<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Walter Fan's Blog</title><link>https://www.fanyamin.com/blog/</link><description>手握灵珠常奋笔, 心开天籁不吹箫</description><atom:link href="https://www.fanyamin.com/blog/feeds/all.rss.xml" rel="self"/><lastBuildDate>Thu, 02 Jul 2026 23:50:00 +0800</lastBuildDate><item><title>什么样的技术书籍才值得一读再读</title><link>https://www.fanyamin.com/blog/evergreen-tech-books.html</link><description>&lt;p&gt;框架每年换一茬，但有些技术书十年后翻开还是有用。这篇聊聊我书架上被翻烂、后来又买了第二本的那几本经久耐看的技术书——《数据密集型应用系统设计》《性能之巅》《UNIX 编程艺术》之类——以及为什么它们比追新更值得花时间。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 02 Jul 2026 22:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-07-02:/blog/evergreen-tech-books.html</guid><category>Tech</category><category>books</category><category>reading</category><category>engineering</category><category>career</category><category>learning note</category></item><item><title>AI 写的代码：华丽袍子下面，也可能都是虱子</title><link>https://www.fanyamin.com/blog/ai-code-beautiful-robe.html</link><description>&lt;p&gt;最近一个 Golang 新项目让我重新认识了 AI 编程：顶流大模型加各种 harness，仍会写出看起来漂亮、跑起来似乎也没问题、但可读性和可维护性不尽如人意的代码。带 AI 就像带一个刚毕业的博士生——它懂得多，却不知道什么最适合你的产品、环境、业务和那座“屎山”。上岗必须备齐指导手册、设计与代码规范、架构原则、编码规范、验收清单，一个都不能少。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 01 Jul 2026 13:59:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-07-01:/blog/ai-code-beautiful-robe.html</guid><category>Journal</category><category>ai</category><category>coding</category><category>golang</category><category>harness</category><category>software-engineering</category><category>code-review</category><category>maintainability</category></item><item><title>超级个体真有那么神吗</title><link>https://www.fanyamin.com/blog/rusty-knowledge-in-ai-era.html</link><description>&lt;p&gt;AI 能让一个人像一支小队，但不能让一个人逃掉工程责任。真正的超级个体，不是炫耀百家招式，而是持续交付有价值的产品，满足用户需求，创造真实价值。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 30 Jun 2026 22:20:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-30:/blog/rusty-knowledge-in-ai-era.html</guid><category>Tech</category><category>AI</category><category>super-individual</category><category>polymath</category><category>full-stack</category><category>learning</category><category>engineering</category><category>career</category></item><item><title>生锈的知识，还能不能重新上场？</title><link>https://www.fanyamin.com/blog/relearning-rusty-cpp-av.html</link><description>&lt;p&gt;长久不用的知识会不会生锈？会。但真正危险的不是忘了细节，而是把生锈的手感误认为仍在巅峰。以大型 C++ 和 Audio/Video 项目为例，聊聊怎样让知识重新招之即来、来之能战。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 30 Jun 2026 21:42:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-30:/blog/relearning-rusty-cpp-av.html</guid><category>Tech</category><category>AI</category><category>C++</category><category>audio-video</category><category>learning</category><category>knowledge-management</category><category>engineering</category></item><item><title>临床八年制女生，接下来七年怎么学习和科研</title><link>https://www.fanyamin.com/blog/ai-clinical-medicine.html</link><description>&lt;p&gt;写给临床八年制本博连读、即将结束大一的医学女生：未来七年不要急着追工具、追热点、追论文，而要按阶段搭好医学基本功、临床思维、科研训练、数据工具箱和长期身心节奏。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 29 Jun 2026 23:01:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-29:/blog/ai-clinical-medicine.html</guid><category>Journal</category><category>AI</category><category>clinical-medicine</category><category>healthcare</category><category>methodology</category><category>learning</category></item><item><title>在你懈怠时，如何让别人推你一把？</title><link>https://www.fanyamin.com/blog/let-others-push-you.html</link><description>&lt;p&gt;人难免懈怠、偷懒、迷茫。真正成熟的自律，不是永远靠一个人硬扛，而是主动设计协作、反馈和承诺，让团队、朋友和同事在关键时刻推你一把。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 29 Jun 2026 19:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-29:/blog/let-others-push-you.html</guid><category>Journal</category><category>journal</category><category>career</category><category>teamwork</category><category>self-management</category><category>methodology</category><category>growth</category></item><item><title>狭路相逢勇者胜</title><link>https://www.fanyamin.com/blog/have-a-dream.html</link><description>&lt;p&gt;写给站在人生十字路口的青年朋友：路窄时不要急着否定自己，真正的勇敢是先稳住，再学习，再行动。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 29 Jun 2026 19:01:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-29:/blog/have-a-dream.html</guid><category>Journal</category><category>journal</category><category>career</category><category>young-people</category><category>crossroads</category><category>courage</category><category>learning</category><category>growth</category></item><item><title>打翻的牛奶，别再喝第二遍：给悔恨的行动手册</title><link>https://www.fanyamin.com/blog/spilled-milk.html</link><description>&lt;p&gt;错误选择带来的悔恨，像毒蛇一样每天噬咬人心。这个行动手册不劝你立刻放下，而是给出一套可执行的方法：先止血，再复盘，再补救，最后把执念交给风。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 28 Jun 2026 17:05:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-28:/blog/spilled-milk.html</guid><category>Journal</category><category>journal</category><category>reflection</category><category>regret</category><category>emotion</category><category>mental-health</category><category>人生</category><category>行动手册</category></item><item><title>别让 AI 替你编简历：用 DDD 把求职材料建模</title><link>https://www.fanyamin.com/blog/ai-resume-cover-letter-ddd.html</link><description>&lt;p&gt;不要一上来就让 AI “帮我写一份简历”。先按 DDD 思想把求职者、目标职位、证据和匹配关系建模，再让 AI 生成可审查、可复用、可迭代的简历和求职信。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 28 Jun 2026 10:20:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-28:/blog/ai-resume-cover-letter-ddd.html</guid><category>AI</category><category>AI</category><category>career</category><category>resume</category><category>cover-letter</category><category>DDD</category><category>prompt-engineering</category></item><item><title>人脸识别入门其实不玄：从一张脸到一个名字</title><link>https://www.fanyamin.com/blog/face-recognition-is-simple.html</link><description>&lt;p&gt;人脸识别听起来像玄学，其实入门链路可以拆成检测人脸、裁剪样本、训练模型、设定阈值这几步。本文基于一个 OpenCV + MediaPipe 的教学 demo，讲清楚 Haar、Face Mesh、LBPH 各自负责什么，如何用 Poetry 跑通采集、训练和识别链路，以及为什么教学级 demo 不能直接拿去当门禁或支付系统。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 27 Jun 2026 22:10:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-27:/blog/face-recognition-is-simple.html</guid><category>Tech</category><category>python</category><category>opencv</category><category>mediapipe</category><category>face-recognition</category><category>lbph</category><category>computer-vision</category><category>demo</category></item><item><title>为什么需要 KMS 和信封加密</title><link>https://www.fanyamin.com/blog/why-kms-envelope-encryption.html</link><description>&lt;p&gt;从数据库泄露、密钥轮换和故障边界说起，解释为什么需要 KMS，以及信封加密如何把密钥管理这件事做得更稳。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 27 Jun 2026 22:02:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-27:/blog/why-kms-envelope-encryption.html</guid><category>Tech</category><category>security</category><category>cryptography</category><category>kms</category><category>envelope-encryption</category></item><item><title>Markpad：我给 Markdown 装了一个本地驾驶舱</title><link>https://www.fanyamin.com/blog/markpad-local-markdown-reader-translator.html</link><description>&lt;p&gt;Markdown 写起来很舒服，但读起来、预览起来、跨中英文翻译起来并不总是舒服。Markpad 是我做的一个本地 Markdown Web 工具，把文件索引、左右分栏编辑预览、主题、图表渲染、实时分享和 LLM 翻译放在一起，解决自己每天写文档时的一个小但扎人的痛点。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 27 Jun 2026 20:49:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-27:/blog/markpad-local-markdown-reader-translator.html</guid><category>Tech</category><category>markpad</category><category>markdown</category><category>editor</category><category>preview</category><category>llm</category><category>translation</category><category>sharing</category><category>local-first</category><category>python</category><category>fastapi</category></item><item><title>老程序员的护城河：思想与方法，比技巧更耐用</title><link>https://www.fanyamin.com/blog/old-programmer-moat.html</link><description>&lt;p&gt;老程序员真正的护城河，不是会几道 LeetCode、背几个算法，而是胸中的丘壑、心中的准则、脑子里的体系，以及知道自己几斤几两的清醒。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 27 Jun 2026 10:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-27:/blog/old-programmer-moat.html</guid><category>Journal</category><category>career</category><category>methodology</category><category>learning</category><category>thinking</category><category>software-engineering</category></item><item><title>AI 时代高级程序员的门槛在哪里？以 WebRTC 为例</title><link>https://www.fanyamin.com/blog/ai-era-senior-programmer-webrtc.html</link><description>&lt;p&gt;AI 会写 WebRTC demo，也能解释 SDP、ICE、RTP、RTCP，但 RTC 应用真正难的是把音频、视频、网络、QoS 和用户感知串起来。高级程序员的门槛不在“懂得多”，而在对原理的深刻领悟、对失败模式的判断、以及从事故和教训里长出来的工程直觉。