Improve text presentation

2025-02-02 17:44:43 -05:00 · 2022-10-27 15:00:36 -07:00 · 2022-10-27 15:00:36 -07:00 · ed14e7840f
commit ed14e7840f
parent e217ec873a
1 changed files with 191 additions and 175 deletions
--- a/user/how-to-guides/how-to-organize-your-qubes.md
+++ b/user/how-to-guides/how-to-organize-your-qubes.md
@ -56,28 +56,29 @@ the other. Alice's setup looks like this:
 ![[Alice's system: digram 1](/attachment/doc/howto_use_qubes_alice_1.png)](/attachment/doc/howto_use_qubes_alice_1.png)
- Several qubes for writing code. Here's where she runs her IDE, commits code,
+- **Several qubes for writing code.** Here's where she runs her IDE, commits
-  and signs her commits. These qubes are based on different templates depending
+  code, and signs her commits. These qubes are based on different templates
-  on which tools and which development environment she needs. In general, Alice
+  depending on which tools and which development environment she needs. In
-  likes to have a separate qube of this type for each client or each project.
+  general, Alice likes to have a separate qube of this type for each client or
-  This allows her to keep everything organized and avoid accidentally mixing up
+  each project. This allows her to keep everything organized and avoid
-  any access credentials or client code, which could be disastrous. This also
+  accidentally mixing up any access credentials or client code, which could be
-  allows her to truthfully tell her clients that their code is always securely
+  disastrous. This also allows her to truthfully tell her clients that their
-  isolated from all her other clients. She likes to use the [Qubes
+  code is always securely isolated from all her other clients. She likes to use
-  firewall](/doc/firewall/) to restrict these qubes' network access to only the
+  the [Qubes firewall](/doc/firewall/) to restrict these qubes' network access
-  code repositories she needs in that qube in order to avoid accidentally
+  to only the code repositories she needs in that qube in order to avoid
-  interacting with anything else on her local network or on the internet. Alice
+  accidentally interacting with anything else on her local network or on the
-  also has some qubes of this type for personal programming projects that she
+  internet. Alice also has some qubes of this type for personal programming
-  works on just for fun when she has "free time" (whatever that is).
+  projects that she works on just for fun when she has "free time" (whatever
  that is).
- Several qubes for building and testing. Again, Alice usually likes to have
+- **Several qubes for building and testing.** Again, Alice usually likes to
-  one of these for each client or project in order to keep things organized.
+  have one of these for each client or project in order to keep things
-  However, this can become rather cumbersome and memory-intensive when many
+  organized. However, this can become rather cumbersome and memory-intensive
-  such qubes are running at the same time, so Alice will sometimes use the same
+  when many such qubes are running at the same time, so Alice will sometimes
-  qube for building and testing, or for multiple projects that require the same
+  use the same qube for building and testing, or for multiple projects that
-  environment, when she decides that the marginal benefits of extra
+  require the same environment, when she decides that the marginal benefits of
-  compartmentalization aren't worth the trouble. Here's where she pulls any
+  extra compartmentalization aren't worth the trouble. Here's where she pulls
-  dependencies she needs, compiles her code, runs her build toolchain, and
+  any dependencies she needs, compiles her code, runs her build toolchain, and
  tests her deliverables. In some cases, she finds it useful to use
  [standalones](/doc/standalones-and-hvms/) for these so that it's easier to
  quickly [install different pieces of software](/doc/how-to-install-software/)
@ -95,9 +96,9 @@ the other. Alice's setup looks like this:
 ![[Alice's system: diagram 2](/attachment/doc/howto_use_qubes_alice_2.png)](/attachment/doc/howto_use_qubes_alice_2.png)
- Several email qubes. Since Alice is a command-line aficionado, she likes to
+- **Several email qubes.** Since Alice is a command-line aficionado, she likes
-  use a terminal-based email client, so both her work and personal email qubes
+  to use a terminal-based email client, so both her work and personal email
-  are based on a template with
+  qubes are based on a template with
  [Mutt](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/mutt.md)
  installed. The email qubes where she sends and receives PGP-signed and
  encrypted email securely accesses the private keys in her PGP backend qube
@ -105,41 +106,43 @@ the other. Alice's setup looks like this:
  Mutt to open all attachment files in [disposable
  qubes](/doc/how-to-use-disposables/).
