Earlier this year Oracle ORCL 66,91 +0,25 +0,38% announced starting with JDK 9 (eta September 2016), they will remove the plugin support. They are encouraging developers to move towards the plugin free Java Web Start technology. Oracle’s reasoning for this move has to do with more and more browsers removing support the 20+ year old Netscape Plugin Application Programming Interface (NPAPI) plugin technology. GoogleGOOG 2.049,09 +22,38 +1,10% Chrome no longer supports NPAPI plugins such as Java and Silverlight. Google has partnered with Adobe ADBE 440,83 +1,77 +0,40% to include an integrated version of Flash within Chrome. The Windows 64-Bit version of Firefox also does not support most NPAPI plugins with the exception of a sandboxed version of Flash. Mozilla does plan on removing NPAPI support in the future from the Win32 edition as well.
Even Microsoft’s MSFT 231,60 +4,87 +2,15% own (Windows 10) browser, Edge does not support these plugins either. Further, Microsoft has deprecated Silverlight (EOS October 2021) and is trying to get app developers to move over to the new Universal Windows Platform (UWP). Windows Dev Center just release a porting guide for moving from Windows Phone Silverlight to Universal Windows Platform. UWP support is expected to gain a lot of momentum later this year with the release of the Windows 10 Anniversary Edition Update this summer. Silverlight is still being used on many video streaming sites, though more and more are moving towards using HTML5 with the OpenH264 or PrimeTime Content Decryption module type plugins.
A common misunderstanding is that ‘Java is bad’ or ‘Java is not safe’. This is not true, the Java platform (or runtime) itself is very good and safe. The vulnerabilities are with the plugin that allow you to interact with Java through your web browser. Java runs natively on billions of devices including most cable/satellite boxes, parking meters and even through Android apps. In those cases though you are interacting with Java natitley within the software on the device. Most home users don’t even need the Java browser plugin. If you don’t know if you need it, more than likely you don’t. Java plugin is still commonly used within businesses and academic institutions to access Java based apps via a web browser.
Oracle’s announcement plus that of Facebook’s CSO last year in regards to Adobe Flash shows that NPAPI plugins are on their way out. Browser support for this 20-year old technology is rapidly decreasing, especially now that there are safer and more secure alternatives such HTML5, UWP and Java Web Start available now. Not too far in the distant future we are going to see those users who are boycotting a particular browsers because they don’t support NPAPI plugins, are not going to have a browser left to use. This point has been brought up numerous times in the comments of the Firefox bugs dealing with the removal of NPAPI plugins in the Win64 version of Firefox.