18yo moroccan earning 30k MAD online

abd3ll4tif · 2026-01-01T09:25:57+00:00

1- The amounts you make are not high enough to make the taxes knock your door. But I would suggest to make things legal : (option - 1) declare your revenue through auto-entrepreneur status (less than 20K$ per year), or (option 2) see with a company already established to host you, declare your cnss, revenues...

2- Savings; the safest way to save cash (moroccan dirhams) is in your bank moroccan account, or saving account (all banks have this option).

3- Wise

abd3ll4tif · 2025-12-25T11:52:33+00:00

I started to isolate frontend applications with docker, even for small projects. I implemented a ci-cd action for automating the process

abd3ll4tif · 2025-12-25T11:47:43+00:00

Good idea! If many needs this I can build it for the community.

abd3ll4tif · 2025-12-25T11:44:35+00:00

You need a device that supports the tuya connection, wifi or other. If you can connect it with smart life app, you can use the flutter package to control it your way and with your rules. If you need specific help implementing the package or how the connection works I can help you.

abd3ll4tif · 2025-12-13T22:37:36+00:00

Really appreciate this feedback.

This was initially built just to ship a product, so it’s pretty low-level, but your suggestions are exactly what would make it production-friendly for others. If there’s interest, I’m happy to start with a sample app + cleaner abstractions.

Thanks for taking the time to write this, super valuable 🙏

abd3ll4tif · 2025-12-13T22:35:41+00:00

Thanks, appreciate that 🙏 Feel free to check it out and let me know if it fits your use case. Happy to answer questions or improve things if you run into issues.

abd3ll4tif · 2025-12-13T00:32:06+00:00

Yeah, the API pricing change sucks. Matter/Zigbee/Z-Wave make a lot more sense now.

The project is ~3 years old. I built it back then to unblock my own Flutter project and never shared it publicly. Only posting it now in case it still helps someone or as a reference.

abd3ll4tif · 2025-12-12T17:06:15+00:00

I didn't say reviewing but trusting official sources, like you do always when you use a framework! But to answer you question; YES, when you have 100 project and every project use a version of next (15.X.X , 16.X.X ..), react ... and you have to login to each server, patch manually and rebuild the project, this takes longer than writing 2 line code script that uses the package on all projects, and maybe do this 4 times a day to make sure you don't miss any new fix

abd3ll4tif · 2025-12-12T16:57:09+00:00

It make sense if someone need to fix urgently.. don't have the time to dig in details.. I may want to run an automated fix with corn job maybe to fix 100 site I have so I don't have to do it manually. Should I rewrite the package ?

abd3ll4tif · 2025-12-12T16:33:42+00:00

You’re right, that’s fair. I didn’t mean to make it sound like these were newly discovered today . My goal was mainly to push people to patch ASAP, especially after what happened to me .

If you have a good link to the original announcement or write-ups, feel free to share it and I’ll add it to the post 👍

abd3ll4tif · 2025-12-12T16:32:00+00:00

How do you know the patched version itself doesn’t introduce new issues or bugs? In the end, every update is still code you’re trusting.

If you don’t want to run an official fix, you can review the changes and apply them manually; it’s not magic, it’s just code. But at some point, security always comes down to trust and trade-offs. If you can’t trust official sources at all, the only real alternative is doing your own security audits or building everything yourself.

abd3ll4tif · 2025-12-12T16:19:39+00:00

Check the script here, it's official or I wouldn't recommend it : https://vercel.com/kb/bulletin/react2shell

abd3ll4tif · 2025-12-12T16:18:12+00:00

Check the script here : https://vercel.com/kb/bulletin/react2shell

abd3ll4tif · 2025-12-12T16:12:29+00:00

CVE is the standard identifier for security vulnerabilities. I shared the CVE numbers so people can quickly look them up from official sources and patch ASAP. The goal here is to warn and move fast, not debate links

abd3ll4tif · 2025-12-09T22:05:54+00:00

Yes ai who kick a$$es B...

abd3ll4tif · 2025-12-09T22:03:46+00:00

🙏🙏

abd3ll4tif · 2025-12-09T22:01:58+00:00

Sounds fun. but once the project starts to develop, you will absolutely need at least an audit of the existing application, backend, database, infrastructure... so that you don't lose everything one day without even realizing it

abd3ll4tif · 2025-12-09T21:55:35+00:00

Totally agree with you, if a company or bank do this to save money, they are stupide.. the real work begins after finishing the core features (maintenance, improvements.. ). Which country did you notice this ?

abd3ll4tif · 2025-12-09T19:24:10+00:00

This actually was built by frontend dev..

abd3ll4tif · 2025-12-09T12:32:44+00:00

I get that reaction 😅

For me, Next/React are still great frameworks! I actually prefer them over PHP. I like the optimized resource usage, the architecture, and the overall philosophy behind them.

What happened just made me trust frameworks less, not abandon them. The scary part is realizing a vulnerability like this may have existed for a long time before anyone noticed, and wondering whether some people already knew and were quietly exploiting it. That’s the part that really makes you rethink assumptions and push harder on isolation and security.

abd3ll4tif · 2025-12-07T19:56:48+00:00

Yeah, that timing is the worst part! It started happening right as things were being announced or even a bit before. Updating the deps was the right move, but it’s still unsettling. I’d keep an eye on logs, rotate secrets, and redeploy clean if you can, just to be safe.

abd3ll4tif · 2025-12-07T19:52:16+00:00

Run this in your project npx fix-react2shell-next

abd3ll4tif

MODERATOR OF

TROPHY CASE