Tools for Boot Images, LiveCDs and Windows PEs

The following are some bootable Windows (WinPE) environments & builders/utilities, Linux-based recovery/utility LiveCD/LiveUSB images and some general purpose multiple image boot stick tools I have come across and want to come back to when I have the time but (for the most part) have not tested yet - so before using any of them be sure to perform due diligence. I have not and have no idea how trustworthy or effective any of the following projects, sites and executables are; do not consider this list to be an endorsement. As such this list doesn't belong on my Favourite Windows Software page so I'm putting it here for our (my) benefit. I will come back to update this page once I have something educated to say. Feel free to let us know your experience - once I finish programming the comments thing. Some day. Never. Maybe. Gesundheit.

  • According to the Wikipedia article on WinBuilder this package used to be available at https://winbuilder.net but at the time of this writing the domain redirects to https://reboot.pro probably the result of expired domain sniping. Which may be for the best: it appears to be a relatively active mutual support community that hosts downloads for numerous delicious looking utils and some member-rolled bootable images. No idea as to the safety of this site or its downloads, you may prefer to find the official home pages for those utilities before downloading - but as far as WinBuilder is concerned this seems (at present) to be the best place to get it at a glance. The wiki handily links to a bunch of bootable images that were created with WinBuilder.
  • At present writing if you navigate to http://wimbuilder.world you are redirected to http://hello.wimbuilder.world/hello/ which is... uh... hella SEO. >.> anyway in turn it links to the ostensibly official github source repo at https://github.com/slorelee/wimbuilder2, the Issues section of which indicates a healthy userbase. That's right, WIM Builder:

    WimBuilder2 is an open source lightweight editor for wim file. but be powerful, fully customizable and easy to use.

    That's a new one for me. https://fileinfo.com/extension/wim:

    What is a WIM file?

    A WIM file is saved in a file-based imaging format that was introduced with Windows Vista. It allows a single disk image to be deployed to multiple computer platforms. WIM files are used to manage files such as drivers, updates, and components without booting the operating system image.

    Ahhh. So that's how the wind0ze buggers do "slipstreaming". https://theoven.org/ seems strongly correlated with support for this utility.

    NOTE: funnily enough, about a week after writing this I ended up doing much of the above by hand when faced with a USB 3.0-only machine that needed drivers slipstreamed to install Windows 7. I documented the effort in detail at Add Missing Hardware Support (Drivers) to Windows Install Media (DVDs, USB Sticks).

  • RMPrepUSB at https://rmprepusb.com/:

    RMPrepUSB is a Windows 32-bit utility to partition and format a drive (especially USB drives).

    • Install/repair boot code
    • Clear write-protect\read-only drive flags
    • Sector editor
    • SD cards can be up to 10% faster (when formatted as FAT32)
    • Test for ‘Fake’ size drives
    • Fix various USB boot issues
    • Run a 32-bit MBR Emulator to boot from a USB drive (QEMU) with full write access
    • Includes the command line utility RMPartUSB.exe

  • Easy2Boot at https://easy2boot.xyz/:

    E2B – the free USB multiboot solution for professionals

    • Boot to (almost) anything (Legacy/UEFI64/UEFI32/Secure Boot) from just one USB drive for free!
    • E2B includes three menu systems – E2B grub4dos, agFM/grubfm and Ventoy for the best chance of booting any payload!
    • E2B and agFM use a generic method of booting Linux ISOs. This means it is often more successful than Ventoy.
    • Over 1 million downloads – E2B is used by techs, repair shops, schools and Universities all over the world.

  • Ventoy at https://www.ventoy.net/ is included as part of E2B above.

    Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files.
    With ventoy, you don't need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD(x)/EFI files to the USB drive and boot them directly.
    You can copy many files at a time and ventoy will give you a boot menu to select them (screenshot).
    x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI, ARM64 UEFI and MIPS64EL UEFI are supported in the same way.
    Most type of OS supported (Windows/WinPE/Linux/ChromeOS/Unix/VMware/Xen...)

    Dang. I need the hell out of this...

    I would make the observation that you will want to include version numbers for your isos in the boot menu.

  • Gandalf’s Windows 10PE x64 seems active, well-liked and comes with a ridonkulous list of installed utilities.
  • MediCat USB - A Multiboot Linux USB for PC Repair A glorious ~25 gig multiboot usb stick formulation with frequent, rolling updates.

While I haven't tried some of these options personally and/or very seldomly use them, I think you can reasonably take their safety for granted:

  • SystemRescue is a conventional system recovery linux LiveCD distro that has been around forever and remains up-to-date.

    ...a Linux system rescue toolkit available as a bootable medium for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the hard disk partitions. It comes with a lot of Linux system utilities such as GParted, fsarchiver, filesystem tools and basic tools...

    What I think they should mention up front is that it includes PhotoRec which makes this the ISO I'll be reaching for next time a grampa drive dies.

