this post was submitted on 04 Nov 2025
630 points (98.6% liked)

Programmer Humor

27412 readers
1530 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
630
Apple forgot to disable production source maps on the App Store web app (files.catbox.moe)
submitted 2 weeks ago by mudkip@lemdro.id to c/programmer_humor@programming.dev
61 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] mr_satan@lemmy.zip 95 points 2 weeks ago (3 children)

Security through obscurity is not security. I see no reason why source maps should be unavailable.

[–] entwine@programming.dev 74 points 2 weeks ago (1 children)

Because source maps show how shitty your organization's code and overall engineering practices are.

[–] phoenixz@lemmy.ca 44 points 2 weeks ago (2 children)

Ding ding ding

Open source code is usually quite nice and well done because money pressure is way less of an issue and everyone knows people will be looking at your code

[–] ulterno@programming.dev 20 points 2 weeks ago

If you look at the casual code that I have shamelessly made public on my GitLab, that might change your mind on that.

[–] Lifter@discuss.tchncs.de 9 points 2 weeks ago (1 children)

That's probably also why development is usually really slow and most maintainers can't keep up/give up.

[–] SleeplessCityLights@programming.dev 16 points 2 weeks ago (1 children)

Nope, it is simply because they are overwhelmed. Either it's too much work to do after your day job or just too much work for one person.

[–] kazerniel@lemmy.world 1 points 2 weeks ago

Also what I've heard from open-source project maintainers, once a project gets popular, the flood of feature requests is neverending. (Something I'm sure I contributed to over the years 🫣) And especially in cases of feature requests with niche usefulness or mismatching vision, they can sap developer morale.

[–] mack@lemmy.sdf.org 9 points 2 weeks ago (1 children)

depends.

if we're talking about a personal website nobody will care. if you are a multibillion company and there's the risk that literally anyone can create a 1:1 clone of your services... yeah that's a bit of a trouble

[–] mr_satan@lemmy.zip 8 points 2 weeks ago (2 children)

Omitting source maps doesn't prevent that.

[–] mack@lemmy.sdf.org 4 points 2 weeks ago (1 children)

no it doesn't, and I am very aware that if anything runs on someone's computer then it can get replicated. but it gets slightly harder, also to reverse-engineer it or find potential fallacies. as well as source maps on prod are just a waste of bandwidth

[–] mr_satan@lemmy.zip 1 points 2 weeks ago* (last edited 2 weeks ago)

Dunno, this "harder" argument while valid sounds just like false security. That's why I don't see much weight in it.

As for bandwidth, source maps are not automatically pulled from server, so it also seems like a false issue to me.

[–] Ibaudia@lemmy.world 1 points 2 weeks ago (1 children)

No, but it's a sensible security measure. Anything to make it harder.

[–] mr_satan@lemmy.zip 3 points 2 weeks ago

That's the thing, it's not actually a security measure. Security through obscurity is not security. It can provide false security impression that is more harmful in my opinion.

Having source maps can encourage proper security practices. Which, in my books, very much outweighs any security benefits of hiding them.

[–] isVeryLoud@lemmy.ca 1 points 2 weeks ago (1 children)

Payload size

[–] mr_satan@lemmy.zip 2 points 2 weeks ago (1 children)

It was mentioned before. Source map is a comment with an URL. It's not pulled automatically unless the client has devtools and supports that. It doesn't meaningfully increase the size of the site for normal users.

[–] isVeryLoud@lemmy.ca 2 points 1 week ago

Eh, true. It does clean up the payload, but I agree it's marginal.