- Several qubes for communication tools, like Signal, Slack, Zoom, Telegram,
+- **Several qubes for communication tools,** like Signal, Slack, Zoom,
-  IRC, and Discord. This is where she teleconferences and chats with clients.
+  Telegram, IRC, and Discord. This is where she teleconferences and chats with
-  She uses [USB passthrough](/doc/how-to-use-usb-devices/) to attach her webcam
+  clients. She uses [USB passthrough](/doc/how-to-use-usb-devices/) to attach
-  to each qube as needed and detaches it afterward. Likewise, she gives each
+  her webcam to each qube as needed and detaches it afterward. Likewise, she
-  qube access to her microphone while it's needed, then removes access
+  gives each qube access to her microphone while it's needed, then removes
-  afterward. This way, she doesn't have to trust any given video chat program's
+  access afterward. This way, she doesn't have to trust any given video chat
-  mute button and doesn't have to worry about being spied on when she's not on
+  program's mute button and doesn't have to worry about being spied on when
-  a call. She also has a qube for social media platforms like Twitter, Reddit,
+  she's not on a call. She also has a qube for social media platforms like
-  and Hacker News for networking and keeping up with new developments (or so
+  Twitter, Reddit, and Hacker News for networking and keeping up with new
-  she claims; in reality, it's mostly for feuds over programming language
+  developments (or so she claims; in reality, it's mostly for feuds over
-  superiority, Vim vs. Emacs wars, and tabs vs. spaces crusades).
+  programming language superiority, Vim vs. Emacs wars, and tabs vs. spaces
  crusades).
- A GPG backend vault. Vaults are completely offline qubes that are isolated
+- **A GPG backend vault.** Vaults are completely offline qubes that are
-  from the network. This particular vault holds Alice's private keys (e.g., for
+  isolated from the network. This particular vault holds Alice's private keys
-  code signing and email) and is securely accessed by several other "frontend"
+  (e.g., for code signing and email) and is securely accessed by several other
-  qubes via the [Split GPG](/doc/split-gpg/) system. Split GPG allows only the
+  "frontend" qubes via the [Split GPG](/doc/split-gpg/) system. Split GPG
-  frontend qubes that Alice explicitly authorizes to have the ability to
+  allows only the frontend qubes that Alice explicitly authorizes to have the
-  request PGP operations (e.g., signing and encryption) in the backend vault.
+  ability to request PGP operations (e.g., signing and encryption) in the
-  Even then, no qube ever has direct access to Alice's private keys except the
+  backend vault. Even then, no qube ever has direct access to Alice's private
-  backend vault itself.
+  keys except the backend vault itself.
- A password manager vault. This is another completely offline,
+- **A password manager vault.** This is another completely offline,
  network-isolated qube where Alice uses her offline password manager,
  KeePassXC, to store all of her usernames and passwords. She uses the [secure
  copy and paste](/doc/how-to-copy-and-paste-text/) system to quickly copy
  credentials into other qubes whenever she needs to log into anything.
- Personal qubes. One of the things Alice loves the most about Qubes is that
+- **Personal qubes.** One of the things Alice loves the most about Qubes is
-  she can use it for both work *and* personal stuff without having to worry
+  that she can use it for both work *and* personal stuff without having to
-  about cross-contamination. Accordingly, she has several qubes that pertain to
+  worry about cross-contamination. Accordingly, she has several qubes that
-  her personal life. For example, she has an offline vault that holds her
+  pertain to her personal life. For example, she has an offline vault that
-  medical documents, test results, and vaccination records. She has another
+  holds her medical documents, test results, and vaccination records. She has
-  offline vault for her government documents, birth certificate, scans of her
+  another offline vault for her government documents, birth certificate, scans
-  passport, and so on. She also has some personal social media accounts in a
+  of her passport, and so on. She also has some personal social media accounts
-  separate qube for keeping up with family members and friends from school.
+  in a separate qube for keeping up with family members and friends from
  school.
