Redis Lua Security Update

Last week a security update to Redis was released due to a sandbox breakout vulnerability which could give an attacker the ability to execute code on the host running Redis. The following day we performed an emergency maintenance to bring all RTG instances up the latest Redis (2.8.21 for those running 2.x and 3.0.2 for those running 3.0.x) to ensure RedisToGo users were not vulnerable. Read on to understand more of the vulnerability, what your risk of exposure was, and why we took the actions we did.

First, the vulnerability. The details are described in a blog post by Ben Murphy. Essentially, if properly crafted an attacker could execute system commands or custom C code on the host. Like all vulnerabilities it has preconditions. The first, and most important of which, is the attacker already has to have the ability to run commands on your Redis instance – more specifically they must have your password.

This dramatically limits the risk for your RTG instances because we require your instances have a password. As such we don’t have any reason to believe any instances were exploited, and indeed we have no evidence of them having been exploited either.

RedisToGo is Sponsoring the Austin Redis Meetup Group

On Thursday 24th April, RedisToGo is sponsoring the Austin Redis Meetup Group, presenting “The Zen of Redis” – how to think about using Redis in your application stack and how this is different from a MySQL or relational DB mindset.

The Meetup will be at Capital Factory in downtown Austin and if you’re in the area we’d love to see you there. If learning about Redis isn’t enough, we’ll also have food and beer provided by Rackspace.

Click here to join the Austin Redis Meetup Group and to RSVP to the event

We’ll also record the event and we’ll post it to the blog next week.

Capital Factory

OpenSSL Heartbleed Bug – RedisToGo Password Reset Instructions

On Monday April 7th, a vulnerability in OpenSSL was disclosed known as Heartbleed. This is a serious vulnerability as OpenSSL is widely used to secure HTTPS traffic, and so it affects a large part of the internet.

RedisToGo has patched all of our systems and applied new SSL Certificates. As a precautionary measure, we also recommend that customers update their passwords. We have no evidence that our systems were compromised, but given the malicious nature of the bug, and the amount of time it existed, it is better to err on the side of caution. Instructions on how to do this follows below.

Heroku users are also recommended to change their Heroku Account Passwords

Password Reset Instructions

Step 1 – Login to your RedisToGo account

Step 2 – Click ‘Account’


Step 3 – Click ‘Edit’


Step 4 – Input a new password, confirm the new password and click ‘Update’


Step 5 – Logout of your account and login with your new password

As always, if you have any questions or comments please contact us at


The RedisToGo Team

Konnichiwa – RedisToGo available in the AWS Asia Pacific (Tokyo) Region.

We’re excited to announce that RedisToGo now provides Redis Hosting and Support for AWS AP-Northeast-1 in the Asia Pacific region, or Tokyo to be more specific. The same plans are available as we offer in AWS-US-East, AWS-US-West and AWS-EU-West.

How to create an AWS-AP-Northeast RedisToGo Server

Creating a RedisToGo instance in AWS-AP-Northeast-1 is quick and easy. First, create a new account or login to your existing account and select “New Instance”.

RedisToGo New Instance

Next, a drop-down list on the page lets you select your availability zone.

RedisToGo Select Asia

Unfortunately, you can’t yet provision to AWS-AP-Northeast via Heroku as Heroku currently only supports US and EU regions.

We love to hear your feedback, so if you have any questions or comments please contact us at

The Evolution of Dispatch at Uber.

The Evolution of Dispatch from benarent on Vimeo.

Building a Distributed State Machine with Node.js and Redis by Amos Barreto.

Filmed at RedisConfNano 2013.

Filmed by Matthew Barker, Edited by Ben Arent.

Made possible with support from Rackspace.

A short-term plan for Redis

A short-term plan for Redis by @antirez from benarent on Vimeo.

Keynote from Salvatore Sanfilippo Aka @antirez from RedisConfNano 2013.

