Afrikaanse “fillers” starter pack.

Vir daardie tye wat mens ‘n gaping in ‘n gesprek wil vul, as dit stil raak in die vertrek.

  • Lekker man, lekker.
  • Nou ja toe.
  • As dit nie op is nie, is dit af.
  • Ja nee…
  • So gaan dit nê.
  • Sit dit in, want daar’s heuning in.
  • Piele
  • Wat kan mens doen nê. Niks.
  • Daar vat hy.
  • *Vryf hande saam* en snuif hard.
reddit.com
u/snormosselmelktert — 3 days ago
▲ 10 r/AskZA

Is it possible to synchronize the licence disc renewal dates of multiple vehicles?

So this is driving me nuts. I am blessed enough to own 2 motor vehicles, and then, since I am a collector, I also own 5 motorcycles, and working on a 6th. This means that what feels like every other month I have to deal with licence disc renewals. The thought occurred to me just now; Would it be possible that I just take all the vehicles’ papers into the municipality and ask that they all get renewed at the same time, even if many of them still have months left before they expire? If I can get them to expire all at the same time, then things would be so much simpler once a year. Has anyone done this type of thing before?

reddit.com
u/snormosselmelktert — 3 days ago

I’m a legal firearm owner who conceal carries a Glock 19 daily, and occasionally conceal carry a SIG Sauer Rattler (tactical counter-assault sub-carbine) in certain situations. Happy to answer any questions you may have if you are thinking of becoming a legal firearm owner for defense purposes.

reddit.com
u/snormosselmelktert — 13 days ago

How much surplus do you keep in your transactional bank account?

I’m curious about how much surplus money people keep in their main transactional accounts, above and beyond that which is needed for taking care of monthly expenses.

When answering please don’t include money sitting in savings accounts or investments. I’m not asking about those.

I keep around R100k surplus and I want to gauge if this is too low, too high, or a normal amount compared to others. My monthly expenses are around R60k, if that is relevant. I keep about R160k in my transactional account, and move the rest out into savings.

reddit.com
u/snormosselmelktert — 16 days ago

What are your favourite December holiday memories from your childhood? Places you used to visit, smells or sounds you remember? Shenanigans you will never forget?

Share with us.

reddit.com
u/snormosselmelktert — 1 month ago
▲ 121 r/AskZA

Should the moderators in South African subreddits take a stronger stance against the promotion of vibe-coded apps? I’ll share a technical breakdown of why I believe we should.

This is a post to create awareness and warn South Africans about the real dangers of interacting with vibe-coded apps, like those often promoted here and in other South African subreddits by their “tech founders”.

These so-called “apps” are without exception full of bugs, do not handle data securely, can easily be abused or broken into, and are not built on any kind of proper architecture. At best, you will be duped out of any money you pay for these AI slop “services” that do not work reliably in any way, and at worst your personal data will be leaked, as these kinds of apps are the wet dreams of people interested in identity theft all around the world, who are on the lookout for apps like these.

I will take a real example to prove this to you. Just yesterday an individual was promoting a “bookkeeping & SARS tax compliance“ app here called “OneTouch TaxApp”. This “app” is publicly hosted on the internet, so I am not revealing anything private here. As the lead software architect and engineer at one of the largest tech companies in the Fortune 100, who have the tools and experience needed to audit these kinds of applications, I knew straight away that this “app” is dangerous AI slop. I commented in that thread that people should steer well clear of it. Yet, I still got responses from some people saying that I am just “bitter” that youngsters with a Claude subscription can now build such excellent apps, and questioning how I know the app is vibe-coded in the first place?

Well, I’ll show you how. I pulled the app’s source code, mounted it in my IDE and did a technical audit. The bugs, POPIA non-compliance, and general security risks I found are staggering. As I knew it would be. I have already completed a Form 5 and reported this individual and his registered Pty Ltd to the Information Regulator of South Africa this morning.

I know this is a long post, my apologies, but for anyone interested in the technical side of this kind of thing, you can read through my findings below. These are only some highlights and are not even 50% of what I found.

The reason I am so passionate about this is because I am sick of the public being duped and their data put at risk by amateurs flogging dangerously flawed apps as professional products, specifically in sensitive domains like finance and tax compliance. This, in my opinion, is a kind of scam and should be called out at every opportunity.

