diff --git a/content/notes/bernie-sanders-bern-app-data/index.md b/content/notes/bernie-sanders-bern-app-data/index.md
index 7760a1d2..1f338876 100644
--- a/content/notes/bernie-sanders-bern-app-data/index.md
+++ b/content/notes/bernie-sanders-bern-app-data/index.md
@@ -60,7 +60,7 @@ Others have noted that web-based organizing tools like BERN have been used by ca
 
 But the latter category of databases --- like [NationBuilder](https://nationbuilder.com/) and, more notably, [NGP VAN's VoteBuilder](https://act.ngpvan.com/votebuilder) software based on the Obama campaign's inventions and now used by almost all Democratic campaigns across the United States --- are secured and strictly guarded. Volunteer accounts need to be created and approved by paid campaign organizers and are locked down to provide the bare minimum amount of information necessary for one to canvass or phone bank a shortlist of voters. Every single click is also recorded in a [detailed log](sanders-campaign-audit.pdf) down to the millisecond. (This is how [Bernie's organizers got busted](http://time.com/4155185/bernie-sanders-hillary-clinton-data/) snooping around Hillary's VoteBuilder data last cycle, by the way.)
 
-{{< image src="images/votebuilder-audit.png" width="750" alt="asdf" caption="NGP VAN's audit of of the Sanders campaign's VoteBuilder activity" >}}
+{{< image src="images/votebuilder-audit.png" width="750" alt="asdf" caption="NGP VAN's audit of the Sanders campaign's VoteBuilder activity" >}}
 
 BERN is taking this to an unprecedented level. Allowing anybody on the internet to sign up and add others' personal information to the campaign's database without their knowledge is troubling, especially when you consider the gamified "points" system they've added as an incentive to report as much information on as many people as possible.
 
diff --git a/content/notes/cool-bash-tricks-for-your-terminal-dotfiles/index.md b/content/notes/cool-bash-tricks-for-your-terminal-dotfiles/index.md
index 748f1ec6..691a64ce 100644
--- a/content/notes/cool-bash-tricks-for-your-terminal-dotfiles/index.md
+++ b/content/notes/cool-bash-tricks-for-your-terminal-dotfiles/index.md
@@ -16,7 +16,7 @@ draft: false
 ---
 
 
-![](images/terminal_icon.jpg)
+{{< image src="images/terminal_icon.jpg" width="500" alt="Terminal.app on macOS" >}}
 
 
 You may have noticed the recent trend of techies [posting their "dotfiles" on GitHub](https://github.com/topics/dotfiles) for the world to see. These usually contain shortcuts compatible with Bash terminals to automate convoluted commands that, I'll admit, I needed to Google every single time.
diff --git a/content/notes/finding-candidates-subdomain-takeovers/index.md b/content/notes/finding-candidates-subdomain-takeovers/index.md
index 3a066337..0ee58a2d 100644
--- a/content/notes/finding-candidates-subdomain-takeovers/index.md
+++ b/content/notes/finding-candidates-subdomain-takeovers/index.md
@@ -16,8 +16,7 @@ A **subdomain takeover** occurs when a subdomain (like *example*.jarv.is) points
 
 Not only are takeovers a fun way to dip your toes into [penetration testing](https://www.cloudflare.com/learning/security/glossary/what-is-penetration-testing/), but they can also be incredibly lucrative thanks to [bug bounty programs](https://en.wikipedia.org/wiki/Bug_bounty_program) on services like [HackerOne](https://hackerone.com/hacktivity?order_direction=DESC&order_field=popular&filter=type%3Aall&querystring=subdomain%20takeover) and [Bugcrowd](https://bugcrowd.com/programs), where corporations pay pentesters for their discoveries.
 