Filmed by Matthew Barker, Edited by Ben Arent.

Made possible with support from Rackspace.

RedisConfNano – A Look Back

RedisConfNano – A Look Back

Last month, more than 50 users and developers got together at RedisConfNano in Portland, Ore. to see Salvatore Sanfilippo (@antirez) talk about future development paths for Redis, and to discover more about how the Redis community is pushing usage forward.

RedisToGo and Rackspace hosted the one-day event.

Here are some highlights of the day (and over the next week or so we will post videos of some of the presentations).

The Morning – Voodoo Doughnuts and Developer Time

It wouldn’t be Portland without Voodoo Doughnuts. We started the day with stacks of pink doughnut boxes and spent time in groups dishing on Redis use cases and problems. The RedisToGo team had some great conversations with companies such as, which is using Redis as its primary datastore and Regenology, a UK company with a time lapse photography service that uses Redis on a camera-attached Raspberry Pi for queuing and messaging.

The Afternoon – The Main Event – Antirez & Uber

Uber Takes The Stage

After an obligatory Portland Food Truck lunch – again, when in Portland! –  we returned to see Uber’s Amos Baretto present “Building a Distributed State Machine with Node.js and Redis.”

Amos Uber

Uber uses Redis for its driver dispatch service. Uber investigated Redis after experiencing problems scaling its datastore architecture. With the holiday season fast approaching, it had some decisions to make. So why Redis? From Amos’ presentation:

“Mongo couldn’t keep up with GPS points, node-mongodb-native was buggy with regard to replica sets… and we heard it was fast, so why not? [And we were] already using as a cache.”

Today, Uber’s architecture serves roughly 200 dispatch workers and still growing. Uber serves more than 40 cities and Redis is now its datastore, not a cache.

A Short Term Plan From Antirez

Next up, Antirez spoke about “A short term plan for Redis.”


Salvatore hit on a number of development themes for Redis including Redis Cluster. Here are three potential development areas he mentioned for future versions of Redis during his presentation:

1. Persistence – combine AOF and RDB formats; gain faster AOF rewrites and reloads; one format is better than two.

2. Redis Doctor – an evolution of INFO; check the latency of many operations; store metrics as a time series; tell the user if there are problems

3. Sentinel – here to stay but needs changes; use Redis Cluster algorithms (versioned changes); use persistent state like Redis Cluster

Or, he suggested, just use Redis Cluster itself, only enabling monitoring and failover.

Overall, it was a packed day with enough Redis insight to make whet your appetite for Redis’ bright future.

If you want to see more from the presentations, stay tuned as we will post videos of the day over the next week or so.

Finally, thanks to Ben Arent for organizing and turning around a great event at the last minute.

RedisConfNano Update – October 17th, 2013, Portland OR

RedisConfNano is just under two weeks away and we’re working hard to finalize details for the event.

We’ll spend the day at Union/Pine, starting at 0930 with a hack morning, followed by presentations from 1300. We have some amazing speakers lined up:

  • Salvatore Sanfilippo aka @antirez will give a keynote in person and talk about Redis in 2014.
  • Amos Barreto from Uber will talk about “Build a Distributed State Machine with Redis”.
  • Ezra Zygmuntowicz aka @ezmobius will also be presenting.

Can’t make it? Buy a community pass. Get a RedisConf Tee and early access to the recorded talks.

Buy your tickets for RedisConfNano here.


10 Days ago we decided to pull the plug on a full blown Redis Conf production. We’ve decided to run a more intimate, informal and smaller event for the Redis and RealTime community.


The Day – October 17th

We’re splitting the day in half. The first half will be informal coffee and open hack day. A chance to network, share code, problems and anything else your working on. Bring laptops.

The second half of the day we’ll be hosting four speakers. A keynote from @antirez (in person) and three other speakers that are to be confirmed.

The Speakers.

