[etaioinshrdlu]

No one thought of speculative execution and hypertheading as performance hacks until the last few years. They were brilliant techniques. They still are, they just were found to have a cost. They are still used now but more carefully.

Intel Management Engine and SGX on the other hand, are basically user-hostile parts of the hardware, with some bugs mixed in.

[wolfgke]

> No one thought of speculative execution and hypertheading as performance hacks until the last few years.

"Everybody" who has some knowledge in security (espcially with respect to side channels) knew from beginning that these CPU features were a ticking time bomb in terms of potential side channels.

What was unclear was how this (at this time played down by CPU vendors) potential threat could be used to create real attacks.

Going from potential threat (that "everybody" knew about) to real attack is the central achievement of the authors of the Spectre and Meltdown attacks (and their successors).

[legulere]

That’s not the impression that I got. Research on side channels were basically limited to timing side channels in cryptography. Everything else was not seen as practically exploitable.

[wolfgke]

> Everything else was not seen as practically exploitable.

For a concrete blog post, see https://cyber.wtf/2017/07/28/negative-result-reading-kernel-...

Note that according to https://en.wikipedia.org/w/index.php?title=Spectre_(security... Spectre was published January 2018, i.e. this blog post is indeed older.

As I wrote: It was unclear how this potential threat could be used to create real attacks.

[majewsky]

ME is exactly what Intel's data center customers want. It's only present in consumer CPUs because it doesn't scale to have separate ME and non-ME SKUs.