Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned), and we don't believe the administrative hassle of moving the site would be worth the benefit.
I wonder if they changed their mind because Google ceased to be a reliable way to find them.
The first link I get when I searched for "putty" was `putty.org` which, according to the footer: "The PuTTY project or its authors have never owned this domain, registered it, or purchased it."
Nevertheless, I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
Also, these days, after decades of habit building and a rise in awareness about scam-related stuff, I think people expect to see the name of the project early on in the URL, not in 7th position as it is currently.
I suspect that the recent kerfuffle motivated people to finally clean out bogus hyperlinks that casually listed putty.org as the download site, which would have been contributing to inflated page rank up to that point. I found one on a wiki and fixed it, myself, and I'm sure that I was not the only person who went looking.
Unfortunately the person who owns putty.org started to use it to spread misinformation about vaccines and the pandemic, as you can see on the site today.
This recently [1][2] got a lot of attention on the web and here on HN, along with a post on Mastodon from the author [3]
I imagine trying to disincentivize this and provide another shorter more official looking link is the hope here.
> Since 2020 I have been speaking out against the fraudulent pandemic and the intentionally dangerous injections and my experience has been to have been censored and smeared. If you have not heard of me before, that's the reason.
One weird trick to make your insignificance seem significant!
Why do you think it is misinformation? The person seems to have great credentials to be speaking on the topic. This is the video linked from putty.org:
This seems similar to the Notepad++ team using their platform to promote political viewpoints.
The same thing happened with Facebook "pages", when they became a personal "soap box" by the owner of the page. It was downhill from there... You might as well turn the whole web into FB/Twitter/X/Insta promotional spam at that point.
It's not at all similar, and that doesn't have anything to do with the quality or lack thereof of the viewpoints.
The Notepad++ site is run by the authors and reflects their stance. Putty.org is run by an outside party who hijacks the reputation of the PuTTY project to push their agenda.
Luckily, fediverse has an account-to-website verification feature, see https://joinmastodon.org/verification . Mr. Tatham's account on hachyderm.io uses it, so we can be reasonably certain that it's the correct account for him.
There's a link on one side and a meta tag on the other. It's as simple as you can make the validation between two sites. It's not even fediverse-specific really - there were other services doing something similar before.
It means that whoever owns the website marked as verified also owns the social account. See https://joinmastodon.org/verification for a quick overview of how it works.
No, it means a certain link exists on the website. On Hacker News of all sites, I would think we should all know that's not sufficient evidence of identity for an update regarding the source of critical software like a terminal.
Nobody claimed it validates the identity in any way. It validates that the person at the other website confirms it's their social account and the social account matches the other direction. The real identity is not involved here in any way and never was. You're disagreeing with someone nobody here raises.
But the link validation confirms that if you believed that the original download site belongs to the author, then you would have almost the same guarantee about the social account. (+/- the chances of the putty website being hacked)
Yes, your caveat at the end there is exactly why this method shouldn't be trusted, as it's indistinguishable from an attacker with access to embed a single link.
So it doesn't confirm the account belongs to the author, it confirms the site has a specific link and nothing more.
Adding a <meta> tag or creating a page with certain content are already used even for more impactful verification, like getting issued a certificate for that domain.
If an attacker does have broad access to edit the HTML of your website, I feel that's already the issue and Mastodon verifying that "this person controls this website" isn't even really wrong.
It was bad enough that we had to tell developers to trust some rando website to download a tool that we'd use to potentially plug in sensitive production usernames + credentials.
And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing. Yeah, talk about a grey-beard get-off-my-lawn developer screaming at the wind and wanting to make it worse for themselves and their "brand".
Hi that sad. I remember years ago sitting with a colleague and we had to download putty. Then we found the usual page. There is always the concern if it is legit or a fake site with malware. But I remember my colleague saying "it has to be genuine, only a computer scientist could make such a primitive web site"
I haven't used Putty since I stopped using Windows for anything serious (in the early 00s.) It was my favorite quick and dirty SSH and serial client before then though!
Are you referring to the pixel-level font smoothing they use by default (as opposed to CMD's subpixel-level font smoothing)?
You need to define the "antialiasingMode" key in the settings JSON for the default profile to hold the value "cleartype", rather than "grayscale" (which is the default value). I don't believe this is exposed in the GUI settings page.
Note that this only affects the actual terminal emulation area. The rest of the application will still be pixel-level font smoothed (so e.g. the tab titlebars, the settings, etc.).
I've only used it through RDP on Wayland and it's been fine visually. Downloading it can be a challenge if you don't know where to look (Github, not Microsoft's App Store...)
I don't trust Windows with my SSH keys. Since about 2 years, I am actively preparing my final migration to Linux. There's some Windows software left that I need to replace before this move is possible, but I am close.