Here are some of the things I found:

  • The app does not properly delete user accounts or user data. The account deletion flow only removes a small subset of the created data tables before signing the user out for the last time, and it also leaves the Supabase auth identity intact. That means that personally identifiable information remains stored even after the user believes their account was deleted. For an “app” handling financial data, this is a serious POPIA violation and general security risk.
  • POPIA consent in this app is meaningless. I was able to start the login flow, request OTP codes, sign in and use the app without ever accepting the POPIA notice. The consent banner stays visible, but it does not actually block personal data processing without consent. Total amateur hour again, and a violation of POPIA law.
  • The OTP login flow is very abusable. There is no CAPTCHA or meaningful cooldown between OTP requests, and no obvious rate limiting. I was able to repeatedly request new login codes for the same email address almost immediately after going back in the flow. So hackers can DOS the hell out of this flow, and also brute force guesses at the code. Pathetically inept.
  • The app sends user information to third-party services before consent is given by the user. For example, this guy uses Sentry for error tracking, and Sentry is initialised before POPIA acceptance and already send through the user ID, email, and plan information. That directly conflicts with the “legal” page, which claims only anonymised error data is sent and that names and emails are excluded.
  • The pretend “AI assistant” in the app called “Juan” is just Claude. Yeah when you “chat” with it, you are just chatting to Claude through this guy’s API key. To make it worse, the code shows that the context being sent to Claude includes information like business name, owner name, email address, VAT number, payroll and PAYE status, overdue invoices, bank transactions, financial summaries, and uploaded slip photos etc. So your personal data is ending up on Anthropic’s servers without your consent.
  • The “app“ is missing many basic browser security protections. This will sound a bit technical but, for example, it has no Content Security Policy, no X-Frame-Options or frame-ancestors protection, no X-Content-Type-Options, no Referrer-Policy and no Permissions-Policy headers. Again, the stuff of dreams for hackers.
  • The file storage and document-sharing implementation is flawed. The code uses Supabase getPublicUrl() against a bucket named “documents”. If any financial documents are mistakenly uploaded into that bucket, there is no validation and it could expose invoices, statements, or uploaded records publicly.
  • The accountant-sharing flow is one of several flows in the app with serious access-control issues. For example, the app blocks users from downloading monthly accountant packs before the month is formally closed, but the “Send via Email” flow bypasses that safeguard entirely by using a different code path. You can’t make it up. Even worse, when a user changes accountants, the app reuses the same existing share token instead of generating a new one. That means a previous accountant may still have access to the same financial-share link until it expires.
  • Deleting financial history is misleading and flawed. The “Clear financial history” action does not actually clear all financial history. It only removes some snapshots and reconciliation data, but leaves statement history, document history and annual summaries behind. Another example is that deleting a bank statement from statement history does not remove the actual bank transaction data or reconciliation records tied to it.
  • The year-end close process code is a mess. It writes annual summaries and then separately deletes invoices, snapshots, reconciliation sessions, and payroll runs in multiple steps. If one of those operations fails halfway through, partial deletion is possible while the UI still tells the user that “No data was deleted.”
  • The bank statement import and reconciliation logic is very fragile, as one would expect from someone who has no clue what they are doing. The Excel import code only grabs the first column that looks like “amount”, “credit”, or “debit”… So in the future if any uploaded bank statement deviates from this logic, it will not be caught and this can misclassify transactions or import incorrect values. The CSV parser is also homemade and utterly simplistic, which makes it far more likely to break on messy bank exports, quoted fields, or escaped values.
  • Duplicate detection is far too aggressive and can silently drop legit transactions, which is just what you want for accurate bookkeeping! For example, the app treats the combination of date, amount, type, and description as globally unique across uploads... So two real payments with the same values on the same day can therefore be incorrectly skipped as duplicates. This is excellent stuff.
  • The reconciliation flow allows users to contaminate accounting periods. If you import statements for the wrong month, the app does warn you, but it still saves those rows into the current reconciliation session instead of properly switching periods or isolating the data, which is so bad.
  • Basic business logic validation is missing in many places. A highlight was that I was able to create and save invoices where the due date was earlier than the invoice date. 😂
  • The entire “app” was built through uncontrolled vibe coding with no architectural discipline at all. The business.html file alone is over 16,000 lines long, with authentication, payroll, invoicing, AI, billing, reconciliation, legal flows, and consent logic all mixed up together in one giant page. Horrible stuff.

