Another stupid scare... most idiots will blame the entire set of Java products, even though applets are just a very minor feat, almost a deprecated one... and the real threat is greatly exaggerated... there was never a major security incident in the entire history of java...
Unfortunately, the only thing standard users are going to remember is "Java is bad". I've already had friends asking me about this and saying, "isn't it going to ruin my entire online experience to disable Java?". "No, that's JavaScript, different thing entirely."
And that's from people who work with computers all day as their main job. Looks like it may be difficult/impossible to get people to install Java client apps in future.
Back in the early applet days a lot of people were complaining on Usenet's comp.lang.java.programmer that applets were both a toy and a disaster waiting to happen that would never bring anything good to Java.
Yet countless Java programmers fought teeth and nails to defend Applets, saying how great the techno was and how it was going to revolutionize the Web, etc.
They are the very programmers who, today, say that Java is good but that Java applets weren't maybe that great after all. It's a bit too easy.
Now I don't know what you call a "major security incident" but in 2011 you could DoS any Java webserver by crafting an URL (hashtable exploit). A single customer Internet connection was sufficient to take down entire Java server farms.
Granted a DoS is not remote-root but still...
Then, still in 2011, there was the 12-years old floating-point parsing bug where you could DoS any Java web server, again, by sending a thread into an infinite loop. All that was needed was one parameter set to a certain value on the client side and make your HTML GET and that's it: one thread into infinite loop.
Repeat a few times and you had DoS any Java webserver.
It's still not remote root but that's not exactly not major either...
Java Applets had great promise. Early interest was high. For the life of me, I can't phantom how Sun managed to biff this one. I'm among the biggest Java fans, so my disappointment is acute.
#1 - Netscape. Their Java support always sucked. Broken thread implementation. The joke was write once debug everywhere. The early troubles soured most and Sun lost the precious mindshare. Relying on a third party for the success of Java was a huge mistake.
#2 - Sun killed their HotJava web browser, written in Java. It was the ideal applet platform. Ran great. Had a great UI for the time. Imagine if they'd kept that going.
#3 - Sun waited until Java 6, a full decade, to revamp their Java plugin. Way too late to make a difference.
#4 - AWT controls looked terrible, were too minimal. But Swing was just too heavy. The design was great for time, being the logical successor to NextStep -> Cocoa -> Netscape IFC development line. But Sun never put it on a diet, either the API or the payload.
(Thanks for the floating point parse bug tip. Writing a web server using Netty, that's a good one to know.)
