The Programming Podcast

• How One Email Nearly Broke the Internet!

  One phishy email to an npm maintainer set off a supply-chain scare that could’ve torched the web—yet the real on-chain damage was… cents. In this episode, we break down how a fake npm 2FA reset (from npmjs.help) led to malicious releases of popular packages like chalk and debug, how the payload hijacked browser crypto flows (monkey-patching window.ethereum, fetch, and XHR), why the blast radius stayed small, and what teams did right (shoutout to Aikido & Vercel).We finish with a rapid “Career Corner” on how to follow up after an interview—with copy-ready lines you can use.SITE https://www.programmingpodcast.com/Stay in Touch:📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at [email protected]!Danny Thompsonhttps://x.com/DThompsonDevhttps://www.linkedin.com/in/DThompsonDevwww.DThompsonDev.comLeon Noelhttps://x.com/leonnoelhttps://www.linkedin.com/in/leonnoel/https://100devs.org/📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at [email protected]!You’ll learn:- Spotting modern phishing (look-alike TLDs, urgency cues)- What the malware did and why front-end focus limited impact- The minute-by-minute timeline from phish → publish → takedown- Practical defenses: pin versions, lockfiles, audits, password managers, least-privilege tokens- How to write a follow-up email that closesIf this helps, hit 👍 and share with a teammate.Chapters0:00 – The phish that “almost destroyed the internet” (cold open)0:24 – Who clicked: maintainer behind big OSS (chalk, debug)0:44 – Payload in plain English (browser wallet-drainer)1:04 – Actual impact vs. potential blast radius1:20 – Intro + what we’ll cover2:23 – Why this story is everywhere & our plan3:43 – What you’ll know by the end (safety + lessons)4:20 – Act 1: The Email — npmjs.help and urgency tactics6:08 – Phishing 101: quick checks before you click8:25 – Psychology of scams (filtering + anecdotes)12:17 – Act 2: The Payload — monkey-patching fetch/XHR/window.ethereum14:44 – Why front-end focus limited the damage16:41 – How it was caught (Node fetch ReferenceErrors)17:52 – Six–eight hours to fix: containment recap20:04 – Magic links & password managers (practical wins)22:15 – Act 3: The Timeline — 18 packages, what happened when23:39 – Minutes matter: publish → detection → takedown25:12 – Community/GitHub issues light up; npm intervenes26:48 – Root-cause analysis & related accounts28:32 – “System worked” takeaways (+ why that’s good)31:18 – Dev hygiene: pin versions, audits, reduce deps33:10 – Myths debunked (no, every machine wasn’t “fully owned”)35:04 – Shout-outs: Aikido, Vercel, others that responded fast38:22 – Career Corner: following up after interviews (templates)53:22 – Wrap-up & next stepsHelpful links (add your URLs)Aikido write-up / detection notesVercel incident summary + cache purge notesnpm/GitHub advisories for affected packagesPassword manager recommendations / setup guide