We’re excited to announce the Salvatore Sanfilippo aka antirez will give a keynote in person. Expect to hear updates about Redis 3.0, Redis Cluster and whole lot more.

I’ll be announcing the other three speakers next week.

We will be recording the sessions, with early access to any RedisConfNano community ticket holder supporters.


We’ve selling three tickets for the event.  A ticket for a hackday morning and meetup, a ticket for just the afternoon meetup and a third ticket to help support the event, with the bonus of early access to the Redis Conf videos.

Purchase your tickets today!

If you have already purchased a ticket for RealTimeWeek or Redis Conf, these tickets will be refunded. You will still need to purchase a ticket for RedisConfNano.

We recommend booking a room at the Jupiter Hotel, it’s the official RealTimeConf hotel. The location of the event is TBC depending on interest of this event.

Flights are a great price now, as little as $120 from SFO and $450 from NYC. I would recommend booking now.

Stay for RealTimeConf;  I highly recommend everyone stay around for RealTimeConf

Next year.

We really missed a beat with this years Redis Conf planning, we’re going to rethink what it means for RedisConf14 and will likely roll it into a larger open source conference.

<3 Rackspace

All of this couldn’t be possible without the awesome sponsorship of Rackspace and RedisToGo . They have been a great support in both helping give time and money to get this event off the ground.

If your company would like to help out too, we’re still open to sponsorship for the after party. Please email me for more details.

Lastly a big thanks to @anteriz continued support and help in making something happen.

Looking forward to seeing you all in Portland  ~ Ben

Redis Roundup: What Companies Use Redis?

As a technology, Redis continues to grow in popularity. More and more companies are starting to use Redis, while RedisToGo supports more than 30,000 instances and is growing quickly. Let’s take a look at a few major companies and see how they use Redis.

Instagram – Instagram uses Redis heavily to run their main feed, activity feed and session store. You can check out some of the articles about their infrastructure here and here, see how they scaled in a great presentation by one of the founders, and read about their switch from Cassandra to Redis. Lastly, check out Redis-Faina, a query analyzer that the engineering team at Instagram built.

Github – Github is using Redis for exception handling and queue management.  They also use Redis for configuration management, and as a persistent key/value store for routing all kinds of data.

Stack Overflow – Stack Overflow uses Redis as a caching layer for their entire network.  They praise the speed with which Redis is able to perform: “In our (admittedly limited) experience, Redis is so fast that the slowest part of a cache lookup is the time spent reading and writing bytes to the network.” They report that about 1,300,000 keys are being stored by Redis at any given time, most of which expire within minutes.  At most, several hundred read/write operations per second occur within Redis.  They use around 6GB of memory and have extremely low CPU usage (1%).

Pinterest - Pinterest is a heavy user of Redis. They use it for their follower model, which is their graph of who is following whom (grammar FTW!). In fact, given the tens of millions of users accessing Pinterest every day, this usage is one of the more robust uses of Redis today. For more on their architecture you can see this article, or go through this fantastic transcript about Pinterest’s architecture and Redis usage.

Twitter - Twitter makes heavy use of Redis, and has open-sourced some of the projects they built internally to take advantage of Redis. Twemproxy is a fast proxy for Redis that reduces the connection count on backend caching servers. Manju, the creator of Twemproxy, talked about it during the SF Redis Meetup. Check out the slides!

Tumblr - Tumblr uses Redis to power dashboard notifications for their tens of millions of users. To do so, they built Staircar, a tool that gave vastly better performance than the MySQL setup they were previously using for notifications. Redis a key part of their scalable architecture, as their high scalability interview demonstrated.

Other companies like Twilio, Fullscreen, Craigslist, YouPorn and EngineYard also use Redis. In short, it’s an awesome technology that’s gaining rapid adoption by the tech community – especially those companies with lots of traffic.

If this stuff is interesting to you, also check out this excellent list of Redis usecases. Or, start playing around with Redis with a free instance from RedisToGo.