mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-11-29 16:07:12 -05:00
Create a real Sphinx glossary
This commit is contained in:
parulin
Solène Rapenne
parent
ff68e782c8
commit
8436e2ac9f
13 changed files with 119 additions and 176 deletions
|
|
@ -9,13 +9,13 @@ The Basics
|
|||
----------
|
||||
|
||||
|
||||
Qubes OS is an operating system built out of securely-isolated compartments, or :ref:`qubes <user/reference/glossary:qube>`. You can have a work qube, a personal qube, a banking qube, a web browsing qube, a standalone Windows qube and so on. You can have as many qubes as you want! Most of the time, you’ll be using an :ref:`app qube <user/reference/glossary:app qube>`, a qube for running software programs like web browsers, email clients, and word processors. Each app qube is based on another type of qube called a :ref:`template <user/reference/glossary:template>`. The same template can be a base for various qubes. Importantly, a qube cannot modify its template in any way. This means that, if a qube is ever compromised, its template and any other qubes based on that template will remain safe. This is what makes Qubes OS so secure. Even if an attack is successful, the damage is limited to a single qube.
|
||||
Qubes OS is an operating system built out of securely-isolated compartments, or :term:`qubes <qube>`. You can have a work qube, a personal qube, a banking qube, a web browsing qube, a standalone Windows qube and so on. You can have as many qubes as you want! Most of the time, you’ll be using an :term:`app qube`, a qube for running software programs like web browsers, email clients, and word processors. Each app qube is based on another type of qube called a :term:`template`. The same template can be a base for various qubes. Importantly, a qube cannot modify its template in any way. This means that, if a qube is ever compromised, its template and any other qubes based on that template will remain safe. This is what makes Qubes OS so secure. Even if an attack is successful, the damage is limited to a single qube.
|
||||
|
||||
Suppose you want to use your favorite web browser in several different qubes. You’d install the web browser in a template, then every qube based on that template would be able to run the web browser software (while still being forbidden from modifying the template and any other qubes). This way, you only have to install the web browser a single time, and updating the template updates all the qubes based on it. This elegant design saves time and space while enhancing security.
|
||||
|
||||
There are also some “helper” qubes in your system. Each qube that connects to the Internet does so through a network-providing :ref:`service qube <user/reference/glossary:service qube>`. If you need to access USB devices, another service qube will do that. There’s also a :ref:`management qube <user/reference/glossary:management qube>` that automatically handles a lot of background housekeeping. For the most part, you won’t have to worry about it, but it’s nice to know that it’s there. As with app qubes, service qubes and management qubes are also based on templates. Templates are usually named after their operating system (often a `Linux distribution <https://en.wikipedia.org/wiki/Linux_distribution>`__) and corresponding version number. There are many ready-to-use :doc:`templates </user/templates/templates>` to choose from, and you can download and have as many as you like.
|
||||
There are also some “helper” qubes in your system. Each qube that connects to the Internet does so through a network-providing :term:`service qube`. If you need to access USB devices, another service qube will do that. There’s also a :term:`management qube` that automatically handles a lot of background housekeeping. For the most part, you won’t have to worry about it, but it’s nice to know that it’s there. As with app qubes, service qubes and management qubes are also based on templates. Templates are usually named after their operating system (often a `Linux distribution <https://en.wikipedia.org/wiki/Linux_distribution>`__) and corresponding version number. There are many ready-to-use :doc:`templates </user/templates/templates>` to choose from, and you can download and have as many as you like.
|
||||
|
||||
Last but not least, there’s a very special :ref:`admin qube <user/reference/glossary:admin qube>` used to administer your entire system. There’s only one admin qube, and it’s called :ref:`dom0 <user/reference/glossary:dom0>`. You can think of it as the master qube, holding ultimate power over everything that happens in Qubes OS. Dom0 is the most trusted one of all qubes. If dom0 were ever to be compromised, it would be “game over”- an effective compromise of the entire system. That’s why everything in Qubes OS is specifically designed to protect dom0 and ensure that doesn’t happen. Due to its overarching importance, dom0 has no network connectivity and is used only for running the `desktop environment <https://en.wikipedia.org/wiki/Desktop_environment>`__ and `window manager <https://en.wikipedia.org/wiki/Window_manager>`__. Dom0 should never be used for anything else. In particular, you should never run user applications in dom0. (That’s what your app qubes are for!) In short, be very careful when interacting with dom0.
|
||||
Last but not least, there’s a very special :term:`admin qube` used to administer your entire system. There’s only one admin qube, and it’s called :term:`dom0`. You can think of it as the master qube, holding ultimate power over everything that happens in Qubes OS. Dom0 is the most trusted one of all qubes. If dom0 were ever to be compromised, it would be “game over”- an effective compromise of the entire system. That’s why everything in Qubes OS is specifically designed to protect dom0 and ensure that doesn’t happen. Due to its overarching importance, dom0 has no network connectivity and is used only for running the `desktop environment <https://en.wikipedia.org/wiki/Desktop_environment>`__ and `window manager <https://en.wikipedia.org/wiki/Window_manager>`__. Dom0 should never be used for anything else. In particular, you should never run user applications in dom0. (That’s what your app qubes are for!) In short, be very careful when interacting with dom0.
