in a strict choice between doing it fast and doing it right, fast wins every time
What "choice between doing it fast and doing it right" do you believe is responsible for Spectre-class attacks?
The CPUs vulnerable to Spectre-class attacks are "doing it right". They are meeting the guarantees they made about user-visible state. (You might quibble about whether Meltdown violated some guarantee, but that's just one Spectre variant, and not the most common one.)
We've known about side-channel attacks for decades - in fact, since before we had electronic computers. We've known about the information-theoretic consequences of irreversible computing since, again, before we had general-purpose electronic computers. When speculative execution was introduced (originally by CDC and IBM, before Intel even existed), people knew it would leak information - that just wasn't relevant to the requirements.
The original Spectre paper was something of a watershed because it showed how easy it was to recover useful information from some of those side channels using only software; it was one of those facepalm moments we have periodically in IT security, like the Morris worm or Levy's "Smashing the Stack" or the original Bleichenbacher attack, where everyone says "oh yes, it's obvious in retrospect that these attacks are feasible".
There even seems to be a sense among some researchers that there are research areas like this which people subconsciously avoid, because we have a lurking sense of dread about how much trouble they might be. So, for example, before "Smashing the Stack" you'd hear security researchers saying "well, yes, the Morris worm overwrote a buffer in fingerd, but that trick is tough to pull off" and dismissing it as a unicorn; but then Levy published his Phrack piece and suddenly everyone was doing it. The can was open and the worms were everywhere.
I don't think it's all that common that someone comes into work and says "this technique will be widely used, and it's clearly broken, but what the hell, fuck the users!".
Biting the hand that feeds IT
