From d93b10c189460c6852391a39ef95823d7a18aafd Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 11:09:07 +0000
Subject: [PATCH 001/190] Reword

---
 _docs/overview.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 4f44007..22b4f00 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -6,8 +6,9 @@ redirect_from:
   - /docs/
 ---
 
-Glacier is a step-by-step protocol for storing bitcoins in a highly secure
-manner. It is intended for:
+Glacier is a step-by-step, highly secure protocol for storing bitcoin. 
+
+It is intended for:
 
 * **Personal storage**: Glacier does not address institutional security
 needs such as internal controls, transparent auditing, and preventing access

From b97fa17473acd7b213b08ecb81c1ffc5e60e7903 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 11:52:35 +0000
Subject: [PATCH 002/190] "Not intended for" section added

---
 _docs/overview.md | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 22b4f00..83747b7 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -10,9 +10,7 @@ Glacier is a step-by-step, highly secure protocol for storing bitcoin.
 
 It is intended for:
 
-* **Personal storage**: Glacier does not address institutional security
-needs such as internal controls, transparent auditing, and preventing access
-to funds by a single individual.
+* **Personal storage**: Bitcoin owned solely by a single individual.
 * **Large amounts of money ($100,000+)**: Glacier thoroughly considers corner
 cases such as obscure vectors for malware infection, personal estate
 planning, human error resulting in loss of funds, and so on.
@@ -27,14 +25,19 @@ amounts of funds.
 * **Long-term storage**: Glacier not only considers the Bitcoin security
 landscape today, but also a future world where Bitcoin is much more valuable
 and attracts many more security threats.
-* **Infrequently-accessed funds**: Accessing highly secure bitcoins is
-cumbersome and introduces security risk through the possibility of human
-error, so it is best done infrequently.
 * **Technically unskilled users**: Although the Glacier protocol is long, it is
 clear and straightforward to follow. No technical expertise is required.
 
-The Glacier protocol covers bitcoin storage, not procurement. It assumes you
-already possess bitcoins and wish to store them more securely.
+It is not intended for:
+
+* **Institutional storage**: Internal controls, transparent auditing, and 
+preventing access to funds by a single individual are outside the scope of this 
+document.
+* **Frequently-accessed funds**: Accessing highly secured bitcoin is cumbersome, 
+introducing security risk through the possibility of human error with each 
+interaction.
+* **Procurement**: This document covers bitcoin storage, not procurement. It assumes you
+already possess bitcoin and wish to store it more securely.
 
 If you are already familiar with Bitcoin security concepts and are certain that
 you want high security cold storage, you may prefer to read

From 9f8470eeae6c7fda3695c5edaa596ba754477de3 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 12:26:43 +0000
Subject: [PATCH 003/190] Text moved out to protocol description

Info not specific to bullet point
---
 _docs/overview.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 83747b7..5fe7b76 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -6,19 +6,19 @@ redirect_from:
   - /docs/
 ---
 
-Glacier is a step-by-step, highly secure protocol for storing bitcoin. 
+Glacier is a step-by-step, highly secure protocol for storing bitcoin. It 
+thoroughly considers corner cases such as obscure vectors for malware 
+infection, personal estate planning, human error resulting in loss of funds, 
+etc.
 
 It is intended for:
 
 * **Personal storage**: Bitcoin owned solely by a single individual.
-* **Large amounts of money ($100,000+)**: Glacier thoroughly considers corner
-cases such as obscure vectors for malware infection, personal estate
-planning, human error resulting in loss of funds, and so on.
-Even if your Bitcoin holdings are more modest, it's worth considering using
-Glacier. If Bitcoin proves successful as a global currency, it will appreciate
-10x (or much more) in the coming years. Security will become increasingly
-important if your holdings appreciate and Bitcoin becomes a more attractive
-target for thieves.
+* **Large amounts of money ($100,000+)**: Even if your Bitcoin holdings are 
+more modest, it's worth considering using Glacier. If Bitcoin proves successful
+as a global currency, it will appreciate 10x (or much more) in the coming years. 
+Security will become increasingly important if your holdings appreciate and 
+Bitcoin becomes a more attractive target for thieves.
 The "Protocol Overview" section also describes some lower-security, lower-cost
 approaches to self-managed storage that may be more appropriate for smaller
 amounts of funds.

From 39f66e4bbd75635072dfc9de89b7c82c7f9777be Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 12:32:51 +0000
Subject: [PATCH 004/190] Price speculation is unsuitable in a technical
 document

Will age badly
---
 _docs/overview.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 5fe7b76..eaee870 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -15,10 +15,9 @@ It is intended for:
 
 * **Personal storage**: Bitcoin owned solely by a single individual.
 * **Large amounts of money ($100,000+)**: Even if your Bitcoin holdings are 
-more modest, it's worth considering using Glacier. If Bitcoin proves successful
-as a global currency, it will appreciate 10x (or much more) in the coming years. 
-Security will become increasingly important if your holdings appreciate and 
-Bitcoin becomes a more attractive target for thieves.
+more modest, it's worth considering using Glacier. Security will become 
+increasingly important if your holdings appreciate and bitcoin becomes a more 
+attractive target for thieves.
 The "Protocol Overview" section also describes some lower-security, lower-cost
 approaches to self-managed storage that may be more appropriate for smaller
 amounts of funds.

From 02e9e65b583ffa69532bdc5863a85448db56462c Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 12:43:07 +0000
Subject: [PATCH 005/190] Too specific, too America-centric

---
 _docs/overview.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index eaee870..8ba8655 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -14,10 +14,9 @@ etc.
 It is intended for:
 
 * **Personal storage**: Bitcoin owned solely by a single individual.
-* **Large amounts of money ($100,000+)**: Even if your Bitcoin holdings are 
-more modest, it's worth considering using Glacier. Security will become 
-increasingly important if your holdings appreciate and bitcoin becomes a more 
-attractive target for thieves.
+* **Investment-level value**: Bitcoin holdings around the level of a small
+property in the local economy. Consideration should also be given to potential
+future value appreciation.
 The "Protocol Overview" section also describes some lower-security, lower-cost
 approaches to self-managed storage that may be more appropriate for smaller
 amounts of funds.

From cfd3bfca570350441bfaf342d47d1f64acccb129 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 12:50:36 +0000
Subject: [PATCH 006/190] Lower security option shouldn't be offered

Implementation should either meet or fail to meet Glacier Protocol
---
 _docs/before-you-start/overview.md | 30 ------------------------------
 _docs/overview.md                  |  3 ---
 2 files changed, 33 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 29e31d7..05ecfc9 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -145,36 +145,6 @@ funds.
 gives additional detail about how to increase Bitcoin anonymity using Monero &
 Tor.
 
-## Lower-security Protocol Variants
-
-If you are willing to accept lower security for lower cost, you can do so with only slight modifications:
-
-1. **Perform this protocol using only one quarantined computer**. Glacier protocol
-repeats all operations on two computers to detect defects or tampering in
-the key generation process. However, this is costly and adds significantly
-to the labor required to execute the protocol. The risks it mitigates are
-small: that malware conducting flawed key-generation attacks found its way
-onto the eternally quarantined systems, or that the computer firmware was
-tampered with at the manufacturer to include such malware. If you are
-willing to accept this risk, you could skip buying the parallel hardware
-stack (and needing the second setup computer) and skip the process of
-re-generating and verifying keys & transactions on the parallel hardware
-stack.
-
-2. **Use existing hardware**. An even lower-security variant is to use nothing
-but existing laptops you already possess, disabling all network
-connections during protocol execution, instead of purchasing new
-quarantined hardware. This fails to protect against some malware
-attacks, but provides additional savings in cost and effort.
-
-Such as an
-[existing infection of a laptop's firmware](https://www.youtube.com/watch?v=sNYsfUNegEA),
-malware which overrides
-OS settings to disable wireless connectivity, or certain undiscovered
-vulnerabilities in the software used by the protocol.
-
-These modifications are left as an exercise to the reader.
-
 ## Out of scope
 
 There's always more one could do to increase security. While
diff --git a/_docs/overview.md b/_docs/overview.md
index 8ba8655..6e1821e 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -17,9 +17,6 @@ It is intended for:
 * **Investment-level value**: Bitcoin holdings around the level of a small
 property in the local economy. Consideration should also be given to potential
 future value appreciation.
-The "Protocol Overview" section also describes some lower-security, lower-cost
-approaches to self-managed storage that may be more appropriate for smaller
-amounts of funds.
 * **Long-term storage**: Glacier not only considers the Bitcoin security
 landscape today, but also a future world where Bitcoin is much more valuable
 and attracts many more security threats.

From 3097695870ec74b613bdcd308c4aa00dd135594c Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 13:01:05 +0000
Subject: [PATCH 007/190] Text does not explain the bullet

Moved to section description
---
 _docs/overview.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 6e1821e..1384ab4 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -6,10 +6,12 @@ redirect_from:
   - /docs/
 ---
 
-Glacier is a step-by-step, highly secure protocol for storing bitcoin. It 
-thoroughly considers corner cases such as obscure vectors for malware 
-infection, personal estate planning, human error resulting in loss of funds, 
-etc.
+Glacier is a step-by-step, highly secure protocol for storing bitcoin.
+
+It thoroughly considers corner cases such as obscure vectors for malware 
+infection, personal estate planning and human error resulting in loss of funds, as 
+well as the future Bitcoin landscape where bitcoin is much more valuable and 
+attracting many more security threats.
 
 It is intended for:
 
@@ -17,9 +19,7 @@ It is intended for:
 * **Investment-level value**: Bitcoin holdings around the level of a small
 property in the local economy. Consideration should also be given to potential
 future value appreciation.
-* **Long-term storage**: Glacier not only considers the Bitcoin security
-landscape today, but also a future world where Bitcoin is much more valuable
-and attracts many more security threats.
+* **Long-term storage**: Several months to years.
 * **Technically unskilled users**: Although the Glacier protocol is long, it is
 clear and straightforward to follow. No technical expertise is required.
 

From 7c9818a95a4ebecef58fe7a3aa01446f2629c6f0 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 13:03:16 +0000
Subject: [PATCH 008/190] Most pertinent point moved to start of line

---
 _docs/overview.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 1384ab4..bc5de44 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -20,8 +20,8 @@ It is intended for:
 property in the local economy. Consideration should also be given to potential
 future value appreciation.
 * **Long-term storage**: Several months to years.
-* **Technically unskilled users**: Although the Glacier protocol is long, it is
-clear and straightforward to follow. No technical expertise is required.
+* **Technically unskilled users**: No technical expertise is required. Although
+the Glacier protocol is long, it is clear and straightforward to follow.
 
 It is not intended for:
 

From 6c4fbc297ad07ad04e67ce891f18cb2f0f8504a6 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 13:06:09 +0000
Subject: [PATCH 009/190] Text moved for more logical decision point

---
 _docs/overview.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index bc5de44..5d12f91 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -34,11 +34,6 @@ interaction.
 * **Procurement**: This document covers bitcoin storage, not procurement. It assumes you
 already possess bitcoin and wish to store it more securely.
 
-If you are already familiar with Bitcoin security concepts and are certain that
-you want high security cold storage, you may prefer to read
-[Trusting This Protocol](#trusting-this-protocol) and then skip to the section
-[Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).
-
 ## Trusting this protocol
 
 Funds secured using Glacier can only be as secure as its design.
@@ -59,6 +54,10 @@ will tend to lose popularity over time.
 If you like, you may review the [design document](/docs/design-doc/overview)
 for details on the technical design.
 
+If you are already familiar with Bitcoin security concepts and are certain that
+you want high security cold storage, you may prefer to skip to the section
+[Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).
+
 ## Background
 
 ### Self-Managed Storage vs. Online

From afa0a0b658f63179722b63aa6aea33d1fac6af9f Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 13:08:55 +0000
Subject: [PATCH 010/190] Rewritten in passive voice to give objective tone

---
 _docs/overview.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 5d12f91..438213c 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -31,8 +31,8 @@ document.
 * **Frequently-accessed funds**: Accessing highly secured bitcoin is cumbersome, 
 introducing security risk through the possibility of human error with each 
 interaction.
-* **Procurement**: This document covers bitcoin storage, not procurement. It assumes you
-already possess bitcoin and wish to store it more securely.
+* **Procurement**: This document covers bitcoin storage, not procurement. It assumes
+bitcoin has been procured and is ready to store.
 
 ## Trusting this protocol
 

From b68632f9a3a2b36ea7c3ea2896677e63b6334c5c Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 13:33:00 +0000
Subject: [PATCH 011/190] References to "trust" removed and statement tense
 changed to current

---
 _docs/overview.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 438213c..6b9dcb1 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -34,12 +34,10 @@ interaction.
 * **Procurement**: This document covers bitcoin storage, not procurement. It assumes
 bitcoin has been procured and is ready to store.
 
-## Trusting this protocol
+Protocol credentials:
 
-Funds secured using Glacier can only be as secure as its design.
-Here's what you can trust about this protocol:
-* **Expert advisors**: The development of Glacier was guided with input from
-Bitcoin technology and security experts. See our advisor list.
+* **Expert advisors**: Development is guided with input from Bitcoin technology and 
+security experts. See our advisor list.
 * **Open source**: GlacierScript, the Glacier companion software, is open
 source. The code is straightforward and well-commented to facilitate easy review
 for flaws or vulnerabilities. [View it on Github](https://github.com/GlacierProtocol/GlacierProtocol).

From 35ad7c7e9ab95ece8df2189bd6ba3bdced124149 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 13:34:06 +0000
Subject: [PATCH 012/190] Benefit of open source highlighted

---
 _docs/overview.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 6b9dcb1..62f0d96 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -38,9 +38,10 @@ Protocol credentials:
 
 * **Expert advisors**: Development is guided with input from Bitcoin technology and 
 security experts. See our advisor list.
-* **Open source**: GlacierScript, the Glacier companion software, is open
-source. The code is straightforward and well-commented to facilitate easy review
-for flaws or vulnerabilities. [View it on Github](https://github.com/GlacierProtocol/GlacierProtocol).
+* **Open source**: GlacierScript, the Glacier companion software, is open source.
+This means the code is freely available for anyone to review for flaws and
+vulnerabilities. The code is straightforward, well-commented and available on
+Github. [View it on Github](https://github.com/GlacierProtocol/GlacierProtocol).
 * **Community review**: The protocol has evolved in conjunction with the wider
 Bitcoin community. Early versions were circulated during development, and
 community feedback integrated. [See our list of contributors](/docs/contribute/acknowledgments/).

From b288fd0718a7c75c171bc74dca347b6179fc9837 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 14:03:00 +0000
Subject: [PATCH 013/190] Comm. review is covered in previous point, github
 protocol link added

---
 _docs/overview.md | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 62f0d96..db2b99a 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -38,13 +38,14 @@ Protocol credentials:
 
 * **Expert advisors**: Development is guided with input from Bitcoin technology and 
 security experts. See our advisor list.
-* **Open source**: GlacierScript, the Glacier companion software, is open source.
-This means the code is freely available for anyone to review for flaws and
-vulnerabilities. The code is straightforward, well-commented and available on
-Github. [View it on Github](https://github.com/GlacierProtocol/GlacierProtocol).
-* **Community review**: The protocol has evolved in conjunction with the wider
-Bitcoin community. Early versions were circulated during development, and
-community feedback integrated. [See our list of contributors](/docs/contribute/acknowledgments/).
+* **Open source**: Both GlacierScript, the Glacier companion software, and the
+protocol document are open source. This means they are freely available for anyone
+to review for flaws or vulnerabilities. The protocol has evolved in conjunction with the wider
+Bitcoin community, and the code is straightforward and well-commented. Both are available on
+Github.
+[View code on Github](https://github.com/GlacierProtocol/GlacierProtocol)
+[View protocol on Github](https://github.com/GlacierProtocol/glacierprotocol.github.io)
+[View list of contributors](/docs/contribute/acknowledgments/)
 * **Natural selection**: All documentation and code related to this protocol is
 under open licenses (Creative Commons for the document, MIT license for the
 code), enabling others to publish their own revisions. Inferior alternatives

From b4a0aa2310bfb00a8550b8442f224233dd371b5d Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 15 Nov 2018 14:30:34 +0000
Subject: [PATCH 014/190] Natural selection removed

Point wrt failure of alternatives is unsuitable for technical document
---
 _docs/overview.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index db2b99a..5e8ffe4 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -46,10 +46,6 @@ Github.
 [View code on Github](https://github.com/GlacierProtocol/GlacierProtocol)
 [View protocol on Github](https://github.com/GlacierProtocol/glacierprotocol.github.io)
 [View list of contributors](/docs/contribute/acknowledgments/)
-* **Natural selection**: All documentation and code related to this protocol is
-under open licenses (Creative Commons for the document, MIT license for the
-code), enabling others to publish their own revisions. Inferior alternatives
-will tend to lose popularity over time.
 
 If you like, you may review the [design document](/docs/design-doc/overview)
 for details on the technical design.

From 10397fd7455dc788ce0eedbb472bef560c487d4e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 10:33:59 +0000
Subject: [PATCH 015/190] Bullet descriptions converted to headings

---
 _docs/overview.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 5e8ffe4..5299ebc 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -6,14 +6,14 @@ redirect_from:
   - /docs/
 ---
 
-Glacier is a step-by-step, highly secure protocol for storing bitcoin.
+## A step-by-step, highly secure protocol for storing bitcoin
 
 It thoroughly considers corner cases such as obscure vectors for malware 
 infection, personal estate planning and human error resulting in loss of funds, as 
 well as the future Bitcoin landscape where bitcoin is much more valuable and 
 attracting many more security threats.
 
-It is intended for:
+### Intended for
 
 * **Personal storage**: Bitcoin owned solely by a single individual.
 * **Investment-level value**: Bitcoin holdings around the level of a small
@@ -23,7 +23,7 @@ future value appreciation.
 * **Technically unskilled users**: No technical expertise is required. Although
 the Glacier protocol is long, it is clear and straightforward to follow.
 
-It is not intended for:
+### Not intended for
 
 * **Institutional storage**: Internal controls, transparent auditing, and 
 preventing access to funds by a single individual are outside the scope of this 
@@ -34,7 +34,7 @@ interaction.
 * **Procurement**: This document covers bitcoin storage, not procurement. It assumes
 bitcoin has been procured and is ready to store.
 
-Protocol credentials:
+### Protocol credentials
 
 * **Expert advisors**: Development is guided with input from Bitcoin technology and 
 security experts. See our advisor list.

From c1e3dd79b4a94c17b3bf885bede5de95b000ea3d Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 10:37:28 +0000
Subject: [PATCH 016/190] List of links pulled into body text for readability

---
 _docs/overview.md | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 5299ebc..c0686f3 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -37,19 +37,13 @@ bitcoin has been procured and is ready to store.
 ### Protocol credentials
 
 * **Expert advisors**: Development is guided with input from Bitcoin technology and 
-security experts. See our advisor list.
-* **Open source**: Both GlacierScript, the Glacier companion software, and the
-protocol document are open source. This means they are freely available for anyone
-to review for flaws or vulnerabilities. The protocol has evolved in conjunction with the wider
-Bitcoin community, and the code is straightforward and well-commented. Both are available on
-Github.
-[View code on Github](https://github.com/GlacierProtocol/GlacierProtocol)
-[View protocol on Github](https://github.com/GlacierProtocol/glacierprotocol.github.io)
-[View list of contributors](/docs/contribute/acknowledgments/)
-
-If you like, you may review the [design document](/docs/design-doc/overview)
-for details on the technical design.
-
+security experts. See the [advisor list](https://glacierprotocol.org/contributors/) and [contributor list](/docs/contribute/acknowledgments/).
+* **Open source**: The [design document](/docs/design-doc/overview), the [protocol document](https://github.com/GlacierProtocol/glacierprotocol.github.io) 
+and the [GlacierScript](https://github.com/GlacierProtocol/GlacierProtocol) companion
+software are all open source. This allows for continuous peer review and
+examination to eliminate flaws and vulnerabilities. The protocol has evolved in 
+conjunction with the wider Bitcoin community, and the code is straightforward and 
+well commented. Both are available on Github.
 If you are already familiar with Bitcoin security concepts and are certain that
 you want high security cold storage, you may prefer to skip to the section
 [Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).

From 51be2f29be97af29e1fd2949b1ecef87691e9e15 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 10:38:34 +0000
Subject: [PATCH 017/190] Option to skip section moved

---
 _docs/overview.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index c0686f3..ee255d6 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -44,11 +44,10 @@ software are all open source. This allows for continuous peer review and
 examination to eliminate flaws and vulnerabilities. The protocol has evolved in 
 conjunction with the wider Bitcoin community, and the code is straightforward and 
 well commented. Both are available on Github.
-If you are already familiar with Bitcoin security concepts and are certain that
-you want high security cold storage, you may prefer to skip to the section
-[Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).
 
 ## Background
+A reader familiar with Bitcoin security concepts may prefer to skip to the section
+[Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).
 
 ### Self-Managed Storage vs. Online
 

From e69deed4226e06dd8700e2062df9eb1db5de21d6 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 13:51:45 +0000
Subject: [PATCH 018/190] Informal, passive text removed

---
 _docs/overview.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index ee255d6..dd7cadd 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -51,8 +51,6 @@ A reader familiar with Bitcoin security concepts may prefer to skip to the secti
 
 ### Self-Managed Storage vs. Online
 
-Let's start by assessing whether Glacier is right for you.
-
 There is no such thing as perfect security. There are only degrees of security,
 and those degrees come at a cost (in time, money, convenience, etc.) So the
 first question is: How much security are you willing to invest in?

From bf41a935d12e7004952c32b31d51e3b3563b4372 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 13:54:06 +0000
Subject: [PATCH 019/190] Title restructured

---
 _docs/overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index dd7cadd..4c4feb1 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -49,7 +49,7 @@ well commented. Both are available on Github.
 A reader familiar with Bitcoin security concepts may prefer to skip to the section
 [Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).
 
-### Self-Managed Storage vs. Online
+### Self-Managed vs. Online Storage
 
 There is no such thing as perfect security. There are only degrees of security,
 and those degrees come at a cost (in time, money, convenience, etc.) So the

From 1c93a702b13aff4b913054a94f8e62112bded1e3 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 13:55:13 +0000
Subject: [PATCH 020/190] Online wallet list removed

Protocol should not vouch for security of 3rd party site
---
 _docs/overview.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 4c4feb1..3766abe 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -57,11 +57,7 @@ first question is: How much security are you willing to invest in?
 For most people, most of the time, the authors recommend storing Bitcoin using a
 high-quality online storage service. The pros and cons of the various online
 services are beyond the scope of this document, but most popular ones are fairly
-secure and easy to use. Some popular options are
-[Blockchain](https://blockchain.info/),
-[Coinbase](https://www.coinbase.com/),
-[Gemini](https://gemini.com/),
-and [Kraken](https://www.kraken.com/).
+secure and easy to use.
 
 However, all online storage services still come with some notable risks
 which self-managed storage does not have:

From 72d80cbf0c31a7bc1323efb67731938fe0e8729b Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 13:58:54 +0000
Subject: [PATCH 021/190] Reword

---
 _docs/overview.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 3766abe..c22301d 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -51,8 +51,8 @@ A reader familiar with Bitcoin security concepts may prefer to skip to the secti
 
 ### Self-Managed vs. Online Storage
 
-There is no such thing as perfect security. There are only degrees of security,
-and those degrees come at a cost (in time, money, convenience, etc.) So the
+There is no such thing as perfect security, only degrees of security with corresponding
+trade-offs in time, money, convenience, etc. So the
 first question is: How much security are you willing to invest in?
 For most people, most of the time, the authors recommend storing Bitcoin using a
 high-quality online storage service. The pros and cons of the various online

From 50041d03cc73f97858523247862474c5c1e0b2db Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 14:00:02 +0000
Subject: [PATCH 022/190] Informal, passive text removed

---
 _docs/overview.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index c22301d..4f2dd00 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -52,8 +52,8 @@ A reader familiar with Bitcoin security concepts may prefer to skip to the secti
 ### Self-Managed vs. Online Storage
 
 There is no such thing as perfect security, only degrees of security with corresponding
-trade-offs in time, money, convenience, etc. So the
-first question is: How much security are you willing to invest in?
+trade-offs in time, money, convenience, etc.
+
 For most people, most of the time, the authors recommend storing Bitcoin using a
 high-quality online storage service. The pros and cons of the various online
 services are beyond the scope of this document, but most popular ones are fairly

From 19d35ca5292f207c5d24376458c5da1ea1b555df Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 14:14:57 +0000
Subject: [PATCH 023/190] Personal reference removed

Entire document is author's recommendation, no need to specify here
---
 _docs/overview.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 4f2dd00..6a6ddd8 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -54,10 +54,9 @@ A reader familiar with Bitcoin security concepts may prefer to skip to the secti
 There is no such thing as perfect security, only degrees of security with corresponding
 trade-offs in time, money, convenience, etc.
 
-For most people, most of the time, the authors recommend storing Bitcoin using a
-high-quality online storage service. The pros and cons of the various online
-services are beyond the scope of this document, but most popular ones are fairly
-secure and easy to use.
+For most people, most of the time, storing Bitcoin using a high-quality online storage 
+service is sufficient. The pros and cons of the various online services are beyond the 
+scope of this document, but most popular ones are fairly secure and easy to use.
 
 However, all online storage services still come with some notable risks
 which self-managed storage does not have:

From 2d1994424eb225fc4a894283d75d3eba9ce7c3a6 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 17 Nov 2018 14:40:22 +0000
Subject: [PATCH 024/190] Sections retitled/rearranged

"vs." sections are an assessment of alternative rather than comparisons
---
 _docs/overview.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 6a6ddd8..71484a7 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -45,11 +45,14 @@ examination to eliminate flaws and vulnerabilities. The protocol has evolved in
 conjunction with the wider Bitcoin community, and the code is straightforward and 
 well commented. Both are available on Github.
 
-## Background
+## Alternatives
+The Glacier Protocol focuses exclusively on self-managed storage, but there are lower
+security, more convenient options.
+
 A reader familiar with Bitcoin security concepts may prefer to skip to the section
 [Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).
 
-### Self-Managed vs. Online Storage
+### Online Storage
 
 There is no such thing as perfect security, only degrees of security with corresponding
 trade-offs in time, money, convenience, etc.
@@ -112,9 +115,7 @@ money. We recommend self-managed storage for large investments, but ultimately
 it's a personal decision based on your risk tolerance and costs you're willing
 to pay (in money and time) for security.
 
-Glacier focuses exclusively on self-managed storage.
-
-### Glacier vs. Hardware Wallets
+### Hardware Wallets
 
 Many people who choose
 self-managed storage (as opposed to an online storage service) use "hardware

From a451ea958013519aa5fb1cf03462f8c1569eefa3 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 18 Nov 2018 14:03:46 +0000
Subject: [PATCH 025/190] Point made is not specific to online storage

Moved up to parent section
---
 _docs/overview.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 71484a7..6f574ec 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -46,17 +46,15 @@ conjunction with the wider Bitcoin community, and the code is straightforward an
 well commented. Both are available on Github.
 
 ## Alternatives
-The Glacier Protocol focuses exclusively on self-managed storage, but there are lower
-security, more convenient options.
+There is no such thing as perfect security, only degrees of security with corresponding
+trade-offs in time, money, convenience, etc. The Glacier Protocol focuses exclusively
+on self-managed storage, but there are cheaper, lower security and more convenient options.
 
 A reader familiar with Bitcoin security concepts may prefer to skip to the section
 [Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).
 
 ### Online Storage
 
-There is no such thing as perfect security, only degrees of security with corresponding
-trade-offs in time, money, convenience, etc.
-
 For most people, most of the time, storing Bitcoin using a high-quality online storage 
 service is sufficient. The pros and cons of the various online services are beyond the 
 scope of this document, but most popular ones are fairly secure and easy to use.

From cc2edb3ce3b47d51cfa7198208e1103de8821f9b Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 18 Nov 2018 14:05:41 +0000
Subject: [PATCH 026/190] Better not to mention assumed security level of third
 party

---
 _docs/overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 6f574ec..d14ad53 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -57,7 +57,7 @@ A reader familiar with Bitcoin security concepts may prefer to skip to the secti
 
 For most people, most of the time, storing Bitcoin using a high-quality online storage 
 service is sufficient. The pros and cons of the various online services are beyond the 
-scope of this document, but most popular ones are fairly secure and easy to use.
+scope of this document. 
 
 However, all online storage services still come with some notable risks
 which self-managed storage does not have:

From 3862d6971ddc0dfa620c6d1df2b540b171712f31 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 18 Nov 2018 14:45:55 +0000
Subject: [PATCH 027/190] Reword, restructure

"constant attack" made two separate points
---
 _docs/overview.md | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index d14ad53..c952602 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -57,24 +57,21 @@ A reader familiar with Bitcoin security concepts may prefer to skip to the secti
 
 For most people, most of the time, storing Bitcoin using a high-quality online storage 
 service is sufficient. The pros and cons of the various online services are beyond the 
-scope of this document. 
+scope of this document. However, all online storage services entail risks which are
+not present in a self-managed storage system:
 
-However, all online storage services still come with some notable risks
-which self-managed storage does not have:
-
-1. **Identity spoofing**: Your account on the service could be hacked (including
-through methods such as identity theft, where someone convinces the service they
-are you).
-2. **Network exposure**: Online services still need to transmit security-critical
+1. **Identity spoofing**: Online accounts can be compromised, allowing a hacker to
+assume the identity of a legitimate user.
+2. **Network exposure**: Online services need to transmit security-critical
 information over the Internet, which creates an opportunity for that information
 to be stolen. In contrast, self-managed storage can be done with no network
 exposure.
-3. **Under constant attack**: Online services can be hacked by attackers from
-anywhere in the world. People know these services store lots of funds, which
-makes them much larger targets. If there's a flaw in their security, it's more
-likely to be found and exploited.
-4. **Internal theft**: They have to protect against internal theft from a large
-group of employees & contractors.
+3. **Under constant attack**: Online services can be hacked by attackers from anywhere in
+the world at any time of the day, week or year.
+4. **Vastly larger target**: Customer funds are a part of a considerably larger asset pool, making
+them much more attractive targets for hackers.
+5. **Internal theft**: A large group of employees & contractors are trusted with internal
+access to service funds.
 5. **Intentional seizure**: They have the ability (whether of their own volition,
 or under pressure from governments) to seize your funds.
 There is historical precedent for this, even if funds are not suspected of

From 4d13ada0cb53a33a7d72a0ca23f860cc72c18821 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 18 Nov 2018 15:26:27 +0000
Subject: [PATCH 028/190] Point separated into two separate points, reworded
 and examples given

Subscription link replaced, MtGox/Bitfinex users will be/were reimbursed
---
 _docs/overview.md | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index c952602..7cdf629 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -72,29 +72,22 @@ the world at any time of the day, week or year.
 them much more attractive targets for hackers.
 5. **Internal theft**: A large group of employees & contractors are trusted with internal
 access to service funds.
-5. **Intentional seizure**: They have the ability (whether of their own volition,
-or under pressure from governments) to seize your funds.
-There is historical precedent for this, even if funds are not suspected of
-criminal involvement. In 2010,
-[Cyprus unilaterally seized many bank depositors' funds ](https://www.theguardian.com/world/2013/mar/25/cyprus-bailout-deal-eu-closes-bank)
-to cope with an economic crisis. In 1933, the US abruptly
-[demanded citizens surrender almost all gold they owned to the government](https://en.wikipedia.org/wiki/Executive_Order_6102).
-Regardless of how one views the political desirability of these particular
-decisions, there is precedent for governments taking such an action, and one
-cannot necessarily predict the reasons they might do so in the future.
-Furthermore,Bitcoin still operates in a political and legal grey zone, which
-increases these political risks.
+6. **Seizure by service**: The service has the ability to seize customer funds. There are
+examples where a hacked system has chosen to socialise its losses across all users. In 2016, 
+[all users shared the total loss after Bitfinex was hacked](http://www.bbc.com/news/technology-37009319).
+There are also examples of withdrawals being closed before the company files for bankruptcy protection.
+In 2014, [Mt. Gox filed for bankruptcy after being hacked](https://www.bbc.co.uk/news/technology-25233230).
+Both scenarios lead to huge losses for customers.
+7. **Seizure by government decree**: Currently, in many countries, Bitcoin operates in a political
+and legal grey zone. There is historical precedence of citizen funds being seized without any
+suspicion of criminal activity. In 2010, [Cyprus unilaterally seized many bank depositors' funds](https://www.theguardian.com/world/2013/mar/25/cyprus-bailout-deal-eu-closes-bank)
+to cope with an economic crisis and, in 1933, [the US government demanded citizens surrender almost all gold](https://en.wikipedia.org/wiki/Executive_Order_6102). Similar action during a future financial
+crisis cannot be discounted.
 
 Some online wallet services have insurance to cover losses, although that
 insurance doesn't protect against all of these scenarios, and often has limits
 on the amount insured.
 
-These risks are not theoretical. Many online services have lost customers' funds
-(and not reimbursed them), including
-[Mt. Gox](https://www.bloomberg.com/news/articles/2014-02-28/mt-gox-exchange-files-for-bankruptcy),
-[Bitfinex](http://www.bbc.com/news/technology-37009319),
-and many more.
-
 Recently, some providers are rolling out services which are a hybrid
 of an online service and self-managed storage. Examples include
 [Coinbase's multisig vault](https://www.coinbase.com/vault)

From 8917e0a9532d8ebb30e8aca04047750d2c1d0dc7 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 18 Nov 2018 17:55:03 +0000
Subject: [PATCH 029/190] Hybrid wallet links removed

Risky to vouch for third party software
---
 _docs/overview.md | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 7cdf629..8bf7d57 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -88,15 +88,10 @@ Some online wallet services have insurance to cover losses, although that
 insurance doesn't protect against all of these scenarios, and often has limits
 on the amount insured.
 
-Recently, some providers are rolling out services which are a hybrid
-of an online service and self-managed storage. Examples include
-[Coinbase's multisig vault](https://www.coinbase.com/vault)
-and [Green Address](https://greenaddress.it/en/).
-The design of these services
-significantly reduces (though does not eliminate) the risks described above.
-
-However, they also require some care and technical competence to securely
-manage the electronic "keys" which provide access to funds.
+Hybrid services, combining features of online and self-managed storage, are available. The design
+of these services reduce, without eliminating entirely, some of the risks described above. However,
+they still require care and technical competence to securely manage the electronic "keys" which
+provide access to funds.
 
 Many people do use online or hybrid solutions to store sizeable amounts of
 money. We recommend self-managed storage for large investments, but ultimately

From c0216bbf49fd8df6e43fbeae52af5bebac0ea533 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 18 Nov 2018 17:55:30 +0000
Subject: [PATCH 030/190] Paragraph removed

Points covered in section intro
---
 _docs/overview.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 8bf7d57..8048603 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -93,11 +93,6 @@ of these services reduce, without eliminating entirely, some of the risks descri
 they still require care and technical competence to securely manage the electronic "keys" which
 provide access to funds.
 
-Many people do use online or hybrid solutions to store sizeable amounts of
-money. We recommend self-managed storage for large investments, but ultimately
-it's a personal decision based on your risk tolerance and costs you're willing
-to pay (in money and time) for security.
-
 ### Hardware Wallets
 
 Many people who choose

From dd5509293a815ec113028ee823f127960e06bded Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 18 Nov 2018 18:18:19 +0000
Subject: [PATCH 031/190] Hardware wallet links removed

Risky to vouch for third party hardware
---
 _docs/overview.md | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index 8048603..cff87b8 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -95,15 +95,9 @@ provide access to funds.
 
 ### Hardware Wallets
 
-Many people who choose
-self-managed storage (as opposed to an online storage service) use "hardware
-wallets" such as the
-[Trezor](https://trezor.io/),
-[Ledger](https://www.ledgerwallet.com/),
-and [KeepKey](https://www.keepkey.com/)
-to store their bitcoins. While these are great products that provide strong security,
-Glacier is intended to offer an even higher level of protection than today's
-hardware wallets can provide.
+Hardware wallets can provide a form of self-managed storage with good security. Again, the pros
+and cons of the various hardware wallets are beyond the scope of this document. However, all
+hardware wallets entail risks which are not present in a system adhering to The Glacier Protocol:
 
 The primary security consideration is that
 all hardware wallets today operate via a physical USB link to a regular

From e78220fcab6b1828bce65e72a84c5976551b352a Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 18 Nov 2018 18:19:50 +0000
Subject: [PATCH 032/190] Restructured for consistent critiquing style, con
 added from design doc

---
 _docs/overview.md | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/_docs/overview.md b/_docs/overview.md
index cff87b8..740de80 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -99,17 +99,13 @@ Hardware wallets can provide a form of self-managed storage with good security.
 and cons of the various hardware wallets are beyond the scope of this document. However, all
 hardware wallets entail risks which are not present in a system adhering to The Glacier Protocol:
 
-The primary security consideration is that
-all hardware wallets today operate via a physical USB link to a regular
-computer. While they employ extensive safeguards to prevent any sensitive
-data (such as private keys) from being transmitted over this connection,
-it's possible that an undiscovered vulnerability could be exploited by
-malware to steal private keys from the device.
-
-For details on this and other security considerations, see the
-"No Hardware Wallets" section of the [design document](/docs/design-doc/overview)
-As with online multisig
-vaults, many people do use hardware wallets to store sizeable amounts of
-money. We personally recommend Glacier for large investments, but ultimately
-it's a personal decision based on your risk tolerance and costs you're
-willing to pay (in money and time) for security.
+1. **USB link**: All hardware wallets operate via a physical USB link to a regular computer. While
+they employ extensive safeguards to prevent any sensitive data (such as private keys) from being
+transmitted over this connection, it is possible that an undiscovered vulnerability could be
+exploited by malware to steal private keys from the device.
+2. **Potential tampering**: Verification that the hardware or software has not been tampered with is
+nearly impossible. An attacker could compromise the manufacturing processes, or ship a malicious
+device that looks like the hardware wallet you ordered.
+
+For details on this and other security considerations, see the "No Hardware Wallets" section of the
+[design document](/docs/design-doc/overview).
\ No newline at end of file

From e2b7800ea311d81a68df9cf7a6d9c887a496349e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 10:20:12 +0000
Subject: [PATCH 033/190] "MacOS" stylized consistently

Occurances of "macos", "macOS" and "macOs" corrected
---
 _docs/before-you-start/hardware.md      |  2 +-
 _docs/setup/create-boot-usb.md          | 16 ++++++++--------
 _docs/setup/non-quarantined-hardware.md |  2 +-
 _docs/setup/verify.md                   |  6 +++---
 dockerfiles/spellcheck/.spelling        |  2 +-
 5 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/_docs/before-you-start/hardware.md b/_docs/before-you-start/hardware.md
index c0979af..e6a2820 100644
--- a/_docs/before-you-start/hardware.md
+++ b/_docs/before-you-start/hardware.md
@@ -32,7 +32,7 @@ manufacturer than the drives for Set 1:
 ### Used/existing computing equipment
 
 * Two computers with Internet connectivity, administrator access, and about
-2GB of free disk space.  **Each computer must be running Windows 10, macOS, or
+2GB of free disk space.  **Each computer must be running Windows 10, MacOS, or
 Linux.**
 
   One of these two computers should be a computer that you do not own (unless
diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index df20701..89cb5af 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -16,7 +16,7 @@ way.)
 
 The *first two* USB drives ("Setup Boot USBs") are the USB drives you labeled
 "SETUP 1 BOOT" and "SETUP 2 BOOT" in Section II. They will be prepared using
-your Setup Computers, which may be running Windows, macOS, or something else.
+your Setup Computers, which may be running Windows, MacOS, or something else.
 
 The *last two* USB drives ("Quarantined Boot USBs") are the USB drives you
 labeled "Q1 BOOT" and "Q2 BOOT" in Section II. They will be prepared using your
@@ -44,7 +44,7 @@ copy there.
 4. Open a terminal window.
 
     1. **Windows**: Press Windows-R, type "powershell" and click OK.
-    2. **macOS**: Click the Searchlight (magnifying glass) icon in the menu bar,
+    2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar,
     and type "terminal". Select the Terminal application from the search results.
     3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T. (On Ubuntu, press
     Ctrl-Alt-T.)
@@ -55,13 +55,13 @@ copy there.
     downloaded Ubuntu, customizing the folder name if necessary:
 
         1. **Windows**: `> cd $HOME/Downloads`
-        2. **macOs**: `$ cd $HOME/Downloads`
+        2. **MacOS**: `$ cd $HOME/Downloads`
         3. **Linux**: `$ cd $HOME/Downloads`
 
     2. View the fingerprint of the file:
 
         1. **Windows**: `> Get-FileHash -a sha256 ubuntu-16.04.1-desktop-amd64.iso`
-        2. **macOs**: `$ shasum -a 256 ubuntu-16.04.1-desktop-amd64.iso`
+        2. **MacOS**: `$ shasum -a 256 ubuntu-16.04.1-desktop-amd64.iso`
         3. **Linux**: `$ sha256sum ubuntu-16.04.1-desktop-amd64.iso`
 
     3. The following fingerprint should be displayed:
@@ -103,13 +103,13 @@ copy there.
         "DD Image Mode", select "ISO Image Mode" and press OK.
         10. The program will take a few minutes to write the USB.
 
-    2. **macOS**
+    2. **MacOS**
         1. Prepare the Ubuntu download for copying to the USB.
             ```
             $ cd $HOME/Downloads
             $ hdiutil convert ubuntu-16.04.1-desktop-amd64.iso -format UDRW -o ubuntu-16.04.1-desktop-amd64.img
             ```
-        2. Determine the macOS "device identifier" for the Boot USB.
+        2. Determine the MacOS "device identifier" for the Boot USB.
             1. `$ diskutil list`
             2. Insert the SETUP 1 BOOT USB in an empty USB slot.
             3. Wait 10 seconds for the operating system to recognize the USB.
@@ -143,7 +143,7 @@ copy there.
             4. Wait several minutes for the copying process to complete. When
             it does, you may see an error box pop up. This is expected; it's
             because the USB is written in a format readable by Ubuntu, but not
-            readable by macOS.
+            readable by MacOS.
             5. Click Ignore.
 
         4. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or
@@ -310,7 +310,7 @@ copy there.
            This setup process is the ONE exception.
         2. Because you have booted the SETUP 1 computer off the SETUP 1 BOOT
         USB, you will follow the instructions for Ubuntu, even if your computer
-        normally runs Windows or macOS.
+        normally runs Windows or MacOS.
         3. Immediately after you are finished executing steps 1-6 with the Q1
         BOOT USB, remove the Q1 BOOT USB from the SETUP 1 computer.
             1. On your desktop, right-click the corresponding USB drive icon
diff --git a/_docs/setup/non-quarantined-hardware.md b/_docs/setup/non-quarantined-hardware.md
index 3721f36..3b8a2f0 100644
--- a/_docs/setup/non-quarantined-hardware.md
+++ b/_docs/setup/non-quarantined-hardware.md
@@ -29,7 +29,7 @@ software installed, here are some options:
 
     * Windows: [Kaspersky](https://usa.kaspersky.com/) ($39.99/yr),
     [Avira](https://www.avira.com) (Free)
-    * macOS: [BitDefender](https://www.bitdefender.com/) ($59.95/yr),
+    * MacOS: [BitDefender](https://www.bitdefender.com/) ($59.95/yr),
     [Sophos](https://home.sophos.com/) (Free)
     * Linux: Unnecessary
 
diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 34f0f02..46f36e3 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -87,14 +87,14 @@ that's fine; proceed as normal.)
     1. **Windows**: Download and install the latest available version of
     [Gpg4win](https://www.gpg4win.org/). Use the default
     options.
-    2. **macOS**: Download and install the latest available version of
+    2. **MacOS**: Download and install the latest available version of
     [GPG Suite](https://gpgtools.org/).
     3. **Linux**: GnuPG comes pre-installed with Linux distributions.
 
 9. Open a terminal window:
 
     1. **Windows**: Press Windows-R, type "powershell" and click OK.
-    2. **macOS**: Click the Searchlight (magnifying glass) icon in the menu bar, and
+    2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar, and
     type a terminal window. "terminal". Select the Terminal application from the
     search results.
     3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
@@ -104,7 +104,7 @@ commands below are based on common default settings; if you put your downloads
 is in a different place, you will need to customize this command.
 
     1. **Windows**:  `> cd $HOME/Downloads/glacier`
-    2. **macOS**:  `$ cd $HOME/Downloads/glacier`
+    2. **MacOS**:  `$ cd $HOME/Downloads/glacier`
     3. **Linux**: `$ cd $HOME/Downloads/glacier`
 
 11. Verify the integrity of the
diff --git a/dockerfiles/spellcheck/.spelling b/dockerfiles/spellcheck/.spelling
index 5615923..4e2a7b5 100644
--- a/dockerfiles/spellcheck/.spelling
+++ b/dockerfiles/spellcheck/.spelling
@@ -8,7 +8,7 @@ Kraken
 Bitfinex
 SanDisk
 Cruzer
-macOS
+MacOS
 TerraSlate
 Inspiron
 Bitclip

From d47feb913a007fdda3fd52cca5f798f2be6ab6a2 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 15:15:58 +0000
Subject: [PATCH 034/190] Rewritten in passive voice, section link added

---
 _docs/overview/key-concepts.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index b2359cb..08a1e4d 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -1,17 +1,17 @@
 ---
 title: Key concepts
-description: Overview of some of the key concepts leveraged by Glacier to make
-  sure your Bitcoin keys are kept safe.
+description: Overview of key concepts leveraged by Glacier to provide
+Bitcoin key security
 ---
 
 ## Private Key
 
-Your currency balance is effectively stored in the Bitcoin
-blockchain -- the global decentralized ledger. You can imagine a locked box
-with all of your bitcoins sitting inside of it. This box is unlocked with
-a piece of information known as "private key". (Some boxes require multiple
-private keys to unlock; see the section "Multisignature Security"
-below.)
+Bitcoin balances are stored in the Bitcoin blockchain, a global
+decentralized ledger, which can be unlocked with a piece of information
+known as a "private key". This is analogous to storing coins in a
+padlocked box, of which there can be multiple padlocks - see the 
+[Multi-signature Security](/docs/overview/multi-signature-security)
+ section.
 
 Unlike a password, a private key is not meant for you to remember.
 It's a long string of gibberish.

From 5d6f5ce646374e6755c8483d89cee62c549771a7 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 15:17:30 +0000
Subject: [PATCH 035/190] Passive voice, "gibberish" explained, law enforcement
 statement removed

There are current examples of law enforcement investigations
---
 _docs/overview/key-concepts.md | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 08a1e4d..bb3aacb 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -4,7 +4,7 @@ description: Overview of key concepts leveraged by Glacier to provide
 Bitcoin key security
 ---
 
-## Private Key
+## Private Keys
 
 Bitcoin balances are stored in the Bitcoin blockchain, a global
 decentralized ledger, which can be unlocked with a piece of information
@@ -13,14 +13,13 @@ padlocked box, of which there can be multiple padlocks - see the
 [Multi-signature Security](/docs/overview/multi-signature-security)
  section.
 
-Unlike a password, a private key is not meant for you to remember.
-It's a long string of gibberish.
-The private key is what you need to keep
-secure. If anyone gets it, they can take your money. Unlike traditional
-financial instruments, there is no recourse. There is no company that is
-liable, because Bitcoin is a decentralized system not run by any person or
-entity. And no law enforcement agency is likely to investigate your
-case.
+Unlike a password, a private key is not meant to be memorized. It is a
+256-bit number, usually expressed as a 64-character hexadecimal string.
+It is important to understand that the holder of the private key is the
+owner of the bitcoin and, unlike traditional financial instruments, 
+there is no legal recourse in the event of the key falling into the
+hands of someone else. Bitcoin is decentralized, meaning there is no
+company, person or entity that is liable.
 
 ## Offline Key Storage ("Cold Storage")
 

From 0048f92a1edf322740e7f9ed6898045c5ac543b7 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 15:28:35 +0000
Subject: [PATCH 036/190] Consistent section title case applied

---
 _docs/before-you-start/hardware.md         |  2 +-
 _docs/before-you-start/overview.md         | 12 ++++++------
 _docs/before-you-start/structure.md        |  4 ++--
 _docs/extend/ecosystem.md                  |  2 +-
 _docs/extend/improvements.md               | 18 +++++++++---------
 _docs/overview.md                          |  4 ++--
 _docs/overview/key-concepts.md             |  6 +++---
 _docs/overview/multi-signature-security.md |  8 ++++----
 _docs/setup/create-app-usb.md              |  2 +-
 9 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/_docs/before-you-start/hardware.md b/_docs/before-you-start/hardware.md
index e6a2820..decce08 100644
--- a/_docs/before-you-start/hardware.md
+++ b/_docs/before-you-start/hardware.md
@@ -41,7 +41,7 @@ Linux.**
 * Smartphone with a working camera
 
 
-### Other Equipment
+### Other equipment
 
 * Two factory-sealed USB drives (2GB+):
 [Verbatim 2GB](http://a.co/jieluaE)
diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 05ecfc9..08c2d51 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -14,7 +14,7 @@ As described previously, the Glacier
 protocol involves putting bitcoins in cold storage, using multisignature
 security, with the keys stored only on paper.
 
-## Eternally Quarantined Hardware
+## Eternally quarantined hardware
 
 This bulk of the Glacier protocol consists of ways to safeguard
 against theft of private keys due to malware infection. To accomplish this,
@@ -36,7 +36,7 @@ an available interface (e.g. the Internet, if a quarantined laptop is later
 used to access the web). Eternal quarantining renders the hardware
 essentially useless for anything else but executing this protocol.
 
-## Parallel Hardware Stacks
+## Parallel hardware stacks
 
 There is a class of attacks which rely not on stealing
 your sensitive data (e.g. private keys), but in subverting the process of
@@ -76,7 +76,7 @@ automates much of the manual work involved in executing the protocol.
 GlacierScript's [open source code](https://github.com/GlacierProtocol/GlacierProtocol) is straightforward and extensively
 commented to facilitate easy review for flaws or vulnerabilities.
 
-## Protocol Output
+## Protocol output
 
 The end result of the Glacier protocol is a set of paper information
 packets, one for each private key needed for the multisignature withdrawal
@@ -90,7 +90,7 @@ by all private keys.
 Technical details: The Glacier protocol reuses Bitcoin addresses. See the
 [design document](../design-doc/overview.md) for a detailed analysis.
 
-## Protocol Cost
+## Protocol cost
 
 The Glacier protocol requires over $600 in equipment, and approximately 8 hours of work to perform an initial cold storage deposit. This excludes time for:
 
@@ -102,14 +102,14 @@ The Glacier protocol requires over $600 in equipment, and approximately 8 hours
 Subsequent deposits and withdrawals re-use the same equipment and take a
 fraction of the time.
 
-## No Formal Support
+## No formal support
 
 As a free, volunteer-developed community project, there is no formal support
 channel for Glacier should you encounter any issues. However, you may be able to
 ask advice of community members on our [Gitter chat room](https://gitter.im/glacierprotocol/Lobby)
 or other Bitcoin community forums.
 
-## Privacy Considerations
+## Privacy considerations
 
 Because the Bitcoin blockchain is public, the way you route and store funds has
 privacy implications. For example, any person to whom you give your cold storage
diff --git a/_docs/before-you-start/structure.md b/_docs/before-you-start/structure.md
index 4993dcf..87feac2 100644
--- a/_docs/before-you-start/structure.md
+++ b/_docs/before-you-start/structure.md
@@ -15,7 +15,7 @@ bitcoin address.
 * **Maintenance**: For ensuring funds in cold storage remain accessible and
 secure.
 
-## Sensitive Data
+## Sensitive data
 
 *Critically-sensitive data* (e.g. private keys) will be highlighted in red,
 like this: <span class="danger">critically-sensitive-data-here</span>.
@@ -65,7 +65,7 @@ If you use only hardcopies, you'll need to manually type in a large amount of
 gibberish data, by hand, with no errors, every time you withdraw funds from
 cold storage.
 