|
||||
|
||||
Color & Security
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
|
|
|||
|
|
@ -11,11 +11,11 @@ What is Qubes OS?
|
|||
-----------------
|
||||
|
||||
Qubes OS is a free and open-source, security-oriented operating system for
|
||||
single-user desktop computing. Qubes OS leverages `Xen-based virtualization <https://wiki.xen.org/wiki/Xen_Project_Software_Overview>`__ to allow for the creation and management of isolated compartments called :ref:`qubes <user/reference/glossary:qube>`.
|
||||
single-user desktop computing. Qubes OS `leverages Xen-based virtualization <https://wiki.xen.org/wiki/Xen_Project_Software_Overview>`__ to allow for the creation and management of isolated compartments called :term:`qubes <qube>`.
|
||||
|
||||
|
||||
These qubes, which are implemented as :ref:`virtual machines (VMs)<user/reference/glossary:vm>`, have specific:
|
||||
|
||||
These qubes, which are implemented as :term:`virtual machines (VMs) <vm>`, have specific:
|
||||
|
||||
- **Purposes:** with a predefined set of one or many isolated
|
||||
applications, for personal or professional projects, to manage the
|
||||
:doc:`network stack </developer/system/networking>`, :doc:`the firewall </user/security-in-qubes/firewall>`, or to fulfill other
|
||||
|
|
@ -25,7 +25,7 @@ These qubes, which are implemented as :ref:`virtual machines (VMs)<user/referenc
|
|||
:doc:`stripped-down </introduction/getting-started/>` virtual machines based on popular operating systems,
|
||||
such as :doc:`Fedora </user/templates/fedora/fedora>`, :doc:`Debian </user/templates/debian/debian>`, and
|
||||
`Windows <https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows.md>`__.
|
||||
|
||||
|
||||
- **Levels of trust:** from complete to non-existent. All windows are displayed in a unified desktop environment with
|
||||
:doc:`unforgeable colored window borders </introduction/getting-started>` so that different security levels are easily identifiable.
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ Features
|
|||
- **Strong isolation** Isolate different pieces of software as if they were installed on separate
|
||||
physical machines using advanced virtualization techniques.
|
||||
|
||||
- **Template system** Use :ref:`app qubes <user/reference/glossary:app qube>` to
|
||||
- **Template system** Use :term:`app qubes <app qube>` to
|
||||
share a root file system without sacrificing security using the innovative
|
||||
:doc:`Template system </user/templates/templates>`.
|
||||
|
||||
|
|
@ -52,7 +52,7 @@ Features
|
|||
- **Multiple operating systems** Use multiple operating systems at the same time, including
|
||||
:doc:`Fedora </user/templates/fedora/fedora>`, :doc:`Debian </user/templates/debian/debian/>`, and
|
||||
`Windows <https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows.md>`__
|
||||
|
||||
|
||||
- **Disposables** Create :doc:`disposables </user/how-to-guides/how-to-use-disposables>` on the fly that self-destruct when shut down.
|
||||
|
||||
- **Whonix integration** Run `Tor <https://www.torproject.org/>`__ securely system-wide using `Whonix with Qubes <https://www.whonix.org/wiki/Qubes>`__.
|
||||
|
|
@ -142,7 +142,7 @@ plug in devices, and install software free from worry. It's a place where
|
|||
**you** have control over your software, not the other way around.
|
||||
(See some :doc:`examples of how different types of users organize their qubes </user/how-to-guides/how-to-organize-your-qubes>`.)
|
||||
|
||||
Qubes is also powerful. Organizations like the `Freedom of the Press Foundation <https://securedrop.org/news/piloting-securedrop-workstation-qubes-os>`__,
|
||||
Qubes is also powerful. Organizations like the `Freedom of the Press Foundation <https://securedrop.org/news/piloting-securedrop-workstation-qubes-os>`__,
|
||||
`Mullvad <https://twitter.com/mullvadnet/status/631010362083643392>`__,
|
||||
and `Let's Encrypt <https://twitter.com/letsencrypt/status/1239934557710737410>`__
|
||||
rely on Qubes as they build and maintain critical privacy and
|
||||
|
|
@ -192,7 +192,7 @@ presentation.
|
|||
|
||||
|
||||
- If you’re a current or potential Qubes user, you may want to check out the :doc:`documentation </index>` and the :ref:`user FAQ <introduction/faq:users>`.
|
||||
- If you’re a developer, there’s dedicated :ref:`developer documentation <index:developer documentation>` and a :ref:`developer FAQ <introduction/faq:developers>` just for you.
|
||||
- Ready to give Qubes a try? Head on over to the `downloads page <https://www.qubes-os.org/downloads/>`__, and read the :doc:`installation guide </user/downloading-installing-upgrading/installation-guide>`.
|
||||
- If you’re a developer, there’s dedicated :ref:`index:Developer Documentation` and a :ref:`developer FAQ <introduction/faq:developers>` just for you.
|
||||
- Ready to give Qubes a try? Head on over to the `downloads page <https://www.qubes-os.org/downloads/>`__, and read the :ref:`Installation guide`.
|
||||
- Need help, or just want to join the conversation? Learn more about :doc:`help, support, the mailing lists, and the forum </introduction/support>`.
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue