back to article Oracle to kill off Java browser plugins with JDK 9

Oracle has announced that it will kill off Java browser plugins once JDK 9 debuts. Big Red's post on the matter says it's sniffed the anti-plugin winds and agrees with the idea that plugins are so 90s and have no place in the modern browser, so “developers of applications that rely on the Java browser plugin need to consider …

  1. a_yank_lurker Silver badge

    Flash Next?

    Oracle is seeing the error of their ways not will Adobe?

    1. chivo243 Silver badge

      Re: Flash Next?

      and shockwave and silverlight...

    2. Anonymous Coward
      Meh

      Re: Flash Next?

      Adobe are getting there.....slowly

      https://blogs.adobe.com/conversations/2015/11/flash-html5-and-open-web-standards.html

    3. Lee D Silver badge

      Re: Flash Next?

      Working in schools, the swansong of Flash is already being sung.

      Flash doesn't work on iPads. Keeping multiple versions of Flash inside multiple browsers up to date is a pain. Most educational content suppliers are moving from Flash to HTML5.

      And these are the people who are STILL selling disks they made in the 90's using Quicktime.

      But with Flash not on most tablets (Android support stopped a long time ago, iPads have nothing in the way of Flash, etc.), they can't cater to a large sector of their market and get complaints all the time. Their solution universally appears to be HTML5 - and I can't say I disagree. As a coder, I was amazed at what's possible with emscripten, Node.js and even an unaccelerated browser on a cheap iPad, smartphone or Android tablet.

      Java's "write once, run anywhere" has ironically been replaced with Javascript in a browser, where it's actually closer to being true. I wrote an SDL app in C99 the other day - a change of compiler name from "gcc" to "emcc" and it turns into Javascript that runs on iPad, smartphone, Android tablets, all major browsers (not IE, but Edge, so that's not a problem), and runs more than fast enough even with business-level unaccelerated graphics cards to play games. Add in SDL_Mixer and it plays sounds through the browser too. Wrap an ordinary service in websockify and it can talk plain sockets to your servers. Put in OpenGL and it becomes WebGL.

      Even the kids have caught on. 3D games are available in-browser, no plugins required. Go look at the example games on the emscripten website, for instance.

      Flash is dead in the face of this. And good riddance.

    4. zerowaitstate

      Re: Flash Next?

      The issue is that OpenJDK would have eventually replaced their proprietary VM given time, had they not taken steps to improve their behavior. The monetization of Java was always on the enterprise end (support and app servers). Trying to monetize client installs was a bad approach, especially with capable alternatives.

  2. Kevin McMurtrie Silver badge

    It's not like the Applet runtime is any fun either. Even Java fanatics would rather code the browser side in JavaScript.

  3. Anonymous Coward
    Anonymous Coward

    Say what?

    "Big Red's post on the matter says it's sniffed the anti-plugin-free wind and agrees with their thinking..."

    Wait, what is "anti-plugin-free"? Isn't that just 'pro-plugin?' Well, never mind that, what about the concept that Oracle "agrees" with eliminating their own plugin? Can we all agree that this is comedy gold?

    1. phuzz Silver badge
      Flame

      Re: Say what?

      But who do we blame for taking the good idea of Java and ruining it? Oracle? Or Sun?

      1. Tom 13

        Re: But who do we blame

        The answer to that is a definitive YES!

    2. Anonymous Coward
      Headmaster

      Re: Say what?

      Wait, what is "anti-plugin-free"?

      You truncated the word "wind", it's the "free wind" that's "anti-plugin".

  4. Mark Simon

    Pathetic, isn’t it … ?

    Today, the best thing you can say about the Java plugin is that it’s gone.

    Java should have been a good idea, providing a cross-browser platform delivered over the Web. The language itself was (is) good (if somewhat dated) and the whole byte-code mechanism promised flexibility and a vendor-neutral environment. Too bad it never really happened and the cost of relying on a buggy insecure plugin that didn’t quite do the job more than outweighed the benefit.

    At least maybe now the Australian Government might get the hint and dump Java for its web security. Or maybe not …

    1. Anonymous Coward
      Anonymous Coward

      Re: Pathetic, isn’t it … ?

      The idea behind Java is indeed excellent, and the implementation has indeed been poor.

      The pitiful outcome is that the world seems to have chosen the worst possible language (Javascript) to use instead. And thus once again the lowest and crummiest common denominator wins.

      Of course there's not a lot to guarantee that Javascript is any more secure. The browsers are simply becoming a new OS in which (web) applications run. There's plenty of opportunities for cock ups in there, which will become apparent if Web apps become dominant.

      1. MacroRodent Silver badge

        Re: Pathetic, isn’t it … ?

        Of course there's not a lot to guarantee that Javascript is any more secure. The browsers are simply becoming a new OS in which (web) applications run. There's plenty of opportunities for cock ups in there, which will become apparent if Web apps become dominant.

        There is also the huge "ecosystem" that has quickly sprouted around Javascript. Have been looking at it lately more closely than I would like, for work reasons, and felt like an explorer on an alien planet. The Javascript way seems to be to layer library upon library, downloaded from all over the net, with little concern for security (or licenses -one I looked had an interesting patent poison pill that should give fits to any corporate lawyer). The extremely dynamic nature of the language also invites obscure hacks (it's rather like LISP with a C-like syntax), and means most errors can only be detected at run-time. A simple-looking web page may be the result of hundreds of Kb of Javascript libraries, implementing the latest cool way to do the same old thing... The complexity pretty much guarantees there will be spectacular security holes.

        1. dajames Silver badge

          Re: Pathetic, isn’t it … ?

          The Javascript way seems to be to layer library upon library, downloaded from all over the net, with little concern for security (or licenses ...

          ...or efficiency, or speed of loading.

          I have a feeling that Javascript will one day be seen to have been an even bigger security and usability problem than Java ever was. The design and implementation of the Java plugin environment in the browser has always been well short of ideal, but the language itself is far better than Javascript and given a well thought-out execution environment it could have been so much better than the ugly mess that we get with Javascript.

        2. Anonymous Coward
          Anonymous Coward

          Re: Pathetic, isn’t it … ?

          The Javascript way seems to be to layer library upon library, downloaded from all over the net, with little concern for security (or licenses -one I looked had an interesting patent poison pill that should give fits to any corporate lawyer). The extremely dynamic nature of the language also invites obscure hacks (it's rather like LISP with a C-like syntax), and means most errors can only be detected at run-time. A simple-looking web page may be the result of hundreds of Kb of Javascript libraries, implementing the latest cool way to do the same old thing...

          Sounds almost exactly like Perl then. So, that's two languages to avoid now... :D

      2. teknopaul Bronze badge

        Re: Pathetic, isn’t it … ?

        Heartily disagree, if you look at the recent security issues in the java plugin many come from a large attack surface of APIs not intended at all for the browser. The attack surface of JavaScript is significantly lower. It's a much better language for Web development. If you consider the significance of REST in webdev having the flexible object literal notation of JavaScript really makes it a good choice. Python perhaps, but it would have to be a significantly cut down version.

      3. Daniel B.

        Re: Pathetic, isn’t it … ?

        JavaScript is far more insecure than Java. It's just that the web dudes haven't seen it yet.

        1. boltar Silver badge

          Re: Pathetic, isn’t it … ?

          "JavaScript is far more insecure than Java. It's just that the web dudes haven't seen it yet."

          And they probably never will. Most of them know next to nothing about good programming practice (those of them that can actually code and don't just build a page lego brick style by including someone elses scripts) or the world of coding outside their little niche. Its not entirely their fault since it seems for a lot of schools and colleges, development begins and ends inside a browser so if you only get taught HTML + javascript and you have little curiosity about anything else then HTML and javascript are your coding world and you'll try and use them for everything whether appropriate or not. Hence we have V8 and node.js.

    2. LDS Silver badge

      Re: Pathetic, isn’t it … ?