  • UNetbootin runs on Windows, Linux and MacOS. The official project page at https://unetbootin.github.io/ describes:

    UNetbootin allows you to create bootable Live USB drives for Ubuntu and other Linux distributions without burning a CD.

    You can either let UNetbootin download one of the many distributions supported out-of-the-box for you, or supply your own Linux .iso file.

  • Clonezilla is a modern, open-source and more fully featured disk imaging/cloning suite than the long-defunct Norton Ghost which I used to see running in the shop at all hours in my youth. It is included as part of Diskless Remote Boot in Linux (DRBL) https://drbl.org/ for turn-key network booting
  • ophcrack has a livecd!!! Get it from https://ophcrack.sourceforge.io/download.php and be sure to select the correct image for your target version of Windows to ensure it comes with the correct rainbow tables or download the table-less image and choose a specific table from https://ophcrack.sourceforge.io/tables.php for better coverage (many will not fit on smaller media/drives).
    NOTE If you already have NT or LM hashes extracted and ready to crack you can quickly just plug them into the rainbow tables live via their site at https://www.objectif-securite.ch/en/ophcrack!
  • If you don't care to crack Windows account passwords you can simply disable them; this feature is widely available on distributions like Hiren's but since that hasn't been officially maintained in years and it doesn't look like a supported feature of SystemRescue (above) I feel I should include https://www.supergrubdisk.org/rescatux/ and https://pogostick.net/~pnh/ntpasswd/.
  • The Microsoft Desktop Optimization Pack (MDOP) "is available as an additional subscription for Software Assurance customers" which means you have to pay for it. Apparently. Anyway it comes with the Diagnostic and Recovery Toolkit (DaRT) which is a bootable image full of recovery tools. However, I am way more interested in the virtualization features...
  • Another official Microsoft offering was the Windows to Go Live USB functionality available from Windows 8 Enterprise through Windows 10 Enterprise until the May 2020 update

This PC CAN run Windows 11: How to Disable Windows 11 Installer's Minimum Hardware Requirements Checks

As we have known for some time Windows 11 will install from bootable DVD or USB stick (but not Windows Update) on virtually any x86-64 (aka amd64 - I have noticed in some documents Microsoft is calling this architecture "IA 64-bit" which is trop droll considering it was Microsoft's pressure on AMD to innovate the 64 bit 80x86 platform at Intel's expense at a time when IA64 clearly referred to the ill-fated Itanium architecture) CPU, including for a short and embarrassing moment where it would "officially" be happy to install on Pentium 4 661s. The catch is that new Windows Updates will not be delivered to so-called unsupported systems which sounds rather pointless to me; as I recall Windows Updates are made available to the public freely as individual executable installers from their Knowledge Base and if a dozen people haven't already written an automatic scraper for Windows 11 updates I would be utterly shocked and disappointed.

Unfortunately there are a few more minimum requirements that the installer checks for that may get in our way, particularly if we are trying to simply preview what is to come in this new version from the safe confines of a Virtual Machine instead of risking an otherwise perfectly good and still supported Windows 10 installation at this early stage in its release:

  • System must present a Unified Extensible Firmware Interface (UEFI) instead of a Basic Input/Output System (BIOS) and further:
    • The firmware must be Secure Boot capable. You might be able to enable Secure Boot on a physical machine.
    • A Trusted Platform Module meeting the version 2.0 specification must be provided by a discreet chip/module, as a component of the integrated chipset or as a firmware implementation. Newer machines should be able to enable their TPM if it appears to be missing.
  • At least 4GB RAM must be available to the system. This could be a problem on bare-metal hosts with 4GB of RAM but a portion allocated to shared graphics memory.

I think it's interesting that Microsoft would impose such a strict requirement on RAM while in many areas it has embraced virtualization technology and employed it in impressive, creative ways to make the Windows operating system vastly more secure, relevant and capable than it ever has been before. It seems in these early days at least Microsoft is aiming for a very smooth, very optimal first impression among early adopters at the expense of bringing more budget-constrained users and virtualization-backed service providers along to this new paradigm of sophisticated security measures, Android application compatibility and more.

That said, they couldn't stop us if they put their backs into it, and we're going to leverage some handy functionality they left in the installer for us that will shimmie right past the most egregious of its hardware requirement checks. Upon running the installer you have likely encountered the error:

This PC Can't Run Windows 11

This PC doesn't meet the minimum system requirements to install this version of Windows. For more information visit https://aka.ms/WindowsSysReq

Anything you can do I can do better.

Use the Back button embedded (practically camouflaged) in the top left corner of the window's title bar to return to the edition selection menu.

The one that doesn't get in my way, please.

From here you can press Control + F10 on your keyboard to launch a command prompt.

We're taking command of this operation!

Type regedit and hit Enter to launch the registry editor.

The registry is the key.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup. Right-click on the Setup key and select New > Key. Name the new key LabConfig.

