I think concluding the "end of langsec" goes too far. We'll continue to need both langsec, plus much more thorough hardware verification to re-establish basic isolation assumptions lost with Spectre/Meltdown (or push for detailed HW specs to begin with, to be able to assert these assumptions on our own).

OTOH, as if it wasn't obvious enough already, I'm seeing a serious issue with the concept of executing arbitrary code from untrusted network locations, such as with JavaScript on the Web.