Are you tired of hearing about Meltdown/Spectre yet? Doesn’t matter! The two sysctls for controlling mitigation in DragonFly have been renamed:
They go to hopefully sensible defaults, but Matthew Dillon has done some testing to show the effects of each in various combinations. (Update: more changes and tests.) Note that this is not the final mitigation work; compilers (i.e. gcc) are being updated to include workarounds for this, so new gcc -> new compiler in DragonFly -> new defenses. No silver bullet there, though.