For ten years, Adam's codebase has carried an ORM layer that everybody knew was wrong and nobody was touching. Nine hundred functions. Fifteen hundred files. The kind of job that gets solemnly nodded at in architecture meetings and quietly dies on the roadmap — every single year. So he stopped waiting for a volunteer and handed it to an AI agent instead. Claude's problem now.

Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.

And, if you're feeling the love, support us on Patreon.

With audio editing and engineering by ZCross Media.

Full show notes and transcript here.

Ben had been riding high on vibe coding—throwaway scripts, zero attachment, pure productivity magic. Then he tried the same approach on a project he actually cares about and watched that 10x feeling crater to something closer to 10%. The bottleneck, it turns out, was never the typing.

The hosts dig into what it feels like to let go of code you used to care about, whether "write-only code" is actually the future, and the growing gap between building software and keeping it alive.

• Vibe Coding by Gene Kim & Steve Yegge - The audiobook on AI-assisted development
• 1Password: From Magic to Malware - How OpenClaw's agent skills became a supply chain attack surface
• TLDR Newsletter - Source of the "write-only code" concept

Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.

And, if you're feeling the love, support us on Patreon.

With audio editing and engineering by ZCross Media.

Full show notes and transcript here.

Adam built a Claude Code skill for his Taffy REST framework and wanted to share it with the CFML community. Simple enough—create a GitHub repo, add some markdown files, done. But somewhere between "this is cool" and "anyone can install this," a familiar chill crept in. These skills are just text files. No checksums. No digital signatures. No verification that the thing you're installing won't quietly exfiltrate your code to some server in Eastern Europe. Sound familiar? It should. We've been here before—back when passwords lived in plain text and "security" meant hoping nobody looked too hard.

The hosts dig into the unsettling parallels between today's LLM plugin ecosystem and the wild west of early internet security.

• Adam's Dotfiles Blog Post - Getting his shit together with dotfiles, Brewfile, and 1Password SSH agent
• CF Community LLM Marketplace - Adam's community marketplace for CFML-related Claude skills
• Steve Yegge's Google Platforms Rant - The infamous accidentally-public Google+ post
• Vibe Coding by Gene Kim & Steve Yegge - The audiobook Ben's been enjoying
• Socket.dev - Supply chain security for npm dependencies

Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @workingcode.dev on Bluesky. New episodes drop weekly on Thursday.

And, if you're feeling the love, support us on Patreon.

With audio editing and engineering by ZCross Media.

Full show notes and transcript here.