 When she finishes her work for a given client, Alice sends off her
 deliverables, [backs up](/doc/how-to-back-up-restore-and-migrate/) the qubes
@ -171,18 +174,18 @@ for work, which contains:
 ![[A diagram of Bob's system](/attachment/doc/howto_use_qubes_bob.png)](/attachment/doc/howto_use_qubes_bob.png)
- One offline qube for writing. It runs only LibreOffice Writer. This is where
+- **One offline qube for writing.** It runs only LibreOffice Writer. This is
-  Bob does all of his writing. This window is usually open side-by-side with
+  where Bob does all of his writing. This window is usually open side-by-side
-  another window containing research or material from a source.
+  with another window containing research or material from a source.
- Multiple email qubes. One is for receiving emails from the general public.
+- **Multiple email qubes.** One is for receiving emails from the general
-  Another is for emailing his editor and colleagues. Both are based on a
+  public. Another is for emailing his editor and colleagues. Both are based on
-  [minimal template](/doc/templates/minimal/) with Thunderbird installed. He's
+  a [minimal template](/doc/templates/minimal/) with Thunderbird installed.
-  configured both to open all attachments in
+  He's configured both to open all attachments in
  [disposables](/doc/how-to-use-disposables/) that are offline in case an
  attachment contains a beacon that tries to phone home.
- Whonix qubes. He has the standard `sys-whonix` service qube for providing
+- **Whonix qubes.** He has the standard `sys-whonix` service qube for providing
  Torified network access, and he uses disposable `anon-workstation` app qubes
  for using Tor Browser to do research on stories he's writing. Since the topic
  is often of a sensitive nature and might implicate powerful individuals, it's
@ -195,8 +198,8 @@ for work, which contains:
  with have said that they can't take a chance with any other form of
  communication.
- Two qubes for
+- **Two qubes for
-  [Signal](https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/signal.md).
+  [Signal](https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/signal.md).**
  Bob has two Signal app qubes (both on the same template in which the Signal
  desktop app is installed). One is linked to his own mobile number for
  communicating with co-workers and other known, trusted contacts. The other is
@ -204,7 +207,7 @@ for work, which contains:
  confidentially. This is especially useful for individuals who don't use Tor
  but for whom unencrypted communication could be dangerous.
- Several data vaults. When someone sends Bob material that turns out to be
+- **Several data vaults.** When someone sends Bob material that turns out to be
  useful, or when he comes across useful material while doing his own research,
  he stores a copy in a completely offline, network-isolated vault qube. Most
  of these files are PDFs and images, though some are audio files, videos, and
@ -213,14 +216,14 @@ for work, which contains:
  different vaults (usually one for each story or topic) just in case. This has
  the side benefit of helping to keep things organized.
- A [VPN
+- **A [VPN
  qube](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md)
-  and associated qubes for accessing work resources. The servers at work can
+  and associated qubes for accessing work resources.** The servers at work can
  only be accessed from the organization's network, so Bob has certain qubes
  that are connected to a VPN qube so that he can upload his work and access
  anything he needs on the local network when he's not physically there.
- A password manager vault. Bob stores all of his login credentials in the
+- **A password manager vault.** Bob stores all of his login credentials in the
  default password manager that came with his offline vault qube. He [securely
  copies and pastes](/doc/how-to-copy-and-paste-text/) them into other qubes as
  needed.
@ -254,22 +257,26 @@ cybercrime policies, rarely, if ever, do they explicitly guarantee
 reimbursement in the event that a *customer* gets hacked (rather than the
 institution itself).
-Carol looked into how thieves might actually try to steal her hard-earned
+<div class="alert alert-caution" role="alert">
-wealth and was surprised to learn that they have all sorts of ploys that she
+  <i class="fa fa-exclamation-triangle"></i>
-had never even considered. For example, she had assumed that any theft would,
+  Carol looked into how thieves might actually try to steal her hard-earned
-at the bare minimum, have to involve transferring money out of her account.
+  wealth and was surprised to learn that they have all sorts of ploys that she
-That seems like a safe assumption. But then she read about "pump and dump"
+  had never even considered. For example, she had assumed that any theft would,
-attacks, where thieves buy up some penny stock, hack into innocent people's
+  at the bare minimum, have to involve transferring money out of her account.