  --------  

  53:29

  --------

  53:29
• The BIGGEST Reason Some Devs Get More Interviews Than Others

  Two devs. Same stack. Same years in. One gets three on-sites a week; the other gets ghosted. The difference isn’t talent—it’s process. We audit your job hunt like production: inputs & controls, bottlenecks, scripts that actually get replies, and the one KPI (MC/W) that predicts interviews.SITE https://www.programmingpodcast.com/Stay in Touch:📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at [email protected]!Danny Thompsonhttps://x.com/DThompsonDevhttps://www.linkedin.com/in/DThompsonDevwww.DThompsonDev.comLeon Noelhttps://x.com/leonnoelhttps://www.linkedin.com/in/leonnoel/https://100devs.org/📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at [email protected]!What you’ll learn:- Build a targeted, local-first company list (even if there’s no open req)- Warm outreach that prints: one-to-many LinkedIn, comments → DMs, “6-minute call” & 11:02 invites- Remove bottlenecks: Resume → Recruiter, Phone screen → Behavioral (STAR/CAR), Recruiter → Manager- The THRIVE framework to turn interrogations into conversations- Why proof vs promises (and why you shouldn’t sign exclusive recruiter agreements)- The audit loop: track MC/W, notes, weekly reviews, tiny improvements- If this helped, drop MC/W in the comments so others find it. 👇Chapters00:00 Two devs, same stack—process beats talent02:13 Act I: Inputs & Control (ideal companies, local-first, research, coffee chat prep)05:15 Activity vs quality (don’t just click apply)08:00 Burnout fix: focus on controllables09:35 Don’t sign exclusive recruiter agreements10:48 Warm vs cold outreach; break the pattern14:02 One-to-many on LinkedIn (comments that warm leads)15:54 DM makeovers that get replies17:58 Pattern breakers: 6-minute call, 11:02 invite21:03 Comment → DM handoff without bait-and-switch22:41 Great question → instant referral story24:54 Anti-DMs to avoid (“pick your brain?”, resume dump)27:34 Act II: Bottlenecks in your pipeline28:44 Resume → Recruiter (lead with outcomes, not fluff)33:03 Cut jargon the recruiter can’t repeat34:22 Phone screen → Behavioral (STAR/CAR)37:28 Recruiter → Manager (narrative + “tell me about yourself”)40:32 Act III: The Metric—MC/W (meaningful conversations per week)43:32 Networking beats blind applying45:10 Act IV: Playbook & Audit (THRIVE recap)47:26 Practice w/ AI voice role-play (recruiter, EM, meetup)50:27 Small improvements compound51:04 Tracking system: spreadsheet, notes, weekly reviews53:02 Systems vs motivation (James Clear callback)55:38 Listener Q: “The Chosen One” progress explained1:02:01 Technical skills ≠ job-getting skills1:04:13 Wrap

  --------  

  1:04:15

  --------

  1:04:15
• 49,000 voted. This is the #1 Software Developer Role in 2025!

  49,000 developers just crowned Full-Stack the #1 software developer role of 2025. We dig into the Stack Overflow Developer Survey (2025) and turn the data into an actionable career roadmap: what to learn, what to ignore, and how AI actually fits into your workflow.NEW SITE https://www.programmingpodcast.com/Stay in Touch:📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at [email protected]!💡 Sponsor: Level Up Financial PlanningChanging careers or increasing your income? Get financial clarity with Level Up Financial Planning—helping early and mid-career tech professionals secure their financial future. Visit LevelUpFinancialPlanning.com for a free consultation!https://www.levelupfinancialplanning.com/Danny Thompsonhttps://x.com/DThompsonDevhttps://www.linkedin.com/in/DThompsonDevwww.DThompsonDev.comLeon Noelhttps://x.com/leonnoelhttps://www.linkedin.com/in/leonnoel/https://100devs.org/📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at [email protected]!We break down:- Why Full-Stack leads (and what skills to stack to stay hireable)- The SQL vs NoSQL reality (Postgres on top) and how to pivot if you’re Mongo-first- Languages & frameworks that matter in 2025 (JS/TS, React/Next, .NET/Spring)- Tools to master: Docker (near-universal) + AWS (still the gap)- IDE reality: VS Code dominance, Cursor surge, where JetBrains fits- LLMs in practice: GPT usage, Claude’s rise, and smart model-routing- Agents, “vibe coding,” and where AI saves real time (tests, data, docs)- Pay & jobs snapshot + a blunt Q&A: CSS fundamentals vs TailwindChapters00:00 Cold open — the #1 role reveal00:36 Why this survey still matters (and its biases)01:55 Intros + Commit Your Code plug03:14 Who answered: 49k respondents, pros, age, country07:03 How devs learn in 2025: docs, AI tools, videos, bootcamps11:07 The reveal: Full-Stack is #112:42 What that means for careers (front-end-only is shrinking)14:28 Languages: JS/TS, Python, C#/Java — what to prioritize17:29 Sponsor — Level Up Financial Planning (levelupfinancialplanning.com)18:34 Databases: SQL dominance (Postgres first) + Mongo in context20:27 Cloud & dev tools: Docker as default, the AWS gap21:41 Web frameworks: React/Next, jQuery still huge, .NET & Spring23:11 IDEs: VS Code, Cursor surge, JetBrains, Vim/Neovim24:42 LLMs in practice: GPT vs Claude + model routing29:00 Team tools: GitHub/Jira/Miro + new Git alternatives30:24 OS choices: Windows vs macOS, WSL split31:16 Admired vs used: Rust/Elixir, Supabase, reality check37:02 AI adoption & where it helps most (search, tests, data, docs)41:41 Accuracy, complex tasks, and human-in-the-loop44:20 Dealing with “almost right” outputs (mindset shift)46:40 Agents & “vibe coding” + the Goose demo story50:32 Jobs, remote, US pay snapshot51:34 Q&A: CSS fundamentals → then Tailwind55:12 Outro