Bypass is DE-WORD!

Right click on the LabConfig key or anywhere in the right-hand pane while it is selected. Under New click on DWORD (32-bit) value and create the following values:

  • BypassRAMCheck
  • BypassSecureBootCheck
  • BypassTPMCheck
I value control over my own system.

Now double click on each value or Right Click/press the Context Menu key and Modify each item to contain the value 1 (integer one).

I put a hex on you! Now you're mine~

Exit the registry editor and carry on with your installation as usual.

How do you like me now? :/

Hopefully at this point your installation continues without a hitch. It's not certain whether Microsoft will stick to these draconian requirements in the future or ease them up to make Windows 11 a more realistic virtualization candidate (among many other great reasons) but one thing is certain: there will always be a way around them - whether provided as a somewhat convenient override by Microsoft themselves or through unofficial channels as part of yet another arms race.

The Superb Prebuilt Virtual Machine Image Repository Short-List

For your pleasure and my rapid deployment I present my personally endorsed and expertly curated short-list of sources for professionally appointed virtual appliances and environments:

  • OSBoxes maintains an impressively varied repertoire of meat-and-potatoes server and desktop/end user installations of the most relevant flavours, lightweight performance-oriented distributions particularly suited to use in VM-optimized projects and embedded essentials like Android-x86, FreeDOS, Raspbian and more.
  • Kali Linux stays on top of their VM images - get it from the source.
  • Microsoft provides free images of Internet Explorer on Windows 7 through Edge on Windows 10. Web developers don't need to worry about appeasing Internet Exploder anymore but I don't need to tell you how valuable these images are to neglected and abused admins forced to wrangle legacy systems.
  • Univention provides mostly free, mostly open source dockerized turn-key IT infrastructure and economically relevant virtual appliances based on its custom distribution Univention Corporate Server through an in-house app store model. You can choose to deploy a full-scale, centrally managed cloud solution composed of up to thousands of virtual machines or download a single virtual machine image directly from the web front-end to their marketplace, the Univention App Center and it will happily run, receive updates and benefit from the same standardized management capabilities as a massive cloud would all by itself. You can of course scale up later if you choose. It's.... actually pretty cool... (you guys hiring?)
  • The best place to get Oracle Solaris images (among other Oracle offerings) is Oracle. Go figure.

Honourable mentions:

  • Linux VM Images - we've already ticked almost all of these boxes, I'm including it since it's such a large collection but have never personally used it. Maybe today's the day you'll find something exotic in there.
  • VirtualBoxes provides a few interesting non-linux images like Plan9 and MINIX.
  • There is no better place to snag a weird Windows beta or nostalgia trip than Virtual Disk Images
  • Microsoft provides evaluation versions of some editions of Windows and Windows Server; the CLI-only distribution of Hypervisor 2012 is provided here free of charge.
  • Server 2008 R2 is available as a 180 day evaluation but Server 2003 R2's product page does not indicate a time limit (you tell me - I have better things to do! :D)
  • Well, this doesn't look like a sanctioned release of Windows 98 SE but I won't tell if you won't.
  • The Naval Postgraduate School's Center for Cybersecurity and Cyber Operations provides "Labtainers"- Fully packaged Linux-based computer science lab exercises with an initial emphasis on cybersecurity. God damn youth is wasted on the young. I wish i had time to play with this.
  • Oh hey! TurnKey is still a thing. I'm afraid its integration/management features are about as compelling as its selection of software in comparison to UCS; particularly as the TurnKey Hub requires AWS... and I think at least half of the half dozen "fine publications" it touts having received coverage in went out of business while I was yet nae but knee-hight... >.>
  • This disposable browser appliance had a lot more appeal 10 years ago when it was maintained around 300MB, the Firefox installation kept only a few versions behind and both virtualization technology and free, pre-configured virtual machine images were much harder to come by. I suppose I'm including it for nostalgia's sake, you're better off downloading the CentOS desktop version from OSBoxes.

There's Something You Should Know about Private Internet Access (PIA) VPN

Roughly a decade ago I signed on with Private Internet Access as my first commercial VPN provider. At the time it was one of - if not the - biggest player in the arena. It enjoyed a universally good reputation both for network capacity and privacy, having emerged from two separate court cases producing - as it claimed and appeared to in fact be collecting - no logging data on its clients. It was also one of the first VPN providers to distribute value-added custom desktop and mobile client software with features one expects from all services today: the ability to easily select from many geographically disparate servers, preventing DNS query leakage, implementing a "kill switch" functionality to ensure application connections don't re-establish over the regular uplink when the VPN connection drops, etc.


Not being something I needed to use very often, my subscription seemed to roll over at the promotional rate I signed up at so I let it ride for a few years until the PayPal account it was attached to dissolved. Fast forward to a few weeks ago, a friend let me use their account to test it out again because I was looking for an easy geofence evasion solution so I could provide a romantic interest with entertainment unfairly blocked in Canada.