-brokerage accounts, then use the victims' funds to buy that same penny stock,
+  That seems like a safe assumption. But then she read about "pump and dump"
-"pumping" up its price so that the thieves can "dump" their shares on the
+  attacks, where thieves buy up some penny stock, hack into innocent people's
-market, leaving the victims with worthless shares. No money is ever transferred
+  brokerage accounts, then use the victims' funds to buy that same penny stock,
-into or out of the victims' account; it's just used to buy and sell securities.
+  "pumping" up its price so that the thieves can "dump" their shares on the
-So, all the safeguards preventing new bank accounts from being added or
+  market, leaving the victims with worthless shares. No money is ever
-requiring extra approval for outbound transfers do nothing to protect victims'
+  transferred into or out of the victims' account; it's just used to buy and
-funds in cases like these. And this is just one example! Carol realized that
+  sell securities. So, all the safeguards preventing new bank accounts from
-she couldn't assume that existing safeguards against specific, known attacks
+  being added or requiring extra approval for outbound transfers do nothing to
-were enough. She had to think about security at a more fundamental level and
+  protect victims' funds in cases like these. And this is just one example!
-design it into her digital life from the ground up.
+  Carol realized that she couldn't assume that existing safeguards against
  specific, known attacks were enough. She had to think about security at a
  more fundamental level and design it into her digital life from the ground
  up.
 </div>
 After learning about all this, Carol decided that it was ultimately up to her
 to take care of her own cybersecurity. She couldn't rely on anyone else to do
@ -289,7 +296,7 @@ her setup looks like this:
 ![[A diagram of Carol's system](/attachment/doc/howto_use_qubes_carol.png)](/attachment/doc/howto_use_qubes_carol.png)
- One qube for each investment firm and bank. Carol has a few different
+- **One qube for each investment firm and bank.** Carol has a few different
  retirement accounts, brokerage accounts, and bank accounts. She treats each
  qube like a "secure terminal" for accessing only that one institution's
  website. She makes her transactions and saves any statements and
@ -300,40 +307,41 @@ her setup looks like this:
  based on a [minimal template](/doc/templates/minimal/) with just a web
  browser (which doubles as a PDF viewer) and a file manager installed.
- One qube for all her credit card accounts. Carol started to make a separate
+- **One qube for all her credit card accounts.** Carol started to make a
-  qube for each credit card account but ultimately decided against it. For one
+  separate qube for each credit card account but ultimately decided against it.
-  thing, the consumer protections for credit card fraud in her country are much
+  For one thing, the consumer protections for credit card fraud in her country
-  better than for losing assets to theft or fraud in a bank or brokerage
+  are much better than for losing assets to theft or fraud in a bank or
-  account, so the security risk isn't as high. Second, there's actually not a
+  brokerage account, so the security risk isn't as high. Second, there's
-  whole lot that an attacker could do with access to her credit cards' online
+  actually not a whole lot that an attacker could do with access to her credit
-  accounts or her old credit card statements, since online access to these
+  cards' online accounts or her old credit card statements, since online access
-  generally doesn't allow spending or withdrawing any money. So, even the worst
+  to these generally doesn't allow spending or withdrawing any money. So, even
-  case scenario here wouldn't be catastrophic, unlike with her bank and
+  the worst case scenario here wouldn't be catastrophic, unlike with her bank
-  brokerage accounts. Third, she's not too worried about any of her credit card
+  and brokerage accounts. Third, she's not too worried about any of her credit
-  company websites being used to attach each other or her qube (As long as it's
+  card company websites being used to attach each other or her qube (As long as
-  contained to a single qube, she's fine with that level of risk.) Last, but
+  it's contained to a single qube, she's fine with that level of risk.) Last,
-  not least: She has way too many credit cards! While Carol is very frugal, she
+  but not least: She has way too many credit cards! While Carol is very frugal,
-  likes to collect the sign-up bonuses that are offered for opening new cards,
+  she likes to collect the sign-up bonuses that are offered for opening new
-  so she's accumulated quite a few of them. (However, she's always careful to
+  cards, so she's accumulated quite a few of them. (However, she's always
-  pay off her balance each month, so she never pays interest. She's also pretty
+  careful to pay off her balance each month, so she never pays interest. She's
-  disciplined about only spending what she would have spent *anyway* and not
+  also pretty disciplined about only spending what she would have spent
-  being tempted to spend more just to meet a spending requirement or because
+  *anyway* and not being tempted to spend more just to meet a spending
-  she can.) At any rate, Carol has decided that the tiny benefit she stands to
+  requirement or because she can.) At any rate, Carol has decided that the tiny
-  gain from having a separate qube for every credit card website wouldn't be
+  benefit she stands to gain from having a separate qube for every credit card
-  worth the hassle of having to manage so many extra qubes.
