It only makes sense that a revival of del.icio.us (but better) now uses a revival of Arial (but better). Dinamo designer Johannes Breyer in conversation with the Are.na team:

Now that type software has advanced so much, and we can draw perfect curves and streamline so many steps, some of these elements of Arial feel like a human touch among today’s digitally-produced fonts. It becomes interesting and important again.

In March 2025, Adam Gowdiak disclosed the first public eSIM compromise. His lab extracted private keys from a chip using malware in an eSIM profile – abusing a vulnerability in the Java Card platform. Longtime contributor Eric Vétillard reflects on an architectural root cause:

The real surprise is not that this has happened. It is that it took over 25 years for it to happen. The lack of on-card verification has always been a weakness in the Java Card story. Over the past 25 years, there have been a few attempts to address the issue, but the industry never adopted them. Isn’t a solution to this issue a bit overdue?

The weak spot is bytecode verification: normally a JVM checks applet code for illegal instructions, but Java Card leaves this to off-card tooling to save memory. That was fine when each card had one provider, but eSIM introduced multi-provider provisioning. Now one applet can spy on another.

New bytecode formats could make on-card verification possible, and this exploit may finally push the change. Until then, service providers should verify profiles server-side, and developers cannot take on-chip confidentiality for granted.

The ISO/IEC 19790 standard defines hardware security module (HSM) baselines for government approval, making it central to digital identity design. Until recently it cost over €200, a barrier for non-specialists. Since July, the 2025 edition is free, as is the companion ISO/IEC 24759:2025 for test labs.

For mobile documents (mdoc), open access has taken a different form: stable drafts are published in the ISOWG10 GitHub repositories.