-### Terminal Usage
+### Terminal usage
 
 Many protocol steps involve
 typing commands into a *terminal window*. Working in a terminal window is
diff --git a/_docs/extend/ecosystem.md b/_docs/extend/ecosystem.md
index d52e42d..285335e 100644
--- a/_docs/extend/ecosystem.md
+++ b/_docs/extend/ecosystem.md
@@ -8,7 +8,7 @@ The Glacier protocol is lengthy and complex because the tools for high-security
 
 Ideally, the Bitcoin community (and other cryptocurrency communities) will create these tools as soon as possible and render Glacier obsolete. We invite inquiry and consultation by others interested in developing these tools.
 
-## Cold Storage Hardware Wallets
+## Cold storage hardware wallets
 
 * Function like conventional hardware wallets, but
 eternally quarantined (no wireless or wired connections)
diff --git a/_docs/extend/improvements.md b/_docs/extend/improvements.md
index 69fd274..cedf6ca 100644
--- a/_docs/extend/improvements.md
+++ b/_docs/extend/improvements.md
@@ -5,7 +5,7 @@ description: Here's a list of improvements that can be made to Glacier, the
 ---
 
 
-## Don't store electronic copy of Cold Storage Information Page
+## Don't store electronic copy of cold storage information page
 Glacier recommends stores an electronic copy of the Cold Storage
 Information Page for easy copy-pasting for subsequent deposits or
 withdrawals. However, this is slightly less secure & complicated -- and
@@ -17,7 +17,7 @@ Printing QR codes on the Cold Storage Information Page would be
 another way to avoid the need to manually transcribe the deposits and
 withdrawals
 
-## No Address Reuse
+## No address reuse
 Currently, Glacier reuses addresses for
 both depositing and withdrawing funds. As discussed in the [protocol design
 document](../design-doc/overview.md), this has both privacy and security implications.
@@ -34,13 +34,13 @@ be given as to whether there is another way to safely test funds access,
 perhaps using something like the signrawtransaction Bitcoin Core
 RPC.
 
-## BIP39 Mnemonic Support
+## BIP39 mnemonic support
 [BIP39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) supports the creation of private keys
 encoded as an English mnemonic for ease and reliability of transcription.
 It's not yet supported by Glacier because it's not supported by Bitcoin
 Core.
 
-## Sign Withdrawal Transactions With Individual Signatures
+## Sign withdrawal transactions with individual signatures
 Bringing
 multiple private keys together in the same physical location for the
 Withdrawal Protocol entails risk (they could be physically stolen). It
@@ -49,7 +49,7 @@ a time, probably by bringing a QR-encoded physical hardcopy of the
 partially-signed transaction to the storage location of each private
 key.
 
-## Consider Shamir's Secret Sharing or Vanilla Multisig vs. P2SH Transactions
+## Consider Shamir's Secret Sharing or vanilla multisig vs. P2SH transactions
 Glacier currently uses P2SH transactions. This allows all
 signatories storing private keys to view the user's balance, because
 a copy of the redeem script must be kept with each private key.
@@ -63,19 +63,19 @@ using [Shamir's Secret Sharing](https://en.wikipedia.org/wiki/Shamir%27s_Secret_
 the number of keyholders, but would require additional cryptographic
 software be integrated into Glacier.
 
-## Automate Quarantined USB creation
+## Automate quarantined USB creation
 Many of the steps for creating the Quarantined USBs could be
 automated in a simple script.
 
-## Security With Biased Dice
+## Security with biased dice
 Assess integration of this paper and/or [this algorithm](http://pit-claudel.fr/clement/blog/generating-uniformly-random-data-from-skewed-input-biased-coins-loaded-dice-skew-correction-and-the-von-neumann-extractor/) so that the quality of
 our randomness is not vulnerable to dice bias.
 
-## Entropy Quality Testing
+## Entropy quality testing
 Use an entropy test suite such as [ent](http://www.fourmilab.ch/random/) to verify the quality of
 generated entropy before it's used.
 
-## Bitcoin Core Version
+## Bitcoin Core version
 Pinning Currently, we download Bitcoin Core on to the Quarantined App
 USBs via the Ubuntu Package archive. However, because Bitcoin is
 a privately-managed archive, it only hosts the latest release, rather than
diff --git a/_docs/overview.md b/_docs/overview.md
index 740de80..7d72992 100644
--- a/_docs/overview.md
+++ b/_docs/overview.md
@@ -53,7 +53,7 @@ on self-managed storage, but there are cheaper, lower security and more convenie
 A reader familiar with Bitcoin security concepts may prefer to skip to the section
 [Choosing a Multisignature Withdrawal Policy](/docs/overview/multi-signature-security#choosing-a-multisignature-withdrawal-policy).
 
-### Online Storage
+### Online storage
 
 For most people, most of the time, storing Bitcoin using a high-quality online storage 
 service is sufficient. The pros and cons of the various online services are beyond the 
@@ -93,7 +93,7 @@ of these services reduce, without eliminating entirely, some of the risks descri
 they still require care and technical competence to securely manage the electronic "keys" which
 provide access to funds.
 
-### Hardware Wallets
+### Hardware wallets
 
 Hardware wallets can provide a form of self-managed storage with good security. Again, the pros
 and cons of the various hardware wallets are beyond the scope of this document. However, all
diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index bb3aacb..3a38a21 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -4,7 +4,7 @@ description: Overview of key concepts leveraged by Glacier to provide
 Bitcoin key security
 ---
 
-## Private Keys
+## Private keys
 
 Bitcoin balances are stored in the Bitcoin blockchain, a global
 decentralized ledger, which can be unlocked with a piece of information
@@ -21,7 +21,7 @@ there is no legal recourse in the event of the key falling into the
 hands of someone else. Bitcoin is decentralized, meaning there is no
 company, person or entity that is liable.
 
-## Offline Key Storage ("Cold Storage")
+## Offline key storage ("cold storage")
 
 You don't want to store your
 private key on any computer that's connected to the Internet ("hot
@@ -39,7 +39,7 @@ Online keys are
 inherently exposed to hackers. You therefore need to make sure your private
 key stays offline ("cold storage") at all times.
 
-## Paper Key Storage
+## Paper key storage
 
 Because
 the private key is a relatively small piece of information, it can be stored
diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 58b3b36..deebf96 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -9,7 +9,7 @@ Central to our security protocols is
 a technique called "multisignature security." You'll need a quick primer on
 this topic to understand the Glacier protocol.
 
-## Regular Private Keys are Risky
+## Regular private keys are risky
 
 Remember that anybody with access to your private key can access your
 funds. And if you lose your private key, you cannot access your money; it is
@@ -31,7 +31,7 @@ slip of paper sitting in a safe) might break into the safe and steal the wallet.
 Or a major natural disaster might prevent you from returning home for an
 extended period, during which time your safe is looted.
 
-## What is Multisignature Security?
+## What is multisignature security?
 
 To address these
 issues, Bitcoin provides a way to secure funds with a set of private keys,
@@ -53,7 +53,7 @@ security is analogous to a bank requiring signatures from multiple people
 (for example, any 2 of a company's 3 designated officers) to access funds in
 an account.
 
-## How Does Multisignature Security Help?
+## How does multisignature security help?
 
 Multisignature security protects against the following scenarios:
 
@@ -68,7 +68,7 @@ security, entrusting them with a key will not enable them to steal your
 funds (unless they steal additional key(s), or collude with another
 signatory).
 
-## Choosing a Multisignature Withdrawal Policy
+## Choosing a multisignature withdrawal policy
 
 Below are common options for withdrawal policies. You will need to select one
 before beginning the protocol.
diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index c7895b4..25f8609 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -1,5 +1,5 @@
 ---
-title: Create App USBs
+title: Create app USBs
 description: Learn how to prepare your USB drives for Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---

From 2b8f4bbc8549c63ea48ea9fc48235ccf30eed7f7 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 15:50:25 +0000
Subject: [PATCH 037/190] Reword

---
 _docs/overview/key-concepts.md | 41 ++++++++++++++--------------------
 1 file changed, 17 insertions(+), 24 deletions(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 3a38a21..8382ce5 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -1,7 +1,7 @@
 ---
 title: Key concepts
 description: Overview of key concepts leveraged by Glacier to provide
-Bitcoin key security
+ Bitcoin key security
 ---
 
 ## Private keys
@@ -21,31 +21,24 @@ there is no legal recourse in the event of the key falling into the
 hands of someone else. Bitcoin is decentralized, meaning there is no
 company, person or entity that is liable.
 
-## Offline key storage ("cold storage")
+## Offline key storage
 
-You don't want to store your
-private key on any computer that's connected to the Internet ("hot
-storage"), because that exposes it to more hacking attempts. There are
-viruses out there that search computers for private keys and steal them
-(thereby stealing your money).
+Private keys should only ever be offline, or "in cold storage". They should
+never be stored on any internet-connected computer, or "in hot storage",
+because it provides an opportunity for hacking attempts or virus infection
+via the internet. Viruses can attack in many ways, including searching the
+local system for private keys or keylogging data entry.
 
-One way to protect against this is by
-encrypting your private key, so even if a thief steals it, they can't read
-it. This helps, but is not foolproof. For example, a thief might install
-[keylogger malware](https://en.wikipedia.org/wiki/Keystroke_logging)
-so that they steal your password too.
-
-Online keys are
-inherently exposed to hackers. You therefore need to make sure your private
-key stays offline ("cold storage") at all times.
+A private key can be encrypted, meaning a private key in a hacker's
+possession is unreadable, but this would not protect against [keylogging malware](https://en.wikipedia.org/wiki/Keystroke_logging) where the encryption
+password was also stolen.
 
 ## Paper key storage
 
-Because
-the private key is a relatively small piece of information, it can be stored
-on paper as easily as it can be stored on a computer. And when it comes to
-key storage, paper has various advantages compared to computers: It's always
-offline (no chance of accidentally connecting it to the Internet!), it's
-easy & cheap to make multiple copies for backups (and different keys for
-multisignature security -- see below), and it's not susceptible to
-mechanical failure.
+Private keys, being relatively small pieces of information, can be stored
+on paper as easily as they can in digital format. Paper has the following
+advantages:
+
+* **Always offline**: No chance of accidental network connection
+* **Easy & cheap**: Multiple copies of multiple keys can be made for backups
+* **Durable**: Robust against mechanical failure
\ No newline at end of file

From e72b13907e6a8ac243257af9763898e797ad5abc Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 16:27:07 +0000
Subject: [PATCH 038/190] "owner" changed to "holder"

---
 _docs/overview/key-concepts.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 8382ce5..ecee934 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -16,7 +16,7 @@ padlocked box, of which there can be multiple padlocks - see the
 Unlike a password, a private key is not meant to be memorized. It is a
 256-bit number, usually expressed as a 64-character hexadecimal string.
 It is important to understand that the holder of the private key is the
-owner of the bitcoin and, unlike traditional financial instruments, 
+holder of the bitcoin and, unlike traditional financial instruments, 
 there is no legal recourse in the event of the key falling into the
 hands of someone else. Bitcoin is decentralized, meaning there is no
 company, person or entity that is liable.

From e9dfa00898815836702484ebc502b712e5b3847f Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 16:28:09 +0000
Subject: [PATCH 039/190] Critique is on single private keys - "regular" is too
 vague

---
 _docs/overview/multi-signature-security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index deebf96..56fa58d 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -9,7 +9,7 @@ Central to our security protocols is
 a technique called "multisignature security." You'll need a quick primer on
 this topic to understand the Glacier protocol.
 
-## Regular private keys are risky
+## Single private keys are risky
 
 Remember that anybody with access to your private key can access your
 funds. And if you lose your private key, you cannot access your money; it is

From 15331d952c97397e34892290fe31cfc3543fb117 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 16:32:00 +0000
Subject: [PATCH 040/190] Hyphen removed for consistency

---
 _docs/overview/key-concepts.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index ecee934..5fc9129 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -10,7 +10,7 @@ Bitcoin balances are stored in the Bitcoin blockchain, a global
 decentralized ledger, which can be unlocked with a piece of information
 known as a "private key". This is analogous to storing coins in a
 padlocked box, of which there can be multiple padlocks - see the 
-[Multi-signature Security](/docs/overview/multi-signature-security)
+[Multisignature Security](/docs/overview/multi-signature-security)
  section.
 
 Unlike a password, a private key is not meant to be memorized. It is a

From 440a1db24d42e0d9ee60ee069656b346437c8e26 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 16:53:34 +0000
Subject: [PATCH 041/190] Multisig INTRODUCES the opportunity for betrayal in
 personal storage

It REDUCES it for a wallet controlled by multiple people - outside scope
---
 _docs/overview/multi-signature-security.md | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 56fa58d..e61f57c 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -61,12 +61,6 @@ Multisignature security protects against the following scenarios:
 enough to steal the money.
 * **Loss**: If a key is destroyed or simply misplaced, you can recover your money
 using the remaining keys.
-* **Betrayal**:
-You may want to entrust one or more signatories with keys to facilitate
-access to your funds when you are dead or incapacitated. With multisignature
-security, entrusting them with a key will not enable them to steal your
-funds (unless they steal additional key(s), or collude with another
-signatory).
 
 ## Choosing a multisignature withdrawal policy
 

From 7b8b3688da94c19bf4d1f5ff958030730c697044 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 18:02:21 +0000
Subject: [PATCH 042/190] reword and restructure

---
 _docs/overview/multi-signature-security.md | 80 +++++++++-------------
 1 file changed, 33 insertions(+), 47 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index e61f57c..4d82a57 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -1,66 +1,52 @@
 ---
 title: Multi-signature security
-description: Glacier uses multiple keys to protect your Bitcoins. This makes it
-  harder for someone to steal your Bitcoins, and allows you to still access them
-  even if you lose one keys.
+description: Glacier uses multiple private keys. This provides greater security,
+ and protects against total loss in the event of the loss of a single key.
 ---
 
-Central to our security protocols is
-a technique called "multisignature security." You'll need a quick primer on
-this topic to understand the Glacier protocol.
+Central to The Glacier Protocol is a technique called "multisignature security",
+or "multisig", which utilises multiple private keys to provide greater security, 
+while also protecting against total loss in the event of the loss of a single key.
+
+The "signature" part of "multisignature" comes from the process of using a private
+key to access bitcoins, referred to as "signing a transaction". 
 
 ## Single private keys are risky
 
-Remember that anybody with access to your private key can access your
-funds. And if you lose your private key, you cannot access your money; it is
-lost forever. There is no mechanism for reversal, and nobody to appeal
-to.
+The bearer asset nature of bitcoin makes it very difficult to secure. For example,
+a private key, on paper, in a safe deposit box at a bank may seem secure, but 
+there are various eventualities that could lead to total loss. The box could be
+destroyed in a disaster, [seized](http://abcnews.go.com/GMA/story?id=4832471),
+accessed after identity theft, or the entire bank could be robbed.
 
-This makes it difficult to keep funds highly secure. For example, you
-might store a private key on paper in a safe deposit box at a bank, and feel
-fairly safe. But even this is not the most robust solution. The box could be
-destroyed in a disaster, or be robbed (perhaps via identity theft), or
-[intentionally seized](http://abcnews.go.com/GMA/story?id=4832471).
+Self storage, perhaps in a fireproof safe at home, can mitigate some of these issues,
+but it also introduces new risks. A home safe is considerably easier to access and
+enter than a bank, as well as potentially introducing personal harm to home
+occupants.
 
-You can try to mitigate these risks by storing the key yourself, perhaps in a
-fireproof home safe (as opposed to a bank). But this introduces new risks. A
-determined thief (perhaps a professional who brings safe-drilling tools on their
-burglary jobs, or who somehow got wind of the fact that you have a $100,000
-slip of paper sitting in a safe) might break into the safe and steal the wallet.
+## What is multisignature security?
 
-Or a major natural disaster might prevent you from returning home for an
-extended period, during which time your safe is looted.
+Multisignature security is analogous to a bank requiring signatures from multiple
+people (for example, any two of a company's three designated officers) to access
+funds in a company account.
 
-## What is multisignature security?
+Bitcoin provides a way to secure funds with a set of private keys, such that some
+of the keys, but not necessarily all, are required to sign a transaction. For
+example, a "2-of-3" withdrawal policy means that, of the three existing keys, two
+are required. In general, a multisignature policy is described as being "m-of-n",
+where n>=m.
 
-To address these
-issues, Bitcoin provides a way to secure funds with a set of private keys,
-such that some of the keys (but not necessarily all) are required to
-withdraw funds. For example, you might secure your bitcoins with 3 keys but
-only need any 2 of those keys to withdraw funds. (This example is known as
-a "2-of-3" withdrawal policy.)
-
-The keys are then stored in different
-locations, so someone who gets access to one key will not automatically
-have access to the others. Sometimes, a key is entrusted to the custody of
-another person, known as a "signatory."
-
-This approach of using multiple
-keys is known as "multisignature security." The "signature" part of
-"multisignature" comes from the process of using a private key to access
-bitcoins, which is referred to as "signing a transaction." Multisignature
-security is analogous to a bank requiring signatures from multiple people
-(for example, any 2 of a company's 3 designated officers) to access funds in
-an account.
+The keys can then be stored in different locations to reduce the chance of any single
+third party gaining access to the minimum required number of keys. Keys can also be
+entrusted to the custody of another person, known as a "signatory."
 
 ## How does multisignature security help?
 
-Multisignature security protects against the following scenarios:
+Multisignature security mitigates risk in the following scenarios:
 
-* **Theft**: Even if somebody physically breaks into a safe, any one key is not
-enough to steal the money.
-* **Loss**: If a key is destroyed or simply misplaced, you can recover your money
-using the remaining keys.
+* **Theft**: Control of a single key does not give access to the bitcoin
+* **Loss**: Bitcoin can be recovered after the loss of a single key, if
+misplaced or if the owner is incapacitated, by using the remaining keys
 
 ## Choosing a multisignature withdrawal policy
 

From 65403d09e46b2e2ae82ed0c674275d6a0df689dc Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 19 Nov 2018 18:13:21 +0000
Subject: [PATCH 043/190] Link removed - Too US-centric

---
 _docs/overview/multi-signature-security.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 4d82a57..ca00d6e 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -65,8 +65,7 @@ stolen.
 The keys will be distributed as follows:
 
 * One in a safe at home
-* The remaining three in safe deposit boxes or [private vaults](https://www.google.com/search?q=private+safe+deposit+box) at
-different locations
+* Three in safe deposit boxes, or private vaults, at different locations
 
 It's important to think about estate planning -- making
 arrangements for your designated agents to be able to access your funds when

From 8e914e3157a6aa5612226567a8fd1d0d295e0439 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 20 Nov 2018 10:26:06 +0000
Subject: [PATCH 044/190] Reword

---
 _docs/overview/multi-signature-security.md | 36 +++++++++-------------
 1 file changed, 15 insertions(+), 21 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index ca00d6e..94ac6fe 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -50,37 +50,31 @@ misplaced or if the owner is incapacitated, by using the remaining keys
 
 ## Choosing a multisignature withdrawal policy
 
-Below are common options for withdrawal policies. You will need to select one
-before beginning the protocol.
+Below are common options for withdrawal policies, with option 1 being The Glacier
+Protocol recommendation.
 
 ### Option 1: Self-custody of keys
 
-Our default
-recommendation is a 2-of-4 withdrawal policy where you manage all of your
-own keys (i.e. you do not entrust any to the custody of friends or family).
-2-of-4 means there are four keys, and any two of those keys can be combined
-to access your money, ensuring access even if two keys are lost or
-stolen.
+A 2-of-4 withdrawal policy, with all private keys in the custody of the bitcoin owner,
+where any two private keys can be combined to sign a transaction. This provides access
+even in a scenario where two keys are lost or stolen.
 
-The keys will be distributed as follows:
+The keys should be distributed as follows:
 
 * One in a safe at home
 * Three in safe deposit boxes, or private vaults, at different locations
 
-It's important to think about estate planning -- making
-arrangements for your designated agents to be able to access your funds when
-you are dead (e.g. for distribution to your heirs) or incapacitated (e.g. to
-pay medical bills). This usually requires significant legal arrangements to
-be made in advance.
+In a self-custody system, estate planning becomes critical. Arrangements must be made
+to provide third party access to funds in the event of death (e.g. for inheritance) or
+incapacitation (e.g. for medical bills). This usually requires significant legal
+arrangement to be made in advance.
 
-The most failsafe way to ensure your agents will have access to your safe
-deposit box is to check with the bank. Standard estate planning legal documents
-should allow your agent to access the box upon your incapacity, and to get into
-it upon your death. But banks can be fussy and sometimes prefer their own forms.
+The most failsafe way to ensure third party access to a safe deposit box is directly
+via the bank. Standard estate planning legal documents should allow access to each box
+upon personal incapacity or death, although banks may offer their own forms.
 
-If you have a living trust, one option may be to have your trust as the co-owner
-of your safe deposit box. That generally allows a successor trustee to access
-the box.
+Another option may be to arrange a living trust, or local equivalent, where the trust
+is the co-owner of the safe deposit box. A successor trustee could then access the box.
 
 ### Option 2: Distributed custody of keys
 

From b0aa27ee6d8003fb5225274cc7705800321f54ad Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 20 Nov 2018 12:00:45 +0000
Subject: [PATCH 045/190] "Signing" explanation moved to Key Concepts

---
 _docs/overview/key-concepts.md             | 5 +++++
 _docs/overview/multi-signature-security.md | 2 --
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 5fc9129..7c2322e 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -4,6 +4,11 @@ description: Overview of key concepts leveraged by Glacier to provide
  Bitcoin key security
 ---
 
+## Signing
+
+The process of using a private key to access bitcoins, referred to as "signing
+a transaction". 
+
 ## Private keys
 
 Bitcoin balances are stored in the Bitcoin blockchain, a global
diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 94ac6fe..cbc5c1e 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -8,8 +8,6 @@ Central to The Glacier Protocol is a technique called "multisignature security",
 or "multisig", which utilises multiple private keys to provide greater security, 
 while also protecting against total loss in the event of the loss of a single key.
 
-The "signature" part of "multisignature" comes from the process of using a private
-key to access bitcoins, referred to as "signing a transaction". 
 
 ## Single private keys are risky
 

From e67d4efbfa21fb866dbd6994aff949165e1024f0 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 20 Nov 2018 12:05:35 +0000
Subject: [PATCH 046/190] Multisig explanation moved, and single sig added, to
 Key Concepts

---
 _docs/overview/key-concepts.md             | 26 ++++++++++++++--------
 _docs/overview/multi-signature-security.md |  4 +---
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 7c2322e..95dba71 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -9,23 +9,31 @@ description: Overview of key concepts leveraged by Glacier to provide
 The process of using a private key to access bitcoins, referred to as "signing
 a transaction". 
 
-## Private keys
+## Private key
 
-Bitcoin balances are stored in the Bitcoin blockchain, a global
-decentralized ledger, which can be unlocked with a piece of information
-known as a "private key". This is analogous to storing coins in a
-padlocked box, of which there can be multiple padlocks - see the 
-[Multisignature Security](/docs/overview/multi-signature-security)
- section.
+A 256-bit number, usually expressed in 64-character hexadecimal, which can unlock
+bitcoin balances stored in the Bitcoin blockchain, a global decentralized ledger.
 
-Unlike a password, a private key is not meant to be memorized. It is a
-256-bit number, usually expressed as a 64-character hexadecimal string.
+Unlike a password, a private key is not meant to be memorized.
 It is important to understand that the holder of the private key is the
 holder of the bitcoin and, unlike traditional financial instruments, 
 there is no legal recourse in the event of the key falling into the
 hands of someone else. Bitcoin is decentralized, meaning there is no
 company, person or entity that is liable.
 
+## Single signature security
+
+This is analogous to storing coins in a padlocked box, with a single key and padlock.
+
+## Multisignature, or multisig, security
+
+Utilises multiple private keys to provide greater security, while also protecting
+against total loss in the event of the loss of some keys.
+
+This is analogous to storing coins in a padlocked box, with multiple keys and
+padlocks which open in different combinations. See the [Multisignature Security](/docs/overview/multi-signature-security)
+section for more detail.
+
 ## Offline key storage
 
 Private keys should only ever be offline, or "in cold storage". They should
diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index cbc5c1e..77405ab 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -4,9 +4,7 @@ description: Glacier uses multiple private keys. This provides greater security,
  and protects against total loss in the event of the loss of a single key.
 ---
 
-Central to The Glacier Protocol is a technique called "multisignature security",
-or "multisig", which utilises multiple private keys to provide greater security, 
-while also protecting against total loss in the event of the loss of a single key.
+Multisignature security, or multisig, is central to The Glacier Protocol.
 
 
 ## Single private keys are risky

From de300b85558cb4f9ab039d7864c66b9cbb576881 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 20 Nov 2018 12:11:32 +0000
Subject: [PATCH 047/190] Reword

---
 _docs/overview/multi-signature-security.md | 23 ++++++++++------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 77405ab..5bcd3b1 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -74,19 +74,16 @@ is the co-owner of the safe deposit box. A successor trustee could then access t
 
 ### Option 2: Distributed custody of keys
 
-Another option is to distribute some of your
-keys to individuals who you trust ("signatories"). This can offer some
-advantages:
-
-* **Availability**: If you live in a rural area, there may not be many vaults
-or safe deposit boxes that are practical to get to.
-* **Ease of setup**: It may be simpler to distribute keys to signatories than
-to find available vaults, travel to them, and set up accounts.
-* **Ease of estate planning**: You don't need to make complicated legal
-arrangements for your signatories to access your funds. They'll have the keys
-they need to do so.
-
-However, there are significant drawbacks:
+Another option is to distribute a number of keys to trusted individuals, or signatories,
+which has the following advantages:
+
+* **Availability**: Vaults or safe deposit boxes may not be available in the local area.
+* **Ease of setup**: It may be simpler to distribute keys to signatories than to travel
+to multiple available vaults and set up accounts.
+* **Ease of estate planning**: No complicated legal arrangements for signatories to
+access funds.
+
+Key distribution also has the following disadvantages:
 
 * **Privacy**: Other signatories will have the ability to see your balance.
 Technical details: Every private key needs to be packaged with the multisig

From eddf23a308fe33fbb6aae703cc8c1c16b9ba7a5b Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 20 Nov 2018 12:26:30 +0000
Subject: [PATCH 048/190] Redeem script explanation moved to Key Concepts, link
 added

There is no Appendix C
---
 _docs/overview/key-concepts.md             |  6 ++++++
 _docs/overview/multi-signature-security.md | 11 ++++-------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 95dba71..3ec6f27 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -34,6 +34,12 @@ This is analogous to storing coins in a padlocked box, with multiple keys and
 padlocks which open in different combinations. See the [Multisignature Security](/docs/overview/multi-signature-security)
 section for more detail.
 
+## Redeem script
+
+Multisignature requires each of the multiple private keys to be accompanied by a
+redeem script. This script, each of which is identical, defines how the keys
+combine to release funds. Losing all redeem scripts leads to the total loss of funds.
+
 ## Offline key storage
 
 Private keys should only ever be offline, or "in cold storage". They should
diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 5bcd3b1..f80efc3 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -85,13 +85,10 @@ access funds.
 
 Key distribution also has the following disadvantages:
 
-* **Privacy**: Other signatories will have the ability to see your balance.
-Technical details: Every private key needs to be packaged with the multisig
-redemption script (since losing all redemption scripts is just as bad as losing
-all keys). Redemption scripts, however, allow one to view funds. An alternate
-version of this protocol could be created using a different multisig approach
-besides P2SH transactions, which would eliminate the ability of signatories to
-view balances; see Appendix C for details.
+* **Privacy**: All signatories can see the balance via the multisignature redeem script.
+An alternate version of this protocol could be created using a different multisig
+approach besides P2SH transactions, which would eliminate the ability of signatories to
+view balances. See [Possible improvements to Glacier](/docs/extend/improvements#consider-shamirs-secret-sharing-or-vanilla-multisig-vs-p2sh-transactions) for details.
 * **Signatory collusion**: Although possessing one key won't allow a signatory
 to access your funds, two signatories might collude with each other to steal
 your money.

From 0aeb44695abf6dc7029b2b80f8ca40f965eaa292 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 20 Nov 2018 12:32:03 +0000
Subject: [PATCH 049/190] Reword

---
 _docs/overview/multi-signature-security.md | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index f80efc3..d218a56 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -89,13 +89,9 @@ Key distribution also has the following disadvantages:
 An alternate version of this protocol could be created using a different multisig
 approach besides P2SH transactions, which would eliminate the ability of signatories to
 view balances. See [Possible improvements to Glacier](/docs/extend/improvements#consider-shamirs-secret-sharing-or-vanilla-multisig-vs-p2sh-transactions) for details.
-* **Signatory collusion**: Although possessing one key won't allow a signatory
-to access your funds, two signatories might collude with each other to steal
-your money.
-* **Signatory reliability**: A signatory may fail to store the key securely, or
-they may lose it.
-* **Signatory safety**: Giving your signatories custody of a valuable key may
-expose them to the risk of targeted physical theft.
+* **Signatory collusion**: Two signatories may collude to gain access to funds.
+* **Signatory reliability**: A signatory may fail to store the key securely.
+* **Signatory safety**: Signatories may be exposed to the risk of targeted physical theft.
 * **Kidnapping risk**: If you anticipate traveling in
 [high-crime areas with kidnapping risk](http://www.nytimes.com/2012/05/03/business/kidnapping-becomes-a-growing-travel-risk.html),
 your funds will be at greater risk because you'll

From 699569548c211e9cbd7e951c8aecedfeadc8cc86 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 20 Nov 2018 13:43:00 +0000
Subject: [PATCH 050/190] Kidnapping risk- relies on kidnapper
 believing/understanding explanation

More likely to increase chance of death when funds cannot be provided
---
 _docs/overview/multi-signature-security.md | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index d218a56..a00d007 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -92,16 +92,6 @@ view balances. See [Possible improvements to Glacier](/docs/extend/improvements#
 * **Signatory collusion**: Two signatories may collude to gain access to funds.
 * **Signatory reliability**: A signatory may fail to store the key securely.
 * **Signatory safety**: Signatories may be exposed to the risk of targeted physical theft.
-* **Kidnapping risk**: If you anticipate traveling in
-[high-crime areas with kidnapping risk](http://www.nytimes.com/2012/05/03/business/kidnapping-becomes-a-growing-travel-risk.html),
-your funds will be at greater risk because you'll
-have the ability to access them remotely (by contacting your signatories and
-asking for their keys).
-Financially-motivated kidnapping hinges on your ability to access funds to give
-to the kidnappers. If you are literally unable to access additional funds
-(because the keys are stored in remote vaults which you must be physically
-present to access, as opposed to held by friends or family who you can call),
-kidnappers will have no incentive to hold you.
 
 For distributed custody, we recommend a 2-of-5 withdrawal policy. The extra key
 (5 keys, rather than the recommended

From dd6998dc46536888799efff317dc58b99835aca8 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 20 Nov 2018 14:42:10 +0000
Subject: [PATCH 051/190] Reqord, restructure, "protecting the key against
 loss" removed

See Github issue #18 for justification of removal of "loss"
---
 _docs/overview/multi-signature-security.md | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index a00d007..84ddea2 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -74,8 +74,10 @@ is the co-owner of the safe deposit box. A successor trustee could then access t
 
 ### Option 2: Distributed custody of keys
 
-Another option is to distribute a number of keys to trusted individuals, or signatories,
-which has the following advantages:
+A 2-of-5 withdrawal policy is recommended, with private keys distributed to a number
+of trusted individuals, or signatories. The extra key, five rather than the recommended
+four in Option 1, mitigates the extra risk of signatories not sufficiently protecting
+the key against loss. This has the following advantages:
 
 * **Availability**: Vaults or safe deposit boxes may not be available in the local area.
 * **Ease of setup**: It may be simpler to distribute keys to signatories than to travel
@@ -93,13 +95,9 @@ view balances. See [Possible improvements to Glacier](/docs/extend/improvements#
 * **Signatory reliability**: A signatory may fail to store the key securely.
 * **Signatory safety**: Signatories may be exposed to the risk of targeted physical theft.
 
-For distributed custody, we recommend a 2-of-5 withdrawal policy. The extra key
-(5 keys, rather than the recommended
-4 keys in Option 1) is recommended since you have less control over whether
-a signatory effectively protects their key against theft or loss
+Thorough estate planning arrangements, which allow executors to access the keys if
+necessary, will allow the policy to be reduced from 2-of-5 to 2-of-4. Two keys should
+be issued to trusted signatories rather than three.
 
-If you have estate planning arrangements which you are confident will allow your
-agents to access the keys in your custody when needed, you should be fine with
-4 keys instead of 5 (two keys going to trusted signatories rather than three).
-Make sure your executors and signatories know to get in touch with each other
-when needed.
+Whether 2-of-5 or 2-of-4, each signatory should be able to communicate with each other
+when needed.
\ No newline at end of file

From 4e531c136cade21a72c8012a5c81d7789a5ac53e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 09:08:07 +0000
Subject: [PATCH 052/190] Reword, restructure, links explained, dead link
 removed

"Example 1" link is no use to pdf reader
---
 _docs/overview/attack-surface.md | 174 ++++++++++++++++++-------------
 1 file changed, 104 insertions(+), 70 deletions(-)

diff --git a/_docs/overview/attack-surface.md b/_docs/overview/attack-surface.md
index 1ebb0fd..02fc7ed 100644
--- a/_docs/overview/attack-surface.md
+++ b/_docs/overview/attack-surface.md
@@ -4,65 +4,100 @@ description: Learn about the attack survace for Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---
 
-This list describes the attack surface and other failure points for Glacier. We
-include only attacks and failures limited in scope to specific coins.
-Attacks and failures related to the Bitcoin ecosystem as a whole (newly
-discovered cryptographic flaws, critical Bitcoin protocol security or
-scalability failures, etc.) are not included as most are equally likely to
-impact the value of all Bitcoins whether or not they are secured with Glacier.
+This section describes the attack surface and failure points for The Glacier
+Protocol. Only attacks and failures related to The Glacier Protocol, as
+opposed to other methods, are included. Any attack or failure related
+to the Bitcoin system as a whole is ignored. A newly discovered cryptographic
+flaw, or a critical Bitcoin protocol security or scalability failure, would
+impact all bitcoins, regardless of whether they are secured with Glacier or
+some other method.
 
-This list assumes no security measures from [Extend Glacier security](../extend/security.md) are implemented.
+It is assumed that no security measures from the [Extend Glacier security](../extend/security.md)
+section are implemented.
 
-Most attacks require the presence of malware, either in or near the quarantined environment. We'll therefore inventory two layers of Glacier's attack surface:
-
-* Ways in which a malware infection might occur
-* Ways in which a critical failure might happen (possibly, but not necessarily, due to a malware infection)
+There are two layers to Glacier's attack surface, malware and critical failure.
 
 ## Malware infection vectors
 
-* Software
-  * OS/App software has malware (i.e. malicious code) built into official distributions. In particular, Glacier relies on the following packages and their dependencies NOT to distribute malicious code:
-    * Ubuntu desktop
-    * Bitcoin Core
-    * zbar-tools (via Ubuntu Package archive)
-    * qrencode (via Ubuntu Package archive)
-  * Malware on Setup Computer infects Setup USB software AND malware on Setup USB infects Quarantined USB software AND checksum verifications produces false positives
-    * Checksum false positives could happen becuase:
-      * Malware might interfere with the verification process (or the display of its results).
-      * The checksum verification software could be compromised.
-        * Verifying the integrity of GnuPG requires one have access to a trusted installation of GnuPG, but many Glacier users won't have that. Glacier currently recommends users simply trust the version of GnuPG they download.
-  * Malware on Setup Computer infects OS/App USB software AFTER checksum verification produces a true positive (i.e. before/during copying of software to the USB, or during USB ejection)
-* Firmware
-  * Malware on Setup Computer infects Setup Boot USB firmware AND malware on Setup Boot USB infects Quarantined Boot/App USB
-  * Laptop or USB firmware has malware in the shrinkwrapped package
-* Hardware
-  * Laptop or USB hardware has "malware" in the shrinkwrapped package
-
-e.g. a  [USB JTAG exploit](http://www.itnews.com.au/news/intel-debugger-interface-open-to-hacking-via-usb-446889)  or chip-level backdoors (such as
-[this rootkit](https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/)). "Malware" usually refers to software, but we're using it here more broadly to mean "computing technology which undermines the integrity of the computing environment in which it resides."
+Most attacks require the presence of malware, malicious code, either in or near the quarantined environment.
+
+### Software
+
+The operating system or application distributions could be compromised. In particular,
+Glacier relies on the following packages and their dependencies:
+* Ubuntu desktop
+* Bitcoin Core
+* zbar-tools (via Ubuntu Package Archive)
+* qrencode (via Ubuntu Package Archive)
+
+An infected Setup Computer could infect the Setup USB software, which could infect the
+Quarantined USB software. This could produce false positives during the checksum
+verification process or alter the display of the verification process results. Verifying
+the integrity of GnuPG requires access to a trusted installation of GnuPG, which many
+users won't have. The current recommendation is to trust the downloaded version of GnuPG.
+
+An infected Setup Computer could infect the operating system or application USB software
+AFTER checksum verification produces a true positive, either before/during copying of
+software to the USB, or during USB ejection.
+
+### Firmware
+
+An infected Setup Computer could infect the Setup Boot USB firmware, which could infect
+the Quarantined Boot/App USB.
+
+A laptop or USB firmware could have been infected at any point between manufacture and
+delivery, before being shrinkwrapped.
+
+### Hardware
+
+A laptop or USB hardware could have been infected at any point between manufacture and
+delivery, before being shrinkwrapped. "Malware" usually refers to software, but we're
+using it here more broadly to mean "computing technology which undermines the integrity
+of the computing environment in which it resides.", as in a 
+[USB JTAG exploit](http://www.itnews.com.au/news/intel-debugger-interface-open-to-hacking-via-usb-446889)
+or [chip-level backdoor](https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/). 
 
 ## Failure scenarios
 
-### Electronic failures
-
-* Exfiltration of critically sensitive data (e.g. private keys)
-  * A Quarantined Computer leaks critically sensitive data over a
-  [side channel](https://en.wikipedia.org/wiki/Side-channel_attack)
-  (possibly due to malware) AND complementary malware on a (networked or attacker-controlled) device in range steals the data
-    * Visual side channel (does not require malware on the quarantined computer, since sensitive data is displayed on the screen as part of the protocol).
-    If the protocol is followed, the attack surface here should be narrow, as users are instructed to block all visual side channels. However, at a minimum, they are using their smartphone for reading QR codes, and that has a camera on it.
-    * Acoustic side channel, if inadequately blocked (i.e. insufficient sound blockage or masking noise). [See example](https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data/).
-    * Radio side channel ( [example 1](https://www.usenix.org/legacy/event/sec09/tech/full_papers/vuagnoux.pdf) , [example 2](http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper) , [example 3](https://www.wired.com/2015/06/radio-bug-can-steal-laptop-crypto-keys-fits-inside-pita/) )
-    * Seismic side channel ( [example](https://www.cc.gatech.edu/fac/traynor/papers/traynor-ccs11.pdf))
-    * Thermal side channel ( [example](http://cyber.bgu.ac.il/blog/bitwhisper-heat-air-gap))
-    * Magnetic side channel ( [example](http://fc15.ifca.ai/preproceedings/paper_14.pdf) )
-  * Malware on a Quarantined Computer exfiltrates critically sensitive data via QR codes AND cooperating malware on the QR reading device steals the data.
-  The risk of this scenario is negligible; unless the attacker simultaneously compromised every major smartphone QR reader with cooperating malware, any manipulation of QR codes would be quickly detected by people using non-compromised QR reader software, leading to widespread awareness and isolation of the threat. This makes it a very unattractive attack vector.
-  * Critically sensitive data is leaked (intentionally or otherwise) as part of the payload of valid data (e.g. if the nonce used for a transaction signature contains bits of the private key)
-* Undetected generation of flawed sensitive data.
-(Requires compatible malware present on BOTH quarantined environments)
-  * Private key creation is compromised to make keys easily guessable
-  * Transaction creation is compromised to use output addresses belonging to an attacker, AND cooperating malware on a networked computer sends the malicious transaction before the manual address verification is done)
+Scenarios in which a critical failure might happen. Possibly, but not necessarily, due
+to a malware infection.
+
+### Exfiltration of critically sensitive data
+A Quarantined Computer could leak critically sensitive data over a side channel, which
+is an attack based on information gained from the implementation of a computer system,
+rather than weaknesses in the implemented algorithm itself. Complementary malware on a 
+networked or attacker-controlled device in range then steals the data. Possibilities include:
+  * **Visual side channel**: Exploit of sensitive visual data. Data is displayed on the
+  screen as part of the protocol, so does not require malware on the quarantined computer.
+  If the protocol is followed, the attack surface here should be narrow, as users are
+  instructed to block all visual side channels. However, at a minimum, a smartphone with a
+  camera is used for reading QR codes.
+  * **Acoustic side channel**: Exploit of sounds emitted by computer or other device, if
+  inadequately blocked by sound insulation or masking noise. [Data theft by fan noise](https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data), for example.
+  * **Radio side channel**: [Exploit of electromagnetic emanations from wired and wireless
+  keyboards](https://www.usenix.org/legacy/event/sec09/tech/full_papers/vuagnoux.pdf),
+  [transmission of radio signals from monitor to FM radio receiver](http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper)
+  or [radio waves leaked by a processor's power use](https://www.wired.com/2015/06/radio-bug-can-steal-laptop-crypto-keys-fits-inside-pita/),
+  for example.
+  * **Seismic side channel**: Decoding vibrations from nearby keyboard using mobile phone accelerometer, for example.
+  * **Thermal side channel**: [Exploit using thermal sensors to detect heat emission](http://cyber.bgu.ac.il/blog/bitwhisper-heat-air-gap), for example.
+  * **Magnetic side channel**: [Exploit using smartphone magnetic field sensors to extract hard drive data](http://fc15.ifca.ai/preproceedings/paper_14.pdf), for example.
+  * **Rogue QR code**: Malware on a Quarantined Computer could exfiltrate critically
+  sensitive data via QR codes IF cooperating malware on the QR reading device is prepared
+  to steal the data. The risk of this scenario is negligible; unless the attacker
+  simultaneously compromised every major smartphone QR reader with cooperating malware,
+  any manipulation of QR codes would be quickly detected by users of non-compromised QR
+  reader software, leading to widespread awareness and isolation of the threat. This makes
+  it a very unattractive attack vector.
+  * **Data leak**: Critically sensitive data could be leaked, intentionally or otherwise, as part of the
+  payload of valid data. For example, the nonce used for a transaction signature could contains
+  bits of the private key.
+  * **Flawed data generation**: Undetected generation of flawed sensitive data IF compatible
+  malware is present on BOTH quarantined environments.
+  * **Guessable private keys**: Private key creation could be compromised to make keys easily guessable.
+  * **Compromised addresses**: Transaction creation is compromised to use output addresses belonging to an attacker,
+  AND cooperating malware on a networked computer sends the malicious transaction before the
+  manual address verification is done.
 
 ### Physical failures
 
@@ -72,6 +107,7 @@ e.g. a  [USB JTAG exploit](http://www.itnews.com.au/news/intel-debugger-interfac
 * Malware on the quarantined machines writes sensitive data to persistent media (USB or laptop hard drive) AND the hardware is physically stolen afterward
 
 ### Glacier protocol failures
+
 * Glacier hosting (i.e. DNS, Github, website hosting, etc.) is compromised
 to inject weaknesses into the protocol documentation or GlacierScript
 * Protocol delivery is compromised (e.g. with
@@ -83,25 +119,23 @@ software
 * Human error during protocol execution
 * Design failure in the protocol misses or inadequately addresses a risk
 
-For potential man-in-the-middle vulnerabilities, we mitigate this by signing a
-checksum of the Glacier document itself, and including steps in the protocol for
-users to verify the signature and checksum. But this is not foolproof:
-
+Potential man-in-the-middle vulnerabilities are mitigated by including steps in
+the protocol for verifying the signature and checksum of the Glacier document
+itself. Unfortunatley, vulnerabilities remain:
 
-An attacker could remove the self-verification procedure from the protocol document,
-and many users would not notice.
-* An attacker could compromise our keypair and create a fraudulent signature
-(although this is exceedingly unlikely, due to Keybase's key verification systems)
-* The protocol document does begin with document self-verification on one Setup
-Computer. However, it doesn't guide the user through self-verification on the second
-Setup Computer. Nor does it have them re-verify the document when they first boot
+* An attacker could remove the self-verification procedure from the protocol document.
+* An attacker could compromise the Glacier Protocol keypair and create a fraudulent
+signature. This is exceedingly unlikely, due to Keybase's key verification systems.
+* The protocol document begins with document self-verification on one Setup
+Computer. However, it does not guide the user through self-verification on the second
+Setup Computer. Nor does it have the user re-verify the document when they first boot
 into Ubuntu on the Setup Computers to create the Quarantined Boot USBs. If the
-portion of the protocol document related to creating the Quarantined Boot USBs were
-compromised between the initial self-validation & the later re-validation (when
-creating the Quarantined App USBs), the user would probably not notice, even without
+portion of the protocol document related to creating the Quarantined Boot USBs had been
+compromised between the initial self-validation and the later re-validation, when
+creating the Quarantined App USBs, the user would probably not notice, even without
 a forged signature.
-* Protocol hardcopy is compromised (e.g. by malware to alter the user's hardcopy as
-it is printed)
-* A flaw in GlacierScript causes sensitive data to be leaked or flawed
-* Human error during protocol execution
-* Design failure in the protocol misses or inadequately addresses a risk
+* The protocol hardcopy could be compromised. For example, malware could alter the
+hardcopy as it is printed)
+* A flaw in GlacierScript could cause sensitive data to be leaked or flawed
+* Human error could occur during protocol execution
+* Design failure in the protocol could miss or inadequately address a risk
\ No newline at end of file

From f99d75e5e2be920bf546d9e30984408622d87222 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 09:45:02 +0000
Subject: [PATCH 053/190] "Attack surface and failure points" moved to new
 Vulnerabilities section

Core concepts used (quarantined boot USB etc) that havent been explained
---
 _data/docs_toc.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/_data/docs_toc.yml b/_data/docs_toc.yml
index b128d95..6680a0a 100644
--- a/_data/docs_toc.yml
+++ b/_data/docs_toc.yml
@@ -3,7 +3,6 @@
   - overview
   - overview/key-concepts
   - overview/multi-signature-security
-  - overview/attack-surface
 - title: Before you start
   docs:
   - before-you-start/overview
@@ -33,6 +32,9 @@
   docs:
   - check-balance/overview
   - check-balance/maintenance
+- title: Protocol vulnerabilities
+  docs:
+  - overview/attack-surface
 - title: Extend Glacier
   docs:
   - extend/security

From c5513b9b5a3265912a022b10e027ae077d98e096 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 10:01:00 +0000
Subject: [PATCH 054/190] Relative section links removed for consistency

---
 _docs/before-you-start/overview.md          | 4 ++--
 _docs/deposit/generate-cold-storage-data.md | 2 +-
 _docs/extend/ecosystem.md                   | 2 +-
 _docs/extend/improvements.md                | 4 ++--
 _docs/extend/security.md                    | 2 +-
 _docs/overview/attack-surface.md            | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 08c2d51..ee17d80 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -8,7 +8,7 @@ redirect_from: /docs/before-you-start/
 This section
 establishes a basic understanding of the Glacier protocol in order to
 facilitate its execution. For more background on the protocol's design, see
-the Glacier [design document](../design-doc/overview.md).
+the Glacier [design document](/docs/design-doc/overview).
 
 As described previously, the Glacier
 protocol involves putting bitcoins in cold storage, using multisignature
@@ -88,7 +88,7 @@ policy. Each packet includes the following information:
 by all private keys.
 
 Technical details: The Glacier protocol reuses Bitcoin addresses. See the
-[design document](../design-doc/overview.md) for a detailed analysis.
+[design document](/docs/design-doc/overview) for a detailed analysis.
 
 ## Protocol cost
 
diff --git a/_docs/deposit/generate-cold-storage-data.md b/_docs/deposit/generate-cold-storage-data.md
index 926d4ec..075b922 100644
--- a/_docs/deposit/generate-cold-storage-data.md
+++ b/_docs/deposit/generate-cold-storage-data.md
@@ -48,7 +48,7 @@ prepare your quarantined workspace.
         1. Type "DICE ENTROPY" into both Quarantined Scratchpads.
         2. Roll 62 six-sided dice, shaking the dice thoroughly each roll.
         62 dice rolls corresponds to 160 bits of entropy. See the
-        [design document](../design-doc/overview.md) for details.
+        [design document](/docs/design-doc/overview) for details.
         3. If you are rolling multiple dice at the same time, read the
         dice left-to-right. **This is important.** Humans are
         [horrible at generating random data](http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0041531)
diff --git a/_docs/extend/ecosystem.md b/_docs/extend/ecosystem.md
index 285335e..448771d 100644
--- a/_docs/extend/ecosystem.md
+++ b/_docs/extend/ecosystem.md
@@ -4,7 +4,7 @@ description: Here's a list of how the Bitcoin ecosystem could be improved with
   increased security.
 ---
 
-The Glacier protocol is lengthy and complex because the tools for high-security cold storage do not exist. This appendix briefly outlines some of the tool functionality that would address this gap. For additional technical details, see the Glacier [design document](../design-doc/overview.md).
+The Glacier protocol is lengthy and complex because the tools for high-security cold storage do not exist. This appendix briefly outlines some of the tool functionality that would address this gap. For additional technical details, see the Glacier [design document](/docs/design-doc/overview).
 
 Ideally, the Bitcoin community (and other cryptocurrency communities) will create these tools as soon as possible and render Glacier obsolete. We invite inquiry and consultation by others interested in developing these tools.
 
diff --git a/_docs/extend/improvements.md b/_docs/extend/improvements.md
index cedf6ca..ad9ba57 100644
--- a/_docs/extend/improvements.md
+++ b/_docs/extend/improvements.md
@@ -19,8 +19,8 @@ withdrawals
 
 ## No address reuse
 Currently, Glacier reuses addresses for
-both depositing and withdrawing funds. As discussed in the [protocol design
-document](../design-doc/overview.md), this has both privacy and security implications.
+both depositing and withdrawing funds. As discussed in the protocol [design
+document](/docs/design-doc/overview), this has both privacy and security implications.
 
 This could be
 implemented with HD wallets, which would allow one to generate one master
diff --git a/_docs/extend/security.md b/_docs/extend/security.md
index 3334827..5e60d0b 100644
--- a/_docs/extend/security.md
+++ b/_docs/extend/security.md
@@ -44,7 +44,7 @@ software (including a non-Linux-derived OS and a different Bitcoin wallet),
 different smartphones (and different smartphone software, i.e. QR code
 readers). Different software stacks eliminate the risk that a software bug or
 vulnerability may generate a flawed key. See the
-[design document](../design-doc/overview.md) for details on why this risk is
+[design document](/docs/design-doc/overview) for details on why this risk is
 small enough to justify leaving it unaddressed in the formal protocol.
 * **Dedicated pair of environments for each private key**: Use extra
 environments such that each environment only touches one key both when
diff --git a/_docs/overview/attack-surface.md b/_docs/overview/attack-surface.md
index 02fc7ed..eda674d 100644
--- a/_docs/overview/attack-surface.md
+++ b/_docs/overview/attack-surface.md
@@ -12,7 +12,7 @@ flaw, or a critical Bitcoin protocol security or scalability failure, would
 impact all bitcoins, regardless of whether they are secured with Glacier or
 some other method.
 
-It is assumed that no security measures from the [Extend Glacier security](../extend/security.md)
+It is assumed that no security measures from the [Extend Glacier security](/docs/extend/security)
 section are implemented.
 
 There are two layers to Glacier's attack surface, malware and critical failure.

