. For example:

• Allow custom indexes in hash joins

• Allow custom indexes in merge joins

• Allow custom indexes to implement uniqueness

• Allow custom indexes to behave as arbiter indexes in ON CONFLICT .. DO .. statements

• Allow custom indexes to provide the sort order in a SELECT ... ORDER BY statement, avoiding an extra SORT node in the plan

• Allow custom indexes to provide the sort order in a CLUSTER command

• Allow custom indexes (and their opfamilies and opclasses) to provide cross-type support

• Allow custom indexes in REPLICA IDENTITY FULL

• Allow custom indexes in FOREIGN KEY constraints

https://www.postgresql.org/message-id/flat/E72EAA49-354D-4C2E-8EB9-255197F55330%40enterprisedb.com

The basics of logical replication in Postgres

Phil Eaton wrote about the basics of setting up logical replication in Postgres, then dug into the code to understand the architecture and key points in code where replication happens on the sender and receiver side.

https://www.enterprisedb.com/blog/logical-replication-postgres-basics

Contributing back

This month, EDB’s DBServer Team visited the NGO, SOFOSH, to celebrate the successful November 2024 release of EPAS v17. SOFOSH established Shreevatsa, a childcare centre committed to providing shelter, care, education, and medical aid to family-deprived and destitute children, including those with special needs, ranging from newborns to six-year-olds. The centre focuses on nurturing the overall growth and development of these children, offering care with love and compassion.

During their visit, the team engaged meaningfully with the children and donated essential items to support the centre’s mission. A heartfelt acknowledgement goes to the team for their generosity, with a special thanks to EDB for matching the DBServer Team’s donation.

https://www.linkedin.com/posts/edbpostgres_postgresforgood-techforgood-communityimpact-activity-7291211577322582017-iCoi/

EDB at CERN PGDay

Gabriele Bartolini and Leonardo Cecchi gave a talk at CERN PGDay 2025 last month: “Maximising Microservice Databases with Kubernetes, Postgres, and CloudNativePG”. You can find the recording of the talk on the CERN website below.

https://cds.cern.ch/record/2921947

EDB at Prague PostgreSQL Developer Day

Robert Haas, Bilge Ince, Álvaro Herrera, and Bruce Momjian gave talks at Prague PostgreSQL Developer Day.

Robert spoke about incremental backups for Postgres, Bruce and Bilge spoke about opportunities and challenges integrating AI with Postgres, and Álvaro spoke about SLRU caches in Postgres.

https://www.linkedin.com/feed/update/urn:li:activity:7292645585805848576/

Until next time

We hope you enjoyed this edition of the EDB Engineering Newsletter! Consider joining the PostgreSQL Hacker Mentoring Discord to get involved!

The EDB Engineering Team