    Distressing but informative exploration of this important topic.

    I was happy to hear about this new eBPF thing, which the author mentions in passing and says is a new in-kernel packet filter system which has an LLVM backend. It sounds like that’s going to make a lot of these concerns go away, and architecturally it feels a lot cleaner.