Getting Windows 10 IoT for RPi2 ... without a physical Windows box...

Windows 10 IoT edition has been available for a while now, but I have only just gotten around to looking at deploying it to my Model B Raspberry Pi 2. I had figured this would be a simple matter for downloading an image and then flashing it onto the SD card, job done. But it seems Microsoft have taken a different route which seems to require a Physical Windows 10 box to successfully flash the card.

Now, I don't have access to this at home - all my Windows machines are virtualised, and my physical machines all run OS X.

After much googling, and many dead ends, the general process I found here posted by MikeAtWeaved worked.

Generally this was:

- Grab the IoT download, and get the flash.ffu file
- Download ImgMount Tool:
- Download DiskInternals Linux Reader:

Using ImgMount, mount the flash.ffu file - it will appear empty, but ignore this.

Using Linux Reader, select the Virtual Disk and tell it to Create an Image (.img extension).

Compress this img and move it onto your Mac OS X machine. Decompress it.

Then use dd at a terminal (sudoed of course) to write this onto an SD Card.

I am, however, very surprised that the PowerShell Remoting services are enabled on HTTP and the Device Management web page (on port 8080) is HTTP only too. Why no SSL by default?

vSphere 6 gets Update Manager!

I'm really not sure how I missed it, but the vSphere 6 update finally brings the Update Manager components into the web interface!

The upgrade is pretty easy to, if you have 6.0 U1 already installed - as you can now use the VAMI interface (on port 5480) to run the upgrade. Simply go to https://vcenter:5480, login as your root user and go to Update. Then click the Check for Updates, and Install Updates options.... and sit back and wait.

You also need to upgrade the Update Manager component; now this is actually not as simple as I'd hoped - you need to download the full windows installation package and grab just the Update Manager installer from it. At least it completes an upgrade pretty happily!

Tokenising Release Management in VSTS

Yesterday I spent a bit of time working with the new Release Management components on VSTS ( - essentially Microsoft's hosted TFS implementation) in the knowledge that this will be (almost) what appears in the TFS 2015 Update 2 builds.

The first thing I noticed was the distinct lack of support for pushing environment configuration into the SetParameters files used by WebDeploy; essentially all you could change was the connection string if you were willing to try and work out the advanced parameters to pass in. This just wouldn't be enough for most of the projects I was involved in, and I found it pretty bizarre considering the way the existing on-premise Release Management works with WebDeploy.

So I extended the Azure Web Deploy action to add in tokenisation. And heres how.

First step - extend the Azure PowerShell Publish-AzureWebsiteProject.

Ultimately speaking, this is what VSTS is firing off in the background and so this is where we need to start.

A quick branch of the GitHub code for Azure-Powershell (thank you Microsoft for making this all Open Source!), and a dive into the code in src/ServiceManagement/Services/Commands/Websites/PublishAzureWebsiteProject.cs. It's pretty clear that this function would need to accept an additional set of arguments, and then carry out the tokenisation (i.e. replacement) in the SetParameters.xml file.

With that done, a compile and overwrite the existing copy on my machine (in %ProgramFiles%\Microsoft SDKs\Azure\PowerShell) and then a test in an Azure PowerShell and time to move on.

Second step - clone the existing VSTS Deploy to Azure Website task

Ironically, this step took more work. 

In order to create a task for Build or Release pipelines on VSTS, you need to get you environment setup first. Microsoft have gone down the cross-platform route here, which makes a lot of sense given the direction VSTS is taking.

Download and install NodeJS for your platform (

Install the tfx-cli tooling using npm (

First step is to authenticate with the service; you do this by issuing a tfx login command. You will be prompted for you VSTS url as well as your personal access token.

After you have done that, you need to create a task: issue a tfx build tasks create and you will be prompted for:

TFS Cross Platform Command Line Interface v0.3.9
Copyright Microsoft Corporation
> Task Name: Antask
> Friendly Task Name: Testing
> Task Description: Testing
> Task Author: Andy
created task @ C:\Users\Andy\Antask
id   : ----
name: Antask
A temporary task icon was created.  Replace with a 32x32 png with transparencies
At this point the task folder will contain a number of template files for you to modify. I grabbed the code for the existing actions from the Microsoft VSO Agents Task GitHub page and copied the contents of the existing action (under Tasks/AzureWebPowerShellDeployment/) while retaining the existing copy of task.json from my template folder; this is the file you will need to merge some code into in order to be able import the action again. The task.json file from the Microsoft GitHub repo is pretty complete - bit things like the name, task id etc need to be changed to that of the task.json template file. Do this and drop the merged file into your task folder.
Add a new parameter onto the task by adding the block into the inputs section; something like:

      "name": "Tokens",

      "type": "string",

      "label": "Tokens to replace",

      "defaultValue": "",

      "helpMarkDown": "Tokens to replace in the SetParameters.xml as used by Web Deploy.",

      "required": false


Then its the PowerShell script that needs modified; the new parameter needs to be added to the param block, then the actual call to $azureCommandArguments. And thats essentially all the modifications needed.

Uploading the action is a simple matter of issuing a tfx build tasks upload --task-path ./ANTest

And that is it!

I have repo's on GitHub for modified versions of both azure-powershell and vso-agent-tasks; hopefully I can get a couple of Pull Requests accepted with some work!

Cloudflare - How to get SSL on any site. For free.

With the advent of Lets Encrypt, everyone seems to be looking to put SSL on their website. That's not to say it is not a good thing to do, but it most definitely seems to be at the forefront of peoples minds these days.

However, there's an easy way for many small website operators to get in on the SSL action - even if their host will not let them (or will charge through the nose) for an SSL certificate on their domain. CloudFlare.

Simply register with CloudFlare, add your website on the Free plan (which is free!), and update your DNS to use the CloudFlare servers. Not only will you then get a degree of Distributed Denial of Service attack filtering, but you will also get SSL. Result.

There's a lot of other things that can be done, either to improve the security of the offering, or to make things more performant - some have a cost, but many don't, and I would highly recommend people have a good look around the options CloudFlare present. One of the most important tips I've got is to add a rule to redirect everyone to your newly secured site - and thats on the CloudFlare knowledge base too.

Moving from Sophos UTM to Sophos XG

I've just upgraded my Sophos UTM 9 firewall to the newly released Sophos XG; this is a free upgrade for those that have been running a UTM with the Home License and thankfully removes the 50 device limit.

The best part is this time there is no messing around with UNetbootin or Rufus to convert the ISO image to something that can be USB booted; all it needed was a dd write and done.

So, on a Mac:

diskutil list

Work out which drive your USB stick is on

diskutil unmountDisk /dev/disk3 (replacing this obviously)
sudo dd if=./SW-SFOS_15.01.0-376.iso of=/dev/disk3 bs=1m
276+0 records in
276+0 records out
289406976 bytes transferred in 220.163896 secs (1314507 bytes/sec)
diskutil eject /dev/disk3

Boot the hardware - answer the prompt to allow it to overwrite the existing drive. Wait!

Connect a crossover cable between your PC and the internal nic on the device; you'll find this means the PC gets an IP in the 172.16.16.X block.

Open a browser to; login with admin / admin.

Accept the EULA; if you are upgrading select the upgrading from UTM9 option and provide your license file. Otherwise enter the Serial Number Sophos will have sent you. I had problems here, and couldn't get the "upgrade" route to work, and ended up having to get a new Home usage serial for the XG.

Hit Activate Device - note that you need the WAN link connected to a valid external internet connection for this process to work.

And thats it - you now have a working XG!