  --------  

  55:28

  --------

  55:28
• 12 Programming Myths Devs STILL Believe in 2025!

  On this episode of The Programming Podcast, Danny Thompson and Leon Noel unpack the biggest programming myths that confuse developers at every level. From “AI will take all dev jobs” to “DRY at all costs,” they separate hype from reality and share hard-won lessons from real teams in production.You will hear why paper Big-O is not the whole story, how cache behavior and data size impact real performance, and why map/reduce vs for loops is a wash on modern engines. We get into testing culture too: why E2E does not replace unit tests, how to use AI for test scaffolding without losing your engineering brain, and what actually improves product reliability. Danny also tackles the myths that Java is slow and GC is always bad, and both hosts talk about the cost curve where cloud is not cheaper than on-prem.The conversation closes with an “Ask Danny and Leon” mailbag on what really separates junior, mid, and senior engineers: independence, guardrails, impact, and the quality of questions you ask.If this helped, drop a comment with a myth you want us to tackle next, and subscribe for more practical, no-fluff engineering talk.Topics include:AI as a productivity tool vs one-click magicBig-O vs real-world performance and memory behaviorjQuery, Deno, Bun, and the hype cycleJavaScript the language vs browser APIsmap/reduce vs for loops on modern enginesUnit tests, integration tests, E2E, and using AI wiselyJava performance and garbage collection tuningDRY vs duplication and over-abstractionAccessibility as a defaultCloud costs vs on-prem at scaleCareer ladder: junior, mid, senior traitsHosts: Danny Thompson (Director of Technology, This Dot Labs; Commit Your Code Conference) and Leon Noel (Managing Director of Engineering, Resilient Coders; instructor at 100Devs)Chapters00:00 Intro and why myths still persist00:58 Host intros and setup for “Gem City” episode02:00 Myth 1: “AI is taking all dev jobs”03:33 When AI image gen goes sideways and why it is a tool, not a replacement06:03 Leon’s motion-blur trick for more believable AI images07:08 Myth 2: Big-O vs real performance in the wild09:52 Cache misses, allocation, data size, and why paper math can mislead11:30 Myth 3: “jQuery is dead” and the reality in legacy estates12:23 Deno and Bun hype vs actual employer adoption13:32 Why jQuery still ships and what we lost chasing complexity15:30 JavaScript the language vs DOM and host environment APIs16:58 Myth 4: “map/reduce are slower than for loops” on modern engines18:11 Myth 5: “E2E replaces unit tests”20:57 When testing cultures go wrong and how to course-correct22:46 Using AI for tests without losing critical thinking25:03 The 80-20 way to use AI on tickets and test suites27:01 Danny gets baited, Leon laughs28:01 Myth 6: “Java is slow” and “GC is always bad”30:30 Region and concurrent collectors, and why allocation patterns matter31:02 Engine differences and mental models across stacks31:58 Myth 7: “Everything must be DRY” vs useful duplication33:01 Strong opinions held weekly and leaving dogma behind34:22 How dev opinions evolve with experience34:52 Accessibility as a default, not a later task36:29 Myth 8: “Cloud is always cheaper than on-prem”37:17 Real-world cost surprises and pulling workloads back38:30 Hype cycles, Jamstack memories, and maintenance pain41:56 On-prem done right and budget realities43:49 Mailbag: junior vs mid vs senior, company variance45:25 Danny’s framework for levels: guardrails, impact, and ownership51:10 The power of high-quality questions at senior and staff levels52:10 Leveling up from mid: own initiatives and become the firefighter53:31 Wrap-up and sign-off