From 1dcf8bd88d03a86005cb1c1921041c29acd7d213 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 14:53:26 +0000
Subject: [PATCH 055/190] attack-surface.md moved for consistent folder
 structure

Missed in f99d75e5e2be920bf546d9e30984408622d87222
---
 _data/docs_toc.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_data/docs_toc.yml b/_data/docs_toc.yml
index 6680a0a..c7c9fd9 100644
--- a/_data/docs_toc.yml
+++ b/_data/docs_toc.yml
@@ -34,7 +34,7 @@
   - check-balance/maintenance
 - title: Protocol vulnerabilities
   docs:
-  - overview/attack-surface
+  - protocol-vulnerabilities/attack-surface
 - title: Extend Glacier
   docs:
   - extend/security

From 567a42b78a7e78f6a942d5392d9105e842891039 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 15:08:03 +0000
Subject: [PATCH 056/190] "About" page renamed, moved and links updated for
 consistency

---
 _data/docs_toc.yml                                             | 2 +-
 _docs/{overview.md => overview/about.md}                       | 0
 _docs/{overview => protocol-vulnerabilities}/attack-surface.md | 0
 _includes/topbar.html                                          | 2 +-
 index.html                                                     | 2 +-
 5 files changed, 3 insertions(+), 3 deletions(-)
 rename _docs/{overview.md => overview/about.md} (100%)
 rename _docs/{overview => protocol-vulnerabilities}/attack-surface.md (100%)

diff --git a/_data/docs_toc.yml b/_data/docs_toc.yml
index c7c9fd9..0b11e1f 100644
--- a/_data/docs_toc.yml
+++ b/_data/docs_toc.yml
@@ -1,6 +1,6 @@
 - title: Glacier overview
   docs:
-  - overview
+  - overview/about
   - overview/key-concepts
   - overview/multi-signature-security
 - title: Before you start
diff --git a/_docs/overview.md b/_docs/overview/about.md
similarity index 100%
rename from _docs/overview.md
rename to _docs/overview/about.md
diff --git a/_docs/overview/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
similarity index 100%
rename from _docs/overview/attack-surface.md
rename to _docs/protocol-vulnerabilities/attack-surface.md
diff --git a/_includes/topbar.html b/_includes/topbar.html
index 506f355..fc2d380 100644
--- a/_includes/topbar.html
+++ b/_includes/topbar.html
@@ -14,7 +14,7 @@
         <div id="navbar" class="collapse navbar-collapse">
             <div class="navbar-right">
                 <ul class="nav navbar-nav">
-                    <li {% if page.sectionid=='docs' %} class="active" {% endif %}><a href="{{ "/docs/overview/" | prepend: site.baseurl }}">Docs</a></li>
+                    <li {% if page.sectionid=='docs' %} class="active" {% endif %}><a href="{{ "/docs/overview/about" | prepend: site.baseurl }}">Docs</a></li>
                     <li {% if page.url=='/downloads/' %} class="active" {% endif %}><a href="{{ "/downloads/" | prepend: site.baseurl }}">Downloads</a></li>
                     <li {% if page.url=='/contributors/' %} class="active" {% endif %}><a href="{{ "/contributors/" | prepend: site.baseurl }}">Contributors</a></li>
                 </ul>
diff --git a/index.html b/index.html
index 5661823..deba056 100644
--- a/index.html
+++ b/index.html
@@ -6,7 +6,7 @@
     <div class="container">
         <h1>Glacier</h1>
         <p>Glacier is the step-by-step protocol for storing Bitcoins in a highly secure way, offline.</p>
-        <p><a class="btn btn-primary btn-lg" href="{{ "/docs/overview/" | prepend: site.baseurl }}" role="button">Learn more</a></p>
+        <p><a class="btn btn-primary btn-lg" href="{{ "/docs/overview/about" | prepend: site.baseurl }}" role="button">Learn more</a></p>
     </div>
 </div>
 

From 5ac890b87c9d89994d4d736448603094e9df70f9 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 15:15:47 +0000
Subject: [PATCH 057/190] References to Glacier and the protocol changed for
 consistency

---
 _docs/overview/about.md                    | 4 ++--
 _docs/overview/multi-signature-security.md | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/_docs/overview/about.md b/_docs/overview/about.md
index 7d72992..44024f0 100644
--- a/_docs/overview/about.md
+++ b/_docs/overview/about.md
@@ -47,7 +47,7 @@ well commented. Both are available on Github.
 
 ## Alternatives
 There is no such thing as perfect security, only degrees of security with corresponding
-trade-offs in time, money, convenience, etc. The Glacier Protocol focuses exclusively
+trade-offs in time, money, convenience, etc. Glacier focuses exclusively
 on self-managed storage, but there are cheaper, lower security and more convenient options.
 
 A reader familiar with Bitcoin security concepts may prefer to skip to the section
@@ -97,7 +97,7 @@ provide access to funds.
 
 Hardware wallets can provide a form of self-managed storage with good security. Again, the pros
 and cons of the various hardware wallets are beyond the scope of this document. However, all
-hardware wallets entail risks which are not present in a system adhering to The Glacier Protocol:
+hardware wallets entail risks which are not present in a system adhering to Glacier:
 
 1. **USB link**: All hardware wallets operate via a physical USB link to a regular computer. While
 they employ extensive safeguards to prevent any sensitive data (such as private keys) from being
diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 84ddea2..4729fbd 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -4,7 +4,7 @@ description: Glacier uses multiple private keys. This provides greater security,
  and protects against total loss in the event of the loss of a single key.
 ---
 
-Multisignature security, or multisig, is central to The Glacier Protocol.
+Multisignature security, or multisig, is central to Glacier.
 
 
 ## Single private keys are risky

From dd1030132f85afbfd0be9232a05e74335bd50746 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 15:34:59 +0000
Subject: [PATCH 058/190] Design document referenced consistently

---
 _docs/before-you-start/overview.md | 2 +-
 _docs/design-doc/overview.md       | 2 +-
 _docs/extend/ecosystem.md          | 2 +-
 _docs/setup/create-boot-usb.md     | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index ee17d80..da99217 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -8,7 +8,7 @@ redirect_from: /docs/before-you-start/
 This section
 establishes a basic understanding of the Glacier protocol in order to
 facilitate its execution. For more background on the protocol's design, see
-the Glacier [design document](/docs/design-doc/overview).
+the [design document](/docs/design-doc/overview).
 
 As described previously, the Glacier
 protocol involves putting bitcoins in cold storage, using multisignature
diff --git a/_docs/design-doc/overview.md b/_docs/design-doc/overview.md
index fecef35..cf40585 100644
--- a/_docs/design-doc/overview.md
+++ b/_docs/design-doc/overview.md
@@ -5,7 +5,7 @@ description: Here you can find the design documents behind Glacier, the
 ---
 
 If you want to learn more about the security considerations for Glacier,
-check the Glacier design document:
+check the design document:
 
 * [v0.9 Beta (latest version)]({{ site.baseurl}}/assets/design-doc-v0.9-beta.pdf)
 * [v0.1 Alpha]({{ site.baseurl}}/assets/design-doc-v0.1-alpha.pdf)
diff --git a/_docs/extend/ecosystem.md b/_docs/extend/ecosystem.md
index 448771d..4cabafa 100644
--- a/_docs/extend/ecosystem.md
+++ b/_docs/extend/ecosystem.md
@@ -4,7 +4,7 @@ description: Here's a list of how the Bitcoin ecosystem could be improved with
   increased security.
 ---
 
-The Glacier protocol is lengthy and complex because the tools for high-security cold storage do not exist. This appendix briefly outlines some of the tool functionality that would address this gap. For additional technical details, see the Glacier [design document](/docs/design-doc/overview).
+The Glacier protocol is lengthy and complex because the tools for high-security cold storage do not exist. This appendix briefly outlines some of the tool functionality that would address this gap. For additional technical details, see the [design document](/docs/design-doc/overview).
 
 Ideally, the Bitcoin community (and other cryptocurrency communities) will create these tools as soon as possible and render Glacier obsolete. We invite inquiry and consultation by others interested in developing these tools.
 
diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 89cb5af..3e8c50b 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -77,7 +77,7 @@ copy there.
         Technical details: Because you verified the checksum & checksum
         signature for this document in Section I, we are omitting the GPG
         verification of some other fingerprints in the protocol. For a detailed
-        security analysis, see the design document.
+        security analysis, see the [design document](/docs/design-doc/overview).
 
         You can verify this is the official Ubuntu fingerprint
         [here](http://releases.ubuntu.com/16.04/SHA256SUMS),

From f0fad2bb21ec27b789a9704daa9f637a09f4b363 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 16:25:31 +0000
Subject: [PATCH 059/190] Reword, restructure

---
 _docs/before-you-start/overview.md | 34 ++++++++++++------------------
 1 file changed, 14 insertions(+), 20 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index da99217..d53f3e7 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -11,30 +11,24 @@ facilitate its execution. For more background on the protocol's design, see
 the [design document](/docs/design-doc/overview).
 
 As described previously, the Glacier
-protocol involves putting bitcoins in cold storage, using multisignature
+protocol involves securing bitcoins in cold storage, using multisignature
 security, with the keys stored only on paper.
 
 ## Eternally quarantined hardware
 
-This bulk of the Glacier protocol consists of ways to safeguard
-against theft of private keys due to malware infection. To accomplish this,
-Glacier uses eternally quarantined hardware.
-
-Quarantined hardware means
-we drastically limit the ways in which a piece of hardware interfaces with
-the outside world in order to prevent the transmission of sensitive data
-(e.g. private keys) or harmful data (e.g. malware). We consider all
-interfaces -- network, USB, printer, and so on -- because any of them
-might be used to transmit malware or private keys.
-
-Eternally quarantined
-hardware means we use factory-new hardware for this purpose (to minimize
-risk of prior malware infection), and never lift the quarantine. The
-quarantine is permanent because any malware infection which does somehow
-get through the quarantine might wait indefinitely for an opportunity to use
-an available interface (e.g. the Internet, if a quarantined laptop is later
-used to access the web). Eternal quarantining renders the hardware
-essentially useless for anything else but executing this protocol.
+Eternally quarantined hardware is hardware with drastically limited
+interfaces with the outside world. This prevents the transmission of
+sensitive or harmful data, for example, private keys or malware. All
+interfaces are considered, including network, USB and printer, because
+all may be used to transmit data.
+
+To ensure hardware is eternally quarantined, factory-new hardware is used to
+minimize the risk of prior malware infection. This hardware must be
+permanantly quarantined, effectively rendering it useless for anything other
+than executing the protocol. The quarantine is *strictly* permanent because
+any malware infection which gets through the quarantine may wait
+indefinitely for an opportunity to use an available interface, for example,
+if a quarantined laptop is later used to access the web. 
 
 ## Parallel hardware stacks
 

From 2c4d554bbb734922afec4727e898d238b1a17922 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 16:29:11 +0000
Subject: [PATCH 060/190] Reword, restructure, missing links added

---
 _docs/before-you-start/overview.md | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index d53f3e7..a7afc97 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -32,20 +32,17 @@ if a quarantined laptop is later used to access the web.
 
 ## Parallel hardware stacks
 
-There is a class of attacks which rely not on stealing
+"Flawed data" is a class of attack which relies not on stealing
 your sensitive data (e.g. private keys), but in subverting the process of
-generating your sensitive data so it can be more easily guessed by a third
-party. We call this "flawed data."
-
-For example, a variant of the Trojan.Bitclip attack which replaces keys
-displayed on your screen (or keys stored in your clipboard) with insecure keys.
-
-Because we are generating our data in
-eternally quarantined environments, any malware infection attempting this is
-unlikely to have come from your other computers -- it would likely have
-already been present when the quarantined system arrived from the
-manufacturer. For example, the Lenovo rootkit or this Dell firmware malware
-infection.
+generating the sensitive data, with the intention of making it more easily
+guessed by a third party. For example, a variant of the Trojan.Bitclip
+attack replaces keys displayed on your screen, or stored in your clipboard,
+with insecure keys.
+
+By using eternally quarantined hardware, any malware attempting to take advantage
+of flawed data would likely have already been present when the system arrived
+from the manufacturer. For example, [the Lenovo Service Engine rootkit](https://thehackernews.com/2015/08/lenovo-rootkit-malware.html)
+or [the Dell W32.Spybot worm](https://www.theregister.co.uk/2010/07/23/dell_malware_update/).
 
 The way to defeat these attacks is to detect them before
 we actually use the flawed data. We can detect such an attack by

From d310219c7c6cb94a9485579ab6421e16cce52d62 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 16:29:51 +0000
Subject: [PATCH 061/190] Reword

---
 _docs/before-you-start/overview.md | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index a7afc97..8d45033 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -44,15 +44,13 @@ of flawed data would likely have already been present when the system arrived
 from the manufacturer. For example, [the Lenovo Service Engine rootkit](https://thehackernews.com/2015/08/lenovo-rootkit-malware.html)
 or [the Dell W32.Spybot worm](https://www.theregister.co.uk/2010/07/23/dell_malware_update/).
 
-The way to defeat these attacks is to detect them before
-we actually use the flawed data. We can detect such an attack by
-replicating the entire data generation process on two sets of eternally
-quarantined hardware, from different manufacturers. If the process
-generates identical data on both sets of hardware, we can be highly
-confident the data is not flawed because it would have to be an identical
-attack present on both sets of hardware, factory-new from different
-manufacturers. This is exceptionally unlikely.
-
+These attacks are defeated by detecting them before the flawed data is used.
+This is done by replicating the entire data generation process on two
+sets of eternally quarantined hardware from different manufacturers. If the
+process generates identical data on both sets of hardware, it is exceptionally
+unlikely that the data is flawed. Identical attacks would have to be present on
+both sets of hardware, both of which are factory-new and both of which are from
+different manufacturers.
 
 ## Bitcoin Core and GlacierScript
 

From 779f75e1ccd86c3a9e7176fc78ad4d186fc57cfb Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 16:42:23 +0000
Subject: [PATCH 062/190] Reword

---
 _docs/before-you-start/overview.md | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 8d45033..de4e1be 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -54,16 +54,14 @@ different manufacturers.
 
 ## Bitcoin Core and GlacierScript
 
-Glacier uses the [Bitcoin Core](https://bitcoincore.org/)
-software for all cryptographic and financial operations, as its open source code
-is the most trustworthy. This is due to its track record of securing large amounts
-of money for many years, and the high degree of code review scrutiny it has
-received.
-
-Glacier also utilizes GlacierScript, a software program that
-automates much of the manual work involved in executing the protocol.
-GlacierScript's [open source code](https://github.com/GlacierProtocol/GlacierProtocol) is straightforward and extensively
-commented to facilitate easy review for flaws or vulnerabilities.
+Glacier uses [Bitcoin Core](https://bitcoincore.org/) for all cryptographic and
+financial operations. Its open source code has proven to be the most trustworthy,
+most secure, and has had the highest degree of code review scrutiny over many years.
+
+Glacier also utilizes GlacierScript to automate much of the manual work involved
+in executing the protocol. GlacierScript's [open source code](https://github.com/GlacierProtocol/GlacierProtocol)
+is straightforward, and extensively commented, to facilitate easy review for flaws
+or vulnerabilities.
 
 ## Protocol output
 

From 7a943956af2f116dcfd3b53d45476030d29471ca Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 16:59:01 +0000
Subject: [PATCH 063/190] Reword, consistent emphasis

---
 _docs/before-you-start/overview.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index de4e1be..5da3c4f 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -69,12 +69,13 @@ The end result of the Glacier protocol is a set of paper information
 packets, one for each private key needed for the multisignature withdrawal
 policy. Each packet includes the following information:
 
-* One **private key** -- an alphanumeric string used to secure the funds
-* The **cold storage address** -- an alphanumeric string designating the virtual "location" of the funds
-* The **"redemption script"** -- an additional code needed to access funds, shared
+* **One private key**: an alphanumeric string used to secure the funds
+* **One cold storage address**: an alphanumeric string designating the virtual
+"location" of the funds
+* **One redeem script**: an additional code needed to access funds, shared
 by all private keys.
 
-Technical details: The Glacier protocol reuses Bitcoin addresses. See the
+Technical detail: The Glacier protocol reuses Bitcoin addresses. See the
 [design document](/docs/design-doc/overview) for a detailed analysis.
 
 ## Protocol cost

From 148b0f1cca58c3265033650afa7f1fdd0f34096e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 17:01:21 +0000
Subject: [PATCH 064/190] Reword, $ price is too US-centric and too variable
 over time

link to hardware section added for user to calculate local price
---
 _docs/before-you-start/overview.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 5da3c4f..64b2a27 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -80,7 +80,10 @@ Technical detail: The Glacier protocol reuses Bitcoin addresses. See the
 
 ## Protocol cost
 
-The Glacier protocol requires over $600 in equipment, and approximately 8 hours of work to perform an initial cold storage deposit. This excludes time for:
+The Glacier protocol requires a not-insignificant investment in hardware, see the
+[Hardware required](/docs/before-you-start/hardware) section, along with
+approximately 8 hours of work to perform an initial cold storage deposit. This
+excludes time for:
 
 * Obtaining equipment
 * Printing documents

From 4ec7f3fe69f82ba18671d368c02cb88a41264b96 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 17:02:04 +0000
Subject: [PATCH 065/190] Reword, written in passive voice

---
 _docs/before-you-start/overview.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 64b2a27..f075234 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -88,7 +88,7 @@ excludes time for:
 * Obtaining equipment
 * Printing documents
 * Downloading files
-* Physically storing the resulting Bitcoin keys
+* Physically storing the private keys
 
 Subsequent deposits and withdrawals re-use the same equipment and take a
 fraction of the time.
@@ -96,8 +96,8 @@ fraction of the time.
 ## No formal support
 
 As a free, volunteer-developed community project, there is no formal support
-channel for Glacier should you encounter any issues. However, you may be able to
-ask advice of community members on our [Gitter chat room](https://gitter.im/glacierprotocol/Lobby)
+channel for Glacier. However, advice may be available from community
+members on the Glacier [Gitter chat room](https://gitter.im/glacierprotocol/Lobby)
 or other Bitcoin community forums.
 
 ## Privacy considerations

From 068d08f4295d0e191feccfb6fdd0596dfa4c237d Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 17:59:39 +0000
Subject: [PATCH 066/190] Reword, dead blockchain explorer link replaced

---
 _docs/before-you-start/overview.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index f075234..8830c1b 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -102,12 +102,11 @@ or other Bitcoin community forums.
 
 ## Privacy considerations
 
-Because the Bitcoin blockchain is public, the way you route and store funds has
-privacy implications. For example, any person to whom you give your cold storage
-address (because, for example, they're sending you funds which you want to keep
-in cold storage) can see your total cold storage balance. This is easy to do
-with many free services (e.g.
-[Blockr](https://www.coinbase.com/) ).
+Because the Bitcoin blockchain is public, the routing and storage of funds has
+privacy implications. For example, any person receiving a cold storage
+address for the purpose of sending funds, will be able to see the total cold
+storage balance. This is easy to do with many free services, for example,
+[BlockCypher](https://live.blockcypher.com).
 
 This is true not just of individuals, but entities. That is, any online wallet
 service which you use to send funds to cold storage can see your cold storage

From 5e0a26aedd373a47f824b9bd3739286fc771514e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 18:00:41 +0000
Subject: [PATCH 067/190] Reword

---
 _docs/before-you-start/overview.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 8830c1b..700f954 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -109,14 +109,13 @@ storage balance. This is easy to do with many free services, for example,
 [BlockCypher](https://live.blockcypher.com).
 
 This is true not just of individuals, but entities. That is, any online wallet
-service which you use to send funds to cold storage can see your cold storage
-balance, and may deduce that it belongs to you. They may, of course, also choose
+service used to send funds to cold storage can see the cold storage
+balance, and may deduce the owner. The online wallet may, of course, also choose
 to share this information with others.
 
-If this is a concern for you, the easiest way to keep your
-cold storage balance private from a particular entity is to route the
-payment through one (or more) intermediary addresses before sending it to
-your cold storage address, with a few transactions going to each
+If privacy is a concern, the easiest way to keep a cold storage balance private is
+to route the payment through one (or more) intermediary addresses before sending
+it to the cold storage address, with a few transactions going to each
 intermediate address. This does not provide perfect privacy, but each
 intermediate address provides increasing levels of obfuscation and
 uncertainty.

From 43ef197c1eef19d8b7de508945c5649255cd2450 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 18:02:05 +0000
Subject: [PATCH 068/190] Reword, point added about loss of personal details

---
 _docs/before-you-start/overview.md | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 700f954..bbeb875 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -120,15 +120,12 @@ intermediate address. This does not provide perfect privacy, but each
 intermediate address provides increasing levels of obfuscation and
 uncertainty.
 
-If privacy is very important to you, you might consider using
-a service like
-[Shapeshift](https://shapeshift.io/#/coins)
-to exchange your Bitcoins for an more anonymous cryptocurrency, such as
-[Monero](http://monero.org/),
-and then exchange them back to Bitcoins.
-However, this will cost you fees, and importantly, it requires you trust the
-operator of the exchange service not to steal or lose your
-funds.
+If privacy is a *major* concern, consider using a service like
+[Shapeshift](https://shapeshift.io/#/coins) to exchange bitcoin for a more
+anonymous cryptocurrency such as [Monero](http://monero.org/). This can then be
+exchanged back to bitcoin. Each exchange will incur a fee and, more importantly,
+will require trust that the exchange service will not steal/lose the funds, or
+reveal personal details.
 
 [This guide](https://bitcoinnewsmagazine.com/how-to-use-monero-to-anonymize-bitcoin/)
 gives additional detail about how to increase Bitcoin anonymity using Monero &

From 6f943e011c7b16f934629e4f64a22aca75ab61b4 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 18:02:42 +0000
Subject: [PATCH 069/190] Dead link renders passage useless

---
 _docs/before-you-start/overview.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index bbeb875..a4594ef 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -127,10 +127,6 @@ exchanged back to bitcoin. Each exchange will incur a fee and, more importantly,
 will require trust that the exchange service will not steal/lose the funds, or
 reveal personal details.
 
-[This guide](https://bitcoinnewsmagazine.com/how-to-use-monero-to-anonymize-bitcoin/)
-gives additional detail about how to increase Bitcoin anonymity using Monero &
-Tor.
-
 ## Out of scope
 
 There's always more one could do to increase security. While

From 6d8936378391e47acc4110c877942630c79f53e9 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 21 Nov 2018 18:33:18 +0000
Subject: [PATCH 070/190] Reword

---
 _docs/before-you-start/overview.md | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index a4594ef..23f551c 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -127,13 +127,12 @@ exchanged back to bitcoin. Each exchange will incur a fee and, more importantly,
 will require trust that the exchange service will not steal/lose the funds, or
 reveal personal details.
 
-## Out of scope
+## Scope limits
 
-There's always more one could do to increase security. While
-Glacier is designed to provide strong protection for almost everyone, some
-situations (e.g. being the focus of a targeted attack by a sophisticated,
-well-resourced criminal organization) are beyond its scope.
+Security can always be improved. While Glacier is designed to provide strong
+protection for most, some situations, for example, being the focus of a targeted
+attack by a sophisticated, well-resourced criminal organization, are beyond its scope.
 
-For some
-additional security precautions beyond those provided in the standard
-protocol, see the [possible improvements to Glacier](/docs/extend/improvements/).
+For some additional security precautions beyond those provided in the standard
+protocol, see the [possible improvements to Glacier](/docs/extend/improvements/)
+section.
\ No newline at end of file

From d31f8ecef423f071754cb7ad5a2158a749e95d45 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 09:22:49 +0000
Subject: [PATCH 071/190] Shapeshift/monero links removed - too much detail

---
 _docs/before-you-start/overview.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 23f551c..811074e 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -120,12 +120,11 @@ intermediate address. This does not provide perfect privacy, but each
 intermediate address provides increasing levels of obfuscation and
 uncertainty.
 
-If privacy is a *major* concern, consider using a service like
-[Shapeshift](https://shapeshift.io/#/coins) to exchange bitcoin for a more
-anonymous cryptocurrency such as [Monero](http://monero.org/). This can then be
-exchanged back to bitcoin. Each exchange will incur a fee and, more importantly,
-will require trust that the exchange service will not steal/lose the funds, or
-reveal personal details.
+If privacy is a *major* concern, consider exchanging bitcoin for a privacy coin,
+then exchanging the privacy coin back to bitcoin. Each exchange will incur a fee
+and, more importantly, will require trust that the exchange service will not
+steal/lose the funds, or reveal personal details. The exact details of this process
+is outside the scope of this document.
 
 ## Scope limits
 

From da37148cac158d7be681d1e9ad2cb5b6f9b020cb Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 09:32:06 +0000
Subject: [PATCH 072/190] USB hub suggestion removed - computer with two ports
 has been specified

No need to suggest security compromise
---
 _docs/before-you-start/hardware.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/_docs/before-you-start/hardware.md b/_docs/before-you-start/hardware.md
index decce08..e1a47b0 100644
--- a/_docs/before-you-start/hardware.md
+++ b/_docs/before-you-start/hardware.md
@@ -13,10 +13,6 @@ Glacier has been written and tested around these specific equipment recommendati
 * Two factory-sealed USB drives (2GB+) from the same manufacturer:
 [SanDisk Cruzer 8GB](http://a.co/1Us66ze).
 
-We'll be using two USB drives at the same time. If the computer has only one USB
-port, you'd need to use a USB hub, which is a separate piece of USB hardware subject
-to malware infection of its firmware.
-
 We'll use the camera for reading QR codes.
 
 ### Eternally quarantined hardware: Set 2

From aea3a40edddcc1613b465cd94e4e6582465fba4a Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 09:53:26 +0000
Subject: [PATCH 073/190] Typo

or that has NOT spent much time on your home or office network
---
 _docs/before-you-start/hardware.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/before-you-start/hardware.md b/_docs/before-you-start/hardware.md
index e1a47b0..fb47185 100644
--- a/_docs/before-you-start/hardware.md
+++ b/_docs/before-you-start/hardware.md
@@ -32,7 +32,7 @@ manufacturer than the drives for Set 1:
 Linux.**
 
   One of these two computers should be a computer that you do not own (unless
-  purchased brand new), or that has spent much time on your home or office network.
+  purchased brand new), or that has not spent much time on your home or office network.
 * Printer
 * Smartphone with a working camera
 

From 131a9bb01aefba2e8f8f70ab04096960ba8dc410 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 13:26:00 +0000
Subject: [PATCH 074/190] Vulnerability description moved to attack surface
 section

---
 _docs/before-you-start/hardware.md               | 12 +++---------
 _docs/protocol-vulnerabilities/attack-surface.md |  5 ++++-
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/_docs/before-you-start/hardware.md b/_docs/before-you-start/hardware.md
index fb47185..ac52b75 100644
--- a/_docs/before-you-start/hardware.md
+++ b/_docs/before-you-start/hardware.md
@@ -61,15 +61,9 @@ Waterproof, heat resistant, and tear-resistant.
 
 ### Notes
 
-Standard software algorithms that generate random numbers, such as those used
-to generate Bitcoin private keys, are
-[vulnerable to exploitation](https://bitcoin.org/en/alert/2013-08-11-android),
-either due to malware or algorithmic weakness (i.e. they often provide numbers that
-are not truly random). Dice offer something closer to true randomness.
-
-Casino dice are created specifically to remove any potential dice bias
-(square corners, filled in pips, low manufacturing tolerance, etc.) That's why
-casinos use them!
+Casino dice offer number generation which is closer to true randomness than a computer can provide.
+The square corners, filled in pips and low manufacturing tolerances mean casino dice remove
+any potential dice bias present in regular dice.
 
 TerraSlate paper is extremely rugged, but you might also consider laminating the
 paper for additional protection. You'll need a
diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index eda674d..4928be1 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -93,7 +93,10 @@ networked or attacker-controlled device in range then steals the data. Possibili
   payload of valid data. For example, the nonce used for a transaction signature could contains
   bits of the private key.
   * **Flawed data generation**: Undetected generation of flawed sensitive data IF compatible
-  malware is present on BOTH quarantined environments.
+  malware is present on BOTH quarantined environments. For example, standard software algorithms that
+  generate random numbers, such as those used to generate Bitcoin private keys, are
+  [vulnerable to exploitation](https://bitcoin.org/en/alert/2013-08-11-android), either due to malware
+  or algorithmic weakness. This can often provide numbers that are not truly random.
   * **Guessable private keys**: Private key creation could be compromised to make keys easily guessable.
   * **Compromised addresses**: Transaction creation is compromised to use output addresses belonging to an attacker,
   AND cooperating malware on a networked computer sends the malicious transaction before the

From d2feccf1e13516087e941bc26e2d4176018a6a6c Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 13:38:33 +0000
Subject: [PATCH 075/190] Covered exactly in "Paper key security" in "Extend
 Glacier security"

Info should not be duplicated within document - too hard to maintain
---
 _docs/before-you-start/hardware.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/_docs/before-you-start/hardware.md b/_docs/before-you-start/hardware.md
index ac52b75..645b497 100644
--- a/_docs/before-you-start/hardware.md
+++ b/_docs/before-you-start/hardware.md
@@ -65,7 +65,3 @@ Casino dice offer number generation which is closer to true randomness than a co
 The square corners, filled in pips and low manufacturing tolerances mean casino dice remove
 any potential dice bias present in regular dice.
 
-TerraSlate paper is extremely rugged, but you might also consider laminating the
-paper for additional protection. You'll need a
-[thermal laminator](http://a.co/cZBN1YU) and
-[laminating pouches](http://a.co/ifISzje).

From 1857a4ff0349fb5e3f6621047910b79929b65074 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 13:46:18 +0000
Subject: [PATCH 076/190] Restructure to make new purchases more evident,
 reword, tagnames added

Manufacturer requirements made clearer, links made consistent
---
 _docs/before-you-start/hardware.md | 79 +++++++++++++-----------------
 1 file changed, 34 insertions(+), 45 deletions(-)

diff --git a/_docs/before-you-start/hardware.md b/_docs/before-you-start/hardware.md
index 645b497..282df1a 100644
--- a/_docs/before-you-start/hardware.md
+++ b/_docs/before-you-start/hardware.md
@@ -6,62 +6,51 @@ description: Learn what hardware you need to acquire for using Glacier, the
 
 Glacier has been written and tested around these specific equipment recommendations.
 
-### Eternally quarantined hardware: Set 1
+## Factory new hardware
 
-* Factory-sealed computer with 2 USB ports and a camera:
-[2016 Dell Inspiron 11.6"](http://a.co/1E6HEQA)
-* Two factory-sealed USB drives (2GB+) from the same manufacturer:
-[SanDisk Cruzer 8GB](http://a.co/1Us66ze).
+All items *must* be brand new and factory sealed. Manufacturers A and B *must* be
+different, and manufacturers C and D *must* be different.
 
-We'll use the camera for reading QR codes.
+### Eternally quarantined
 
-### Eternally quarantined hardware: Set 2
+* **Q1**: Computer from manufacturer A, with two USB ports and a camera: For example,
+[2016 Dell Inspiron 11.6"](http://a.co/1E6HEQA)
+* **Q1 BOOT**: USB drive from manufacturer C, minimum 2GB: For example, [SanDisk Cruzer 8GB](http://a.co/1Us66ze)
+* **Q1 APP**: USB drive from manufacturer C, minimum 2GB: For example, [SanDisk Cruzer 8GB](http://a.co/1Us66ze)
 
-* Factory-sealed computer from a different manufacturer, also with 2 USB ports
-and a camera:
+* **Q2**: Computer from manufacturer B, with two USB ports and a camera: For example,
 [Acer Aspire One Cloudbook 11"](http://a.co/1ZMSB3Y)
-* Two factory-sealed USB drives (2GB+) from the same manufacturer, but a different
-manufacturer than the drives for Set 1:
-[Verbatim 2GB](http://a.co/jdzEf8O)
+* **Q2 BOOT**: USB drive from manufacturer D, minimum 2GB: For example, [Verbatim 2GB](http://a.co/jdzEf8O)
+* **Q2 APP**: USB drive from manufacturer D, minimum 2GB: For example, [Verbatim 2GB](http://a.co/jdzEf8O)
 
+The computers require two USB ports for simultaneous usage of the USB drives. Cameras are
+required for reading QR codes.
 
-### Used/existing computing equipment
+### Non-quarantined
 
-* Two computers with Internet connectivity, administrator access, and about
-2GB of free disk space.  **Each computer must be running Windows 10, MacOS, or
-Linux.**
+* **SETUP BOOT 1**: USB drive from manufacturer C, D or other (2GB+): For example, [Verbatim 2GB](http://a.co/jieluaE)
+* **SETUP BOOT 2**: USB drive from manufacturer C, D or other (2GB+): For example, [Verbatim 2GB](http://a.co/jieluaE)
 
-  One of these two computers should be a computer that you do not own (unless
-  purchased brand new), or that has not spent much time on your home or office network.
-* Printer
-* Smartphone with a working camera
+## Used/existing hardware
 
+* **SETUP 1**: Computer, either brand new or has not spent much time connected to the internet,
+with internet connectivity, administrator access, and 2GB of free disk space. *Must*
+be running Windows 10, MacOS, or Linux. 
+* **SETUP 2**: Computer with internet connectivity, administrator access, and about
+2GB of free disk space. *Must* be running Windows 10, MacOS, or Linux.
+* **Printer**
+* **Smartphone**: Must have a working camera
 
 ### Other equipment
 
-* Two factory-sealed USB drives (2GB+):
-[Verbatim 2GB](http://a.co/jieluaE)
-* [Precision screwdrivers](http://a.co/bbvj16a),
-for removing WiFi cards from laptops
-* [Electrical tape](http://a.co/gZZiEdA)
-* [Casino-grade six-sided dice](http://a.co/ghbdiak).
-Regular dice are insufficient.
-* [Faraday bag](http://a.co/3wiNPLT).
-Used to prevent smartphone malware from
-[stealing sensitive data using radio frequencies](https://www.usenix.org/legacy/event/sec09/tech/full_papers/vuagnoux.pdf).
-* [Table fan](http://a.co/98PrpMs).
-White noise can prevent malware on nearby devices from
-[stealing sensitive data using sound](https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data/).
-* [Home safe](http://a.co/6sRoaPv).
-Consider bolting it to your floor to deter theft.
-* [TerraSlate paper](http://a.co/7pk5fJN).
-Waterproof, heat resistant, and tear-resistant.
-* [Cardboard envelopes](http://a.co/7jUPLMR), for opacity
-* [Tamper-resistant seals](http://a.co/96KlsAl)
-
-### Notes
-
-Casino dice offer number generation which is closer to true randomness than a computer can provide.
+* **Precision screwdrivers**: To dismantle hardware. For example, [Tekton 2977](http://a.co/bbvj16a)
+* **Electrical tape**: To insulate loose connection. For example, [Duck](http://a.co/gZZiEdA)
+* **Casino-grade six-sided dice**: To provide entropy. Casino dice offer number generation which is closer to true randomness than a computer can provide.
 The square corners, filled in pips and low manufacturing tolerances mean casino dice remove
-any potential dice bias present in regular dice.
-
+any potential dice bias present in regular dice. For example, [Trademark Poker](http://a.co/ghbdiak)
+* **Faraday bag**: To prevent smartphone data exfiltration via radio side channel. For example, [Stealth Anti Signal Forensic Faraday Bag](http://a.co/3wiNPLT)
+* **Table fan**: To provide white noise. For example, [Holmes Lil' Blizzard](http://a.co/98PrpMs)
+* **Home safe**: To secure keys, bolted to the floor. For example, [AmazonBasics Security Safe](http://a.co/6sRoaPv)
+* **TerraSlate paper**: To write private keys on. For example, [TerraSlate paper](http://a.co/7pk5fJN)
+* **Cardboard envelopes**: To opaquely store private keys. For example, [Quality Park Extra-Rigid Fiberboard](http://a.co/7jUPLMR)
+* **Tamper-resistant seals**: To highlight tampering. For example, [BoxSilver Security Holograms](http://a.co/96KlsAl)
\ No newline at end of file

From c608d091b6da8a964a9a7244f384a7fd3ec2e5dd Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 17:12:53 +0000
Subject: [PATCH 077/190] echo statement lengthened to split over two lines, as
 referenced

---
 _docs/before-you-start/structure.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/_docs/before-you-start/structure.md b/_docs/before-you-start/structure.md
index 87feac2..4f3e8c3 100644
--- a/_docs/before-you-start/structure.md
+++ b/_docs/before-you-start/structure.md
@@ -77,7 +77,8 @@ Commands to be entered into a terminal window will be
 displayed in a fixed-width font like this:
 
 ```
-$ echo "everything after the $ could be copy-pasted into a terminal window"
+$ echo "all text after the $, on both lines, should either be copy-pasted from
+this document or manually typed into a terminal window"
 ```
 
 The `$` at the beginning

From b344389a978a9a65bd430f201cb07fe295a78b24 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 17:24:52 +0000
Subject: [PATCH 078/190] reword, restructure

---
 _docs/before-you-start/structure.md | 126 ++++++++++++----------------
 1 file changed, 55 insertions(+), 71 deletions(-)

diff --git a/_docs/before-you-start/structure.md b/_docs/before-you-start/structure.md
index 4f3e8c3..c6b9abb 100644
--- a/_docs/before-you-start/structure.md
+++ b/_docs/before-you-start/structure.md
@@ -4,15 +4,15 @@ description: This page explains the overall structure of Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---
 
-The overall Glacier protocol consists of several distinct subprotocols:
+The Glacier protocol consists of several distinct sub-protocols:
 
-* **Setup**: Prepares hardware,
-and downloads and verifies needed software & documentation.
-* **Deposit**: For securely storing bitcoins.
-* **Withdrawal**: For transferring some or all of your stored funds to another
+* **Setup**: Preparing the hardware, downloading and verifying the software and
+documentation.
+* **Deposit**: Storing the bitcoin.
+* **Withdrawal**: Transferring some or all stored bitcoin to another
 bitcoin address.
-* **Viewing**: For viewing the balance of your funds in secure storage.
-* **Maintenance**: For ensuring funds in cold storage remain accessible and
+* **Viewing**: Viewing the balance held in secure storage.
+* **Maintenance**: Ensuring the bitcoin in cold storage remains accessible and
 secure.
 
 ## Sensitive data
@@ -20,57 +20,46 @@ secure.
 *Critically-sensitive data* (e.g. private keys) will be highlighted in red,
 like this: <span class="danger">critically-sensitive-data-here</span>.
 
-*Critically* sensitive data can be used by thieves to to steal your bitcoins. If
-you follow the protocol precisely, your critically sensitive data will remain
-secure.
+*Critically* sensitive data can be used by thieves to to steal bitcoin. Follow
+the protocol precisely to ensure critically sensitive data remains secure.
 
-Do *not* do anything with critically sensitive data that the protocol does not
-specifically instruct you to. In particular:
+Do *not* do anything with critically sensitive data that is not *specifically*
+outlined in the protocol. In particular:
 
-* Never send it over email or instant messenger
-* Never save it to disk (hard drive, USB drive,
-etc.)
-* Never paste or type it into any non-eternally-quarantined
+* *Never* send critically sensitive data over email or instant messenger
+* *Never* save critically sensitive data to disk (hard drive, USB drive, etc.)
+* *Never* paste or type critically sensitive data into any non-eternally-quarantined
 device
-* Never take a picture of it
-* Never let any untrusted person see it
-
-*Moderately-sensitive data* (e.g. a cold storage address or redemption
-script) will be highlighted in yellow, like this:
-<span class="warning">moderately-sensitive-data-here</span>.
+* *Never* take a picture of critically sensitive data
+* *Never* allow critically sensitive data to be seen by any untrusted person
 
-*Moderately* sensitive data impacts
-privacy, but does not directly impact security. It cannot be used to
-steal your bitcoins, but it *can* be used to see how many bitcoins you own
-(if someone knows that the moderately sensitive data in question belongs
-to you).
+*Moderately-sensitive data* (e.g. a cold storage address or redeem script) will
+be highlighted in yellow, like this: <span class="warning">moderately-sensitive-data-here</span>.
 
-It does indirectly impact security, in that if someone knows you own a lot of
-difficult-to-trace money, they have some incentive to rob, extort, or attack you
-to get it.
+*Moderately* sensitive data impacts privacy, because it can be used to see the total
+amount of bitcoin in storage, but does not directly impact security since it cannot
+be used to withdraw the funds. However, it can indirectly impact security in
+that potential thieves, knowing the amount held, may have the incentive to rob or
+extort.
 
 The protocol recommends storing copies of moderately-sensitive
-data electronically, in a "conventionally secure" manner (for example, in
-a password manager such as
-[1Password](https://1password.com/)). If you're particularly
-concerned about privacy, you *can* forego electronic storage, because the protocol
-also stores copies of moderately-sensitive data in cold storage with each private
-key. However, this is not recommended.
-
-This means that knowledge of your cold storage balance will be as secure as
-access to any accounts which have their credentials stored in your password
-manager. For most people, this is sufficient.
-
-If you use only hardcopies, you'll need to manually type in a large amount of
-gibberish data, by hand, with no errors, every time you withdraw funds from
-cold storage.
+data electronically, in a "conventionally secure" manner, for example, in
+a password manager such as [1Password](https://1password.com/). This means that knowledge
+of the cold storage balance will be as secure as access to other credentials stored in
+the password manager. For most people, this is sufficient.
+
+Although not recommended, the electronic storage of moderately-sensitive data can be
+omitted to improve privacy, because the protocol also stores copies of
+moderately-sensitive data in cold storage with each private key. It should be considered,
+though, that moderately-sensitive data stored on paper will need to be typed by hand
+every time funds are to be withdrawn from cold storage. The lengthy, complex nature of
+this data makes errors likely.
 
 ### Terminal usage
 
-Many protocol steps involve
-typing commands into a *terminal window*. Working in a terminal window is
-analogous to working under the hood of a car. It allows you to give the
-computer more precise commands than you can through the regular
+Many protocol steps involve typing commands into a terminal window. Analogous to
+working under the hood of a car, this allows the user to give the
+computer more precise commands than can be given through the regular
 interface.
 
