You seem to be confused about their product. You are their product; the advertisers are their clients. That's the service they don't mess with. There's a reason that they don't understand why enterprise customers need Java in the browser or wish they'd stop crying wolf on every SSL cert - selling services to a business isn't their model or one that they really want.

Probably because those customer would say "we need Java to access SuperMicro's IPMI interface on our internal networks. That's the same reason we don't want to click three times every time we use a self-signed/vendor signed cert or a cert that uses older crypto. We're on our internal network. Stop breaking stuff for no reason and fix the outstanding bugs we have open."

FWIW, that doesn't seem to work under Linux on Chrome 42+.

How about users of enterprise software, managed switches, Cisco gear, and embedded appliances for whom their shiny Windows 7/8/10 (for those corps that would run 8 or 10 - I'm sure they exist somewhere), Fedora 22, Mac OSX-latest still can't access said software, hardware, appliances? You do understand that I didn't write SuperMicro's Java interface and I'm not at will to upgrade to software that doesn't exist on something I didn't make regardless of how shiny my frakkin' operating system is, right?

You are correct, however about not being "forced" to do anything. What is going to happen is that when all of our stuff stops working on Chrome, we'll all use Internet Explorer because that's all that will work and IT will start enforcing it. Meaning I can count on the day where IT officially won't support my Linux laptop even though they turn a blind eye right now because I can operate without Windows. Same goes for my boss that runs a Mac.

It's a win for management who have been taking a political beating/PR hit for the move from Google Accounts for Domains (or whichever the enterprise suite is) to strictly Microsoft though. Which is a bit troubling since prior to acquisition there was hushed talk about the new management not being too keen on us in the R&D department using, writing and contributing to open source projects.

In summary, breaking an interface to other things breaks stuff on ALL supported platforms, because end users can't upgrade software they didn't write or compel their upstream provider to care what Chrome does; it doesn't matter what version of which operating system you're running. There are also unintended consequences for breaking stuff that corporate customers use, and those of us that have a foothold with Open Source in the company are collateral damage.

You did get the part where he's talking about using Java for work, in a secure environment, yes? You aren't seriously claiming that everyone that uses SuperMicro servers doesn't care about security because their IPMI interface is a Java webstart application, are you?

I mean, for my own part, I have two choices when doing hardware tests of our appliance builds: I can drive across the Twin Cities from my home office and stand at the R&D rack in a cold and noisy staging area for several kickstart/chef bootstrap/chef converge cycles. Conversely I, as a professional, can assume the risk of using a Java IPMI interface to access a server I physically took from a box and placed in the rack of a secured staging room over a secured subnet accessed over a secured VPN connection on my development VM (with a weekly maintenance snapshot, taken every Monday morning, which I don't hesitate reverting to 'cause SystemD, but that's another story), using HTTPS with the SSL cert from that box I physically placed in the rack.

If you are somehow cracking past all those barriers into the imaging subnet of our R&D department's subnet, you've already got half a dozen usernames and passwords and have changed a cert that lives on a box whose OS has an average lifespan on the order of an hour (that is, owning that box isn't incredibly useful in and of itself). Even at that point, the new SSL cert is going to tip me off. But if somehow you managed to get past all that, with all that knowledge just to infect my desktop VM, it seems to me that you already have the keys to the kingdom, so to speak.

That is all to say, just because someone has, or even chooses, to use Java doesn't mean they don't care about security. I'm sure I don't need to explain to you of all people (I read your username and it immediately rang a bell; a quick Google search confirmed my suspicion - I run a lot of code you wrote, and most likely vice versa but to a much lesser degree)that security is about defense in layers, attack surface, vectors and risk/reward. I'm sure there are plenty of other people that use Java in their professional lives that understand and accept the risk of how and where they use it.