Notes on software engineering, product thinking, and life.

Latest Posts

May 4, 2026Architecture
In the AI Era, Frontend-Backend Separation Should No Longer Be the Default
A reflection on why AI changes the cost-benefit balance of frontend-backend separation, and why product-layer full stack should become the default for many projects.
AI Full Stack Frontend-Backend Separation Architecture
Nov 8, 2025Docker
Rethinking Docker: Development Environments, Linux Overhead, and Redis in Practice
A practical reassessment of Docker across local development, Docker Desktop overhead, Linux server performance, and a small Redis deployment with Compose.
Docker Redis Linux Containers Operations Development Environment
Feb 1, 2025Writing
Platforms, Algorithms, and Creators: Why Independent Blogs Still Matter
A reflection on platform power, algorithmic distribution, creator assets, and why independent blogs still matter when most attention comes from social platforms.
Creators Algorithms Platforms Independent Blogs Content Creation
Dec 4, 2023Development
Build a Personal Image Hosting Service with Cloudflare R2
A practical setup for turning Cloudflare R2, Workers, D1, Pages, and TinyPNG into a personal image hosting workflow for a static blog.
Image Hosting Cloudflare R2 D1 Worker TinyPNG
Aug 20, 2023Backend
A SQL Injection Incident Review: NestJS Validation, Logs, and Server-Side Security
A practical review of a SQL injection issue found during a Mini Program security test, covering NestJS validation, ORM query safety, PM2 logs, database constraints, and defense in depth.
SQL Injection NestJS MySQL Server-Side Security PM2 Logs
Jan 11, 2022Development
Frontend Dependencies, Lockfiles, and Reproducible Builds
A practical look at dependency ranges, transitive dependencies, lockfiles, npm ci, pnpm frozen installs, and how frontend projects can make builds more reproducible.
Frontend JavaScript npm pnpm Lockfile Reproducible Builds
Aug 31, 2020Frontend
Internationalization for Large Mini Programs: Engineering Lessons from Didi
A review of Didi Mini Program internationalization, covering copy governance, Mini Program runtime constraints, WXS-based translation, cross-platform adaptation, and team workflow.
Mini Program i18n Internationalization Mpx Engineering
Jun 7, 2020Frontend
Package Size Governance for Large Mini Programs: Lessons from Didi
A review of Didi Mini Program package size optimization, covering size budgets, dependency analysis, subpackages, npm dependency placement, and architecture tradeoffs.
Mini Program Performance Package Size Mpx Engineering
Sep 2, 2017Frontend
Why Cookies Fail in CORS: From withCredentials to SameSite
CORS cookies depend on more than withCredentials. The server CORS headers, Cookie Domain, SameSite, Secure, and third-party cookie policy all matter.
CORS Cookie SameSite Frontend Browser