1. from isolation pov, Matchlock launch Firecracker microvm with its own kernel, so you get hardware-level isolation rather than bubblewrap's seccomp/namespace approach, therefore a sandbox escape would require a VM breakout.
2. Matchlock intercepts and controls all network traffic by default, with deny-all networking and domain allowlisting. Bubblewrap doesn't provide this, which is how exfiltration attacks like the one recently demonstrated against Claude co-work (https://www.promptarmor.com/resources/claude-cowork-exfiltra...).
3. You can use any Docker/OCI image and even build one, so the dev experience is seamless if you are using docker-container-ish dev workflow.
4. The sandboxes are programmable, as Matchlock exposes a JSON-RPC-based SDK (Go and Python) for launching and controlling VMs programmatically, which gives you finer-grained control for more complex use cases.
I've done "being not only a developer" for some time. It's okay, even fulfilling but sometimes exhausting. Would have liked to take a break at some cushy, technical only position. Damn, should have done this while still possible...
Question: Do I miss something by not using Postman? My alternatives for development are "Edit and Resend" of a request (in Firefox) and plain old curl scripts for reusable examples.
Not Postman specifically but a client like that will allow you to prepare a whole set of different requests and save them so you can build up a test suite, plus some of them do things like scripting, chaining requests together etc. It's like the difference between a text editor and an IDE, so it depends on your needs really.
I use a mix of tools, depending on needs: `curl` scripts for things I might need to automate on barebones OS installations (Linux/macOS), HTTPie on my local CLI env if I'm debugging something where I need to mutate parameters quickly: making sequential calls, many requests with varying parameters; and Insomnia as GUI where I can save requests with parameters, headers, etc. to be re-used during development.
Each one has its strengths, and weaknesses, Insomnia can export the saved requests as `curl` commands so it's a nice visualisation to iterate over a complex call until it's working, and then be exported if needed to be automated; `curl` is quite ubiquitous but clunky to remember the exact arguments I might need; HTTPie has a nice argument syntax so it's quite readable to be quickly edited but isn't present without installing Python, pip, and pulling it.
We use it a bit at our company. We have a collection file that includes a ton of requests with headers and body. Developers can with ease load that collection file and run it against their own server, and also quickly change to a different server with just a click.
I guess a substitution would be a git repo with curl scripts and environment variables?
We also have some non-tech people who use postman to run tests.
I used to use postman, before they become greedy, now I use Bruno.
But to your question - I have saved based authenticated request to our company useful APIs - github/jira/artifactory - so when I want to string together some micro tool to do something in batch, I don't have to remember where do I create API key, and how do they accept it.
We use it at my work because one team will create the backend, and another team will create the frontend, and its useful to be able to share a big list of all the endpoints, along with how to use them and the expected result that can all be run, as well as handling all the auth for you
At the end of the day with Postman you wind up trying to codify requests via collections, which tends to just be programming in a more limited language.
Just to nitpick on the example: When a trusted or frequently used webpage is bookmarked, search can be restricted to those bookmarks with `*` in Firefox and with `@bookmarks` in Chrome.
Its as if somebody finds shocking the fact that people are generally lazy. Then you have the other extreme group, deniers. "I work more than ever!", "I ask even more questions!" and so on here and elsewhere.
Sure you do, and maybe its really an actual benefit for ya. Not for most though. For young folks still going through education, this is devastating. If I didn't have kids I wouldn't care, less quality competition at work, but I do (too young to be affected by it now, and by the time they will be allowed to use these, frameworks for use and restrictions will be in place already).
But since maybe 30% of folks here are directly or indirectly dependent on LLMs to be pushed down every possible throat and then some more, I expect much more denial and resistance to critique of their little pets or investments.
It feels like all this is because the point of school/college/university is just to get a piece of paper rather than to earn skills. Why wouldn't you get chatgpt to write your essay when your only goal is to get a passing grade.
My optimistic take is that the rise of AI in education could cause more workplaces to move away from "must have xyz degree" and actually determine if the candidate has the skills needed.
I agree with this in principle, but the problem is what happens to the in-between generation that cheats their way towards getting the piece of paper before the world moves on to a better way? At least for previous generations you got the piece of paper and you acquired some skills/knowledge.
For this reason, I don't feel as optimistic as you do. I worry instead that equality gaps will widen significantly: there will be the majority which abuses AI and graduates with empty brains, and there will be the minority who somehow manage to avoid doing that (e.g. lucky enough to have parents with sufficient foresight to take preventative measures with their children).
I'm one of the people who find LLMs extremely helpful from a learning perspective, but to be perfectly honest, I've met the children of complete "luddites" (no tablets, internet on home on timer for school work, not allowed phones until 16, home schooled, house filled with a million books) and they honestly were some of the more intelligent, well-read, and thoughtful young people I've met.
LLMs may end up being both educationally valuable in certain contexts for certain users, and totally unsuitable for developing brains. I would err towards caution for young minds especially.
"That’s because the Chinese Communist Party knows their youth learn less when they use artificial intelligence. Surely, President Xi Jinping is reveling in this leg up over American students, who are using AI as a crutch and missing out on valuable learning experiences as a result.
It’s just one of the ways China protects their youth, while we feed ours into the jaws of Big Tech in the name of progress."
Let's say I'm a writer of no skill who still wants attention. I could spend years learning to write better, but I still might not get any attention.
Or I could use AI to write something today. It won't be all that interesting, because AI still can't write all that well, but it may be better than I can do on my own, and I can get attention today.
If you care about your own growth (or even not dwindling) as a human, that's a trap. But not everyone cares about that...
This is exactly how I use AI at work—-to quickly generate funny meme images/inside jokes for a quick chuckle. I’m no artist and probably will never be one. My digital art skills amount to drawing stick figures in MS Paint.
I usually optimize for efficiency of my work hours. While I can be quite productive even with fewer hours in good conditions, coworkers who are willing to spend more hours and be more available can run over me. It's like a fight forced upon one: Who can maintain a bit of productivity while time and focus needs to be sacrificed due to conflict?
