The Immich “Cursed Knowledge” List Is the Absolute Backend Nightmare You Must Beware

Hello everyone, today we’re diving head-first into the swirling vortex of developer misery known as the Immich “Cursed Knowledge” list. Think of it as the Dark Souls of backend development – constantly kicking you in the shins while you pretend to be having fun. If you ever wanted to see the exact moment a group of engineers collectively lost their will to live, this is the diary entry.

A Love Letter to Dysfunction – in Bullet Points

First of all, the opening warning sets the tone perfectly: “Under very active development. Expect bugs and changes. Don’t rely on it.” Oh good, nothing says “trust this software” quite like an admission that it might decide to spontaneously eat all your photos because a semicolon was misplaced. At least they’re honest – kind of like a surgeon telling you they’ve just learned what a scalpel is but will “give it a go.”

• Zitadel Actions are cursed: A JavaScript engine that doesn’t support regex named capture groups? That’s like building a Formula 1 car and discovering it doesn’t have a steering wheel.
• Entra’s PKCE omission: Microsoft decided PKCE exists but doesn’t tell anyone in its OpenID discovery document. Yes, because clear communication in APIs is obviously overrated.
• EXIF metadata dimensions: Why should an image’s metadata match reality, right? It’s much more fun to guess the width like you’re playing Minesweeper.
• YAML whitespace issues: Once again, spaces – the bane of human existence since Python was invented – are here to ruin your day.
• Hidden files in Windows: Combine hidden files with SMB “hide dot files” and voila! Files that exist Schrödinger-style, both accessible and utterly inaccessible.
• CRLF in bash scripts: Git turning line endings into spicy bombs that detonate in production. Fun!
• Cloudflare Workers fetching HTTP by default: Because in 2025, defaulting to HTTP totally makes sense. Next, we’ll go back to dial-up while we’re at it.
• Mobile GPS stripping: Phones acting like stealth privacy ninjas remove GPS data silently. Totally helpful when you need location data for your app.
• PostgreSQL NOTIFY writes to WAL: Every 5 seconds. Who needs storage space anyway?
• npm scripts making HTTP calls: Running a simple health check turns into a Lord of the Rings-style networking quest.
• 50 extra JavaScript packages: Some hero adding unnecessary dependencies like Oprah on a giveaway spree. You get a package! You get a package!
• Long passwords ignored past 72 bytes: Security theatre at its finest. Turns out your 200-character password is just 72 characters of actual protection and 128 characters of placebo.
• JavaScript Date object indexing madness: Consistency? Never heard of it. Months? Zero indexed. Days? One indexed. Sanity? Nonexistent.
• ESM imports segfaulting Node.js: Perfect. Nothing like certain imports literally murdering your runtime to spice up the workday.
• PostgreSQL parameter limits: Arbitrary caps so your bulk inserts fail for no good reason other than “because.”
• Secure contexts only for certain APIs: Clipboard API, but only if you promise to be HTTPS or localhost. Because LAN traffic is apparently the hacker’s red carpet.
• TypeORM deletes mutating original objects: Deletes also deleting IDs because why wouldn’t they. Mutation-based chaos engineering, folks.

The Bigger Problem

This list isn’t just a random compilation of tech quirks – it’s an anthology of industry negligence, half-baked design, and the kind of “features” only a product manager would defend. If this was a raid boss in an MMO, it wouldn’t just one-shot you – it would uninstall the game, delete your save files, and send you a coupon for a free trial of Microsoft Clippy+.

From a medical perspective, reading through this was like diagnosing 20 different patients all with entirely unrelated but equally terminal conditions. You’d think the tech industry could at least agree on something – like not defaulting to HTTP in 2025 – but no, we’re still here, patching broken bones with duct tape.

Final Thoughts

Look, I respect the Immich team for putting this misery in public view. It’s a confession booth for developers, but every sin comes with a developer’s note of “It’s not my fault, the framework made me do it.” Still, the pattern is clear: the tech ecosystem is a spaghetti mess, and Immich is merely the unfortunate player trying to navigate it without falling into an inescapable pit trap.

Final verdict? Amusing to read, horrifying to live through. Good for awareness, bad for blood pressure.

And that, ladies and gentlemen, is entirely my opinion.

Cursed Knowledge, https://immich.app/cursed-knowledge/