I don't think we are fundamentally hopeless for "langsec", although history will definitely be divided into two Epochs: a time before Spectre and a time after.
Language runtimes and operating systems just got some really great new research problems, and a lots of interesting ideas are afoot (many in V8 land).
There is no way that this is true. The program analysis community has known for decades that systems were only ever sound w.r.t. some assumptions. See Andrew Appel's paper on breaking java safety with mcdonalds heat lamps from like a decade ago for a fun example.
Basically every static analysis person I've talked to about this agrees that it is a really really cool attack but that it doesn't represent fundamental new information for the field.
I don't think we are fundamentally hopeless for "langsec", although history will definitely be divided into two Epochs: a time before Spectre and a time after.
Language runtimes and operating systems just got some really great new research problems, and a lots of interesting ideas are afoot (many in V8 land).