 Commands to be entered into a terminal window will be
@@ -81,26 +70,21 @@ $ echo "all text after the $, on both lines, should either be copy-pasted from
 this document or manually typed into a terminal window"
 ```
 
-The `$` at the beginning
-of the line represents a *terminal prompt*, indicating readiness for user
-input. The actual prompt varies depending on your operating system and its
-configuration; it may be `$` , `>` , or something else. Usually the terminal
-will show additional information (such as a computer name, user ID and/or
-folder name) preceding every prompt.
-
-In the above example, the text
-splits across two lines because of the margins of this document. Each line
-is *not* a separate command; it is all one command, meant to be entered
-all at once. This is clear because there is no terminal prompt at the
-beginning of the second line.
-Proceed Carefully
-
-If you encounter
-**anything that is different** from what the protocol says you should
-expect, **the recommendation is that you stop and seek help** unless your
-expert opinion gives you high confidence that you understand all possible
-causes and implications of the discrepancy.
-
-**In general, follow the
-protocol carefully, keep track of what step you are on, and double-check
-your work**. Any errors or deviations can undermine your security.
+The `$` at the beginning of the line signifies that the text which follows is to be
+executed from the terminal. The actual prompt varies depending on the operating
+system and its configuration; it may be `$`, `>` , or something else. Usually,
+the terminal will show additional information preceding every prompt, such as
+a computer name, user ID and/or folder name.
+
+In the above example, the text splits across two lines because of document margins. 
+Each line is *not* a separate command; it is one command to be entered in its
+entirety. This is clear because there is no `$` at the beginning of the second
+line. Proceed carefully.
+
+If the terminal response is in any way different to the expected response stated
+in the protocol, **stop and seek help**. Continue only if all possible causes and
+implications of the discrepancy are understood.
+
+**In general, follow the protocol carefully, keep track of the current step and
+double-check all work**. Any errors or deviations can undermine the security of the
+process.
\ No newline at end of file

From 4c420e10c9f2e279e3435f5264cf58f3d8bae3c1 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 18:39:03 +0000
Subject: [PATCH 079/190] Text altered to match section header

---
 _docs/before-you-start/structure.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/before-you-start/structure.md b/_docs/before-you-start/structure.md
index c6b9abb..3fb0c13 100644
--- a/_docs/before-you-start/structure.md
+++ b/_docs/before-you-start/structure.md
@@ -12,7 +12,7 @@ documentation.
 * **Withdrawal**: Transferring some or all stored bitcoin to another
 bitcoin address.
 * **Viewing**: Viewing the balance held in secure storage.
-* **Maintenance**: Ensuring the bitcoin in cold storage remains accessible and
+* **Balance and maintenance**: Ensuring the bitcoin in cold storage remains accessible and
 secure.
 
 ## Sensitive data

From fa695b523b6eb6a7cd61520c799a0b0905ceb68a Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Thu, 22 Nov 2018 18:59:42 +0000
Subject: [PATCH 080/190] Period should not be within quotes, vague folder
 reference improved

---
 _docs/setup/verify.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 46f36e3..a2f6f22 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -27,7 +27,7 @@ https://github.com/GlacierProtocol/GlacierProtocol/releases.
 at https://github.com/GlacierProtocol/GlacierProtocol/releases.
 4. If your browser does not automatically extract the ZIP file contents into a
 folder within your downloads directory, do so.
-5. Rename the folder to "glacier."
+5. Rename the folder containing the extracted files as "glacier".
 6. If you have used Glacier before, *and* you know you have the Glacier public key
 imported into a local GPG keyring, skip the next step. (If you don't know,
 that's fine; proceed as normal.)

From ba23a2af06d00dcfca1ad6a4a386f867a75f7076 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 12:14:26 +0000
Subject: [PATCH 081/190] Reword, restructure, technical detail added to body
 for consistency

popup invisible in pdf, previous technical details were included in body
---
 _docs/setup/verify.md | 42 ++++++++++++++++++++----------------------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index a2f6f22..0fca243 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -31,31 +31,29 @@ folder within your downloads directory, do so.
 6. If you have used Glacier before, *and* you know you have the Glacier public key
 imported into a local GPG keyring, skip the next step. (If you don't know,
 that's fine; proceed as normal.)
-7. Obtain the Glacier "public key," used to cryptographically verify the
-  <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-  data-content="
-  Technical details: Glacier's GPG keys are handled with good security practices. They were generated while booting off an Ubuntu Live USB on a factory-new laptop with the wireless card removed, and transferred via USB to a MacBook. The private key is not stored in the cloud. The public key is hosted separately from our software distributions, on Keybase, secured with separate credentials (all of which are in password managers).
-  ">protocol document</a>.
-
+5. Obtain the Glacier PGP public key, used to cryptographically verify the protocol document.
+
+    Technical detail: Glacier's GPG keys are handled with good security practices.
+    They were generated while booting from an Ubuntu Live USB on a factory-new laptop
+    with the wireless card removed, and transferred via USB to a MacBook. The private
+    key is not stored in the cloud. The public key is hosted separately from the
+    software distributions, on [Keybase](https://keybase.io/), and secured with separate credentials stored
+    in password managers.
    **If you are ever using Glacier in the future and notice that this step has
    changed (or that this warning has been removed), there is a security risk.**
    Stop and
-   <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-   data-content="
-  Technical details: There's a chicken-and-egg problem here, in that this document
-  is giving instructions for how to verify itself. Any attacker that compromised
-  this document could also compromise these instructions so that the verification
-  (erroneously) passes. There's no way to prevent this, unless a reader is familiar
-  with the document before the compromise and recognizes that the verification
-  instructions have changed. (This is why we don't just include a direct download
-  link to the public key -- if an attacker changed the link, it would be easy
-  for people not to notice.)
-  In the unfortunate event we legitimately need to change the verification
-  instructions (i.e. to publish a new public key, or change the means of obtaining
-  the existing key), we'll first disseminate a public announcement, signed at a
-  minimum with our personal keys, and hopefully with the keys of well-known
-  individuals from the Bitcoin community.
-  ">seek assistance</a>.
+    Technical detail: There is a chicken-and-egg problem here, in that this document
+    is giving instructions for how to verify itself. Any attacker that compromised
+    this document could also compromise these instructions so that the verification
+    (erroneously) passes. There's no way to prevent this, unless the reader is familiar
+    with the document before the compromise and recognizes that the verification
+    instructions have changed. This is why a direct download link to the public key 
+    is not provided. If an attacker changed the link, it could very easily go unnoticed.
+    In the unfortunate event of a legitimate need to change the verification
+    instructions (i.e. to publish a new public key, or change the means of obtaining
+    the existing key), the announcement will first be disseminated publicly, signed (at a
+    minimum) with contributer personal keys, and hopefully with the keys of well-known
+    individuals from the Bitcoin community.
 
     1. Access Glacier's Keybase profile at <https://keybase.io/glacierprotocol>.
     2. Click the string of letters and numbers next to the key icon.

From 2ef82675be32f610add232a5b5e12d52aa5a598a Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 12:17:00 +0000
Subject: [PATCH 082/190] Reworded, restructured, links made consistent

---
 _docs/setup/verify.md | 49 +++++++++++++++++++------------------------
 1 file changed, 21 insertions(+), 28 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 0fca243..2ef3a6c 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -5,31 +5,24 @@ description: Learn how to set up for Glacier, the step-by-step protocol for
 redirect_from: /docs/setup/
 ---
 
-The Setup Protocol is used to prepare hardware, and download and verify needed
-software & documentation.
-
-The first thing we need to do is verify the integrity of
-the Glacier protocol document (the one you are reading) to ensure that it
-has not been tampered with. After verifying the document, we'll print
-a hardcopy.
-
-Printing is important, because a verified electronic copy will not be
-accessible at all times during protocol execution due to reboots and other
-changes to the computing environment. Printing a hardcopy ensures there is
-always a verified copy of the document available.
-
-1. Find a computer which has Internet access, printer access, and which you have
-permission to install new software on. We'll refer to this computer as the
-"SETUP 1" computer.
-2. Review the errata for the version of Glacier you are using at
-https://github.com/GlacierProtocol/GlacierProtocol/releases.
-3. Download the latest full release of Glacier (*not* just the protocol document)
-at https://github.com/GlacierProtocol/GlacierProtocol/releases.
-4. If your browser does not automatically extract the ZIP file contents into a
-folder within your downloads directory, do so.
-5. Rename the folder containing the extracted files as "glacier".
-6. If you have used Glacier before, *and* you know you have the Glacier public key
-imported into a local GPG keyring, skip the next step. (If you don't know,
+This section outlines the download, verification and printing of the
+protocol document. A verified electronic copy will not be accessible at all times
+during protocol execution, due to reboots and other changes to the computing
+environment. Working from a hardcopy ensures there is always a verified copy of
+the document available.
+
+### On the "SETUP 1" computer
+
+The "SETUP 1" computer must have printer access.
+
+1. Review the errata for the version of Glacier used at
+[https://github.com/GlacierProtocol/GlacierProtocol/releases.](https://github.com/GlacierProtocol/GlacierProtocol/releases)
+2. Download the latest full release of Glacier (*not* just the protocol document)
+at [https://github.com/GlacierProtocol/GlacierProtocol/releases.](https://github.com/GlacierProtocol/GlacierProtocol/releases)
+3. Extract the downloaded ZIP file within the downloads folder, if the browser has not done so automatically.
+4. Rename the folder containing the extracted files as "glacier".
+
+    If the user has used Glacier before, *and* has the Glacier public key imported into a local GPG keyring, skip the next step.
 that's fine; proceed as normal.)
 5. Obtain the Glacier PGP public key, used to cryptographically verify the protocol document.
 
@@ -39,9 +32,9 @@ that's fine; proceed as normal.)
     key is not stored in the cloud. The public key is hosted separately from the
     software distributions, on [Keybase](https://keybase.io/), and secured with separate credentials stored
     in password managers.
-   **If you are ever using Glacier in the future and notice that this step has
-   changed (or that this warning has been removed), there is a security risk.**
-   Stop and
+
+   **If this step changes in future uses of Glacier, or this warning is removed, there is a security risk.**
+   Stop and seek assistance.
     Technical detail: There is a chicken-and-egg problem here, in that this document
     is giving instructions for how to verify itself. Any attacker that compromised
     this document could also compromise these instructions so that the verification

From 4229293b2744393610ea60806c9c77fd8d4fd579 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 12:18:32 +0000
Subject: [PATCH 083/190] Detail added for clarity, link made consistent

---
 _docs/setup/verify.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 2ef3a6c..2544be9 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -48,8 +48,8 @@ that's fine; proceed as normal.)
     minimum) with contributer personal keys, and hopefully with the keys of well-known
     individuals from the Bitcoin community.
 
-    1. Access Glacier's Keybase profile at <https://keybase.io/glacierprotocol>.
-    2. Click the string of letters and numbers next to the key icon.
+    1. Navigate to Glacier's Keybase profile at [keybase.io/glacierprotocol](https://keybase.io/glacierprotocol).
+    2. Click the string of 16 letters and numbers, formatted "XXXX XXXX XXXX XXXX" next to the key icon.
     3. In the pop-up that appears, locate the link reading "this key".
     3. Right-click the link and select "Save Link As..." or "Download Linked File
     As..."

From a32dc936aa7aaebb9b757625b8788f88b3f06fc1 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 12:22:12 +0000
Subject: [PATCH 084/190] Reword, restructure, technical detail added to body
 for consistency

popup invisible in pdf, previous technical details were included in body
---
 _docs/setup/verify.md | 32 +++++++++++++-------------------
 1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 2544be9..85c1072 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -55,25 +55,19 @@ that's fine; proceed as normal.)
     As..."
     5. Name the file "glacier.asc".
 
-8. Download and install [GnuPG](https://gnupg.org/), the
-  software we'll use for doing the
-  <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-  data-content="
-  GnuPG is the same software recommended by the
-  Electronic Frontier Foundation's Surveillance Self Defense protocol.
-  ">cryptographic verification</a>.
-  <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-  data-content="
-  Technical details: Note that we are foregoing verification of the integrity of
-  GnuPG itself. Verification requires having access to a pre-existing, trusted
-  installation of GnuPG, and for many Glacier users, this will not be easy to
-  come by. If you do have access to a trusted installation of GnuPG, and
-  understand how to do the verification process, we encourage you to do so.
-  The risk of an unverified PGP installation is relatively small, since an
-  attacker would have to compromise not just the hosting of GPG distributions,
-  but also the hosting of other software distributions used by Glacier, and such
-  a breach would be quickly detected by the global community.
-  ">See tech details</a>.
+6. Download and install [GnuPG](https://gnupg.org/), the software used for cryptographic
+verification. GnuPG is the same software recommended by the Electronic Frontier
+Foundation's [Surveillance Self-Defense](https://ssd.eff.org/en/about-surveillance-self-defense)
+protocol.
+
+    Technical details: Verification of the integrity of GnuPG itself is omitted.
+    Although a trusted installation is encouraged where possible, this
+    would require having access to a pre-existing, trusted installation of GnuPG.
+    For many Glacier users, this will not be easy to come by. The risk of an 
+    unverified PGP installation is relatively small, since an attacker would have
+    to compromise not just the hosting of GPG distributions, but also the hosting
+    of other software distributions used by Glacier. Such a breach would
+    quickly be detected by the global community.
 
     1. **Windows**: Download and install the latest available version of
     [Gpg4win](https://www.gpg4win.org/). Use the default

From 83c5e8711bf217429d7d2223f90228a9a3bdfa5c Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 12:23:39 +0000
Subject: [PATCH 085/190] Typo

---
 _docs/setup/verify.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 85c1072..f52d7a0 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -80,8 +80,7 @@ protocol.
 
     1. **Windows**: Press Windows-R, type "powershell" and click OK.
     2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar, and
-    type a terminal window. "terminal". Select the Terminal application from the
-    search results.
+    type "terminal". Select the Terminal application from the search results.
     3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
 
 10. Change the terminal window's active folder to your downloads folder. The

From fabd47b7930c182fe63a5626a7f270a6c11d9586 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 12:25:03 +0000
Subject: [PATCH 086/190] Reword, technical detail added to body for
 consistency

popup invisible in pdf, previous technical details were included in body
---
 _docs/setup/verify.md | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index f52d7a0..9d75efa 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -91,12 +91,9 @@ is in a different place, you will need to customize this command.
     2. **MacOS**:  `$ cd $HOME/Downloads/glacier`
     3. **Linux**: `$ cd $HOME/Downloads/glacier`
 
-11. Verify the integrity of the
-<a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-data-content="
-For technical background about this process, see
-https://en.wikipedia.org/wiki/Digital_signature.
-">downloaded document</a>.
+9. Verify the integrity of the downloaded document. For technical background about
+this process, see Wikipedia's [Digital signature](https://en.wikipedia.org/wiki/Digital_signature)
+entry.
 
 
     1. Import the Glacier public key into your local GPG installation:

From 411491c5f4e2bf64d2d045680cb859ad029b4108 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 12:26:26 +0000
Subject: [PATCH 087/190] Reword, technical detail added to body for
 consistency

popup invisible in pdf, previous technical details were included in body
---
 _docs/setup/verify.md | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 9d75efa..8697393 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -113,25 +113,24 @@ entry.
        gpg:          There is no indication that the signature belongs to the owner.
        Primary key fingerprint: E1AA EBB7 AC90 C1FE 80F0  1034 9D1B 7F53 4B43 EAB0</span>
        </pre>
-       The warning message is expected, and is not cause
-       <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-       data-content="
+       The warning message is expected, and is not cause for alarm.
+
        Technical details:
        GPG was designed on the premise that public keys would be
-       verified as actually belonging to their owners  -- either directly, by receiving
-       a key face-to-face from someone known to you, or indirectly, via cryptographic
-       signature by someone whose public key you've already verified. The warning
-       message merely indicates that you have done neither of these verifications for
+       verified as actually belonging to their owners, either directly, by receiving
+       a key face-to-face from a trusted person, or indirectly, via the cryptographic
+       signature of someone whose public key is already verified. The warning
+       message merely indicates that neither of these verifications have been done for
        Glacier's public key.
        This is standard practice with software distribution,
        even for major software packages like Ubuntu.
-       Although you do not have the opportunity to personally
-       verify Glacier's public key came from the Glacier team, you can nonetheless have
-       some degree of trust in the validity of the key, to the extent you trust it was
-       generated and is hosted in a secure manner, and that someone in the community
-       may have noticed and raised an alarm if it were surreptitiously changed by an
+       Although there is no opportunity to personally
+       verify Glacier's public key came from the Glacier team, there can be
+       some degree of trust in the validity of the key, to the extent that it was
+       generated and is hosted in a secure manner, and that the community
+       is likely to have raised an alarm if it were surreptitiously changed by an
        attacker.
-      ">for alarm</a>.
+
     3. Verify the fingerprints in the fingerprint file match the fingerprints of the
     downloaded Glacier files.
 

From 5177de3fc67f64835016f397f6cd3c92f8167cb7 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 12:27:27 +0000
Subject: [PATCH 088/190] Reword, restructure, rewritten in passive voice

---
 _docs/setup/verify.md | 49 ++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 26 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 8697393..853d4c0 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -50,10 +50,9 @@ that's fine; proceed as normal.)
 
     1. Navigate to Glacier's Keybase profile at [keybase.io/glacierprotocol](https://keybase.io/glacierprotocol).
     2. Click the string of 16 letters and numbers, formatted "XXXX XXXX XXXX XXXX" next to the key icon.
-    3. In the pop-up that appears, locate the link reading "this key".
-    3. Right-click the link and select "Save Link As..." or "Download Linked File
-    As..."
-    5. Name the file "glacier.asc".
+    3. In the pop-up that appears, right-click the link reading "this key" and select
+    "Save Link As..." or "Download Linked File As...".
+    4. Name the file "glacier.asc".
 
 6. Download and install [GnuPG](https://gnupg.org/), the software used for cryptographic
 verification. GnuPG is the same software recommended by the Electronic Frontier
@@ -74,18 +73,18 @@ protocol.
     options.
     2. **MacOS**: Download and install the latest available version of
     [GPG Suite](https://gpgtools.org/).
-    3. **Linux**: GnuPG comes pre-installed with Linux distributions.
+    3. **Linux**: GnuPG is pre-installed in Linux distributions.
 
-9. Open a terminal window:
+7. Open a terminal window:
 
     1. **Windows**: Press Windows-R, type "powershell" and click OK.
     2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar, and
     type "terminal". Select the Terminal application from the search results.
     3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
 
-10. Change the terminal window's active folder to your downloads folder. The
-commands below are based on common default settings; if you put your downloads
-is in a different place, you will need to customize this command.
+8. Change the terminal's current working folder to the download folder. The
+commands below are based on default settings; if the defaults have been altered, 
+these commands will need customized to match.
 
     1. **Windows**:  `> cd $HOME/Downloads/glacier`
     2. **MacOS**:  `$ cd $HOME/Downloads/glacier`
@@ -95,8 +94,7 @@ is in a different place, you will need to customize this command.
 this process, see Wikipedia's [Digital signature](https://en.wikipedia.org/wiki/Digital_signature)
 entry.
 
-
-    1. Import the Glacier public key into your local GPG installation:
+    1. Import the Glacier public key into the local GPG installation:
        ```
        $ gpg --import $HOME/Downloads/glacier.asc
        ```
@@ -134,11 +132,11 @@ entry.
     3. Verify the fingerprints in the fingerprint file match the fingerprints of the
     downloaded Glacier files.
 
-        1. On Linux or Mac:
+        1. On Linux or MacOS:
 
-            Linux: `$ sha256sum -c SHA256SUMS 2>&1`
+            **Linux**: `$ sha256sum -c SHA256SUMS 2>&1`
 
-            Mac: `$ shasum -a 256 -c SHA256SUMS 2>&1`
+            **MacOS**: `$ shasum -a 256 -c SHA256SUMS 2>&1`
 
             Expected output:
             ```
@@ -146,26 +144,25 @@ entry.
             base58.py: OK README.md: OK
             ```
 
-        2. On Windows 10:
+        2. **Windows**:
 
             ```
             > Get-FileHash -a sha256 Glacier.pdf
             > cat SHA256SUMS | select-string -pattern "Glacier.pdf"
             ```
-            Ensure that the hash output from the first command matches the output by the
-            second command. Upper/lower case doesn't matter.
+            Ensure that the hash output from the first command matches the hash output of the
+            second command, irrespective of case.
 
-    4. If you do not see the expected output, your copy of the document has not been verified. Stop and seek assistance.
+    **If you do not see the expected output, your copy of the document has not been verified**.
+    Stop and seek assistance.
 
-12. Switch to use the new document.
+10. Switch to use the new document.
 
-    1. Open the version of the document that you just verified.
-    2. Close this window (of the unverified version of the document you had been
-    using).
+    1. Open the newly verified version of the document.
+    2. Close the unverified version of the document used until this point.
     3. Delete the old, unverified copy of the document.
 
-13. Print the verified document.
+11. Print the verified document.
 
-You are strongly encouraged to use the printed copy as a checklist, physically
-marking off each step as you complete it. This reduces the risk of execution
-error by ensuring you don't lose your place.
+    Use of the printed copy as a checklist is strongly encouraged. Steps can be physically
+    marked off once completed. This reduces the risk of execution error by repeating or skipping steps.

From 08d07af4c1d534f870463697083a7a12127e2254 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 14:55:08 +0000
Subject: [PATCH 089/190] Large list broken up into sections for ease of
 reading

---
 _docs/setup/verify.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 853d4c0..eda3ae2 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -11,10 +11,12 @@ during protocol execution, due to reboots and other changes to the computing
 environment. Working from a hardcopy ensures there is always a verified copy of
 the document available.
 
-### On the "SETUP 1" computer
+## On the "SETUP 1" computer
 
 The "SETUP 1" computer must have printer access.
 
+### Software preparation
+
 1. Review the errata for the version of Glacier used at
 [https://github.com/GlacierProtocol/GlacierProtocol/releases.](https://github.com/GlacierProtocol/GlacierProtocol/releases)
 2. Download the latest full release of Glacier (*not* just the protocol document)
@@ -23,7 +25,7 @@ at [https://github.com/GlacierProtocol/GlacierProtocol/releases.](https://github
 4. Rename the folder containing the extracted files as "glacier".
 
     If the user has used Glacier before, *and* has the Glacier public key imported into a local GPG keyring, skip the next step.
-that's fine; proceed as normal.)
+
 5. Obtain the Glacier PGP public key, used to cryptographically verify the protocol document.
 
     Technical detail: Glacier's GPG keys are handled with good security practices.
@@ -75,6 +77,8 @@ protocol.
     [GPG Suite](https://gpgtools.org/).
     3. **Linux**: GnuPG is pre-installed in Linux distributions.
 
+### Document verification
+
 7. Open a terminal window:
 
     1. **Windows**: Press Windows-R, type "powershell" and click OK.
@@ -156,6 +160,8 @@ entry.
     **If you do not see the expected output, your copy of the document has not been verified**.
     Stop and seek assistance.
 
+### Hardcopy
+
 10. Switch to use the new document.
 
     1. Open the newly verified version of the document.

From 6c1929f03dfb4ed31a13d89ef2f526a0f0773d15 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 15:06:26 +0000
Subject: [PATCH 090/190] HW prep in single section, simplified for clarity,
 dupl. info removed

duplicate info replaced by referencing
---
 _data/docs_toc.yml                      |  3 +-
 _docs/setup/non-quarantined-hardware.md | 37 --------------
 _docs/setup/prepare-hardware.md         | 67 +++++++++++++++++++++++++
 _docs/setup/quarantined-hardware.md     | 55 --------------------
 4 files changed, 68 insertions(+), 94 deletions(-)
 delete mode 100644 _docs/setup/non-quarantined-hardware.md
 create mode 100644 _docs/setup/prepare-hardware.md
 delete mode 100644 _docs/setup/quarantined-hardware.md

diff --git a/_data/docs_toc.yml b/_data/docs_toc.yml
index 0b11e1f..0f37005 100644
--- a/_data/docs_toc.yml
+++ b/_data/docs_toc.yml
@@ -11,8 +11,7 @@
 - title: Setup
   docs:
   - setup/verify
-  - setup/non-quarantined-hardware
-  - setup/quarantined-hardware
+  - setup/prepare-hardware
   - setup/create-boot-usb
   - setup/create-app-usb
   - setup/quarantined-workspace
diff --git a/_docs/setup/non-quarantined-hardware.md b/_docs/setup/non-quarantined-hardware.md
deleted file mode 100644
index 3b8a2f0..0000000
--- a/_docs/setup/non-quarantined-hardware.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Prepare non-quarantined hardware
-description: Learn how to set up your non-quarantined hardware for Glacier, the
-  step-by-step protocol for storing bitcoins in a highly secure way
----
-
-1. Select two (2) computers which will be used as "Setup Computers" to set up USB
-drives.
-
-    1. Both Setup Computers must have Internet access.
-    2. You should have administrator access to both Setup Computers.
-    3. Importantly, at least one computer should be a computer that you *do not*
-    own, or that doesn't spend much time on your home or office network.
-
-        It's not technically ownership that's important. But computers you own are
-        more likely to run the same software, have visited the same websites, or have
-        been exposed to the same USB drives or networks -- and therefore to have the
-        same malware.
-
-2. Using sticky notes, label the two Setup Computers "SETUP 1" and "SETUP 2".
-3. With a permanent marker, label two USB drives "SETUP 1 BOOT" and "SETUP
-2 BOOT".
-
-    1. Remember that, per the equipment list, you should have 4 remaining USB
-    drives -- two from one manufacturer, and two from a *different* manufacturer.
-
-4. Run a virus scan on the Setup Computers. If you don't have virus scanning
-software installed, here are some options:
-
-    * Windows: [Kaspersky](https://usa.kaspersky.com/) ($39.99/yr),
-    [Avira](https://www.avira.com) (Free)
-    * MacOS: [BitDefender](https://www.bitdefender.com/) ($59.95/yr),
-    [Sophos](https://home.sophos.com/) (Free)
-    * Linux: Unnecessary
-
-5. If the virus scan comes up with any viruses, take steps to remove them.
-6. Once you have a clean virus scan, your Setup Computers are ready.
diff --git a/_docs/setup/prepare-hardware.md b/_docs/setup/prepare-hardware.md
new file mode 100644
index 0000000..c3827e4
--- /dev/null
+++ b/_docs/setup/prepare-hardware.md
@@ -0,0 +1,67 @@
+---
+title: Prepare hardware
+description: Learn how to set up your hardware for Glacier, the
+  step-by-step protocol for storing bitcoins in a highly secure way
+---
+
+## Non-quarantined hardware
+
+According to the specifications in the [Hardware required](/docs/before-you-start/hardware) section:
+
+1. Label the two Setup Computers "SETUP 1" and "SETUP 2", using sticky notes
+2. Label two USB drives "SETUP 1 BOOT" and "SETUP 2 BOOT", using a permanent marker
+3. Run a virus scan on both Setup Computers. Options for virus scanning include:
+
+    * **Windows**: [Kaspersky](https://usa.kaspersky.com/) ($39.99/yr),
+    [Avira](https://www.avira.com) (Free)
+    * **MacOS**: [BitDefender](https://www.bitdefender.com/) ($59.95/yr),
+    [Sophos](https://home.sophos.com/) (Free)
+    * **Linux**: Unnecessary
+
+5. Take steps to remove any viruses found by the virus scanners
+
+The Setup Computers are ready once the virus scan shows a clean system.
+
+## Quarantined hardware
+
+According to the specifications in the  [Hardware required](/docs/before-you-start/hardware) section,
+paying *particular* attention to manfacturer requirements:
+
+1. Separate your quarantined hardware into two parallel sets:
+
+    * **Set 1**: "Q1" computer, "Q1 BOOT" USB drive, "Q1 APP" USB drive
+    * **Set 2**: "Q2" computer, "Q2 BOOT" USB drive, "Q2 APP" USB drive
+
+    The USBs labeled "Q1 BOOT" and "Q2 BOOT" will have the operating system to
+    boot the corresponding computer.
+
+    The USBs labeled "Q1 APP" and "Q2 APP" will have the software applications
+    for use on the corresponding computer.
+
+2. In each set, label all hardware with a permanent marker, writing directly on
+the hardware.
+
+    **Labeled hardware should <span style="color:red">only</span> be used with
+    hardware within the same set**, for example:
+
+    1. **Only** plug **"Q1 BOOT"** and **"Q1 APP"** USB drives into the **"Q1"** laptop
+    2. **Only** plug **"Q2 BOOT"** and **"Q2 APP"** USB drives into the **"Q2"** laptop
+    3. **Don't** plug an **unlabeled**, **"SETUP 1"** or **"SETUP 2"** USB drive into the **"Q1"** or **"Q2"** laptops
+
+4. Quarantine "Q1" and "Q2" computers by removing the network and wireless interfaces:
+
+    1. Unbox computers, but do **not** power on
+    2. Place a tamper-resistant seal over the Ethernet port, if present
+    3. Physically remove the wireless card:
+
+        1. If using the recommended Dell laptop, follow [Dell's official instructions](http://topics-cdn.dell.com/pdf/inspiron-11-3162-laptop_Service%20Manual_en-us.pdf),
+        or [Parts-People.Com, Inc](https://www.youtube.com/watch?v=nFYXQQPoh90)'s YouTube tutorial
+        2. If using the recommended Acer laptop, the process is similar to the Dell, but note
+        that there are two cover screws hidden underneath the rubber feet on the underside of the laptop
+
+    4. After removing the wireless cards, cover the ends of the internal wi-fi antennae with electrical tape
+    5. If not using the recommended laptops, and the computers have separate WiFi and Bluetooth cards,
+    ensure both are removed. Most modern computers, including the recommended Acer and Dell,
+    have a single wireless/bluetooth card.
+
+5. Fully charge both computers, if relevant.
\ No newline at end of file
diff --git a/_docs/setup/quarantined-hardware.md b/_docs/setup/quarantined-hardware.md
deleted file mode 100644
index bb60fab..0000000
--- a/_docs/setup/quarantined-hardware.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: Prepare quarantined hardware
-description: Learn how to prepare your quarantined hardware for Glacier, the
-  step-by-step protocol for storing bitcoins in a highly secure way
----
-
-1. Separate your quarantined hardware into two parallel sets. Each set should contain:
-  - One laptop
-  - Two USB drives from the same manufacturer
-
-    Each component should be supplied by *different* manufacturers from the other set.
-    I.e. your two laptops should be from two different manufacturers, and the USB
-    drives in one set should be from a different manufacturer than the USB drives in
-    the other set.
-
-2. In each set, label all hardware with a permanent marker. Write directly on
-the hardware.
-
-    1. Label the laptops ("Quarantined Computers") "Q1" and "Q2".
-    2. Label one USB drive from each set with "Q1 BOOT" or "Q2 BOOT".
-    These USBs will have the operating system you'll boot the computer
-    with.
-    3. Label the other USB drive from each set with "Q1 APP" or "Q2 APP". These
-    USBs will have the software applications you'll use.
-
-3. **Labeled hardware should <span style="color:red">only</span> be used with
-   hardware that shares the same label ("Q1", "Q2", or "SETUP 1", or
-   "SETUP 2").** For example:
-
-    1. **Don't** plug a **"Q1"** USB drive into a **"Q2"** laptop.
-    2. **Don't** plug a **"SETUP 2"** USB drive into a **"Q1"** or **"Q2"** laptop.
-    3. **Don't** plug an **unlabeled** USB drive into a **"Q1"** or **"Q2"** laptop.
-
-4. Quarantine the network and wireless interfaces for both laptops:
-
-    1. Unbox laptop. Do **not** power it on.
-    2. Put a [tamper-resistant seal](https://www.amazon.com/Security-Warranty-Hologram-Sequential-Numbering/dp/B0051JNB6A/ref=sr_1_1?ie=UTF8&qid=1471760406&sr=8-1&keywords=tamper+resistant+stickers)
-       over the Ethernet port, if it has one.
-    3. Physically remove the wireless card.
-
-        1. For the recommended Dell laptop, Dell's official instructions for
-        doing so are [here](http://topics-cdn.dell.com/pdf/inspiron-11-3162-laptop_Service%20Manual_en-us.pdf).
-        A YouTube video showing an abbreviated procedure is
-        [here](https://www.youtube.com/watch?v=nFYXQQPoh90).
-        2. For the recommended Acer laptop, the process is similar to the Dell.
-        Note there are two cover screws hidden underneath rubber feet on the
-        bottom of the laptop.
-
-    4. After removing the wireless card, cover the ends of the internal wi-fi
-    antennae with electrical tape.
-    5. If the computer has separate cards for WiFi and Bluetooth, be sure to
-    remove both. (Most modern laptops, including the recommended Acer and Dell,
-    have a single wireless card which handles both.)
-
-5. Fully charge both laptops.

From cdb7eddd7f223d7ea0b1bea4bbcd41e76cf4d638 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Fri, 23 Nov 2018 17:13:20 +0000
Subject: [PATCH 091/190] All possible links changed to https

Not all links serve over https
---
 _docs/before-you-start/hardware.md            | 34 +++++++++----------
 _docs/deposit/generate-cold-storage-data.md   |  2 +-
 _docs/extend/improvements.md                  |  4 +--
 _docs/extend/security.md                      |  6 ++--
 _docs/overview/about.md                       |  2 +-
 _docs/overview/multi-signature-security.md    |  2 +-
 .../attack-surface.md                         |  8 ++---
 _docs/setup/prepare-hardware.md               |  2 +-
 _docs/setup/quarantined-workspace.md          |  4 +--
 9 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/_docs/before-you-start/hardware.md b/_docs/before-you-start/hardware.md
index 282df1a..36ed0b4 100644
--- a/_docs/before-you-start/hardware.md
+++ b/_docs/before-you-start/hardware.md
@@ -14,22 +14,22 @@ different, and manufacturers C and D *must* be different.
 ### Eternally quarantined
 
 * **Q1**: Computer from manufacturer A, with two USB ports and a camera: For example,
-[2016 Dell Inspiron 11.6"](http://a.co/1E6HEQA)
-* **Q1 BOOT**: USB drive from manufacturer C, minimum 2GB: For example, [SanDisk Cruzer 8GB](http://a.co/1Us66ze)
-* **Q1 APP**: USB drive from manufacturer C, minimum 2GB: For example, [SanDisk Cruzer 8GB](http://a.co/1Us66ze)
+[2016 Dell Inspiron 11.6"](https://a.co/1E6HEQA)
+* **Q1 BOOT**: USB drive from manufacturer C, minimum 2GB: For example, [SanDisk Cruzer 8GB](https://a.co/1Us66ze)
+* **Q1 APP**: USB drive from manufacturer C, minimum 2GB: For example, [SanDisk Cruzer 8GB](https://a.co/1Us66ze)
 
 * **Q2**: Computer from manufacturer B, with two USB ports and a camera: For example,
-[Acer Aspire One Cloudbook 11"](http://a.co/1ZMSB3Y)
-* **Q2 BOOT**: USB drive from manufacturer D, minimum 2GB: For example, [Verbatim 2GB](http://a.co/jdzEf8O)
-* **Q2 APP**: USB drive from manufacturer D, minimum 2GB: For example, [Verbatim 2GB](http://a.co/jdzEf8O)
+[Acer Aspire One Cloudbook 11"](https://a.co/1ZMSB3Y)
+* **Q2 BOOT**: USB drive from manufacturer D, minimum 2GB: For example, [Verbatim 2GB](https://a.co/jdzEf8O)
+* **Q2 APP**: USB drive from manufacturer D, minimum 2GB: For example, [Verbatim 2GB](https://a.co/jdzEf8O)
 
 The computers require two USB ports for simultaneous usage of the USB drives. Cameras are
 required for reading QR codes.
 
 ### Non-quarantined
 
-* **SETUP BOOT 1**: USB drive from manufacturer C, D or other (2GB+): For example, [Verbatim 2GB](http://a.co/jieluaE)
-* **SETUP BOOT 2**: USB drive from manufacturer C, D or other (2GB+): For example, [Verbatim 2GB](http://a.co/jieluaE)
+* **SETUP BOOT 1**: USB drive from manufacturer C, D or other (2GB+): For example, [Verbatim 2GB](https://a.co/jieluaE)
+* **SETUP BOOT 2**: USB drive from manufacturer C, D or other (2GB+): For example, [Verbatim 2GB](https://a.co/jieluaE)
 
 ## Used/existing hardware
 
@@ -43,14 +43,14 @@ be running Windows 10, MacOS, or Linux.
 
 ### Other equipment
 
-* **Precision screwdrivers**: To dismantle hardware. For example, [Tekton 2977](http://a.co/bbvj16a)
-* **Electrical tape**: To insulate loose connection. For example, [Duck](http://a.co/gZZiEdA)
+* **Precision screwdrivers**: To dismantle hardware. For example, [Tekton 2977](https://a.co/bbvj16a)
+* **Electrical tape**: To insulate loose connection. For example, [Duck](https://a.co/gZZiEdA)
 * **Casino-grade six-sided dice**: To provide entropy. Casino dice offer number generation which is closer to true randomness than a computer can provide.
 The square corners, filled in pips and low manufacturing tolerances mean casino dice remove
-any potential dice bias present in regular dice. For example, [Trademark Poker](http://a.co/ghbdiak)
-* **Faraday bag**: To prevent smartphone data exfiltration via radio side channel. For example, [Stealth Anti Signal Forensic Faraday Bag](http://a.co/3wiNPLT)
-* **Table fan**: To provide white noise. For example, [Holmes Lil' Blizzard](http://a.co/98PrpMs)
-* **Home safe**: To secure keys, bolted to the floor. For example, [AmazonBasics Security Safe](http://a.co/6sRoaPv)
-* **TerraSlate paper**: To write private keys on. For example, [TerraSlate paper](http://a.co/7pk5fJN)
-* **Cardboard envelopes**: To opaquely store private keys. For example, [Quality Park Extra-Rigid Fiberboard](http://a.co/7jUPLMR)
-* **Tamper-resistant seals**: To highlight tampering. For example, [BoxSilver Security Holograms](http://a.co/96KlsAl)
\ No newline at end of file
+any potential dice bias present in regular dice. For example, [Trademark Poker](https://a.co/ghbdiak)
+* **Faraday bag**: To prevent smartphone data exfiltration via radio side channel. For example, [Stealth Anti Signal Forensic Faraday Bag](https://a.co/3wiNPLT)
+* **Table fan**: To provide white noise. For example, [Holmes Lil' Blizzard](https://a.co/98PrpMs)
+* **Home safe**: To secure keys, bolted to the floor. For example, [AmazonBasics Security Safe](https://a.co/6sRoaPv)
+* **TerraSlate paper**: To write private keys on. For example, [TerraSlate paper](https://a.co/7pk5fJN)
+* **Cardboard envelopes**: To opaquely store private keys. For example, [Quality Park Extra-Rigid Fiberboard](https://a.co/7jUPLMR)
+* **Tamper-resistant seals**: To highlight tampering. For example, [BoxSilver Security Holograms](https://a.co/96KlsAl)
\ No newline at end of file
diff --git a/_docs/deposit/generate-cold-storage-data.md b/_docs/deposit/generate-cold-storage-data.md
index 075b922..3e9636d 100644
--- a/_docs/deposit/generate-cold-storage-data.md
+++ b/_docs/deposit/generate-cold-storage-data.md
@@ -51,7 +51,7 @@ prepare your quarantined workspace.
         [design document](/docs/design-doc/overview) for details.
         3. If you are rolling multiple dice at the same time, read the
         dice left-to-right. **This is important.** Humans are
-        [horrible at generating random data](http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0041531)
+        [horrible at generating random data](https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0041531)
         and great at noticing patterns. Without a consistent heuristic like
         "read the dice left to right", you may subconsciously read them in a
         non-random order (like tending to record lower numbers first).
diff --git a/_docs/extend/improvements.md b/_docs/extend/improvements.md
index ad9ba57..d597617 100644
--- a/_docs/extend/improvements.md
+++ b/_docs/extend/improvements.md
@@ -68,11 +68,11 @@ Many of the steps for creating the Quarantined USBs could be
 automated in a simple script.
 
 ## Security with biased dice
-Assess integration of this paper and/or [this algorithm](http://pit-claudel.fr/clement/blog/generating-uniformly-random-data-from-skewed-input-biased-coins-loaded-dice-skew-correction-and-the-von-neumann-extractor/) so that the quality of
+Assess integration of this paper and/or [this algorithm](https://pit-claudel.fr/clement/blog/generating-uniformly-random-data-from-skewed-input-biased-coins-loaded-dice-skew-correction-and-the-von-neumann-extractor/) so that the quality of
 our randomness is not vulnerable to dice bias.
 
 ## Entropy quality testing
-Use an entropy test suite such as [ent](http://www.fourmilab.ch/random/) to verify the quality of
+Use an entropy test suite such as [ent](https://www.fourmilab.ch/random/) to verify the quality of
 generated entropy before it's used.
 
 ## Bitcoin Core version
diff --git a/_docs/extend/security.md b/_docs/extend/security.md
index 5e60d0b..2abea9e 100644
--- a/_docs/extend/security.md
+++ b/_docs/extend/security.md
@@ -94,7 +94,7 @@ or
 Examples include
 [Kanguru drives](https://www.kanguru.com/secure-storage/defender-secure-flash-drives.shtml)
 and
-[IronKey drives](http://www.ironkey.com/en-US/encrypted-storage-drives/250-basic.html).
+[IronKey drives](https://www.ironkey.com/en-US/encrypted-storage-drives/250-basic.html).
 * **Purchase a factory-new printer**: Printers can have malware, which could
 conceivably interfere with printing the hardcopy of the Glacier document. Use
 a new printer for printing the Glacier document. Choose one without wireless
@@ -137,8 +137,8 @@ there should be a process for checking on them periodically to make sure they ar
 not lost or damaged.
 * **Durable storage medium**: TerraSlate paper is extremely rugged, but you
 might also consider laminating the paper for additional protection. You'll
-need a [thermal laminator](http://a.co/cZBN1YU) and
-[laminating pouches](http://a.co/ifISzje). An
+need a [thermal laminator](https://a.co/cZBN1YU) and
+[laminating pouches](https://a.co/ifISzje). An
 even more durable approach would be to engrave the private keys in
 metal.
 * **High-security vaults**: Store keys in high-security vaults that
diff --git a/_docs/overview/about.md b/_docs/overview/about.md
index 44024f0..f5dbf9d 100644
--- a/_docs/overview/about.md
+++ b/_docs/overview/about.md
@@ -74,7 +74,7 @@ them much more attractive targets for hackers.
 access to service funds.
 6. **Seizure by service**: The service has the ability to seize customer funds. There are
 examples where a hacked system has chosen to socialise its losses across all users. In 2016, 
-[all users shared the total loss after Bitfinex was hacked](http://www.bbc.com/news/technology-37009319).
+[all users shared the total loss after Bitfinex was hacked](https://www.bbc.com/news/technology-37009319).
 There are also examples of withdrawals being closed before the company files for bankruptcy protection.
 In 2014, [Mt. Gox filed for bankruptcy after being hacked](https://www.bbc.co.uk/news/technology-25233230).
 Both scenarios lead to huge losses for customers.
diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 4729fbd..f67a091 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -12,7 +12,7 @@ Multisignature security, or multisig, is central to Glacier.
 The bearer asset nature of bitcoin makes it very difficult to secure. For example,
 a private key, on paper, in a safe deposit box at a bank may seem secure, but 
 there are various eventualities that could lead to total loss. The box could be
-destroyed in a disaster, [seized](http://abcnews.go.com/GMA/story?id=4832471),
+destroyed in a disaster, [seized](https://abcnews.go.com/GMA/story?id=4832471),
 accessed after identity theft, or the entire bank could be robbed.
 
 Self storage, perhaps in a fireproof safe at home, can mitigate some of these issues,
diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index 4928be1..86bae35 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -54,7 +54,7 @@ A laptop or USB hardware could have been infected at any point between manufactu
 delivery, before being shrinkwrapped. "Malware" usually refers to software, but we're
 using it here more broadly to mean "computing technology which undermines the integrity
 of the computing environment in which it resides.", as in a 
-[USB JTAG exploit](http://www.itnews.com.au/news/intel-debugger-interface-open-to-hacking-via-usb-446889)
+[USB JTAG exploit](https://www.itnews.com.au/news/intel-debugger-interface-open-to-hacking-via-usb-446889)
 or [chip-level backdoor](https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/). 
 
 ## Failure scenarios
@@ -76,12 +76,12 @@ networked or attacker-controlled device in range then steals the data. Possibili
   inadequately blocked by sound insulation or masking noise. [Data theft by fan noise](https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data), for example.
   * **Radio side channel**: [Exploit of electromagnetic emanations from wired and wireless
   keyboards](https://www.usenix.org/legacy/event/sec09/tech/full_papers/vuagnoux.pdf),
-  [transmission of radio signals from monitor to FM radio receiver](http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper)
+  [transmission of radio signals from monitor to FM radio receiver](https://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper)
   or [radio waves leaked by a processor's power use](https://www.wired.com/2015/06/radio-bug-can-steal-laptop-crypto-keys-fits-inside-pita/),
   for example.
   * **Seismic side channel**: Decoding vibrations from nearby keyboard using mobile phone accelerometer, for example.
-  * **Thermal side channel**: [Exploit using thermal sensors to detect heat emission](http://cyber.bgu.ac.il/blog/bitwhisper-heat-air-gap), for example.
-  * **Magnetic side channel**: [Exploit using smartphone magnetic field sensors to extract hard drive data](http://fc15.ifca.ai/preproceedings/paper_14.pdf), for example.
+  * **Thermal side channel**: [Exploit using thermal sensors to detect heat emission](https://cyber.bgu.ac.il/blog/bitwhisper-heat-air-gap), for example.
+  * **Magnetic side channel**: [Exploit using smartphone magnetic field sensors to extract hard drive data](https://fc15.ifca.ai/preproceedings/paper_14.pdf), for example.
   * **Rogue QR code**: Malware on a Quarantined Computer could exfiltrate critically
   sensitive data via QR codes IF cooperating malware on the QR reading device is prepared
   to steal the data. The risk of this scenario is negligible; unless the attacker
diff --git a/_docs/setup/prepare-hardware.md b/_docs/setup/prepare-hardware.md
index c3827e4..cf61d0c 100644
--- a/_docs/setup/prepare-hardware.md
+++ b/_docs/setup/prepare-hardware.md
@@ -54,7 +54,7 @@ the hardware.
     2. Place a tamper-resistant seal over the Ethernet port, if present
     3. Physically remove the wireless card:
 
-        1. If using the recommended Dell laptop, follow [Dell's official instructions](http://topics-cdn.dell.com/pdf/inspiron-11-3162-laptop_Service%20Manual_en-us.pdf),
+        1. If using the recommended Dell laptop, follow [Dell's official instructions](https://topics-cdn.dell.com/pdf/inspiron-11-3162-laptop_Service%20Manual_en-us.pdf),
         or [Parts-People.Com, Inc](https://www.youtube.com/watch?v=nFYXQQPoh90)'s YouTube tutorial
         2. If using the recommended Acer laptop, the process is similar to the Dell, but note
         that there are two cover screws hidden underneath the rubber feet on the underside of the laptop
diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 6cac45d..882e7da 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -25,7 +25,7 @@ first time and do **not** plan on executing the Deposit or Withdrawal protocol n
         2. Shut down nearby devices with microphones (e.g. smartphones and
         other laptops).
         3. Plug in and turn on a table fan to generate white noise.
-    3. [Power side channel](http://sharps.org/wp-content/uploads/CLARK-ESORICS13.pdf)
+    3. [Power side channel](https://sharps.org/wp-content/uploads/CLARK-ESORICS13.pdf)
         1. Unplug both Quarantined Computers from the wall.
         2. Run them **only on battery power** throughout this protocol.
         3. Make sure they are fully charged first! If you run out of battery,
@@ -34,7 +34,7 @@ first time and do **not** plan on executing the Deposit or Withdrawal protocol n
     and other side channels. Including
     [seismic](https://www.cc.gatech.edu/fac/traynor/papers/traynor-ccs11.pdf),
     [thermal](https://cyber.bgu.ac.il/bitwhisper-heat-air-gap/),
-    and [magnetic](http://fc15.ifca.ai/preproceedings/paper_14.pdf).
+    and [magnetic](https://fc15.ifca.ai/preproceedings/paper_14.pdf).
         1. Turn off all other computers and smartphones in the room.
         2. Put portable computing devices in the Faraday bag and seal the bag.
         3. Unplug desktop computers.

From 4ab9fa9f97de006069c397ee143936c6ab757d40 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 09:59:33 +0000
Subject: [PATCH 092/190] reword, restructure

---
 _docs/setup/create-boot-usb.md | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 3e8c50b..7e87612 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -4,15 +4,10 @@ description: Learn how to prepare your USB drives for Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---
 
-Because the eternally quarantined computers cannot connect to a network, they
-cannot download software. We'll be using USB drives to transfer the necessary
-software to them.
-
-We will prepare four bootable
-[Ubuntu](https://en.wikipedia.org/wiki/Ubuntu_(operating_system))
-USB drives. ("Bootable" means that the Ubuntu operating system will be booted
-directly from the USB drive, without using the computer's hard drive in any
-way.)
+To ensure isolation from any network, USB drives will be used to transfer the necessary
+software to the eternally quarantined computers. Four bootable Linux USB drives will be 
+used to directly boot to the [Ubuntu](https://en.wikipedia.org/wiki/Ubuntu_(operating_system))
+operating system, eliminating the use of the computer's hard drive in any way.
 
 The *first two* USB drives ("Setup Boot USBs") are the USB drives you labeled
 "SETUP 1 BOOT" and "SETUP 2 BOOT" in Section II. They will be prepared using

From 2aa7a12d91d1ac5b2e20ac432da0438cdfc16eeb Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 10:03:36 +0000
Subject: [PATCH 093/190] Section reference corrected, link added

There is no Section II
---
 _docs/setup/create-boot-usb.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 7e87612..32da5f2 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -10,11 +10,11 @@ used to directly boot to the [Ubuntu](https://en.wikipedia.org/wiki/Ubuntu_(oper
 operating system, eliminating the use of the computer's hard drive in any way.
 
 The *first two* USB drives ("Setup Boot USBs") are the USB drives you labeled
-"SETUP 1 BOOT" and "SETUP 2 BOOT" in Section II. They will be prepared using
+"SETUP 1 BOOT" and "SETUP 2 BOOT" in the [Prepare hardware](/docs/setup/prepare-hardware/#non-quarantined-hardware) section. They will be prepared using
 your Setup Computers, which may be running Windows, MacOS, or something else.
 
 The *last two* USB drives ("Quarantined Boot USBs") are the USB drives you
-labeled "Q1 BOOT" and "Q2 BOOT" in Section II. They will be prepared using your
+labeled "Q1 BOOT" and "Q2 BOOT" in the [Prepare hardware](/docs/setup/prepare-hardware/#quarantined-hardware) section. They will be prepared using your
 Setup Computers *while booted off* a *Setup Boot USB*.
 
 Technical details: The Non-Quarantined OS USBs serve two purposes:

From 861194725c2c420c97addd9bdd8ccf20da70a365 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 10:14:49 +0000
Subject: [PATCH 094/190] Reword, restructure, detail added

---
 _docs/setup/create-boot-usb.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 32da5f2..2835387 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -9,13 +9,13 @@ software to the eternally quarantined computers. Four bootable Linux USB drives
 used to directly boot to the [Ubuntu](https://en.wikipedia.org/wiki/Ubuntu_(operating_system))
 operating system, eliminating the use of the computer's hard drive in any way.
 
-The *first two* USB drives ("Setup Boot USBs") are the USB drives you labeled
-"SETUP 1 BOOT" and "SETUP 2 BOOT" in the [Prepare hardware](/docs/setup/prepare-hardware/#non-quarantined-hardware) section. They will be prepared using
-your Setup Computers, which may be running Windows, MacOS, or something else.
-
-The *last two* USB drives ("Quarantined Boot USBs") are the USB drives you
-labeled "Q1 BOOT" and "Q2 BOOT" in the [Prepare hardware](/docs/setup/prepare-hardware/#quarantined-hardware) section. They will be prepared using your
-Setup Computers *while booted off* a *Setup Boot USB*.
+In accordance with the [Prepare hardware](/docs/setup/prepare-hardware/#non-quarantined-hardware)
+section:
+* The Setup Boot USB drives, "SETUP 1 BOOT" and "SETUP 2 BOOT", will be prepared using
+the Setup Computers "SETUP 1" and "SETUP 2".
+* The Quarantined Boot USB drives, "Q1 BOOT" and "Q2 BOOT", will be prepared using
+the Setup Computers "SETUP 1" and "SETUP 2" *while booted from* a *Setup Boot USB*,
+“SETUP 1 BOOT” or “SETUP 2 BOOT”.
 
 Technical details: The Non-Quarantined OS USBs serve two purposes:
 

From ec285981b8e7f511338bdf6b430d330481dabb5c Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 10:25:17 +0000
Subject: [PATCH 095/190] Reword

---
 _docs/setup/create-boot-usb.md | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 2835387..0ce345d 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -17,16 +17,15 @@ the Setup Computers "SETUP 1" and "SETUP 2".
 the Setup Computers "SETUP 1" and "SETUP 2" *while booted from* a *Setup Boot USB*,
 “SETUP 1 BOOT” or “SETUP 2 BOOT”.
 
-Technical details: The Non-Quarantined OS USBs serve two purposes:
+Technical details: The non-quarantined Setup Boot USB drives serve two purposes:
 
-* First, they are used for creating the Quarantined App USBs in the next
-section, which greatly simplifies the process of doing so because we know
-it'll always be done from an Ubuntu environment. (We can't use the
-Quarantined OS USBs for this -- they're eternally quarantined, so they need to
-be permanently unplugged from their Setup Computer the moment they are created.)
-* Second, it will be harder for any malware infections on a Setup Computer's
-default OS to undermine a Quarantined USB setup process (the malware would
-first have to propagate itself to the Non-Quarantined OS USB).
+* They greatly simplify the steps for creation of the Quarantined App USBs in the next
+section, because only an Ubuntu environment needs outlined. The Quarantined OS USBs
+cannot be used for this since they are eternally quarantined and should be permanently
+unplugged from the Setup Computers the moment they are created.
+* Malware infection of a Setup Computer's default OS becomes more difficult. To
+undermine a Quarantined USB setup process, the malware would first have to propagate
+itself to the Non-Quarantined OS USB.
 
 1. Perform the following steps on your SETUP 1 computer.
 2. If you are not already reading this document on the SETUP 1 computer, open a

From c50aee4eb102acd9221a921f8f7388b51fdfb5f0 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 11:05:31 +0000
Subject: [PATCH 096/190] Repeated text removed

---
 _docs/setup/create-boot-usb.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 0ce345d..1d3f82e 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -40,8 +40,7 @@ copy there.
     1. **Windows**: Press Windows-R, type "powershell" and click OK.
     2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar,
     and type "terminal". Select the Terminal application from the search results.
-    3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T. (On Ubuntu, press
-    Ctrl-Alt-T.)
+    3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
 
 5. Verify the integrity of the Ubuntu download.
 

From 798d26804a4cf0d6b436df4f6f3e903bf3bdd27b Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 11:06:15 +0000
Subject: [PATCH 097/190] Reword

---
 _docs/setup/create-boot-usb.md | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 1d3f82e..7728e13 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -27,25 +27,23 @@ unplugged from the Setup Computers the moment they are created.
 undermine a Quarantined USB setup process, the malware would first have to propagate
 itself to the Non-Quarantined OS USB.
 
-1. Perform the following steps on your SETUP 1 computer.
-2. If you are not already reading this document on the SETUP 1 computer, open a
-copy there.
-3. Download Ubuntu by going to this link:
+## On Setup Computer “SETUP 1”
+1. Open a copy of this document.
+2. Download Ubuntu from this link:
 
     [http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.1-desktop-amd64.iso](http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.1-desktop-amd64.iso)
-    Wait until the download is complete.
 
-4. Open a terminal window.
+3. Once the download is complete, open a terminal window:
 
     1. **Windows**: Press Windows-R, type "powershell" and click OK.
     2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar,
     and type "terminal". Select the Terminal application from the search results.
     3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
 
-5. Verify the integrity of the Ubuntu download.
+4. Verify the Ubuntu download integrity:
 
-    1. Change the terminal window's active folder to the folder where you
-    downloaded Ubuntu, customizing the folder name if necessary:
+    1. Change the terminal’s current working folder to the download folder,
+    customizing the folder name if necessary:
 
         1. **Windows**: `> cd $HOME/Downloads`
         2. **MacOS**: `$ cd $HOME/Downloads`

From 647b16e0da445bc5b4c14730b0e25117bb0edf70 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 11:10:22 +0000
Subject: [PATCH 098/190] Section reference corrected, link added

There is no Section I
---
 _docs/setup/create-boot-usb.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 7728e13..71897c1 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -66,7 +66,9 @@ itself to the Non-Quarantined OS USB.
         characters, last 8 characters, and a few somewhere in the middle.**
 
         Technical details: Because you verified the checksum & checksum
-        signature for this document in Section I, we are omitting the GPG
+        signature for this document in the
+        [Verify and print protocol document](/docs/setup/verify/#document-verification)
+        section, we are omitting the GPG
         verification of some other fingerprints in the protocol. For a detailed
         security analysis, see the [design document](/docs/design-doc/overview).
 

From c4c3bf8187771dc924d8cd747826a7122d3cd92f Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 11:31:43 +0000
Subject: [PATCH 099/190] CRITICAL - link corrected to show 16.04.1 fingerprint

"/16.04/" links to the most recent 16.04 version, in this case 16.04.5
---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 71897c1..995f6cc 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -73,7 +73,7 @@ itself to the Non-Quarantined OS USB.
         security analysis, see the [design document](/docs/design-doc/overview).
 
         You can verify this is the official Ubuntu fingerprint
-        [here](http://releases.ubuntu.com/16.04/SHA256SUMS),
+        [here](http://releases.ubuntu.com/16.04.1/SHA256SUMS),
         or follow Ubuntu's full verification process using this guide.
 
 6. Create the SETUP 1 BOOT USB.

From bb792c4a7dfd72f1df127ea2e1286c60ccabcd5a Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 11:36:39 +0000
Subject: [PATCH 100/190] Reword, restructure

---
 _docs/setup/create-boot-usb.md | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 995f6cc..d4e492d 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -55,27 +55,26 @@ itself to the Non-Quarantined OS USB.
         2. **MacOS**: `$ shasum -a 256 ubuntu-16.04.1-desktop-amd64.iso`
         3. **Linux**: `$ sha256sum ubuntu-16.04.1-desktop-amd64.iso`
 
-    3. The following fingerprint should be displayed:
+    3. The following fingerprint, further verified in 
+    [the official Ubuntu fingerprint list](http://releases.ubuntu.com/16.04.1/SHA256SUMS)
+    against "*ubuntu-16.04.1-desktop-amd64.iso",
+    should be displayed:
 
         ```
         dc7dee086faabc9553d5ff8ff1b490a7f85c379f49de20c076f11fb6ac7c0f34
         ```
 
+        Alternatively, follow [Ubuntu's official full verification process](https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#0).
+
         It's not important to check every single character when visually
         verifying a fingerprint. It's sufficient to check the **first 8
         characters, last 8 characters, and a few somewhere in the middle.**
 
-        Technical details: Because you verified the checksum & checksum
-        signature for this document in the
-        [Verify and print protocol document](/docs/setup/verify/#document-verification)
-        section, we are omitting the GPG
-        verification of some other fingerprints in the protocol. For a detailed
+        Technical details: The GPG verification of some fingerprints in the 
+        protocol are omitted because the checksum & checksum
+        signatures for this document were verified in the [Verify and print protocol document](/docs/setup/verify/#document-verification) section. For a detailed
         security analysis, see the [design document](/docs/design-doc/overview).
 
-        You can verify this is the official Ubuntu fingerprint
-        [here](http://releases.ubuntu.com/16.04.1/SHA256SUMS),
-        or follow Ubuntu's full verification process using this guide.
-
 6. Create the SETUP 1 BOOT USB.
 
     1. **Windows**

From 72d66b833a2b641d00eeb47b322f28b6b2d7167f Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 11:49:44 +0000
Subject: [PATCH 101/190] Numbering replaced with bullets - these are not
 sequential operations

---
 _docs/setup/create-boot-usb.md | 302 ++++++++++++++++-----------------
 _docs/setup/verify.md          |  22 +--
 2 files changed, 162 insertions(+), 162 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index d4e492d..3bb6d93 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -35,25 +35,25 @@ itself to the Non-Quarantined OS USB.
 
 3. Once the download is complete, open a terminal window:
 
-    1. **Windows**: Press Windows-R, type "powershell" and click OK.
-    2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar,
+    * **Windows**: Press Windows-R, type "powershell" and click OK.
+    * **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar,
     and type "terminal". Select the Terminal application from the search results.
-    3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
+    * **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
 
 4. Verify the Ubuntu download integrity:
 
     1. Change the terminal’s current working folder to the download folder,
     customizing the folder name if necessary:
 
-        1. **Windows**: `> cd $HOME/Downloads`
-        2. **MacOS**: `$ cd $HOME/Downloads`
-        3. **Linux**: `$ cd $HOME/Downloads`
+        * **Windows**: `> cd $HOME/Downloads`
+        * **MacOS**: `$ cd $HOME/Downloads`
+        * **Linux**: `$ cd $HOME/Downloads`
 
     2. View the fingerprint of the file:
 
-        1. **Windows**: `> Get-FileHash -a sha256 ubuntu-16.04.1-desktop-amd64.iso`
-        2. **MacOS**: `$ shasum -a 256 ubuntu-16.04.1-desktop-amd64.iso`
-        3. **Linux**: `$ sha256sum ubuntu-16.04.1-desktop-amd64.iso`
+        * **Windows**: `> Get-FileHash -a sha256 ubuntu-16.04.1-desktop-amd64.iso`
+        * **MacOS**: `$ shasum -a 256 ubuntu-16.04.1-desktop-amd64.iso`
+        * **Linux**: `$ sha256sum ubuntu-16.04.1-desktop-amd64.iso`
 
     3. The following fingerprint, further verified in 
     [the official Ubuntu fingerprint list](http://releases.ubuntu.com/16.04.1/SHA256SUMS)
@@ -77,155 +77,155 @@ itself to the Non-Quarantined OS USB.
 
 6. Create the SETUP 1 BOOT USB.
 
-    1. **Windows**
-        1. Download the
-        [Rufus disk utility](https://rufus.akeo.ie/)
-        and run it.
+    **Windows**:
+    1. Download the
+    [Rufus disk utility](https://rufus.akeo.ie/)
+    and run it.
+    2. Insert the SETUP 1 BOOT USB in an empty USB slot.
+    3. In the "Device" dropdown at the top of the Rufus window, ensure the
+    empty USB drive is selected.
+    4. Next to the text "Create a bootable disk using", select "ISO Image"
+    in the dropdown.
+    5. Click the CD icon next to the "ISO Image" dropdown.
+    6. A file explorer will pop up. Select `ubuntu-16.04.1-desktop-amd64.iso`
+    from your downloads folder and click Open.
+    7. Click Start.
+    8. If prompted to download Syslinux software, click "Yes".
+    9. When asked to write in "ISO Image Mode (Recommended)" or
+    "DD Image Mode", select "ISO Image Mode" and press OK.
+    10. The program will take a few minutes to write the USB.
+
+    **MacOS**:
+    1. Prepare the Ubuntu download for copying to the USB.
+        ```
+        $ cd $HOME/Downloads
+        $ hdiutil convert ubuntu-16.04.1-desktop-amd64.iso -format UDRW -o ubuntu-16.04.1-desktop-amd64.img
+        ```
+    2. Determine the MacOS "device identifier" for the Boot USB.
+        1. `$ diskutil list`
         2. Insert the SETUP 1 BOOT USB in an empty USB slot.
-        3. In the "Device" dropdown at the top of the Rufus window, ensure the
-        empty USB drive is selected.
-        4. Next to the text "Create a bootable disk using", select "ISO Image"
-        in the dropdown.
-        5. Click the CD icon next to the "ISO Image" dropdown.
-        6. A file explorer will pop up. Select `ubuntu-16.04.1-desktop-amd64.iso`
-        from your downloads folder and click Open.
-        7. Click Start.
-        8. If prompted to download Syslinux software, click "Yes".
-        9. When asked to write in "ISO Image Mode (Recommended)" or
-        "DD Image Mode", select "ISO Image Mode" and press OK.
-        10. The program will take a few minutes to write the USB.
+        3. Wait 10 seconds for the operating system to recognize the USB.
+        4. Once more: `$ diskutil list`
+        5. The output of the second command should include an additional
+        section that was not present in the first command's output.
+            1. This section will have (external, physical) in the header.
+            2. The first line of the section's SIZE column should reflect
+            the capacity of the USB drive.
+        6. Make a note of the device identifier.
+            1. The device identifier is the part of the new section header
+            that comes before (external, physical) (for example /dev/disk2).
 
-    2. **MacOS**
-        1. Prepare the Ubuntu download for copying to the USB.
+    3. Put Ubuntu on the SETUP 1 BOOT USB.
+        1. First, unmount the usb
+            <pre>
+            $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
+            </pre>
+        2. Enter the following command, **making sure to use the correct
+        device identifier; <span style="color: red;">using the wrong one could overwrite your hard
+        drive!</span>**
+            <pre>
+            $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg \
+            of=<span class="primary">USB-device-identifier-here</span> bs=1m
+            </pre>
+            Example:
             ```
-            $ cd $HOME/Downloads
-            $ hdiutil convert ubuntu-16.04.1-desktop-amd64.iso -format UDRW -o ubuntu-16.04.1-desktop-amd64.img
+            $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=/dev/disk2 bs=1m
             ```
-        2. Determine the MacOS "device identifier" for the Boot USB.
-            1. `$ diskutil list`
-            2. Insert the SETUP 1 BOOT USB in an empty USB slot.
-            3. Wait 10 seconds for the operating system to recognize the USB.
-            4. Once more: `$ diskutil list`
-            5. The output of the second command should include an additional
-            section that was not present in the first command's output.
-                1. This section will have (external, physical) in the header.
-                2. The first line of the section's SIZE column should reflect
-                the capacity of the USB drive.
-            6. Make a note of the device identifier.
-                1. The device identifier is the part of the new section header
-                that comes before (external, physical) (for example /dev/disk2).
-
-        3. Put Ubuntu on the SETUP 1 BOOT USB.
-            1. First, unmount the usb
-               <pre>
-               $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
-               </pre>
-            2. Enter the following command, **making sure to use the correct
-            device identifier; <span style="color: red;">using the wrong one could overwrite your hard
-            drive!</span>**
-               <pre>
-               $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg \
-               of=<span class="primary">USB-device-identifier-here</span> bs=1m
-               </pre>
-               Example:
-               ```
-               $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=/dev/disk2 bs=1m
-               ```
-            3. Enter your administrator password when requested.
-            4. Wait several minutes for the copying process to complete. When
-            it does, you may see an error box pop up. This is expected; it's
-            because the USB is written in a format readable by Ubuntu, but not
-            readable by MacOS.
-            5. Click Ignore.
+        3. Enter your administrator password when requested.
+        4. Wait several minutes for the copying process to complete. When
+        it does, you may see an error box pop up. This is expected; it's
+        because the USB is written in a format readable by Ubuntu, but not
+        readable by MacOS.
+        5. Click Ignore.
 
-        4. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or
-        malware infection).
-            1. Remove the USB drive from the USB slot and immediately reinsert it.
-            2. Wait 10 seconds for the operating system to recognize the USB.
-            3. You may see the same error box pop up again. Select Ignore.
-            4. The USB's device identifier may have changed. Find it again:
-                ```
-                $ diskutil list
-                ```
-            5.  
-                ```
-                $ cd $HOME/Downloads
-                ```
-            6.  
-                ```
-                $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` USB-device-identifier-here
-                ```
-            7. Wait a few minutes for the verification process to complete.
-            8. If all goes well, the command will output no data, returning to
-            your usual terminal prompt.
-            9. If there is a discrepancy, you’ll see a message like:
-                ```
-                ubuntu-16.04.1-desktop-amd64.img.dmg /dev/disk2
-                differ: byte 1, line 1
-                ```
-                If you see a message like this, STOP -- this may be a security
-                risk. Restart this section from the beginning. If the
-                issue persists, try using a different USB drive or a different
-                Setup Computer.
+    4. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or
+    malware infection).
+        1. Remove the USB drive from the USB slot and immediately reinsert it.
+        2. Wait 10 seconds for the operating system to recognize the USB.
+        3. You may see the same error box pop up again. Select Ignore.
+        4. The USB's device identifier may have changed. Find it again:
+            ```
+            $ diskutil list
+            ```
+        5.  
+            ```
+            $ cd $HOME/Downloads
+            ```
+        6.  
+            ```
+            $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` USB-device-identifier-here
+            ```
+        7. Wait a few minutes for the verification process to complete.
+        8. If all goes well, the command will output no data, returning to
+        your usual terminal prompt.
+        9. If there is a discrepancy, you’ll see a message like:
+            ```
+            ubuntu-16.04.1-desktop-amd64.img.dmg /dev/disk2
+            differ: byte 1, line 1
+            ```
+            If you see a message like this, STOP -- this may be a security
+            risk. Restart this section from the beginning. If the
+            issue persists, try using a different USB drive or a different
+            Setup Computer.
 
-    3. **Ubuntu**
-        1. If this is your first time using Ubuntu, note:
-            1. You can copy-paste text in most applications (e.g. Firefox) by
-            pressing **Ctrl-C** or **Ctrl-V**.
-            2. You can copy-paste text in a *terminal window* by pressing
-            **Ctrl-Shift-C** or **Ctrl-Shift-V**.
-        2. Put Ubuntu on the SETUP BOOT 1 USB.
-            1. Open the Ubuntu search console by clicking the purple
-            circle/swirl icon in the upper-left corner of the screen.
-            2. Type "startup disk creator" in the text box that appears
-            3. Click on the "Startup Disk Creator" icon that appears.
-            4. The "Source disc image" panel should show the.iso file you
-            downloaded. If it does not, click the "Other" button and find it
-            in the folder you downloaded it to.
-            5. In the "Disk to use" panel, you should see two lines. They may
-            vary from system to system, but each line will have a device
-            identifier in it, highlighted in the example below.
-                <pre>
-                Generic Flash Disk (/dev/sda)
-                Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
-            6. Select the line containing SETUP 1 BOOT USB.49 Make note of the
-            disk identifier (e.g. /dev/sdb).
-            7. Click "Make Startup Disk" and then click "Yes".
-            8. Wait a few minutes for the copying process to complete.
+    **Ubuntu**:
+    1. If this is your first time using Ubuntu, note:
+        1. You can copy-paste text in most applications (e.g. Firefox) by
+        pressing **Ctrl-C** or **Ctrl-V**.
+        2. You can copy-paste text in a *terminal window* by pressing
+        **Ctrl-Shift-C** or **Ctrl-Shift-V**.
+    2. Put Ubuntu on the SETUP BOOT 1 USB.
+        1. Open the Ubuntu search console by clicking the purple
+        circle/swirl icon in the upper-left corner of the screen.
+        2. Type "startup disk creator" in the text box that appears
+        3. Click on the "Startup Disk Creator" icon that appears.
+        4. The "Source disc image" panel should show the.iso file you
+        downloaded. If it does not, click the "Other" button and find it
+        in the folder you downloaded it to.
+        5. In the "Disk to use" panel, you should see two lines. They may
+        vary from system to system, but each line will have a device
+        identifier in it, highlighted in the example below.
+            <pre>
+            Generic Flash Disk (/dev/sda)
+            Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
+        6. Select the line containing SETUP 1 BOOT USB.49 Make note of the
+        disk identifier (e.g. /dev/sdb).
+        7. Click "Make Startup Disk" and then click "Yes".
+        8. Wait a few minutes for the copying process to complete.
 
-        3. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or malware
-            1. On your desktop, right-click the corresponding USB drive icon in
-            your dock and select Eject from the pop-up menu.
-            2. Remove the USB drive from the USB slot and immediately
-            <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-            data-content="
-            Technical details: In order to avoid detection, it's conceivable that malware
-            might wait until a USB drive is in the process of being ejected (and all
-            integrity checks presumably completed) before infecting the USB. Ejecting and
-            re-inserting the USB before integrity checking is a simple workaround to
-            defend against this.
-            ">re-insert it</a>.
-            3. Wait 10 seconds for the operating system to recognize the USB.
-            4.  
-                ```
-                $ cd $HOME/Downloads
-                ```
-            5.  
-                <pre>
-                $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier-here</span></pre>
-            6. If prompted for a password, enter the computer's root password.
-            7. Wait a few minutes for the verification process to complete.
-            8. If all goes well, the command will output no data, returning to
-            your usual terminal prompt.
-            9. If there is an issue, you'll see a message like:
-                ```
-                ubuntu-16.04.1-desktop-amd64.iso /dev/sda differ:
-                byte 1, line 1
-                ```
-                If you see a message like this, STOP -- this may be a security
-                risk. Restart this section from the beginning. If the issue
-                persists, try using a different USB drive or a different Setup
-                Computer.
+    3. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or malware
+        1. On your desktop, right-click the corresponding USB drive icon in
+        your dock and select Eject from the pop-up menu.
+        2. Remove the USB drive from the USB slot and immediately
+        <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
+        data-content="
+        Technical details: In order to avoid detection, it's conceivable that malware
+        might wait until a USB drive is in the process of being ejected (and all
+        integrity checks presumably completed) before infecting the USB. Ejecting and
+        re-inserting the USB before integrity checking is a simple workaround to
+        defend against this.
+        ">re-insert it</a>.
+        3. Wait 10 seconds for the operating system to recognize the USB.
+        4.  
+            ```
+            $ cd $HOME/Downloads
+            ```
+        5.  
+            <pre>
+            $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier-here</span></pre>
+        6. If prompted for a password, enter the computer's root password.
+        7. Wait a few minutes for the verification process to complete.