No sooner than I mentioned this in one of my chat groups I was admonished that "PIA was bought by a spammer." That's quite the accusation, but given numerous unfortunate buyouts over the years (LavaSoft's AdAware comes to mind) not an unreasonable one. It wasn't hard to find further echos of the insinuation on the web but some thoughtful digging I was able to piece together what I believe are the fair and objective facts regarding the situation. Nowhere are they summed up better, in my opinion, than in this incredibly well-written and patiently researched article by Sven Taylor of Restore Privacy: Strange Ties: Private Internet Access, Kape, and Crossrider. That article from 2019 was very recently followed-up one month ago on September 15, 2021 with Kape Technologies (Formerly Crossrider) Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites then, incredibly, again just a couple of weeks ago on October 29, 2021 with Taking a Closer Look at Kape Technologies, Crossrider, and Malware.

To the best of my understanding - and with my apologies to those involved if I in any way am misconstruing the events - these are the facts that I feel would be relevant to the reasonable consumer's due diligence in determining if PIA is worthy of one's custom today:

  • PIA originated largely as it had appeared to: over a decade ago, justifiably gaining popular support, and it quickly grew to become a major player in the commercial VPN industry.
  • Separately, Crossrider was founded in 2011 and brought to market a novel cross-platform, cross-browser development platform for the major browsers of the era.
  • Crossrider's SDK facilitated monetization, as much commercial software does. The capability was effectively neutral. The implementation however, being in the hands of the extension developers and not Crossrider, could be abused. And it was - extensively; it provided an effective avenue for revenue to flow to developers employing a wide range of nefarious tactics including content injection and privacy invasion.

    From Kape's statement to RestorePrivacy:

    The Crossrider SDK and development platform was used by tens of thousands of independent developers to create cross-browser extensions, and unfortunately a small number of bad actors misused the platform to develop adware and malware. The team at the time attempted to combat the problem, including as a participant and supporter of the Clean Software Alliance, but ultimately decided to shut down Crossrider altogether in 2016 in the face of rising abuse.


So there we have it. A tragic case of a plucky tech upstart with a bright future that brought a new, effective and vital tool to market only to have it abused by bad actors which undeservedly devastated their reputation by mere association despite laudable efforts to combat their own platform's misuse and when that wasn't enough they nobly sacrificed their flagship product for the greater good at the expense of a bottom line they by all accounts could have sustained for the low price of looking the other way. Actually quite a heroic story when you think about it - and I don't mean to sarcastically disparage it. I have uncovered no evidence that indicates the events transpired any way other than how they are recounted by Kape Technologies, the rebranded, reorganized and refocused reincarnation of Crossrider that emerged from an apparently two year long restructuring initiated in 2016.

You know the old tune, we're just going to deep-six for a couple years and switch from a company that enables and profits from data mining and ad injection and stuff and emerge from our cocoon a beautifully transformed, trustworthy security and privacy technology leader. As one does.

The problem is there are other reasons to be skeptical of Kape Technologies. Certainly less stark than the accusations of outright malware pushing but the story is far from over here.

  • In March 2017 Crossrider purchased CyberGhost VPN in its first step to enter the VPN market and re-imagine itself as a security and privacy focused player
  • In 2018 Crossrider purchased ZenMate VPN
  • After rebranding as Kape Technologies in 2018 Private Internet Access became its largest acquisition yet by customer base and dollar amount at a sizable USD$127M:

    From the Private Internet Access acquisition press release, courtesy of Business Wire November 19, 2019:

    LONDON--(, a consumer security software business, is delighted to announce the transformational acquisition of Private Internet Access (PIA), a leading US-based digital privacy company. This acquisition will significantly increase the company’s presence in North America and doubles its existing user base to over 2 million paying customers with a truly global brand.

    This catapults Kape towards becoming the ‘go-to’ privacy company for consumers, paving the way to dominating the rapidly growing digital privacy space, which is already worth US$24 billion in 2019 and is expected to grow by 50% by 2022. According to the Breach Level Index, in the first half of 2018, more than 25 million records were compromised every day, which equates to 291 records every second. As technology develops, and more and more data is shared online, the need for online protection is increasing exponentially. The acquisition of PIA will see Kape’s user base double to over 2 million paying subscribers with almost half of them in the US. The combined group is expected to be profitable and generate over US$120 million in revenues in 2020.

    As part of the transaction, Kape will add a number of encryption-based consumer software solutions to its privacy suite available on mobile, tablet and desktops, including: Plus Ultra, a software that speeds up internet connections; LibreBrowser, a completely private browser; and Private.sh, a private and encrypted search engine. This suite will provide people a truly private digital environment.

    Ido Erlichman, Chief Executive Officer of Kape, said: “This is a game-changing moment for both Kape and PIA, transforming our vision of creating a truly global privacy company into a reality.”

