Well, I did some horrible uname -r vs file(1) comparing.

So, my Digital Ocean VM won't be left running an insecure kernel provided by Digital Ocean for a month after a cold boot (initiated by Digital Ocean); propellor now detects that misconfiguration and kexecs into a security-supported distro kernel.

Hmm.. Across all my VMs and hosting providers, not a single one of them can run a distro kernel anymore without some form of hacking. It's .. almost like hosting providers don't want you to, or their users don't care.