      Java was designed to build portable "desktop" applications, "write once, run anywhere!".

      It didn't work as expected, and it became mostly a server side language (for its capability to sandbox the developer).

      When it was born, the web was still in its infancy and not yet dominant as today. When the web got traction, it was attempted to bolt it into the browser so a Java app could be run within. Again, an approach that didn't work.

      From some perspectives, the Java approach could be better than the pile of s**t web applications are, including the need to run within somethig still called a "brower", and their over reliance on a protocol like HTTP not designed for full duplex communication. But Java made its best to become overly complex, and its runtime never became a standard like the actual JavaScript runtime, the thing called "the browser".

    3. Anonymous Coward
      Anonymous Coward

      Re: now the Australian Government might get the hint

      As you can read in my earlier post, I sympathize with your pain.

  5. bazza Silver badge

    Sigh, that's a lot of Netgear's stuff out of date (some of their switches use the java plug in their Web interface).

    I wonder if they'll fix it or simply launch a new range. I think I know the answer....

  6. Anonymous Coward
    Anonymous Coward

    So when is it actually going?

    Deprecation in Java speak sadly doesn't mean removal. There's cruft and misarchitecting in the API (lol java.util.Date) that's been deprecated since 1.1, but shows no signs of going anywhere.

    1. JOKM

      Re: So when is it actually going?

      Its deprecated because of the need to provide backwards compatibility for previous versions of the jdk. They have got a better and newer version of data apis ripped seemingly directly from jodatime. In java 9 modules should be making an appearance, which means the ridiculous memory footprint should be being resolved, and the old data api will never get loaded.

  7. Anonymous Coward
    Anonymous Coward

    Not a moment too soon

    Java has served me well over the last 15 years so I've got a bit of love for it but the browser plugin should have been abandoned at birth. Even back in the day when people thought running applications in browsers via a plugin was a good idea the Java plugin was bad. The fact it's still around in Java 8 is, well words fail me.

    The thing that really saddens me is that if Sun had got it's act together Java could maybe have become the language used in browsers. Instead we've ended up writing the web in JavaScript - an absolute abomination of a language which is no more or less intrinsically safe than Java.

  8. Anonymous Coward
    Anonymous Coward

    Will they depreciate....

    ..the default "Recommended" install of Yahoo?

    FFS it's not like Oracle are short of a few bob and need to boost their freeware income.

    1. fnj

      Re: Will they depreciate.... [sic - SPELLING]

      The word is deprecate. DEPRECATE. Not depreciate, which is a financial term.

      1. dotdavid

        Re: Will they depreciate.... [sic - SPELLING]

        Yahoo is depreciating already with little help from Oracle.

      2. Anonymous Coward
        Anonymous Coward

        Re: Will they depreciate.... [sic - SPELLING]

        You forgot to compare "deprecate" to "defenestrate"--to throw one's self out a window--and defecate--what web programs frequently do on your browser.

  9. Dave K Silver badge

    Suits me!

    The only issue with it is just how long it will take organisations to migrate their systems away from Java plugins. Where I work, I hate Java simply because we have numerous different systems running it, some need later versions of Java plugins, some run into issues with Java 8, meaning it's often a bit of a minefield trying to either configure later versions of Java to run these applications (usually successful with enough tweaks to security and the likes), or sometimes finding a middle-of-the-road version of Java which does work with everything (not ideal from a security point of view for obvious reasons)

    I do worry that some organisations will cling to outdated versions of Java, rather than investing the necessary resources to upgrade these apps to dump their requirement for the Java plugin. If it can be done though, I'll be one of the first to rejoice!

  10. Anonymous Coward
    Anonymous Coward

    Isn't Ask Toolbar != Java plugin?

    I don't understand the link between Java plugins and the Ask Toolbar. The latter is a crappy piece of software designed to work as a browser toolbar, and AFAIK is not even written in Java.

    The Java plugin is a browser plugin that allows specific Java applications to be run from and displayed inside a browser.

    1. Tannin

      Re: Isn't Ask Toolbar != Java plugin?

