Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned), and we don't believe the administrative hassle of moving the site would be worth the benefit.
I wonder if they changed their mind because Google ceased to be a reliable way to find them.
Nevertheless, I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
Also, these days, after decades of habit building and a rise in awareness about scam-related stuff, I think people expect to see the name of the project early on in the URL, not in 7th position as it is currently.
That's pretty much all of the AI industry and clients.
* https://hachyderm.io/@simontatham/115027646348662282
I suspect that the recent kerfuffle motivated people to finally clean out bogus hyperlinks that casually listed putty.org as the download site, which would have been contributing to inflated page rank up to that point. I found one on a wiki and fixed it, myself, and I'm sure that I was not the only person who went looking.
… Well, I guess that's what they've done. Surely nobody could ever have been this naïve, though; it's not as though Google massaging results into unusable mess is anything new.
How else would you find it? By typing domain name guesses into your address bar until you hit the right one? How would you be sure you've hit the right one and not a scammer/squatter?
This is not a particularly easy problem to solve, and I agree that relying on Google to accurately and safely deliver you to the correct web site isn't great either, but I think we'd be much worse off without search engines.
Well I googled putty and found a couple different .org domains, one who which said it was legit but not official, and another which said it was official but looked wildly out of date.
Neither one I could find a download for Mac that worked. The one I tried gave a scary “we no longer allow putty sudo access as it’s dangerous” and when I googled this error I could find no explanation to assuage me.
And since I wanted to make sure what I was doing was legit, I searched for alternatives.
Eventually I discovered I could use command line in mac to generate the keys I needed. But first I installed Xcode then ran the command (I used chatgpt to tell me exactly how to get the type and length I needed). It was easy.
Side note, the whole culture of downloading random software and using it with just a single line in a terminal is always sketchy to me too. But I’m not a coder so I’m not used to it.
The idea is that you will need to put some trust in the project anyway, since you’re trying to install it. Might as well make it easier with a one line install.
Edit: You should only do this if someone reliable tells you to, honestly. Doing this with truly random projects you aimlessly find is not a good idea.
https://docs.github.com/en/authentication/connecting-to-gith...
https://serverfault.com/questions/780476/generating-ssh-keys...
My knowledge was a bit outdated by about a decade.
The website I was sketched out by (but tried it anyway, then got the scary error) was puttygen.com which had me install homebrew (whatever that is) and then do “sudo brew install putty”
The closest I saw was a .tr.gz file (i.e. a gzipped Tape ARchive) of Unix source code, but A) I don't know of their definition of "Unix" includes OS X / MacOS; and B) judging from your comments here, you don't seem like the type who would want to install software by downloading, decompressing, and compiling source code.
I'm thinking the people who told you to use PuTTY were assuming that you are a Windows user.
This recently [1][2] got a lot of attention on the web and here on HN, along with a post on Mastodon from the author [3]
I imagine trying to disincentivize this and provide another shorter more official looking link is the hope here.
[1] https://www.theregister.com/2025/07/17/puttyorg_website_cont...
One weird trick to make your insignificance seem significant!
Extrapolated to the present time, all of us vaccinated individuals are now suffering the big consequences.
Too bad all nutjobs aren't so easy to disprove by simply taking a single large breath. :)
I'm trying to grok this, but all of the posts sort of obliquely refer to things that happened in the past (even the old HN links here), rather than explicitly just explain what the hell happened.
https://web.archive.org/web/20170822083048/http://www.putty....
The domain owner seems to feel he was providing a service to putty by providing the short domain name and feels slighted that they are moving to have their own now that he is taking actions that they find more objectionable than just also linking to his competitor, but to be honest it always seemed some unethical squatting to me, based on the Putty devs not having the time to complete a UDRP process.
The same thing happened with Facebook "pages", when they became a personal "soap box" by the owner of the page. It was downhill from there... You might as well turn the whole web into FB/Twitter/X/Insta promotional spam at that point.