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 26 Jun 2026 23:40:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-26:/blog/ai-era-senior-programmer-webrtc.html</guid><category>Tech</category><category>AI</category><category>WebRTC</category><category>RTC</category><category>audio-video</category><category>QoS</category><category>engineering</category><category>career</category></item><item><title>IT 中间件三岔路：买、用开源，还是自研</title><link>https://www.fanyamin.com/blog/build-vs-buy-enterprise-middleware.html</link><description>&lt;p&gt;最近又被几个内部自研平台教育了一回：东西能跑，但难学、难问、难接手，很多“为什么”只存在某些人的脑子里。本文借这个亲身体会，聊聊企业中间件到底该买、用开源，还是自研；也给一份少踩坑的决策清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 26 Jun 2026 22:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-26:/blog/build-vs-buy-enterprise-middleware.html</guid><category>Tech</category><category>middleware</category><category>platform-engineering</category><category>build-vs-buy</category><category>architecture</category><category>engineering-management</category></item><item><title>别用别人的错误来惩罚自己</title><link>https://www.fanyamin.com/blog/dont-punish-yourself-for-others-mistakes.html</link><description>&lt;p&gt;这个世界固然有太多不公平、太多不合理，可是别人的违法和失责，不该由你的睡眠、胃口和生活来买单。该抗争时抗争，该记录时记录，该放下时放下，别让坏人顺手偷走你的人生。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 26 Jun 2026 09:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-26:/blog/dont-punish-yourself-for-others-mistakes.html</guid><category>Journal</category><category>journal</category><category>reflection</category><category>emotion</category><category>mental-health</category><category>情绪管理</category><category>人生</category></item><item><title>谁能无悔：别让悔恨把你拖进深渊</title><link>https://www.fanyamin.com/blog/who-can-live-without-regret.html</link><description>&lt;p&gt;悔恨最噬咬人心。人生走到一个个十字路口，总有选对和选错的时候。真正要紧的，不是证明自己从不后悔，而是学会把悔恨从漩涡变成路标。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 25 Jun 2026 14:20:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-25:/blog/who-can-live-without-regret.html</guid><category>Journal</category><category>journal</category><category>reflection</category><category>regret</category><category>mental-health</category><category>情绪管理</category></item><item><title>AI 写得太快，肉眼看不过来：当 Code Review 成为新瓶颈</title><link>https://www.fanyamin.com/blog/2026-06-24-ai-code-review-bottleneck.html</link><description>&lt;p&gt;Claude Code 和 Codex 把写代码这件事的速度推到 5 倍、10 倍，但人脑的阅读速度还是那个阅读速度。结果是：MR 排成长队，reviewer 心虚地点 Approve，bug 一个接一个上线。不看不放心，全看没时间——这篇文章给你一套既要速度又要质量的 review 分层策略。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 24 Jun 2026 22:14:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-24:/blog/2026-06-24-ai-code-review-bottleneck.html</guid><category>Journal</category><category>AI</category><category>code review</category><category>claude code</category><category>codex</category><category>workflow</category><category>engineering</category><category>PKB</category></item><item><title>知之非艰，行之惟艰：重读"知行合一"</title><link>https://www.fanyamin.com/blog/wang-yangming-knowing-and-doing.html</link><description>&lt;p&gt;王阳明那句"知之真切笃实处即是行，行之明觉精察处即是知"看起来像大白话，可真要拿它照照自己，多数人会发现，自己嘴上知道的事，其实一件没真知道。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 24 Jun 2026 21:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-24:/blog/wang-yangming-knowing-and-doing.html</guid><category>Journal</category><category>读书</category><category>哲学</category><category>阳明心学</category><category>知行合一</category><category>王阳明</category><category>AI</category></item><item><title>2026 下半年非技术书单：先把葛文德读完</title><link>https://www.fanyamin.com/blog/2026-h2-reading-list.html</link><description>&lt;p&gt;列一份 2026 年 6 月到 12 月的非技术阅读清单，优先读完阿图·葛文德剩下的三本书，再延伸到反过度思考、禅与正念、古典哲学三条线，每本附"为什么读 + 怎么读"和豆瓣链接。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 24 Jun 2026 14:50:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-24:/blog/2026-h2-reading-list.html</guid><category>Journal</category><category>读书</category><category>书单</category><category>非技术</category><category>葛文德</category><category>哲学</category><category>修身</category></item><item><title>给予比接受更幸福</title><link>https://www.fanyamin.com/blog/giving-is-happier-than-receiving.html</link><description>&lt;p&gt;帮女儿解题、帮同学修网络、给家人买礼物、在网上答疑——做这些事，我比收礼物还快乐。这种"给予比接受更幸福"的感觉，从心理学、东西方哲学到佛学禅宗，都能找到说道。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 23 Jun 2026 22:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-23:/blog/giving-is-happier-than-receiving.html</guid><category>Journal</category><category>幸福</category><category>哲学</category><category>佛学</category><category>给予</category><category>人生</category></item><item><title>步履不停：人生总是慢那么一拍</title><link>https://www.fanyamin.com/blog/steps-in-the-walking.html</link><description>&lt;p&gt;重看是枝裕和的《步履不停》，想起 12 岁那年走了的父亲、在火车站卖报纸养大我们兄弟的母亲，还有几年前离开的岳父。人深藏心底的感情多么珍贵，珍惜眼前人，难忘过去的人和时光。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 23 Jun 2026 22:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-23:/blog/steps-in-the-walking.html</guid><category>Journal</category><category>电影</category><category>是枝裕和</category><category>人生</category><category>亲情</category><category>回忆</category></item><item><title>用 Codex 怎么省 Token：账单别让上下文偷偷烧掉</title><link>https://www.fanyamin.com/blog/codex-save-token.html</link><description>&lt;p&gt;用 Codex 写代码，token 烧得最快的往往不是模型多能干，而是上下文管理不当。这篇文章从 Codex 的 agent loop、项目指令和 prompt 缓存机制讲起，给出一份能直接照做、也能度量效果的省 token 清单：什么时候开新会话、AGENTS.md 怎么瘦身、怎么选模型和推理档位、怎么监控自己的消耗。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 23 Jun 2026 19:20:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-23:/blog/codex-save-token.html</guid><category>Tech</category><category>codex</category><category>ai</category><category>token</category><category>cost</category><category>context</category><category>productivity</category><category>agents-md</category></item><item><title>一通视频会议骗走 2500 万：当 CFO 的脸也能伪造</title><link>https://www.fanyamin.com/blog/deepfake-fraud.html</link><description>&lt;p&gt;2024 年初，英国工程公司 Arup 的一名香港员工，在一通"全员都是深度伪造"的视频会议里被骗，分 15 笔转出 2500 万美元。这篇文章拆一拆这起事件的链条，聊聊为什么"看到脸、听到声"已经不再等于"确认身份"，为什么坏人没变少只是换了赛道（从扒窃到 deepfake 再到二维码），以及更隐蔽的一层——别盲目相信你自己授权的 AI Agent（OpenClaw "小龙虾"风波），并给出一份可以抄走的反诈核对清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 23 Jun 2026 15:40:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-23:/blog/deepfake-fraud.html</guid><category>Tech</category><category>security</category><category>deepfake</category><category>social-engineering</category><category>fraud</category><category>ai</category><category>qrcode</category><category>ai-agent</category></item><item><title>给女儿找作文书，撞见了一位百年前的安徽老乡</title><link>https://www.fanyamin.com/blog/2026-06-22-gao-yuhan.html</link><description>&lt;p&gt;为女儿找一本作文书，无意中翻到一百年前一位安徽寿县老乡写的《国文作法》，顺藤摸瓜，才发现这位从没听说过的同乡，竟有那样一段从马炮营起义到黄埔讲台、再到贫病客死的传奇人生。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 22 Jun 2026 21:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-22:/blog/2026-06-22-gao-yuhan.html</guid><category>Journal</category><category>journal</category><category>history</category><category>reading</category><category>anhui</category></item><item><title>心智的五个台阶：别让年龄长到四十，心还停在巨婴</title><link>https://www.fanyamin.com/blog/five-orders-of-mind.html</link><description>&lt;p&gt;美剧《无耻之徒》里那群长不大的人，给了我一个扎心的提醒：年龄会自动增长，心智不会。借罗伯特·凯根的"心智五阶"，对照孔子、王阳明、斯多葛和尼采，聊聊在这个内卷的时代，怎么按自己的节奏把心养大，成为自己心里想要的那个样子。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 20 Jun 2026 23:55:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-20:/blog/five-orders-of-mind.html</guid><category>Journal</category><category>心智成熟</category><category>哲学</category><category>人生</category><category>自我成长</category><category>Kegan</category></item><item><title>用苏格拉底提问法给设计方案做体检</title><link>https://www.fanyamin.com/blog/socratic-questioning-design.html</link><description>&lt;p&gt;设计评审上最值钱的不是答案，是问题。借《The Thinker's Guide to Socratic Questioning》的九类提问，和《胡思乱想消除指南》里对付灾难化思维的那套反驳法，我把它们改造成一份可以照着问的设计体检清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 20 Jun 2026 21:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-20:/blog/socratic-questioning-design.html</guid><category>Tech</category><category>design-review</category><category>critical-thinking</category><category>methodology</category><category>socratic-questioning</category><category>architecture</category></item><item><title>给 AI Agent 上把锁：LLM 应用的安全清单</title><link>https://www.fanyamin.com/blog/llm-agent-security-checklist.html</link><description>&lt;p&gt;传统软件的攻击面是"代码里的洞"，LLM 应用多了一个要命的新洞——模型会"听话"地执行别人塞进来的指令。一个帮你总结网页的 Agent，可能因为网页里藏了一句"把用户的 key 发到我这里"就真的照做。