it's healthy that at least that everyone is aware tor has these weaknesses
"overlays" means any given overlay, or all of them, not exclusively tor.
are the developers actually engaged in new ideas to address #1 and #2
The overlays with large user bases in production use today all originated from earlier schools of thought... formed well before Snowden publicly proved the threats above once and for all. This doesn't mean schools are invalid or did not have such adversaries well in mind. Simply that today, the design whitepapers of any overlay network (certainly any new networks) will be expected to devote pages to any ability they might have to nullify those threats. In other words, people will be actively looking for those abilities as features now.
Generally speaking, higher speed and capacity equates to lower security. High bandwidth, low latency connected protocols present the worst case scenario; low bandwidth, high latency unconnected protocols present the best case scenario.
While generally a historical summary, this isn't necessarily true. It seems possible to build a LL+HB overlay that will defeat GPA's from observing who is talking to who when. Just babble all the time while idle and yield when some other traffic is talking through you. GAA's are a totally different bitch and contain many different possible threats under one acronym. The historical summary probably carries more weight against these types. It's hard to obtain HB or LL over a LB or HL network (unless parallelizing the LB), while LB or HL over a HB or LL network could be interesting.
NNTP
... does a pretty poor job of hiding the original poster's injection event before it's had a chance to cascade far enough through the network. All depends on your needs.