<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I agree. It is one thing that it seems
that even experienced users do not notice the small red button. <br>
The worst part is the brutal red "no entry" sign. Which is in
addition to the Java warning box! <br>
There are 50 000 Firefox users each month who would like to play
Java games on our site, not including casual visitors, whose count
is an order of magnitude higher.<br>
<br>
On 2013.10.22. 13:31, Floh wrote:<br>
</div>
<blockquote
cite="mid:CAF00CNT55BLRwcwSjyzurmpYZWHgaFzVJxYHAGtwWwFtLQgf4w@mail.gmail.com"
type="cite">
<div dir="ltr">I'm coming from the "Java-Plugin-blocked" bug here
to hopefully start a bit of a more constructive discussion
instead of the whining going on there ;)
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://bugzilla.mozilla.org/show_bug.cgi?id=914690">https://bugzilla.mozilla.org/show_bug.cgi?id=914690</a></div>
<div><br>
</div>
<div>I agree that Java shouldn't run automatically, and that old
Java version with confirmed security problems should display a
red alert warning and make it hard for the user to run the
plugin without updating. But displaying the red-alert-scare UI
for all versions of Java (even for the latest version) without
known security holes is a really bad decision IMHO.<br>
</div>
<div><br>
</div>
<div>The current UI (red circle and a text that the plugin is
vulnerable) doesn't make it clear at all that the user can
interact with the plugin box. Instead most users will assume
that they can't actually activate the plugin and go away which
is *really* bad for our business.</div>
<div><br>
</div>
<div>===</div>
<div>If the user has installed the latest Java plugin version
(without known security holes) the plugin box should (1) be
less scary (no red circle, and a less intimidating text), and
(2) make it obvious that the user can activate the plugin with
a click if he/she trusts the web site.</div>
<div>===</div>
<div><br>
</div>
<div>Of course Java in the client is shit and we want to move
away from it (our current time horizon for this is that we
need a plugin-free solution for our games until end of 2014,
through emscripten+WebGL (you can see a glimpse of this here:
<a moz-do-not-send="true"
href="http://www.flohofwoe.net/demos.html">http://www.flohofwoe.net/demos.html</a>),
and alternatively push our native stand-alone client more),
but you need to give us a reliable and big enough time window
for migration. I was expecting that FF starts a more strict
click-to-play policy for plugins around December 2013, but I
was not expecting that Java would essentially be completely
disabled (because that's what it feels right now to the user).</div>
<div><br>
</div>
<div>So to reiterate: I'd like to vote for a more intuitive and
less scary user interface for (Java) plugins if the user has
installed the latest version without known security holes. It
should be obvious to the user that he can activate the plugin
with a single click, choosing between "Run Once", or "Run
Always on this site".</div>
<div><br>
</div>
<div>Thanks for listening,</div>
<div>-Floh.</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
firefox-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:firefox-dev@mozilla.org">firefox-dev@mozilla.org</a>
<a class="moz-txt-link-freetext" href="https://mail.mozilla.org/listinfo/firefox-dev">https://mail.mozilla.org/listinfo/firefox-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>