这篇按 Prompt 层、Agent 层、数据层、运营层四层梳理 LLM 应用与 AI Agent 的安全要点，配上几个典型翻车实例、一份行动清单和一份上线检查清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 20 Jun 2026 14:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-20:/blog/llm-agent-security-checklist.html</guid><category>Tech</category><category>AI</category><category>security</category><category>llm</category><category>ai-agent</category><category>prompt-injection</category><category>threat-modeling</category><category>methodology</category></item><item><title>读人生的智慧：叔本华的话能信几分</title><link>https://www.fanyamin.com/blog/schopenhauer-wisdom-of-life.html</link><description>&lt;p&gt;重读叔本华《人生的智慧》，聊聊古人的智慧哪些到今天还管用，哪些得打个折，顺便对照一下西方哲学和中国哲学看人生的不同路数。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 19 Jun 2026 23:15:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-19:/blog/schopenhauer-wisdom-of-life.html</guid><category>Journal</category><category>读书</category><category>哲学</category><category>人生</category><category>叔本华</category></item><item><title>AI 编程新范式：80% 在想，10% 在写，10% 在验</title><link>https://www.fanyamin.com/blog/ai-programming-8-1-1.html</link><description>&lt;p&gt;过去写软件，大半时间花在敲代码上。AI 把"敲代码"这件事的成本压到接近于零之后，时间该怎么重新分配？我的答案是一个有点夸张、但越用越觉得对的比例：80% 在思考与讨论（架构、流程、测试用例、度量、CI/CD、Harness），10% 在编程，10% 在验证。本文聊清楚这 80% 到底在想什么、剩下两个 10% 怎么花，以及为什么这个转变对老程序员是好事、对新手是陷阱。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 18 Jun 2026 12:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-18:/blog/ai-programming-8-1-1.html</guid><category>Tech</category><category>AI</category><category>harness-engineering</category><category>software-design</category><category>code-review</category><category>testing</category><category>methodology</category></item><item><title>用 DDD 的眼光重看 Kubernetes：一堆 YAML 背后其实是一套领域模型</title><link>https://www.fanyamin.com/blog/k8s-ddd-domain-model.html</link><description>&lt;p&gt;很多人学 K8S 是在背 kind 和 kubectl 命令，越背越乱。换个角度看：Kubernetes 其实是一套教科书级的 DDD + 声明式系统。本文用领域驱动设计的词汇给 Pod、Deployment、Service、Namespace、CRD 这些对象归位——spec/status 是聚合的期望与现状，label selector 是规约模式，Namespace 是限界上下文，Controller 的 reconcile 是领域服务，etcd + API Server 是仓储。看懂这套模型，对象自己就归队了，写 Operator 也会顺很多。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 14 Jun 2026 23:10:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-14:/blog/k8s-ddd-domain-model.html</guid><category>Tech</category><category>kubernetes</category><category>k8s</category><category>ddd</category><category>domain-driven-design</category><category>领域建模</category><category>声明式API</category><category>operator</category><category>crd</category><category>云原生</category></item><item><title>授权的领域模型：从 RBAC、ABAC 到 Keycloak、Vault 的一张全景图</title><link>https://www.fanyamin.com/blog/authz-domain-model.html</link><description>&lt;p&gt;授权（AuthZ）先是一个领域建模问题，再是一个选型问题。本文先把授权的领域模型拆成"四元组 + 决策四件套"，再说清 ACL / RBAC / ABAC / ReBAC / PBAC 只是同一个模型的不同切法，最后横向对比 Keycloak、HashiCorp Vault、OPA、Casbin、OpenFGA、Cedar 这几个常被混为一谈的实现，并给出一张选型决策表。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 14 Jun 2026 22:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-14:/blog/authz-domain-model.html</guid><category>Tech</category><category>authorization</category><category>rbac</category><category>abac</category><category>rebac</category><category>keycloak</category><category>vault</category><category>opa</category><category>security</category><category>授权</category><category>访问控制</category></item><item><title>酒香也怕巷子深：用 AI Skill 给内容和产品装上运营循环</title><link>https://www.fanyamin.com/blog/ai-skill-growth-loop.html</link><description>&lt;p&gt;好文章和好产品不会自动被看见。真正值得做的不是让 AI 替你喊口号，而是把选题、改写、分发、反馈和复盘沉淀成可重复执行的 Skill，让运营变成一条能持续改进的循环。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 12 Jun 2026 15:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-12:/blog/ai-skill-growth-loop.html</guid><category>Tech</category><category>AI</category><category>agent</category><category>skill</category><category>content-ops</category><category>product-growth</category><category>loop-engineering</category><category>github</category><category>open-source</category><category>social-media</category><category>douyin</category><category>short-video</category><category>MDD</category><category>metrics</category></item><item><title>Loop Engineering：别再手摇 AI 了，去设计那台摇柄</title><link>https://www.fanyamin.com/blog/loop-engineering.html</link><description>&lt;p&gt;过去两年，跟 AI 编程的姿势是"我打字、它回话"，一个回合接一个回合。Loop Engineering 提出的新姿势是：你不再亲自下场提问，而是设计一个系统去替你问、去检查、去记笔记、去决定下一步该问什么。本文梳理这套思路的来龙去脉、五个零件加一块"备忘录"的结构、它在 Codex 和 Claude Code 里长什么样，以及它真正的难点为什么不在工具，而在"你还想不想当工程师"。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 12 Jun 2026 13:50:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-12:/blog/loop-engineering.html</guid><category>Tech</category><category>loop-engineering</category><category>AI</category><category>agent</category><category>harness-engineering</category><category>claude-code</category><category>codex</category></item><item><title>拷问、共创、固化：把三个 AI Skill 串成一条设计流水线</title><link>https://www.fanyamin.com/blog/three-ai-design-skills.html</link><description>&lt;p&gt;上一篇我聊了 &lt;code&gt;grill-me&lt;/code&gt;，这次再拉上 &lt;code&gt;brainstorming&lt;/code&gt; 和 &lt;code&gt;openspec-propose&lt;/code&gt; 一起比。三个 skill 看着各管一摊，其实是 AI 参与方案设计的三种姿势：拷问、共创、固化。本文提炼它们共享的精华，也说说各自的独门绝技，最后给一条可以照抄的串联流水线。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 11 Jun 2026 19:50:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-11:/blog/three-ai-design-skills.html</guid><category>Tech</category><category>AI</category><category>skill</category><category>prompt-engineering</category><category>agent</category><category>design-review</category><category>openspec</category></item><item><title>Go 服务用 AI 写代码：工具链白送了半套 harness，你只是没拧紧</title><link>https://www.fanyamin.com/blog/golang-ai-harness.html</link><description>&lt;p&gt;同样用 AI 写代码，Go 后端比 Spring Boot 那套好伺候——因为 Go 的工具链（gofmt / go vet / go test -race / -cover）天生白送了半套 harness。问题是，白送的不等于拧紧的，多数团队连这半套都没接进 CI 闸门。本文讲清楚 AI 在 Go 项目里真正爱翻的三块（吞错误、并发竞态、幻觉依赖），怎么先把白送的工具链拧紧，再用 AGENTS.md、internal 边界、depguard、表驱动测试、golangci-lint 把缺的那半套补上，并给出可直接抄的配置、CI 闸门和行动 / 检查清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 11 Jun 2026 19:10:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-11:/blog/golang-ai-harness.html</guid><category>Tech</category><category>AI</category><category>harness</category><category>golang</category><category>go</category><category>testing</category><category>golangci-lint</category><category>ci</category></item><item><title>一个 11 行 Skill，为什么能把方案拷问得更靠谱</title><link>https://www.fanyamin.com/blog/grill-me-skill-analysis.html</link><description>&lt;p&gt;&lt;code&gt;grill-me&lt;/code&gt; 这个 skill 只有短短几行，却抓住了 AI 参与方案设计时最容易缺失的一件事：持续追问。它的增强版 &lt;code&gt;grill-with-docs&lt;/code&gt; 又把追问接到了领域词汇、代码事实和决策文档上。本文分析它们的可取之处、适用场景、使用方法和改进空间。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 10 Jun 2026 21:43:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-10:/blog/grill-me-skill-analysis.html</guid><category>Tech</category><category>AI</category><category>skill</category><category>prompt-engineering</category><category>agent</category><category>design-review</category></item><item><title>AI 时代，学习不是少了，而是重心变了</title><link>https://www.fanyamin.com/blog/ai-era-learning.html</link><description>&lt;p&gt;AI 不会消灭学习，它只是让浅层会用变得便宜，让系统理解、判断力和可迁移能力变得更值钱。本文尝试把 AI 时代的学习重心，从记忆事实和追逐工具，转向原理、抽象、判断和长期积累。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 09 Jun 2026 22:21:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-09:/blog/ai-era-learning.html</guid><category>Journal</category><category>AI</category><category>learning</category><category>methodology</category><category>career</category></item><item><title>文化也会腐化：从阿里到 Zoom，伟大公司怎么让价值观活下来</title><link>https://www.fanyamin.com/blog/great-company-culture.html</link><description>&lt;p&gt;读完网传的钉钉内网长文《置身钉内》，我只觉得压抑又唏嘘——那个曾经把"认真生活，快乐工作"写进人心的阿里，六脉神剑似乎已沦为纸面文字。文化和代码一样会腐化。本文借这篇亲历者复盘，从阿里聊到我现在所在的 Zoom：一家真正值得尊重的公司，怎么靠机制让文化不停留在纸面、不被高压管控与功利内卷消解，反而深入人心。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 08 Jun 2026 19:40:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-08:/blog/great-company-culture.html</guid><category>Journal</category><category>culture</category><category>management</category><category>career</category><category>alibaba</category><category>zoom</category></item><item><title>传统 Java 项目用 AI 写代码总翻车？先把 harness 修好</title><link>https://www.fanyamin.com/blog/improve-java-project-harness.html</link><description>&lt;p&gt;AI 写小函数行云流水，一到 Spring Boot + MyBatis + MySQL + Kafka 的大功能就顾此失彼、改 A 坏 B。这不是模型太笨，而是项目的 harness 太差——AI 像个聪明但失忆、看不到全局、不敢负责的新外包。本文把 PKB、SDD、DDD、TDD、BDD、MDD 还原成 harness 的六块拼图：上下文、规约、领域边界、回归测试网、行为契约、度量闭环，并给出在传统 Java 项目里渐进落地的顺序。