Paranoid corner: Spectre v2 mitigation in Linux is not enabled for all processes but only for ones that have seccomp filters applied.
To enable it unconditionally (and probably make it more efficient?), add spectre_v2=on to kernel command line.
Or write seccomp filters for your software already.
A general furry public instance. You don't have to be a furry to join. Any and all topics are fair game provided they do not conflict with the Code of Conduct.