+  website wouldn't be worth the hassle of having to manage so many extra qubes.
- One qube for credit monitoring, credit reports, and credit history services.
+- **A qube for credit monitoring, credit reports, and credit history
-  Carol has worked hard to build up a good credit score, and she's concerned
+  services.** Carol has worked hard to build up a good credit score, and she's
-  about identity theft, so she has one qube dedicated to managing her free
+  concerned about identity theft, so she has one qube dedicated to managing her
-  credit monitoring services and downloading her free annual credit reports.
+  free credit monitoring services and downloading her free annual credit
  reports.
- Two qubes for taxes. Carol has a [Windows
+- **Two qubes for taxes.** Carol has a [Windows
  qube](https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows.md)
  for running her Windows-only tax software. She also has an offline vault
  where she stores all of her tax-related forms and documents, organized by
  year.
- One qube for financial planning and tracking. Carol loves spreadsheets, so
+- **A qube for financial planning and tracking.** Carol loves spreadsheets, so
  this offline qube is where she maintains a master spreadsheet to track all of
  her investments and her savings rate. She also keeps her budgeting
  spreadsheet, insurance spreadsheet, and written investment policy statement
@ -341,16 +349,19 @@ her setup looks like this:
  software, like LibreOffice and Gnumeric (so that Carol can run her own Monte
  Carlo simulations).
- Various email qubes. Carol likes to have one email qube for her most
+- **Various email qubes.** Carol likes to have one email qube for her most
  important financial accounts; a separate one for her credit cards accounts,
  online shopping accounts, and insurance companies; and another one for
  personal email. They're all based on the same template with Thunderbird
  installed.
- A password manager vault. A network-isolated qube where Carol stores all of
+- **A password manager vault.** A network-isolated qube where Carol stores all
-  her account usernames and passwords in KeePassXC. She uses the [Qubes global
+  of her account usernames and passwords in KeePassXC. She uses the [Qubes
-  clipboard](/doc/how-to-copy-and-paste-text/) to copy and paste them into her
+  global clipboard](/doc/how-to-copy-and-paste-text/) to copy and paste them
-  other qubes when she needs to log into her accounts.
+  into her other qubes when she needs to log into her accounts.
 ## Bonus: Carol explores new financial technology
 The vast majority of Carol's assets are in broad-based, low-cost,
 passively-managed indexed funds. Lately, however, she's started getting
@ -365,9 +376,9 @@ she has the self-discipline to invest only what she can afford to lose, so
 she's decided to dip her toe in the water by allocating a small portion of her
 portfolio. This has led her to add the following to her Qubes setup:
- A standalone qube for running Bitcoin Core and an offline wallet vault. Carol
+- **A standalone qube for running Bitcoin Core and an offline wallet vault.**
-  finds the design and security properties of Bitcoin very interesting, so
+  Carol finds the design and security properties of Bitcoin very interesting,
-  she's experimenting with running a full node. She also created a
+  so she's experimenting with running a full node. She also created a
  network-isolated vault in order to try running a copy of Bitcoin Core
  completely offline as a "cold storage" wallet. She's still trying to figure
  out how this compares to an actual hardware wallet, paper wallet, or
@ -377,12 +388,12 @@ portfolio. This has led her to add the following to her Qubes setup:
  Qubes](https://github.com/Qubes-Community/Contents/blob/master/docs/security/split-bitcoin.md)
  and is interested in exploring that further.
- Whonix qubes. Carol read somewhere that Bitcoin nodes should be run over Tor
+- **Whonix qubes.** Carol read somewhere that Bitcoin nodes should be run over
-  for privacy and security. She found it very convenient that Whonix is already
+  Tor for privacy and security. She found it very convenient that Whonix is
-  integrated into Qubes, so she simply set her Bitcoin Core "full node" qube to
+  already integrated into Qubes, so she simply set her Bitcoin Core "full node"
-  use `sys-whonix` as its networking qube.
