You can build a smaller form factor, like mini or micro ATX, but you might have a harder time to switch motherboards.
Use a separate home partition to decouple the system from your user data. Easier to snapshot and to replace the system.
Yes, by default windows launches UAC prompts in the supposedly isolated "secure desktop" instead of the classical "interactive user desktop".
It is not necessary for the attack and was used to illustrate the vulnerable app manifest configuration.
I found Kanboard to be useful for managing my projects tasks. There is also a Gantt plugin that can be used to schedule tasks with an ergonomic UI.
You're right to be reluctant to apply everything by hand. K3s has a built-in feature that watches a directory and applies the manifests automatically: https://docs.k3s.io/installation/packaged-componentsThis can be used to install Helm charts in a declarative way as well: https://docs.k3s.io/helmIf you want to keep your solution agnostic to the kubernetes environment, I would recommend that you try ArgoCD (or FluxCD, but I never tried it so YMMV).
You could try to dump the EEPROM and get a hold of the user password or override it by reprogramming it.
You can build a smaller form factor, like mini or micro ATX, but you might have a harder time to switch motherboards.