+        8. If all goes well, the command will output no data, returning to
+        your usual terminal prompt.
+        9. If there is an issue, you'll see a message like:
+            ```
+            ubuntu-16.04.1-desktop-amd64.iso /dev/sda differ:
+            byte 1, line 1
+            ```
+            If you see a message like this, STOP -- this may be a security
+            risk. Restart this section from the beginning. If the issue
+            persists, try using a different USB drive or a different Setup
+            Computer.
 
 7. Create the Q1 BOOT USB
     1. Boot the SETUP 1 computer from the SETUP 1 BOOT USB.
diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index eda3ae2..0435343 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -70,29 +70,29 @@ protocol.
     of other software distributions used by Glacier. Such a breach would
     quickly be detected by the global community.
 
-    1. **Windows**: Download and install the latest available version of
+    * **Windows**: Download and install the latest available version of
     [Gpg4win](https://www.gpg4win.org/). Use the default
     options.
-    2. **MacOS**: Download and install the latest available version of
+    * **MacOS**: Download and install the latest available version of
     [GPG Suite](https://gpgtools.org/).
-    3. **Linux**: GnuPG is pre-installed in Linux distributions.
+    * **Linux**: GnuPG is pre-installed in Linux distributions.
 
 ### Document verification
 
 7. Open a terminal window:
 
-    1. **Windows**: Press Windows-R, type "powershell" and click OK.
-    2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar, and
+    * **Windows**: Press Windows-R, type "powershell" and click OK.
+    * **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar, and
     type "terminal". Select the Terminal application from the search results.
-    3. **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
+    * **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
 
 8. Change the terminal's current working folder to the download folder. The
 commands below are based on default settings; if the defaults have been altered, 
 these commands will need customized to match.
 
-    1. **Windows**:  `> cd $HOME/Downloads/glacier`
-    2. **MacOS**:  `$ cd $HOME/Downloads/glacier`
-    3. **Linux**: `$ cd $HOME/Downloads/glacier`
+    * **Windows**:  `> cd $HOME/Downloads/glacier`
+    * **MacOS**:  `$ cd $HOME/Downloads/glacier`
+    * **Linux**: `$ cd $HOME/Downloads/glacier`
 
 9. Verify the integrity of the downloaded document. For technical background about
 this process, see Wikipedia's [Digital signature](https://en.wikipedia.org/wiki/Digital_signature)
@@ -136,7 +136,7 @@ entry.
     3. Verify the fingerprints in the fingerprint file match the fingerprints of the
     downloaded Glacier files.
 
-        1. On Linux or MacOS:
+        * **Linux or MacOS**:
 
             **Linux**: `$ sha256sum -c SHA256SUMS 2>&1`
 
@@ -148,7 +148,7 @@ entry.
             base58.py: OK README.md: OK
             ```
 
-        2. **Windows**:
+        * **Windows**:
 
             ```
             > Get-FileHash -a sha256 Glacier.pdf

From f16b2cf2ca8a0edd899d880b6ed5ec07fc99982d Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 15:35:48 +0000
Subject: [PATCH 102/190] Restructure - List broken into sub sections to reduce
 sub-lists

---
 _docs/setup/create-boot-usb.md | 487 +++++++++++++++++----------------
 1 file changed, 250 insertions(+), 237 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 3bb6d93..9c6641b 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -28,19 +28,22 @@ undermine a Quarantined USB setup process, the malware would first have to propa
 itself to the Non-Quarantined OS USB.
 
 ## On Setup Computer “SETUP 1”
-1. Open a copy of this document.
-2. Download Ubuntu from this link:
+Open a copy of this document.
+
+### Download and verify Ubuntu
+
+1. Download Ubuntu from this link:
 
     [http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.1-desktop-amd64.iso](http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.1-desktop-amd64.iso)
 
-3. Once the download is complete, open a terminal window:
+2. Once the download is complete, open a terminal window:
 
     * **Windows**: Press Windows-R, type "powershell" and click OK.
     * **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar,
     and type "terminal". Select the Terminal application from the search results.
     * **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
 
-4. Verify the Ubuntu download integrity:
+3. Verify the Ubuntu download integrity:
 
     1. Change the terminal’s current working folder to the download folder,
     customizing the folder name if necessary:
@@ -75,241 +78,251 @@ itself to the Non-Quarantined OS USB.
         signatures for this document were verified in the [Verify and print protocol document](/docs/setup/verify/#document-verification) section. For a detailed
         security analysis, see the [design document](/docs/design-doc/overview).
 
-6. Create the SETUP 1 BOOT USB.
+### Create the "SETUP 1 BOOT" USB
 
-    **Windows**:
-    1. Download the
-    [Rufus disk utility](https://rufus.akeo.ie/)
-    and run it.
+**Windows**:
+1. Download the
+[Rufus disk utility](https://rufus.akeo.ie/)
+and run it.
+2. Insert the SETUP 1 BOOT USB in an empty USB slot.
+3. In the "Device" dropdown at the top of the Rufus window, ensure the
+empty USB drive is selected.
+4. Next to the text "Create a bootable disk using", select "ISO Image"
+in the dropdown.
+5. Click the CD icon next to the "ISO Image" dropdown.
+6. A file explorer will pop up. Select `ubuntu-16.04.1-desktop-amd64.iso`
+from your downloads folder and click Open.
+7. Click Start.
+8. If prompted to download Syslinux software, click "Yes".
+9. When asked to write in "ISO Image Mode (Recommended)" or
+"DD Image Mode", select "ISO Image Mode" and press OK.
+10. The program will take a few minutes to write the USB.
+
+**MacOS**:
+1. Prepare the Ubuntu download for copying to the USB.
+    ```
+    $ cd $HOME/Downloads
+    $ hdiutil convert ubuntu-16.04.1-desktop-amd64.iso -format UDRW -o ubuntu-16.04.1-desktop-amd64.img
+    ```
+2. Determine the MacOS "device identifier" for the Boot USB.
+    1. `$ diskutil list`
     2. Insert the SETUP 1 BOOT USB in an empty USB slot.
-    3. In the "Device" dropdown at the top of the Rufus window, ensure the
-    empty USB drive is selected.
-    4. Next to the text "Create a bootable disk using", select "ISO Image"
-    in the dropdown.
-    5. Click the CD icon next to the "ISO Image" dropdown.
-    6. A file explorer will pop up. Select `ubuntu-16.04.1-desktop-amd64.iso`
-    from your downloads folder and click Open.
-    7. Click Start.
-    8. If prompted to download Syslinux software, click "Yes".
-    9. When asked to write in "ISO Image Mode (Recommended)" or
-    "DD Image Mode", select "ISO Image Mode" and press OK.
-    10. The program will take a few minutes to write the USB.
-
-    **MacOS**:
-    1. Prepare the Ubuntu download for copying to the USB.
+    3. Wait 10 seconds for the operating system to recognize the USB.
+    4. Once more: `$ diskutil list`
+    5. The output of the second command should include an additional
+    section that was not present in the first command's output.
+        1. This section will have (external, physical) in the header.
+        2. The first line of the section's SIZE column should reflect
+        the capacity of the USB drive.
+    6. Make a note of the device identifier.
+        1. The device identifier is the part of the new section header
+        that comes before (external, physical) (for example /dev/disk2).
+
+3. Put Ubuntu on the SETUP 1 BOOT USB.
+    1. First, unmount the usb
+        <pre>
+        $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
+        </pre>
+    2. Enter the following command, **making sure to use the correct
+    device identifier; <span style="color: red;">using the wrong one could overwrite your hard
+    drive!</span>**
+        <pre>
+        $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg \
+        of=<span class="primary">USB-device-identifier-here</span> bs=1m
+        </pre>
+        Example:
+        ```
+        $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=/dev/disk2 bs=1m
+        ```
+    3. Enter your administrator password when requested.
+    4. Wait several minutes for the copying process to complete. When
+    it does, you may see an error box pop up. This is expected; it's
+    because the USB is written in a format readable by Ubuntu, but not
+    readable by MacOS.
+    5. Click Ignore.
+
+4. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or
+malware infection).
+    1. Remove the USB drive from the USB slot and immediately reinsert it.
+    2. Wait 10 seconds for the operating system to recognize the USB.
+    3. You may see the same error box pop up again. Select Ignore.
+    4. The USB's device identifier may have changed. Find it again:
+        ```
+        $ diskutil list
+        ```
+    5.  
+        ```
+        $ cd $HOME/Downloads
+        ```
+    6.  
+        ```
+        $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` USB-device-identifier-here
+        ```
+    7. Wait a few minutes for the verification process to complete.
+    8. If all goes well, the command will output no data, returning to
+    your usual terminal prompt.
+    9. If there is a discrepancy, you’ll see a message like:
+        ```
+        ubuntu-16.04.1-desktop-amd64.img.dmg /dev/disk2
+        differ: byte 1, line 1
+        ```
+        If you see a message like this, STOP -- this may be a security
+        risk. Restart this section from the beginning. If the
+        issue persists, try using a different USB drive or a different
+        Setup Computer.
+
+**Ubuntu**:
+1. If this is your first time using Ubuntu, note:
+    1. You can copy-paste text in most applications (e.g. Firefox) by
+    pressing **Ctrl-C** or **Ctrl-V**.
+    2. You can copy-paste text in a *terminal window* by pressing
+    **Ctrl-Shift-C** or **Ctrl-Shift-V**.
+2. Put Ubuntu on the SETUP BOOT 1 USB.
+    1. Open the Ubuntu search console by clicking the purple
+    circle/swirl icon in the upper-left corner of the screen.
+    2. Type "startup disk creator" in the text box that appears
+    3. Click on the "Startup Disk Creator" icon that appears.
+    4. The "Source disc image" panel should show the.iso file you
+    downloaded. If it does not, click the "Other" button and find it
+    in the folder you downloaded it to.
+    5. In the "Disk to use" panel, you should see two lines. They may
+    vary from system to system, but each line will have a device
+    identifier in it, highlighted in the example below.
+        <pre>
+        Generic Flash Disk (/dev/sda)
+        Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
+    6. Select the line containing SETUP 1 BOOT USB.49 Make note of the
+    disk identifier (e.g. /dev/sdb).
+    7. Click "Make Startup Disk" and then click "Yes".
+    8. Wait a few minutes for the copying process to complete.
+
+3. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or malware
+    1. On your desktop, right-click the corresponding USB drive icon in
+    your dock and select Eject from the pop-up menu.
+    2. Remove the USB drive from the USB slot and immediately
+    <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
+    data-content="
+    Technical details: In order to avoid detection, it's conceivable that malware
+    might wait until a USB drive is in the process of being ejected (and all
+    integrity checks presumably completed) before infecting the USB. Ejecting and
+    re-inserting the USB before integrity checking is a simple workaround to
+    defend against this.
+    ">re-insert it</a>.
+    3. Wait 10 seconds for the operating system to recognize the USB.
+    4.  
         ```
         $ cd $HOME/Downloads
-        $ hdiutil convert ubuntu-16.04.1-desktop-amd64.iso -format UDRW -o ubuntu-16.04.1-desktop-amd64.img
         ```
-    2. Determine the MacOS "device identifier" for the Boot USB.
-        1. `$ diskutil list`
-        2. Insert the SETUP 1 BOOT USB in an empty USB slot.
-        3. Wait 10 seconds for the operating system to recognize the USB.
-        4. Once more: `$ diskutil list`
-        5. The output of the second command should include an additional
-        section that was not present in the first command's output.
-            1. This section will have (external, physical) in the header.
-            2. The first line of the section's SIZE column should reflect
-            the capacity of the USB drive.
-        6. Make a note of the device identifier.
-            1. The device identifier is the part of the new section header
-            that comes before (external, physical) (for example /dev/disk2).
-
-    3. Put Ubuntu on the SETUP 1 BOOT USB.
-        1. First, unmount the usb
-            <pre>
-            $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
-            </pre>
-        2. Enter the following command, **making sure to use the correct
-        device identifier; <span style="color: red;">using the wrong one could overwrite your hard
-        drive!</span>**
-            <pre>
-            $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg \
-            of=<span class="primary">USB-device-identifier-here</span> bs=1m
-            </pre>
-            Example:
-            ```
-            $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=/dev/disk2 bs=1m
-            ```
-        3. Enter your administrator password when requested.
-        4. Wait several minutes for the copying process to complete. When
-        it does, you may see an error box pop up. This is expected; it's
-        because the USB is written in a format readable by Ubuntu, but not
-        readable by MacOS.
-        5. Click Ignore.
-
-    4. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or
-    malware infection).
-        1. Remove the USB drive from the USB slot and immediately reinsert it.
-        2. Wait 10 seconds for the operating system to recognize the USB.
-        3. You may see the same error box pop up again. Select Ignore.
-        4. The USB's device identifier may have changed. Find it again:
-            ```
-            $ diskutil list
-            ```
-        5.  
-            ```
-            $ cd $HOME/Downloads
-            ```
-        6.  
-            ```
-            $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` USB-device-identifier-here
-            ```
-        7. Wait a few minutes for the verification process to complete.
-        8. If all goes well, the command will output no data, returning to
-        your usual terminal prompt.
-        9. If there is a discrepancy, you’ll see a message like:
-            ```
-            ubuntu-16.04.1-desktop-amd64.img.dmg /dev/disk2
-            differ: byte 1, line 1
-            ```
-            If you see a message like this, STOP -- this may be a security
-            risk. Restart this section from the beginning. If the
-            issue persists, try using a different USB drive or a different
-            Setup Computer.
-
-    **Ubuntu**:
-    1. If this is your first time using Ubuntu, note:
-        1. You can copy-paste text in most applications (e.g. Firefox) by
-        pressing **Ctrl-C** or **Ctrl-V**.
-        2. You can copy-paste text in a *terminal window* by pressing
-        **Ctrl-Shift-C** or **Ctrl-Shift-V**.
-    2. Put Ubuntu on the SETUP BOOT 1 USB.
-        1. Open the Ubuntu search console by clicking the purple
-        circle/swirl icon in the upper-left corner of the screen.
-        2. Type "startup disk creator" in the text box that appears
-        3. Click on the "Startup Disk Creator" icon that appears.
-        4. The "Source disc image" panel should show the.iso file you
-        downloaded. If it does not, click the "Other" button and find it
-        in the folder you downloaded it to.
-        5. In the "Disk to use" panel, you should see two lines. They may
-        vary from system to system, but each line will have a device
-        identifier in it, highlighted in the example below.
-            <pre>
-            Generic Flash Disk (/dev/sda)
-            Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
-        6. Select the line containing SETUP 1 BOOT USB.49 Make note of the
-        disk identifier (e.g. /dev/sdb).
-        7. Click "Make Startup Disk" and then click "Yes".
-        8. Wait a few minutes for the copying process to complete.
-
-    3. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or malware
-        1. On your desktop, right-click the corresponding USB drive icon in
-        your dock and select Eject from the pop-up menu.
-        2. Remove the USB drive from the USB slot and immediately
-        <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-        data-content="
-        Technical details: In order to avoid detection, it's conceivable that malware
-        might wait until a USB drive is in the process of being ejected (and all
-        integrity checks presumably completed) before infecting the USB. Ejecting and
-        re-inserting the USB before integrity checking is a simple workaround to
-        defend against this.
-        ">re-insert it</a>.
-        3. Wait 10 seconds for the operating system to recognize the USB.
-        4.  
-            ```
-            $ cd $HOME/Downloads
-            ```
-        5.  
-            <pre>
-            $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier-here</span></pre>
-        6. If prompted for a password, enter the computer's root password.
-        7. Wait a few minutes for the verification process to complete.
-        8. If all goes well, the command will output no data, returning to
-        your usual terminal prompt.
-        9. If there is an issue, you'll see a message like:
-            ```
-            ubuntu-16.04.1-desktop-amd64.iso /dev/sda differ:
-            byte 1, line 1
-            ```
-            If you see a message like this, STOP -- this may be a security
-            risk. Restart this section from the beginning. If the issue
-            persists, try using a different USB drive or a different Setup
-            Computer.
-
-7. Create the Q1 BOOT USB
-    1. Boot the SETUP 1 computer from the SETUP 1 BOOT USB.
-        1. Reboot the computer.
-        2. Press your laptop's key sequence to bring up the boot device
-        selection menu. (Some PCs may offer a boot device selection menu;
-        see below.)
-            1. **PC**: Varies by manufacturer, but is often **F12** or **Del**. The
-            timing may vary as well; try pressing it when the boot logo appears.
-                1. On the recommended Dell laptop, press F12. You should see a
-                horizontal blue bar appear underneath the Dell logo.
-                2. The recommended Acer laptop does not have a boot menu. See
-                below for instructions.
-            2. **Mac**: When you hear the startup chime, **press and hold
-            Option (⌥)**.
-
-        3. Select the proper device to boot from.
-            1. **PC**: Varies by manufacturer; option will often say "USB"
-            and/or "UEFI".
-                1. On the recommended Dell laptop, select "USB1" under "UEFI
-                OPTIONS".
-                2. The recommended Acer laptop does not have a boot menu. See below
-                for instructions.
-            2. **Mac**: Click the "EFI Boot" option and then click the up
-            arrow underneath it.
-
-                You do not need to select a network at this time. If more than
-                one identical "EFI boot" option is shown, you may need to guess
-                and reboot if you pick the wrong one.
-
-        4. Some laptops don't have a boot device selection menu, and you need to go into the BIOS configuration and change the boot order so that the USB drive is first.
-            1. On the recommended Acer laptop:
-                1. Press F2 while booting to enter BIOS configuration.
-                2. Navigate to the Boot menu.
-                3. Select USB HDD, and press F6 until it is at the top of the list.
-                4. Press F10 to save and automatically reboot from the USB.
-        5. If the computer boots into its regular OS rather than presenting you
-        with a boot device or BIOS configuration screen, you probably pressed
-        the wrong button, or waited too long.
-            1. Hold down your laptop's power button for 10 seconds. (The
-              screen may turn black sooner than that; keep holding it down.)
-            2. Turn the laptop back on and try again. Spam the appropriate
-            button(s) repeatedly as it boots.
-            3. If the computer boots *immediately* to where it left off, you
-            probably didn't hold down the power button long enough.
-        6. You'll see a menu that says "GNU GRUB" at the top of the screen.
-        Select the option "Try Ubuntu without installing" and press Enter.
-        7. The computer should boot into the USB's Ubuntu desktop.
-
-    2. Enable WiFi connectivity.
-        1. Click the cone-shaped WiFi icon near the right side of the menu bar.
-        2. If the dropdown says "No network devices available" at the top, you need to enable your networking drivers:
-            1. Click on "System Settings". It's the gear-and-wrench icon along
-            the left side of the screen.
-            2. A System Settings window will appear. Click the "Software &
-            Updates" icon.
-            3. A Software & Updates window will appear. Click the "Additional
-            Drivers" tab.
-            4. In the Additional Drivers tab, you'll see a section for a
-            Wireless Network Adapter. In that section, "Do not use the device"
-            will be selected. Select any other option besides "Do not use the
-            device.""
-            5. Click "Apply Changes".
-            6. Click the cone-shaped WiFi icon near the right side of the menu
-            bar again. There should be a list of WiFi networks this time.
-        3. Select your WiFi network from the list and enter the password.
-    3. Repeat steps 1-6 using the SETUP 1 computer to create the Q1 BOOT USB
-    rather than the SETUP 1 BOOT USB.
-        1. **The instruction to plug a Quarantined Boot USB into your Setup
-        computer should raise a red flag for you, because <span style="color: red;">you should never
-        plug a quarantined USB into anything other than the quarantined
-        computer it is designated for!</span>**
-
-           This setup process is the ONE exception.
-        2. Because you have booted the SETUP 1 computer off the SETUP 1 BOOT
-        USB, you will follow the instructions for Ubuntu, even if your computer
-        normally runs Windows or MacOS.
-        3. Immediately after you are finished executing steps 1-6 with the Q1
-        BOOT USB, remove the Q1 BOOT USB from the SETUP 1 computer.
-            1. On your desktop, right-click the corresponding USB drive icon
-            in your dock and select Eject from the pop-up menu.
-            2. Remove the USB drive from the USB slot.
-        4. **The Q1 BOOT USB is now eternally quarantined. It should never again
-        be plugged into anything besides the Q1 computer.**
-8. Create the SETUP 2 BOOT USB and Q2 BOOT USB
-    1. Repeat steps 1-7 using the SETUP 2 computer, SETUP 2 BOOT USB, and Q2
-    BOOT USB.
+    5.  
+        <pre>
+        $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier-here</span></pre>
+    6. If prompted for a password, enter the computer's root password.
+    7. Wait a few minutes for the verification process to complete.
+    8. If all goes well, the command will output no data, returning to
+    your usual terminal prompt.
+    9. If there is an issue, you'll see a message like:
+        ```
+        ubuntu-16.04.1-desktop-amd64.iso /dev/sda differ:
+        byte 1, line 1
+        ```
+        If you see a message like this, STOP -- this may be a security
+        risk. Restart this section from the beginning. If the issue
+        persists, try using a different USB drive or a different Setup
+        Computer.
+
+### Create the "Q1 BOOT" USB
+
+1. Boot the SETUP 1 computer from the SETUP 1 BOOT USB.
+    1. Reboot the computer.
+    2. Press your laptop's key sequence to bring up the boot device
+    selection menu. (Some PCs may offer a boot device selection menu;
+    see below.)
+        1. **PC**: Varies by manufacturer, but is often **F12** or **Del**. The
+        timing may vary as well; try pressing it when the boot logo appears.
+            1. On the recommended Dell laptop, press F12. You should see a
+            horizontal blue bar appear underneath the Dell logo.
+            2. The recommended Acer laptop does not have a boot menu. See
+            below for instructions.
+        2. **Mac**: When you hear the startup chime, **press and hold
+        Option (⌥)**.
+
+    3. Select the proper device to boot from.
+        1. **PC**: Varies by manufacturer; option will often say "USB"
+        and/or "UEFI".
+            1. On the recommended Dell laptop, select "USB1" under "UEFI
+            OPTIONS".
+            2. The recommended Acer laptop does not have a boot menu. See below
+            for instructions.
+        2. **Mac**: Click the "EFI Boot" option and then click the up
+        arrow underneath it.
+
+            You do not need to select a network at this time. If more than
+            one identical "EFI boot" option is shown, you may need to guess
+            and reboot if you pick the wrong one.
+
+    4. Some laptops don't have a boot device selection menu, and you need to go into the BIOS configuration and change the boot order so that the USB drive is first.
+        1. On the recommended Acer laptop:
+            1. Press F2 while booting to enter BIOS configuration.
+            2. Navigate to the Boot menu.
+            3. Select USB HDD, and press F6 until it is at the top of the list.
+            4. Press F10 to save and automatically reboot from the USB.
+    5. If the computer boots into its regular OS rather than presenting you
+    with a boot device or BIOS configuration screen, you probably pressed
+    the wrong button, or waited too long.
+        1. Hold down your laptop's power button for 10 seconds. (The
+            screen may turn black sooner than that; keep holding it down.)
+        2. Turn the laptop back on and try again. Spam the appropriate
+        button(s) repeatedly as it boots.
+        3. If the computer boots *immediately* to where it left off, you
+        probably didn't hold down the power button long enough.
+    6. You'll see a menu that says "GNU GRUB" at the top of the screen.
+    Select the option "Try Ubuntu without installing" and press Enter.
+    7. The computer should boot into the USB's Ubuntu desktop.
+
+2. Enable WiFi connectivity.
+    1. Click the cone-shaped WiFi icon near the right side of the menu bar.
+    2. If the dropdown says "No network devices available" at the top, you need to enable your networking drivers:
+        1. Click on "System Settings". It's the gear-and-wrench icon along
+        the left side of the screen.
+        2. A System Settings window will appear. Click the "Software &
+        Updates" icon.
+        3. A Software & Updates window will appear. Click the "Additional
+        Drivers" tab.
+        4. In the Additional Drivers tab, you'll see a section for a
+        Wireless Network Adapter. In that section, "Do not use the device"
+        will be selected. Select any other option besides "Do not use the
+        device.""
+        5. Click "Apply Changes".
+        6. Click the cone-shaped WiFi icon near the right side of the menu
+        bar again. There should be a list of WiFi networks this time.
+    3. Select your WiFi network from the list and enter the password.
+3. Repeat steps 1-6 using the SETUP 1 computer to create the Q1 BOOT USB
+rather than the SETUP 1 BOOT USB.
+    1. **The instruction to plug a Quarantined Boot USB into your Setup
+    computer should raise a red flag for you, because <span style="color: red;">you should never
+    plug a quarantined USB into anything other than the quarantined
+    computer it is designated for!</span>**
+
+        This setup process is the ONE exception.
+    2. Because you have booted the SETUP 1 computer off the SETUP 1 BOOT
+    USB, you will follow the instructions for Ubuntu, even if your computer
+    normally runs Windows or MacOS.
+    3. Immediately after you are finished executing steps 1-6 with the Q1
+    BOOT USB, remove the Q1 BOOT USB from the SETUP 1 computer.
+        1. On your desktop, right-click the corresponding USB drive icon
+        in your dock and select Eject from the pop-up menu.
+        2. Remove the USB drive from the USB slot.
+    4. **The Q1 BOOT USB is now eternally quarantined. It should never again
+    be plugged into anything besides the Q1 computer.**
+
+## On Setup Computer “SETUP 2”
+
+### Create the "SETUP 2 BOOT" USB
+
+1. Repeat steps in the [Create the "SETUP 1 BOOT" USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb)
+section above, using the "SETUP 2" computer and the "SETUP 2 BOOT" USB.
+
+### Create the "Q2 BOOT" USB
+
+1. Repeat steps in the [Create the "Q1 BOOT" USB](/docs/setup/create-boot-usb/#create-the-q1-boot-usb)
+section above, using the "SETUP 2" computer and the "Q2 BOOT" USB.
\ No newline at end of file

From 027bfd232e8a136182dec1d261ac15af4992c2eb Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 16:03:34 +0000
Subject: [PATCH 103/190] Number removed - Not an operational step

---
 _docs/setup/create-boot-usb.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 9c6641b..ed0f654 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -96,7 +96,8 @@ from your downloads folder and click Open.
 8. If prompted to download Syslinux software, click "Yes".
 9. When asked to write in "ISO Image Mode (Recommended)" or
 "DD Image Mode", select "ISO Image Mode" and press OK.
-10. The program will take a few minutes to write the USB.
+
+The program will take a few minutes to write the USB.
 
 **MacOS**:
 1. Prepare the Ubuntu download for copying to the USB.

From 06ce6bd3c65620a8ec1eb9d15867e86877b30587 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 16:06:27 +0000
Subject: [PATCH 104/190] Consistent quotes used for references

---
 _docs/setup/create-boot-usb.md | 48 ++++++++++++++++------------------
 1 file changed, 23 insertions(+), 25 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index ed0f654..e73a31f 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -38,10 +38,10 @@ Open a copy of this document.
 
 2. Once the download is complete, open a terminal window:
 
-    * **Windows**: Press Windows-R, type "powershell" and click OK.
+    * **Windows**: Press "Windows-R", type "powershell" and click "OK".
     * **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar,
-    and type "terminal". Select the Terminal application from the search results.
-    * **Linux**: Varies; on Ubuntu, press Ctrl-Alt-T.
+    and type "terminal". Select the "Terminal" application from the search results.
+    * **Linux**: Varies; on Ubuntu, press "Ctrl-Alt-T".
 
 3. Verify the Ubuntu download integrity:
 
@@ -81,21 +81,19 @@ Open a copy of this document.
 ### Create the "SETUP 1 BOOT" USB
 
 **Windows**:
-1. Download the
-[Rufus disk utility](https://rufus.akeo.ie/)
-and run it.
-2. Insert the SETUP 1 BOOT USB in an empty USB slot.
+1. Download and run [Rufus disk utility](https://rufus.akeo.ie/).
+2. Insert the "SETUP 1 BOOT" USB into an empty USB slot.
 3. In the "Device" dropdown at the top of the Rufus window, ensure the
 empty USB drive is selected.
 4. Next to the text "Create a bootable disk using", select "ISO Image"
 in the dropdown.
 5. Click the CD icon next to the "ISO Image" dropdown.
-6. A file explorer will pop up. Select `ubuntu-16.04.1-desktop-amd64.iso`
-from your downloads folder and click Open.
-7. Click Start.
+6. In the file explorer that pops up, select `ubuntu-16.04.1-desktop-amd64.iso`
+from the downloads folder and click "Open".
+7. Click "Start".
 8. If prompted to download Syslinux software, click "Yes".
 9. When asked to write in "ISO Image Mode (Recommended)" or
-"DD Image Mode", select "ISO Image Mode" and press OK.
+"DD Image Mode", select "ISO Image Mode" and press "OK".
 
 The program will take a few minutes to write the USB.
 
@@ -107,7 +105,7 @@ The program will take a few minutes to write the USB.
     ```
 2. Determine the MacOS "device identifier" for the Boot USB.
     1. `$ diskutil list`
-    2. Insert the SETUP 1 BOOT USB in an empty USB slot.
+    2. Insert the "SETUP 1 BOOT" USB in an empty USB slot.
     3. Wait 10 seconds for the operating system to recognize the USB.
     4. Once more: `$ diskutil list`
     5. The output of the second command should include an additional
@@ -119,7 +117,7 @@ The program will take a few minutes to write the USB.
         1. The device identifier is the part of the new section header
         that comes before (external, physical) (for example /dev/disk2).
 
-3. Put Ubuntu on the SETUP 1 BOOT USB.
+3. Put Ubuntu on the "SETUP 1 BOOT" USB.
     1. First, unmount the usb
         <pre>
         $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
@@ -142,7 +140,7 @@ The program will take a few minutes to write the USB.
     readable by MacOS.
     5. Click Ignore.
 
-4. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or
+4. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or
 malware infection).
     1. Remove the USB drive from the USB slot and immediately reinsert it.
     2. Wait 10 seconds for the operating system to recognize the USB.
@@ -178,7 +176,7 @@ malware infection).
     pressing **Ctrl-C** or **Ctrl-V**.
     2. You can copy-paste text in a *terminal window* by pressing
     **Ctrl-Shift-C** or **Ctrl-Shift-V**.
-2. Put Ubuntu on the SETUP BOOT 1 USB.
+2. Put Ubuntu on the "SETUP BOOT 1" USB.
     1. Open the Ubuntu search console by clicking the purple
     circle/swirl icon in the upper-left corner of the screen.
     2. Type "startup disk creator" in the text box that appears
@@ -192,12 +190,12 @@ malware infection).
         <pre>
         Generic Flash Disk (/dev/sda)
         Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
-    6. Select the line containing SETUP 1 BOOT USB.49 Make note of the
+    6. Select the line containing "SETUP 1 BOOT" USB.49 Make note of the
     disk identifier (e.g. /dev/sdb).
     7. Click "Make Startup Disk" and then click "Yes".
     8. Wait a few minutes for the copying process to complete.
 
-3. Verify the integrity of the SETUP 1 BOOT USB (i.e. no errors or malware
+3. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or malware
     1. On your desktop, right-click the corresponding USB drive icon in
     your dock and select Eject from the pop-up menu.
     2. Remove the USB drive from the USB slot and immediately
@@ -233,7 +231,7 @@ malware infection).
 
 ### Create the "Q1 BOOT" USB
 
-1. Boot the SETUP 1 computer from the SETUP 1 BOOT USB.
+1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB.
     1. Reboot the computer.
     2. Press your laptop's key sequence to bring up the boot device
     selection menu. (Some PCs may offer a boot device selection menu;
@@ -297,24 +295,24 @@ malware infection).
         6. Click the cone-shaped WiFi icon near the right side of the menu
         bar again. There should be a list of WiFi networks this time.
     3. Select your WiFi network from the list and enter the password.
-3. Repeat steps 1-6 using the SETUP 1 computer to create the Q1 BOOT USB
-rather than the SETUP 1 BOOT USB.
+3. Repeat steps 1-6 using the "SETUP 1" computer to create the "Q1 BOOT" USB
+rather than the "SETUP 1 BOOT" USB.
     1. **The instruction to plug a Quarantined Boot USB into your Setup
     computer should raise a red flag for you, because <span style="color: red;">you should never
     plug a quarantined USB into anything other than the quarantined
     computer it is designated for!</span>**
 
         This setup process is the ONE exception.
-    2. Because you have booted the SETUP 1 computer off the SETUP 1 BOOT
+    2. Because you have booted the "SETUP 1" computer off the "SETUP 1 BOOT"
     USB, you will follow the instructions for Ubuntu, even if your computer
     normally runs Windows or MacOS.
-    3. Immediately after you are finished executing steps 1-6 with the Q1
-    BOOT USB, remove the Q1 BOOT USB from the SETUP 1 computer.
+    3. Immediately after you are finished executing steps 1-6 with the "Q1
+    BOOT" USB, remove the "Q1 BOOT" USB from the "SETUP 1" computer.
         1. On your desktop, right-click the corresponding USB drive icon
         in your dock and select Eject from the pop-up menu.
         2. Remove the USB drive from the USB slot.
-    4. **The Q1 BOOT USB is now eternally quarantined. It should never again
-    be plugged into anything besides the Q1 computer.**
+    4. **The "Q1 BOOT" USB is now eternally quarantined. It should never again
+    be plugged into anything besides the "Q1" computer.**
 
 ## On Setup Computer “SETUP 2”
 

From c16cc27f5b21b6d05733a5259240886781a84e09 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 16:27:45 +0000
Subject: [PATCH 105/190] Blue, environment specific, highlighting explained

---
 _docs/before-you-start/structure.md | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/_docs/before-you-start/structure.md b/_docs/before-you-start/structure.md
index 3fb0c13..5fd2416 100644
--- a/_docs/before-you-start/structure.md
+++ b/_docs/before-you-start/structure.md
@@ -81,10 +81,21 @@ Each line is *not* a separate command; it is one command to be entered in its
 entirety. This is clear because there is no `$` at the beginning of the second
 line. Proceed carefully.
 
-If the terminal response is in any way different to the expected response stated
-in the protocol, **stop and seek help**. Continue only if all possible causes and
-implications of the discrepancy are understood.
+Commands requiring user-specific information will be highlighted like this:
+
+<pre>
+$ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier-here</span> bs=1m
+</pre>
+
+This is because the USB device identifier will vary from installation to installation. In this example, the user is expected to replace the <span class="primary">USB-device-identifier-here</span> with the USB device identifier particular to the local machine:
+```
+$ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=/dev/disk2 bs=1m
+```
+
+An explanation of how to provide the required information will always be given.
 
 **In general, follow the protocol carefully, keep track of the current step and
 double-check all work**. Any errors or deviations can undermine the security of the
-process.
\ No newline at end of file
+process. If the terminal response is in any way different to the expected response stated
+in the protocol, **stop and seek help**. Continue only if all possible causes and
+implications of the discrepancy are understood.
\ No newline at end of file

From a02c1c31c0676888ec42d1f241fffd5432c9596f Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 16:34:56 +0000
Subject: [PATCH 106/190] reword, restructure

numbered sublist turned into linear text- these are not sequential steps
---
 _docs/setup/create-boot-usb.md | 30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index e73a31f..7f767de 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -108,17 +108,15 @@ The program will take a few minutes to write the USB.
     2. Insert the "SETUP 1 BOOT" USB in an empty USB slot.
     3. Wait 10 seconds for the operating system to recognize the USB.
     4. Once more: `$ diskutil list`
-    5. The output of the second command should include an additional
-    section that was not present in the first command's output.
-        1. This section will have (external, physical) in the header.
-        2. The first line of the section's SIZE column should reflect
-        the capacity of the USB drive.
-    6. Make a note of the device identifier.
-        1. The device identifier is the part of the new section header
-        that comes before (external, physical) (for example /dev/disk2).
-
-3. Put Ubuntu on the "SETUP 1 BOOT" USB.
-    1. First, unmount the usb
+    5. The output from the command in step 4 should include an additional
+    section that was not present in the output from the command in step 1. It will
+    contain "(external, physical)" in the header. The first line of the section's
+    "SIZE" column should reflect the capacity of the USB drive.
+    6. Make a note of the device identifier, which is the part of the section header
+    that comes before "(external, physical)", for example "/dev/disk2".
+
+3. Copy the Ubuntu image onto the "SETUP 1 BOOT" USB.
+    1. Unmount the USB drive
         <pre>
         $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
         </pre>
@@ -133,12 +131,10 @@ The program will take a few minutes to write the USB.
         ```
         $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=/dev/disk2 bs=1m
         ```
-    3. Enter your administrator password when requested.
-    4. Wait several minutes for the copying process to complete. When
-    it does, you may see an error box pop up. This is expected; it's
-    because the USB is written in a format readable by Ubuntu, but not
-    readable by MacOS.
-    5. Click Ignore.
+    3. Enter the administrator password when requested.
+    4. Wait several minutes for the copying process to complete.
+    5. The resulting USB drive will not be readable by MacOS, which may result in an
+    error box pop up. This is expected; click "Ignore".
 
 4. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or
 malware infection).

From 9fa3014ed29eaef3d8774c543a573b14c8338f73 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 16:52:52 +0000
Subject: [PATCH 107/190] Terminal commands reformatted for consistency

Previous formatting was never explained in "Protocol structure" section
---
 _docs/setup/create-boot-usb.md | 40 +++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 7f767de..5c8ba39 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -48,15 +48,33 @@ Open a copy of this document.
     1. Change the terminal’s current working folder to the download folder,
     customizing the folder name if necessary:
 
-        * **Windows**: `> cd $HOME/Downloads`
-        * **MacOS**: `$ cd $HOME/Downloads`
-        * **Linux**: `$ cd $HOME/Downloads`
+        * **Windows**: 
+        ```
+        > cd $HOME/Downloads
+        ```
+        * **MacOS**: 
+        ```
+        $ cd $HOME/Downloads
+        ```
+        * **Linux**: 
+        ```
+        $ cd $HOME/Downloads
+        ```
 
     2. View the fingerprint of the file:
 
-        * **Windows**: `> Get-FileHash -a sha256 ubuntu-16.04.1-desktop-amd64.iso`
-        * **MacOS**: `$ shasum -a 256 ubuntu-16.04.1-desktop-amd64.iso`
-        * **Linux**: `$ sha256sum ubuntu-16.04.1-desktop-amd64.iso`
+        * **Windows**: 
+        ```
+        > Get-FileHash -a sha256 ubuntu-16.04.1-desktop-amd64.iso
+        ```
+        * **MacOS**: 
+        ```
+        $ shasum -a 256 ubuntu-16.04.1-desktop-amd64.iso
+        ```
+        * **Linux**: 
+        ```
+        $ sha256sum ubuntu-16.04.1-desktop-amd64.iso
+        ```
 
     3. The following fingerprint, further verified in 
     [the official Ubuntu fingerprint list](http://releases.ubuntu.com/16.04.1/SHA256SUMS)
@@ -104,10 +122,16 @@ The program will take a few minutes to write the USB.
     $ hdiutil convert ubuntu-16.04.1-desktop-amd64.iso -format UDRW -o ubuntu-16.04.1-desktop-amd64.img
     ```
 2. Determine the MacOS "device identifier" for the Boot USB.
-    1. `$ diskutil list`
+    1. List all disks and partitions:
+    ```
+    $ diskutil list
+    ```
     2. Insert the "SETUP 1 BOOT" USB in an empty USB slot.
     3. Wait 10 seconds for the operating system to recognize the USB.
-    4. Once more: `$ diskutil list`
+    4. List all disks and partitions again:
+    ```
+    $ diskutil list
+    ```
     5. The output from the command in step 4 should include an additional
     section that was not present in the output from the command in step 1. It will
     contain "(external, physical)" in the header. The first line of the section's

From d85e53f3c7b61b76571894bd8297c9c9935b798b Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 16:54:34 +0000
Subject: [PATCH 108/190] Reword to remove reference by step number

markdown number may be converted to letter once rendered
---
 _docs/setup/create-boot-usb.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 5c8ba39..e7c1dc8 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -132,8 +132,8 @@ The program will take a few minutes to write the USB.
     ```
     $ diskutil list
     ```
-    5. The output from the command in step 4 should include an additional
-    section that was not present in the output from the command in step 1. It will
+    5. The output from the second `diskutil list` should include an additional
+    section that was not present in the first `diskutil list` . It will
     contain "(external, physical)" in the header. The first line of the section's
     "SIZE" column should reflect the capacity of the USB drive.
     6. Make a note of the device identifier, which is the part of the section header

From 5ddb4e868d503a63f0f305ae74f9ecb0fc40a382 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 16:55:08 +0000
Subject: [PATCH 109/190] Reword

---
 _docs/setup/create-boot-usb.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index e7c1dc8..c69dbcf 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -160,11 +160,12 @@ The program will take a few minutes to write the USB.
     5. The resulting USB drive will not be readable by MacOS, which may result in an
     error box pop up. This is expected; click "Ignore".
 
-4. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or
-malware infection).
-    1. Remove the USB drive from the USB slot and immediately reinsert it.
+4. Verify the integrity of the "SETUP 1 BOOT" USB drive to prove the absence of errors or
+malware infection.
+    1. Remove the "SETUP 1 BOOT" USB drive from the USB slot and immediately reinsert it.
     2. Wait 10 seconds for the operating system to recognize the USB.
-    3. You may see the same error box pop up again. Select Ignore.
+    3. The USB drive will, again, not be readable by MacOS, which may result in an
+    error box pop up. This is expected; click "Ignore".
     4. The USB's device identifier may have changed. Find it again:
         ```
         $ diskutil list

From b279a123416924abac4c2266631d6e6998718119 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 17:17:21 +0000
Subject: [PATCH 110/190] slash removed in case user is typing command instead
 of copy-pasting

code linebreaks have been explained-beginner may not know to drop "\"
---
 _docs/setup/create-boot-usb.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index c69dbcf..3dc2c03 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -148,8 +148,7 @@ The program will take a few minutes to write the USB.
     device identifier; <span style="color: red;">using the wrong one could overwrite your hard
     drive!</span>**
         <pre>
-        $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg \
-        of=<span class="primary">USB-device-identifier-here</span> bs=1m
+        $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier-here</span> bs=1m
         </pre>
         Example:
         ```

From 62c52fd4a497889008177cd9bfe28d7bc03bbd87 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 18:13:07 +0000
Subject: [PATCH 111/190] Reword, restructure, command descriptions added

---
 _docs/setup/create-boot-usb.md | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 3dc2c03..87db32a 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -165,27 +165,27 @@ malware infection.
     2. Wait 10 seconds for the operating system to recognize the USB.
     3. The USB drive will, again, not be readable by MacOS, which may result in an
     error box pop up. This is expected; click "Ignore".
-    4. The USB's device identifier may have changed. Find it again:
+    4. The USB's device identifier may have changed. List all disks and partitions again:
         ```
         $ diskutil list
         ```
-    5.  
+    5. Change the terminal’s current working folder to the download folder,
+    customizing the folder name if necessary:
         ```
         $ cd $HOME/Downloads
         ```
-    6.  
+    6. Compare the "SETUP 1 BOOT" USB drive to the verified image:
         ```
         $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` USB-device-identifier-here
         ```
     7. Wait a few minutes for the verification process to complete.
-    8. If all goes well, the command will output no data, returning to
-    your usual terminal prompt.
-    9. If there is a discrepancy, you’ll see a message like:
+    8. Successful verification will return to the terminal prompt, outputting no data.
+    Failure will return a message showing how the USB differs from the downloaded image, for example:
         ```
         ubuntu-16.04.1-desktop-amd64.img.dmg /dev/disk2
         differ: byte 1, line 1
         ```
-        If you see a message like this, STOP -- this may be a security
+        If a message is returned, **STOP**, this may be a security
         risk. Restart this section from the beginning. If the
         issue persists, try using a different USB drive or a different
         Setup Computer.
@@ -228,7 +228,8 @@ malware infection.
     defend against this.
     ">re-insert it</a>.
     3. Wait 10 seconds for the operating system to recognize the USB.
-    4.  
+    4. Change the terminal’s current working folder to the download folder,
+    customizing the folder name if necessary:
         ```
         $ cd $HOME/Downloads
         ```
@@ -245,9 +246,9 @@ malware infection.
         byte 1, line 1
         ```
         If you see a message like this, STOP -- this may be a security
-        risk. Restart this section from the beginning. If the issue
-        persists, try using a different USB drive or a different Setup
-        Computer.
+        risk. Restart the [Create the "SETUP 1 BOOT" USB](create-the-setup-1-boot-usb)
+        section from the beginning. If the issue persists, try using a
+        different USB drive or a different Setup Computer.
 
 ### Create the "Q1 BOOT" USB
 

From 51c99ddc0387c799338c56b1be1feb3add4263e2 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 19:06:08 +0000
Subject: [PATCH 112/190] Reword, restructure for readability

---
 _docs/setup/create-boot-usb.md | 56 +++++++++++++++-------------------
 1 file changed, 25 insertions(+), 31 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 87db32a..c0c94c3 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -254,38 +254,32 @@ malware infection.
 
 1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB.
     1. Reboot the computer.
-    2. Press your laptop's key sequence to bring up the boot device
-    selection menu. (Some PCs may offer a boot device selection menu;
-    see below.)
-        1. **PC**: Varies by manufacturer, but is often **F12** or **Del**. The
-        timing may vary as well; try pressing it when the boot logo appears.
-            1. On the recommended Dell laptop, press F12. You should see a
-            horizontal blue bar appear underneath the Dell logo.
-            2. The recommended Acer laptop does not have a boot menu. See
-            below for instructions.
-        2. **Mac**: When you hear the startup chime, **press and hold
-        Option (⌥)**.
-
-    3. Select the proper device to boot from.
-        1. **PC**: Varies by manufacturer; option will often say "USB"
-        and/or "UEFI".
-            1. On the recommended Dell laptop, select "USB1" under "UEFI
+    2. Alter the boot device:
+        * **PC with boot device selection menu**:
+            1. Depending on manufacturer, tap **"F12"** or **"Del"**. Timing
+            can also vary, try tapping when the boot logo appears. Pressing
+            "F12" on the recommended Dell laptop should produce a horizontal
+            blue bar below the Dell boot logo to indicate the selection menu
+            will appear.
+            2. Depending on manufacturer, option may say "USB" and/or "UEFI".
+            On the recommended Dell laptop, select "USB1" under "UEFI
             OPTIONS".
-            2. The recommended Acer laptop does not have a boot menu. See below
-            for instructions.
-        2. **Mac**: Click the "EFI Boot" option and then click the up
-        arrow underneath it.
-
-            You do not need to select a network at this time. If more than
-            one identical "EFI boot" option is shown, you may need to guess
-            and reboot if you pick the wrong one.
-
-    4. Some laptops don't have a boot device selection menu, and you need to go into the BIOS configuration and change the boot order so that the USB drive is first.
-        1. On the recommended Acer laptop:
-            1. Press F2 while booting to enter BIOS configuration.
-            2. Navigate to the Boot menu.
-            3. Select USB HDD, and press F6 until it is at the top of the list.
-            4. Press F10 to save and automatically reboot from the USB.
+        * **PC without boot device selection menu**:
+            Boot device selection must be set in the BIOS configuration by
+            putting the USB drive first in the boot order. Since specific
+            menus vary from manufacturer to manufacturer, details are only
+            offered for the recommended Acer laptop.
+            1. Press **"F2"** when the boot logo appears.
+            2. Navigate to the boot menu.
+            3. Select "USB HDD", and press "F6" until it moves to the top of the list.
+            4. Press "F10" to save and automatically reboot from the USB.
+        * **Mac**:
+            1. Press and hold **"Option"** (⌥) when the startup chime is heard.
+            2. Click the "EFI Boot" option and then click the up arrow below.
+            
+            Do not select a network at this time. If more than one identical
+            "EFI boot" option is shown, guess and repeat if boot is not
+            successful.
     5. If the computer boots into its regular OS rather than presenting you
     with a boot device or BIOS configuration screen, you probably pressed
     the wrong button, or waited too long.

From 113adbcde1357aedd5719c1932a244b6fde0f1c6 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 19:25:39 +0000
Subject: [PATCH 113/190] "OS" expanded to "operating system" for consistency

---
 _docs/setup/create-boot-usb.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index c0c94c3..52bd21a 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -20,12 +20,12 @@ the Setup Computers "SETUP 1" and "SETUP 2" *while booted from* a *Setup Boot US
 Technical details: The non-quarantined Setup Boot USB drives serve two purposes:
 
 * They greatly simplify the steps for creation of the Quarantined App USBs in the next
-section, because only an Ubuntu environment needs outlined. The Quarantined OS USBs
+section, because only an Ubuntu environment needs outlined. The Quarantined operating system USBs
 cannot be used for this since they are eternally quarantined and should be permanently
 unplugged from the Setup Computers the moment they are created.
-* Malware infection of a Setup Computer's default OS becomes more difficult. To
+* Malware infection of a Setup Computer's default operating system becomes more difficult. To
 undermine a Quarantined USB setup process, the malware would first have to propagate
-itself to the Non-Quarantined OS USB.
+itself to the Non-Quarantined operating system USB.
 
 ## On Setup Computer “SETUP 1”
 Open a copy of this document.

From e66996e70d4fdacc337696387bb9faf64c1a3c10 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 19:26:29 +0000
Subject: [PATCH 114/190] Reword, restructure

---
 _docs/setup/create-boot-usb.md | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 52bd21a..8c6d617 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -280,18 +280,17 @@ malware infection.
             Do not select a network at this time. If more than one identical
             "EFI boot" option is shown, guess and repeat if boot is not
             successful.
-    5. If the computer boots into its regular OS rather than presenting you
-    with a boot device or BIOS configuration screen, you probably pressed
-    the wrong button, or waited too long.
-        1. Hold down your laptop's power button for 10 seconds. (The
-            screen may turn black sooner than that; keep holding it down.)
-        2. Turn the laptop back on and try again. Spam the appropriate
-        button(s) repeatedly as it boots.
-        3. If the computer boots *immediately* to where it left off, you
-        probably didn't hold down the power button long enough.
-    6. You'll see a menu that says "GNU GRUB" at the top of the screen.
-    Select the option "Try Ubuntu without installing" and press Enter.
-    7. The computer should boot into the USB's Ubuntu desktop.
+
+        If, while trying to get into either the BIOS or boot device selection menu,
+        the computer boots into its regular operating system, the wrong button may have
+        been pressed, or not pressed soon enough. Hold down the power button for a full
+        ten seconds, even if the screen turns black sooner, and turn the computer back on.
+        Repeat this step, tapping the appropriate button(s) repeatedly as it boots. If
+        the computer boots *immediately* to where it left off, the power button was not
+        held down long enough and should be held down again.
+    3. On successful reboot, the "GNU GRUB" menu will appear. Select the option "Try
+    Ubuntu without installing" and press "Enter". The computer should boot into the USB's
+    Ubuntu desktop.
 
 2. Enable WiFi connectivity.
     1. Click the cone-shaped WiFi icon near the right side of the menu bar.

From 346c4ddde47df970bf495d0a99b1e7dcae2ea7f7 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sat, 24 Nov 2018 19:41:17 +0000
Subject: [PATCH 115/190] Reword

---
 _docs/setup/create-boot-usb.md | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 8c6d617..da6f6d1 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -292,23 +292,20 @@ malware infection.
     Ubuntu without installing" and press "Enter". The computer should boot into the USB's
     Ubuntu desktop.
 
-2. Enable WiFi connectivity.
+2. Enable WiFi connectivity. 
     1. Click the cone-shaped WiFi icon near the right side of the menu bar.
-    2. If the dropdown says "No network devices available" at the top, you need to enable your networking drivers:
-        1. Click on "System Settings". It's the gear-and-wrench icon along
-        the left side of the screen.
-        2. A System Settings window will appear. Click the "Software &
-        Updates" icon.
-        3. A Software & Updates window will appear. Click the "Additional
-        Drivers" tab.
-        4. In the Additional Drivers tab, you'll see a section for a
-        Wireless Network Adapter. In that section, "Do not use the device"
-        will be selected. Select any other option besides "Do not use the
-        device.""
+    2. If the dropdown says "No network devices available" at the top, networking drivers
+    need enabled:
+        1. Click on the gear-and-wrench icon along the left side of the screen to open
+        the system settings window.
+        2. Click the "Software & Updates" icon to open the Software & Updates window
+        3. Click the "Additional Drivers" tab.
+        4. Select any other option besides "Do not use the device" in the "Wireless
+        Network Adapter" section.
         5. Click "Apply Changes".
         6. Click the cone-shaped WiFi icon near the right side of the menu
         bar again. There should be a list of WiFi networks this time.
-    3. Select your WiFi network from the list and enter the password.
+    3. Select the relevant WiFi network from the list and enter the password.
 3. Repeat steps 1-6 using the "SETUP 1" computer to create the "Q1 BOOT" USB
 rather than the "SETUP 1 BOOT" USB.
     1. **The instruction to plug a Quarantined Boot USB into your Setup

From b6bf9700836df1e53c97619360901826b602a19e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 08:40:02 +0000
Subject: [PATCH 116/190] Typo

---
 _docs/setup/create-boot-usb.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index da6f6d1..bc2f7ae 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -193,9 +193,9 @@ malware infection.
 **Ubuntu**:
 1. If this is your first time using Ubuntu, note:
     1. You can copy-paste text in most applications (e.g. Firefox) by
-    pressing **Ctrl-C** or **Ctrl-V**.
+    pressing **Ctrl-C** and **Ctrl-V**.
     2. You can copy-paste text in a *terminal window* by pressing
-    **Ctrl-Shift-C** or **Ctrl-Shift-V**.
+    **Ctrl-Shift-C** and **Ctrl-Shift-V**.
 2. Put Ubuntu on the "SETUP BOOT 1" USB.
     1. Open the Ubuntu search console by clicking the purple
     circle/swirl icon in the upper-left corner of the screen.

From e78975cc7f3609525bf5a257cc28b996410f2b2d Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 08:48:58 +0000
Subject: [PATCH 117/190] Number removed - statement is a note, not a
 sequential operation

---
 _docs/setup/create-boot-usb.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index bc2f7ae..abb615d 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -191,12 +191,12 @@ malware infection.
         Setup Computer.
 
 **Ubuntu**:
-1. If this is your first time using Ubuntu, note:
-    1. You can copy-paste text in most applications (e.g. Firefox) by
-    pressing **Ctrl-C** and **Ctrl-V**.
-    2. You can copy-paste text in a *terminal window* by pressing
-    **Ctrl-Shift-C** and **Ctrl-Shift-V**.
-2. Put Ubuntu on the "SETUP BOOT 1" USB.
+
+Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcuts are
+**Ctrl-C** and **Ctrl-V** respectively, but, in a terminal window, the shortcuts are
+**Ctrl-Shift-C** and **Ctrl-Shift-V**.
+
+1. Put Ubuntu on the "SETUP BOOT 1" USB.
     1. Open the Ubuntu search console by clicking the purple
     circle/swirl icon in the upper-left corner of the screen.
     2. Type "startup disk creator" in the text box that appears
@@ -215,7 +215,7 @@ malware infection.
     7. Click "Make Startup Disk" and then click "Yes".
     8. Wait a few minutes for the copying process to complete.
 
-3. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or malware
+2. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or malware
     1. On your desktop, right-click the corresponding USB drive icon in
     your dock and select Eject from the pop-up menu.
     2. Remove the USB drive from the USB slot and immediately

From 3149ad5ad9d998998185082e4ec2008f6bf4f016 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:06:10 +0000
Subject: [PATCH 118/190] Typo

---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index abb615d..b4ea336 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -210,7 +210,7 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
         <pre>
         Generic Flash Disk (/dev/sda)
         Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
-    6. Select the line containing "SETUP 1 BOOT" USB.49 Make note of the
+    6. Select the line containing "SETUP 1 BOOT" USB Make note of the
     disk identifier (e.g. /dev/sdb).
     7. Click "Make Startup Disk" and then click "Yes".
     8. Wait a few minutes for the copying process to complete.

From 2e8d296ae5681a49cf9335414d5ddd1e76da79a5 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:10:08 +0000
Subject: [PATCH 119/190] Typo

---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index b4ea336..9471918 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -215,7 +215,7 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
     7. Click "Make Startup Disk" and then click "Yes".
     8. Wait a few minutes for the copying process to complete.
 
-2. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or malware
+2. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or malware)
     1. On your desktop, right-click the corresponding USB drive icon in
     your dock and select Eject from the pop-up menu.
     2. Remove the USB drive from the USB slot and immediately

From b3a28d37020f52aa00650cee01144df9bca4c7bb Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:11:51 +0000
Subject: [PATCH 120/190] Reword

---
 _docs/setup/create-boot-usb.md | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 9471918..b37df1b 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -196,22 +196,21 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
 **Ctrl-C** and **Ctrl-V** respectively, but, in a terminal window, the shortcuts are
 **Ctrl-Shift-C** and **Ctrl-Shift-V**.
 
-1. Put Ubuntu on the "SETUP BOOT 1" USB.
+1. Copy the Ubuntu image onto the “SETUP 1 BOOT” USB. 
     1. Open the Ubuntu search console by clicking the purple
     circle/swirl icon in the upper-left corner of the screen.
-    2. Type "startup disk creator" in the text box that appears
-    3. Click on the "Startup Disk Creator" icon that appears.
-    4. The "Source disc image" panel should show the.iso file you
-    downloaded. If it does not, click the "Other" button and find it
-    in the folder you downloaded it to.
-    5. In the "Disk to use" panel, you should see two lines. They may
-    vary from system to system, but each line will have a device
-    identifier in it, highlighted in the example below.
+    2. Type "startup disk creator" in the text box.
+    3. Click on the "Startup Disk Creator" icon.
+    4. The "Source disc image" panel should show the downloaded iso image file. If not,
+    click "Other" and manually locate the download folder.
+    5. The "Disk to use" panel should show two devices. The device descriptions may
+    vary from system to system, but each one will have a device
+    identifier, highlighted in the example below:
         <pre>
-        Generic Flash Disk (/dev/sda)
+        Generic Flash Disk (<span class="primary">/dev/sda</span>)
         Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
-    6. Select the line containing "SETUP 1 BOOT" USB Make note of the
-    disk identifier (e.g. /dev/sdb).
+    6. Select the "SETUP 1 BOOT" USB and make note of the disk identifier (e.g.
+    "/dev/sdb").
     7. Click "Make Startup Disk" and then click "Yes".
     8. Wait a few minutes for the copying process to complete.
 

From e152c953346e4a335a68a0df3cc233715d584eac Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:27:02 +0000
Subject: [PATCH 121/190] Step description added

---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index b37df1b..600b2ad 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -232,7 +232,7 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
         ```
         $ cd $HOME/Downloads
         ```
-    5.  
+    5. Compare the "SETUP 1 BOOT" USB drive to the verified image:
         <pre>
         $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier-here</span></pre>
     6. If prompted for a password, enter the computer's root password.

From 325052f8db8a8dfbfdfa24a3ccb71b24596e45bc Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:35:01 +0000
Subject: [PATCH 122/190] Reword in passive voice

---
 _docs/setup/create-boot-usb.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 600b2ad..c8f62f0 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -1,6 +1,6 @@
 ---
 title: Create boot USBs
-description: Learn how to prepare your USB drives for Glacier, the
+description: Learn how to prepare the USB drives for Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---
 
@@ -145,7 +145,7 @@ The program will take a few minutes to write the USB.
         $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
         </pre>
     2. Enter the following command, **making sure to use the correct
-    device identifier; <span style="color: red;">using the wrong one could overwrite your hard
+    device identifier; <span style="color: red;">using the wrong one could overwrite the hard
     drive!</span>**
         <pre>
         $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier-here</span> bs=1m

From a3ae81a9f3e1c32e38dc6a49eac43c81cc68a367 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:42:14 +0000
Subject: [PATCH 123/190] Reword, link added

---
 _docs/setup/create-boot-usb.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index c8f62f0..2871fed 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -185,10 +185,10 @@ malware infection.
         ubuntu-16.04.1-desktop-amd64.img.dmg /dev/disk2
         differ: byte 1, line 1
         ```
-        If a message is returned, **STOP**, this may be a security
-        risk. Restart this section from the beginning. If the
-        issue persists, try using a different USB drive or a different
-        Setup Computer.
+        If a message is returned, **STOP**. This may be a security
+        risk. Restart the [Create the "SETUP 1 BOOT" USB](create-the-setup-1-boot-usb)
+        section from the beginning. If the issue persists, try repeating with a
+        different USB drive or a different Setup Computer.
 
 **Ubuntu**:
 
@@ -244,7 +244,7 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
         ubuntu-16.04.1-desktop-amd64.iso /dev/sda differ:
         byte 1, line 1
         ```
-        If you see a message like this, STOP -- this may be a security
+        If a message is returned, **STOP**. This may be a security
         risk. Restart the [Create the "SETUP 1 BOOT" USB](create-the-setup-1-boot-usb)
         section from the beginning. If the issue persists, try using a
         different USB drive or a different Setup Computer.

From 7fabf57520c9e10b3a6b33c324ba080579031671 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:43:42 +0000
Subject: [PATCH 124/190] Reword, technical detail pulled into body

hardcopy reader should be able to see technical detail
---
 _docs/setup/create-boot-usb.md | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 2871fed..d9a9109 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -214,18 +214,17 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
     7. Click "Make Startup Disk" and then click "Yes".
     8. Wait a few minutes for the copying process to complete.
 
-2. Verify the integrity of the "SETUP 1 BOOT" USB (i.e. no errors or malware)
-    1. On your desktop, right-click the corresponding USB drive icon in
-    your dock and select Eject from the pop-up menu.
-    2. Remove the USB drive from the USB slot and immediately
-    <a href="#" class="popovers" data-toggle="popover" data-placement="top" title=""
-    data-content="
-    Technical details: In order to avoid detection, it's conceivable that malware
-    might wait until a USB drive is in the process of being ejected (and all
-    integrity checks presumably completed) before infecting the USB. Ejecting and
-    re-inserting the USB before integrity checking is a simple workaround to
-    defend against this.
-    ">re-insert it</a>.
+2. Verify the integrity of the “SETUP 1 BOOT” USB drive to prove the absence
+of errors or malware infection. 
+    1. On the desktop, right-click the USB drive icon corresponding to the
+    "SETUP 1 BOOT" USB drive, and select "Eject" from the pop-up menu.
+    2. Remove the USB drive from the USB slot and immediately re-insert it.
+
+        Technical details: In order to avoid detection, malware
+        may wait until a USB drive is in the process of ejecting (i.e. once all
+        integrity checks are completed) before infecting the USB. Ejecting and
+        re-inserting the USB before checking integrity is a simple defence against this.
+
     3. Wait 10 seconds for the operating system to recognize the USB.
     4. Change the terminal’s current working folder to the download folder,
     customizing the folder name if necessary:

From c940a497ee80feeaa32f95af39686819bc6f2f70 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:44:43 +0000
Subject: [PATCH 125/190] Reword, restructure

---
 _docs/setup/create-boot-usb.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index d9a9109..af35a2f 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -234,11 +234,10 @@ of errors or malware infection.
     5. Compare the "SETUP 1 BOOT" USB drive to the verified image:
         <pre>
         $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier-here</span></pre>
-    6. If prompted for a password, enter the computer's root password.
+    6. Enter the root password if requested.
     7. Wait a few minutes for the verification process to complete.
-    8. If all goes well, the command will output no data, returning to
-    your usual terminal prompt.
-    9. If there is an issue, you'll see a message like:
+    8. Successful verification will return to the terminal prompt, outputting no data.
+    Failure will return a message showing how the USB differs from the downloaded image, for example:
         ```
         ubuntu-16.04.1-desktop-amd64.iso /dev/sda differ:
         byte 1, line 1

From e12cd602e89e930b88c9491f6d5c4d7ad5d609e7 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 09:50:22 +0000
Subject: [PATCH 126/190] Reword, restructure, numbering changed to bullets for
 readability

points are not sequential steps
---
 _docs/setup/create-boot-usb.md | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index af35a2f..0b0ddc9 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -303,24 +303,21 @@ of errors or malware infection.
         6. Click the cone-shaped WiFi icon near the right side of the menu
         bar again. There should be a list of WiFi networks this time.
     3. Select the relevant WiFi network from the list and enter the password.
-3. Repeat steps 1-6 using the "SETUP 1" computer to create the "Q1 BOOT" USB
-rather than the "SETUP 1 BOOT" USB.
-    1. **The instruction to plug a Quarantined Boot USB into your Setup
-    computer should raise a red flag for you, because <span style="color: red;">you should never
-    plug a quarantined USB into anything other than the quarantined
-    computer it is designated for!</span>**
-
-        This setup process is the ONE exception.
-    2. Because you have booted the "SETUP 1" computer off the "SETUP 1 BOOT"
-    USB, you will follow the instructions for Ubuntu, even if your computer
+3. Repeat sections [Download and verify Ubuntu](/docs/setup/create-boot-usb/#download-and-verify-ubuntu),
+then [Create the “SETUP 1 BOOT” USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb),
+using the "SETUP 1" computer to create the "Q1 BOOT" USB rather than the "SETUP 1 BOOT" USB, taking note of the following:
+    * The instruction to plug a Quarantined Boot USB into the Setup
+    Computer should raise a red flag, because **<span style="color: red;">a quarantined USB drive should never be plugged into anything other than its designated quarantined computer!</span>**
+    This setup process is the **ONE** necessary exception.
+    * The "SETUP 1" computer will now boot from the "SETUP 1 BOOT" USB drive, meaning
+    the Linux instructions should be followed, even if the computer
     normally runs Windows or MacOS.
-    3. Immediately after you are finished executing steps 1-6 with the "Q1
-    BOOT" USB, remove the "Q1 BOOT" USB from the "SETUP 1" computer.
-        1. On your desktop, right-click the corresponding USB drive icon
-        in your dock and select Eject from the pop-up menu.
-        2. Remove the USB drive from the USB slot.
-    4. **The "Q1 BOOT" USB is now eternally quarantined. It should never again
-    be plugged into anything besides the "Q1" computer.**
+4. Immediately remove the "Q1 BOOT" USB drive from the "SETUP 1" computer:
+    1. On the desktop, right-click the USB drive icon corresponding to the
+    "SETUP 1 BOOT" USB drive, and select "Eject" from the pop-up menu.
+    2. Remove the "Q1 BOOT" USB drive from the USB slot.
+
+**The "Q1 BOOT" USB is now eternally quarantined and should only ever be plugged into the "Q1" computer.**
 
 ## On Setup Computer “SETUP 2”
 

From 00207c042bd5aebac15ca12aae4b80ffe884709d Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 11:32:19 +0000
Subject: [PATCH 127/190] Reworded for clarity

---
 _docs/setup/create-boot-usb.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 0b0ddc9..c75f10c 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -12,20 +12,20 @@ operating system, eliminating the use of the computer's hard drive in any way.
 In accordance with the [Prepare hardware](/docs/setup/prepare-hardware/#non-quarantined-hardware)
 section:
 * The Setup Boot USB drives, "SETUP 1 BOOT" and "SETUP 2 BOOT", will be prepared using
-the Setup Computers "SETUP 1" and "SETUP 2".
+the Setup Computers "SETUP 1" and "SETUP 2", respectively.
 * The Quarantined Boot USB drives, "Q1 BOOT" and "Q2 BOOT", will be prepared using
-the Setup Computers "SETUP 1" and "SETUP 2" *while booted from* a *Setup Boot USB*,
-“SETUP 1 BOOT” or “SETUP 2 BOOT”.
+the Setup Computers "SETUP 1" and "SETUP 2", *while booted from the Setup Boot USB drives*,
+“SETUP 1 BOOT” and “SETUP 2 BOOT”, respectively.
 
 Technical details: The non-quarantined Setup Boot USB drives serve two purposes:
 
-* They greatly simplify the steps for creation of the Quarantined App USBs in the next
-section, because only an Ubuntu environment needs outlined. The Quarantined operating system USBs
+* To greatly simplify the steps for creation of the Quarantined App USBs in the next
+section, since only operations on an Ubuntu environment need outlined. The Quarantined operating system USBs
 cannot be used for this since they are eternally quarantined and should be permanently
 unplugged from the Setup Computers the moment they are created.
-* Malware infection of a Setup Computer's default operating system becomes more difficult. To
-undermine a Quarantined USB setup process, the malware would first have to propagate
-itself to the Non-Quarantined operating system USB.
+* To reduce the risk of malware spreading from the native operating system of a
+Setup Computer to a Quarantined USB drive. The malware would first have to propagate itself
+to a Non-Quarantined "SETUP 1 BOOT" or "SETUP 2 BOOT" USB drive.
 
 ## On Setup Computer “SETUP 1”
 Open a copy of this document.

From 404b800160112ca9059d780da173bc43903e898e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 11:32:56 +0000
Subject: [PATCH 128/190] Re-linked for consistency and readability across html
 and pdf

---
 _docs/setup/create-boot-usb.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index c75f10c..05075be 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -32,9 +32,7 @@ Open a copy of this document.
 
 ### Download and verify Ubuntu
 
-1. Download Ubuntu from this link:
-
-    [http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.1-desktop-amd64.iso](http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.1-desktop-amd64.iso)
+1. Download [Ubuntu](http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.1-desktop-amd64.iso).
 
 2. Once the download is complete, open a terminal window:
 

From 48212276efea9d236993a77225df485a1a581f79 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 11:54:30 +0000
Subject: [PATCH 129/190] Colons used consistently preceding lists

---
 _docs/setup/create-boot-usb.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 05075be..ca105d7 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -114,12 +114,12 @@ from the downloads folder and click "Open".
 The program will take a few minutes to write the USB.
 
 **MacOS**:
-1. Prepare the Ubuntu download for copying to the USB.
+1. Prepare the Ubuntu download for copying to the USB:
     ```
     $ cd $HOME/Downloads
     $ hdiutil convert ubuntu-16.04.1-desktop-amd64.iso -format UDRW -o ubuntu-16.04.1-desktop-amd64.img
     ```
-2. Determine the MacOS "device identifier" for the Boot USB.
+2. Determine the MacOS "device identifier" for the Boot USB:
     1. List all disks and partitions:
     ```
     $ diskutil list
@@ -137,14 +137,14 @@ The program will take a few minutes to write the USB.
     6. Make a note of the device identifier, which is the part of the section header
     that comes before "(external, physical)", for example "/dev/disk2".
 
-3. Copy the Ubuntu image onto the "SETUP 1 BOOT" USB.
-    1. Unmount the USB drive
+3. Copy the Ubuntu image onto the "SETUP 1 BOOT" USB:
+    1. Unmount the USB drive:
         <pre>
         $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
         </pre>
     2. Enter the following command, **making sure to use the correct
     device identifier; <span style="color: red;">using the wrong one could overwrite the hard
-    drive!</span>**
+    drive!</span>**:
         <pre>
         $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier-here</span> bs=1m
         </pre>
@@ -158,7 +158,7 @@ The program will take a few minutes to write the USB.
     error box pop up. This is expected; click "Ignore".
 
 4. Verify the integrity of the "SETUP 1 BOOT" USB drive to prove the absence of errors or
-malware infection.
+malware infection:
     1. Remove the "SETUP 1 BOOT" USB drive from the USB slot and immediately reinsert it.
     2. Wait 10 seconds for the operating system to recognize the USB.
     3. The USB drive will, again, not be readable by MacOS, which may result in an
@@ -194,7 +194,7 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
 **Ctrl-C** and **Ctrl-V** respectively, but, in a terminal window, the shortcuts are
 **Ctrl-Shift-C** and **Ctrl-Shift-V**.
 
-1. Copy the Ubuntu image onto the “SETUP 1 BOOT” USB. 
+1. Copy the Ubuntu image onto the “SETUP 1 BOOT” USB:
     1. Open the Ubuntu search console by clicking the purple
     circle/swirl icon in the upper-left corner of the screen.
     2. Type "startup disk creator" in the text box.
@@ -213,7 +213,7 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
     8. Wait a few minutes for the copying process to complete.
 
 2. Verify the integrity of the “SETUP 1 BOOT” USB drive to prove the absence
-of errors or malware infection. 
+of errors or malware infection:
     1. On the desktop, right-click the USB drive icon corresponding to the
     "SETUP 1 BOOT" USB drive, and select "Eject" from the pop-up menu.
     2. Remove the USB drive from the USB slot and immediately re-insert it.
