It's great to have guides like this, but there are a lot of recommendations in here, and I don't understand the implications of all of them, individually or together.
The author seems opposed to disabling security mitigations for performance reasons, but what are the trade-offs? What if you use your workstation for 3D rendering or machine learning, and you really do want to maximize the performance of your hardware?
Most of the options don't have much or any performance impact. The few that do e.g. the spectre/meltdown related ones provide improve security far more than they impact performance on a recent-year CPU. If these security options make or break your ability to do certain kinds of work - then you'd probably benefit most from using a more modern and faster CPU.
If anything some of these options are more likely to break the occasional application completely e.g. some applications use user-namespaces.
The author seems opposed to disabling security mitigations for performance reasons, but what are the trade-offs? What if you use your workstation for 3D rendering or machine learning, and you really do want to maximize the performance of your hardware?