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 07 Jun 2026 23:20:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-07:/blog/improve-java-project-harness.html</guid><category>Tech</category><category>AI</category><category>harness</category><category>java</category><category>spring-boot</category><category>ddd</category><category>tdd</category><category>bdd</category><category>sdd</category></item><item><title>AI 时代的信息资源管理：让八面来风变成知识流水线</title><link>https://www.fanyamin.com/blog/ai-information-resource-management.html</link><description>&lt;p&gt;信息从 Zoom Chat、Zoom Doc、Email、Confluence、Jira、GitLab/GitHub、个人笔记和博客里涌来，靠人肉阅读早就不够用了。AI 能帮我们做采集、清洗、ETL、摘要、索引和挖掘，但真正的关键不是全自动，而是把信息分流到 Action、Decision、Knowledge、Archive 四个出口，变成有人负责、有来源、有边界、能服务行动的知识流水线。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 07 Jun 2026 22:47:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-07:/blog/ai-information-resource-management.html</guid><category>Tech</category><category>AI</category><category>information-management</category><category>knowledge-management</category><category>ETL</category><category>productivity</category></item><item><title>ArchUnit：用一个单元测试库，把架构纪律变成 AI 也绕不过的红绿灯</title><link>https://www.fanyamin.com/blog/archunit-harness.html</link><description>&lt;p&gt;架构图画在 wiki 上，三个月后就和代码对不上了——这叫架构腐化，AI 时代腐化得更快。ArchUnit 的思路很朴素：把"Controller 不许直连 Mapper""领域之间不许循环依赖"这类约定写成会失败的测试，跟着 mvn test 一起跑。它本质上就是 JUnit，却能把你脑子里的架构纪律，变成 AI 和新人都绕不过去的硬约束。本文讲清楚 ArchUnit 是什么、怎么用、怎么在老项目里冻结存量违规，以及它为什么能大幅提升项目的 harness 水平。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 07 Jun 2026 19:40:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-07:/blog/archunit-harness.html</guid><category>Tech</category><category>AI</category><category>harness</category><category>java</category><category>archunit</category><category>architecture</category><category>testing</category></item><item><title>Python 动态语言里的安全带：Pydantic 用法与最佳实践</title><link>https://www.fanyamin.com/blog/pydantic-best-practices.html</link><description>&lt;p&gt;Python 没有静态编译这道关口，很多错误会拖到运行时才露头。Pydantic 不是银弹，它和 mypy、pyright、ruff 这类静态检查工具也不是一回事。它真正擅长的是把 API、配置、消息、LLM 输出这些不可信数据变成有边界、有约束、可测试的对象。本文以 Pydantic v2 为主，总结常用写法、工程实践和容易踩的坑。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 05 Jun 2026 16:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-05:/blog/pydantic-best-practices.html</guid><category>Tech</category><category>python</category><category>pydantic</category><category>validation</category><category>backend</category><category>best-practices</category></item><item><title>PERM 模型与 Casbin：把云端授权从代码里抠出去</title><link>https://www.fanyamin.com/blog/perm-casbin.html</link><description>&lt;p&gt;PERM 元模型把 Policy、Effect、Request、Matchers 四块拼图抽象出来，让一份配置文件就能撑起 ACL、RBAC、ABAC 各种授权花样。Casbin 是这套理论的工程化身，本文用 Go 例子拆开讲它怎么工作，顺便和 OPA 比一比。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 02 Jun 2026 21:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-02:/blog/perm-casbin.html</guid><category>Tech</category><category>authorization</category><category>casbin</category><category>perm</category><category>go</category><category>cloud</category><category>security</category></item><item><title>给 AI Agent 装个行车记录仪：用 Claude Code 和 Codex 的 Hook 追踪 Skill 调用</title><link>https://www.fanyamin.com/blog/track-ai-skill-usage-with-hooks.html</link><description>&lt;p&gt;用 Claude Code 和 Codex CLI 各自官方的 hook 机制，把 AI Agent 调用 skill 的过程审计下来——什么时候触发了、传了什么参数、跑了多久，全留痕。给两家都给出可直接抄的配置。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 01 Jun 2026 22:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-06-01:/blog/track-ai-skill-usage-with-hooks.html</guid><category>Tech</category><category>AI Agent</category><category>Claude Code</category><category>Codex</category><category>Hooks</category><category>Observability</category><category>Skills</category></item><item><title>远离 AI 一天又怎么样</title><link>https://www.fanyamin.com/blog/2026-05-31-away-from-ai-one-day.html</link><description>&lt;p&gt;AI 很好用，但偶尔远离它一天，重新用自己的大脑、眼睛、耳朵和手感受世界，也许是内容创作者保留清醒的一种方式。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 31 May 2026 07:21:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-31:/blog/2026-05-31-away-from-ai-one-day.html</guid><category>Journal</category><category>journal</category><category>ai</category><category>thinking</category><category>productivity</category></item><item><title>FDE：新瓶旧酒，还是 AI 时代的新工程师？</title><link>https://www.fanyamin.com/blog/forward-deployed-engineer.html</link><description>&lt;p&gt;FDE 不是 Full Stack Engineer 的新缩写，也不只是国内常见的驻场工程师。它离客户很近，但真正的分水岭在于：是否带着工程授权、产品化责任和可复用的反馈闭环去解决问题。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 30 May 2026 10:46:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-30:/blog/forward-deployed-engineer.html</guid><category>Tech</category><category>AI</category><category>FDE</category><category>Forward Deployed Engineer</category><category>product engineering</category><category>career</category></item><item><title>从传统 Wiki 到 AI 增强知识库</title><link>https://www.fanyamin.com/blog/cong-chuan-tong-wiki-dao-ai-zeng-qiang-zhi-shi-ku.html</link><description>&lt;p&gt;我自己用 SQLite 写了一个传统 Wiki，链接靠手动维护。读了 llm_wiki 项目后，我没有推倒重来，而是决定吸收其精华，用 Python 写一个小工具来渐进增强。AI 是工人、咨询师、秘书，人才是知识库的主人。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 29 May 2026 23:06:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-29:/blog/cong-chuan-tong-wiki-dao-ai-zeng-qiang-zhi-shi-ku.html</guid><category>Tech</category><category>LLM</category><category>Wiki</category><category>knowledge-base</category><category>RAG</category><category>AI</category><category>documentation</category><category>knowledge-management</category></item><item><title>影响圈和关注圈：一个被我反复忽略、又反复救我的坐标系</title><link>https://www.fanyamin.com/blog/circle-of-influence-vs-concern.html</link><description>&lt;p&gt;咱们一天的精力，多半花在了关注圈——抱怨老板、骂大环境、替别人的人生操心。柯维在《高效能人士的七个习惯》里留了一张特别朴素的图：影响圈和关注圈。同样的劲，花在影响圈里过几个月就有回声，花在关注圈里只剩内伤。这是一篇关于"力气往哪儿使"的复盘。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 26 May 2026 22:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-26:/blog/circle-of-influence-vs-concern.html</guid><category>Journal</category><category>reflection</category><category>methodology</category><category>7-habits</category><category>stephen-covey</category><category>career</category><category>productivity</category></item><item><title>在 AI 时代慢下来：从《思考，快与慢》说起，怎么把脑子用回来</title><link>https://www.fanyamin.com/blog/thinking-slow-in-ai-era.html</link><description>&lt;p&gt;一边用 AI 一边刷信息流，我把自己刷得越来越浅，直到重读《思考，快与慢》才意识到——AI 时代真正稀缺的不是答案，是肯慢下来想一件事的能力。这是一篇关于"装了又卸"的自我反省，也是一份给工程师的"反系统 1"操作清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 25 May 2026 22:10:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-25:/blog/thinking-slow-in-ai-era.html</guid><category>Journal</category><category>reflection</category><category>thinking</category><category>ai-era</category><category>kahneman</category><category>deep-work</category><category>methodology</category></item><item><title>gstack 拆机报告：AI 编程脚手架做对了什么，又栽在哪里</title><link>https://www.fanyamin.com/blog/gstack-teardown-what-it-got-right-and-wrong.html</link><description>&lt;p&gt;拆 gstack 这个 Claude Code 脚手架——它把 sprint 拆成了 30+ 个 slash command，工程上有真功夫，方法论上更值得抄；但工具栏拥堵和文档膨胀，也是 AI 时代项目的通病。这篇讲哪些值得偷师，哪些要警惕，以及自己做类似项目时怎么避坑。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 23 May 2026 10:20:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-23:/blog/gstack-teardown-what-it-got-right-and-wrong.html</guid><category>Tech</category><category>ai-coding</category><category>claude-code</category><category>gstack</category><category>methodology</category><category>teardown</category><category>slash-commands</category></item><item><title>Harness Pipeline：给 AI 编程套一条带护栏的跑道</title><link>https://www.fanyamin.com/blog/harness-pipeline-for-ai-coding.html</link><description>&lt;p&gt;传统 Build Pipeline 是为"人写代码、机器构建"设计的；AI 编程时代需要一条新流水线——SDD（OpenSpec + DDD）→ TDD → BDD → MDD，配上静态分析、AI Review、规则检查，把"AI 生成"变成"AI 可交付"。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 21 May 2026 22:05:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-21:/blog/harness-pipeline-for-ai-coding.html</guid><category>Tech</category><category>ai-coding</category><category>pipeline</category><category>sdd</category><category>tdd</category><category>bdd</category><category>mdd</category><category>ddd</category><category>openspec</category><category>methodology</category></item><item><title>从 PDF Skill 学到什么：把 AI 能力做成可执行流程</title><link>https://www.fanyamin.com/blog/pdf-skill-design-lessons.html</link><description>&lt;p&gt;一个好的 AI Skill 不只是提示词，而是一套可触发、可分流、可执行、可验证的工作流。本文以 Anthropic 的 PDF skill 为例，拆解它的设计亮点，也指出它在 PDF-to-Markdown 解析上的关键缺口。