Working Code

Testing sounds simple until you actually try it. Private methods that can't be reached without hacks. Dependency injection that doubles your architecture's complexity before a single assertion runs. Production code that slowly warps around your test suite instead of the other way around. Ben has spent his entire career shipping code without tests, and this week he decided to change that. The crew walks him through every trap he steps on, and a few they've been stuck in themselves. Links Ben Nadel's Blog Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday. And, if you're feeling the love, support us on Patreon. With audio editing and engineering by ZCross Media. Full show notes and transcript here: https://workingcode.dev/episodes/251-ben-vs-tests/

Do commit messages even matter anymore, or did pull requests kill them? Ben works one commit per PR and thinks the commit message is the PR description. Carol and Tim put all the context in the PR and treat commits as disposable breadcrumbs. Adam's somewhere in between — when he's not pushing thirty knife emojis and "nope, still not working" to QA. Meanwhile, Tim's back from emergency eye surgery with a gas bubble floating around his eyeball. Links Ben Nadel's Blog Conventional Commits Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday. And, if you're feeling the love, support us on Patreon. With audio editing and engineering by ZCross Media. Full show notes and transcript here: https://workingcode.dev/episodes/250-stuff-things-wip-commit-messages/

For ten years, Adam's codebase has carried an ORM layer that everybody knew was wrong and nobody was touching. Nine hundred functions. Fifteen hundred files. The kind of job that gets solemnly nodded at in architecture meetings and quietly dies on the roadmap — every single year. So he stopped waiting for a volunteer and handed it to an AI agent instead. Claude's problem now. Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday. And, if you're feeling the love, support us on Patreon. With audio editing and engineering by ZCross Media. Full show notes and transcript here: https://workingcode.dev/episodes/249-10-years-of-tech-debt/

Ben had been riding high on vibe coding—throwaway scripts, zero attachment, pure productivity magic. Then he tried the same approach on a project he actually cares about and watched that 10x feeling crater to something closer to 10%. The bottleneck, it turns out, was never the typing. The hosts dig into what it feels like to let go of code you used to care about, whether "write-only code" is actually the future, and the growing gap between building software and keeping it alive. Links Vibe Coding by Gene Kim & Steve Yegge - The audiobook on AI-assisted development 1Password: From Magic to Malware - How OpenClaw's agent skills became a supply chain attack surface TLDR Newsletter - Source of the "write-only code" concept Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday. And, if you're feeling the love, support us on Patreon. With audio editing and engineering by ZCross Media. Full show notes and transcript here: https://workingcode.dev/episodes/248-ai-all-the-way-down/

Adam built a Claude Code skill for his Taffy REST framework and wanted to share it with the CFML community. Simple enough—create a GitHub repo, add some markdown files, done. But somewhere between "this is cool" and "anyone can install this," a familiar chill crept in. These skills are just text files. No checksums. No digital signatures. No verification that the thing you're installing won't quietly exfiltrate your code to some server in Eastern Europe. Sound familiar? It should. We've been here before—back when passwords lived in plain text and "security" meant hoping nobody looked too hard. The hosts dig into the unsettling parallels between today's LLM plugin ecosystem and the wild west of early internet security. Links Adam's Dotfiles Blog Post - Getting his shit together with dotfiles, Brewfile, and 1Password SSH agent CF Community LLM Marketplace - Adam's community marketplace for CFML-related Claude skills Steve Yegge's Google Platforms Rant - The infamous accidentally-public Google+ post Vibe Coding by Gene Kim & Steve Yegge - The audiobook Ben's been enjoying Socket.dev - Supply chain security for npm dependencies Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday. And, if you're feeling the love, support us on Patreon. With audio editing and engineering by ZCross Media. Full show notes and transcript here: https://workingcode.dev/episodes/247-trust-me-bro-llm-security/