> I think if you pick a concrete example of this phenomena (say, Java applets vs. WebAssembly) and you ask "so why didn't someone take Java Applets and update them, why do we need WebAssembly?", the answers to why this happens start to become more apparent. It's not so much that Java applets were good and then we decided they were unfashionable, as that Java applets were always kind of ugly and we eventually stopped tolerating them.

I've been asking this exact question on various HN threads with WebAssembly announcements, and the answer is always one of "Applets are insecure" or "Java is insecure".

So I don't really follow your example here... whatever security model you want to have, it seems much more obvious to implement it for Java applets than to implement WebAssembly and then implement your preferred security model for WebAssembly. Why do you think we replaced applets with WebAssembly?

(It's kind of a leading question -- my experience as a browser user suggests that we stopped using applets, spent a while not having them, and then started working on WebAssembly. By that analysis, we never replaced applets with WebAssembly -- we replaced applets with nothing, and then replaced nothing with WebAssembly. That would tend to support the more crotchety answer of "people developed WebAssembly because they just forgot about applets".)