The Notepad++ site is run by the authors and reflects their stance. Putty.org is run by an outside party who hijacks the reputation of the PuTTY project to push their agenda.
> Unfortunately the person who owns putty.org
> started to use it to spread misinformation
> about vaccines and[...]
Instead it's just some guy's website clearly unrelated to PuTTY. He's even gone out of his way to point people looking for PuTTY in the right direction. Who cares what his opinion is about anything else?
Amazing things happen when you crank up the level of simplification.
I'm sure we can then find experts with those kinds of qualifications who also pushed covid misinformation (or to use more old-school terms, straight up fucking lies and unfounded, conspiratorial speculations) and held minority opinions.
Then we can lament on how having a minority opinion means your opinion is definitely being unjustly oppressed, as opposed to justly oppressed, which somehow we'll not be able to produce an example for. Does that really matter though if we can just pretend that we do have an example, or even believe outright we do and just not agree?
Or maybe we can lament on how just blindly trusting either authority or expertise is possibly not the most solid idea in the world. As if we actually had the option to do otherwise at scale, even in the best case scenario, and all people were magically equal and equipped to do so.
Humans and their unattainable reasoning ability. Oh the modern world. Yeah right.
Everyone has the world the size he deserves…
Others - they don't understand the trust anyway, so there prerequisite steps missing before the main question anyway.
A link that looks like this:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...
And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing. Yeah, talk about a grey-beard get-off-my-lawn developer screaming at the wind and wanting to make it worse for themselves and their "brand".
At this point tech people should understand what Mastodon is. For their own benefit. It's been years.
> https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...
> And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing.
And the actual text of https://www.chiark.greenend.org.uk/~sgtatham/putty/ , where the new site is excplicitly linked and explained, didn't make it better? Maybe you just need Mommy to blow on your boo-boo?
Sheesh. Talk about yelling at clouds.
[...] <a rel="me" href="https://hachyderm.io/@simontatham"> [...]Looks like it's as complicated as a parts inventory system developed in house for a half a million employee company...
It means that whoever owns the website marked as verified also owns the social account. See https://joinmastodon.org/verification for a quick overview of how it works.
But the link validation confirms that if you believed that the original download site belongs to the author, then you would have almost the same guarantee about the social account. (+/- the chances of the putty website being hacked)
So it doesn't confirm the account belongs to the author, it confirms the site has a specific link and nothing more.
Adding a <meta> tag or creating a page with certain content are already used even for more impactful verification, like getting issued a certificate for that domain.
If an attacker does have broad access to edit the HTML of your website, I feel that's already the issue and Mastodon verifying that "this person controls this website" isn't even really wrong.
No sane sober person would use it to authenticate messages about changing URLs in a software supply chain.
How is this any different than your email address being compromised? How is this different than having your laptop compromised and somebody downloading your .ssh folder?
The issue here isn't "is this reliable identification" - because it IS reliable. Your concern is "how likely is this to be compromised vs other things" and that's a fair concern - but there are plenty of very secure web sites out there. This isn't saying "I am john doe and this is my identity", this is saying with some confidence "this person on mastadon is the same person as the person who wrote this web site copy" and that's a totally fine piece of identification for the right context.
This is in addition to the original site linking to the new one with a news post. Does that also mean nothing because an attacker could add a news post to the page?
<p>I'm on Mastodon as <a rel="me" href="https://hachyderm.io/@simontatham">@simontatham@hachyderm.io</a>.</p>
If you trust that website, then you can be sure that this Mastodon account is the right one.
Latest news
2025-08-14 New website, putty.software
We have a new domain name for the PuTTY website!
...
Maybe just call this the Future Home of Putty or something with a big link to the official page.
I suppose word will get around pretty fast but still.
https://www.chiark.greenend.org.uk/~sgtatham/puzzles/
Try Mines, you never have to guess.
Then I realised Putty ships with a CLI version which I now use in Terminal for accessing serial.
