[wolfgke]

> No one thought of speculative execution and hypertheading as performance hacks until the last few years.

"Everybody" who has some knowledge in security (espcially with respect to side channels) knew from beginning that these CPU features were a ticking time bomb in terms of potential side channels.

What was unclear was how this (at this time played down by CPU vendors) potential threat could be used to create real attacks.

Going from potential threat (that "everybody" knew about) to real attack is the central achievement of the authors of the Spectre and Meltdown attacks (and their successors).

[legulere]

That’s not the impression that I got. Research on side channels were basically limited to timing side channels in cryptography. Everything else was not seen as practically exploitable.

[wolfgke]

> Everything else was not seen as practically exploitable.

For a concrete blog post, see https://cyber.wtf/2017/07/28/negative-result-reading-kernel-...

Note that according to https://en.wikipedia.org/w/index.php?title=Spectre_(security... Spectre was published January 2018, i.e. this blog post is indeed older.

As I wrote: It was unclear how this potential threat could be used to create real attacks.