Spectre seems serious. Even the E family of languages (E, Monte, Joule, Grace), which have similar lineage to ECMAScript but have always been focused on isolation, don't have ready answers for how to mitigate Spectre and related attacks.<p>I think that hardware-effect attacks are going to be the primary thorn in our side for the next few decades, even if we all agree to switch to object-capability systems immediately.