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 20 May 2026 22:47:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-20:/blog/pdf-skill-design-lessons.html</guid><category>Tech</category><category>AI</category><category>Skills</category><category>PDF</category><category>Agent Engineering</category><category>Automation</category></item><item><title>PARA 方法：给数字生活一个四格柜子</title><link>https://www.fanyamin.com/blog/para-method-four-box-system.html</link><description>&lt;p&gt;PARA Method 把任务、资料和想法分成 Project、Area、Resource、Archive 四类。它的好处不在于多几个文件夹，而在于少一点分类犹豫，让项目、责任区、资料和归档各归其位。本文基于 Todoist 对 PARA 的介绍，整理一套今天就能上手的步骤、判断表和避坑清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 20 May 2026 09:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-20:/blog/para-method-four-box-system.html</guid><category>Journal</category><category>productivity</category><category>PARA</category><category>task-management</category><category>methodology</category><category>second-brain</category></item><item><title>AI 时代的事务管理：从"催我自己"到"指挥助理"</title><link>https://www.fanyamin.com/blog/ai-task-management-evolution.html</link><description>&lt;p&gt;这两年装了一堆 AI Todo App，可清单越列越长，人却越管越乱。事务管理真正的升级，不在工具，而在把任务从"人脑里的提醒"变成"AI 能读懂的工件"，再让 AI 反过来主动驱动你。本文梳理 GTD、四象限、PARA、OKR 在 AI 时代怎么演进，给出 GTD + AI 的五步闭环和"AI 主动驱动"的进阶模式，以及个人和工作事务分别该怎么落地。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 18 May 2026 21:50:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-18:/blog/ai-task-management-evolution.html</guid><category>Journal</category><category>AI</category><category>productivity</category><category>task-management</category><category>GTD</category><category>methodology</category></item><item><title>从纯文本生成 docx/pdf：难点从来不在“转换”两个字</title><link>https://www.fanyamin.com/blog/plain-text-docx-pdf.html</link><description>&lt;p&gt;从 Markdown、AsciiDoc、reStructuredText、LaTeX、Typst 到结构化 JSON，纯文本生成 docx/pdf 看起来只是格式转换，真正麻烦的是源格式选型、样式契约、版式一致性、Web 在线编辑、安全沙箱和多人协作。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 17 May 2026 21:31:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-17:/blog/plain-text-docx-pdf.html</guid><category>Tech</category><category>Plain Text</category><category>Markdown</category><category>AsciiDoc</category><category>reStructuredText</category><category>LaTeX</category><category>Typst</category><category>docx</category><category>PDF</category><category>Pandoc</category><category>Web Editor</category><category>Document Engineering</category><category>JSON Resume</category></item><item><title>Vibe Coding 时代：起码要知道 AI 在做什么</title><link>https://www.fanyamin.com/blog/vibe-coding-global-control.html</link><description>&lt;p&gt;Vibe Coding 可以把编码速度拉满，但开发者不能把判断力也交出去。真正值得练的能力，是从逐行写代码升级为制定规则、绘制蓝图、技术把关和产品监控。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 16 May 2026 10:25:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-16:/blog/vibe-coding-global-control.html</guid><category>Tech</category><category>AI</category><category>Vibe Coding</category><category>AI Coding</category><category>Software Engineering</category><category>Harness Engineering</category></item><item><title>AI 内容洪水来了，人怎样不被淹死</title><link>https://www.fanyamin.com/blog/ai-content-quality-control.html</link><description>&lt;p&gt;AI 生成内容越来越快，真正的问题不是产能不足，而是人类判断成了瓶颈。解决办法不是让人加班改稿，而是给 AI 内容生产搭一套质量闸门，让人把精力放在方向、判断和定稿上。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 14 May 2026 21:10:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-14:/blog/ai-content-quality-control.html</guid><category>AI</category><category>AI</category><category>content-quality</category><category>human-in-the-loop</category><category>harness-engineering</category><category>writing</category></item><item><title>给全栈程序员的 Codex 实战手册：别再只会写 Prompt 了</title><link>https://www.fanyamin.com/blog/codex-best-practice-full-stack.html</link><description>&lt;p&gt;Codex 真正的生产力，不在于写一条神奇 Prompt，而在于把 AGENTS.md、rules、hooks、memories、skills 和 worktrees 组合成一套可重复、可验证、可演进的工程环境。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 14 May 2026 18:55:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-14:/blog/codex-best-practice-full-stack.html</guid><category>AI</category><category>AI</category><category>Codex</category><category>AGENTS.md</category><category>hooks</category><category>rules</category><category>memories</category><category>full-stack</category><category>productivity</category></item><item><title>让 AI 如你如愿：从 Harness Engineering 说起</title><link>https://www.fanyamin.com/blog/ai-harness-engineering.html</link><description>&lt;p&gt;Martin Fowler 的《Harness engineering for coding agent users》提醒我们，想让 coding agent 少添乱、多干活，光靠更大的模型还不够，还要把模型外面的规则、工具、反馈和验证系统搭起来。AI 工程化正在从 prompt 技巧，走向 harness engineering。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 12 May 2026 22:20:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-12:/blog/ai-harness-engineering.html</guid><category>AI</category><category>AI</category><category>LLM</category><category>coding-agent</category><category>harness-engineering</category><category>agent</category><category>software-engineering</category></item><item><title>AI 不只是 LLM 和 NLP</title><link>https://www.fanyamin.com/blog/ai-beyond-llm-and-nlp.html</link><description>&lt;p&gt;这两年"AI"几乎成了 LLM 的代名词，一聊 AI 就是 ChatGPT、Claude、提示词工程，仿佛 AI 就等于聊天机器人。作为一个在多个领域做过工程落地的老工程师，我想说：这个认知框架太窄了——AI 是一个庞大的技术生态，LLM 只是其中一个（虽然眼下最耀眼的）分支。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 11 May 2026 22:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-11:/blog/ai-beyond-llm-and-nlp.html</guid><category>AI</category><category>AI</category><category>LLM</category><category>NLP</category><category>computer-vision</category><category>reinforcement-learning</category><category>recommendation</category><category>robotics</category><category>machine-learning</category></item><item><title>OPC 只是梦一场吗——一人公司在中国的现实路径</title><link>https://www.fanyamin.com/blog/opc-one-person-company-reality-check.html</link><description>&lt;p&gt;"一人公司"（OPC）这两年成了中年程序员的精神图腾——自由、自主、不再被裁。但朋友圈里晒 OPC 的多，活过两年的少。本文不灌鸡汤，也不贩卖焦虑，只把这条路上的坑、限制和缝隙讲清楚：为什么国内 ToC 和 ToB 都难走、哪几条路可能跑通、辞职前应该先过哪张自检清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 10 May 2026 11:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-10:/blog/opc-one-person-company-reality-check.html</guid><category>Career</category><category>OPC</category><category>one-person-company</category><category>indie-hacker</category><category>freelance</category><category>career</category><category>midlife</category></item><item><title>程序员如何看待 AI 取代焦虑</title><link>https://www.fanyamin.com/blog/programmer-ai-replacement-anxiety.html</link><description>&lt;p&gt;过去几年，Meta、Google、Microsoft、Amazon 等软件和 IT 大公司的裁员消息，把很多程序员的职业安全感打碎了。作为一个写了二十多年代码的老程序员，本文不卖焦虑也不灌鸡汤，只把这团心事拆开看：你怕的到底是什么、AI 拿不走的能力是哪些、像我这样的"全栈老兵"还有没有用武之地，以及怎么用 SWOT、技能矩阵和三圈模型给自己做一次职场体检。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 10 May 2026 10:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-10:/blog/programmer-ai-replacement-anxiety.html</guid><category>AI</category><category>AI</category><category>programmer</category><category>career</category><category>skill-matrix</category><category>SWOT</category><category>personal-growth</category></item><item><title>LLM API 越来越贵，别让 token 像自来水一样哗哗流</title><link>https://www.fanyamin.com/blog/llm-api-token-cost-control.html</link><description>&lt;p&gt;LLM API 的成本控制不是少用 AI，而是把 token 当工程资源来管。先度量，再分级选模型，压缩上下文，复用缓存，限制输出，离线任务走批处理，最后拿检查清单管住那些看不见的浪费。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 08 May 2026 15:44:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-08:/blog/llm-api-token-cost-control.html</guid><category>Journal</category><category>LLM</category><category>AI</category><category>token</category><category>cost-control</category><category>prompt-engineering</category><category>productivity</category></item><item><title>如何做一个接近零停机的 HTTP 服务</title><link>https://www.fanyamin.com/blog/zero-downtime-http-service.html</link><description>&lt;p&gt;零停机服务不是一句“部署两套集群”就能实现的口号。真正可用的方案，是 active-active 流量、快速超时、跨集群重试、熔断摘除、共享幂等状态和无状态应用设计一起配合，让一次集群故障尽量止步于一次请求内部。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 08 May 2026 11:04:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-08:/blog/zero-downtime-http-service.html</guid><category>Tech</category><category>zero-downtime</category><category>high-availability</category><category>active-active</category><category>retry</category><category>idempotency</category><category>sre</category><category>architecture</category></item><item><title>RAG 知识库优化：别让 AI 一本正经地胡说八道</title><link>https://www.fanyamin.com/blog/rag-optimization-best-practices.html</link><description>&lt;p&gt;RAG 看起来不过是"先检索，再生成"，真正做起来才知道坑不少。