PuTTY was just easier to get ahold of on a new install.
I think that's why it won out for me. That and its simplicity.
interesting to scan the log on that: https://github.com/git-for-windows/build-extra/blob/main/Rel...
i cannot imagine windows without it. even wsl garbage pales in comparison
I'm a c# dev with near 20 years experience, and I finally got the shits with advertising in the start menu. Arch Linux, because I figured why not do it properly?
I game a fair bit, and find most things on steam just work.
But I found that the Bottles project pretty much solves this, by installing everything in some kind of sandboxed environment:
https://github.com/bottlesdevs/Bottles
Has worked wonderfully for the few cases where plain Wine failed.
they don't have sandbox. only if you install the flatpack AND DISABLE SOME CONVENIENCES you actually get something I'd call a safe sandbox.
but their site lies and make you feel safe while being extremely vulnerable installing cracked games (which is what everyone used bubble for).
Which IDE do you use? JetBrains Rider?
I mostly use VS Code to be honest. I use VSCode for other languages and for a long time it was the only graphical editor to have good remote development (over SSH) support.
Rider has that feature now though and is pretty nice too. I typically jump over to it when I need to profile something as it integrates with dotTrace. If you're coming from full-fat Visual Studio you'll probably prefer Rider.
My personal dev is shifting to Rust.
grep AuthorizedKeysFile /etc/ssh/sshd_config
AuthorizedKeysFile /etc/ssh/keys/%u
cat /etc/ssh/keys/bender
from="[192.redacted]/24,[redacted]/20" ssh-ed25519 AAAAC[snip...] comment
Example use case would be that lets say a contractor from Microsoft tries one of your keys. Your restriction limits the key validity to 24.0.0.0/8 and they are coming from 207.0.0.0/8. They will be denied Authentication refused and you now have log entries that can be shared with their fraud department, the world, whomever. Obviously the tighter the restrictions the better, at the risk of requiring a static IPv4 or IPv6 address if too tight. One can always have lighter restrictions on a fall-back account that requires additional hoops to sudo / doas / su.
Also, domain policies offer more control over the corporate PCs (this is how some of the MS spying is shut off on corporate PCs; it's debatable if the corporate spying added by other domain policies is an improvement).
* https://mastodonapp.uk/@JdeBP/114693762493884550
I had been lucky through having done my own experimentation, decades ago, with setting up a default PAC file on the LAN and having left it in just-send-everything-directly mode, keeping it as I upgraded things on the LAN, all of these years. Because otherwise I would have been vulnerable to a third-party in the search path for years, on a machine that clearly and unequivocally, including per direct inspection of the setting in the registry, has this switched off.
* https://jdebp.uk/FGA/web-browser-auto-proxy-configuration.ht...
Yes. With Windows Recall data mining surveillance screenshots taken every 5-7 seconds, completely disregarding if this may compromise your security, safety or privacy, we move from "you're the product" to "you're a pet in a zoo, and we want to learn from your behavior."
> I know M$ is evil and spying on you, but not to such degree.*
I mean, they could be recording every second.
I'm pretty sure that's a bandwidth issue.
Not because they really feel like giving you 3-4 second pockets of security, safety and privacy.
Some of you people are just too far gone to turn off a setting.
For now. This is Microsoft we’re talking about. Needing a Microsoft account to log in to Windows used to be optional.
My lack of trust in Microsoft (or Google) to keep my interest in mind is rooted in experience.
The problem is: once your organisation is so corrupt that they think of this shit, turning off bad ideas becomes a game of whack-a-mole.
Just say no to this kind of behaviour.
The other thing I’m missing is my 3D Gerber viewer called ZofZPCB. I’ve not gotten either it or Altium to even start.
For years, I've had a seamless document management process on Windows for all my receipts and bills:
1. My ScanSnap scans, auto-crops, and OCRs documents into a designated folder.
2. A small open-source tool, DropIt [1], monitors that folder.
3. Based on about 100 custom rules that parse the OCR'd text (for tax IDs, phone numbers, etc.), DropIt automatically renames and moves the PDFs into the correct subfolders.