+  qube to use `sys-whonix` as its networking qube.
- Various qubes for DeFi and web3. Carol has also started getting into DeFi
+- **Various qubes for DeFi and web3.** Carol has also started getting into DeFi
  (decentralized finance) and web3 on Ethereum and other smart contract
  blockchains, so a friend recommended that she get a Ledger hardware wallet.
  She downloaded the Ledger Live software in an app qube and [set up her system
@ -396,8 +407,8 @@ portfolio. This has led her to add the following to her Qubes setup:
  this qube so she can use Metamask in conjunction with her Ledger to interact
  with smart contracts and decentralized exchanges.
- Various qubes for research and centralized exchanges. Carol uses these when
+- **Various qubes for research and centralized exchanges.** Carol uses these
-  she wants to check block explorer websites, coin listing and market cap
+  when she wants to check block explorer websites, coin listing and market cap
  sites, aggregation tools, or just to see what the latest buzz is on Crypto
  Twitter.
@ -421,16 +432,21 @@ everyone will want to use the same email client. On the other hand, almost
 everyone will need a password manager, and it pretty much always makes sense to
 keep it in an offline, network-isolated vault.
-As you gain experience with Qubes, you may find yourself disagreeing with some
+<div class="alert alert-info" role="alert">
-of the decisions our fictional friends made. That's okay! There are many
+  <i class="fa fa-circle-info"></i>
-different ways to organize a Qubes system, and the most important criterion is
+  As you gain experience with Qubes, you may find yourself disagreeing with
-that it serves the needs of its owner. Since everyone's needs are different,
+  some of the decisions our fictional friends made. That's okay! There are many
-it's perfectly normal to find yourself doing things a bit differently.
+  different ways to organize a Qubes system, and the most important criterion
-Nonetheless, there are some general principles that almost all users find
+  is that it serves the needs of its owner. Since everyone's needs are
-helpful when they're first starting out. As you're designing your own Qubes
+  different, it's perfectly normal to find yourself doing things a bit
-system, keep in mind some of the following lessons from our case studies:
+  differently. Nonetheless, there are some general principles that almost all
  users find helpful, especially when they're first starting out.
 </div>
- You'll probably change your mind as you go. You'll realize that one qube
+As you're designing your own Qubes system, keep in mind some of the following
 lessons from our case studies:
 - **You'll probably change your mind as you go.** You'll realize that one qube
  should really be split into two, or you'll realize that it doesn't really
  make sense for two qubes to be separate and that they should instead be
  merged into one. That's okay. Qubes OS supports your ability to adapt and
@ -438,7 +454,7 @@ system, keep in mind some of the following lessons from our case studies:
  eventually settle down, and you'll find your groove. Changes to the way you
  organize your qubes will become less drastic and less frequent over time.
- [Make frequent backups.](/doc/how-to-back-up-restore-and-migrate/) Losing
+- **[Make frequent backups.](/doc/how-to-back-up-restore-and-migrate/)** Losing
  data is never fun, whether it's from an accidental deletion, a system crash,
  buggy software, or a hardware failure. By getting into the habit of making
  frequent backups now, you'll save yourself from a lot of pain in the future.
@ -451,53 +467,53 @@ system, keep in mind some of the following lessons from our case studies:
  anymore without having to worry that you might need them again someday, since
  you know you can always restore them from a backup.
- Think about which programs you want to run and where you want to store data.
