Update terminology, links, heading syntax; wrap text

developer/system/architecture.md

@@ -11,37 +11,48 @@ ref: 56
 title: Architecture
 ---
 
-
+Qubes implements a security-by-compartmentalization approach. To do this, Qubes
-Qubes implements a Security by Isolation approach. To do this, Qubes utilizes virtualization technology in order to isolate various programs from each other and even to sandbox many system-level components, such as networking and storage subsystems, so that the compromise of any of these programs or components does not affect the integrity of the rest of the system.
+utilizes virtualization technology in order to isolate various programs from
+each other and even to sandbox many system-level components, such as networking
+and storage subsystems, so that the compromise of any of these programs or
+components does not affect the integrity of the rest of the system.
 
 [![qubes-schema-v2.png](/attachment/doc/qubes-schema-v2.png)](/attachment/doc/qubes-schema-v2.png)
 
-Qubes lets the user define many security domains, which are implemented as lightweight Virtual Machines (VMs), or “AppVMs.” For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” AppVMs and can use the applications within those VMs just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between the AppVMs, of course.
+Qubes lets the user define many secure compartments known as
+[qubes](/doc/glossary/#qube), which are implemented as lightweight [virtual
+machines (VMs)](/doc/glossary/#vm). For example, the user can have “personal,”
+“work,” “shopping,” “bank,” and “random” app qubes and can use the applications
+within those qubes just as if they were executing on the local machine. At the
+same time, however, these applications are well isolated from each other. Qubes
+also supports secure copy-and-paste and file sharing between qubes, of course.
 
-Key Architecture features
+## Key architecture features
--------------------------
 
 - Based on a secure bare-metal hypervisor (Xen)
 - Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d)
-- USB stacks and drivers sand-boxed in an unprivileged VM (currently experimental feature)
+- USB stacks and drivers sand-boxed in an unprivileged VM (currently
+  experimental feature)
 - No networking code in the privileged domain (dom0)
-- All user applications run in “AppVMs,” lightweight VMs based on Linux
+- All user applications run in “app qubes,” lightweight VMs based on Linux
-- Centralized updates of all AppVMs based on the same template
+- Centralized updates of all app qubes based on the same template
-- Qubes GUI virtualization presents applications as if they were running locally
+- Qubes GUI virtualization presents applications as if they were running
+  locally
 - Qubes GUI provides isolation between apps sharing the same desktop
 - Secure system boot based (optional)
 
-(For those interested in the history of the project, [Architecture Spec v0.3 [PDF]](/attachment/doc/arch-spec-0.3.pdf) is the original 2009 document that started this all.
+(For those interested in the history of the project, [Architecture Spec v0.3
-Please note that this document is for historical interest only.
+[PDF]](/attachment/doc/arch-spec-0.3.pdf) is the original 2009 document that
-For the latest information, please see the rest of the [System Documentation](/doc/#system).)
+started this all. Please note that this document is for historical interest
+only. For the latest information, please see the rest of the [System
+Documentation](/doc/#system).)
 
-Qubes Core Stack
+## Qubes Core Stack
-----------------
 
 Qubes Core Stack is, as the name implies, the core component of Qubes OS. It's
-the glue that connects all the other components together, and which allows users
+the glue that connects all the other components together, and which allows
-and admins to interact with and configure the system. The other components of
+users and admins to interact with and configure the system. The other
-the Qubes system include:
+components of the Qubes system include:
 
 - VM-located core agents (implementing e.g. qrexec endpoints used by various
   Qubes services)
@@ -51,8 +62,8 @@ the Qubes system include:
   located in the GUI domain which, for now, happens to be the same as dom0),
 - GUI domain customizations (Desktop Environment customizations, decoration
   coloring plugin, etc)
-- The AdminVM distribution (various customizations, special services, such as
+- The admin qube distribution (various customizations, special services, such
-  for receiving and verifying updates, in the future: custom distro)
+  as for receiving and verifying updates, in the future: custom distro)
 - The Xen hypervisor (with a bunch of customization patches, occasional
   hardening) or - in the future - some other virtualising or containerizing
   software or technology
@@ -69,5 +80,5 @@ And all these components are "glued together" by the Qubes Core Stack.
 [![Qubes system components](/attachment/doc/qubes-components.png)](/attachment/doc/qubes-components.png)
 
 This diagram illustrates the location of all these components in the overall
-system architecture. Unlike the other Qubes architecture diagram above, this one
+system architecture. Unlike the other Qubes architecture diagram above, this
-takes an AppVM-centric approach.
+one takes an app-qube-centric approach.