4. Nextcloud then syncs the organized files, and I can discard the paper originals.
When I explored replicating this on Linux, I found the building blocks exist. For instance, ocrmypdf seems to be a powerful OCR tool, and SANE drivers combined with gscan2pdf can handle the scanning. [2] I also found several tools for automated file renaming and organization.[3] However, the Fujitsu ScanSnap Home software provides an all-in-one experience for the initial capture.[4] More importantly, I'd have to manually translate all my pattern-matching rules from DropIt to a new system, likely a collection of shell scripts. I still feel that this is too fragile. I would need to program all exceptions myself: file renaming issues, special characters, length of document names, issues with OCR and alerting, should anything go wrong. The system needs to be fail-safe because once I throw the original away, there is no going back.
Then, another challenge is to find the time to replace this reliable system with the shortest "downtime" possible. I need this daily.. so I already decided I need a migration phase, where both systems run in parallel. Perhaps this better explains my slowness to migrate to Linux.
The fact that there isn't a well-known, integrated tool for this on Linux seems suspicious. It makes me wonder if I'm approaching the problem from the wrong direction. Is there a more "Linux-native" philosophy for this kind of workflow automation that I'm missing?
And yes, I'm aware of Paperless-ngx. It's a fantastic project, but I'm committed to my current folder structure and prefer to avoid a solution that centralizes my documents in a database, away from my Nextcloud setup and my filesystem-first-philosophy for document management. I don't trust that paperless-ngx will be available in 40+ years from now, but I need my document management to last that long.
[1]: http://www.dropitproject.com/
[2]: https://github.com/ocrmypdf/OCRmyPDF
[3]: https://github.com/ptmrio/autorename-pdf
[4]: https://forum.manjaro.org/t/fujitsu-scansnap-home-software-f...
Have they fixed font rendering yet? cmd.exe looks better on my laptop
https://github.com/microsoft/terminal/commit/906edf7002b8ccf...
You need to define the "antialiasingMode" key in the settings JSON for the default profile to hold the value "cleartype", rather than "grayscale" (which is the default value). I don't believe this is exposed in the GUI settings page.
Note that this only affects the actual terminal emulation area. The rest of the application will still be pixel-level font smoothed (so e.g. the tab titlebars, the settings, etc.).
Something wrong with my eyes? Doesn't cmd.exe look smoother in this screenshot?
putty.org is not run by the PuTTY developers
https://news.ycombinator.com/item?id=44558328
Hijacking Trust? Bitvise Under Fire for Controlling Domain of FOSS Project PuTTY
Cheers to decades of memories with PuTTY!
No idea what this means.
Anyway Simon Tatham's games are so good I think he gets a pass on anything else he does.
The current holder of that domain is using it to host a single page that pushes anti-vax nonsense under the guise of fighting censorship... but also links to the actual PuTTY site. Very weird mix of maybe-well-meaning and nonsense.
And in 2022, he wrote "Covid-19 is mostly snake venom added to drinking water in selected locations. There may also be a virus, but the main vehicle of hospitalizations is boatloads of powder, mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake venom."
Whaaaaat the fuuuuuuck
Can anyone debug this statement?? I’m not looped into weird this realm of paranoid delusion torecognizs what they’re referring to here.
https://web.archive.org/web/20250728091154/https://www.putty...
Plus, I can find absolutely zero evidence of the existence of a German journalist called "Mirai F", so I'm a bit suspicious. (It might be the "PuPRed" person being maybe-doxxed -- but that's a blog site which entirely consists of a single article about PuTTY, so I'm not convinced "journalist" applies in a meaningful sense.)
The Bitvise answers also don't look good, of course. Nobody comes out of that one smelling like roses.