There is a growing pandemic of inexperienced people deploying systems into production that process sensitive financial and user data without them having any understanding whatsoever of proper security engineering, our privacy laws, proper authentication hardening, and general system safety integrity. The flog these apps to people who are put at risk when they use them. I will continue to do this and report each and every one of these apps promoted on this platform to the Information Regulator.

reddit.com
u/snormosselmelktert — 2 months ago

A technical breakdown of why using vibe-coded apps are dangerous, and why we should stop allowing individuals to promote them in our South African subreddits.

This is a post to create awareness and warn South Africans about the real dangers of interacting with vibe-coded apps, like those often promoted here and in other South African subreddits by their “tech founders”.

These so-called “apps” are without exception full of bugs, they do not handle data securely, can easily be abused or broken into and are not built on any kind of proper architecture. At best, you will be duped out of any money you pay for these AI slop “services” that do not work reliably in any way, and at worst your personal data will be leaked. These kinds of apps are the wet dream of people interested in identity theft all around the world, who are on the lookout for apps like these.

I will take a real example to prove this to you. Just yesterday an individual was promoting a “bookkeeping & SARS tax compliance“ app here called “OneTouch TaxApp”. This “app” is publicly hosted on the internet, so I am not revealing anything private here. As the lead software architect and engineer at one of the largest tech companies in the Fortune 100, who have the tools and experience needed to audit these kinds of applications, I knew straight away that this “app” is dangerous AI slop. I commented in that thread that people should steer well clear of it. Yet, I still got responses from some people saying that I am just “bitter” that youngsters with a Claude subscription can now build such excellent apps, and questioning how I know the app is vibe-coded in the first place?

Well, I’ll show you how. I pulled the app’s source code, mounted it in my IDE and did a technical audit. The bugs, POPIA non-compliance, and general security risks I found are staggering. As I knew it would be. I have already completed a Form 5 and reported this individual and his registered Pty Ltd to the Information Regulator of South Africa this morning.

I know this is a long post, my apologies, but for anyone interested in the technical side of this kind of thing, you can read through my findings below. These are only some highlights and are not even 50% of what I found.

The reason I am so passionate about this is because I am sick of the public being duped and their data put at risk by amateurs flogging dangerously flawed apps as professional products, specifically in sensitive domains like finance and tax compliance. This, in my opinion, is a kind of scam and should be called out at every opportunity.

Here are some of the things I found:

