Working Code

251: Ben vs. Tests

Testing sounds simple until you actually try it. Private methods that can't be reached without hacks. Dependency injection that doubles your architecture's complexity before a single assertion runs. Production code that slowly warps around your test suite instead of the other way around. Ben has spent his entire career shipping code without tests, and this week he decided to change that. The crew walks him through every trap he steps on, and a few they've been stuck in themselves.LinksBen Nadel's BlogFollow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.

250: Stuff, Things, WIP: Commit Messages

Do commit messages even matter anymore, or did pull requests kill them? Ben works one commit per PR and thinks the commit message is the PR description. Carol and Tim put all the context in the PR and treat commits as disposable breadcrumbs. Adam's somewhere in between — when he's not pushing thirty knife emojis and "nope, still not working" to QA. Meanwhile, Tim's back from emergency eye surgery with a gas bubble floating around his eyeball.LinksBen Nadel's BlogConventional CommitsFollow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.

249: 10 Years of Tech Debt

For ten years, Adam's codebase has carried an ORM layer that everybody knew was wrong and nobody was touching. Nine hundred functions. Fifteen hundred files. The kind of job that gets solemnly nodded at in architecture meetings and quietly dies on the roadmap — every single year. So he stopped waiting for a volunteer and handed it to an AI agent instead. Claude's problem now.Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.

248: AI All the Way Down

Ben had been riding high on vibe coding—throwaway scripts, zero attachment, pure productivity magic. Then he tried the same approach on a project he actually cares about and watched that 10x feeling crater to something closer to 10%. The bottleneck, it turns out, was never the typing.The hosts dig into what it feels like to let go of code you used to care about, whether "write-only code" is actually the future, and the growing gap between building software and keeping it alive.LinksVibe Coding by Gene Kim & Steve Yegge - The audiobook on AI-assisted development1Password: From Magic to Malware - How OpenClaw's agent skills became a supply chain attack surfaceTLDR Newsletter - Source of the "write-only code" conceptFollow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.

247: Trust Me Bro - LLM Security

Adam built a Claude Code skill for his Taffy REST framework and wanted to share it with the CFML community. Simple enough—create a GitHub repo, add some markdown files, done. But somewhere between "this is cool" and "anyone can install this," a familiar chill crept in. These skills are just text files. No checksums. No digital signatures. No verification that the thing you're installing won't quietly exfiltrate your code to some server in Eastern Europe. Sound familiar? It should. We've been here before—back when passwords lived in plain text and "security" meant hoping nobody looked too hard.The hosts dig into the unsettling parallels between today's LLM plugin ecosystem and the wild west of early internet security.LinksAdam's Dotfiles Blog Post - Getting his shit together with dotfiles, Brewfile, and 1Password SSH agentCF Community LLM Marketplace - Adam's community marketplace for CFML-related Claude skillsSteve Yegge's Google Platforms Rant - The infamous accidentally-public Google+ postVibe Coding by Gene Kim & Steve Yegge - The audiobook Ben's been enjoyingSocket.dev - Supply chain security for npm dependenciesFollow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.