I recall being at a local (Detroit) IT seminar around the time Javascript was announced, and some guy from Sun with an English accent going on and on about how safe javascript would be, since it couldn't access local resources and they had purposefully left out a lot of functions that could compromise the user. It's changed a bit since then, I'd say.
Nah, Java applets lost because of the deployment nightmare they had become after MS was blocked in their attempt to coopt the language (they were barred from shipping incompatible JVMs, so they stopped shipping JVMs and Java IDEs altogether).
ActiveX was winning, but that really was a security nightmare.
Eventually enough of the useful parts of ActiveX crept into JS enough to build real stuff with it.
20/20: Java applets needed better integration, access to the host browser's runtime. Like accessing the current page's DOM, being able to hook the event loop.
I didn't care at the time. I hated all things HTML, CSS, JS. Such a downgrade from state of the art. I regarded the browser as terrible means to deliver, bootstrap applets. Just like Flash.
One thing I didn't appreciate at the time was the genius of HTTP and URLs.
I'm still completely baffled by the "worse is better" thesis. I just can't understand why JavaScript was created, much less why it succeeded.
One can understand how mistakes like \0 terminated strings and SQL's NULL happen, become hard to undo. But JavaScript is the original sin that just keeps poisoning. Other platforms, ecosystems learn and grow and mature. JavaScript stubbornly refuses to acknowledge truth and goodness, and is all the more successful for it's belligerence.
JS is an accident of history, and won because of market quirks rather than technical merits. JS was created because Netscape thought it would be cool to have webpages that were somewhat interactive. They were a relatively small and chaotic startup throwing shit at the wall; MS did what MS does, which was to embrace / extend / extinguish, and by doing so they established JS as a must-have feature for all browsers. Before GMail and GMaps, JS was not particularly successful - it was largely just a novelty. Seriously-interactive stuff would still use ActiveX, Flash, Java, or just live outside the browser altogether (Napster...). Then a combination of JS improvements (XHR), publicity efforts (Crockford and GMail), and the market standardizing on minimum common denominator (avoiding deployment and security issues of plugins) left us alone in the room with this beast.
It was faster. A page with JavaScript loaded instantly, a page with Java locked up the whole browser for around a minute while the JVM started. (That was probably also the start of the "Java is slow" meme: anyone who had ever visited a page with a Java applet immediately learned to associate "Java" with "slow".)
Applets suffered a spin up of the mini VM time. And applets couldn't affect the rendering of the html page, they had their own 'canvas'.
I rather think JS was more appropriate as dev found more use in dynamically altering the very html markup that users saw, and after it was actually rendered.
JS was definitely faster, but it wasn't really used it in a modern sense anyway - just simple animations.
MS definitely had a lot to do with Java applets failing though; after SUN fought to avoid being embraced/extinguished by VisualJ++, MS just pushed their own ActiveX tech to do the same thing, which was inevitably more performant (because it was based on COM+ and other Windows-specific innards).
I think people will probably hear that and think poorly of today's more permissive JS, but it's worth mentioning that there wasn't much of a browser security model at that time. Browsers/pages weren't sandboxed, and there was no concept of "Allow site to do X?" like we have now.
This lead to some iffy things with even early JS, such as allowing sites to set the user's homepage just by clicking a link.
