You forgot the push forward towards more destruction of the planet we depend on to live, and the centralization of wealth in addition to the one of power.
No it would not work. TLS protects against replay attacks by design, the same response (or query) in clear text will not look the same in encrypted traffic
The attacker went through the hassle to compromise a very widely used package, but use a non standard port (8000) on their C2...
If you plan to do something like that, use 443 at least, many corporate network do not filter this one ;)
Not the OP, but it's pretty useful in my team, we all work on the same environment, with the same system dependencies, with no setup required on development machine (except the need for docker).
In the devcontainer you can run code snippets, use the system shell and access an execution environment close to production if well made.
It also allows to avoid (system) dependency conflicts between different projects you may work on.