+- **Think about which programs you want to run and where you want to store
-  In some cases, it makes sense to run programs and store data in the same
+  data.** In some cases, it makes sense to run programs and store data in the
-  qube, for example, if the data is generated by that program. In other cases,
+  same qube, for example, if the data is generated by that program. In other
-  it makes sense to have qubes that are exclusively for storing data (e.g.,
+  cases, it makes sense to have qubes that are exclusively for storing data
-  offline data storage vaults) and other qubes that are exclusively for running
+  (e.g., offline data storage vaults) and other qubes that are exclusively for
-  programs (e.g., web browser-only qubes). Remember that when you make backups,
+  running programs (e.g., web browser-only qubes). Remember that when you make
-  it's only essential to back up data that can't be replaced. This can allow
+  backups, it's only essential to back up data that can't be replaced. This can
-  you to achieve minimal backups that are quite small compared to the total
+  allow you to achieve minimal backups that are quite small compared to the
-  size of your installation. Templates, service qubes, and qubes that are used
+  total size of your installation. Templates, service qubes, and qubes that are
-  exclusively for running programs and that contain no data don't necessarily
+  used exclusively for running programs and that contain no data don't
-  have to be backed up as long as you're confident that you can recreate them
+  necessarily have to be backed up as long as you're confident that you can
-  if needed. This is why it's a good practice to keep notes on which packages
+  recreate them if needed. This is why it's a good practice to keep notes on
-  you installed in which templates and which customizations and configurations
+  which packages you installed in which templates and which customizations and
-  you made. Then you can refer to your notes the next time you need to recreate
+  configurations you made. Then you can refer to your notes the next time you
-  those qubes. Of course, backing up everything is not a bad idea either. It
+  need to recreate those qubes. Of course, backing up everything is not a bad
-  may require a bit more time and disk space upfront, but for some people, it
+  idea either. It may require a bit more time and disk space upfront, but for
-  can be just as important as backing up their irreplaceable data. If your
+  some people, it can be just as important as backing up their irreplaceable
-  system is mission-critical, and you can't afford more than a certain amount
+  data. If your system is mission-critical, and you can't afford more than a
-  of downtime, then by all means, back everything up!
+  certain amount of downtime, then by all means, back everything up!
- Introspect on your own behavior. For example, if you find yourself wanting to
+- **Introspect on your own behavior.** For example, if you find yourself
-  find some way to get two qubes to share the same storage space, then this is
+  wanting to find some way to get two qubes to share the same storage space,
-  probably a sign that those two qubes shouldn't be separate in the first
+  then this is probably a sign that those two qubes shouldn't be separate in
-  place. Sharing storage with each other largely breaks down the secure wall
+  the first place. Sharing storage with each other largely breaks down the
-  between them, making the separation somewhat pointless. But you probably had
+  secure wall between them, making the separation somewhat pointless. But you
-  a good reason for wanting to make them two separate qubes instead of one to
+  probably had a good reason for wanting to make them two separate qubes
-  begin with. What exactly was that reason? If it has to do with security, then
+  instead of one to begin with. What exactly was that reason? If it has to do
-  why are you okay with them freely sharing data that could allow one to infect
+  with security, then why are you okay with them freely sharing data that could
-  the other? If you're sure sharing the data wouldn't cause one to infect the
+  allow one to infect the other? If you're sure sharing the data wouldn't cause
-  other, then what's the security rationale for keeping them separate? By
+  one to infect the other, then what's the security rationale for keeping them
-  critically examining your own thought process in this way, you can uncover
+  separate? By critically examining your own thought process in this way, you
-  inconsistencies and contradictions that allow you to better refine your
+  can uncover inconsistencies and contradictions that allow you to better
-  system, resulting in a more logical organization that serves your needs
+  refine your system, resulting in a more logical organization that serves your
-  better and better over time.
+  needs better and better over time.
- Don't assume that just because *you* can't find a way to attack your system,
+- **Don't assume that just because *you* can't find a way to attack your
-  an adversary wouldn't be able to. When you're thinking about whether it's a
+  system, an adversary wouldn't be able to.** When you're thinking about
-  good idea to combine different activities or data in a single qube, for
+  whether it's a good idea to combine different activities or data in a single
-  example, you might think, "Well, I can't really see how these pose a risk to
+  qube, for example, you might think, "Well, I can't really see how these pose
-  each other." The problem is that we often miss attack vectors that
+  a risk to each other." The problem is that we often miss attack vectors that
  sophisticated adversaries spot and can use against us. After all, most people
  don't think that using a conventional monolithic operating system is risky,
  when in reality their entire digital life can be taken down in one fell
  swoop. That's why a good rule of thumb is: When in doubt, compartmentalize.
- On the other hand, compartmentalization --- like everything else --- can be
+- **But remember that compartmentalization --- like everything else --- can be
-  taken to an extreme. The appropriate amount depends on your temperament,
+  taken to an extreme.** The appropriate amount depends on your temperament,
  time, patience, experience, risk tolerance, and expertise. In short, there
  can be such a thing as *too much* compartmentalization! You also have to be
  able to actually *use* your computer efficiently to do the things you need to