      The link is quite simple, AC. It is called "money" and it's very unfair because somebody else has got some of it and Oracle wants all of it.

    2. ByeLaw101

      Re: Isn't Ask Toolbar != Java plugin?

      Yep, I'm a little confused as well. I see this as the Java Plug in removed to run java apps in the browser and not the removal of Browser plugins from the installer.... but like i said, I'm a little confused here...I'm easily confused!

    3. Anonymous Coward
      Anonymous Coward

      Re: Isn't Ask Toolbar != Java plugin?

      A number of scummy freeware developers have discovered that they can make some money off their work by including someone else's malware with their installer. Apparently Java did this for a while: installing the Ask toolbar while installing Java if the user missed the opt-out button. The claim is that they've now wised up and try to trick users into installing Yahoo's malware with Java instead of Ask's.

      I can't comment on the veracity of those claims as I'm too jaded by these and just make an overwhelming effort to check every last install setting for Java and HP drivers to make sure they don't install their malware du'jour on my machine.

  11. allthecoolshortnamesweretaken Silver badge

    "The idea behind Java is indeed excellent, and the implementation has indeed been poor."

    Oh, who can list and count the many, many offerings of the IT industry of which truer words could not be uttered.

  12. Chewi
    Linux

    IcedTea-Web

    Gentoo Linux Java lead here! I predicted this would happen given that Chrome has already dropped NPAPI and Firefox probably will. If for some god awful reason you still need the plugin (and you can find a browser that still supports it, maybe SeaMonkey?), the IcedTea-Web project maintains a perfectly good alternative, as well as its own Web Start implementation. I don't think it supports Windows but it has been looked into.

    1. Anonymous Coward
      Anonymous Coward

      Re: IcedTea-Web

      A lack of Windows support is no great loss in my opinion. In fact, I predict "Windows support" has reached its peak and will only go downhill from now on.

  13. Anonymous Coward
    Anonymous Coward

    Its a big pita for KVMs, switches etc that use old versions of java for UI

  14. Unicornpiss Silver badge
    Meh

    Corporate users...

    ...won't be upgrading any time soon. Currently we need to have Java 6, 7, or 8 and Firefox or IE11 running in "Enterprise Mode" to support the multitude of internal sites, vendor sites, and various ERP systems we use. I expect that we will be fully migrated off needing the Java plugin sometime around 2025.

  15. jabuzz

    They should fix their ILOM firmware then

    Title says it all, every machine they still have under a service contract should be fixed so their ILOM's work in a modern browser without a Java plugin.

  16. Anonymous Coward
    Anonymous Coward

    Java plugin is being booted out, not Java

    Remember that JVMs are everywhere. (Do you have a UICC?)

  17. Anonymous Coward
    Anonymous Coward

    The plugin likely won't be missed

    Sadly, that is wrong. One of the key pieces of software used at the government agency where I work depends on precisely that plug-in. And when I say key pieces of software what I mean is pretty much the entire accounting system for our multi-billion dollar agency. Given what a piece of crap it is, I suspect this abomination has been mandate from an even higher level in our government. When I first started working here Oracle had recently purchased Sun. And when I went searching on the internet for a fresh copy of the mandated version of Java we had to use, Sun had discontinued support for it more than a year before I made the search. I'll grant they've improved since then. They're actually almost keeping up with the most currently released version of Java. But I still can't see them writing that sort of code conversion before Oracle kills the plug in.

    Mind you, this isn't to say I wouldn't like to not miss it. No part of my job is more annoying than dealing with this particular crapware, not even dealing with the dweeb who lives 10 minutes from work but can't get it through his thick skull that the cybersecurity Drow won't let us use remote access tools to fix his laptop while he is teleworking.

  18. Anonymous Coward
    Anonymous Coward

    Just installed a Java update, and Oracle are currently peddling Amazon Assistant.

  19. x 7

    "The plugin likely won't be missed,"

    it will be in the NHS

    all the ID cards rely on a Java plugin

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019