Working Code

247: Trust Me Bro - LLM Security

Adam built a Claude Code skill for his Taffy REST framework and wanted to share it with the CFML community. Simple enough—create a GitHub repo, add some markdown files, done. But somewhere between "this is cool" and "anyone can install this," a familiar chill crept in. These skills are just text files. No checksums. No digital signatures. No verification that the thing you're installing won't quietly exfiltrate your code to some server in Eastern Europe. Sound familiar? It should. We've been here before—back when passwords lived in plain text and "security" meant hoping nobody looked too hard.The hosts dig into the unsettling parallels between today's LLM plugin ecosystem and the wild west of early internet security.LinksAdam's Dotfiles Blog Post - Getting his shit together with dotfiles, Brewfile, and 1Password SSH agentCF Community LLM Marketplace - Adam's community marketplace for CFML-related Claude skillsSteve Yegge's Google Platforms Rant - The infamous accidentally-public Google+ postVibe Coding by Gene Kim & Steve Yegge - The audiobook Ben's been enjoyingSocket.dev - Supply chain security for npm dependenciesFollow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.

246: Ben's Feeling the Vibe

Ben's been circling vibe coding for months, kept at bay by a simple fear: what if he spends more time fighting the AI over formatting than actually building anything? What if he has to bolt on linters and test runners just to babysit the output? Then his work handed him a Claude plan, and he decided it was finally time to take the plunge. And then something unsettling happened—the code looked like his code. Same line lengths. Same method ordering. Same obsessive formatting. Nobody told it to do that. It just... knew.Meanwhile, Adam has gone full mad scientist. His "Ralph" workflow runs Claude in a loop, feeding it tasks from a JSON file while he walks away to eat dinner. When he comes back, features are done. Tests pass. The machine just keeps building. It's the kind of setup that makes you wonder why you're still manually typing commands into a terminal.LinksAdam's Ralph Workflow for Claude Code - Adam's blog post with his implementationMatt Pocock's Ralph Primer Video - The workflow Adam adapted for automated iterative developmentAlgorithm Maze Race - Tim's vibe-coded game on itch.ioPro tip: Use /resume in Claude Code to return to prior sessionsFollow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.

245: Browser Passwords? You're Doing It Wrong

Tim stores his passwords in the browser. There, we said it. But before you grab your pitchforks, it turns out he's got an ancient password vault program backing him up—so he's not completely feral. Still, the hosts can't resist a good-natured intervention. What starts as a gentle roasting turns into a deep dive on password managers, shared family vaults, and why your retirement account deserves better than Chrome's autofill. Carol reveals her galaxy-brain solution to her husband constantly forgetting his master password: she just signed him into her account. He still doesn't know he doesn't have his own 1Password.LinksClaude Code - Anthropic's CLI for coding with ClaudeRalph Wiggum Plugin - Official Claude Code plugin for autonomous loopsEverything is a Ralph Loop - Geoffrey Huntley's deep dive on the techniqueFollow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.

244: Ben vs 2026

It's a new year and you've probably got a mental list of things you want to learn. But how do you decide what's worth the investment? Ben explores the difference between "just-in-case" learning and "just-in-time" learning, while grappling with AI anxiety and the fear of falling behind. Along the way, Tim shares his own struggle—turns out, saying goodbye to something you built hits different.Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.

243: Oops, All Aftershow

It's the holidays, and the Working Code crew has a gift for you: a peek behind the velvet rope. In the spirit of Captain Crunch's "Oops! All Berries," this week's episode ditches the usual format entirely. No triumphs, no fails, no structured topic—just pure, unfiltered aftershow energy.Tim unpacks Cory Doctorow's concept of "reverse centaurs"—what happens when you're not assisted by AI, but reduced to its peripheral? Meanwhile, Adam drops a perspective on humanity's place in the universe that reframes everything you thought you knew about time. That, plus Carol humbling an AI chatbot, the death of the golden age of television, and whether the books you loved as a kid were actually any good.Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Wednesday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.Full show notes and transcript here.