I say this as someone who thinks putty.org was pretty sketchy before it went full anti-vax, and is currently looking like a slam-dunk example of the kind of thing trademark law was meant for.
The homepage and the downloads page both seem fine to me.
(BTW, the collection of one-player puzzle games is super!)
* https://mastodon.gamedev.place/@thomastc/115031906344758192
Using putty as my daily driver was definitely part of my coming-of-age story as a windows sysadmin way back when.
Even a .com/org/net with something like getputty or similar as the domain name would feel less sketchy than putty.sofware.
putty.net is also up for sale but probably will be an unreasonable price and paying the troll toll would suck.
puttyclient.com
puttyofficial.com
puttytools.com
puttydownloads.com
downloadputty.orgThen again, I may be biased due to always remembering PuTTY's official page being someone's personal site hosted on a .org.uk server.
There is actually a mirror at https://www.puttyssh.org/
This sounds like a virus site.
Even puttytelnet.com/org/net is available.
Hell the puttytel.net is available
Sometimes I feel like we are training users to disregard safety mechanisms for phishing.
Using putty was never the pinnacle of professionalism and open source auditing anyway, it's just a binary you download on windows before you hear the gospel of linux and ssh.
That's how domain validated certificates that are used on most website today work.
And yes, it's bonkers that we need to rely on authorities like Let's Encrypt for this instead of just delegating trust via the same hierarchy as DNS.
Huh? The source is available on the original site and TTBOMK always has been, you're welcome to compile it yourself.
However, it seems that the universe heard my pleas https://git.tartarus.org/?p=simon/putty.git;a=commit;h=c19e7... Replace mkfiles.pl with a CMake build system
For context, I believe that a tool isn't open source unless I can build it, so I actually build almost anything I can from source for that reason
I (and I suspect several others) suggested a TLD that you would probably have no qualms about, a few weeks ago. M. Tatham went with software. instead; which is fair enough. software. has been around for a while, and is stable and a fairly on-point choice.
Be thankful that it was not putty.party. . (-:
PuTTY's website is fairly clean and accessible, unlike this landing page.
This landing page looks suspicious. Even though the HTML links look like they go back to the legit site (https://www.chiark.greenend.org.uk/~sgtatham/putty) I'm not clicking through to find out. There have been spoofing of links for 100's years.
Now take your "blood rage" back to your mother's basement gaming room where it belongs, and come back here in ten years or however long it takes you to grow out of your teens. If ever.
Putty is a terminal emulator and an SSH + telnet client all in one. Now Microsoft offers a number of platforms that overlap to provide similar functionality.
WSL2 (aka WSL) is the Linux system that runs a Linux kernel and apps within Windows (technically a hidden HyperV VM) with some loose bindings to the OS resources for networking, files etc.
OpenSSH is the SSH client installed with Windows. It can be used via CMD or Windows Terminal + Powershell . You don’t need WSL installed. So it’s great for VMs or remote shells.
Powershell is the Windows Shell (like bash on Linux or CMD on earlier windows) that lets you run openssh and other windows CLI Apps
Windows Terminal is the new-ish (6+ years) terminal emulator that lets you run a variety of shells. Most commonly Powershell , Bash (WSL), or you can SSH to any host using openssh . It works like tmux with tabs/windows into any remote host .
I decided to lay this all out because Windows apps for SSH and terminals are a little different than Linux.
That said, some people like PuTTY. It is much easier to setup and use. It also offers other features (like serial communications).
Just open a terminal and type ssh just like you would in Linux.
I'm pretty happy with Windows Terminal these days, but before then, it was all PuTTY + SecureCRT.
I do see this type of versioning as an indictment of such a technology for production scenarios, it's all a house of cards if that's what you are building upon.
It's a liability disclaimer versioning schema
Come on, even ChatGPT can do a better job than this.
It is a reasonable change to make. Do the rest of their native Win32 UI controls still use MS Sans Serif (Windows 98) or Tahoma (XP) instead of Segoe UI (Vista)?