
You cannot cURL under pressure - benjojo12
https://blog.benjojo.co.uk/post/you-cant-curl-under-pressure
======
tyingq
I do find myself using wget to download things because I don't have to
remember the curl option to follow redirects, and wget saves the file using
the same name as the last bit of the uri.

~~~
dijit
curl follows redirects, `curl -O` is functionally identical to wget.

Unless I'm missing something in your statement.

~~~
deepersprout
> curl follows redirects, `curl -O` is functionally identical to wget.

No it's not :)

You need to `curl -LO`. See for example github releases:

    
    
      curl -LO https://github.com/S2-/gitlit/releases/download/v1.4.1/gitlit-1.4.1.tar.gz
    

downloads the tar.gz, while

    
    
      curl -O https://github.com/S2-/gitlit/releases/download/v1.4.1/gitlit-1.4.1.tar.gz
    

will download an html file.

Even better would be to use `curl -LOJ`, so if the filename is not in the url,
but in the `Content-Disposition filename` http response header, curl would get
the filename from there.

~~~
tyingq
Pretty good overview of why I just use wget for such things.

------
Nextgrid
Just FYI, there's a way to get to the QEMU console with a certain keyboard
shortcut. There could be potential for mischief (if you are logging the
sessions look at the one that ended just now with "too much data written to
the terminal", that was me trying to attach the host's /etc/passwd as a raw
disk image to the VM).

~~~
Sir_Cmpwn
Heh, I was just trying to do the same:

[https://sr.ht/O2oy.png](https://sr.ht/O2oy.png)

Ben: you can fix this by adding -monitor none to your qemu command line.

~~~
Nextgrid
Even with that disabled I still wouldn't trust it (QEMU devs didn't originally
plan for its stdin to be attacker-controlled, so there could be subtle bugs
even with monitor disabled - remember the GRUB bug where you could bypass the
password with specific keystrokes). I would've personally made it to simulate
a serial port to the guest and the browser-based console being connected to
that.

~~~
Sir_Cmpwn
Yeah, that would be wise.

------
garaetjjte
Cool, but I think spawning VMs on server is overkill for that. It should be
possible to build cURL with Emscripten with fake socket interface to verify
requests.

------
likeliv
Why boot many VM instead of saving the state and restoring from there?