    Ted Kim, Chief Executive Officer of LTMI (PIA’s holding company), added: “We are excited to join forces with Kape to create a true pioneer in digital privacy with significant scale. This transaction brings us one step closer in realising our vision of a digitally private and secure world for our customers.”

    Lumos Partners, LLC acted as the exclusive financial advisor and Baker Botts L.L.P served as legal counsel to PIA/LTMI. Bryan Cave Leighton Paisner acted as legal counsel for Kape.

    About Kape (AIM: Kape)

    Kape is a cybersecurity company focused on helping consumers around the world to have better experience and protection in their digital life. Kape develops and distributes a variety of digital products in the online security space. The Group utilises its proprietary digital distribution technology to optimise its reach and create a superb user experience. Kape offers products which provide online security, privacy and an optimal online experience. Kape's vision is to provide online autonomy for a secure and accessible personal digital life, with a team of over 350 people across seven locations worldwide.


    About PIA

    PIA was established in 2009 and is a security software business, based in Denver, Colorado. Since its inception, PIA has grown to become a leading VPN service provider focused on the consumer market, employing approximately 65, with 35% in an R&D capacity. PIA has over 1 million paying subscribers globally, with 48% of them based in the US.


    For Kape corporate public relations enquiries, contact:
    Vigo Communications
    Tel: +44 (0)20 7390 02347
    [email protected]

  • Just two months ago (from the time of writing) Kape made its biggest acquisition yet: USD$946M for ExpressVPN.

    From the ExpressVPN acquisition press release, courtesy of Reuters September 13, 2021:

    JERUSALEM, Sept 13 (Reuters) - British-Israeli digital security software provider Kape Technologies PLC (KAPE.L) said on Monday it was buying virtual private network (VPN) firm ExpressVPN for $936 million in a deal aimed at creating what it called a "premium consumer privacy and security player."

    Kape said the acquisition expands its customer base to more than 6 million from nearly 3 million and would create a tier one digital privacy and security firm best positioned to capitalise on the expected market growth.

    ExpressVPN, it said, has seen a compound annual growth rate (CAGR) of 35.1% over the past four years amid strong demand for consumer-friendly data privacy and security products.

    Consumers have increasingly turned to VPNs such as ExpressVPN to obscure their identities on the internet.

    "Controlling one's digital presence is at the forefront of every tech consumer’s mind now, and Kape is more committed than ever to innovating and delivering the tools internet users need to protect their data and rights," said Ido Erlichman, chief executive of Kape Technologies.

    Dan Pomerantz, co-founder of ExpressVPN, said the firm will have more capital and resources to "accelerate our product development, deliver even more innovation to our users, and protect them from a wider range of threats."

    Kape said ExpressVPN will continue to operate day-to-day as an independent service.


Let us indulge in the least generous suspicions for a moment - after all the "tinfoil hat crowd" is, or one could be forgiven for expecting it to be, a core target demographic of commercial VPNs. Surely as a userbase expands so rapidly the pressure on any company (one might imagine moreso one with a history connected to advertising, user metrics, data mining and so on - regardless of how innocent or incidental that history may be) to leverage the data collection opportunities that arise into a revenue stream increases in stride. I don't think it's unreasonable to wonder why so many different VPN operations?. Certainly there is logic to buying out userbases and it clearly makes sense to perpetuate established brands but in simple economic terms it would surely make sense to consolidate not just the ownership and governance but also operations and resources. Instead Kape seems to go out of its way to reassure customers that each VPN service it buys will continue to be operated independently, with more or less unbroken continuity. Choosing not to cut out overhead, scale up core infrastructure and migrate users even at a trickle pace to a more homogeneous "master platform" could give one the impression that Kape is trying to obfuscate its position to the lay customer or even nurture a misleading sense of choice in an increasingly artificial market. On the other hand, there is merit to maintaining a level of independence between very similar units within a business: multiple discreet systems, if they are all reasonably efficient and generating revenue, bring clear and substantial benefits in terms of resiliency and an organization's ability to carry out experimentation, analysis and R&D. By not making any obvious changes immediately after a fresh acquisition Kape also benefits from not giving the existing userbase additional reasons to reevaluate their relationship; by seeming to do nothing they make it easier for even those customers that harbour reservations about the takeover by such an entity to also do nothing. And doing nothing beats the hell out of cancelling subscriptions.

Conversely, at best, one might interpret these events to be something akin to conventional media consolidation. Kape Technologies PLC is publicly traded on the London Stock Exchange. Throwing almost one billion American dollars at its latest prize it is quite clear the company that started in 2011 with a hot product yet had to shutter for two years when that one-trick tanked is no joke some ten years later.


