I need java support in the Browser. Have you ever tried to use it? You have to do no less then 10 clicks with lots of warnings and restart the browser in order to activate it, and that's only for one site. And you have to repeat that for every website that uses java-applets.
It's a way easier to download a binary and execute that.
It's dead for the end-user for every meaningful definition of "dead".
Also ActiveX was the MS answer to Java, not the other way round.
That's why this might be a noble thing for Oracle to do. Institutions around the world are harming their users using this tool, and it's possible Oracle could encourage them to stop doing that. (Although frankly just mentioning the possibility that an action might be the right thing to do, seems to make it less likely that Oracle would do it.)
You must be either exaggerating or not up to date (not aware that not every applet is automatically run). I don't think anybody is getting harmed. What do you think a realistic attack scenario using Java applets looks like? You'll have to break RSA, or how are you going to fool the browser plugin to run your exploit?
GGP comment observed that many people can't avoid using Java applets. Others have observed that the Java people have to use for applets is often quite old, so it is perhaps as old as the Java I used the last time I had to use Java applets. I'm sure that very few of us are "up to date"; that's kind of the point. Perhaps there are strange applet fetishists who keep their Java package installs at the bleeding edge of postmodern Java applet specialness. Even so, forcing normal people to use Java applets is harming your users, because normal people turn it off.
As recently as last year I've seen browser apps that require Java 1.3. As in they won't work with Java 1.4+. Until browsers kick Java out, Java applets aren't going anywhere.
"I can't think of any applications that couldn't be made with JS and html5, so institutions must have no reason to use Java besides wanting to harm their users"
The only way to file a (mandatory under penalty of huge fines) monthly tax report for a business here where I live is a web service that requires Java (or ActiveX) to do a digital signature for filed documents. There is currently no alternative (JavaScript APIs for that do not exist). Same goes for all other digital banking - requests have to be cryptographically signed and Java is pretty much the only widely portable way to do it.
Is that "end-user" enough for you? All busness owners in the country and all other general population doing eGovernment?
These governments and institutions should be called to task, PMs/ministers/MPs impeached if need be. Their negligence or refusal to act on this matter is a threat to national security. Literally.
I don't understand - there are end-users in those institutions using java applets. They have to use java applets because their institutions mandate their use for anything from bug tracking software (yes really, I've seen it with my own eyes) to expenses software.
Java-applets in the internet are not used anymore as i explained. And if quite a few poeple use it in their intranets they don't care particular for a 0day. If their intranet is used to deploy these, everything is already lost.
Even if the webbrowser that displays the intranet applets is used to surf the internet it's not a attac surface as you have to whitelist every site that's able to use applets.
Since the Javascript NemID client was introduced last year, most users don't need Java anymore.
That's for OTP though, users with tokens or keyfile have to use the OpenSign applet still. Haven't seen any stats, but OpenSign usage is probably pretty small compared to standard NemID/OTP.
It's a way easier to download a binary and execute that.
It's dead for the end-user for every meaningful definition of "dead".
Also ActiveX was the MS answer to Java, not the other way round.