It’s been a little over a month since I last posted. I had intended to write sooner, but as often happens, life intervenes. Work got busy, and when I did find some free time, I preferred to spend it exercising, catching up with friends, or simply enjoying the outdoors. These past few weeks were particularly special, being the final stretch of summer in the UK – and anyone who lives here knows how precious that summer sun can be, almost as cherished as the memory of the late Queen.

But now, as the days grow shorter and the weather cools, I’ve finally found some time to sit down and share what I’ve been working on lately. My latest obsession has been both exciting and challenging: eBPF programming.

Remember my last post about the Crowdstrike incident? In that article, I mentioned how a failed patch on a kernel application sent millions of computers into the Blue Screen of Death.

That got me thinking more deeply about how critical the kernel is to the overall stability of a system. And, as if I had summoned some sort of karmic retribution, the past few weeks have seen me diving headfirst into developing programs and utilities for the Linux kernel.

Karma or not, this journey has turned out to be incredibly rewarding. It's made me truly appreciate how much modern computing has abstracted away the complexities of the kernel, allowing most developers to live comfortably in user space, blissfully unaware of the underlying machinery. But once you peek behind the curtain, you realize just how much of the “magic” we take for granted is thanks to this layer we seldom interact with.

At its core, eBPF allows developers to run sandboxed programs in the Linux kernel without changing the kernel source code. Originally, it was developed for packet filtering, but it has evolved into a robust framework for extending kernel functionality in a safe and flexible way. eBPF enables you to hook into kernel events, trace processes, and much more.

eBPF has become an incredibly powerful tool in production environments, particularly for observability, security, and networking. All the tech giants seem to have embraced eBPF to improve the performance of their workloads. When it comes to lower-level processes, eBPF has become a very handy tool for a developer to have under their belt.

For the last few weeks, I have been working on combining eBPF and ML and, I'm not going to lie, it has been a bit rough. A lot of it has been very experimental and it's definitely an interesting approach for workload optimisation in distributed systems. However, whether it is a good idea to put a concept still in infancy to test in a production system is another question.

Working with eBPF this last few weeks has made me get a hands-on understanding of how some processes are run at the kernel level, such as how network traffic flows from the network card and driver up to the user space. Many developers like me are so used to all the useful abstractions that have already been built for us, that we barely pay attention at the bits and pieces that allow a computer to do its magic.

If you have never heard about eBPF before, here's a cheatsheet that introduces it at a very high level:

Next, let's talk about one of my fun side projects, which basically arose from me changing IDEs: implementing Conway’s Game of Life. The Game of Life, a simple but fascinating cellular automaton, has been a great way to exercise some basic algorithmic thinking while giving me a break from the more intense work I’ve been doing with eBPF and machine learning. For those unfamiliar, the Game of Life consists of a grid of cells, each of which is either "alive" or "dead." The state of the cells evolves over time based on simple rules that depend on the neighboring cells.

I was fairly familiar with automatas and lattice-based models, as they are the beginner models for those getting into scientific computing and modelling. What intrigued me most about coding the Game of Life was not only how simple it was to implement but also how such simple rules could give rise to incredibly complex patterns over time. From stable structures to oscillators and even gliders, it’s mesmerizing to watch the simulation unfold. Working on this project reminded me of the beauty of simplicity in computing – how a few basic rules can result in intricate, emergent behaviors.

0:00
/0:25

As much as I’ve enjoyed the technical challenges lately, I also made sure to savour the last weeks of summer. There's something about the warmth and light that makes you want to spend every free moment outdoors, whether walking, exercising, or simply sitting in the park with friends. Living in the UK, where the weather can be unpredictable at best, I’ve learned to cherish those blue skies and warm breezes. The fresh air and time with friends have been just as important to my productivity as the hours spent deep in code.

So, whether I’m solving kernel-level problems or working on optimising processes in distributed systems, I’ve realized that this constant dance between complexity and simplicity is what keeps me energized. It’s a reminder that in both life and technology, even the smallest tweaks can lead to unexpected and powerful transformations. And that's what makes it all so exciting.

Here’s to more of those moments 💖

Got karma served: first steps into eBPF programming, automatas and leaving summer behind