  --------  

  53:39

  --------

  53:39
• 6,000 Applications. 0 Jobs. What Went Wrong?

  6,000 Applications. 0 Jobs. What Went Wrong?In this episode, Danny & Leon break down the recent New York Times article about the collapse of $165,000 tech jobs — and why so many new computer science graduates are struggling to find work.This one gets personal. We dig into salary expectations, the rise of AI coding tools, offshoring, and the real reasons grads are stuck. Plus, we share how bad advice keeps job seekers trapped, and why networking + projects matter more than ever.⚠️ Disclaimer: This episode is heavier than usual. We felt deeply for the people featured in this article — so much so that we reached out to one of them, Zach, who applied to nearly 6,000 jobs, and spent 90 minutes helping him reframe his job search strategy. Our goal isn’t to mock, but to help anyone who feels stuck right now.If you’re in the middle of the job hunt, or just want to understand what’s happening in tech careers in 2025 — this is a must-listen.NEW SITE https://www.programmingpodcast.com/Stay in Touch:📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at [email protected]!Danny Thompsonhttps://x.com/DThompsonDevhttps://www.linkedin.com/in/DThompsonDevwww.DThompsonDev.comLeon Noelhttps://x.com/leonnoelhttps://www.linkedin.com/in/leonnoel/https://100devs.org/📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at [email protected]!⏱️ Chapters00:00 – Disclaimer & why this episode is different03:19 – Why we reacted to the NYT article live05:25 – Setting the stage: “Goodbye $165K tech jobs”06:59 – The salary inflation problem08:03 – Networking: why tech is no longer a free pass10:10 – Purdue grad struggles despite strong background15:23 – The promise (and failure) of the CS degree18:18 – The “learn to code = six figures” myth20:22 – FANG vs. reality: most jobs aren’t like that22:01 – Is AI really taking developer jobs? (spoiler: no)23:53 – Offshoring is the real threat25:39 – Headcount growth vs. layoff panic26:32 – Unemployment rates: myth vs. reality29:20 – The hidden flaw in applying to 6,000 jobs32:21 – “Clickers” & why mass-applying doesn’t work34:02 – Bootcamps & the cycle of bad advice35:38 – Ghosting, coding assessments & job search burnout39:02 – Zach’s story: 5,762 applications, 0 jobs41:01 – Why customizing your resume matters43:08 – The wrong vs. right way to job hunt46:13 – Reddit resumes & bad job hunt advice47:23 – Misreporting AI tools (CodeRabbit example)49:24 – The AI doom loop in job search52:12 – Government jobs, hiring freezes & policy shifts53:00 – The Purdue grad pivots to tech sales55:03 – Why the article fails its own subjects57:22 – Offshoring vs. AI (the real culprit)58:00 – What job seekers should be doing now59:32 – Listener Q&A: networking while still learning01:03:46 – The power of small, intentional networking01:06:11 – Balancing a non-tech job & coding journey01:09:49 – Final advice & episode wrap-up

  --------  

  1:10:20

  --------

  1:10:20

Weitere Technologie Podcasts

Trending Technologie Podcasts

Über The Programming Podcast