Perhaps in the same vein as how many biotech megacaps aren't really pharmaceutical companies - they're investment funds whose core competency is just making money by acquiring the right microcaps - maybe today's Kape isn't really a technology company at all. Maybe it's really a simple investment fund that's found a niche in being very good or very lucky at buying the right growth equities. Operating on that assumption would imply security and performance aren't their real forté and it would be logical to focus on the kinds of metrics expected to suffer under the priorities of a volume and margin maximizing vehicle: capacity, reliability, human labour (quality of support), etc.

I will submit that my personal tinkering and benchmarking over the past few weeks has been deeply disappointing but I must qualify my input by admitting my tests have been by no means exhaustive or scientific. Over wired 100mbit/s synchronous links I can often sustain 60-70mbit/s over the default OpenVPN protocol with default settings but typically only when using automatically selected servers. It seems manually choosing a server even a few hundred kilometres away is almost always out of the question for streaming quality throughput much less consistency at even the lowest bitrates. That being said, equally anecdotally, it is interesting to note that negative reviews posted to reddit and the like receive what feels like unusually high (though genuine) response rates from users asserting their satisfaction. Comments regarding interaction with support and billing departments however seem decidedly negative and speak to a wide disappointment with obviously pre-canned responses and script-like interactions.

All of that being fine and dandy it's time to put our tinfoil hats back on because in my opinion the most troubling fact about Kape has nothing to do with difficult-to-substantiate fears of service quality being run into the ground. I couldn't blame you if you found my earlier allusion to a misleading sense of choice in an increasingly artificial market a little spooky and over the top. Are you sitting down?

From These VPN "Review" Websites are Actually Owned by VPNs by Sven Taylor of Restore Privacy May 20, 2021:

In March 2021, news broke that Kape had purchased Webselenese, which is the parent company of vpnMentor and Wizcase. These are two large VPN review websites that collectively get about 6.8 million visitors per month according to Ahrefs data (May 2021).


Now let’s examine how the rankings changed after the acquisition.

The table below highlights the rankings on vpnMentor’s homepage before and after the site was purchased by Kape. Notice the changes in CyberGhost and Private Internet Access.

Before ownership change

  1. NordVPN
  2. ExpressVPN
  3. Surfshark
  4. CyberGhost
  5. Private Internet Access

After ownership change

  1. ExpressVPN
  2. CyberGhost
  3. Private Internet Access
  4. IPVanish
  5. PrivateVPN

With vpnMentor.com, you can see that NordVPN and Surfshark have been completely removed from the top recommendations. Additionally, CyberGhost and Private Internet Access have gone up in the rankings to the #2 and #3 spots after the ownership changes.
We see similar developments with the before and after changes on Wizcase.com:

Before ownership change

  1. NordVPN
  2. ExpressVPN
  3. Surfshark
  4. CyberGhost
  5. Private Internet Access

After ownership change

  1. ExpressVPN
  2. CyberGhost
  3. Private Internet Access
  4. PrivateVPN
  5. HMA VPN

Just like with vpnMentor, we see that the parent company’s brands were raised in the recommendations, while some competing brands were dropped.

So one more time, just so we're clear: they don't make malware. They're just shamelessly, gratuitously deceitful. I believe the technical term for elaborate propaganda like this is psyop.

It gets better. Come meet the team!

Primary shareholder of Kape Technologies Teddy Sagi. [Photo: Himself]

Teddy Sagi is an Israeli billionaire and the main man behind Kape Technologies PLC. He made much of his fortune in online gambling. As a mover, shaker and international man of mystery Teddy has been profiled by such prestigious publications as Forbes and Wikipedia and The Panama Papers where he has been linked to at least sixteen offshore accounts. It should be noted that no wrongdoing has been associated with the accounts. Yet,

The Financial Times reports Teddy served a nine-month prison sentence after being convicted in Israel of bribery and fraud in 1996.

According to The Jerusalem Post, just a little over one month ago Teddy avoided an assasination attempt. He blames "Iranian Terror". An unnamed source blames his Russian mob debts.

CEO of Kape Technologies Ido Erlichman. [Photo: Sharon Dery]

Ido Erlichman is a former undercover counterterrorist commando. He has served as CEO of Kape Technology for five years and by most accounts is responsible for the turnaround of Kape's fortunes.

Koby Menachemi though since departed, co-founded Crossrider back in 2011. Worthy of note for being a Unit 8200 (Israeli SIGINT) alum. Yikes. Koby and Teddy get a little spotlight in this article by Thomas Brewster of Forbes that details the murky ties between adware and Israeli intelligence figures: These Ex-Israeli Surveillance Agents Hijack Your Browser To Profit From Ads.

It should be noted that since military service is compulsory in Israel past affiliation with intelligence outfits is a more common trait than one might otherwise be accustomed to. But a past affiliation with intelligence outfits is a past affiliation with intelligence outfits. Ya dig?

