A new default ~/Projects is landing (and it is not just cosmetics)#
A small change can matter when it becomes a convention.
In It’s FOSS Weekly #26.18, one of the headline items is a new standard directory under your home folder: a Projects directory. Many people already create something like this manually. The point of making it “official” is that apps can start treating it as a default location, not just a personal preference.
If that convention sticks, it reduces friction across tools: IDEs, file pickers, developer portals, and onboarding docs can assume a sane default without telling every user to invent their own folder taxonomy.
What is known from the newsletter#
The Weekly item frames the new Projects directory as a “big news” change for Linux distros: a standard entry under $HOME that can be used by apps as a default.
The edition also highlights a grab bag of Linux and open-source items, including:
- Firefox “quietly” using Brave’s open-source
adblock-rustengine, with no mention in release notes. The newsletter says it is disabled by default, has no UI, and can be enabled viaabout:config. - MinIO’s GitHub repo being archived again after previously going into maintenance mode (as characterized in the newsletter).
- A series of Ubuntu releases mentioned in the Weekly. The source text lists a set of features as highlights (GNOME 50, a Linux kernel version, Wayland-only, new default apps, “deb packages back in App Center,” and “post-quantum crypto out of the box”), but the excerpt does not cleanly attribute each feature to a specific named Ubuntu version within this snippet.
- Fedora 44 being released (after a two-week delay, per the newsletter). The Weekly excerpt attributes to Fedora 44: Linux 6.19, GNOME 50, Plasma 6.6, NTSYNC for better Windows game performance, and a refreshed “Games Lab” spin.
- A supply-chain style incident: a flaw in Elementary Data’s GitHub Actions workflow that let an attacker push to PyPI “in under ten minutes.” The newsletter calls out
elementary-data 0.23.3specifically and says affected users “got work to do.” - LVFS (the Linux Vendor Firmware Service) being described as having one full-time developer and no security team, while distributing firmware updates at large scale. The newsletter says vendors may face download quotas and feature restrictions unless they sponsor the project.
- Warp terminal going open source, described as dual MIT and AGPL-licensed code now on GitHub.
- A note that Microsoft “might be looking to rebase Azure Linux on Fedora” (presented as a possibility, not a confirmed outcome).
The Weekly also points readers to a petition for Rhino 3D to ship a native Linux build, plus a mix of tips and projects (GNOME extensions, KDE Connect integration via a GNOME extension, a KVM-over-IP device project, and a “WSL for Windows 95/98/ME”-style experiment).
Why the Projects directory matters in practice#
A new standard directory sounds trivial until you trace the knock-on effects:
- Better defaults for apps
When applications have a shared “expected” place for user-created project folders, they can:
- Offer more predictable first-run experiences (“Create a new project in
~/Projects” without guessing). - Reduce user error from saving work in ephemeral places (Downloads, temp folders, random subdirectories).
- Improve portability of onboarding instructions (“clone into
~/Projects”) across distros.
- More consistent backups and sync policies
People already treat “projects” differently from media folders. A convention makes it easier to define backup rules (“always back up ~/Projects”), especially in mixed fleets where you need repeatable policy.
- Cleaner separation between “documents” and “working trees”
Many setups blur Documents and code/work trees. A dedicated Projects folder can make it easier to reason about permissions, tooling, and cleanup.
The key is that the value comes from adoption by tools, not the existence of the directory itself. The newsletter’s point is precisely that: apps can start using it by default.
The week’s other signal: supply-chain risk keeps winning on speed#
The Weekly’s Elementary Data/PyPI item is the sharpest operational reminder in the excerpt.
Even without extra details beyond what’s included here, the shape is familiar:
- CI/CD pipeline weakness (GitHub Actions workflow)
- Rapid escalation to package distribution (PyPI)
- End users left to audit installed versions and rotate/clean up
If you maintain Python dependencies, the practical response is boring but effective:
- Confirm whether
elementary-datais in your environments, and specifically whether0.23.3is present (the version called out in the newsletter). - Review your lockfiles and rebuild environments when you remove/replace compromised dependencies.
- Treat CI permissions and release workflows as production infrastructure. The “under ten minutes” claim is a reminder that attackers optimize for automation and speed.
This is not unique to Python. The same “build pipeline to registry” pathway exists across ecosystems.
A quiet browser change: Firefox and adblock-rust#
The Weekly claims Firefox is including Brave’s open-source adblock-rust engine, disabled by default, without UI controls, and not mentioned in release notes; the path to enabling it is via about:config.
If that’s accurate, it is notable for two reasons:
- Browser behavior changes can arrive as “latent” capabilities. Disabled-by-default does not mean irrelevant; it can indicate experimentation, future feature work, or upstream integration planning.
- For enterprise or managed environments, even disabled features can matter for policy and audit. New components can introduce new code paths and new questions.
Practical takeaways if you manage endpoints:
- Track your Firefox version changes closely and watch for component-level additions that do not surface in UI.
- Decide whether you want users flipping
about:configflags in your environment, and enforce policy accordingly.
Fedora 44 and the “platform baseline” problem#
The Weekly presents Fedora 44 as shipping after a two-week delay and highlights desktop and gaming-relevant improvements (GNOME 50, Plasma 6.6, NTSYNC, refreshed Games Lab spin).
Even if you are not a Fedora user, releases like this matter because they influence baselines:
- What upstream GNOME and KDE features become “normal” for downstreams.
- Which kernel features and compatibility layers start shaping user expectations (especially around gaming and Windows-compat behavior).
If you run Linux desktops in an org, the takeaways are tactical:
- Treat major distro releases as a change window for drivers, input stacks, and compositor behavior.
- Pilot on a small group before you roll anything that touches graphics and gaming-adjacent components.
Funding and maintenance reality: the LVFS note#
The LVFS item is an uncomfortable reminder of dependency asymmetry. According to the Weekly, LVFS has one full-time developer and no security team, while vendors rely on it for large-scale firmware distribution. The newsletter says quotas and feature restrictions may be used to pressure vendor sponsorship.
The actionable framing is simple: if you rely on critical infrastructure projects (firmware update pipelines qualify), your risk is partly determined by maintainer capacity.
If you are on the vendor side, sponsorship is not charity; it is operational risk reduction.
What to do next (without over-claiming)#
The Weekly is a digest. The excerpt here does not include full release notes, CVE-style detail, or direct statements from upstream maintainers. So keep your next steps grounded:
- If you build developer tooling or onboarding docs: consider standardizing on
~/Projectswhen it exists, and detect/offer to create it when it does not. - If you manage Firefox deployments: monitor for the
adblock-rustcomponent and decide how you want to handleabout:configtoggles. - If you have Python estates: check for
elementary-dataand the0.23.3version mentioned, then follow your incident playbook (audit, rotate, rebuild). - If your fleet relies on firmware updates: track LVFS policy changes and factor maintainer capacity into your supplier risk model.
The theme across these items is not “Linux news.” It is operational leverage: defaults that reduce friction, and weak links that attackers exploit because they are fast.