Sign up to save your podcasts
Or
Share Why Are We STILL Getting Hacked Like This?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Why Are We STILL Getting Hacked Like This?
Most modern hacks aren’t happening because of genius attackers…
They’re happening because of simple decisions developers keep making.
In this episode of Shop Talk, Dave and Glen break down:
Why third-party scripts are still one of the biggest risks on the web
How modern dev stacks are increasing complexity (and attack surface)
Whether AI is helping developers… or making things worse
What actually separates a good developer in 2026
And as always — we’re answering real questions from viewers.
If you’ve ever wondered:
“Why does this keep happening?”
…this episode is for you.
Question of the Week:
Why are we still linking to code we don’t control?
📺 Shop Talk is where we dig into your questions, ideas, and opinions about software, systems, and the industry.
Leave your questions in the comments for the next episode.
00:00 - Start
00:18 - Hey I’m Dave
00:40 - It ticks me off every time I see a website linking to third party script files on a server they do not control.
02:43 - Dependencies, control, and attack surface
04:50 - Will we get to a point of eliminating the ability to run scripts?
06:02 - What does that say about control over these systems?
09:29 - Are we trusting systems too much?
10:44 - If you must use third-party scripts, what’s the right way to do it safely?
12:27 - Tooling, abstraction, and complexity
13:17 - Because XMLHttpRequest is too hard for people?
13:58 - What are we actually paying for now — complexity or value?
15:00 - Why does this guy have a VW shirt?
16:52 - Understanding vs generation
17:16 - Using AI to generate code… does that mean fewer developers actually understand what they’re building?
18:04 - If AI is just aggregating existing knowledge… is it actually creating anything new?
18:57 - AI is a large percent smoke & mirrors…
20:52 - Is it possible Claude is leaking itself on purpose?
21:28 - Ownership, testing, and risk
22:10 - If developers even accidentally read leaked code… can that affect their ability to work legally in the future?
22:39 - How do you test the restore?
23:55 - What matters for developers now
26:25 - Windows 11 is malware that installs itself despite user wishes…
27:11 - I’m rather enjoying using AI to pump out code and never having to hear another developer tell me how they are the best…
27:40 - Human side of technology
30:25 - Did wanting better hardware back then actually make you a better programmer?
30:57 - There used to be an app called The Simpsonizer… I guess AI can do that now…
32:53 - Are we losing something creative now that AI can do everything instantly?
36:20 - The Friendly Coder…
View all episodes
By Dave Plummer and Glen HodgesMost modern hacks aren’t happening because of genius attackers…
They’re happening because of simple decisions developers keep making.
In this episode of Shop Talk, Dave and Glen break down:
Why third-party scripts are still one of the biggest risks on the web
How modern dev stacks are increasing complexity (and attack surface)
Whether AI is helping developers… or making things worse
What actually separates a good developer in 2026
And as always — we’re answering real questions from viewers.
If you’ve ever wondered:
“Why does this keep happening?”
…this episode is for you.
Question of the Week:
Why are we still linking to code we don’t control?
📺 Shop Talk is where we dig into your questions, ideas, and opinions about software, systems, and the industry.
Leave your questions in the comments for the next episode.
00:00 - Start
00:18 - Hey I’m Dave
00:40 - It ticks me off every time I see a website linking to third party script files on a server they do not control.
02:43 - Dependencies, control, and attack surface
04:50 - Will we get to a point of eliminating the ability to run scripts?
06:02 - What does that say about control over these systems?
09:29 - Are we trusting systems too much?
10:44 - If you must use third-party scripts, what’s the right way to do it safely?
12:27 - Tooling, abstraction, and complexity
13:17 - Because XMLHttpRequest is too hard for people?
13:58 - What are we actually paying for now — complexity or value?
15:00 - Why does this guy have a VW shirt?
16:52 - Understanding vs generation
17:16 - Using AI to generate code… does that mean fewer developers actually understand what they’re building?
18:04 - If AI is just aggregating existing knowledge… is it actually creating anything new?
18:57 - AI is a large percent smoke & mirrors…
20:52 - Is it possible Claude is leaking itself on purpose?
21:28 - Ownership, testing, and risk
22:10 - If developers even accidentally read leaked code… can that affect their ability to work legally in the future?
22:39 - How do you test the restore?
23:55 - What matters for developers now
26:25 - Windows 11 is malware that installs itself despite user wishes…
27:11 - I’m rather enjoying using AI to pump out code and never having to hear another developer tell me how they are the best…
27:40 - Human side of technology
30:25 - Did wanting better hardware back then actually make you a better programmer?
30:57 - There used to be an app called The Simpsonizer… I guess AI can do that now…
32:53 - Are we losing something creative now that AI can do everything instantly?
36:20 - The Friendly Coder…