-![Huge rewards for subdomain takeovers on HackerOne](images/hackerone-2.png)
-*Huge rewards for subdomain takeovers on [HackerOne](https://hackerone.com/hacktivity?order_direction=DESC&order_field=popular&filter=type%3Aall&querystring=subdomain%20takeover)*
+{{< image src="images/hackerone-2.png" width="620" alt="Huge rewards for subdomain takeovers on HackerOne" caption="Huge rewards for subdomain takeovers on HackerOne" >}}
 
 For a deep dive on the implications of takeovers, which can be a pretty serious vector of attack for malicious actors to obtain information from users of the targeted company, [Patrik Hudak](https://twitter.com/0xpatrik) wrote a [great post here](https://0xpatrik.com/subdomain-takeover/). Definitely take some time to skim through it and come back here when you're ready to hunt for a potential takeover yourself.
 
diff --git a/content/notes/how-to-pull-request-fork-github/images/step2.png b/content/notes/how-to-pull-request-fork-github/images/step2.png
old mode 100755
new mode 100644
index 5603030e..d45e95ca
Binary files a/content/notes/how-to-pull-request-fork-github/images/step2.png and b/content/notes/how-to-pull-request-fork-github/images/step2.png differ
diff --git a/content/notes/how-to-pull-request-fork-github/index.md b/content/notes/how-to-pull-request-fork-github/index.md
index 99286786..778bd309 100644
--- a/content/notes/how-to-pull-request-fork-github/index.md
+++ b/content/notes/how-to-pull-request-fork-github/index.md
@@ -14,7 +14,7 @@ draft: false
 ---
 
 
-![](images/forks.png)
+{{< image src="images/forks.png" alt="Git Forks Visualization" >}}
 
 
 Contributing to an open-source project can be intimidating at first. The convoluted process of submitting your improvements for approval via a [**pull request**](https://help.github.com/en/articles/about-pull-requests) certainly doesn't help.
@@ -29,7 +29,7 @@ Starting from the very beginning, we'll fork an existing repository to our accou
 
 Assuming you're using GitHub, this step is easy. Just find the repository you're contributing to and press the Fork button in the upper left. This will create an exact copy of the repository (and all of its branches) under your own username.
 