分块、检索、重排序、Prompt、引用、评估，任何一环偷懒，最后都可能变成一个很自信的胡说八道机器。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 08 May 2026 00:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-08:/blog/rag-optimization-best-practices.html</guid><category>Journal</category><category>RAG</category><category>AI</category><category>LLM</category><category>知识库</category><category>向量检索</category><category>最佳实践</category></item><item><title>产线故障应对：Runbook、时间线、决策树、检查表怎么用才不慌</title><link>https://www.fanyamin.com/blog/incident-response-runbook-timeline-checklist.html</link><description>&lt;p&gt;产线故障发生时，真正让团队稳下来的不是某个高手突然开天眼，而是一套提前准备好的结构：Runbook 负责行动，时间线负责事实，决策树负责判断，检查表负责防漏。四件武器配合得好，故障处理就从“群里互相喊话”变成“按步骤止血、按证据决策、按事实复盘”。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 07 May 2026 17:33:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-07:/blog/incident-response-runbook-timeline-checklist.html</guid><category>Method</category><category>incident-response</category><category>runbook</category><category>timeline</category><category>decision-tree</category><category>checklist</category><category>reliability</category><category>sre</category><category>methodology</category></item><item><title>AI 编程时代，品味比经验更重要</title><link>https://www.fanyamin.com/blog/2026-05-05-ai-programming-taste.html</link><description>&lt;p&gt;AI 把写代码的门槛拉低了，把判断代码好坏的门槛拉高了。经验不会自动变成优势，反而容易变成包袱。咱们要做的，是用 DDD 守住业务语言，用 ROI 算清楚账，再用品味在多个可行方案里挑那个"长期最少后悔"的。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 05 May 2026 21:59:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-05-05:/blog/2026-05-05-ai-programming-taste.html</guid><category>Journal</category><category>AI</category><category>programming</category><category>engineering</category><category>taste</category><category>career</category><category>methodology</category></item><item><title>从 1:1 Chat 到群聊：让人和多个 AI Agent 一起开会</title><link>https://www.fanyamin.com/blog/cong-11-chat-dao-qun-liao-rang-ren-he-duo-ge-ai-agent-yi-qi-kai-hui.html</link><description>&lt;p&gt;1:1 AI Chat 像请了一个聪明顾问，群聊式 Multi-Agent 则像把产品、架构、安全、测试和人类决策者拉到同一张桌子上。本文讨论如何从单 Agent 对话演进到多人多 Agent 群聊：消息模型、路由策略、Agent 互相对话、上下文隔离、权限治理和最小可用实现。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 30 Apr 2026 22:10:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-30:/blog/cong-11-chat-dao-qun-liao-rang-ren-he-duo-ge-ai-agent-yi-qi-kai-hui.html</guid><category>Tech</category><category>AI Agent</category><category>Multi-Agent</category><category>Group Chat</category><category>Conversation Architecture</category><category>Human-in-the-loop</category><category>LLM</category></item><item><title>用开源组件搭一个 AWS IAM 风格的授权系统</title><link>https://www.fanyamin.com/blog/2026-04-29-oss-iam-authorization-system.html</link><description>&lt;p&gt;如果要用开源组件搭一个 AWS IAM 风格的授权系统，不能只靠 OpenFGA 或 OPA。更合理的组合是 Keycloak/Dex 做用户身份，SPIFFE/SPIRE 做工作负载身份，STS 服务签发短期角色会话，OpenFGA 表达 trust/resource relationship，OPA 表达 permission policy、condition 和 explicit deny，再由 API Gateway 或服务中间件作为 PEP 执行决策。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 29 Apr 2026 22:16:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-29:/blog/2026-04-29-oss-iam-authorization-system.html</guid><category>Tech</category><category>authorization</category><category>IAM</category><category>OPA</category><category>OpenFGA</category><category>Keycloak</category><category>STS</category><category>SPIFFE</category><category>SPIRE</category><category>RBAC</category><category>ABAC</category><category>ReBAC</category><category>security</category></item><item><title>Agent Box 初探：从 OpenClaw 小龙虾安全问题谈 Agent Sandbox</title><link>https://www.fanyamin.com/blog/agent-box-chu-tan-cong-openclaw-xiao-long-xia-an-quan-wen-ti-tan-agent-sandbox.html</link><description>&lt;p&gt;AI Agent 一旦从“会聊天”走向“会动手”，最大的问题就不再是模型够不够聪明，而是它在哪里动手、能碰什么、出错后谁来收拾。本文结合 OpenClaw 小龙虾近期暴露的 prompt injection、token/credential 暴露、工具权限和本地网关风险，聊聊为什么 Agent 需要一个隔离、持久、可编程的 Sandbox，以及如何用 Sandbox CRD、Template、Claim、WarmPool、KSA/RBAC 和 NetworkPolicy 搭出第一版。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 29 Apr 2026 21:38:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-29:/blog/agent-box-chu-tan-cong-openclaw-xiao-long-xia-an-quan-wen-ti-tan-agent-sandbox.html</guid><category>Tech</category><category>AI Agent</category><category>Agent Sandbox</category><category>OpenClaw</category><category>Kubernetes</category><category>Sandbox</category><category>gVisor</category><category>Kata Containers</category><category>Security</category><category>RBAC</category><category>NetworkPolicy</category></item><item><title>用 Podman 替代 Docker：从迁移到跑通 docker-compose</title><link>https://www.fanyamin.com/blog/podman-replace-docker-with-compose.html</link><description>&lt;p&gt;Docker Desktop 收费了，License 审计来了，你的 CI 环境又不想装 Docker daemon。Podman 是个不错的替代品——无守护进程、兼容 Docker CLI、还能跑 docker-compose。这篇文章从一个老程序员的迁移经历出发，讲清楚怎么切换，以及用一个 Python Web App + MySQL 的 compose 例子把路趟通。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 27 Apr 2026 22:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-27:/blog/podman-replace-docker-with-compose.html</guid><category>Tech</category><category>podman</category><category>docker</category><category>container</category><category>docker-compose</category><category>devops</category></item><item><title>给 secrets 表加 history 表：这是不是一个靠谱的审计方案？</title><link>https://www.fanyamin.com/blog/2026-04-27-mysql-secrets-action-history.html</link><description>&lt;p&gt;用 secrets_action_history 记录 secrets 表的新增、修改和删除，看起来像一个小需求，其实踩中了变更索引、审计、备份、review、性能、数据生命周期和 MySQL 分区限制这几块地雷。本文讨论这个方案是否靠谱，并给出按时间窗口拉取变更、定时清理、分区维护和巡检的落地方案。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 27 Apr 2026 10:55:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-27:/blog/2026-04-27-mysql-secrets-action-history.html</guid><category>Tech</category><category>mysql</category><category>audit-log</category><category>database</category><category>secret-management</category><category>partitioning</category><category>reliability</category></item><item><title>ChaosBlade：把混沌工程从口号变成可回滚的实验</title><link>https://www.fanyamin.com/blog/chaosblade-chaos-engineering-reliability.html</link><description>&lt;p&gt;ChaosBlade 是阿里巴巴开源的混沌工程实验工具。它的价值不在于“搞坏系统”，而在于用可控、可观测、可回滚的实验，提前暴露分布式系统里的脆弱假设。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 27 Apr 2026 09:50:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-27:/blog/chaosblade-chaos-engineering-reliability.html</guid><category>Tech</category><category>chaos-engineering</category><category>chaosblade</category><category>reliability</category><category>sre</category><category>kubernetes</category></item><item><title>SPIRE 系列之四：实战 Lab — 用零信任身份替代数据库密码分发</title><link>https://www.fanyamin.com/blog/spire-04-hands-on-lab.html</link><description>&lt;p&gt;SPIRE 系列第四篇：用一个迷你 Python 实验把 Workload Identity 落地，用 JWT-SVID 替代应用侧数据库密码分发，并串起 SPIFFE、SPIRE、Zero Trust 的完整链路。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 26 Apr 2026 20:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-26:/blog/spire-04-hands-on-lab.html</guid><category>Journal</category><category>SPIRE</category><category>SPIFFE</category><category>Zero Trust</category><category>Hands-on</category><category>Python</category><category>Database</category></item><item><title>Hermes Agent 初探：一个会长记性的个人 Agent，以及它和 OpenClaw 的比较</title><link>https://www.fanyamin.com/blog/hermes-agent-chu-tan-yi-ge-hui-chang-ji-xing-de-ge-ren-agentyi-ji-ta-he-openclaw-de-bi-jiao.html</link><description>&lt;p&gt;Hermes Agent 有趣的地方，不只是能聊天、能跑工具，而是把 memory、skills、gateway、scheduler 和 provider routing 放进一个长期运行的个人 agent。这篇文章基于 2026-04-25 查阅的官方资料，聊聊 Hermes Agent 的定位、它和 OpenClaw 的比较，以及接入 Feishu/Lark、DeepSeek 与 OpenAI-compatible API 的实践清单。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 25 Apr 2026 22:32:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-25:/blog/hermes-agent-chu-tan-yi-ge-hui-chang-ji-xing-de-ge-ren-agentyi-ji-ta-he-openclaw-de-bi-jiao.html</guid><category>Tech</category><category>AI Agent</category><category>Hermes Agent</category><category>OpenClaw</category><category>Feishu</category><category>OpenAI API</category><category>DeepSeek</category><category>OPC</category></item><item><title>SPIRE 系列之三：安全性分析与加固清单</title><link>https://www.fanyamin.com/blog/spire-03-security-analysis.html</link><description>&lt;p&gt;SPIRE 系列第三篇：从信任链、攻击面、JWT-SVID 风险、Server/Agent 加固和事件响应角度，分析如何把 SPIFFE/SPIRE 用成真正的 Zero Trust 身份层。