The best for last: Mark Karplès is not affiliated with Kape. He was onboarded a few months before the PIA acquisition by co-founder Andew Lee in the position - of all things - as Chief Technology Officer. Mark rose to fame as the perpetrator of various frauds and mismanagement as CEO of the ill-fated Mt. Gox bitcoin exchange. If he is to be judged by the alleged coding, security and management style during his tenure at Mt. Gox it is questionable what value he could bring to an established, multi-million dollar VPN platform and his inexplicable placement at PIA has been the cause of numerous fits and cancellations among the userbase, unfortunately they have yielded little in the way of answers.


Please don't come away from this with the wrong impression; god knows I enjoy people with a little colour to their personalities. Some minor jail time here and a raging drug addiction or two there is the spice that makes folks interesting. But there is a preponderance of shadiness surrounding Kape and its properties that makes me instinctively wary. If I could get PIA to perform reasonably in my particular setting I might still consider using it for simple geofence hopping, but I would avoid using it for any purpose where my security and/or privacy were important. I would definitely never pay for it.

Now that you have the facts I hope you feel equipped to make an educated decision. If there are any important details I have left out or if I have any of the details wrong please reach out.

Good luck, be safe!

Replicate Installed Packages on New RHEL/Fedora/CentOS/Debian/Ubuntu Depoloyment

You've spend a lot of time getting a particular installation just right, whether it's a bare metal server, virtual machine, desktop workstation or laptop: the role is clearly defined and you'd like to replicate it as quickly as possible either with a fresh base installation or on a totally separate new host. This is particularly salient when upgrading major versions of Qubes Fedora TemplateVMs: generally speaking not a lot of customization goes into these base layers on which AppVMs and DisposableVMs etc. are meant to be built - except for all of the package management that goes into fleshing out a comfortable and usable default environment.

One option is to follow the Qubes documentation for upgrading a Fedora template in place: https://www.qubes-os.org/doc/template/fedora/upgrade/ however I am inclined to take advantage of the template packages as outlined at https://www.qubes-os.org/doc/templates/fedora/ both for the additional management capabilities (e.g. one-line reinstall, version management) and the clean start and distinction between images.

Although some articles recommend obtaining your package list from:
# dnf repoquery --userinstalled acl-0:2.2.53-3.fc30.x86_64 adobe-release-x86_64-0:1.0-1.noarch alternatives-0:1.11-4.fc30.x86_64 attr-0:2.4.48-5.fc30.x86_64 audit-libs-0:3.0-0.15.20191104git1c2f876.fc30.x86_64 basesystem-0:11-7.fc30.noarch ...
There are four issues with this approach:

  • Specific architectures are specified. It's rare that you will be switching architectures but one of the most amazing aspects of Linux is its platform versatility and since things can slip into and out of noarch all the more reason to let the package manager's default settings handle the unforseeable. Agnosticism is next to godliness - but I might be biased :)
  • Base packages, the packages that came preinstalled with the Minimal Server role or the TemplateVM etc. are included. I need a list of only those packages I have intentionally, specifically installed myself or I run the risk of trying to install deprecated, merged, removed, abandoned, unnecessary, etc. packages. This is of particular concern if I am upgrading to a new major release version and/or switching my base installed package set/"server role".
  • Specific versions are specified which is begging for trouble even outside of the context of a global update (ask any Gentoo admin!)
  • This is not a list of the packages that I have chosen to manually install; it is a list of every package installed after the base installation. In other words, it is every package I have chosen to install AND each one of its dependencies. Ask a Gentoo admin how they feel about explicitly installing dependencies!

The thing about dependencies is they like to change and when a dependency has been abandoned by an intentionally installed package yet is itself explicitly installed you are open to the liabilities (dependency hell (eek!), wasted space and update time, tool for intruders...) of keeping that package around and it can be quite unclear months or years after the fact if an abandoned dependency is safe to eliminate or if it provides the crucial library or shim or goo or magic smoke that makes some special, foreign or from-source software go~.

