A somehow old (2021) but interesting article about why the community is moving from wpa-supplicant to iwd: https://www.linux-magazine.com/Issues/2021/243/iNet-Wireless-Daemon

Here is an excerpt of interest: “The description of the iwd project on www.kernel.org highlights simplicity as an important factor behind iwd’s recent rise: “The core goal of the project is to optimize resource utilization: storage, runtime memory, and link-time costs. This is accomplished by not depending on any external libraries and utilizing features provided by the Linux Kernel to the maximum extent possible. The result is a self-contained environment that only depends on the Linux Kernel and the runtime C library.””

ArchLinux and Ubuntu respectively tested iwd on July 2020 and in Ubuntu 20.10.

Right, I didn’t know updating firmware from the fwupd service was came pre-installed in Pop_OS.
So you only have one more task on your list: enjoying your new laptop! :)

Any headphones should work (if your hardware supports it if using bluetooth). I’ve connected at least 4 different brands from no name to Aftershokz with no issues. Even tried airpods for a friend.

This doesn’t sound like the normal behavior. From the app description: “This indexing process may take some time, but it’s a one-time event. Once this initial indexing process is complete, the app will store the index on your device, and any new photos you add to your photo library will be automatically added to the index on the subsequent app launches.”

If your experience is different you may let the dev know so they can fix it.

This page is really to help you defining what would be of concern for you. There are too many use cases and security measures will differ greatly. It is not a step by step guide.
At the very minimum, since your firewall is already setup, just make sure to keep your firmware up to date with fwupd if your machine supports it and follow the basic good practice below:

• regularly update your packages
• do not install intrusted packages
• use strong and unique passwords
• run your app tests (if any) within a sandbox

If you need AppArmor as you mentioned. You should really invest efforts into it. ArchLinux is by nature a demanding distro for its setup. That being said once installed and activated (i.e. litterally 2 commands to run) you should be good to go unless you want to setup additional profiles.

Once you figured out how to meet your own security needs, you can start the same lengthy process to address your privacy needs ;)

Do you have any experience with neovim? I’m certainly not a Python programmer but I’m doing simple things for fun and so far neovim served me very well. If I eventually go deeper in Python I would be interested to know the limitations of neovim beforehand.

If you’re looking for random posts on Linux terminal and tools then I’ll do some self promotion: https://www-gem.codeberg.page

Don’t expect for regular posting or any professional advice, it’s just my personal experience and thoughts shared with 10 people on the planet :) Maybe 11… I can find a chair for you to join.

Enjoy this little guy and Linux! You won’t regret your choice.
As I mentioned in the other thread, I’d advise to keep your firmware up to date with fwupd. Litterally one command line and your system will automatically update all firmware for you (including the bios). This is too often overlooked while very important and this tool makes the process so simple (no search, no manual download, no complex commands).

This is a vast question. Security is an extremely deep topic.
Did you take a look at the wiki? It may be a good starting point.

"Traditionally, the /opt directory is used for installing/storing the files of third-party applications that are not available from the distribution’s repository.

The normal practice is to keep the software code in opt and then link the binary file in the /bin directory so that all the users can run it."

https://linuxhandbook.com/linux-directory-structure/