@@ -247,7 +247,7 @@ of errors or malware infection.
 
 ### Create the "Q1 BOOT" USB
 
-1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB.
+1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB:
     1. Reboot the computer.
     2. Alter the boot device:
         * **PC with boot device selection menu**:
@@ -287,7 +287,7 @@ of errors or malware infection.
     Ubuntu without installing" and press "Enter". The computer should boot into the USB's
     Ubuntu desktop.
 
-2. Enable WiFi connectivity. 
+2. Enable WiFi connectivity:
     1. Click the cone-shaped WiFi icon near the right side of the menu bar.
     2. If the dropdown says "No network devices available" at the top, networking drivers
     need enabled:

From 3019e0a7fde73979ebab10747f5758f6a24d2232 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 11:59:16 +0000
Subject: [PATCH 130/190] Restructure for clarity

---
 _docs/setup/create-boot-usb.md | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index ca105d7..96b5aba 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -250,6 +250,12 @@ of errors or malware infection:
 1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB:
     1. Reboot the computer.
     2. Alter the boot device:
+
+        If a boot device selection menu is not available, the boot device
+        must be set in the BIOS configuration by putting the USB drive
+        first in the boot order. Since specific menus vary from manufacturer
+        to manufacturer, details are only offered for the recommended Acer laptop.
+
         * **PC with boot device selection menu**:
             1. Depending on manufacturer, tap **"F12"** or **"Del"**. Timing
             can also vary, try tapping when the boot logo appears. Pressing
@@ -260,19 +266,14 @@ of errors or malware infection:
             On the recommended Dell laptop, select "USB1" under "UEFI
             OPTIONS".
         * **PC without boot device selection menu**:
-            Boot device selection must be set in the BIOS configuration by
-            putting the USB drive first in the boot order. Since specific
-            menus vary from manufacturer to manufacturer, details are only
-            offered for the recommended Acer laptop.
             1. Press **"F2"** when the boot logo appears.
             2. Navigate to the boot menu.
             3. Select "USB HDD", and press "F6" until it moves to the top of the list.
             4. Press "F10" to save and automatically reboot from the USB.
         * **Mac**:
             1. Press and hold **"Option"** (⌥) when the startup chime is heard.
-            2. Click the "EFI Boot" option and then click the up arrow below.
-            
-            Do not select a network at this time. If more than one identical
+            2. Click the "EFI Boot" option and then click the up arrow below. Do not
+            select a network at this time. If more than one identical
             "EFI boot" option is shown, guess and repeat if boot is not
             successful.
 

From f761f1906d94f60c44bd4d8422c6c7d08ccbf591 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 12:07:40 +0000
Subject: [PATCH 131/190] Reword for clarity

---
 _docs/setup/create-boot-usb.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 96b5aba..97f41bb 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -131,9 +131,8 @@ The program will take a few minutes to write the USB.
     $ diskutil list
     ```
     5. The output from the second `diskutil list` should include an additional
-    section that was not present in the first `diskutil list` . It will
-    contain "(external, physical)" in the header. The first line of the section's
-    "SIZE" column should reflect the capacity of the USB drive.
+    "(external, physical)" heading that was not present in the first `diskutil list`. 
+    The first line of the section's "SIZE" column should reflect the capacity of the USB drive.
     6. Make a note of the device identifier, which is the part of the section header
     that comes before "(external, physical)", for example "/dev/disk2".
 

From 1432ff7748e368bf0e6c0c7de5059ba20ed2795a Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 12:22:00 +0000
Subject: [PATCH 132/190] Highlighting error corrected

---
 _docs/setup/create-boot-usb.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 97f41bb..ed5a03e 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -172,9 +172,8 @@ malware infection:
         $ cd $HOME/Downloads
         ```
     6. Compare the "SETUP 1 BOOT" USB drive to the verified image:
-        ```
-        $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` USB-device-identifier-here
-        ```
+        <pre>
+        $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` <span class="primary">USB-device-identifier-here</span></pre>
     7. Wait a few minutes for the verification process to complete.
     8. Successful verification will return to the terminal prompt, outputting no data.
     Failure will return a message showing how the USB differs from the downloaded image, for example:

From a5ee6969ae37f57c3bfff0ee1690d8aa108df9eb Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 12:23:21 +0000
Subject: [PATCH 133/190] Device identifiers simplified

Explanation and highlighting added
---
 _docs/setup/create-boot-usb.md | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index ed5a03e..1d2d936 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -134,18 +134,19 @@ The program will take a few minutes to write the USB.
     "(external, physical)" heading that was not present in the first `diskutil list`. 
     The first line of the section's "SIZE" column should reflect the capacity of the USB drive.
     6. Make a note of the device identifier, which is the part of the section header
-    that comes before "(external, physical)", for example "/dev/disk2".
+    that comes before "(external, physical)", for example "/dev/disk2". This will be referred
+    to as <span class="primary">USB-device-identifier</span> in the coming steps.
 
 3. Copy the Ubuntu image onto the "SETUP 1 BOOT" USB:
     1. Unmount the USB drive:
         <pre>
-        $ diskutil unmountDisk <span class="primary">USB-device-identifier-here</span>
+        $ diskutil unmountDisk <span class="primary">USB-device-identifier</span>
         </pre>
     2. Enter the following command, **making sure to use the correct
     device identifier; <span style="color: red;">using the wrong one could overwrite the hard
     drive!</span>**:
         <pre>
-        $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier-here</span> bs=1m
+        $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier</span> bs=1m
         </pre>
         Example:
         ```
@@ -173,7 +174,7 @@ malware infection:
         ```
     6. Compare the "SETUP 1 BOOT" USB drive to the verified image:
         <pre>
-        $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` <span class="primary">USB-device-identifier-here</span></pre>
+        $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` <span class="primary">USB-device-identifier</span></pre>
     7. Wait a few minutes for the verification process to complete.
     8. Successful verification will return to the terminal prompt, outputting no data.
     Failure will return a message showing how the USB differs from the downloaded image, for example:
@@ -206,7 +207,8 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
         Generic Flash Disk (<span class="primary">/dev/sda</span>)
         Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
     6. Select the "SETUP 1 BOOT" USB and make note of the disk identifier (e.g.
-    "/dev/sdb").
+    "/dev/sdb"). This will be referred to as 
+    <span class="primary">USB-device-identifier</span> in the coming steps.
     7. Click "Make Startup Disk" and then click "Yes".
     8. Wait a few minutes for the copying process to complete.
 
@@ -229,7 +231,7 @@ of errors or malware infection:
         ```
     5. Compare the "SETUP 1 BOOT" USB drive to the verified image:
         <pre>
-        $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier-here</span></pre>
+        $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier</span></pre>
     6. Enter the root password if requested.
     7. Wait a few minutes for the verification process to complete.
     8. Successful verification will return to the terminal prompt, outputting no data.

From 1f4299d625d176c7d25802fbcfa0edbfb1a93e19 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 13:45:00 +0000
Subject: [PATCH 134/190] HTML tags corrected to apply external css properly

Was causing code not to wrap in pdf generation
---
 _docs/before-you-start/structure.md          |  7 +++----
 _docs/deposit/generate-cold-storage-data.md  | 10 ++++------
 _docs/setup/create-app-usb.md                |  5 ++---
 _docs/setup/create-boot-usb.md               | 19 ++++++-------------
 _docs/setup/verify.md                        |  5 ++---
 _docs/withdrawal/preparation.md              |  4 ++--
 _docs/withdrawal/transaction-construction.md |  8 +++-----
 7 files changed, 22 insertions(+), 36 deletions(-)

diff --git a/_docs/before-you-start/structure.md b/_docs/before-you-start/structure.md
index 5fd2416..d862e54 100644
--- a/_docs/before-you-start/structure.md
+++ b/_docs/before-you-start/structure.md
@@ -83,11 +83,10 @@ line. Proceed carefully.
 
 Commands requiring user-specific information will be highlighted like this:
 
-<pre>
-$ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier-here</span> bs=1m
-</pre>
+<pre><code>$ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier</span> bs=1m
+</code></pre>
 
-This is because the USB device identifier will vary from installation to installation. In this example, the user is expected to replace the <span class="primary">USB-device-identifier-here</span> with the USB device identifier particular to the local machine:
+This is because the USB device identifier will vary from installation to installation. In this example, the user is expected to replace the <span class="primary">USB-device-identifier</span> with the USB device identifier particular to the local machine:
 ```
 $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=/dev/disk2 bs=1m
 ```
diff --git a/_docs/deposit/generate-cold-storage-data.md b/_docs/deposit/generate-cold-storage-data.md
index 3e9636d..48adce3 100644
--- a/_docs/deposit/generate-cold-storage-data.md
+++ b/_docs/deposit/generate-cold-storage-data.md
@@ -77,9 +77,8 @@ prepare your quarantined workspace.
         3. **On the Q1 computer** enter the following command. You'll need to supply
         the number of keys required for your multisignature withdrawal policy
         (4 by default).
-           <pre>
-           $ ./glacierscript.py entropy --num-keys <span class="primary">number-of-keys-here</span>
-           </pre>
+           <pre><code>$ ./glacierscript.py entropy --num-keys <span class="primary">number-of-keys-here</span>
+           </code></pre>
 
            Example:
            ```
@@ -104,10 +103,9 @@ prepare your quarantined workspace.
 
            In the command below, you'll need to specify the number of keys required
            by your multisignature withdrawal policy.
-           <pre>
-           $ ./glacierscript.py create-deposit-data -m <span class="primary">required-keys</span> \
+           <pre><code>$ ./glacierscript.py create-deposit-data -m <span class="primary">required-keys</span> \
            -n <span class="primary">total-keys</span>
-           </pre>
+           </code></pre>
 
            For example, for a 2-of-4 withdrawal policy:
            ```
diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 25f8609..5d4371c 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -74,13 +74,12 @@ already. (See the instructions in Section III for details.)
            ```
            Expected output (timestamp will vary, but
            e-mail and fingerprint should match):
-           <pre>
-           <span style="font-size: 10px;">gpg: Signature made Thu Jan 19 13:45:48 2017 PST using RSA key ID 4B43EAB0
+           <pre><code><span style="font-size: 10px;">gpg: Signature made Thu Jan 19 13:45:48 2017 PST using RSA key ID 4B43EAB0
            gpg: Good signature from "Glacier Team <contact@glacierprotocol.org>"
            gpg: WARNING: This key is not certified with a trusted signature!
            gpg: There is no indication that the signature belongs to the owner.
            Primary key fingerprint: E1AA EBB7 AC90 C1FE 80F0 1034 9D1B 7F53 4B43</span>
-           </pre>
+           </code></pre>
 
            The warning message is expected, and is not cause for alarm.
 
diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 1d2d936..7d7c239 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -139,15 +139,11 @@ The program will take a few minutes to write the USB.
 
 3. Copy the Ubuntu image onto the "SETUP 1 BOOT" USB:
     1. Unmount the USB drive:
-        <pre>
-        $ diskutil unmountDisk <span class="primary">USB-device-identifier</span>
-        </pre>
+        <pre><code>$ diskutil unmountDisk <span class="primary">USB-device-identifier</span></code></pre>
     2. Enter the following command, **making sure to use the correct
     device identifier; <span style="color: red;">using the wrong one could overwrite the hard
     drive!</span>**:
-        <pre>
-        $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier</span> bs=1m
-        </pre>
+        <pre><code>$ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=<span class="primary">USB-device-identifier</span> bs=1m</code></pre>
         Example:
         ```
         $ sudo dd if=ubuntu-16.04.1-desktop-amd64.img.dmg of=/dev/disk2 bs=1m
@@ -173,8 +169,7 @@ malware infection:
         $ cd $HOME/Downloads
         ```
     6. Compare the "SETUP 1 BOOT" USB drive to the verified image:
-        <pre>
-        $ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` <span class="primary">USB-device-identifier</span></pre>
+        <pre><code>$ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` <span class="primary">USB-device-identifier</span></code></pre>
     7. Wait a few minutes for the verification process to complete.
     8. Successful verification will return to the terminal prompt, outputting no data.
     Failure will return a message showing how the USB differs from the downloaded image, for example:
@@ -203,9 +198,8 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
     5. The "Disk to use" panel should show two devices. The device descriptions may
     vary from system to system, but each one will have a device
     identifier, highlighted in the example below:
-        <pre>
-        Generic Flash Disk (<span class="primary">/dev/sda</span>)
-        Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</pre>
+        <pre><code> Generic Flash Disk (<span class="primary">/dev/sda</span>)
+    Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</code></pre>
     6. Select the "SETUP 1 BOOT" USB and make note of the disk identifier (e.g.
     "/dev/sdb"). This will be referred to as 
     <span class="primary">USB-device-identifier</span> in the coming steps.
@@ -230,8 +224,7 @@ of errors or malware infection:
         $ cd $HOME/Downloads
         ```
     5. Compare the "SETUP 1 BOOT" USB drive to the verified image:
-        <pre>
-        $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier</span></pre>
+        <pre><code>$ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso` ubuntu-16.04.1-desktop-amd64.iso <span class="primary">USB-device-identifier</span></code></pre>
     6. Enter the root password if requested.
     7. Wait a few minutes for the verification process to complete.
     8. Successful verification will return to the terminal prompt, outputting no data.
diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 0435343..812de1e 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -108,13 +108,12 @@ entry.
        $ gpg --verify SHA256SUMS.sig SHA256SUMS
        ```
        Expected output (timestamp will vary, but e-mail and fingerprint should match):
-       <pre>
-       <span style="font-size: 10px;">gpg: Signature made Fri Feb 10 22:23:45 2017 PST using RSA key ID 4B43EAB0
+       <pre><code><span style="font-size: 10px;">gpg: Signature made Fri Feb 10 22:23:45 2017 PST using RSA key ID 4B43EAB0
        gpg: Good signature from "Glacier Team <contact@glacierprotocol.org>"
        gpg: WARNING: This key is not certified with a trusted signature!
        gpg:          There is no indication that the signature belongs to the owner.
        Primary key fingerprint: E1AA EBB7 AC90 C1FE 80F0  1034 9D1B 7F53 4B43 EAB0</span>
-       </pre>
+       </code></pre>
        The warning message is expected, and is not cause for alarm.
 
        Technical details:
diff --git a/_docs/withdrawal/preparation.md b/_docs/withdrawal/preparation.md
index a1a54f8..6ef8788 100644
--- a/_docs/withdrawal/preparation.md
+++ b/_docs/withdrawal/preparation.md
@@ -65,13 +65,13 @@ to withdraw.
            [https://blockchain.info/tx/<span class="primary">transaction-id-here</span>?format=hex](https://blockchain.info/tx/transaction-id-here?format=hex)
 
            Example page contents:
-           <pre><span class="warning">01000000016847105309a8604c7e4f5773d0a16c45248acce057dab62e
+           <pre><code><span class="warning">01000000016847105309a8604c7e4f5773d0a16c45248acce057dab62e
            db0fedc2810d49a4010000006b48304502210093e6b4154d42c1bba27c
            548a80488673967be32c8de2f11e01a1402a5500e13302203e20874e5d
            0af516c902d3b600ee94571a7ce68a14a384dc05d4346e1009fe000121
            039fd6f25c87f183260c1d4a3a3ae33a2c06414db4c40d0c2ab76a7192
            1fef0939ffffffff01e0930400000000001976a914e770a7c13f977478
-           3e80607f40be4547780315b688ac00000000</span></pre>
+           3e80607f40be4547780315b688ac00000000</span></code></pre>
 
    2. This entire page be referred to as a
    **<span class="warning">raw unspent transaction</span>**.
diff --git a/_docs/withdrawal/transaction-construction.md b/_docs/withdrawal/transaction-construction.md
index c5bd010..f154755 100644
--- a/_docs/withdrawal/transaction-construction.md
+++ b/_docs/withdrawal/transaction-construction.md
@@ -27,8 +27,7 @@ to prepare your quarantined workspace.
             feed, it has been successfully read.
             3. Verify the decoded QR code is shown in the terminal window.
                 Example:
-                <pre>
-                QR-Code:<span class="warning" style="white-space: pre-wrap;">51410421167f7dac2a159bc3957e3498bb6a7c2f16874bf1fbbe5b523b3632d2c0c43f1b491f6f2f449ae45c9b0716329c0c2dbe09f3e5d4e9fb6843af083e222a70a441043704eafafd73f1c32fafe10837a69731b93c0179fa268fc325bdc08f3bb3056b002eac4fa58c520cc3f0041a097232afbe002037edd5ebdab2e493f18ef19e9052ae</span></pre>
+                <pre><code>QR-Code:<span class="warning" style="white-space: pre-wrap;">51410421167f7dac2a159bc3957e3498bb6a7c2f16874bf1fbbe5b523b3632d2c0c43f1b491f6f2f449ae45c9b0716329c0c2dbe09f3e5d4e9fb6843af083e222a70a441043704eafafd73f1c32fafe10837a69731b93c0179fa268fc325bdc08f3bb3056b002eac4fa58c520cc3f0041a097232afbe002037edd5ebdab2e493f18ef19e9052ae</span></code></pre>
             4. Copy-paste the decoded data (everything *after*, but not
             including, "QR-code:") into the Quarantined Scratchpad.
             5. Make a note of what the data is, based on your handwritten
@@ -84,8 +83,7 @@ to prepare your quarantined workspace.
     9. The script will output a "raw signed transaction" and a *fingerprint* of the signed transaction for verification purposes.
 
         Example output:
-        <pre>
-        Sufficient private keys to execute transaction?
+        <pre><code>Sufficient private keys to execute transaction?
         True
 
         Raw signed transaction (hex): <span class="warning" style="white-space: pre-wrap;">01000000013cd6b24735801ad3d04c40e6da3404278b0d38dbc896df6ae50bf11c3043a49600000000fda001004730440220199d247cd11c14fa4960a52467e69ca6b77596e94c14f27ba956315f2d1c852302201b6f41ecfc62a1a7c7a423425ab150301cfffc47c1a78a5bf13b8232f767e41301483045022100e7ae7e5a77da47d5e622f974683a43d312e72a1eed329d4fdbd8fba2c22f84b4022050358fb63cf182e81905417d6e38a2981563495dd00c3177ee650ff7cd2d511a014d0b01524104fe0fcd054a31130749467f07e272426f7dd7a3029ab5b076d7285a931bd131d34ed9f28b2cc2fe266aa62c4cada3e82b70a4416966902201c4d73759f7f0425e41044f2ec9f80ef2c4f385f3d27b6167f77236de63548723ba1c90a324f4ec46dfd14a2fba5a9c048a5ec310aedfe875d8a254f336e8f7d5d17338d9451dc6f2188c4104aefb86098442adc6c3dffd9b0e27fe8e918462469a5ec5363e26920f09facea70b63e4f4d2736089286d4dd2352ca65016e7d593f105009f9a35c03a2464aa20410451e7f31ea2f5cb14ba76ca20952c1d453fe3a85959ebbefee8912ad6f74c443a03e52ef8a842f890f1ab2d69c6bb418e6de0f15bef944be2883887be3bb75cc054aeffffffff0194960700000000001976a914c018da1cb43c5d7b9e7757805ee78709f8a61ede88ac00000000</span>
@@ -93,7 +91,7 @@ to prepare your quarantined workspace.
         Transaction fingerprint (md5):
         <span class="warning">c49c366908296ae12478539d29fb4146</span>
 
-        QR code for transaction in transaction.png</pre>
+        QR code for transaction in transaction.png</code></pre>
 
 3. Verify transaction construction
     1. **On the Q2 computer**, repeat step 2 above.

From bd0c7a210ee7c3746bebc9813105e6ed9ce11bf1 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 14:33:57 +0000
Subject: [PATCH 135/190] Operating system changed for consistency

Ubuntu to Linux
---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 7d7c239..5c73e81 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -182,7 +182,7 @@ malware infection:
         section from the beginning. If the issue persists, try repeating with a
         different USB drive or a different Setup Computer.
 
-**Ubuntu**:
+**Linux**:
 
 Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcuts are
 **Ctrl-C** and **Ctrl-V** respectively, but, in a terminal window, the shortcuts are

From d3bbac4edcc60aee7e2960b9c9cb31a84814bb3c Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 14:36:39 +0000
Subject: [PATCH 136/190] Keypresses highlighted consistently

bold to quotations
---
 _docs/setup/create-boot-usb.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 5c73e81..89a2c27 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -185,8 +185,8 @@ malware infection:
 **Linux**:
 
 Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcuts are
-**Ctrl-C** and **Ctrl-V** respectively, but, in a terminal window, the shortcuts are
-**Ctrl-Shift-C** and **Ctrl-Shift-V**.
+"Ctrl-C" and "Ctrl-V" respectively, but, in a terminal window, the shortcuts are
+"Ctrl-Shift-C" and "Ctrl-Shift-V".
 
 1. Copy the Ubuntu image onto the “SETUP 1 BOOT” USB:
     1. Open the Ubuntu search console by clicking the purple

From 1866648149b36d2a54e094a417419b99dae4cc66 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 14:52:05 +0000
Subject: [PATCH 137/190] Key highlighting made consistent

Quoted, not bold
---
 _docs/setup/create-boot-usb.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 89a2c27..006e823 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -250,7 +250,7 @@ of errors or malware infection:
         to manufacturer, details are only offered for the recommended Acer laptop.
 
         * **PC with boot device selection menu**:
-            1. Depending on manufacturer, tap **"F12"** or **"Del"**. Timing
+            1. Depending on manufacturer, tap "F12" or "Del". Timing
             can also vary, try tapping when the boot logo appears. Pressing
             "F12" on the recommended Dell laptop should produce a horizontal
             blue bar below the Dell boot logo to indicate the selection menu
@@ -259,12 +259,12 @@ of errors or malware infection:
             On the recommended Dell laptop, select "USB1" under "UEFI
             OPTIONS".
         * **PC without boot device selection menu**:
-            1. Press **"F2"** when the boot logo appears.
+            1. Press "F2" when the boot logo appears.
             2. Navigate to the boot menu.
             3. Select "USB HDD", and press "F6" until it moves to the top of the list.
             4. Press "F10" to save and automatically reboot from the USB.
         * **Mac**:
-            1. Press and hold **"Option"** (⌥) when the startup chime is heard.
+            1. Press and hold "Option" (⌥) when the startup chime is heard.
             2. Click the "EFI Boot" option and then click the up arrow below. Do not
             select a network at this time. If more than one identical
             "EFI boot" option is shown, guess and repeat if boot is not

From b68bd9bb8caeb8417f034c7d59b400595ed70aea Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Sun, 25 Nov 2018 17:23:22 +0000
Subject: [PATCH 138/190] Reword for simplification

---
 _docs/setup/create-boot-usb.md | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 006e823..2af9bc3 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -295,14 +295,16 @@ of errors or malware infection:
         6. Click the cone-shaped WiFi icon near the right side of the menu
         bar again. There should be a list of WiFi networks this time.
     3. Select the relevant WiFi network from the list and enter the password.
-3. Repeat sections [Download and verify Ubuntu](/docs/setup/create-boot-usb/#download-and-verify-ubuntu),
-then [Create the “SETUP 1 BOOT” USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb),
-using the "SETUP 1" computer to create the "Q1 BOOT" USB rather than the "SETUP 1 BOOT" USB, taking note of the following:
+3. Create the "Q1 BOOT" USB by repeating the
+[Download and verify Ubuntu](/docs/setup/create-boot-usb/#download-and-verify-ubuntu) and 
+[Create the “SETUP 1 BOOT” USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb)
+sections, replacing each occurance of "SETUP 1 BOOT" USB with "Q1 BOOT" USB. Also
+take note of the following:
     * The instruction to plug a Quarantined Boot USB into the Setup
     Computer should raise a red flag, because **<span style="color: red;">a quarantined USB drive should never be plugged into anything other than its designated quarantined computer!</span>**
     This setup process is the **ONE** necessary exception.
-    * The "SETUP 1" computer will now boot from the "SETUP 1 BOOT" USB drive, meaning
-    the Linux instructions should be followed, even if the computer
+    * The "SETUP 1" computer should boot from the "SETUP 1 BOOT" USB drive this time, meaning
+    the Linux instructions are to be followed, even if the computer
     normally runs Windows or MacOS.
 4. Immediately remove the "Q1 BOOT" USB drive from the "SETUP 1" computer:
     1. On the desktop, right-click the USB drive icon corresponding to the
@@ -315,10 +317,15 @@ using the "SETUP 1" computer to create the "Q1 BOOT" USB rather than the "SETUP
 
 ### Create the "SETUP 2 BOOT" USB
 
-1. Repeat steps in the [Create the "SETUP 1 BOOT" USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb)
-section above, using the "SETUP 2" computer and the "SETUP 2 BOOT" USB.
+Create the "SETUP 2 BOOT" USB by repeating the 
+[Download and verify Ubuntu](/docs/setup/create-boot-usb/#download-and-verify-ubuntu) and
+[Create the "SETUP 1 BOOT" USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb)
+sections, replacing occurances of "SETUP 1" computer and "SETUP 1 BOOT" USB with
+"SETUP 2" computer and "SETUP 2 BOOT" USB, respectively.
 
 ### Create the "Q2 BOOT" USB
 
-1. Repeat steps in the [Create the "Q1 BOOT" USB](/docs/setup/create-boot-usb/#create-the-q1-boot-usb)
-section above, using the "SETUP 2" computer and the "Q2 BOOT" USB.
\ No newline at end of file
+Create the "Q2 BOOT" USB by repeating the 
+[Create the "Q1 BOOT" USB](/docs/setup/create-boot-usb/#create-the-q1-boot-usb)
+section, replacing occurances of "SETUP 1" computer, "SETUP 1 BOOT" USB and "Q1 BOOT" USB with
+"SETUP 2" computer, "SETUP 2 BOOT" USB and "Q2 BOOT" USB, respectively.
\ No newline at end of file

From 7107d43841027da7458040c354c4c82a9593f5e9 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 10:04:18 +0000
Subject: [PATCH 139/190] Contractions removed, "USB" expanded to "USB drive"

---
 .../attack-surface.md                         | 24 +++---
 _docs/setup/create-boot-usb.md                | 84 +++++++++----------
 _docs/setup/prepare-hardware.md               |  4 +-
 _docs/setup/verify.md                         |  8 +-
 4 files changed, 60 insertions(+), 60 deletions(-)

diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index 86bae35..325e9b1 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -30,27 +30,27 @@ Glacier relies on the following packages and their dependencies:
 * zbar-tools (via Ubuntu Package Archive)
 * qrencode (via Ubuntu Package Archive)
 
-An infected Setup Computer could infect the Setup USB software, which could infect the
-Quarantined USB software. This could produce false positives during the checksum
+An infected Setup Computer could infect the Setup USB drive software, which could infect the
+Quarantined USB drive software. This could produce false positives during the checksum
 verification process or alter the display of the verification process results. Verifying
 the integrity of GnuPG requires access to a trusted installation of GnuPG, which many
 users won't have. The current recommendation is to trust the downloaded version of GnuPG.
 
-An infected Setup Computer could infect the operating system or application USB software
+An infected Setup Computer could infect the operating system or application USB drive software
 AFTER checksum verification produces a true positive, either before/during copying of
-software to the USB, or during USB ejection.
+software to the USB drive, or during USB ejection.
 
 ### Firmware
 
-An infected Setup Computer could infect the Setup Boot USB firmware, which could infect
-the Quarantined Boot/App USB.
+An infected Setup Computer could infect the Setup Boot USB drive firmware, which could infect
+the Quarantined Boot/App USB drive.
 
-A laptop or USB firmware could have been infected at any point between manufacture and
+A laptop or USB drive firmware could have been infected at any point between manufacture and
 delivery, before being shrinkwrapped.
 
 ### Hardware
 
-A laptop or USB hardware could have been infected at any point between manufacture and
+A laptop or USB drive hardware could have been infected at any point between manufacture and
 delivery, before being shrinkwrapped. "Malware" usually refers to software, but we're
 using it here more broadly to mean "computing technology which undermines the integrity
 of the computing environment in which it resides.", as in a 
@@ -107,7 +107,7 @@ networked or attacker-controlled device in range then steals the data. Possibili
 * Two paper keys are stolen by an attacker
 * All (or all but one) paper keys are lost or destroyed
 * An attacker with physical line-of-sight to the laptop takes a photo of the screen while sensitive data is displayed
-* Malware on the quarantined machines writes sensitive data to persistent media (USB or laptop hard drive) AND the hardware is physically stolen afterward
+* Malware on the quarantined machines writes sensitive data to persistent media (USB drive or laptop hard drive) AND the hardware is physically stolen afterward
 
 ### Glacier protocol failures
 
@@ -132,10 +132,10 @@ signature. This is exceedingly unlikely, due to Keybase's key verification syste
 * The protocol document begins with document self-verification on one Setup
 Computer. However, it does not guide the user through self-verification on the second
 Setup Computer. Nor does it have the user re-verify the document when they first boot
-into Ubuntu on the Setup Computers to create the Quarantined Boot USBs. If the
-portion of the protocol document related to creating the Quarantined Boot USBs had been
+into Ubuntu on the Setup Computers to create the Quarantined Boot USB drives. If the
+portion of the protocol document related to creating the Quarantined Boot USB drives had been
 compromised between the initial self-validation and the later re-validation, when
-creating the Quarantined App USBs, the user would probably not notice, even without
+creating the Quarantined App USB drives, the user would probably not notice, even without
 a forged signature.
 * The protocol hardcopy could be compromised. For example, malware could alter the
 hardcopy as it is printed)
diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 2af9bc3..752d363 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -1,5 +1,5 @@
 ---
-title: Create boot USBs
+title: Create boot USB drives
 description: Learn how to prepare the USB drives for Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---
@@ -19,8 +19,8 @@ the Setup Computers "SETUP 1" and "SETUP 2", *while booted from the Setup Boot U
 
 Technical details: The non-quarantined Setup Boot USB drives serve two purposes:
 
-* To greatly simplify the steps for creation of the Quarantined App USBs in the next
-section, since only operations on an Ubuntu environment need outlined. The Quarantined operating system USBs
+* To greatly simplify the steps for creation of the Quarantined App USB drives in the next
+section, since only operations on an Ubuntu environment need outlined. The Quarantined Boot USB drives
 cannot be used for this since they are eternally quarantined and should be permanently
 unplugged from the Setup Computers the moment they are created.
 * To reduce the risk of malware spreading from the native operating system of a
@@ -85,8 +85,8 @@ Open a copy of this document.
 
         Alternatively, follow [Ubuntu's official full verification process](https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#0).
 
-        It's not important to check every single character when visually
-        verifying a fingerprint. It's sufficient to check the **first 8
+        It is not important to check every single character when visually
+        verifying a fingerprint. It is sufficient to check the **first 8
         characters, last 8 characters, and a few somewhere in the middle.**
 
         Technical details: The GPG verification of some fingerprints in the 
@@ -94,7 +94,7 @@ Open a copy of this document.
         signatures for this document were verified in the [Verify and print protocol document](/docs/setup/verify/#document-verification) section. For a detailed
         security analysis, see the [design document](/docs/design-doc/overview).
 
-### Create the "SETUP 1 BOOT" USB
+### Create the "SETUP 1 BOOT" USB drive
 
 **Windows**:
 1. Download and run [Rufus disk utility](https://rufus.akeo.ie/).
@@ -111,21 +111,21 @@ from the downloads folder and click "Open".
 9. When asked to write in "ISO Image Mode (Recommended)" or
 "DD Image Mode", select "ISO Image Mode" and press "OK".
 
-The program will take a few minutes to write the USB.
+The program will take a few minutes to write the USB drive.
 
 **MacOS**:
-1. Prepare the Ubuntu download for copying to the USB:
+1. Prepare the Ubuntu download for copying to the USB drive:
     ```
     $ cd $HOME/Downloads
     $ hdiutil convert ubuntu-16.04.1-desktop-amd64.iso -format UDRW -o ubuntu-16.04.1-desktop-amd64.img
     ```
-2. Determine the MacOS "device identifier" for the Boot USB:
+2. Determine the MacOS "device identifier" for the Boot USB drive:
     1. List all disks and partitions:
     ```
     $ diskutil list
     ```
-    2. Insert the "SETUP 1 BOOT" USB in an empty USB slot.
-    3. Wait 10 seconds for the operating system to recognize the USB.
+    2. Insert the "SETUP 1 BOOT" USB drive in an empty USB slot.
+    3. Wait 10 seconds for the operating system to recognize the USB drive.
     4. List all disks and partitions again:
     ```
     $ diskutil list
@@ -137,7 +137,7 @@ The program will take a few minutes to write the USB.
     that comes before "(external, physical)", for example "/dev/disk2". This will be referred
     to as <span class="primary">USB-device-identifier</span> in the coming steps.
 
-3. Copy the Ubuntu image onto the "SETUP 1 BOOT" USB:
+3. Copy the Ubuntu image onto the "SETUP 1 BOOT" USB drive:
     1. Unmount the USB drive:
         <pre><code>$ diskutil unmountDisk <span class="primary">USB-device-identifier</span></code></pre>
     2. Enter the following command, **making sure to use the correct
@@ -156,10 +156,10 @@ The program will take a few minutes to write the USB.
 4. Verify the integrity of the "SETUP 1 BOOT" USB drive to prove the absence of errors or
 malware infection:
     1. Remove the "SETUP 1 BOOT" USB drive from the USB slot and immediately reinsert it.
-    2. Wait 10 seconds for the operating system to recognize the USB.
+    2. Wait 10 seconds for the operating system to recognize the USB drive.
     3. The USB drive will, again, not be readable by MacOS, which may result in an
     error box pop up. This is expected; click "Ignore".
-    4. The USB's device identifier may have changed. List all disks and partitions again:
+    4. The USB drive's device identifier may have changed. List all disks and partitions again:
         ```
         $ diskutil list
         ```
@@ -172,13 +172,13 @@ malware infection:
         <pre><code>$ sudo cmp -n `stat -f '%z' ubuntu-16.04.1-desktop-amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg` <span class="primary">USB-device-identifier</span></code></pre>
     7. Wait a few minutes for the verification process to complete.
     8. Successful verification will return to the terminal prompt, outputting no data.
-    Failure will return a message showing how the USB differs from the downloaded image, for example:
+    Failure will return a message showing how the USB drive differs from the downloaded image, for example:
         ```
         ubuntu-16.04.1-desktop-amd64.img.dmg /dev/disk2
         differ: byte 1, line 1
         ```
         If a message is returned, **STOP**. This may be a security
-        risk. Restart the [Create the "SETUP 1 BOOT" USB](create-the-setup-1-boot-usb)
+        risk. Restart the [Create the "SETUP 1 BOOT" USB drive](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
         section from the beginning. If the issue persists, try repeating with a
         different USB drive or a different Setup Computer.
 
@@ -188,7 +188,7 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
 "Ctrl-C" and "Ctrl-V" respectively, but, in a terminal window, the shortcuts are
 "Ctrl-Shift-C" and "Ctrl-Shift-V".
 
-1. Copy the Ubuntu image onto the “SETUP 1 BOOT” USB:
+1. Copy the Ubuntu image onto the “SETUP 1 BOOT” USB drive:
     1. Open the Ubuntu search console by clicking the purple
     circle/swirl icon in the upper-left corner of the screen.
     2. Type "startup disk creator" in the text box.
@@ -200,7 +200,7 @@ Note that, for most applications (e.g. Firefox), copy and paste keyboard shortcu
     identifier, highlighted in the example below:
         <pre><code> Generic Flash Disk (<span class="primary">/dev/sda</span>)
     Kanguru Flash Trust (<span class="primary">/dev/sdb</span>)</code></pre>
-    6. Select the "SETUP 1 BOOT" USB and make note of the disk identifier (e.g.
+    6. Select the "SETUP 1 BOOT" USB drive and make note of the disk identifier (e.g.
     "/dev/sdb"). This will be referred to as 
     <span class="primary">USB-device-identifier</span> in the coming steps.
     7. Click "Make Startup Disk" and then click "Yes".
@@ -214,10 +214,10 @@ of errors or malware infection:
 
         Technical details: In order to avoid detection, malware
         may wait until a USB drive is in the process of ejecting (i.e. once all
-        integrity checks are completed) before infecting the USB. Ejecting and
-        re-inserting the USB before checking integrity is a simple defence against this.
+        integrity checks are completed) before infecting the USB drive. Ejecting and
+        re-inserting the USB drive before checking integrity is a simple defence against this.
 
-    3. Wait 10 seconds for the operating system to recognize the USB.
+    3. Wait 10 seconds for the operating system to recognize the USB drive.
     4. Change the terminal’s current working folder to the download folder,
     customizing the folder name if necessary:
         ```
@@ -228,19 +228,19 @@ of errors or malware infection:
     6. Enter the root password if requested.
     7. Wait a few minutes for the verification process to complete.
     8. Successful verification will return to the terminal prompt, outputting no data.
-    Failure will return a message showing how the USB differs from the downloaded image, for example:
+    Failure will return a message showing how the USB drive differs from the downloaded image, for example:
         ```
         ubuntu-16.04.1-desktop-amd64.iso /dev/sda differ:
         byte 1, line 1
         ```
         If a message is returned, **STOP**. This may be a security
-        risk. Restart the [Create the "SETUP 1 BOOT" USB](create-the-setup-1-boot-usb)
+        risk. Restart the [Create the "SETUP 1 BOOT" USB drive](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
         section from the beginning. If the issue persists, try using a
         different USB drive or a different Setup Computer.
 
-### Create the "Q1 BOOT" USB
+### Create the "Q1 BOOT" USB drive
 
-1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB:
+1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB drive:
     1. Reboot the computer.
     2. Alter the boot device:
 
@@ -262,7 +262,7 @@ of errors or malware infection:
             1. Press "F2" when the boot logo appears.
             2. Navigate to the boot menu.
             3. Select "USB HDD", and press "F6" until it moves to the top of the list.
-            4. Press "F10" to save and automatically reboot from the USB.
+            4. Press "F10" to save and automatically reboot from the USB drive.
         * **Mac**:
             1. Press and hold "Option" (⌥) when the startup chime is heard.
             2. Click the "EFI Boot" option and then click the up arrow below. Do not
@@ -278,7 +278,7 @@ of errors or malware infection:
         the computer boots *immediately* to where it left off, the power button was not
         held down long enough and should be held down again.
     3. On successful reboot, the "GNU GRUB" menu will appear. Select the option "Try
-    Ubuntu without installing" and press "Enter". The computer should boot into the USB's
+    Ubuntu without installing" and press "Enter". The computer should boot into the USB drive's
     Ubuntu desktop.
 
 2. Enable WiFi connectivity:
@@ -295,12 +295,12 @@ of errors or malware infection:
         6. Click the cone-shaped WiFi icon near the right side of the menu
         bar again. There should be a list of WiFi networks this time.
     3. Select the relevant WiFi network from the list and enter the password.
-3. Create the "Q1 BOOT" USB by repeating the
+3. Create the "Q1 BOOT" USB drive by repeating the
 [Download and verify Ubuntu](/docs/setup/create-boot-usb/#download-and-verify-ubuntu) and 
-[Create the “SETUP 1 BOOT” USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb)
-sections, replacing each occurance of "SETUP 1 BOOT" USB with "Q1 BOOT" USB. Also
+[Create the “SETUP 1 BOOT” USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
+sections, replacing each occurance of "SETUP 1 BOOT" with "Q1 BOOT". Also
 take note of the following:
-    * The instruction to plug a Quarantined Boot USB into the Setup
+    * The instruction to plug a Quarantined Boot USB drive into the Setup
     Computer should raise a red flag, because **<span style="color: red;">a quarantined USB drive should never be plugged into anything other than its designated quarantined computer!</span>**
     This setup process is the **ONE** necessary exception.
     * The "SETUP 1" computer should boot from the "SETUP 1 BOOT" USB drive this time, meaning
@@ -311,21 +311,21 @@ take note of the following:
     "SETUP 1 BOOT" USB drive, and select "Eject" from the pop-up menu.
     2. Remove the "Q1 BOOT" USB drive from the USB slot.
 
-**The "Q1 BOOT" USB is now eternally quarantined and should only ever be plugged into the "Q1" computer.**
+**The "Q1 BOOT" USB drive is now eternally quarantined and should only ever be plugged into the "Q1" computer.**
 
 ## On Setup Computer “SETUP 2”
 
-### Create the "SETUP 2 BOOT" USB
+### Create the "SETUP 2 BOOT" USB drive
 
-Create the "SETUP 2 BOOT" USB by repeating the 
+Create the "SETUP 2 BOOT" USB drive by repeating the 
 [Download and verify Ubuntu](/docs/setup/create-boot-usb/#download-and-verify-ubuntu) and
-[Create the "SETUP 1 BOOT" USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb)
-sections, replacing occurances of "SETUP 1" computer and "SETUP 1 BOOT" USB with
-"SETUP 2" computer and "SETUP 2 BOOT" USB, respectively.
+[Create the "SETUP 1 BOOT" USB drive](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
+sections, replacing occurances of "SETUP 1" and "SETUP 1 BOOT" with
+"SETUP 2" and "SETUP 2 BOOT", respectively.
 
-### Create the "Q2 BOOT" USB
+### Create the "Q2 BOOT" USB drive
 
-Create the "Q2 BOOT" USB by repeating the 
-[Create the "Q1 BOOT" USB](/docs/setup/create-boot-usb/#create-the-q1-boot-usb)
-section, replacing occurances of "SETUP 1" computer, "SETUP 1 BOOT" USB and "Q1 BOOT" USB with
-"SETUP 2" computer, "SETUP 2 BOOT" USB and "Q2 BOOT" USB, respectively.
\ No newline at end of file
+Create the "Q2 BOOT" USB drive by repeating the 
+[Create the "Q1 BOOT" USB drive](/docs/setup/create-boot-usb/#create-the-q1-boot-usb-drive)
+section, replacing occurances of "SETUP 1", "SETUP 1 BOOT" and "Q1 BOOT" with
+"SETUP 2", "SETUP 2 BOOT" and "Q2 BOOT", respectively.
\ No newline at end of file
diff --git a/_docs/setup/prepare-hardware.md b/_docs/setup/prepare-hardware.md
index cf61d0c..a4040b8 100644
--- a/_docs/setup/prepare-hardware.md
+++ b/_docs/setup/prepare-hardware.md
@@ -32,10 +32,10 @@ paying *particular* attention to manfacturer requirements:
     * **Set 1**: "Q1" computer, "Q1 BOOT" USB drive, "Q1 APP" USB drive
     * **Set 2**: "Q2" computer, "Q2 BOOT" USB drive, "Q2 APP" USB drive
 
-    The USBs labeled "Q1 BOOT" and "Q2 BOOT" will have the operating system to
+    The USB drives labeled "Q1 BOOT" and "Q2 BOOT" will have the operating system to
     boot the corresponding computer.
 
-    The USBs labeled "Q1 APP" and "Q2 APP" will have the software applications
+    The USB drives labeled "Q1 APP" and "Q2 APP" will have the software applications
     for use on the corresponding computer.
 
 2. In each set, label all hardware with a permanent marker, writing directly on
diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 812de1e..6f82676 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -29,8 +29,8 @@ at [https://github.com/GlacierProtocol/GlacierProtocol/releases.](https://github
 5. Obtain the Glacier PGP public key, used to cryptographically verify the protocol document.
 
     Technical detail: Glacier's GPG keys are handled with good security practices.
-    They were generated while booting from an Ubuntu Live USB on a factory-new laptop
-    with the wireless card removed, and transferred via USB to a MacBook. The private
+    They were generated while booting from an Ubuntu Live USB drive on a factory-new laptop
+    with the wireless card removed, and transferred via USB drive to a MacBook. The private
     key is not stored in the cloud. The public key is hosted separately from the
     software distributions, on [Keybase](https://keybase.io/), and secured with separate credentials stored
     in password managers.
@@ -40,7 +40,7 @@ at [https://github.com/GlacierProtocol/GlacierProtocol/releases.](https://github
     Technical detail: There is a chicken-and-egg problem here, in that this document
     is giving instructions for how to verify itself. Any attacker that compromised
     this document could also compromise these instructions so that the verification
-    (erroneously) passes. There's no way to prevent this, unless the reader is familiar
+    (erroneously) passes. There is no way to prevent this, unless the reader is familiar
     with the document before the compromise and recognizes that the verification
     instructions have changed. This is why a direct download link to the public key 
     is not provided. If an attacker changed the link, it could very easily go unnoticed.
@@ -51,7 +51,7 @@ at [https://github.com/GlacierProtocol/GlacierProtocol/releases.](https://github
     individuals from the Bitcoin community.
 
     1. Navigate to Glacier's Keybase profile at [keybase.io/glacierprotocol](https://keybase.io/glacierprotocol).
-    2. Click the string of 16 letters and numbers, formatted "XXXX XXXX XXXX XXXX" next to the key icon.
+    2. Click the string of 16 letters and numbers, formatted "XXXX XXXX XXXX XXXX", next to the key icon.
     3. In the pop-up that appears, right-click the link reading "this key" and select
     "Save Link As..." or "Download Linked File As...".
     4. Name the file "glacier.asc".

From 81c0ef0f1f19f215bcfe48d1005b53a0e01edcd8 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 10:04:51 +0000
Subject: [PATCH 140/190] Code example formatting made consistent

---
 _docs/setup/verify.md | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/_docs/setup/verify.md b/_docs/setup/verify.md
index 6f82676..c6d1681 100644
--- a/_docs/setup/verify.md
+++ b/_docs/setup/verify.md
@@ -90,9 +90,18 @@ protocol.
 commands below are based on default settings; if the defaults have been altered, 
 these commands will need customized to match.
 
-    * **Windows**:  `> cd $HOME/Downloads/glacier`
-    * **MacOS**:  `$ cd $HOME/Downloads/glacier`
-    * **Linux**: `$ cd $HOME/Downloads/glacier`
+    * **Windows**:  
+    ```
+    > cd $HOME/Downloads/glacier
+    ```
+    * **MacOS**:  
+    ```
+    $ cd $HOME/Downloads/glacier
+    ```
+    * **Linux**: 
+    ```
+    $ cd $HOME/Downloads/glacier
+    ```
 
 9. Verify the integrity of the downloaded document. For technical background about
 this process, see Wikipedia's [Digital signature](https://en.wikipedia.org/wiki/Digital_signature)

From 8d806cf52bd1a81d4247c58db5ec5cc2585a1e62 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 10:39:40 +0000
Subject: [PATCH 141/190] "regular" OS changed to "factory-installed" OS for
 clarity

---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 752d363..332392a 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -271,7 +271,7 @@ of errors or malware infection:
             successful.
 
         If, while trying to get into either the BIOS or boot device selection menu,
-        the computer boots into its regular operating system, the wrong button may have
+        the computer boots into its factory-installed operating system, the wrong button may have
         been pressed, or not pressed soon enough. Hold down the power button for a full
         ten seconds, even if the screen turns black sooner, and turn the computer back on.
         Repeat this step, tapping the appropriate button(s) repeatedly as it boots. If

From 02462a1f679f0863f150c6b5267dcf18d41d5947 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 10:47:05 +0000
Subject: [PATCH 142/190] Quotes added for consistency

---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 332392a..0bf57eb 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -287,7 +287,7 @@ of errors or malware infection:
     need enabled:
         1. Click on the gear-and-wrench icon along the left side of the screen to open
         the system settings window.
-        2. Click the "Software & Updates" icon to open the Software & Updates window
+        2. Click the "Software & Updates" icon to open the "Software & Updates" window
         3. Click the "Additional Drivers" tab.
         4. Select any other option besides "Do not use the device" in the "Wireless
         Network Adapter" section.

From 87533e7e6ec6643ffbf62f26b9ad067e7c874264 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 10:47:41 +0000
Subject: [PATCH 143/190] "USB" expanded to "USB drive"

---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 0bf57eb..b73644a 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -98,7 +98,7 @@ Open a copy of this document.
 
 **Windows**:
 1. Download and run [Rufus disk utility](https://rufus.akeo.ie/).
-2. Insert the "SETUP 1 BOOT" USB into an empty USB slot.
+2. Insert the "SETUP 1 BOOT" USB drive into an empty USB slot.
 3. In the "Device" dropdown at the top of the Rufus window, ensure the
 empty USB drive is selected.
 4. Next to the text "Create a bootable disk using", select "ISO Image"

From 643b9157f664d070ab8ccede7796da8eda0f4146 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 10:48:07 +0000
Subject: [PATCH 144/190] Sentence improved

---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index b73644a..019849c 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -298,7 +298,7 @@ of errors or malware infection:
 3. Create the "Q1 BOOT" USB drive by repeating the
 [Download and verify Ubuntu](/docs/setup/create-boot-usb/#download-and-verify-ubuntu) and 
 [Create the “SETUP 1 BOOT” USB](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
-sections, replacing each occurance of "SETUP 1 BOOT" with "Q1 BOOT". Also
+sections, replacing each occurance of "SETUP 1 BOOT" with "Q1 BOOT". During the repeat,
 take note of the following:
     * The instruction to plug a Quarantined Boot USB drive into the Setup
     Computer should raise a red flag, because **<span style="color: red;">a quarantined USB drive should never be plugged into anything other than its designated quarantined computer!</span>**

From f710efaead794017201a53077fb704eda44f30ea Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 11:03:58 +0000
Subject: [PATCH 145/190] Complex point rewritten to simplify

---
 _docs/protocol-vulnerabilities/attack-surface.md | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index 325e9b1..1bdf384 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -129,14 +129,11 @@ itself. Unfortunatley, vulnerabilities remain:
 * An attacker could remove the self-verification procedure from the protocol document.
 * An attacker could compromise the Glacier Protocol keypair and create a fraudulent
 signature. This is exceedingly unlikely, due to Keybase's key verification systems.
-* The protocol document begins with document self-verification on one Setup
-Computer. However, it does not guide the user through self-verification on the second
-Setup Computer. Nor does it have the user re-verify the document when they first boot
-into Ubuntu on the Setup Computers to create the Quarantined Boot USB drives. If the
-portion of the protocol document related to creating the Quarantined Boot USB drives had been
-compromised between the initial self-validation and the later re-validation, when
-creating the Quarantined App USB drives, the user would probably not notice, even without
-a forged signature.
+* The protocol document is verified on the first Setup Computer. It is not
+verified on the second Setup Computer, nor when booting into the Setup Computers
+to create the Quarantined Boot USB drives. If the protocol document had been
+compromised between the initial validation and later re-validation, the user would
+probably not notice, even without a forged signature.
 * The protocol hardcopy could be compromised. For example, malware could alter the
 hardcopy as it is printed)
 * A flaw in GlacierScript could cause sensitive data to be leaked or flawed

From 8ed76de8e4939d0df9bfce1fd5545f313e65ee14 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 11:36:42 +0000
Subject: [PATCH 146/190] Section referenced properly, link added

Sections are not numbered
---
 _docs/setup/create-app-usb.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 5d4371c..6025521 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -4,13 +4,13 @@ description: Learn how to prepare your USB drives for Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---
 
-We will prepare two (2) "Quarantined App USB"
-drives with the software needed to execute the remainder of the protocol.
-These are the USB drives you labeled "Q1 APP" and "Q2 APP" in Section
-III.
+This section will prepare the two Quarantined App USB drives, "Q1 APP" and "Q2 APP" in the
+[Hardware required](/docs/before-you-start/hardware/#eternally-quarantined) section, with
+the software needed to execute the remainder of the protocol.
 
-1. Boot the SETUP 1 computer off the SETUP 1 BOOT USB if it is not
-already. (See the instructions in Section III for details.)
+1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB drive, following step 1 of
+[Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
+in the Create boot USB drives section.
 2. Insert the Q1 APP USB into the the SETUP 1 computer.
 
     1. **The instruction to plug a Quarantined App USB into your Setup computer

From 5f11756f552b02babefd25d53a9984d3ebcaed33 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 12:16:23 +0000
Subject: [PATCH 147/190] Hardware referencing made consistent

---
 _docs/setup/create-app-usb.md | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 6025521..e4ace6f 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -1,6 +1,6 @@
 ---
-title: Create app USBs
-description: Learn how to prepare your USB drives for Glacier, the
+title: Create App USB drives
+description: Learn how to prepare the App USB drives for Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---
 
@@ -11,16 +11,16 @@ the software needed to execute the remainder of the protocol.
 1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB drive, following step 1 of
 [Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
 in the Create boot USB drives section.
-2. Insert the Q1 APP USB into the the SETUP 1 computer.
+2. Insert the "Q1 APP" USB drive into the the "SETUP 1" computer.
 
-    1. **The instruction to plug a Quarantined App USB into your Setup computer
+    1. **The instruction to plug a Quarantined App USB drive into your Setup computer
     *should* raise a red flag for you, because <span style="color: red;">you should never plug a quarantined
-    USB into anything other than the quarantined computer it is designated for!</span>**
+    USB drive into anything other than the quarantined computer it is designated for!</span>**
 
        This setup process is the ONE exception.
 
 3. Press Ctrl-Alt-T to open a terminal window.
-4. Install the Glacier document and GlacierScript on the Q1 APP USB.
+4. Install the Glacier document and GlacierScript on the "Q1 APP" USB drive.
 
     1. Download the latest full release of Glacier (*not* just the protocol
     document) at
@@ -96,7 +96,7 @@ in the Create boot USB drives section.
            README.md: OK
            ```
 
-    5. Copy the glacier folder to the Q1 APP USB.
+    5. Copy the glacier folder to the "Q1 APP" USB drive.
         1. Click on the File Manager icon in the launching dock along the left
         side of the screen.
         2. Find the "glacier" folder under "Home".
@@ -116,10 +116,10 @@ in the Create boot USB drives section.
             3. Login again with user "ubuntu" and leave the password blank.
 
 5. Open the Glacier protocol document so that it is available for copy-pasting terminal commands.
-6. Install the remaining application software on the Q1 APP USB.
+6. Install the remaining application software on the "Q1 APP" USB drive.
     1. Configure our system to enable access to the software we need in Ubuntu's
     "package repository".On Ubuntu 16.04.01  [there is a bug](https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1601971) in Ubuntu's package manager that affects systems
-    running off a bootable Ubuntu USB. The commands in steps a and b are a
+    running off a bootable Ubuntu USB drive. The commands in steps a and b are a
     workaround.
         1. ```
         $ sudo mv /var/cache/app-info/xapian/default /var/cache/app-info/xapian/default_old
@@ -146,9 +146,9 @@ in the Create boot USB drives section.
             ```
             $ sudo apt-get install qrencode=3.4.4-1 zbar-tools=0.10+doc-10ubuntu1 bitcoind
             ```
-    3. Copy that software to the Q1 APP USB.
+    3. Copy that software to the "Q1 APP" USB drive.
         1. Create a folder for the application files that will be moved to the
-        USB:
+        USB drive:
             ```
             $ mkdir ~/apps
             ```
@@ -156,7 +156,7 @@ in the Create boot USB drives section.
             ```
             $ cp /var/cache/apt/archives/*.deb ~/apps
             ```
-        3. Copy the contents of the apps folder to the Q1 APP USB:
+        3. Copy the contents of the apps folder to the "Q1 APP" USB drive:
             1. Click on the File Manager icon in the launching dock:
             2. Navigate to the "Home" folder.
             3. Click and drag "apps" folder to the icon representing
@@ -196,12 +196,12 @@ contents should look like this
     SHA256SUMS
     SHA256SUMS.sig
     ```
-8. Eject and physically remove the Q1 APP USB from the SETUP 1 computer.
+8. Eject and physically remove the "Q1 APP" USB drive from the "SETUP 1" computer.
 
-    **The Q1 APP USB is now eternally quarantined. It should never again be
-    plugged into anything besides the Q1 computer.**
+    **The "Q1 APP" USB drive is now eternally quarantined. It should never again be
+    plugged into anything besides the "Q1" computer.**
 
-9. Repeat all above steps using the SETUP 2 computer, SETUP 2 BOOT USB, and Q2
-APP USB.
+9. Repeat all above steps using the "SETUP 2" computer, "SETUP 2 BOOT" USB drive, and "Q2
+APP" USB drive.
 10. Find a container in which to store all of your labeled hardware, along
 with the Glacier document hardcopy, when you are finished.

From ada13657e3cfc3e0581c843cb4efcd510fa0d6ea Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 12:37:31 +0000
Subject: [PATCH 148/190] Full stop added

---
 _docs/setup/create-boot-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-boot-usb.md b/_docs/setup/create-boot-usb.md
index 019849c..e564a78 100644
--- a/_docs/setup/create-boot-usb.md
+++ b/_docs/setup/create-boot-usb.md
@@ -301,7 +301,7 @@ of errors or malware infection:
 sections, replacing each occurance of "SETUP 1 BOOT" with "Q1 BOOT". During the repeat,
 take note of the following:
     * The instruction to plug a Quarantined Boot USB drive into the Setup
-    Computer should raise a red flag, because **<span style="color: red;">a quarantined USB drive should never be plugged into anything other than its designated quarantined computer!</span>**
+    Computer should raise a red flag, because **<span style="color: red;">a quarantined USB drive should never be plugged into anything other than its designated quarantined computer!</span>**.
     This setup process is the **ONE** necessary exception.
     * The "SETUP 1" computer should boot from the "SETUP 1 BOOT" USB drive this time, meaning
     the Linux instructions are to be followed, even if the computer

From 1169eaefd2ca2fd55f86866816132eb3f2365896 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 12:38:53 +0000
Subject: [PATCH 149/190] Reworded for consistency, numbering removed - not a
 sequential step

---
 _docs/setup/create-app-usb.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index e4ace6f..3a02f0b 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -13,11 +13,10 @@ the software needed to execute the remainder of the protocol.
 in the Create boot USB drives section.
 2. Insert the "Q1 APP" USB drive into the the "SETUP 1" computer.
 
-    1. **The instruction to plug a Quarantined App USB drive into your Setup computer
-    *should* raise a red flag for you, because <span style="color: red;">you should never plug a quarantined
-    USB drive into anything other than the quarantined computer it is designated for!</span>**
-
-       This setup process is the ONE exception.
+    The instruction to plug a Quarantined App USB drive into the Setup Computer
+    should raise a red flag, because  **<span style="color: red;">a quarantined USB drive
+    should never be plugged into anything other than its designated quarantined computer!</span>**.
+    This setup process is the **ONE** necessary exception.
 
 3. Press Ctrl-Alt-T to open a terminal window.
 4. Install the Glacier document and GlacierScript on the "Q1 APP" USB drive.

From 82c5d44a60693eaaaf3ae4e9586e954848d37103 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 15:48:19 +0000
Subject: [PATCH 150/190] Reword, link text altered

---
 _docs/setup/create-app-usb.md | 40 +++++++++++++----------------------
 1 file changed, 15 insertions(+), 25 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 3a02f0b..20e31c7 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -18,31 +18,21 @@ in the Create boot USB drives section.
     should never be plugged into anything other than its designated quarantined computer!</span>**.
     This setup process is the **ONE** necessary exception.
 
-3. Press Ctrl-Alt-T to open a terminal window.
-4. Install the Glacier document and GlacierScript on the "Q1 APP" USB drive.
-
-    1. Download the latest full release of Glacier (*not* just the protocol
-    document) at
-    [https://github.com/GlacierProtocol/GlacierProtocol/releases](https://github.com/GlacierProtocol/GlacierProtocol/releases).
-    2. Unpack the Glacier ZIP file into a staging area.
-
-        1. When the download starts, Firefox will ask you if you want to open the
-        ZIP file with Archive Manager. Click OK.
-
-           When the ZIP file download completes, it will be opened with Archive Manager.
-
-        2. There will be a single entry in a list named
-        "GlacierProtocol-<span class="primary">version-here</span>", where
-        <span class="primary">version-here</span> is replaced with
-        the current version number (like "v1.0"). Click on that and then click
-        the "Extract" button.
-        3. The Archive Manager will ask you where you want to extract the ZIP
-        file to. Select "Home" on the left panel and then press the extract button.
-        4. When the Archive Manager is finished extracting the ZIP archive it
-        will ask you what to do next. Click "Show the Files".
-        5. Rename the unzipped folder from "GlacierProtocol-<span class="primary">version-here</span>" to
-        "glacier".
-
+3. Press "Ctrl-Alt-T" to open a terminal window.
+4. Install the Glacier document and GlacierScript on the "Q1 APP" USB drive:
+    1. Download the latest full release of Glacier, *not* just the protocol
+    document, from the "Source code (zip)" link at
+    [Glacier's Github repo](https://github.com/GlacierProtocol/GlacierProtocol/releases).
+    2. Unpack the Glacier ZIP file into a staging area:
+        1. When the download starts, Firefox will prompt for the action to take with the file
+        once downloaded. Click "OK" to open with Archive Manager.
+        2. In the Archive Manager window, click on the single entry in the list named
+        "GlacierProtocol-<span class="primary">version</span>", where
+        <span class="primary">version</span> is replaced with
+        the current version number (for example, "v1.0"). Click "Extract".
+        3. Select "Home" on the left panel of the file browser that appears and click "Extract" again.
+        4. Click "Show the Files" once a popup declares the files are extracted.
+        5. In the folder window that appears, rename the unzipped folder from "GlacierProtocol-<span class="primary">version</span>" to "glacier".
     3. Obtain the Glacier "public key," used to cryptographically verify the
     Glacier document and GlacierScript.
 

From c1097743ecd5c7164bc9ce6184693357119a755d Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Mon, 26 Nov 2018 16:04:36 +0000
Subject: [PATCH 151/190] Images missing?

---
 _docs/setup/create-app-usb.md | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 20e31c7..fc13cd6 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -90,8 +90,7 @@ in the Create boot USB drives section.
         side of the screen.
         2. Find the "glacier" folder under "Home".
         3. Click and drag the glacier folder to the icon representing the USB
-        drive on the left. The USB drive will look like this, but may have a
-        different name:
+        drive on the left.
         4. If you see an "Error while copying" pop-up, you may be suffering from
         [this Ubuntu bug](https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1021375).
         To fix it, do the following and then retry copying the files:
@@ -149,8 +148,7 @@ in the Create boot USB drives section.
             1. Click on the File Manager icon in the launching dock:
             2. Navigate to the "Home" folder.
             3. Click and drag "apps" folder to the icon representing
-            the USB drive on the left panel. The USB drive will look like this,
-            but may have a different name:
+            the USB drive on the left panel.
 7. Click on the USB drive icon to verify that it has the correct files. The
 contents should look like this
     ```

From 2b82098e864ebe5b031efa03227acdc35ca56921 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 08:42:51 +0000
Subject: [PATCH 152/190] Step numbers corrected

---
 _docs/setup/create-app-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index fc13cd6..0504013 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -107,7 +107,7 @@ in the Create boot USB drives section.
 6. Install the remaining application software on the "Q1 APP" USB drive.
     1. Configure our system to enable access to the software we need in Ubuntu's
     "package repository".On Ubuntu 16.04.01  [there is a bug](https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1601971) in Ubuntu's package manager that affects systems
-    running off a bootable Ubuntu USB drive. The commands in steps a and b are a
+    running off a bootable Ubuntu USB drive. The commands in steps i and ii are a
     workaround.
         1. ```
         $ sudo mv /var/cache/app-info/xapian/default /var/cache/app-info/xapian/default_old

From a3acbe67edd89ad75c8fd9b6cc172baf96e44259 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:02:15 +0000
Subject: [PATCH 153/190] Reword

---
 _docs/setup/create-app-usb.md | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 0504013..8752725 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -33,36 +33,33 @@ in the Create boot USB drives section.
         3. Select "Home" on the left panel of the file browser that appears and click "Extract" again.
         4. Click "Show the Files" once a popup declares the files are extracted.
         5. In the folder window that appears, rename the unzipped folder from "GlacierProtocol-<span class="primary">version</span>" to "glacier".
-    3. Obtain the Glacier "public key," used to cryptographically verify the
-    Glacier document and GlacierScript.
+    3. Obtain the Glacier public key used to cryptographically verify the
+    Glacier document and GlacierScript:
 
-        **If you are ever using Glacier in the future and notice that this step
-        has changed (or that this warning has been removed), there is a
-        security risk.** Stop and seek assistance.
+        **If this step changes in future uses of Glacier, or this warning is removed, there is a security risk.**
+        Stop and seek assistance.
 
-        1. Access Glacier's Keybase profile at https://keybase.io/glacierprotocol.
-        2. Click the string of letters and numbers next to the key icon.
-        3. In the pop-up that appears, locate the link reading "this key".
-        4. Right-click the link and select "Save Link As..."
-        5. Name the file "glacier.asc".
+        1. Navigate to Glacier's Keybase profile at [keybase.io/glacierprotocol](https://keybase.io/glacierprotocol).
+        2. Click the string of 16 letters and numbers, formatted "XXXX XXXX XXXX XXXX", next to the key icon.
+        3. In the pop-up that appears, right-click the link reading "this key" and select
+        "Save Link As..." or "Download Linked File As...".
+        4. Name the file "glacier.asc".
 
-    4. Verify the integrity of the Glacier download.
-
-        1. Import the Glacier public key into your local GPG installation:
+    4. Verify the integrity of the Glacier download:
+        1. Import the Glacier public key into the local GPG installation:
            ```
            $ gpg --import ~/Downloads/glacier.asc
            ```
-        2. Switch to the glacier folder:
+        2. Change the terminal’s current working folder to the Glacier folder:
            ```
            $ cd ~/glacier
            ```
-        3. Use the public key to verify that the Glacier "fingerprint file" is
+        3. Use the public key to verify that the Glacier fingerprint file is
         legitimate:
            ```
            $ gpg --verify SHA256SUMS.sig SHA256SUMS
            ```
-           Expected output (timestamp will vary, but
-           e-mail and fingerprint should match):
+           Expected output (timestamp will vary, but e-mail and fingerprint should match):
            <pre><code><span style="font-size: 10px;">gpg: Signature made Thu Jan 19 13:45:48 2017 PST using RSA key ID 4B43EAB0
            gpg: Good signature from "Glacier Team <contact@glacierprotocol.org>"
            gpg: WARNING: This key is not certified with a trusted signature!

From a175d2bb88da3f8b10386c4532598d629c99d6ae Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:03:27 +0000
Subject: [PATCH 154/190] Link to warning explanation added

---
 _docs/setup/create-app-usb.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 8752725..1ce4e10 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -67,8 +67,8 @@ in the Create boot USB drives section.
            Primary key fingerprint: E1AA EBB7 AC90 C1FE 80F0 1034 9D1B 7F53 4B43</span>
            </code></pre>
 
-           The warning message is expected, and is not cause for alarm.
-
+           The warning message is expected, and is not cause for alarm. See technical detail
+           in [Verify and print protocol document](/docs/setup/verify/#document-verification), point 3 for explanation.
         4. Verify the fingerprints in the fingerprint file match the fingerprints
         of the downloaded Glacier files:
            ```

From 6eab35842935be699ffb2478e8b8c9919dceb6b3 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:04:13 +0000
Subject: [PATCH 155/190] Reword

---
 _docs/setup/create-app-usb.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 1ce4e10..b5d1253 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -69,7 +69,7 @@ in the Create boot USB drives section.
 
            The warning message is expected, and is not cause for alarm. See technical detail
            in [Verify and print protocol document](/docs/setup/verify/#document-verification), point 3 for explanation.
-        4. Verify the fingerprints in the fingerprint file match the fingerprints
+        4. Verify that the fingerprints in the fingerprint file match the fingerprints
         of the downloaded Glacier files:
            ```
            $ sha256sum -c SHA256SUMS 2>&1
@@ -81,12 +81,11 @@ in the Create boot USB drives section.
            base58.py: OK
            README.md: OK
            ```
-
-    5. Copy the glacier folder to the "Q1 APP" USB drive.
-        1. Click on the File Manager icon in the launching dock along the left
+    5. Copy the glacier folder to the "Q1 APP" USB drive:
+        1. Click on the "File Manager" icon in the launching dock along the left
         side of the screen.
         2. Find the "glacier" folder under "Home".
-        3. Click and drag the glacier folder to the icon representing the USB
+        3. Click and drag the "glacier" folder to the icon representing the USB
         drive on the left.
         4. If you see an "Error while copying" pop-up, you may be suffering from
         [this Ubuntu bug](https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1021375).

From 534ae12d230905838e4f5e018f587ecd8e4c064c Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:06:06 +0000
Subject: [PATCH 156/190] Reword, command described

---
 _docs/setup/create-app-usb.md | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index b5d1253..22342f9 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -87,16 +87,13 @@ in the Create boot USB drives section.
         2. Find the "glacier" folder under "Home".
         3. Click and drag the "glacier" folder to the icon representing the USB
         drive on the left.
-        4. If you see an "Error while copying" pop-up, you may be suffering from
-        [this Ubuntu bug](https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1021375).
-        To fix it, do the following and then retry copying the files:
-
-            1.  
+        4. An "Error while copying" pop-up may appear in the event of
+        [bug #1021375](https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1021375). Do the following before trying to copy the "glacier" folder again:
+            1. Reset the Nautilus settings to default:
                 ```
                 $ mv ~/.config/nautilus ~/.config/nautilus-bak
                 ```
-            2. Log out of Ubuntu: Click the power icon in the top right of the
-            screen and select "logout" from the drop-down menu.
+            2. Clicking the power icon in the top right of the screen and click "logout" from the drop-down menu.
             3. Login again with user "ubuntu" and leave the password blank.
 
 5. Open the Glacier protocol document so that it is available for copy-pasting terminal commands.

From 54ae9875eb27adc43a726a2759928890de1e9f77 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:10:14 +0000
Subject: [PATCH 157/190] Typo

---
 _docs/setup/create-app-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 22342f9..21a10d7 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -117,7 +117,7 @@ in the Create boot USB drives section.
         5. ```
         $ sudo apt-get update
         ```
-    2. Download and perform integrity verification59 of software available from Ubuntu's package repository:
+    2. Download and perform integrity verification of software available from Ubuntu's package repository:
         * **bitcoind**: [Bitcoin Core](https://bitcoincore.org/):
         , which we'll use for cryptography & financial operations
         * **qrencode**: Used for creating QR codes to move data off quarantined

From b72dc446695a807bf83e1b026048669391d035ba Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:15:32 +0000
Subject: [PATCH 158/190] bitcoind is not from Ubuntu's repository

---
 _docs/setup/create-app-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 21a10d7..7b062c2 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -117,7 +117,7 @@ in the Create boot USB drives section.
         5. ```
         $ sudo apt-get update
         ```
-    2. Download and perform integrity verification of software available from Ubuntu's package repository:
+8. Download and perform integrity verification of software:
         * **bitcoind**: [Bitcoin Core](https://bitcoincore.org/):
         , which we'll use for cryptography & financial operations
         * **qrencode**: Used for creating QR codes to move data off quarantined

From 0cfa2d93302a441745b4077f6c483de5e30e36f1 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:18:08 +0000
Subject: [PATCH 159/190] Reword

---
 _docs/setup/create-app-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 7b062c2..840dfe3 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -96,7 +96,7 @@ in the Create boot USB drives section.
             2. Clicking the power icon in the top right of the screen and click "logout" from the drop-down menu.
             3. Login again with user "ubuntu" and leave the password blank.
 
-5. Open the Glacier protocol document so that it is available for copy-pasting terminal commands.
+5. Open the Glacier protocol document for copy-pasting terminal commands.
 6. Install the remaining application software on the "Q1 APP" USB drive.
     1. Configure our system to enable access to the software we need in Ubuntu's
     "package repository".On Ubuntu 16.04.01  [there is a bug](https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1601971) in Ubuntu's package manager that affects systems

From 9e4a4bc4f5c545b65b345f7525f4613415b69dd1 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:21:36 +0000
Subject: [PATCH 160/190] Complex nested list split into two, code combined
 into single box

Code needs no individual explanation,multiline code format was explained
---
 _docs/setup/create-app-usb.md | 32 ++++++++++++--------------------
 1 file changed, 12 insertions(+), 20 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 840dfe3..aa87217 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -97,26 +97,18 @@ in the Create boot USB drives section.
             3. Login again with user "ubuntu" and leave the password blank.
 
 5. Open the Glacier protocol document for copy-pasting terminal commands.
-6. Install the remaining application software on the "Q1 APP" USB drive.
-    1. Configure our system to enable access to the software we need in Ubuntu's
-    "package repository".On Ubuntu 16.04.01  [there is a bug](https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1601971) in Ubuntu's package manager that affects systems
-    running off a bootable Ubuntu USB drive. The commands in steps i and ii are a
-    workaround.
-        1. ```
-        $ sudo mv /var/cache/app-info/xapian/default /var/cache/app-info/xapian/default_old
-        ```
-        2. ```
-        $ sudo mv /var/cache/app-info/xapian/default_old /var/cache/app-info/xapian/default
-        ```
-        3. ```
-        $ sudo apt-add-repository universe
-        ```
-        4. ```
-        $ sudo apt-add-repository ppa:bitcoin/bitcoin
-        ```
-        5. ```
-        $ sudo apt-get update
-        ```
+6. Implement workaround for [bug #1601971](https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1601971)
+which affects Ubuntu 16.04.01's package manager when running from a bootable USB drive:
+    ```
+    $ sudo mv /var/cache/app-info/xapian/default /var/cache/app-info/xapian/default_old
+    $ sudo mv /var/cache/app-info/xapian/default_old /var/cache/app-info/xapian/default
+    ```
+7. Configure the system to enable access to the required package repositories:
+    ```
+    $ sudo apt-add-repository universe
+    $ sudo apt-add-repository ppa:bitcoin/bitcoin
+    $ sudo apt-get update
+    ```
 8. Download and perform integrity verification of software:
         * **bitcoind**: [Bitcoin Core](https://bitcoincore.org/):
         , which we'll use for cryptography & financial operations