  • The app does not properly delete user accounts or user data. The account deletion flow only removes a small subset of the created data tables before signing the user out for the last time, and it also leaves the Supabase auth identity intact. That means that personally identifiable information remains stored even after the user believes their account was deleted. For an “app” handling financial data, this is a serious POPIA violation and general security risk.
  • POPIA consent in this app is meaningless. I was able to start the login flow, request OTP codes, sign in and use the app without ever accepting the POPIA notice. The consent banner stays visible, but it does not actually block personal data processing without consent. Total amateur hour again, and a violation of POPIA law.
  • The OTP login flow is very abusable. There is no CAPTCHA or meaningful cooldown between OTP requests, and no obvious rate limiting. I was able to repeatedly request new login codes for the same email address almost immediately after going back in the flow. So hackers can DOS the hell out of this flow, and also brute force guesses at the code. Pathetically inept.
  • The app sends user information to third-party services before consent is given by the user. For example, this guy uses Sentry for error tracking, and Sentry is initialised before POPIA acceptance and already send through the user ID, email, and plan information. That directly conflicts with the “legal” page, which claims only anonymised error data is sent and that names and emails are excluded.
  • The pretend “AI assistant” in the app called “Juan” is just Claude. Yeah when you “chat” with it, you are just chatting to Claude through this guy’s API key. To make it worse, the code shows that the context being sent to Claude includes information like business name, owner name, email address, VAT number, payroll and PAYE status, overdue invoices, bank transactions, financial summaries, and uploaded slip photos etc. So your personal data is ending up on Anthropic’s servers without your consent.
  • The “app“ is missing many basic browser security protections. This will sound a bit technical but, for example, it has no Content Security Policy, no X-Frame-Options or frame-ancestors protection, no X-Content-Type-Options, no Referrer-Policy and no Permissions-Policy headers. Again, the stuff of dreams for hackers.
  • The file storage and document-sharing implementation is flawed. The code uses Supabase getPublicUrl() against a bucket named “documents”. If any financial documents are mistakenly uploaded into that bucket, there is no validation and it could expose invoices, statements, or uploaded records publicly.
  • The accountant-sharing flow is one of several flows in the app with serious access-control issues. For example, the app blocks users from downloading monthly accountant packs before the month is formally closed, but the “Send via Email” flow bypasses that safeguard entirely by using a different code path. You can’t make it up. Even worse, when a user changes accountants, the app reuses the same existing share token instead of generating a new one. That means a previous accountant may still have access to the same financial-share link until it expires.
  • Deleting financial history is misleading and flawed. The “Clear financial history” action does not actually clear all financial history. It only removes some snapshots and reconciliation data, but leaves statement history, document history and annual summaries behind. Another example is that deleting a bank statement from statement history does not remove the actual bank transaction data or reconciliation records tied to it.
  • The year-end close process code is a mess. It writes annual summaries and then separately deletes invoices, snapshots, reconciliation sessions, and payroll runs in multiple steps. If one of those operations fails halfway through, partial deletion is possible while the UI still tells the user that “No data was deleted.”
  • The bank statement import and reconciliation logic is very fragile, as one would expect from someone who has no clue what they are doing. The Excel import code only grabs the first column that looks like “amount”, “credit”, or “debit”… So in the future if any uploaded bank statement deviates from this logic, it will not be caught and this can misclassify transactions or import incorrect values. The CSV parser is also homemade and utterly simplistic, which makes it far more likely to break on messy bank exports, quoted fields, or escaped values.
  • Duplicate detection is far too aggressive and can silently drop legit transactions, which is just what you want for accurate bookkeeping! For example, the app treats the combination of date, amount, type, and description as globally unique across uploads... So two real payments with the same values on the same day can therefore be incorrectly skipped as duplicates. This is excellent stuff.
  • The reconciliation flow allows users to contaminate accounting periods. If you import statements for the wrong month, the app does warn you, but it still saves those rows into the current reconciliation session instead of properly switching periods or isolating the data, which is so bad.
  • Basic business logic validation is missing in many places. A highlight was that I was able to create and save invoices where the due date was earlier than the invoice date. 😂
  • The entire “app” was built through uncontrolled vibe coding with no architectural discipline at all. The business.html file alone is over 16,000 lines long, with authentication, payroll, invoicing, AI, billing, reconciliation, legal flows, and consent logic all mixed up together in one giant page. Horrible stuff.

There is a growing pandemic of inexperienced people deploying systems into production that process sensitive financial and user data without them having any understanding whatsoever of proper security engineering, our privacy laws, proper authentication hardening, and general system safety integrity. The flog these apps to people who are put at risk when they use them. I will continue to do this and report each and every one of these apps promoted on this platform to the Information Regulator.

reddit.com
u/snormosselmelktert — 2 months ago

I’m not sure if anyone here regularly buys the Thirsti brand of still water from Checkers? I have noticed a strange taste, almost like plastic or chlorine, in their water over the last month or so. Initially I thought I was imagining it, or that some item in my fridge was passing off a smell somehow, but no. It is their water. It tastes like that even straight out of the delivery bag. And so today I bought Bonaqua, and the difference is night and day. I was wondering if anyone else noticed this?

reddit.com
u/snormosselmelktert — 2 months ago

I have been super lucky… When I was 20 years old, straight after college, I sent out my CV to apply for a job for the first time in my life. I got that job three days later, and ended up spending 11 years there. I left there in 2020, when I got offered a position at a huge US tech firm, without applying, and have been there ever since. I am 36, have only had two jobs, and only sent out a CV one time. I sometime reflect on how lucky that is… I have heard some horror stories…

reddit.com
u/snormosselmelktert — 2 months ago