dnf history gets us a lot closer:
# dnf history ID | Command line | Date and time | Action(s) | Altered ------------------------------------------------------------------------------- 24 | install tigervnc | 2020-07-29 21:15 | Install | 4 23 | install k3b | 2020-07-29 13:47 | Install | 28 22 | install deluge | 2020-07-28 23:06 | Install | 47 21 | install gnome-tweak-tool | 2020-07-28 10:14 | Install | 16 20 | install mlocate youtube- | 2020-07-25 03:57 | Install | 2 19 | install elinks links lyn | 2020-07-21 23:05 | Install | 1 18 | install nano psmisc nmap | 2020-07-21 22:58 | Install | 1 17 | install libreoffice | 2020-07-21 22:52 | Install | 99 16 | install vlc | 2020-07-20 23:31 | Install | 32 15 | install ffmpeg | 2020-07-20 23:10 | Install | 31 14 | upgrade --refresh | 2020-07-20 23:05 | Upgrade | 2 EE 13 | install kate gimp | 2020-07-20 01:07 | Install | 93 12 | install chromium | 2020-07-19 06:09 | Install | 13 11 | install screen sshfs nma | 2020-07-19 06:05 | Install | 19 10 | update | 2020-07-19 05:52 | I, O, U | 304 EE 9 | install -y --cacheonly - | 2019-12-25 18:19 | Install | 1 8 | install -y --cacheonly - | 2019-12-25 18:18 | Install | 4 7 | install -y --cacheonly - | 2019-12-25 18:17 | Install | 16 EE 6 | install -y --cacheonly - | 2019-12-25 18:16 | Install | 4 EE 5 | install -y --cacheonly - | 2019-12-25 18:12 | Install | 1 4 | install -y --cacheonly - | 2019-12-25 18:12 | Install | 1 3 | install -y --cacheonly - | 2019-12-25 18:11 | Install | 1 2 | install -y --cacheonly - | 2019-12-25 18:10 | Install | 125 EE 1 | install -y --cacheonly - | 2019-12-25 18:02 | Install | 785 EE
Unfortunately, even if we expand the terminal really far the Command line column is prone to truncating on long package lists. As an aside, I think it's really neat that we can use dnf history info number to zero in and look at, for example, the entries from 1 to 9 in this TemplateVM's history. They show us first the complete base installation at entry 1, then the standard constellation of packages Qubes adds to implement its unparalleled integration and enhancements at slot 2, then every package added and updated before this particular version of the official fedora-30 TemplateVM image was itself rolled into an RPM and deployed. It's always worth taking the time to get to know what you're made of - time permitting!

I must regretfully report that at the time of this writing, having spent hours digging through the dnf sqlite DBs, JSON files, API documentation etc it seems that while it was possible with yumdb to pull a simple list of explicitly user-installed packages free of their dependencies there is simply no facility in current dnf implementations to demarcate the difference between a user-installed package and a package that was installed as a dependency of one. We can at least address two issues: it is easy to get rid of the architecture and version information from our package list but it may be necessary to manually edit the list to remove dead packages, particularly if upgrading by major version number revisions. This is accomplished by using the --queryformat/--qf filter:
# dnf repoquery --userinstalled --qf "%{name}"

The same effect can be achieved through the dnf history userinstalled route via the application of sed:
# dnf history userinstalled | sed 's/-[0-9].*//' | sed '1d' | sed '/.kernel./d'

Direct an itemised list like the preceeding to a text file from stdout using the > operator, copy it to the receiving host and it can be easily edited and batch processed through xargs:

# < package_list.txt xargs dnf -y install

There is one more imperfect option which I have incidentally been using for years, it relies on:

  • Your having used bash to perform most/all of your dnf install operations
  • Gracefully loging out of/closing your shell session(s) afterwards (as opposed to exiting via SIGTERM or segfault or loss of power etc.)
  • Not having exceeded the default .bash_history buffer length (very hard to do in a TemplateVM)

You guessed it...
# cat ~/.bash_history | grep "dnf install" dnf install screen sshfs nmap links lynx nano whois bind-utils dnf install chromium dnf install kate gimp dnf install vlc dnf install ffmpeg dnf install epel-release dnf install nano net-misc psmisc nmap screen dnf install nano psmisc nmap screen dnf install elinks links lynx w3c dnf install elinks links lynx dnf install bind-utils whois sshfs

This method's saving grace is the ease with which it is copied and pasted between remote SSH sessions. I'm the kind of person who uses sudo bash and su so my installations will be found under the root user's .bash_history; if you are more of a sudoer type grep your regular user's log accordingly. Note that a little search-and-replace in a text-editor to add the -y flag to dnf would allow one to copy and paste the entire block into a remote session and let it run non-interactively.

Finally, as the Qubes documentation suggests, you can simply record the changes you make to your TemplateVMs. For instance, I have been compiling a shortlist of so-called favourite programs for RHEL/CentOS so I can quickly assemble an environment I'm used to on the numerous virtual machines I end up configuring month to month regardless of where I am and without having to hunt down an already configured image to crib off of. It's much less frustrating to get the utilities I reflexively expect to be available installed up front instead of as I notice their absence.

As for Debian/Ubuntu and derivatives that ship with dpkg the situation is not perfect - in that we are still going to end up with a list of base packages and dependencies that may need to be edited - but there are facilities built-in to address this simple type of migration.

On the egress system run:
# dpkg --get-selections > /tmp/package_list.txt

Then on the ingress system, after copying over the package_list.txt file, run:
# dpkg --set-selections < /tmp/package_list.txt # apt-get -y update # apt-get dselect-upgrade

Of course it is also possible to grep our .bash_history as with redhat but depending on your system and habits it might be necessary to check for more than one command:
# cat ~/.bash_history | grep "apt install" # cat ~/.bash_history | grep "apt-get install" # cat ~/.bash_history | grep "dpkg install"