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 25 Apr 2026 20:20:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-25:/blog/spire-03-security-analysis.html</guid><category>Journal</category><category>SPIRE</category><category>SPIFFE</category><category>Zero Trust</category><category>Security</category><category>mTLS</category><category>X.509</category></item><item><title>如何把你的论文发布到 arXiv</title><link>https://www.fanyamin.com/blog/ru-he-ba-ni-de-lun-wen-fa-bu-dao-arxiv.html</link><description>&lt;p&gt;介绍 arXiv 是什么, 适合发布什么类型的论文, 以及从准备稿件到提交、背书、授权和公告的完整流程。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sat, 25 Apr 2026 10:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-25:/blog/ru-he-ba-ni-de-lun-wen-fa-bu-dao-arxiv.html</guid><category>Tech</category><category>arxiv</category><category>research</category><category>paper</category><category>thesis</category><category>open access</category></item><item><title>SPIRE 系列之二：架构深度解析</title><link>https://www.fanyamin.com/blog/spire-02-architecture.html</link><description>&lt;p&gt;SPIRE 系列第二篇：在理解 Workload Identity 与 Zero Trust 目标之后，拆开 SPIRE Server、Agent、Registration Entry、Workload API、部署模式与插件体系。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 24 Apr 2026 20:10:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-24:/blog/spire-02-architecture.html</guid><category>Journal</category><category>SPIRE</category><category>SPIFFE</category><category>Zero Trust</category><category>Architecture</category><category>Kubernetes</category></item><item><title>安全混沌工程：把安全事故演练成消防演习</title><link>https://www.fanyamin.com/blog/security-chaos-engineering-fire-drill.html</link><description>&lt;p&gt;混沌工程不该只服务于稳定性。面对密码泄漏、账号被盗、数据外泄、勒索加密等安全事故，团队也需要像消防演习一样，在平时用可控、低风险的方式反复演练发现、响应、隔离、恢复和复盘。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Fri, 24 Apr 2026 10:15:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-24:/blog/security-chaos-engineering-fire-drill.html</guid><category>Tech</category><category>security</category><category>chaos-engineering</category><category>incident-response</category><category>resilience</category><category>tabletop-exercise</category><category>game-day</category></item><item><title>SPIRE 系列之一：从 Workload Identity 到 Zero Trust</title><link>https://www.fanyamin.com/blog/spire-01-workload-identity-zero-trust.html</link><description>&lt;p&gt;SPIRE 系列第一篇：从为什么需要 Workload Identity 开始，解释 SPIFFE/SPIRE 的核心概念、落地路径、部署模式和资源成本，为后续架构、安全与实战 Lab 打基础。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 23 Apr 2026 20:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-23:/blog/spire-01-workload-identity-zero-trust.html</guid><category>Journal</category><category>SPIRE</category><category>SPIFFE</category><category>Workload Identity</category><category>Zero Trust</category><category>Kubernetes</category></item><item><title>从 Cursor 迁到 Codex：别急着抄配置，先把脑回路迁过去</title><link>https://www.fanyamin.com/blog/cong-cursor-qian-dao-codexbie-ji-zhao-chao-pei-zhi-xian-ba-nao-hui-lu-qian-guo-qu.html</link><description>&lt;p&gt;很多人以为从 Cursor 迁到 Codex 只是把 &lt;code&gt;.cursor/&lt;/code&gt; 改成 &lt;code&gt;.codex/&lt;/code&gt;，结果第一天就撞墙。真正难迁的不是目录，而是概念：Rules、Commands、AGENTS、Skills、Hooks、Sandbox、Approval 在两边的含义并不一样。结合官方文档和我在博客仓库里的真实迁移痕迹，聊聊怎么迁、先迁什么、哪些坑最容易踩。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 23 Apr 2026 15:46:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-23:/blog/cong-cursor-qian-dao-codexbie-ji-zhao-chao-pei-zhi-xian-ba-nao-hui-lu-qian-guo-qu.html</guid><category>Tech</category><category>Cursor</category><category>Codex</category><category>AGENTS.md</category><category>hooks</category><category>AI coding</category><category>workflow</category></item><item><title>AI 时代，别只囤笔记：我是怎么把知识库做成一部活的 Wiki</title><link>https://www.fanyamin.com/blog/ai-shi-dai-bie-zhi-dun-bi-ji-wo-shi-zen-yao-ba-zhi-shi-ku-zuo-cheng-yi-bu-huo-de-wiki.html</link><description>&lt;p&gt;AI 很强，但它并不了解你的项目、你的经历和你的判断。真正有用的知识库，不是把笔记堆起来，而是把原始材料、结构化页面、治理规则、来源与校验串成一条流水线。结合我最近折腾的一套私人原型，聊聊我是怎么搭自己的知识库，以及怎样让它不只是一个"仓库"。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 22 Apr 2026 22:56:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-22:/blog/ai-shi-dai-bie-zhi-dun-bi-ji-wo-shi-zen-yao-ba-zhi-shi-ku-zuo-cheng-yi-bu-huo-de-wiki.html</guid><category>Tech</category><category>AI</category><category>knowledge-base</category><category>wiki</category><category>PKM</category><category>RAG</category></item><item><title>一次 HTTPS 证书报错排查：为什么会出现 `unable to get local issuer certificate`</title><link>https://www.fanyamin.com/blog/2026-04-22-python-ssl-unable-to-get-local-issuer-certificate.html</link><description>&lt;p&gt;这篇文章用一个脱敏后的 Python HTTPS 报错为例，讲清楚 &lt;code&gt;unable to get local issuer certificate&lt;/code&gt; 到底是什么意思，为什么很多时候不是客户端代码写坏了，而是证书链没接上；正文讲排查主线，完整脚本与可运行示例放到独立仓库里。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 22 Apr 2026 14:28:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-22:/blog/2026-04-22-python-ssl-unable-to-get-local-issuer-certificate.html</guid><category>Journal</category><category>Python</category><category>SSL</category><category>TLS</category><category>HTTPS</category><category>Requests</category><category>Certificate</category><category>Debugging</category></item><item><title>从 AWS KMS 到用户私钥托管：把加密这条链路一次讲清楚</title><link>https://www.fanyamin.com/blog/2026-04-22-aws-kms-private-key-hosting.html</link><description>&lt;p&gt;这篇文章把 AWS KMS、data key、encrypted data key、EncryptionContext 以及“为特定用户托管私钥”的工程设计串成一条完整链路，尽量用人话讲清楚它们各自该放在哪里、由谁负责、什么时候该用、什么时候别乱用。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 22 Apr 2026 14:18:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-22:/blog/2026-04-22-aws-kms-private-key-hosting.html</guid><category>Journal</category><category>AWS</category><category>KMS</category><category>Encryption</category><category>Security</category><category>Secrets Manager</category><category>Private Key</category></item><item><title>把文章一键变成播客：我的 side project `lazy-podcast-mate`</title><link>https://www.fanyamin.com/blog/2026-04-21-lazy-podcast-mate.html</link><description>&lt;p&gt;写完一篇文章，常常只活在博客里一次。我做了一个叫 &lt;code&gt;lazy-podcast-mate&lt;/code&gt; 的小工具，想把本地 Markdown/TXT/HTML 文章，一条命令变成可发布的播客 MP3。本文聊聊它解决什么问题、内部怎么设计，以及一个 side project 真正该补齐哪些工程细节。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 21 Apr 2026 22:35:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-21:/blog/2026-04-21-lazy-podcast-mate.html</guid><category>Journal</category><category>Podcast</category><category>TTS</category><category>Python</category><category>Side Project</category><category>ffmpeg</category><category>CLI</category><category>Markdown</category></item><item><title>驾驭 AI 工程的一些最佳实践：从 Meta-Harness 论文到可落地的工程手册</title><link>https://www.fanyamin.com/blog/2026-04-21-taming-ai-engineering-best-practices.html</link><description>&lt;p&gt;AI 系统的表现，很多时候取决于 harness，而不只是模型权重。本文结合 Meta-Harness 论文，讨论为什么应该把 AGENTS.md、外化记忆、skills、协议、质量门禁和 PDCA 视为可优化的 harness，并给出一套真正可落地的技术栈与路线图。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 21 Apr 2026 21:54:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-21:/blog/2026-04-21-taming-ai-engineering-best-practices.html</guid><category>Journal</category><category>AI Engineering</category><category>Context Engineering</category><category>Meta-Harness</category><category>Harness Engineering</category><category>AGENTS</category><category>CLAUDE</category><category>PDCA</category><category>TerminalBench</category></item><item><title>CGM 论文讲了什么，咱们又该怎么落地</title><link>https://www.fanyamin.com/blog/2026-04-21-code-graph-model-cgm-paper-and-roadmap.html</link><description>&lt;p&gt;解读 arXiv:2505.16901(Code Graph Model): 这篇论文不是简单地做代码检索，而是把仓库建成一张"文本富图"，再把语义和结构一起送进模型。文末给出按投入递增的技术栈与落地路线图。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 21 Apr 2026 10:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-21:/blog/2026-04-21-code-graph-model-cgm-paper-and-roadmap.html</guid><category>Journal</category><category>CGM</category><category>Code Graph</category><category>LLM</category><category>RAG</category><category>SWE-bench</category><category>Repository</category><category>Ant Group</category><category>CodeFuse</category><category>论文笔记</category></item><item><title>什么是 Louvain 算法——graphology-communities-louvain 背后的那点事</title><link>https://www.fanyamin.com/blog/2026-04-20-louvain-algorithm.html</link><description>&lt;p&gt;一张关系图摆在你面前，几万个节点、几十万条边，你被问："这里面有几个圈子？谁和谁是一伙的？" 你总不能靠肉眼画圈吧。这时候 Louvain 算法就派上用场了——它不是万能药，但在"社区发现"这个活儿上，它是工业界用得最多的那把瑞士军刀。本文从直觉讲到模块度公式，再到 graphology-communities-louvain 的实战用法，以及它什么时候该用、什么时候别用。