this post was submitted on 04 Nov 2025
669 points (98.7% liked)

Programmer Humor

29166 readers
1422 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
669
Apple forgot to disable production source maps on the App Store web app (files.catbox.moe)
submitted 3 months ago by mudkip to c/programmer_humor@programming.dev
65 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] mr_satan@lemmy.zip 97 points 2 months ago (3 children)

Security through obscurity is not security. I see no reason why source maps should be unavailable.

[–] entwine@programming.dev 75 points 2 months ago (1 children)

Because source maps show how shitty your organization's code and overall engineering practices are.

[–] phoenixz@lemmy.ca 46 points 2 months ago (2 children)

Ding ding ding

Open source code is usually quite nice and well done because money pressure is way less of an issue and everyone knows people will be looking at your code

[–] ulterno@programming.dev 22 points 2 months ago

If you look at the casual code that I have shamelessly made public on my GitLab, that might change your mind on that.

[–] Lifter@discuss.tchncs.de 10 points 2 months ago (1 children)

That's probably also why development is usually really slow and most maintainers can't keep up/give up.

[–] SleeplessCityLights@programming.dev 17 points 2 months ago (1 children)

Nope, it is simply because they are overwhelmed. Either it's too much work to do after your day job or just too much work for one person.

[–] kazerniel@lemmy.world 2 points 2 months ago

Also what I've heard from open-source project maintainers, once a project gets popular, the flood of feature requests is neverending. (Something I'm sure I contributed to over the years 🫣) And especially in cases of feature requests with niche usefulness or mismatching vision, they can sap developer morale.

[–] mack@lemmy.sdf.org 10 points 2 months ago (1 children)

depends.

if we're talking about a personal website nobody will care. if you are a multibillion company and there's the risk that literally anyone can create a 1:1 clone of your services... yeah that's a bit of a trouble

[–] mr_satan@lemmy.zip 9 points 2 months ago (2 children)

Omitting source maps doesn't prevent that.

[–] mack@lemmy.sdf.org 4 points 2 months ago (1 children)

no it doesn't, and I am very aware that if anything runs on someone's computer then it can get replicated. but it gets slightly harder, also to reverse-engineer it or find potential fallacies. as well as source maps on prod are just a waste of bandwidth

[–] mr_satan@lemmy.zip 2 points 2 months ago* (last edited 2 months ago)

Dunno, this "harder" argument while valid sounds just like false security. That's why I don't see much weight in it.

As for bandwidth, source maps are not automatically pulled from server, so it also seems like a false issue to me.

[–] Ibaudia@lemmy.world 1 points 2 months ago (1 children)

No, but it's a sensible security measure. Anything to make it harder.

[–] mr_satan@lemmy.zip 4 points 2 months ago

That's the thing, it's not actually a security measure. Security through obscurity is not security. It can provide false security impression that is more harmful in my opinion.

Having source maps can encourage proper security practices. Which, in my books, very much outweighs any security benefits of hiding them.

[–] isVeryLoud@lemmy.ca 1 points 2 months ago (1 children)

Payload size

[–] mr_satan@lemmy.zip 2 points 2 months ago (1 children)

It was mentioned before. Source map is a comment with an URL. It's not pulled automatically unless the client has devtools and supports that. It doesn't meaningfully increase the size of the site for normal users.

[–] isVeryLoud@lemmy.ca 2 points 2 months ago

Eh, true. It does clean up the payload, but I agree it's marginal.