this post was submitted on 04 Nov 2025
395 points (99.0% liked)

Programmer Humor

27193 readers
1017 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
395
Apple forgot to disable production source maps on the App Store web app (infosec.pub)
submitted 16 hours ago by mudkip@lemdro.id to c/programmer_humor@programming.dev
31 comments fedilink hide all child comments
top 31 comments
sorted by: hot top controversial new old
[–] mmmac@lemmy.zip 3 points 1 hour ago

Our international teams kept enabling sourcemaps and I just had devops lock the directory to vpn access only 🀷

I know sourcemaps aren't the end of the world as it's all client side code that lives on the clients computer but it just feels dirty

[–] mr_satan@lemmy.zip 20 points 5 hours ago (1 children)

Security through obscurity is not security. I see no reason why source maps should be unavailable.

[–] entwine@programming.dev 8 points 1 hour ago (1 children)

Because source maps show how shitty your organization's code and overall engineering practices are.

[–] phoenixz@lemmy.ca 5 points 1 hour ago

Ding ding ding

Open source code is usually quite nice and well done because money pressure is way less of an issue and everyone knows people will be looking at your code

[–] NotMyOldRedditName@lemmy.world 25 points 8 hours ago

And now the source code is part of copilot

[–] dogs0n@sh.itjust.works 31 points 12 hours ago (2 children)

SVELTE πŸ₯Ή (im very happy to see svelte)

Also I'm scared that this person may be risking their github account by posting this, I dunno if it's legal to "distribute" apples website code yourself. If not, best hope they dont ban your whole account.

[–] northernlights@lemmy.today 8 points 8 hours ago

Or even sue them

[–] mudkip@lemdro.id 7 points 12 hours ago

we love svelte

[–] kibiz0r@midwest.social 23 points 12 hours ago (2 children)

You’re supposed to disable source maps in prod?

Asking for a friend

[–] dreadbeef@lemmy.dbzer0.com 13 points 6 hours ago

if you think your source code is that precious and unique and special, go ahead and worry about it haha

[–] dogs0n@sh.itjust.works 11 points 12 hours ago (1 children)

Just to save on wasted bandwidth for the client (and your server) is why I would disable them.

[–] brian@programming.dev 29 points 11 hours ago

they're different files generally, the only client that will automatically request them is a debugger.

you turn them off because you don't want to expose your full source code. if you would be ok making your webpage git repo public then making sourcemaps available is fine.

[–] QuazarOmega@lemy.lol 58 points 15 hours ago (2 children)

Copyrighted content

archived them

on GitHub

Idk man 🧐
Run the countdown to when it's taken down

[–] refalo@programming.dev 11 points 8 hours ago* (last edited 8 hours ago) (1 children)

There's lots of content sitting just below the surface on github. Any time you make a PR on a repo, even if it gets closed or "deleted" by the repo owner, the actual link to the file itself stays there forever if you save it. Github's own dmca repo even has warez links on it, sitting there for years.

[–] QuazarOmega@lemy.lol 3 points 1 hour ago

Oh that's cool, I had no idea! Though does that apply to content removed for DMCAs?

[–] nihilomaster@lemmy.world 1 points 10 hours ago* (last edited 10 hours ago) (1 children)

You could argue that since it's publicly available and this repo only archives it that... I don't know man Copyright law is confusing.

[–] rtxn@lemmy.world 1 points 6 hours ago

I think you can get some kind of exemption for archival purposes. I know that the Internet Archive has one. But I also know that ultimately Microsoft is responsible for the data hosted on Github, and Microsoft's interest is to not even risk getting sued.

[–] bleistift2@sopuli.xyz 92 points 16 hours ago* (last edited 16 hours ago)

Depending on the exact level of stupidity clinging to the judge on that day, some jurisdictions might consider this β€œhacking.”

One case from the states that was luckily dismissed: https://uk.pcmag.com/security/136282/missouri-gov-goes-after-reporter-who-found-shockingly-bad-flaw-in-state-website https://www.vice.com/en/article/this-is-the-hacking-investigation-into-journalist-who-clicked-view-source-on-government-website/

[–] chazwhiz@lemmy.world 71 points 16 hours ago (2 children)

Isn’t that just effectively un-minified? It’s just the client side code in the first place?

[–] TeamAssimilation 58 points 16 hours ago

Comments and full-length names make the source way more accessible.

[–] locuester@lemmy.zip 31 points 15 hours ago

Nah it’s more complete with comments and all. Here’s a link to a random svelte file:

https://github.com/rxliuli/apps.apple.com/blob/main/src/components/pages/SearchResultsPage.svelte

[–] 0x0@lemmy.dbzer0.com 16 points 13 hours ago (1 children)

Is this interesting for some reason?

[–] panda_abyss@lemmy.ca 33 points 12 hours ago (1 children)

It’s how the web worked before minifiers, so kinda but not really.

You just have comments and original variable/function names.

I’m sure someone will argue this helps scrapers or hackers, but really it’s not that big of a deal.

[–] Axolotl_cpp@feddit.it 4 points 11 hours ago* (last edited 11 hours ago)

It help users that make websites styles!

Eg. I have a discord style for fixing their bullshit

[–] oopsallnaps@piefed.ca 7 points 12 hours ago

iirc Apple music's web ui also has sourcemaps, but I'm not subbed to apple music anymore to check. Its neat, but not really a huge blunder, nor takedown worthy.

[–] gravitas_deficiency@sh.itjust.works 26 points 16 hours ago (1 children)

Yo gimme a repo link, you can’t blueball us like that

[–] silt_haddock@lemmy.world 16 points 15 hours ago

I’m gonna download this to my iPhone, just in case.

Try and stop me, Tim Apple!