Because you can't be arsed
As it turns out: not everyone runs Windows. There are a few Unix styled boxes around, some are fruity but the rest are useful.
Miscreants have found a way to continue running cryptocurrency-crafting JavaScript on Windows PCs even after netizens browse away from the webpage hosting the code. Researcher Jerome Segura of Malwarebytes said on Wednesday his team discovered scumbags had written some custom code to keep Coinhive's freely available in-browser …
But if you read the article, you'll note that the process itself is mostly platform-agnostic. It's just that the "secret" window may find it harder to hide in unfamiliar territory, but given that most systems possess some kind of taskbar or analogue, browser fingerprinting can potentially allow it to hide virtually anywhere. Failing that, it could try to find ways to position the window along an edge so only a very obscure line would be visible.
But did you get sliced in two with a bread knife?
Given that this coin mining software will need to be run across millions of devices to be worthwhile, why would anyone take time out to find a way to secretly run it on a unix box, when the same amount of time and effort could be spent getting it to run on Windows machines, thus reaching an audience probably at least 100 times larger?
"why would anyone take time out to find a way to secretly run it on a unix box"
It's written in Javascript so no effort at all is needed to make it run on a Unix box. The browser provides the platform. Pop-under windows are also a feature of the browser so what works on the browser on one OS is going to work on another.
Noscript is your friend.
"Given that this coin mining software will need to be run across millions of devices to be worthwhile"
Actually with the curent trading price of monero you could probably get a fairly decent return from anything above 500 machines.
Generally I believe coinhive say that the to make it profitable vs adverts you need around 2000 users spending 10-20 mins on your site (Its been a while since I read this so it might not be accurate still) so if you can trick users into running the script for a few HOURS then you will need far fewer people.
… to run NoScript properly configured.
No platform is immune from evil on the Internet. Worst is 3rd party domain javascript, esp. in adverts. BBC and CNN have served malware.
When will Advertisers and Webmasters / owners learn? Anything other than the same URL for everyone image and a link is evil.
I found that out yesterday, thought I'd got some kind of infection that all of my security/protection had missed.
Nope... just the fact that NoScript 10.1.3 was the culprit... I returned to 10.1.2 and everything was fine again... after double checking and comparing to another system that doesn't get firefox updated as often.
Today after retesting this afternoon after a fresh boot... all is good again and 10.1.3 works once more... But I am having to relearn some sites... once of which was an internal one to my mediaserver.
Yet the same trick works on Linux and everything else too.
+ Although proly not on a Tiling Wm.....
...well, not unless you've set your browser to Float all the time.
+ Many 'Linux Desktops these days have unmovable panels that nothing can hide under (Gnome, Unity).
+Then there are the hard-asses that have gone desktop comando (no pants, erm, panels whatsoever)....
Even without a taskbar, it may be possible to "shade" the window by putting it right on the edge so you'd have to spot a very thin line in order to know the window's there. Actually, a taskbar will be of help here since it can make you aware a browser window's still open.
"Actually, a taskbar will be of help here since it can make you aware a browser window's still open."
a good point. There may be a way to have it display "iconless" though. I haven't tried. But if it's a top level window, it will most likely be in any task bar that has icon windows listed in it.
I run Mate with the upper panel having the CPU monitor in it. If I see unusual CPU activity, I typically kill that application and re-start it. Usually it's Firefox, due to garbage collection and being left open on 7 virtual desktops with 20 or 30 tabs for days or weeks on end. Sometimes it's something else. but if you see consistently high CPU usage, it's often a problem with the application. And if it's bitcoin mining, THAT would put a stop to it REALLY QUICK.
That, and running 'NoScript'.
The original "task bar" (start menu) in Windows was designed to be at the top of the screen however I understand that Microsoft Legal stepped in as this could have caused them some serious problems if manufacturers of other OSes complained. There may also have been design considerations where menus were stacked together, as in the OS shell menu and an application menu however as the task bar was designed to be very different to an application windows's title bar I don't really see this as an issue.
It was almost certainly a last minute change and as a result of this, and doubtless and bit of obstinancy, it was possible from the outset to put the menu back in the designed location, the top of the screen, even if the default was set to the bottom.
When you think about the original Windows start menu being located at the top of the screen it makes considerable more sense as the first thing on the start menu really shouldn't be shut down as this was entirely the reverse of common sense and all existing menus. The All Programs folder would have been at the top and Shutdown/Exit at the bottom which also made a lot more sense.
Top of screen makes most sense. I have my programs menu and running applications panel there on autohide and autowidth. Less easily triggered visible as it's near title bars. I have autohide panels on the three other edges:
Left: Local look up stuff / management (Calibre, Control panel, Filemanager)
Right: Remote stuff (FTP/SFTP, Browsers, email, Shh, chat etc)
Botttom: Like applications, it has status (CPU, Keyboard state, Network state, USB manager, Bluetooth etc).
Easy to do on Mint + Mate and save for all users. Windows has become horrible with its pinning and unreadable flat icons and poor customisation, like back to Windows 1.0 and 2.0. The 3.11 was better, you could even make a desktop window like a pinned taskbar menu!
As we are getting wider/narrower screens all the time, the best place for me is at the side in some of the waste space that I now have. I prefer it on the ,left for the same reasom that I prefer to drive there - I'm mostly right handed. YMMV on that.
"Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.
Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?"
I have mine set to auto hide anyway * , no changes to muscle memory needed as when the mouse moves down its there.
* I dont like the clutter!
The apocryphal version I heard was that there were no Windows 3.1 apps that had an issue with screens being different sizes, there were some that had issues with the origin of the user-interactable area not being (0, 0), and the coordinate system was a shared and exposed resource with no coherent way to offer different versions to different apps.
So the start bar went at the bottom because there were too many significant apps that either assumed the top left was (0, 0) when maximised or had a bad habit of spawning new windows at (0, 0), no coherent way to lie to them about the coordinate system, and too many edge cases in every attempted kludge.
But unless and until I read it on something like Raymond Chen's excellent The Old New Thing, I'll continue to take that alleged version of events with a pinch of salt.
I'm old school
Like chess-by-mail, I do the internet by correspondence.
I am currently waiting for a ping letter...
Read that as Cheese by mail
...If it sounds like a good idea, I've got dibs...*
'How are we on tilsit, red leicester, Venezualan beavers cheese'...
* Yes, the website will be playing bouzouki music
NoScript helps here, but be careful. Some of these popups are actually gates, meaning blocking them means you can't proceed.
Also, I'm not too pleased with the script requirements for that homepage. For a site that touts protecting privacy, they don't adhere to privacy-protecting KISS principles.
@ lglethal
You could trade off the new features of 57 for an older version where extensions still work properly.
It's a trade off in using old version (where all your plugins happily work) vs. not having latest version & so not all security related patches. An awkward call, I prefer older version as I have more control over the browser (& when a must have security patch appears I'll switch to a Firefox fork that supports old style extensions but has security patches). I'm loyal to my "must have" extension functionality rather than any particular browser