8.20.25 | Exploited CodeRabbit for RCE, AGENTS.md for coding agents, Copilot broke audit logs without customer notification

This is a recap of the top 10 posts on Hacker News on Aug 20, 2025.(00:00) - Intro (00:21) - How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos (01:40) - AGENTS.md – Open format for guiding coding agents (02:58) - Copilot broke audit logs, but Microsoft won't tell customers (04:15) - How to Draw a Space Invader (05:13) - D2 (text to diagram tool) now supports ASCII renders (06:09) - Candle Flame Oscillations as a Clock (07:12) - Custom telescope mount using harmonic drives and ESP32 (08:29) - Without the futex, it's futile (09:46) - Emacs as your video-trimming tool (10:59) - Ask HN: Why does the US Visa application website do a port-scan of my network? (12:10) - Outro How we exploited CodeRabbit: From simple PR to RCE and write access on 1M reposhttps://research.kudelskisecurity.com/2025/08/19/how-we-exploited-coderabbit-from-a-simple-pr-to-rce-and-write-access-on-1m-repositories/https://news.ycombinator.com/item?id=44953032AGENTS.md – Open format for guiding coding agentshttps://agents.md/https://news.ycombinator.com/item?id=44957443Copilot broke audit logs, but Microsoft won't tell customershttps://pistachioapp.com/blog/copilot-broke-your-audit-loghttps://news.ycombinator.com/item?id=44957454How to Draw a Space Invaderhttps://muffinman.io/blog/invaders/https://news.ycombinator.com/item?id=44956915D2 (text to diagram tool) now supports ASCII rendershttps://d2lang.com/blog/ascii/https://news.ycombinator.com/item?id=44954524Candle Flame Oscillations as a Clockhttps://cpldcpu.com/2025/08/13/candle-flame-oscillations-as-a-clock/https://news.ycombinator.com/item?id=44921195Custom telescope mount using harmonic drives and ESP32https://www.svendewaerhert.com/blog/telescope-mount/https://news.ycombinator.com/item?id=44949895Without the futex, it's futilehttps://h4x0r.org/futex/https://news.ycombinator.com/item?id=44951563Emacs as your video-trimming toolhttps://xenodium.com/emacs-as-your-video-trimming-toolhttps://news.ycombinator.com/item?id=44953316Ask HN: Why does the US Visa application website do a port-scan of my network?https://news.ycombinator.com/item?id=44959073