The story here is that a FedRAMP-authorized system had 53MB of Vite dev source maps exposed on a production government endpoint. That's not "sold the dream, delivered the meme," that's a specific auditable compliance failure. Meanwhile a fintech engineer explaining that this is all standard legally-mandated KYC infrastructure got flagged to death. The interesting question isn't whether technology betrays us, it's why US law requires this surveillance apparatus in the first place and why the security assessment apparently missed checking for /vite-dev/ on a government system.

Also every technological step? Ever? Really? This wouldn't happen to be typed on a computer from a climate-controlled room on a nice global network or anything?

Except it wasn't a production endpoint and there's no actual security risk in having source maps available. It's more annoying to read source code that has been minified, but if a security professional tells you that minifying source code is something that increases security, you should be wondering what other bullshit they've pedaled you.

I'm not a fan of persona and have gone out of my way to not provide my details to them even before this, and I really dislike Thiel, but... let's be honest about the stuff we're complaining about.