-![](images/step1.png)
+{{< image src="images/step1.png" alt="Step 1" >}}
 
 
 ## 2. Clone your new fork locally
@@ -40,7 +40,7 @@ GitHub will automatically redirect you to the forked repository under your usern
 git clone git@github.com:jakejarvis/react-native.git
 ```
 
-![](images/step2.png)
+{{< image src="images/step2.png" width="420" alt="Step 2" >}}
 
 
 ## 3. Track the original repository as a remote of the fork
@@ -91,9 +91,9 @@ git push -u origin fix-readme-typo
 
 You're now all ready to submit the improvement you've made to the project's maintainers for approval. Head over to the original repositories Pull Requests tab, and you should see an automatic suggestion from GitHub to create a pull request from your new branch.
 
-![](images/step7-1.png)
+{{< image src="images/step7-1.png" alt="Step 7.1" >}}
 
-![](images/step7-2.png)
+{{< image src="images/step7-2.png" width="700" alt="Step 7.2" >}}
 
 ---
 
diff --git a/content/notes/how-to-shrink-linux-virtual-disk-vmware/index.md b/content/notes/how-to-shrink-linux-virtual-disk-vmware/index.md
index 91309c5e..10335148 100644
--- a/content/notes/how-to-shrink-linux-virtual-disk-vmware/index.md
+++ b/content/notes/how-to-shrink-linux-virtual-disk-vmware/index.md
@@ -15,7 +15,7 @@ draft: false
 ---
 
 
-![](images/screen-shot-2018-12-07-at-2-04-04-pm.png)
+{{< image src="images/screen-shot-2018-12-07-at-2-04-04-pm.png" width="620" alt="df -dh = WTF" >}}
 
 
 **[VMware Workstation](https://www.vmware.com/products/workstation-pro.html)** and **[Fusion](https://www.vmware.com/products/fusion.html)** normally work hard to minimize the size of virtual hard disks for optimizing the amount of storage needed on your host machine . On Windows virtual machines, [VMware has a “clean up” function](https://docs.vmware.com/en/VMware-Fusion/11/com.vmware.fusion.using.doc/GUID-6BB29187-F47F-41D1-AD92-1754036DACD9.html), which detects newly unused space and makes the size of the virtual hard disk smaller accordingly. You’ll notice that even if you create a virtual machine with a capacity of 60 GB, for example, the actual size of the VMDK file will dynamically resize to fit the usage of the guest operating system. 60 GB is simply the maximum amount of storage allowed; if your guest operating system and its files amount to 20 GB, the VMDK file will simply be 20 GB.
@@ -61,7 +61,7 @@ VMware on macOS makes this a little tricky, since it packages VMs in what looks
 
 We need to right click on the .vmwarevm "file," and select **Show Package Contents** to see what's really in there. You should see the actual .VMDK file sitting there – normally we're looking for the plain VMDK file (named _Virtual Disk.vmdk_ by default) without a bunch of numbers after it, but if you have snapshots associated with your VM, this might not be the file we actually want. But run the command below with it anyways, and the output will tell you if you need to use a different file.
 
-![](images/screen-shot-2018-12-07-at-1-58-42-pm.png)
+{{< image src="images/screen-shot-2018-12-07-at-1-58-42-pm.png" width="680" alt="Finding .vmwarevm in Finder" >}}
 
 Now, we're going to run our final command in our **host** terminal, so open that up. Linux installations of VMware Workstation should have a simple map to the _vmware-vdiskmanager_ utility that you can run anywhere, but on macOS we need to tell it exactly where that's located: in the Applications folder, where Fusion is installed.
 
diff --git a/content/notes/security-headers-cloudflare-workers/index.md b/content/notes/security-headers-cloudflare-workers/index.md
index 2cc20a70..dbdb6f7a 100644
--- a/content/notes/security-headers-cloudflare-workers/index.md
+++ b/content/notes/security-headers-cloudflare-workers/index.md
@@ -13,13 +13,13 @@ draft: false
 ---
 
 
-![A+ security grade for this website](images/security-headers.png)
+{{< image src="images/security-headers.png" width="700" alt="A+ security grade for this website" >}}
 
 In 2019, it's becoming more and more important to harden websites via HTTP response headers, which all modern browsers parse and enforce. Multiple standards have been introduced over the past few years to protect users from various attack vectors, including `Content-Security-Policy` for injection protection, `Strict-Transport-Security` for HTTPS enforcement, `X-XSS-Protection` for cross-site scripting prevention, `X-Content-Type-Options` to enforce correct MIME types, `Referrer-Policy` to limit information sent with external links, [and many, many more](https://www.netsparker.com/whitepaper-http-security-headers/).
 
 [Cloudflare Workers](https://www.cloudflare.com/products/cloudflare-workers/) are a great feature of [Cloudflare](https://www.cloudflare.com/) that allows you to modify responses on-the-fly between your origin server and the user, similar to [AWS Lambda](https://aws.amazon.com/lambda/) (but much simpler). We'll use a Worker to add the headers.
 
-![Cloudflare Workers](images/cf-workers.png)
+{{< image src="images/cf-workers.png" width="650" alt="Cloudflare Workers" >}}
 
 Workers can be enabled for $5/month via the [Cloudflare Dashboard](https://dash.cloudflare.com/). (It's worth noting, once enabled, Workers can be used on *any zone* on your account, not just one website!).
 
diff --git a/layouts/shortcodes/image.html b/layouts/shortcodes/image.html
index 9507c715..08e80ded 100644
--- a/layouts/shortcodes/image.html
+++ b/layouts/shortcodes/image.html
@@ -1,3 +1,4 @@
+<p>
 {{ if .Get "caption"}}
 <figure>
   <picture>
@@ -12,3 +13,4 @@
   <figcaption>{{ .Get "caption" }}</figcaption>
 </figure>
 {{ end }}
+</p>
\ No newline at end of file