Posted on Mon 02 March 2026 in Tech • Tagged with tech, blog, security • 3 min read
CSRF 不靠"攻破你的网站",它靠的是"借你的登录态办坏事"。这篇文章把 CSRF 的本质讲清楚,顺便给出 Java/Go/Python 里能直接抄的防护做法:token、SameSite、Referer/Origin 校验,以及什么时候该用哪个。
Posted on Mon 02 March 2026 in Tech • Tagged with tech, blog, security • 2 min read
IDOR 不玄学,就一句话:你用 "id=123" 这种直达链接访问资源时,服务端有没有确认 "你就是 123 的主人"。这篇文章用可抄的例子讲清楚:它怎么发生,怎么被利用,怎么在 Java/Go/Python 里修到位。
Posted on Mon 02 March 2026 in Tech • Tagged with tech, blog, security, privacy • 2 min read
敏感数据暴露从来不是黑客多聪明,而是我们自己太大意:日志、报错、对象存储、备份、调试接口——每个环节都可能把数据"顺手递出去"。这篇文章给你一份可直接照抄的"数据防裸奔"清单。
Posted on Sat 28 February 2026 in Tech • Tagged with tech, blog, ai, 软件工程 • 4 min read
AI 让"写代码"更便宜, 但让"证明没坑"更贵。软件工程的重心正在从"把需求写成代码", 转向"能力编排与治理": 把 prompt 当契约, 把评估当门禁, 把可观测性当边界, 把回滚当退路。
Posted on Fri 23 January 2026 in Journal • Tagged with journal, blog • 5 min read
| Abstract | Journal on 2026-01-23 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Tue 13 January 2026 in Tech • Tagged with journal, blog, architecture, design, first-principles • 3 min read
Posted on Sun 11 January 2026 in Journal • Tagged with journal, blog • 2 min read
| Abstract | Journal on 2026-01-11 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Mon 05 January 2026 in Journal • Tagged with journal, blog • 2 min read
| Abstract | Journal on 2026-01-05 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Thu 01 January 2026 in Journal • Tagged with journal, blog • 2 min read
| Abstract | Journal on 2026-01-01 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Wed 31 December 2025 in Journal • Tagged with journal, blog • 1 min read
| Abstract | Journal on 2025-12-31 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Sun 28 December 2025 in Journal • Tagged with journal, blog • 3 min read
| Abstract | AI Agent 设计与落地 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status...
Posted on Sun 21 December 2025 in Journal • Tagged with journal, blog • 1 min read
| Abstract | Journal on 2025-12-21 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Sat 20 December 2025 in Journal • Tagged with journal, blog • 2 min read
| Abstract | Journal on 2025-12-20 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Sun 30 November 2025 in AI • Tagged with journal, blog, Cursor, ai-coding, vibe-coding, prompt-engineering • 1 min read
别让 Cursor 猜谜。分享 Prompt Engineering、SDD、TDD 和增量开发技巧,让 AI 真正成为你的结对编程伙伴,而不是制造 Bug 的机器。
Posted on Sat 22 November 2025 in Method • Tagged with journal, blog, product-management, agile, MVP • 1 min read
Posted on Sat 15 November 2025 in Journal • Tagged with journal, blog • 2 min read
| Abstract | 银弹来了吗? | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status | v1.0...
Posted on Sun 09 November 2025 in Tech • Tagged with journal, blog, spec-driven-development, sdd, BDD, TDD, FDD, DDD, literate-programming, openapi, api-design • 11 min read
Posted on Fri 07 November 2025 in AI • Tagged with journal, blog, vibe-coding, AI, prompt-engineering, LLM, context-engineering • 4 min read
Posted on Sat 01 November 2025 in Journal • Tagged with journal, blog • 2 min read
| Abstract | 生产服务器安全挂载指南之 mount 选项 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Tue 28 October 2025 in Journal • Tagged with journal, blog • 2 min read
| Abstract | Journal on 2025-10-28 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...