From eefbd9254c40e7b48e3509729d8eaabbbd5a3a0b Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:36:44 +0000
Subject: [PATCH 161/190] Bullets removed from sublist for consistency and
 formatting

---
 _docs/setup/create-app-usb.md | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index aa87217..a670d9f 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -109,16 +109,12 @@ which affects Ubuntu 16.04.01's package manager when running from a bootable USB
     $ sudo apt-add-repository ppa:bitcoin/bitcoin
     $ sudo apt-get update
     ```
-8. Download and perform integrity verification of software:
-        * **bitcoind**: [Bitcoin Core](https://bitcoincore.org/):
-        , which we'll use for cryptography & financial operations
-        * **qrencode**: Used for creating QR codes to move data off quarantined
-        computers
-        * **zbar-tools**: Used for reading QR codes to import data into quarantined
-        computers
-            ```
-            $ sudo apt-get install qrencode=3.4.4-1 zbar-tools=0.10+doc-10ubuntu1 bitcoind
-            ```
+8. Download and perform integrity verification of [bitcoind](https://bitcoincore.org/)
+(cryptography & financial operations), qrencode (QR code creation for quarantined data
+export) and zbar-tools (QR code reading for quarantined data import) software:
+    ```
+    $ sudo apt-get install qrencode=3.4.4-1 zbar-tools=0.10+doc-10ubuntu1 bitcoind
+    ```
     3. Copy that software to the "Q1 APP" USB drive.
         1. Create a folder for the application files that will be moved to the
         USB drive:

From 9187926575c1a63ad4b3a740d6a1e0da047743a9 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:37:33 +0000
Subject: [PATCH 162/190] No integrity verification performed

---
 _docs/setup/create-app-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index a670d9f..b37e23b 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -109,7 +109,7 @@ which affects Ubuntu 16.04.01's package manager when running from a bootable USB
     $ sudo apt-add-repository ppa:bitcoin/bitcoin
     $ sudo apt-get update
     ```
-8. Download and perform integrity verification of [bitcoind](https://bitcoincore.org/)
+8. Download [bitcoind](https://bitcoincore.org/)
 (cryptography & financial operations), qrencode (QR code creation for quarantined data
 export) and zbar-tools (QR code reading for quarantined data import) software:
     ```

From 5e31fe991774dca9f5346a7a225d9bbaf2209cb1 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 09:52:48 +0000
Subject: [PATCH 163/190] Reword, restructure

---
 _docs/setup/create-app-usb.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index b37e23b..9115f15 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -115,21 +115,21 @@ export) and zbar-tools (QR code reading for quarantined data import) software:
     ```
     $ sudo apt-get install qrencode=3.4.4-1 zbar-tools=0.10+doc-10ubuntu1 bitcoind
     ```
-    3. Copy that software to the "Q1 APP" USB drive.
-        1. Create a folder for the application files that will be moved to the
-        USB drive:
-            ```
-            $ mkdir ~/apps
-            ```
-        2. Copy the software into the apps folder:
-            ```
-            $ cp /var/cache/apt/archives/*.deb ~/apps
-            ```
-        3. Copy the contents of the apps folder to the "Q1 APP" USB drive:
-            1. Click on the File Manager icon in the launching dock:
-            2. Navigate to the "Home" folder.
-            3. Click and drag "apps" folder to the icon representing
-            the USB drive on the left panel.
+9. Copy the downloaded software to the "Q1 APP" USB drive:
+    1. Create a folder for the application files to be moved to the
+    USB drive:
+        ```
+        $ mkdir ~/apps
+        ```
+    2. Copy the application files into the newly created "apps" folder:
+        ```
+        $ cp /var/cache/apt/archives/*.deb ~/apps
+        ```
+    3. Copy the "apps" folder contents to the "Q1 APP" USB drive:
+        1. Click on the "File Manager" icon in the launching dock.
+        2. Navigate to the "Home" folder.
+        3. Click and drag the "apps" folder to the icon representing
+        the USB drive on the left panel.
 7. Click on the USB drive icon to verify that it has the correct files. The
 contents should look like this
     ```

From cb34bea1994ada8637f4a425dfc5be216e7dfa67 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 10:01:01 +0000
Subject: [PATCH 164/190] "back" step added

"glacier" folder will not be visible otherwise
---
 _docs/setup/create-app-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 9115f15..128734f 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -155,7 +155,7 @@ contents should look like this
     libzbar0_0.10+doc-10ubuntu1_amd64.deb libzmq5_4.1.4-7_amd64.deb
     qrencode_3.4.4-1_amd64.deb zbar-tools_0.10+doc-10ubuntu1_amd64.deb
     ```
-    Click the glacier folder. It will have the following content:
+    Click "back" and click the "glacier" folder. It will have the following content:
     ```
     base58.py
     Glacier.pdf

From d80fbc34d85e49520d0c42f9f0a3fd3cbd5f29a5 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 10:05:17 +0000
Subject: [PATCH 165/190] Restructured to numbered sequential steps

---
 _docs/setup/create-app-usb.md | 65 +++++++++++++++++------------------
 1 file changed, 32 insertions(+), 33 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 128734f..cb93233 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -130,40 +130,39 @@ export) and zbar-tools (QR code reading for quarantined data import) software:
         2. Navigate to the "Home" folder.
         3. Click and drag the "apps" folder to the icon representing
         the USB drive on the left panel.
-7. Click on the USB drive icon to verify that it has the correct files. The
-contents should look like this
-    ```
-    apps
-    glacier
-    ```
-
-    Click the apps folder. It will have the following content.
-    Note that the version number of the Bitcoin package may change as new
-    versions are released. Future versions of Glacier may pin to a specific
-    version.
+7. Verify the correct files have been copied:
+    1. Click on the USB drive icon to display the following contents:
+        ```
+        apps
+        glacier
+        ```
+    2. Click the "apps" folder to display the following contents:
+        ```
+        bitcoind_0.13.2-xenial1_amd64.deb
+        libboost-chrono1.58.0_1.58.0+dfsg-5ubuntu3.1_amd64.deb
+        libboost-program-options1.58.0_1.58.0+dfsg-5ubuntu3.1_amd64.deb
+        libboost-thread1.58.0_1.58.0+dfsg-5ubuntu3.1_amd64.deb
+        libdb4.8++_4.8.30-xenial2_amd64.deb
+        libevent-core-2.0-5_2.0.21-stable-2_amd64.deb
+        libevent-pthreads-2.0-5_2.0.21-stable-2_amd64.deb
+        libqrencode3_3.4.4-1_amd64.deb
+        libsodium18_1.0.8-5_amd64.deb
+        libzbar0_0.10+doc-10ubuntu1_amd64.deb libzmq5_4.1.4-7_amd64.deb
+        qrencode_3.4.4-1_amd64.deb zbar-tools_0.10+doc-10ubuntu1_amd64.deb
+        ```
+        Note that the version number of the Bitcoin package may change as new
+        versions are released. Future versions of Glacier may pin to a specific
+        version.
 
-    ```
-    bitcoind_0.13.2-xenial1_amd64.deb
-    libboost-chrono1.58.0_1.58.0+dfsg-5ubuntu3.1_amd64.deb
-    libboost-program-options1.58.0_1.58.0+dfsg-5ubuntu3.1_amd64.deb
-    libboost-thread1.58.0_1.58.0+dfsg-5ubuntu3.1_amd64.deb
-    libdb4.8++_4.8.30-xenial2_amd64.deb
-    libevent-core-2.0-5_2.0.21-stable-2_amd64.deb
-    libevent-pthreads-2.0-5_2.0.21-stable-2_amd64.deb
-    libqrencode3_3.4.4-1_amd64.deb
-    libsodium18_1.0.8-5_amd64.deb
-    libzbar0_0.10+doc-10ubuntu1_amd64.deb libzmq5_4.1.4-7_amd64.deb
-    qrencode_3.4.4-1_amd64.deb zbar-tools_0.10+doc-10ubuntu1_amd64.deb
-    ```
-    Click "back" and click the "glacier" folder. It will have the following content:
-    ```
-    base58.py
-    Glacier.pdf
-    glacierscript.py
-    LICENSE README.md
-    SHA256SUMS
-    SHA256SUMS.sig
-    ```
+    3. Click "back" and click the "glacier" folder to display the following contents
+        ```
+        base58.py
+        Glacier.pdf
+        glacierscript.py
+        LICENSE README.md
+        SHA256SUMS
+        SHA256SUMS.sig
+        ```
 8. Eject and physically remove the "Q1 APP" USB drive from the "SETUP 1" computer.
 
     **The "Q1 APP" USB drive is now eternally quarantined. It should never again be

From f4cccca383193dfc9bc553f9c8659ac7f3c3c1db Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Tue, 27 Nov 2018 10:06:47 +0000
Subject: [PATCH 166/190] "Pinned" statement removed

Irrelevant to user
---
 _docs/setup/create-app-usb.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index cb93233..09b1ac6 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -151,8 +151,7 @@ export) and zbar-tools (QR code reading for quarantined data import) software:
         qrencode_3.4.4-1_amd64.deb zbar-tools_0.10+doc-10ubuntu1_amd64.deb
         ```
         Note that the version number of the Bitcoin package may change as new
-        versions are released. Future versions of Glacier may pin to a specific
-        version.
+        versions are released.
 
     3. Click "back" and click the "glacier" folder to display the following contents
         ```

From 8942b66ff3eaa3a5566f8bf5a7761d71917204bf Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 09:01:21 +0000
Subject: [PATCH 167/190] Step detail added

Matches previous section
---
 _docs/setup/create-app-usb.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 09b1ac6..a0d35fe 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -162,7 +162,10 @@ export) and zbar-tools (QR code reading for quarantined data import) software:
         SHA256SUMS
         SHA256SUMS.sig
         ```
-8. Eject and physically remove the "Q1 APP" USB drive from the "SETUP 1" computer.
+8. Immediately remove the "Q1 APP" USB drive from the “SETUP 1” computer:
+    1. On the desktop, right-click the USB drive icon corresponding to the “Q1 APP” USB
+    drive, and select “Eject” from the pop-up menu.
+    2. Remove the "Q1 APP" USB drive from the USB slot.
 
     **The "Q1 APP" USB drive is now eternally quarantined. It should never again be
     plugged into anything besides the "Q1" computer.**

From 11a81fa8115b359a5bdbd778c26e4ac4d8588f72 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 09:02:08 +0000
Subject: [PATCH 168/190] Reword

---
 _docs/setup/create-app-usb.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index a0d35fe..d6fda86 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -167,10 +167,10 @@ export) and zbar-tools (QR code reading for quarantined data import) software:
     drive, and select “Eject” from the pop-up menu.
     2. Remove the "Q1 APP" USB drive from the USB slot.
 
-    **The "Q1 APP" USB drive is now eternally quarantined. It should never again be
-    plugged into anything besides the "Q1" computer.**
+    **The "Q1 APP" USB drive is now eternally quarantined. It should only ever be
+    plugged into the “Q1” computer.**
 
 9. Repeat all above steps using the "SETUP 2" computer, "SETUP 2 BOOT" USB drive, and "Q2
 APP" USB drive.
-10. Find a container in which to store all of your labeled hardware, along
-with the Glacier document hardcopy, when you are finished.
+
+10. Safely store all labeled hardware, along with the Glacier document hardcopy.
\ No newline at end of file

From 7fe56f8a17b4dd5eaf3eb918dd95f4d6ca41aa1b Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 09:41:34 +0000
Subject: [PATCH 169/190] Section broken up into subsections for ease of
 reading

---
 _docs/setup/create-app-usb.md | 37 +++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index d6fda86..987079b 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -8,6 +8,8 @@ This section will prepare the two Quarantined App USB drives, "Q1 APP" and "Q2 A
 [Hardware required](/docs/before-you-start/hardware/#eternally-quarantined) section, with
 the software needed to execute the remainder of the protocol.
 
+## On Setup Computer “SETUP 1”
+
 1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB drive, following step 1 of
 [Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
 in the Create boot USB drives section.
@@ -18,8 +20,10 @@ in the Create boot USB drives section.
     should never be plugged into anything other than its designated quarantined computer!</span>**.
     This setup process is the **ONE** necessary exception.
 
-3. Press "Ctrl-Alt-T" to open a terminal window.
-4. Install the Glacier document and GlacierScript on the "Q1 APP" USB drive:
+### Download Glacier and Glacierscript
+
+1. Press "Ctrl-Alt-T" to open a terminal window.
+2. Install the Glacier document and GlacierScript on the "Q1 APP" USB drive:
     1. Download the latest full release of Glacier, *not* just the protocol
     document, from the "Source code (zip)" link at
     [Glacier's Github repo](https://github.com/GlacierProtocol/GlacierProtocol/releases).
@@ -96,26 +100,32 @@ in the Create boot USB drives section.
             2. Clicking the power icon in the top right of the screen and click "logout" from the drop-down menu.
             3. Login again with user "ubuntu" and leave the password blank.
 
-5. Open the Glacier protocol document for copy-pasting terminal commands.
-6. Implement workaround for [bug #1601971](https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1601971)
+### Prepare the system
+
+1. Open the Glacier protocol document for copy-pasting terminal commands.
+
+2. Implement workaround for [bug #1601971](https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1601971)
 which affects Ubuntu 16.04.01's package manager when running from a bootable USB drive:
     ```
     $ sudo mv /var/cache/app-info/xapian/default /var/cache/app-info/xapian/default_old
     $ sudo mv /var/cache/app-info/xapian/default_old /var/cache/app-info/xapian/default
     ```
-7. Configure the system to enable access to the required package repositories:
+3. Configure the system to enable access to the required package repositories:
     ```
     $ sudo apt-add-repository universe
     $ sudo apt-add-repository ppa:bitcoin/bitcoin
     $ sudo apt-get update
     ```
-8. Download [bitcoind](https://bitcoincore.org/)
+
+### Download third-party apps
+
+1. Download [bitcoind](https://bitcoincore.org/)
 (cryptography & financial operations), qrencode (QR code creation for quarantined data
 export) and zbar-tools (QR code reading for quarantined data import) software:
     ```
     $ sudo apt-get install qrencode=3.4.4-1 zbar-tools=0.10+doc-10ubuntu1 bitcoind
     ```
-9. Copy the downloaded software to the "Q1 APP" USB drive:
+2. Copy the downloaded software to the "Q1 APP" USB drive:
     1. Create a folder for the application files to be moved to the
     USB drive:
         ```
@@ -130,7 +140,7 @@ export) and zbar-tools (QR code reading for quarantined data import) software:
         2. Navigate to the "Home" folder.
         3. Click and drag the "apps" folder to the icon representing
         the USB drive on the left panel.
-7. Verify the correct files have been copied:
+3. Verify the correct files have been copied:
     1. Click on the USB drive icon to display the following contents:
         ```
         apps
@@ -162,7 +172,7 @@ export) and zbar-tools (QR code reading for quarantined data import) software:
         SHA256SUMS
         SHA256SUMS.sig
         ```
-8. Immediately remove the "Q1 APP" USB drive from the “SETUP 1” computer:
+4. Immediately remove the "Q1 APP" USB drive from the “SETUP 1” computer:
     1. On the desktop, right-click the USB drive icon corresponding to the “Q1 APP” USB
     drive, and select “Eject” from the pop-up menu.
     2. Remove the "Q1 APP" USB drive from the USB slot.
@@ -170,7 +180,10 @@ export) and zbar-tools (QR code reading for quarantined data import) software:
     **The "Q1 APP" USB drive is now eternally quarantined. It should only ever be
     plugged into the “Q1” computer.**
 
-9. Repeat all above steps using the "SETUP 2" computer, "SETUP 2 BOOT" USB drive, and "Q2
-APP" USB drive.
+## On Setup Computer “SETUP 2”
+
+Create the “Q2 APP” USB drive by repeating the [On Setup Computer “SETUP 1”](/docs/setup/create-app-usb/#on-setup-computer-setup-1) section above, replacing
+occurances of “SETUP 1”, "SETUP 1 BOOT" and “Q1 APP” with “SETUP 2”, "SETUP 2 BOOT"
+and “Q2 APP”, respectively.
 
-10. Safely store all labeled hardware, along with the Glacier document hardcopy.
\ No newline at end of file
+**Safely store all labeled hardware, along with the Glacier document hardcopy.**
\ No newline at end of file

From 1c3267e29e85b5e2ea7788c8bc7b292df361bb76 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 09:59:32 +0000
Subject: [PATCH 170/190] Moved to attack surface section-better explanation
 than given previously

No need to explain twice
---
 _docs/protocol-vulnerabilities/attack-surface.md | 11 +++++++----
 _docs/setup/quarantined-workspace.md             |  7 -------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index 1bdf384..70c9547 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -63,10 +63,13 @@ Scenarios in which a critical failure might happen. Possibly, but not necessaril
 to a malware infection.
 
 ### Exfiltration of critically sensitive data
-A Quarantined Computer could leak critically sensitive data over a side channel, which
-is an attack based on information gained from the implementation of a computer system,
-rather than weaknesses in the implemented algorithm itself. Complementary malware on a 
-networked or attacker-controlled device in range then steals the data. Possibilities include:
+A Quarantined Computer could leak critically sensitive data via a 
+[side-channel attack](https://en.wikipedia.org/wiki/Side-channel_attack), which is a form
+of electronic threat based on the physical nature of computing hardware as
+opposed to algorithms or their software implementations. Complementary malware, on a 
+networked or attacker-controlled device in range, is then used to steal data. Side channel
+attacks are rare, but most are relatively straightforward to defend against. Possibilities
+include:
   * **Visual side channel**: Exploit of sensitive visual data. Data is displayed on the
   screen as part of the protocol, so does not require malware on the quarantined computer.
   If the protocol is followed, the attack surface here should be narrow, as users are
diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 882e7da..9510359 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -9,13 +9,6 @@ Withdrawal protocols. If you are executing the Setup Protocol for the
 first time and do **not** plan on executing the Deposit or Withdrawal protocol now, you can stop here.
 
 1. Block side channels
-
-    [Side-channel attacks](https://en.wikipedia.org/wiki/Side-channel_attack)
-    are a form of electronic threat based on the physical nature of computing
-    hardware (as opposed to algorithms or their software implementations).
-    Side channel attacks are rare, but it's relatively straightforward to
-    defend against most of them.
-
     1. Visual side channel
         1. Ensure that no humans or cameras (e.g. home security cameras, which
         can be hacked) have visual line-of-sight to the Quarantined Computers.

From 2772def2519a3ff4c3392e8bbcb8bd1f7b5bc4ff Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:12:22 +0000
Subject: [PATCH 171/190] Dead link removed

---
 _docs/setup/quarantined-workspace.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 9510359..0b7a3af 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -25,7 +25,7 @@ first time and do **not** plan on executing the Deposit or Withdrawal protocol n
         you'll need to start over.
     4. [Radio](https://cyber.bgu.ac.il/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper/)
     and other side channels. Including
-    [seismic](https://www.cc.gatech.edu/fac/traynor/papers/traynor-ccs11.pdf),
+    seismic,
     [thermal](https://cyber.bgu.ac.il/bitwhisper-heat-air-gap/),
     and [magnetic](https://fc15.ifca.ai/preproceedings/paper_14.pdf).
         1. Turn off all other computers and smartphones in the room.

From a3fb4644e84344396e9a881eba8444baed3944c3 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:12:52 +0000
Subject: [PATCH 172/190] Reword

---
 _docs/setup/quarantined-workspace.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 0b7a3af..acdf80b 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -1,15 +1,15 @@
 ---
 title: Prepare quarantined workspaces
-description: Learn how to prepare your quarantined hardware for Glacier, the
+description: Learn how to prepare the quarantined hardware for Glacier, the
   step-by-step protocol for storing bitcoins in a highly secure way
 ---
 
-This section is meant to be done immediately before executing the Deposit or
-Withdrawal protocols. If you are executing the Setup Protocol for the
-first time and do **not** plan on executing the Deposit or Withdrawal protocol now, you can stop here.
+This section is to be followed immediately before executing the Deposit or
+Withdrawal protocols. There is no need to continue if no deposits or withdrawals
+are being executed.
 
-1. Block side channels
-    1. Visual side channel
+1. Block side channels:
+    1. Visual side channel:
         1. Ensure that no humans or cameras (e.g. home security cameras, which
         can be hacked) have visual line-of-sight to the Quarantined Computers.
         2. Close doors and window shades.

From 9bd2d2ad7d6f05aba250c4b17088b5a23180efb0 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:15:02 +0000
Subject: [PATCH 173/190] Explanation link moved to attack surface section

---
 _docs/protocol-vulnerabilities/attack-surface.md | 3 ++-
 _docs/setup/quarantined-workspace.md             | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index 70c9547..7cc5489 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -75,7 +75,8 @@ include:
   If the protocol is followed, the attack surface here should be narrow, as users are
   instructed to block all visual side channels. However, at a minimum, a smartphone with a
   camera is used for reading QR codes.
-  * **Acoustic side channel**: Exploit of sounds emitted by computer or other device, if
+  * **[Acoustic side channel](https://en.wikipedia.org/wiki/Acoustic_cryptanalysis)**:
+  Exploit of sounds emitted by computer or other device, if
   inadequately blocked by sound insulation or masking noise. [Data theft by fan noise](https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data), for example.
   * **Radio side channel**: [Exploit of electromagnetic emanations from wired and wireless
   keyboards](https://www.usenix.org/legacy/event/sec09/tech/full_papers/vuagnoux.pdf),
diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index acdf80b..b15a420 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -13,7 +13,7 @@ are being executed.
         1. Ensure that no humans or cameras (e.g. home security cameras, which
         can be hacked) have visual line-of-sight to the Quarantined Computers.
         2. Close doors and window shades.
-    2. [Acoustic side channel](https://en.wikipedia.org/wiki/Acoustic_cryptanalysis)
+    2. Acoustic side channel:
         1. Choose a room where sound will not travel easily outside.
         2. Shut down nearby devices with microphones (e.g. smartphones and
         other laptops).

From d73ce7c6e7a25482dfab940e127f1ea61341ef25 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:16:24 +0000
Subject: [PATCH 174/190] Side channel explanation moved to attack surface
 section

Side channel not previously mentioned
---
 _docs/protocol-vulnerabilities/attack-surface.md | 2 ++
 _docs/setup/quarantined-workspace.md             | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index 7cc5489..f402c5a 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -78,6 +78,8 @@ include:
   * **[Acoustic side channel](https://en.wikipedia.org/wiki/Acoustic_cryptanalysis)**:
   Exploit of sounds emitted by computer or other device, if
   inadequately blocked by sound insulation or masking noise. [Data theft by fan noise](https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data), for example.
+  * **[Power side channel](https://sharps.org/wp-content/uploads/CLARK-ESORICS13.pdf)**:
+  Exploit using electrical outlets to identify webpages.
   * **Radio side channel**: [Exploit of electromagnetic emanations from wired and wireless
   keyboards](https://www.usenix.org/legacy/event/sec09/tech/full_papers/vuagnoux.pdf),
   [transmission of radio signals from monitor to FM radio receiver](https://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper)
diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index b15a420..ebfe6d9 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -18,7 +18,7 @@ are being executed.
         2. Shut down nearby devices with microphones (e.g. smartphones and
         other laptops).
         3. Plug in and turn on a table fan to generate white noise.
-    3. [Power side channel](https://sharps.org/wp-content/uploads/CLARK-ESORICS13.pdf)
+    3. Power side channel:
         1. Unplug both Quarantined Computers from the wall.
         2. Run them **only on battery power** throughout this protocol.
         3. Make sure they are fully charged first! If you run out of battery,

From 08065e90197064c7c6fc15881d8589e34d6fd1c1 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:23:03 +0000
Subject: [PATCH 175/190] Link removed, already referenced in attack surface
 section

---
 _docs/setup/quarantined-workspace.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index ebfe6d9..bda929d 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -23,11 +23,7 @@ are being executed.
         2. Run them **only on battery power** throughout this protocol.
         3. Make sure they are fully charged first! If you run out of battery,
         you'll need to start over.
-    4. [Radio](https://cyber.bgu.ac.il/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper/)
-    and other side channels. Including
-    seismic,
-    [thermal](https://cyber.bgu.ac.il/bitwhisper-heat-air-gap/),
-    and [magnetic](https://fc15.ifca.ai/preproceedings/paper_14.pdf).
+    4. Radio and other side channels, including seismic, thermal, and magnetic:
         1. Turn off all other computers and smartphones in the room.
         2. Put portable computing devices in the Faraday bag and seal the bag.
         3. Unplug desktop computers.

From d6338304416248c32b10f8f591dc67ba9786fcfd Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:34:23 +0000
Subject: [PATCH 176/190] Link corrected

---
 _docs/setup/create-app-usb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/create-app-usb.md b/_docs/setup/create-app-usb.md
index 987079b..54547f1 100644
--- a/_docs/setup/create-app-usb.md
+++ b/_docs/setup/create-app-usb.md
@@ -11,7 +11,7 @@ the software needed to execute the remainder of the protocol.
 ## On Setup Computer “SETUP 1”
 
 1. Boot the "SETUP 1" computer from the "SETUP 1 BOOT" USB drive, following step 1 of
-[Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-setup-1-boot-usb-drive)
+[Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-q1-boot-usb-drive)
 in the Create boot USB drives section.
 2. Insert the "Q1 APP" USB drive into the the "SETUP 1" computer.
 

From fea0b824ef11c1217f67ddeed7b3516cc9da6481 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:44:50 +0000
Subject: [PATCH 177/190] Reference corrected, link added

Sections are not numbered
---
 _docs/setup/quarantined-workspace.md | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index bda929d..566fe64 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -27,17 +27,18 @@ are being executed.
         1. Turn off all other computers and smartphones in the room.
         2. Put portable computing devices in the Faraday bag and seal the bag.
         3. Unplug desktop computers.
-2. Put your Q1 BOOT USB into an open slot in your Q1 computer.
-3. Boot off the USB drive. If you've forgotten how, refer to the procedure in Section IV.
-4. Plug the Q1 APP USB into the Q1 computer
-5. Copy the software from the Q1 computer's RAM disk.
+2. Boot the “Q1” computer from the “Q1 BOOT” USB drive, referring to steps 1 and 2
+from [Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-q1-boot-usb-drive)
+in the Create boot USB drives section if necessary.
+3. Plug the Q1 APP USB into the Q1 computer
+4. Copy the software from the Q1 computer's RAM disk.
     1. Click the File Manager icon from the launchpad on the left side of the
     screen.
     2. Click on the App USB on the left of the file manager. It will look like
     the image on the right, but may have a different name.
     3. Drag the contents of the USB to the "Home" directory on the left side of
     file manager.
-6. Open a copy of this document on the Q1 computer.
+5. Open a copy of this document on the Q1 computer.
     1. In the File Manager find the glacier folder. The PDF file for this
     document should be visible with the name "Glacier.pdf." Open it.
 
@@ -46,26 +47,26 @@ are being executed.
         internet, do so in a distant room. Do not remove devices from the Faraday
         bag before doing going to the other room.
 
-7. Open a Terminal window by pressing Ctrl-Alt-T.
-8. Install the application software on the Q1 computer's RAM disk.
+6. Open a Terminal window by pressing Ctrl-Alt-T.
+7. Install the application software on the Q1 computer's RAM disk.
     ```
     $ cd ~/apps
     $ sudo dpkg -i *.deb
     ```
-9. Change into the glacier directory. You'll be using this directory to execute
+8. Change into the glacier directory. You'll be using this directory to execute
 software for the protocol.
     ```
     $ cd ~/glacier
     ```
-10. Prepare GlacierScript for execution.
+9. Prepare GlacierScript for execution.
     ```
     $ chmod +x glacierscript.py
     ```
-11. Prepare the "Quarantined Scratchpad" -- an empty file you'll use as a place
+10. Prepare the "Quarantined Scratchpad" -- an empty file you'll use as a place
 to jot notes.
     1. Click the "Search your computer" icon at the top of the launcher along
     the left side of the screen.
     2. Type "text editor".
     3. Click the Text Editor icon.
     4. A blank window should appear.
-12. Repeat the above steps using the Q2 computer, Q2 SETUP USB and Q2 APP USB.
+11. Repeat the above steps using the Q2 computer, Q2 SETUP USB and Q2 APP USB.

From 400c07a79ef74ff25e06d80764bd76dbfdba05ca Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:48:24 +0000
Subject: [PATCH 178/190] Typo

---
 _docs/setup/quarantined-workspace.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 566fe64..2269090 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -31,7 +31,7 @@ are being executed.
 from [Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-q1-boot-usb-drive)
 in the Create boot USB drives section if necessary.
 3. Plug the Q1 APP USB into the Q1 computer
-4. Copy the software from the Q1 computer's RAM disk.
+4. Copy the software to the Q1 computer's RAM disk.
     1. Click the File Manager icon from the launchpad on the left side of the
     screen.
     2. Click on the App USB on the left of the file manager. It will look like

From 2e2042d4d8f51b026c1bd3e4062225b3ccf9c334 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 10:50:52 +0000
Subject: [PATCH 179/190] Reference to image removed

---
 _docs/setup/quarantined-workspace.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 2269090..8d17fd9 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -34,8 +34,7 @@ in the Create boot USB drives section if necessary.
 4. Copy the software to the Q1 computer's RAM disk.
     1. Click the File Manager icon from the launchpad on the left side of the
     screen.
-    2. Click on the App USB on the left of the file manager. It will look like
-    the image on the right, but may have a different name.
+    2. Click on the App USB on the left of the file manager.
     3. Drag the contents of the USB to the "Home" directory on the left side of
     file manager.
 5. Open a copy of this document on the Q1 computer.

From 17bad8bf7e86674e9c784fb32063bc44aebc6087 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 11:02:37 +0000
Subject: [PATCH 180/190] Detail added for clarity

---
 _docs/setup/quarantined-workspace.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 8d17fd9..7521ab3 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -37,9 +37,8 @@ in the Create boot USB drives section if necessary.
     2. Click on the App USB on the left of the file manager.
     3. Drag the contents of the USB to the "Home" directory on the left side of
     file manager.
-5. Open a copy of this document on the Q1 computer.
-    1. In the File Manager find the glacier folder. The PDF file for this
-    document should be visible with the name "Glacier.pdf." Open it.
+5. Open the "Glacier.pdf" file on the "Q1" computer. It will be in the "glacier"
+folder, a sub-folder of "Home".
 
         You won't be able to click any external links in the document, since you
         don't have a network connection. If you need to look something up on the

From 4628c7d600143a14678af51fe054aad6c7199932 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 12:19:21 +0000
Subject: [PATCH 181/190] Reword

---
 _docs/setup/quarantined-workspace.md | 48 +++++++++++++---------------
 1 file changed, 23 insertions(+), 25 deletions(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 7521ab3..5a7e588 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -19,52 +19,50 @@ are being executed.
         other laptops).
         3. Plug in and turn on a table fan to generate white noise.
     3. Power side channel:
-        1. Unplug both Quarantined Computers from the wall.
-        2. Run them **only on battery power** throughout this protocol.
-        3. Make sure they are fully charged first! If you run out of battery,
-        you'll need to start over.
+        1. Ensure both computers are fully charged as running out of battery
+        will mean starting over. Computers should run **only on battery power**
+        throughout this protocol.
+        2. Unplug both Quarantined Computers from the wall.
     4. Radio and other side channels, including seismic, thermal, and magnetic:
         1. Turn off all other computers and smartphones in the room.
-        2. Put portable computing devices in the Faraday bag and seal the bag.
+        2. Seal portable computing devices in the Faraday bag.
         3. Unplug desktop computers.
 2. Boot the “Q1” computer from the “Q1 BOOT” USB drive, referring to steps 1 and 2
 from [Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-q1-boot-usb-drive)
 in the Create boot USB drives section if necessary.
-3. Plug the Q1 APP USB into the Q1 computer
-4. Copy the software to the Q1 computer's RAM disk.
-    1. Click the File Manager icon from the launchpad on the left side of the
+3. Insert the "Q1 APP" USB into the "Q1" computer.
+4. Copy the "Q1 APP" software to the "Q1" computer's RAM disk:
+    1. Click the "File Manager" icon from the launchpad on the left side of the
     screen.
-    2. Click on the App USB on the left of the file manager.
-    3. Drag the contents of the USB to the "Home" directory on the left side of
-    file manager.
+    2. Click on the "App USB" on the left of the file manager.
+    3. Drag the contents of the "App USB" to the "Home" folder on the left side of
+    the file manager.
 5. Open the "Glacier.pdf" file on the "Q1" computer. It will be in the "glacier"
 folder, a sub-folder of "Home".
 
-        You won't be able to click any external links in the document, since you
-        don't have a network connection. If you need to look something up on the
-        internet, do so in a distant room. Do not remove devices from the Faraday
-        bag before doing going to the other room.
+    External links in the document will not be available, since there is no
+    network connection. If necessary, accessing the internet should be done in
+    a distant room. Do not remove devices from the Faraday bag before doing so.
 
-6. Open a Terminal window by pressing Ctrl-Alt-T.
-7. Install the application software on the Q1 computer's RAM disk.
+6. Open a terminal window by pressing "Ctrl-Alt-T".
+7. Install the application software on the Q1 computer's RAM disk:
     ```
     $ cd ~/apps
     $ sudo dpkg -i *.deb
     ```
-8. Change into the glacier directory. You'll be using this directory to execute
-software for the protocol.
+8. Change the terminal’s current working folder to the "glacier" folder. This folder
+will be used to execute software for the protocol:
     ```
     $ cd ~/glacier
     ```
-9. Prepare GlacierScript for execution.
+9. Prepare GlacierScript for execution:
     ```
     $ chmod +x glacierscript.py
     ```
-10. Prepare the "Quarantined Scratchpad" -- an empty file you'll use as a place
-to jot notes.
+10. Prepare the "Quarantined Scratchpad" for jotting notes:
     1. Click the "Search your computer" icon at the top of the launcher along
     the left side of the screen.
     2. Type "text editor".
-    3. Click the Text Editor icon.
-    4. A blank window should appear.
-11. Repeat the above steps using the Q2 computer, Q2 SETUP USB and Q2 APP USB.
+    3. Click the "Text Editor" icon to bring up a blank text editor window.
+11. Repeat the above steps, replacing each occurance of "Q1" with "Q2", to prepare
+a quarantined workspace on the "Q2" computer.
\ No newline at end of file

From cc07e07253f3fb44554896cf3c3786d37a89895e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 12:24:26 +0000
Subject: [PATCH 182/190] Restructure, headings added for readability

---
 _docs/setup/quarantined-workspace.md | 65 +++++++++++++++-------------
 1 file changed, 36 insertions(+), 29 deletions(-)

diff --git a/_docs/setup/quarantined-workspace.md b/_docs/setup/quarantined-workspace.md
index 5a7e588..d39a200 100644
--- a/_docs/setup/quarantined-workspace.md
+++ b/_docs/setup/quarantined-workspace.md
@@ -8,61 +8,68 @@ This section is to be followed immediately before executing the Deposit or
 Withdrawal protocols. There is no need to continue if no deposits or withdrawals
 are being executed.
 
-1. Block side channels:
-    1. Visual side channel:
-        1. Ensure that no humans or cameras (e.g. home security cameras, which
-        can be hacked) have visual line-of-sight to the Quarantined Computers.
-        2. Close doors and window shades.
-    2. Acoustic side channel:
-        1. Choose a room where sound will not travel easily outside.
-        2. Shut down nearby devices with microphones (e.g. smartphones and
-        other laptops).
-        3. Plug in and turn on a table fan to generate white noise.
-    3. Power side channel:
-        1. Ensure both computers are fully charged as running out of battery
-        will mean starting over. Computers should run **only on battery power**
-        throughout this protocol.
-        2. Unplug both Quarantined Computers from the wall.
-    4. Radio and other side channels, including seismic, thermal, and magnetic:
-        1. Turn off all other computers and smartphones in the room.
-        2. Seal portable computing devices in the Faraday bag.
-        3. Unplug desktop computers.
-2. Boot the “Q1” computer from the “Q1 BOOT” USB drive, referring to steps 1 and 2
+## Block side channels
+
+1. Visual side channel:
+    1. Ensure that no humans or cameras (e.g. home security cameras, which
+    can be hacked) have visual line-of-sight to the Quarantined Computers.
+    2. Close doors and window shades.
+2. Acoustic side channel:
+    1. Choose a room where sound will not travel easily outside.
+    2. Shut down nearby devices with microphones (e.g. smartphones and
+    other laptops).
+    3. Plug in and turn on a table fan to generate white noise.
+3. Power side channel:
+    1. Ensure both computers are fully charged as running out of battery
+    will mean starting over. Computers should run **only on battery power**
+    throughout this protocol.
+    2. Unplug both Quarantined Computers from the wall.
+4. Radio and other side channels, including seismic, thermal, and magnetic:
+    1. Turn off all other computers and smartphones in the room.
+    2. Seal portable computing devices in the Faraday bag.
+    3. Unplug desktop computers.
+
+## On Quarantined Computer “Q1”
+
+1. Boot the “Q1” computer from the “Q1 BOOT” USB drive, referring to steps 1 and 2
 from [Create the “Q1 BOOT” USB drive](/docs/setup/create-boot-usb/#create-the-q1-boot-usb-drive)
 in the Create boot USB drives section if necessary.
-3. Insert the "Q1 APP" USB into the "Q1" computer.
-4. Copy the "Q1 APP" software to the "Q1" computer's RAM disk:
+2. Insert the "Q1 APP" USB into the "Q1" computer.
+3. Copy the "Q1 APP" software to the "Q1" computer's RAM disk:
     1. Click the "File Manager" icon from the launchpad on the left side of the
     screen.
     2. Click on the "App USB" on the left of the file manager.
     3. Drag the contents of the "App USB" to the "Home" folder on the left side of
     the file manager.
-5. Open the "Glacier.pdf" file on the "Q1" computer. It will be in the "glacier"
+4. Open the "Glacier.pdf" file on the "Q1" computer. It will be in the "glacier"
 folder, a sub-folder of "Home".
 
     External links in the document will not be available, since there is no
     network connection. If necessary, accessing the internet should be done in
     a distant room. Do not remove devices from the Faraday bag before doing so.
 
-6. Open a terminal window by pressing "Ctrl-Alt-T".
-7. Install the application software on the Q1 computer's RAM disk:
+5. Open a terminal window by pressing "Ctrl-Alt-T".
+6. Install the application software on the Q1 computer's RAM disk:
     ```
     $ cd ~/apps
     $ sudo dpkg -i *.deb
     ```
-8. Change the terminal’s current working folder to the "glacier" folder. This folder
+7. Change the terminal’s current working folder to the "glacier" folder. This folder
 will be used to execute software for the protocol:
     ```
     $ cd ~/glacier
     ```
-9. Prepare GlacierScript for execution:
+8. Prepare GlacierScript for execution:
     ```
     $ chmod +x glacierscript.py
     ```
-10. Prepare the "Quarantined Scratchpad" for jotting notes:
+9. Prepare the "Quarantined Scratchpad" for jotting notes:
     1. Click the "Search your computer" icon at the top of the launcher along
     the left side of the screen.
     2. Type "text editor".
     3. Click the "Text Editor" icon to bring up a blank text editor window.
-11. Repeat the above steps, replacing each occurance of "Q1" with "Q2", to prepare
+
+## On Quarantined Computer “Q2”
+
+Repeat the above steps, replacing each occurance of "Q1" with "Q2", to prepare
 a quarantined workspace on the "Q2" computer.
\ No newline at end of file

From 729d44fccefc23cd0e35e04b79eddc26c30231be Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 15:09:48 +0000
Subject: [PATCH 183/190] Description links made consistent

---
 _docs/protocol-vulnerabilities/attack-surface.md | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index f402c5a..c7a5376 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -75,11 +75,9 @@ include:
   If the protocol is followed, the attack surface here should be narrow, as users are
   instructed to block all visual side channels. However, at a minimum, a smartphone with a
   camera is used for reading QR codes.
-  * **[Acoustic side channel](https://en.wikipedia.org/wiki/Acoustic_cryptanalysis)**:
-  Exploit of sounds emitted by computer or other device, if
+  * **Acoustic side channel**: [Exploit of sounds emitted by computer or other device](https://en.wikipedia.org/wiki/Acoustic_cryptanalysis), if
   inadequately blocked by sound insulation or masking noise. [Data theft by fan noise](https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data), for example.
-  * **[Power side channel](https://sharps.org/wp-content/uploads/CLARK-ESORICS13.pdf)**:
-  Exploit using electrical outlets to identify webpages.
+  * **Power side channel**: [Exploit using electrical outlets to identify webpages](https://sharps.org/wp-content/uploads/CLARK-ESORICS13.pdf), for example.
   * **Radio side channel**: [Exploit of electromagnetic emanations from wired and wireless
   keyboards](https://www.usenix.org/legacy/event/sec09/tech/full_papers/vuagnoux.pdf),
   [transmission of radio signals from monitor to FM radio receiver](https://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper)

From 279bbce6ae07d6a7681f819dd797fabb47486ded Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 18:35:20 +0000
Subject: [PATCH 184/190] Sentence, typo and capitalization corrections from
 commit comments

---
 _docs/before-you-start/overview.md               | 7 +++----
 _docs/extend/improvements.md                     | 2 +-
 _docs/overview/key-concepts.md                   | 4 ++--
 _docs/protocol-vulnerabilities/attack-surface.md | 4 ++--
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index 811074e..eade1f0 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -80,10 +80,9 @@ Technical detail: The Glacier protocol reuses Bitcoin addresses. See the
 
 ## Protocol cost
 
-The Glacier protocol requires a not-insignificant investment in hardware, see the
-[Hardware required](/docs/before-you-start/hardware) section, along with
-approximately 8 hours of work to perform an initial cold storage deposit. This
-excludes time for:
+Performing an initial cold storage deposit requires a not-insignificant investment
+in hardware (see [Hardware required](/docs/before-you-start/hardware)), along with
+approximately 8 hours of work. This excludes time for:
 
 * Obtaining equipment
 * Printing documents
diff --git a/_docs/extend/improvements.md b/_docs/extend/improvements.md
index d597617..c4d991e 100644
--- a/_docs/extend/improvements.md
+++ b/_docs/extend/improvements.md
@@ -5,7 +5,7 @@ description: Here's a list of improvements that can be made to Glacier, the
 ---
 
 
-## Don't store electronic copy of cold storage information page
+## Don't store electronic copy of Cold Storage Information Page
 Glacier recommends stores an electronic copy of the Cold Storage
 Information Page for easy copy-pasting for subsequent deposits or
 withdrawals. However, this is slightly less secure & complicated -- and
diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 3ec6f27..9deee5e 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -27,7 +27,7 @@ This is analogous to storing coins in a padlocked box, with a single key and pad
 
 ## Multisignature, or multisig, security
 
-Utilises multiple private keys to provide greater security, while also protecting
+Utilizes multiple private keys to provide greater security, while also protecting
 against total loss in the event of the loss of some keys.
 
 This is analogous to storing coins in a padlocked box, with multiple keys and
@@ -42,7 +42,7 @@ combine to release funds. Losing all redeem scripts leads to the total loss of f
 
 ## Offline key storage
 
-Private keys should only ever be offline, or "in cold storage". They should
+Private keys should only ever be offline, or in "cold storage". They should
 never be stored on any internet-connected computer, or "in hot storage",
 because it provides an opportunity for hacking attempts or virus infection
 via the internet. Viruses can attack in many ways, including searching the
diff --git a/_docs/protocol-vulnerabilities/attack-surface.md b/_docs/protocol-vulnerabilities/attack-surface.md
index c7a5376..b211476 100644
--- a/_docs/protocol-vulnerabilities/attack-surface.md
+++ b/_docs/protocol-vulnerabilities/attack-surface.md
@@ -94,7 +94,7 @@ include:
   reader software, leading to widespread awareness and isolation of the threat. This makes
   it a very unattractive attack vector.
   * **Data leak**: Critically sensitive data could be leaked, intentionally or otherwise, as part of the
-  payload of valid data. For example, the nonce used for a transaction signature could contains
+  payload of valid data. For example, the nonce used for a transaction signature could contain
   bits of the private key.
   * **Flawed data generation**: Undetected generation of flawed sensitive data IF compatible
   malware is present on BOTH quarantined environments. For example, standard software algorithms that
@@ -139,7 +139,7 @@ to create the Quarantined Boot USB drives. If the protocol document had been
 compromised between the initial validation and later re-validation, the user would
 probably not notice, even without a forged signature.
 * The protocol hardcopy could be compromised. For example, malware could alter the
-hardcopy as it is printed)
+hardcopy as it is printed.
 * A flaw in GlacierScript could cause sensitive data to be leaked or flawed
 * Human error could occur during protocol execution
 * Design failure in the protocol could miss or inadequately address a risk
\ No newline at end of file

From 63de1b65fc3be9d59d0ba247849d9291b09c8116 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 18:36:17 +0000
Subject: [PATCH 185/190] Motivation for eternally quarantined hardware added

---
 _docs/before-you-start/overview.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/_docs/before-you-start/overview.md b/_docs/before-you-start/overview.md
index eade1f0..06ad2ad 100644
--- a/_docs/before-you-start/overview.md
+++ b/_docs/before-you-start/overview.md
@@ -16,6 +16,9 @@ security, with the keys stored only on paper.
 
 ## Eternally quarantined hardware
 
+The central concept the Glacier protocol uses to safeguard against theft
+of private keys due to malware infection, is eternally quarantined hardware.
+
 Eternally quarantined hardware is hardware with drastically limited
 interfaces with the outside world. This prevents the transmission of
 sensitive or harmful data, for example, private keys or malware. All

From f6df943fad4572585fe39dd73c91ef450ba7edf7 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 18:38:14 +0000
Subject: [PATCH 186/190] Not hex, complexity reduced

Explain encoding is base58 WIF once footnotes are available
---
 _docs/overview/key-concepts.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 9deee5e..2f60619 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -11,8 +11,9 @@ a transaction".
 
 ## Private key
 
-A 256-bit number, usually expressed in 64-character hexadecimal, which can unlock
-bitcoin balances stored in the Bitcoin blockchain, a global decentralized ledger.
+A 256-bit number, usually expressed as a 64-character string of numbers and letters,
+which can unlock bitcoin balances stored in the Bitcoin blockchain, a global
+decentralized ledger.
 
 Unlike a password, a private key is not meant to be memorized.
 It is important to understand that the holder of the private key is the

From 5205ac6f45ab6f75418e87ccb91decca16adf27b Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 18:40:29 +0000
Subject: [PATCH 187/190] Reword, redeem script total loss elaborated on

---
 _docs/overview/key-concepts.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/_docs/overview/key-concepts.md b/_docs/overview/key-concepts.md
index 2f60619..81b2f54 100644
--- a/_docs/overview/key-concepts.md
+++ b/_docs/overview/key-concepts.md
@@ -38,8 +38,11 @@ section for more detail.
 ## Redeem script
 
 Multisignature requires each of the multiple private keys to be accompanied by a
-redeem script. This script, each of which is identical, defines how the keys
-combine to release funds. Losing all redeem scripts leads to the total loss of funds.
+redeem script. These scripts, all of which are identical, define how the keys
+combine to release funds. Losing all redeem scripts, if the recommended test
+withdrawal is not performed, leads to the total loss of funds. Performing the
+recommended test withdrawal means the redeem script can be found on the blockchain,
+assuming the cold storage address is still known.
 
 ## Offline key storage
 

From 82f351a076ed458b35cbe4d29db719ccfae33d9e Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 18:40:54 +0000
Subject: [PATCH 188/190] Betrayal added to multisig benefits

---
 _docs/overview/multi-signature-security.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index f67a091..ae8221b 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -43,6 +43,10 @@ Multisignature security mitigates risk in the following scenarios:
 * **Theft**: Control of a single key does not give access to the bitcoin
 * **Loss**: Bitcoin can be recovered after the loss of a single key, if
 misplaced or if the owner is incapacitated, by using the remaining keys
+* **Betrayal**: In the event of death or incapacitation, multisignature security will
+give one or more signatories access to funds without enabling theft by any individual.
+This holds true unless a trusted individual steals additional keys, or colludes
+with another signatory.
 
 ## Choosing a multisignature withdrawal policy
 

From 206de93e327887843dbb2e7e16e2bb806e34f2ad Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 18:41:40 +0000
Subject: [PATCH 189/190] Theft added to risk mitigation

---
 _docs/overview/multi-signature-security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index ae8221b..7dbb45e 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -81,7 +81,7 @@ is the co-owner of the safe deposit box. A successor trustee could then access t
 A 2-of-5 withdrawal policy is recommended, with private keys distributed to a number
 of trusted individuals, or signatories. The extra key, five rather than the recommended
 four in Option 1, mitigates the extra risk of signatories not sufficiently protecting
-the key against loss. This has the following advantages:
+the key against loss or opportunistic theft. This has the following advantages:
 
 * **Availability**: Vaults or safe deposit boxes may not be available in the local area.
 * **Ease of setup**: It may be simpler to distribute keys to signatories than to travel

From 07ea9d279011f79fb8cf93b4d59deb6ba58528e3 Mon Sep 17 00:00:00 2001
From: GraniteKeep <github@granitekeep.com>
Date: Wed, 28 Nov 2018 18:42:05 +0000
Subject: [PATCH 190/190] Privacy concerns of cold storage address added

---
 _docs/overview/multi-signature-security.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/_docs/overview/multi-signature-security.md b/_docs/overview/multi-signature-security.md
index 7dbb45e..362ca92 100644
--- a/_docs/overview/multi-signature-security.md
+++ b/_docs/overview/multi-signature-security.md
@@ -91,10 +91,10 @@ access funds.
 
 Key distribution also has the following disadvantages:
 
-* **Privacy**: All signatories can see the balance via the multisignature redeem script.
-An alternate version of this protocol could be created using a different multisig
-approach besides P2SH transactions, which would eliminate the ability of signatories to
-view balances. See [Possible improvements to Glacier](/docs/extend/improvements#consider-shamirs-secret-sharing-or-vanilla-multisig-vs-p2sh-transactions) for details.
+* **Privacy**: All signatories can see the balance either via the multisignature redeem
+script, or via the cold storage address. An alternate version of this protocol could be
+created using a different multisig approach besides P2SH transactions, which would
+eliminate the ability of signatories to view balances. See [Possible improvements to Glacier](/docs/extend/improvements#consider-shamirs-secret-sharing-or-vanilla-multisig-vs-p2sh-transactions) for details.
 * **Signatory collusion**: Two signatories may collude to gain access to funds.
 * **Signatory reliability**: A signatory may fail to store the key securely.
 * **Signatory safety**: Signatories may be exposed to the risk of targeted physical theft.