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 20 Apr 2026 22:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-20:/blog/2026-04-20-louvain-algorithm.html</guid><category>Journal</category><category>Graph</category><category>Algorithm</category><category>Community Detection</category><category>Louvain</category><category>Modularity</category><category>graphology</category></item><item><title>给 Cursor、Codex、Claude Code 用的 AI Skill，到底该怎么测</title><link>https://www.fanyamin.com/blog/2026-04-20-test-ai-skill-for-coding-agents.html</link><description>&lt;p&gt;上一篇讲过用 promptfoo 测 LLM API 类的 AI skill。可咱们日常写的更多是另一种——给 Cursor、Codex、Claude Code 用的本地 skill，它没有 endpoint，没有固定 prompt，调用方是另一个 agent。这种 skill 该怎么测？本文给一套从结构 lint 到行为回归的完整方案。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Mon, 20 Apr 2026 21:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-20:/blog/2026-04-20-test-ai-skill-for-coding-agents.html</guid><category>Journal</category><category>AI</category><category>Agent Skills</category><category>Cursor</category><category>Claude Code</category><category>Codex</category><category>Testing</category><category>Evaluation</category><category>CI</category></item><item><title>RRF 倒数排名融合：RAG 里那个看起来土、却一直没被换掉的小公式</title><link>https://www.fanyamin.com/blog/rrf-dao-shu-pai-ming-rong-he-rag-li-na-ge-kan-qi-lai-tu-que-yi-zhi-mei-bei-huan-diao-de-xiao-gong-shi.html</link><description>&lt;p&gt;RRF（Reciprocal Rank Fusion）是 RAG 检索里一个长得土、却几乎没人舍得换掉的小公式。不需要训练，不挑分数尺度，一行代码就能把 BM25 和向量检索揉到一起。本文把公式拆开，给一个手算例子，再聊聊它什么时候好用、什么时候该让位给 reranker。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 19 Apr 2026 22:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-19:/blog/rrf-dao-shu-pai-ming-rong-he-rag-li-na-ge-kan-qi-lai-tu-que-yi-zhi-mei-bei-huan-diao-de-xiao-gong-shi.html</guid><category>Journal</category><category>RAG</category><category>RRF</category><category>Reciprocal Rank Fusion</category><category>BM25</category><category>Vector Search</category><category>Hybrid Search</category><category>Reranker</category><category>Retrieval</category></item><item><title>给代码仓库造一个 DeepWiki：Tree-sitter + Embedding + 图谱 + LLM 的方法论</title><link>https://www.fanyamin.com/blog/gei-dai-ma-cang-ku-zao-yi-ge-deepwikitree-sitter-embedding-tu-pu-llm-de-fang-fa-lun.html</link><description>&lt;p&gt;把一个陌生代码库变成可问可答的 DeepWiki 知识库，靠的不是"把 README 喂给 GPT"，而是 Tree-sitter 解析 + Embedding 向量 + 图数据库 + LLM 生成 四件套。本文不谈具体实现代码，只讲方法论、流程与取舍，并进一步讨论：代码作为 source of truth 之后，文档如何分层，以及如何让知识库反过来 harness AI 编码。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Thu, 16 Apr 2026 23:40:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-16:/blog/gei-dai-ma-cang-ku-zao-yi-ge-deepwikitree-sitter-embedding-tu-pu-llm-de-fang-fa-lun.html</guid><category>Journal</category><category>RAG</category><category>Code Knowledge Base</category><category>Tree-sitter</category><category>Embedding</category><category>Memgraph</category><category>pgvector</category><category>sqlite-vec</category><category>LLM</category><category>DeepWiki</category><category>AI Coding</category></item><item><title>用 Promptfoo 给 AI skill 做体检：评估、测试、质量与安全把关</title><link>https://www.fanyamin.com/blog/yong-promptfoo-gei-ai-skill-zuo-ti-jian-ping-gu-ce-shi-zhi-liang-yu-an-quan-ba-guan.html</link><description>&lt;p&gt;很多团队做 AI skill，还停留在“这次跑通了，看起来不错”的阶段。可真正上线之后，问题往往不在第一次回答，而在波动、成本、工具调用路径和安全边界。本文借 Promptfoo 这把尺子，聊聊怎么系统地评估、测试并给 AI skill 做质量与安全把关。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 15 Apr 2026 21:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-15:/blog/yong-promptfoo-gei-ai-skill-zuo-ti-jian-ping-gu-ce-shi-zhi-liang-yu-an-quan-ba-guan.html</guid><category>Journal</category><category>Promptfoo</category><category>AI</category><category>LLM</category><category>Agent</category><category>Skill</category><category>Evaluation</category><category>Red Team</category><category>Security</category><category>CI/CD</category></item><item><title>在 Kubernetes 里用 cert-manager + Venafi 自动签发和轮换证书</title><link>https://www.fanyamin.com/blog/zai-kubernetes-li-yong-cert-manager-venafi-zi-dong-qian-fa-he-lun-huan-zheng-shu.html</link><description>&lt;p&gt;很多团队把 TLS 证书当成一次性配置，直到某个周五晚上证书快过期了，才想起这件事不能靠日历提醒。本文以 Kubernetes 服务为例，讲清楚怎么把 cert-manager 当执行层，把 Venafi 当策略和 CA 门卫，做到声明式签发、自动续期、私钥轮转，以及应用侧平滑 reload。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 15 Apr 2026 20:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-15:/blog/zai-kubernetes-li-yong-cert-manager-venafi-zi-dong-qian-fa-he-lun-huan-zheng-shu.html</guid><category>Journal</category><category>Kubernetes</category><category>cert-manager</category><category>Venafi</category><category>TLS</category><category>certificate</category><category>security</category><category>DevOps</category></item><item><title>Obsidian 加 LLM，个人知识库的正确打开方式</title><link>https://www.fanyamin.com/blog/obsidian-jia-llmge-ren-zhi-shi-ku-de-zheng-que-da-kai-fang-shi.html</link><description>&lt;p&gt;笔记散落各处，AI 却帮不了你？聊聊怎么用 Obsidian 的本地 Markdown 文件，配合 LLM 插件、MCP 和编译式知识库，把"一堆文件"变成"能回答问题的第二大脑"。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 08 Apr 2026 10:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-08:/blog/obsidian-jia-llmge-ren-zhi-shi-ku-de-zheng-que-da-kai-fang-shi.html</guid><category>Journal</category><category>Obsidian</category><category>LLM</category><category>知识管理</category><category>AI</category><category>MCP</category><category>RAG</category></item><item><title>Gevent 是什么，和 asyncio 一起用有什么坑</title><link>https://www.fanyamin.com/blog/gevent-shi-shi-yao-he-asyncio-yi-qi-yong-you-shi-yao-keng.html</link><description>&lt;p&gt;从 Flask 老项目里的聚合接口说起，聊聊 gevent 和 asyncio 到底差在哪里，各自适合什么场景，又各有哪些坑。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Tue, 07 Apr 2026 10:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-07:/blog/gevent-shi-shi-yao-he-asyncio-yi-qi-yong-you-shi-yao-keng.html</guid><category>Journal</category><category>Python</category><category>Flask</category><category>Gevent</category><category>asyncio</category><category>并发</category></item><item><title>AI Agent 会越来越像人吗？从 Tool、Skill、Memory 到 Soul 和 Rules</title><link>https://www.fanyamin.com/blog/2026-04-05-ai-agent-future-human-like.html</link><description>&lt;p&gt;AI Agent 的演化，表面上看越来越拟人，技术上看其实是在一层层补齐“器官”：从思考与推理、多模态感知，到工具、技能、记忆、人格、规则、身体接口，再到多 Agent 协作与治理。它未必先替代人，但一定会先重写很多知识工作的分工边界。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 05 Apr 2026 12:40:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-05:/blog/2026-04-05-ai-agent-future-human-like.html</guid><category>AI</category><category>AI</category><category>agent</category><category>memory</category><category>skills</category><category>rules</category><category>MCP</category><category>multi-agent</category><category>governance</category><category>multimodal</category></item><item><title>蒸馏：AI 世界里的"吸星大法"</title><link>https://www.fanyamin.com/blog/2026-04-05-distillation-in-ai.html</link><description>&lt;p&gt;大模型能蒸馏，Agent 的 Skill 也能蒸馏。蒸馏到底是什么？为什么 DeepSeek 能把 671B 的推理能力塞进 1.5B 的小模型？为什么你的 Agent 技能越写越臃肿时，也需要来一轮"蒸馏"？这篇把模型蒸馏和技能蒸馏串起来讲，一次搞懂。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Sun, 05 Apr 2026 10:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-05:/blog/2026-04-05-distillation-in-ai.html</guid><category>AI</category><category>AI</category><category>distillation</category><category>LLM</category><category>agent</category><category>skill</category><category>knowledge-distillation</category><category>DeepSeek</category><category>OpenAI</category></item><item><title>AI Agent 为什么会越用越懂你？从 OpenClaw 的“养龙虾”聊起</title><link>https://www.fanyamin.com/blog/2026-04-01-openclaw-agent-self-evolution.html</link><description>&lt;p&gt;很多人觉得 OpenClaw 这类 AI Agent 用久了会“自我进化”。真相没那么玄：多数时候，不是模型偷偷变聪明了，而是记忆、偏好画像、工具调用、反馈回路和工作流沉淀一起把它越养越顺手。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 01 Apr 2026 16:30:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-01:/blog/2026-04-01-openclaw-agent-self-evolution.html</guid><category>AI</category><category>AI</category><category>agent</category><category>OpenClaw</category><category>memory</category><category>personalization</category><category>context-engineering</category></item><item><title>Axios 被投毒：一场教科书级的供应链攻击复盘</title><link>https://www.fanyamin.com/blog/2026-04-01-axios-supply-chain-attack.html</link><description>&lt;p&gt;2026 年 3 月 31 日，周下载量过亿的 npm 包 axios 被投毒，两小时内所有 npm install 的机器可能已沦陷。这次事件再次说明：你写的代码也许没有 bug，但你装的依赖里可能藏着一扇后门。&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Walter Fan</dc:creator><pubDate>Wed, 01 Apr 2026 10:00:00 +0800</pubDate><guid>tag:www.fanyamin.com,2026-04-01:/blog/2026-04-01-axios-supply-chain-attack.html</guid><category>Tech</category><category>security</category><category>supply-chain</category><category>npm</category><category>axios</category><category>RAT</category><category>dependency-management</category></item></channel></rss>