03:01:22 GMT <hphuoc25> Is ZUNIONSTORE cheap? As in can I create a union store just for a query then tear it down and do it repeatedly?
14:23:12 GMT <pila_> hello can i restart my default config debian 8x redis server without loosing the data?
14:26:51 GMT <badboy_> if it is configured to persist
14:27:57 GMT <pila_> @badboy_ there is a dump file in /var/lib/redis
14:28:17 GMT <badboy_> CONFIG GET save
14:28:21 GMT <badboy_> CONFIG GET dir
14:28:34 GMT <pila_> 127.0.0.1:6379> CONFIG GET save
14:28:34 GMT <pila_> 1) "save"
14:28:34 GMT <pila_> 2) "900 1 300 10 60 10000"
14:28:52 GMT <badboy_> looks good then
14:28:55 GMT <pila_> okay
14:29:08 GMT <badboy_> if you shut it down using SHUTDOWN SAVE it will make a new dump
14:29:14 GMT <pila_> is setting a password and changing redis port a good idea for external access?
14:29:35 GMT <pila_> i need my crawlers to get access to redis
14:35:27 GMT <badboy_> don't expose it to the internet
14:35:32 GMT <badboy_> if you can: firewall it properly
14:35:46 GMT <badboy_> setting a password is the minimum security mechanism you should enable
14:36:26 GMT <Inge-> Why would you make it openly available on the internet?
14:36:29 GMT <Inge-> *shudder*
14:37:35 GMT <badboy_> "Why" is the wrong question here
14:44:48 GMT <pila_> i want my crawlers to have a direct connection to redis, currently i am running an api where they can get jobs, but this drains too much cpu power
14:45:09 GMT <pila_> because i need lots of php-fpm processes
14:46:05 GMT <pila_> but i should be fine when i just enable my crawler's ip for the redis port in my firewall
14:46:07 GMT <pila_> or?
18:25:58 GMT <marc_v92> Pretty new to Redis, hoping someone can point me in the right direction: I've got a feature that is embedded on multiple websites/servers that uses websockets to automatically pull new data, and I'd like them all to point to the same Redis server. I'm not sure how to properly segment it so that each website/server is only capable of interfacing with its own Channel on the single Redis server.
18:26:38 GMT <marc_v92> What I mean is, I don't want Site A to be able to see Site B's messages by just faking a referrer header or something. How would I set up the Redis server to that Site A can only see Site A's messages, Site B can only see Site B's messages, and so on?
18:32:27 GMT <Circuitsoft> Hello - using redis-py, is there a way to do the equivalent of: 'zadd "P\xb6\x89V\xf0\xbeR\xe4\t\x1bZ-\xac" 4 "X\xb7\x0b2\x9d\"\xb6\xa5s\xfd\x0b\x88"'? The zadd method doesn't seem to like binary keys.
18:33:27 GMT <Circuitsoft> TypeError: zadd() keywords must be strings
18:37:36 GMT <minus> Circuitsoft: it says keywords, so i guess you're passing stuff in the wrong order maybe
18:46:10 GMT <Circuitsoft> Got it. Just have to use positional rather than keyword arguments.
18:47:15 GMT <Circuitsoft> redis-py allows things like: rd.zadd("my_zset", alex=1, david=2), which is equivalent to rd.zadd("my_zset", 1, "alex", 2, "david").
19:35:31 GMT <ningu> does anyone know why I would be getting the error NOAUTH Authentication required, when I have not set a redis password?
19:35:36 GMT <ningu> redis 3.0.6, ubuntu 16.04
19:36:09 GMT <minus> because someone set a password using CONFIG SET requirepass
19:36:14 GMT <minus> i guess
19:36:27 GMT <ningu> yeah
19:36:29 GMT <ningu> I think you're right
19:36:48 GMT <minus> if your redis is/was accessible from the internet you better watch out
19:37:09 GMT <ningu> minus: it was not, however, it was listening on *, so it would be someone in the same data center
19:37:24 GMT <ningu> the firewall would have blocked it from outside
19:38:06 GMT <ningu> I have restricted it to localhost now, which I should have done anyway
19:47:55 GMT <ningu> what could someone who gained access to redis have actually done?
19:48:00 GMT <ningu> other than get the data in it
19:48:04 GMT <ningu> which I don't care about
19:51:42 GMT <minus> if someone has access to redis, they can essentially execute code
19:51:59 GMT <minus> by misusing redis' dump file to create a cron job
19:52:44 GMT <ningu> yeah
19:52:46 GMT <ningu> I see
19:52:58 GMT <ningu> any links on how that would work?
19:53:05 GMT <ningu> also they can only execute code as 'redis' right?
19:53:32 GMT <minus> there's a post on antirez' blog
19:53:35 GMT <minus> and yes, only as redis
19:53:48 GMT <ningu> if I've fixed the issue and restarted redis, is it ok now or what should I check for?
19:53:54 GMT <minus> unless there's ways to escalate on your system
19:53:58 GMT <ningu> there are not, afaik
19:54:28 GMT <minus> i guess you could scan the file system for files owned by redis and processes spawned by redis
19:55:16 GMT <ningu> hmm
19:55:17 GMT <ningu> yes
19:56:34 GMT <ningu> that's a good idea and probably enough
19:56:38 GMT <minus> but the standard answer is wipe your system
19:56:51 GMT <minus> yeah, it's reasonable imo
19:57:59 GMT <ningu> it seems they changed the rdb to /tmp/dump.rdb
19:58:05 GMT <ningu> seems a bit random
19:58:10 GMT <ningu> I see no other signs of anything
19:59:37 GMT <minus> does the file exist? if so, check its contents
19:59:46 GMT <ningu> oh, good point
19:59:48 GMT <ningu> I deleted it :(
20:00:39 GMT <minus> but yeah, now it's pretty clear that someone was doing malicious things and it might better to take extra much care
20:01:06 GMT <ningu> well, that was clear to me already
20:01:20 GMT <ningu> however, nothing obvious is wrong on the server and I have verified it was running as redis user
20:03:53 GMT <ningu> I see random people trying to connect via ssh as root in the logs, but what else is new :) I doubt that is related
20:04:23 GMT <minus> got SELinux?
20:04:32 GMT <ningu> no, but I could install it
20:05:38 GMT <minus> if you got the time to make it work for everything you run it's definitely a plus on security
20:05:45 GMT <ningu> yes, I agree
20:05:51 GMT <ningu> not sure if we do have the time
20:06:05 GMT <ningu> there isn't much on the server that's sensitive, the goal would just be to keep control of it :)
20:07:37 GMT <minus> for the record: i'm not using SELinux either, but thinking about it now it would be a good idea. but no time; i should be a dev, not a sysadmin, but that's hard if there's no sysadmin.
20:07:53 GMT <ningu> similar situation here
20:07:56 GMT <ningu> we are a small operation
20:12:45 GMT <ningu> maybe redis should default to localhost
20:12:55 GMT <ningu> but it's the user's fault for not checking the config anyway
20:20:31 GMT <badboy_> it now does with the default config and it has a protected-mode
20:20:40 GMT <ningu> ah ok
20:21:07 GMT <ningu> is that in 3.2?
20:21:18 GMT <ningu> I am still on 3.0
20:21:35 GMT <badboy_> yup