In the pull_request_target action, $github.ref is the name of the branch, which in this case included a curl request for a shell script, a pipe character, and bash.
I've been in the tech industry for 25 years and I've led remote teams since the early 2010s. Looking for a VP or Director of Engineering role where I can build out teams, help engineers level up, and build a great culture.
I loved Blue Wave. My first "real" open source C program loaded your editor and tacked a signature onto the text when you exited. I then set that program as the editor in Blue Wave and got signatures on my BBS posts just like on Usenet.
It's moreso the fact ActBlue shares your contact info with (seemingly) every politician they support, so you're constantly sending STOP to candidates you've never even heard of.
And they have some coordination between PACs (or the PACs are running sub-PACs or something), so that you reply stop, and then tomorrow a different PAC texts you. Rinse and repeat.
Oath.vote supposedly does not sell information but it's a shame they don't get nearly as much attention as ActBlue.
Perhaps it's time for people to start mailing cash and checks to campaigns instead of using online portals. The campaigns only need your name, employer info, and a valid mailing address and often provide forms on their site for this purpose.
Maybe after campaigns see that they're spending a bit more time opening physical mail from small donors they'll reconsider their strategy.
