some technical info here by the dragonflybsd dev who says its not viable on his OS.
http://lists.dragonflybsd.org/pipermail/users/2018-January/335633.htmlalso here some info here
https://arstechnica.com/gadgets/2018/01/heres-how-and-why-the-spectre-and-meltdown-patches-will-hurt-performance/Meltdown patch is effective, but adds new system calls to kernel operations, in lame speak it means userland processing has zero performance impact, but kernel processing has heavy performance impact (halving of performance). Generally in laymens terms i/o and networking overheads will double. You can see a graph posted on the arstechnica page from a admin of a server showing his cpu utilisation doubled on a patched system. The reason desktop's (on average) are seeing much lower visible performance hit's is because much more of their processing is userland, but its not entirely userland.
Spectre has 2 variants as has already been mentioned here. One can be patched in software, on Windows I believe the patch will only be applied if a certian registry key exists to indicate a/v software is compatible, otherwise the patch wont be installed. The second patch requires a updated cpu microcode. The spectre patch effectiveness and performance implications are noted in the first link I posted. Basically there is a choice between hardening spectre mitigation just on kernel calls (so limited impact on most desktops but still heavy on servers), or hardening on all cpu instructions (massive performance hit to everything). Microsoft has done the former else there would be meltdown on the internet about performance, but its noted that the former will allow things like browser exploits to still work. The latter is also not even a complete mitigation. Also to avoid a meltdown about windows server performance, when the patch is installed its by default disabled.
On my PfSense unit I have decided to mitigate neither, it has no web browser, it has no public services, its pointless.
On my desktop at least for now I have also decided to not mitigate either, the OS is hardened, the browser is hardened and I have common sense. My laptop I will probably mitigate meltdown but not spectre.
Family members is a different story, hardening their OS and browsers is difficult as it compromises ease of use, so they get confused etc. Hardening gets undone on automated Windows 10 feature updates, and they dont have the IT savvyness to know what sort of things to avoid doing that puts them at risk, so I will make sure they mitigated as much as possible.
Thats my current take on it, for home equipment, servers is a different story.
Much of intel's IPC improvements in the past decade or so have come from branch prediction, full spectre mitigation disabling all of that sets CPU's back a decade or so in performance hence the heavy performance hit.