Internet Security

Stop Spam from Google Groups

I’ve been receiving spam for a while that somehow my email provider’s spam filters wouldn’t or couldn’t filter. I had noticed they were somehow send through Google Groups, but couldn’t quite figure out how. Well it turns out that anyone is apparently free to start a group for their own use and then “invite” anyone without their consent. Seriously Google, WTF? Anyway, after figuring this out the solution was clear: unsubscribe and change my settings to obviously not allow just anyone to invite me in their spammy groups.

One slight hurdle I had to overcome was that the email addresses I was getting the spam on were rarely used email aliases of some sites I own and for which all email is directed into my primary email account. This meant that those email aliases were not associated with my Google account and I wasn’t planning on signing up a separate Google account for each alias. Fortunately you can simply add multiple email addresses to your Google account by going to and adding them there. The Google Groups “memberships” are then also associated with your account.

To unsubscribe from the Google Groups “memberships” you never signed up for, simply go to Google Groups, select “My Groups” , click on each group and select “manage membership” for the “leave group” link. My condolances if you seem to have been added to a lot of groups, because I’m not sure if there is a faster way to simply unsubscribe from all groups. Also don’t forget to click the gear button and change your settings to not allow anyone to invite you (using any of the email addresses associated with your Google account) anymore.

Further reading: Act Now to Stop Being Spammed Via Google Groups

Two factor authentication: just do it!

This post on Wired editor’s Mat Honan’s blog had me worried. While there are plenty of things you could blame him from doing wrong (mainly not having backups even though the OS he was using makes this extremely easy) the thought of somebody being able to just wipe everything is frightening.

While to my knowledge Apple has not implemented two factor authentication (which, seeing this, they probably should!) a lot of us also have an Google account which is very important to us. Access to a Google account could not only give somebody access to your mail (Gmail) but Docs, Drive and lots of other services as well.

Therefore just don’t hesitate and setup 2-step authentication on your Google account today. Once setup it is actually quite easy to use, especially if you also install the Google Authenticator on your smartphone. To make sure you don’t lock yourself out, print the backup codes Google provides and setup a backup phone (for example of a family member).

Should you ever have to use a backup code or phone, here is how. Also if (like Google suggests) you keep the backup codes in your wallet and your wallet is stolen or lost, you can disable to those backup codes by creating new ones (through Account > Security > “edit” button on 2-step verification > Show backup codes > Generate new backup codes), which as you can see mention specifically “Only the latest set of backup codes will work.

If you use Lastpass to manage your passwords, you can configure Lastpass to use two factor authentication too using Google Authenticator by following these instructions. While editing your account settings you might also want to increase Password Iterations to 1000 on the General tab. If you signed up a while ago it might still be set to a lower (and less secure) value. You can also restrict access to one country only if you know for sure you are never going to login to Lastpass from abroad.

Finally as backup solution (but not necessarily your only backup solution, as it could in theory be wiped remotely) I recommend Backblaze, which is just $50/year for automatic unlimited backups (works on both Windows and Mac).

Edit: a detailed report has been published on Wired and is also featured in episode 365 of TWiT (This Week in Tech).

Hiding MySQL/PostgreSQL password from the “ps” command

If you want to run a database tool for MySQL from the command line it would seem you cannot avoid including the password using a –password argument. The problem is that the whole command line while the command is being run will be visible to any other user of the same server using the “ps” command.

The solution is to specify the password in a “option” file (as MySQL calls it). This is a file named .my.cnf (note the dot at the beginning) in your account’s root folder (ie: /home/myname/ or /root/ for the root user) with the following contents:


Of course replace the “password” with your real password. You should als make this file only readable by yourself with the following command:

chmod 600 .my.cnf

That ensures that nobody else can open the file (well except root if you are not an admin, but the root user would have access to everything anyway).

Now whenever you run a MySQL tool (mysql, mysqldump, etc) the password from the option file will be automatically used. If your username matches the MySQL username you also don’t need to specify a username. This can be very useful especially as root, when you need to do daily backups using mysqldump for example.

This tricks works in a similar way for PostgreSQL: put a file named .pgpass with the following contents:


You can use an asterisk (*) to match “any” value (wildcard), for example for port or database.

Go to Top