I agree with you and just wanted to add that for what it's worth one can optionally limit where ssh keys are useful by adding network restrictions on the public key / server side. e.g.
or wherever your system is configured to look for public keys, typically /home/username/.ssh/id_dsa.pub. I use a different location. Even being really broad like adding a /16 or /8 for a home ISP is still better than allowing the entire internet. This can also be useful where machine-to-machine ssh keys are utilized one can limit the access to that network so that should keys leak the potential blast radius of damage is reduced. For example, the keys for an Ansible account can be restricted to the Primary/Secondary Ansible server IP addresses or at very least the CIDR block(s) of the network(s) they reside in. Broad restrictions are not perfect but perfect is the enemy of good or good enough.
Example use case would be that lets say a contractor from Microsoft tries one of your keys. Your restriction limits the key validity to 24.0.0.0/8 and they are coming from 207.0.0.0/8. They will be denied Authentication refused and you now have log entries that can be shared with their fraud department, the world, whomever.
Just pull the trigger. A surprisingly large amount of software just works on wine.
I'm a c# dev with near 20 years experience, and I finally got the shits with advertising in the start menu. Arch Linux, because I figured why not do it properly?
I game a fair bit, and find most things on steam just work.
Having a Windows 11 corporate laptop with a domain/Entra login, I actually trust it more than a home Windows 11 with a Microsoft account. Because if I lock myself out, I have a contact (corporate support) that is actually interested in helping me recover everything. With a Microsoft account it's a mess. I had so many problems with Microsoft accounts that I lost count of how many I have, and most are broken in some way, because of different issues and different service integrations over time. The Skype account is now useless. I never recovered my paid Minecraft account after one event. With a machine with a local account, now I have to be very careful on what I click related to MS accounts, because trying to solve various issues with Teams, I managed to get the local account linked with that MS account. I spent hours trying to recover a different account after I randomly filled one nagging question about birth date - who wants to give the real birth date to Microsoft - and then I got locked out because I said was underage :). So yes, one of the big issues is the push to have a linked OS account where you have to rely on MS support to solve your issues, otherwise you basically get locked out of your machine and other things you paid for.
Also, domain policies offer more control over the corporate PCs (this is how some of the MS spying is shut off on corporate PCs; it's debatable if the corporate spying added by other domain policies is an improvement).
I have to agree, I've also suffered account problems. I was locked out from an email address I used for 20 years. It refuses to take my password which is still valid. I've changed phone number since 20 years ago so can't use that and the security questions were nonsense as I was a teenager. Originally my account never had phone number, they insisted I add it when they integrated my Skype account perhaps. So I didn't expect access to that phone number to be a strong ongoing requirement.
I recently, by playing around with the LAN's default PAC file and a dummy HTTP server, discovered that on a machine that says in System Settings that Proxy Auto-Discovery is turned off, the PAC file is still fetched and used by a too-large number of Microsoft/Google background auto-update services, from Windows Update to Office.
I had been lucky through having done my own experimentation, decades ago, with setting up a default PAC file on the LAN and having left it in just-send-everything-directly mode, keeping it as I upgraded things on the LAN, all of these years. Because otherwise I would have been vulnerable to a third-party in the search path for years, on a machine that clearly and unequivocally, including per direct inspection of the setting in the registry, has this switched off.
> Is such paranoia warranted? Millions of corporate laptops run Windows 11 just fine.
Yes. With Windows Recall data mining surveillance screenshots taken every 5-7 seconds, completely disregarding if this may compromise your security, safety or privacy, we move from "you're the product" to "you're a pet in a zoo, and we want to learn from your behavior."
> I know M$ is evil and spying on you, but not to such degree.*
I mean, they could be recording every second.
I'm pretty sure that's a bandwidth issue.
Not because they really feel like giving you 3-4 second pockets of security, safety and privacy.
I don't trust microsoft to not push an update that exposes all my stuff. Their updates the last few years have been an absolutely shitshow in so many regards.
If Windows were to steal your SSH keys (lol), would you really think using a third-party program would protect you? The evil code could just read the key you configured in PuTTY.
I know Altium doesn’t work, which is very important if you need to provide someone else files in Altium format. If you just want to work on designs there’s always Kicad, which is increasingly very good! But it can’t save in Altium format, and I’m not sure I’d trust it for manufacturing.
The other thing I’m missing is my 3D Gerber viewer called ZofZPCB. I’ve not gotten either it or Altium to even start.
Thank you PuTTY for saving my butt so many times in archaic security-theatre companies who would block all ssh apps except leave the PuTTY website and downloads still available.
The current holder of that domain is using it to host a single page that pushes anti-vax nonsense under the guise of fighting censorship... but also links to the actual PuTTY site. Very weird mix of maybe-well-meaning and nonsense.
The guy behind that page and bitvise appears to have gone totally crazy during the pandemic. On his blog, he said in 2021 "I forecast that 2/3 of those who accept Covid vaccines are going to die by January 1, 2025."
And in 2022, he wrote "Covid-19 is mostly snake venom added to drinking water in selected locations. There may also be a virus, but the main vehicle of hospitalizations is boatloads of powder, mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake venom."
> mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake ven
Whaaaaat the fuuuuuuck
Can anyone debug this statement?? I’m not looped into weird this realm of paranoid delusion torecognizs what they’re referring to here.
I don’t really want to give it credit by linking to it, but this seems to refer to putty[.]org which is using its search ranking to push things unrelated to PuTTY.
People have tried to hijack PuTTY and WinSCP forever.
This landing page looks suspicious. Even though the HTML links look like they go back to the legit site (https://www.chiark.greenend.org.uk/~sgtatham/putty) I'm not clicking through to find out. There have been spoofing of links for 100's years.
The regular page looks designed by the rules of the earliest version of HTML from 1993: no colors, no fonts, no graphics; it could be a port of a Gopher page. But the new landing page goes all the way to 1995, with fancy custom link colors, and colorful bitmap graphics!
Not sure what all the negative comments are trying to accomplish. It's a perfect and simple little landing page. Simon has finally done what everyone has been asking for, so why are some people still complaining and harping about "trust" ? Get a grip.
I'm sure it's a great piece of software, but sometimes, the simpler is better. I used PuTTY for a decade or so, and while it was kinda ugly and clunky, it's very beautiful and perfect because of its imperfections.
When the first sentence on the page is "This website requires Javascript to be enabled.", I leave; but not before looking at the source and discovering a relative monstrosity, unlike the original PuTTY site which is almost pure content.
Somehow, these new long TLDs just feel spammy and "fake" and I usually ignore them when they show up in search results. Unfortunately the .com, .net and .org are already taken.
The org. one being already taken being the straw that broke the camel's back in this case. It has been a FAQ item for years. But the org. domain squatter's recent behaviour crossed the line, from what M. Tatham has said on the FediVerse.
I (and I suspect several others) suggested a TLD that you would probably have no qualms about, a few weeks ago. M. Tatham went with software. instead; which is fair enough. software. has been around for a while, and is stable and a fairly on-point choice.
They were originally a protection racket to shake down brands on the idea they’d have to register them all. Donuts even had the Domain protected marks list which let you pay to block registration but not have the domain yourself
Those actually feel spammy too; e.g. seeing "official" or "download" in a name has always triggered a suspicion, because normally there's no need to specially say your site is "official" or "download" besides to mislead.
Then again, I may be biased due to always remembering PuTTY's official page being someone's personal site hosted on a .org.uk server.
Certificate by Let's Encrypt, issued to "putty.software" no other info.
Sometimes I feel like we are training users to disregard safety mechanisms for phishing.
Using putty was never the pinnacle of professionalism and open source auditing anyway, it's just a binary you download on windows before you hear the gospel of linux and ssh.
Why would that be disregarding safety? There's no extra text you can put on the website that would prove anything else (apart from messages signed by a known key, but honestly nobody would check those). Certificates don't provide any identity validation in practice.
Is it just me that feels www.chiark.greenend.org.uk/~sgtatham/putty/ has some kind of sentimental value? I built a locked-down version fof PuTTY for their termainl-based (book) library system in 1998. It's been with me a long time.
I do see this type of versioning as an indictment of such a technology for production scenarios, it's all a house of cards if that's what you are building upon.
From the PuTTY FAQ: https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#...
Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned), and we don't believe the administrative hassle of moving the site would be worth the benefit.
I wonder if they changed their mind because Google ceased to be a reliable way to find them.
The first link I get when I searched for "putty" was `putty.org` which, according to the footer: "The PuTTY project or its authors have never owned this domain, registered it, or purchased it."
Nevertheless, I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
Also, these days, after decades of habit building and a rise in awareness about scam-related stuff, I think people expect to see the name of the project early on in the URL, not in 7th position as it is currently.
My first 3 matches are https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht..., https://www.putty.org/ and https://www.chiark.greenend.org.uk/~sgtatham/putty/
putty.org's page ranking used to be higher.
* https://hachyderm.io/@simontatham/115027646348662282
I suspect that the recent kerfuffle motivated people to finally clean out bogus hyperlinks that casually listed putty.org as the download site, which would have been contributing to inflated page rank up to that point. I found one on a wiki and fixed it, myself, and I'm sure that I was not the only person who went looking.
It's not inconceivable that some Googlers reads here or otherwise and took note to punish that site.
Assuming he owns the green end.org.uk domain, why not letting people land on putty.greenend.org.uk ?
Unfortunately the person who owns putty.org started to use it to spread misinformation about vaccines and the pandemic, as you can see on the site today.
This recently [1][2] got a lot of attention on the web and here on HN, along with a post on Mastodon from the author [3]
I imagine trying to disincentivize this and provide another shorter more official looking link is the hope here.
[1] https://www.theregister.com/2025/07/17/puttyorg_website_cont...
[2] https://news.ycombinator.com/item?id=44579265
[3] https://hachyderm.io/@simontatham/114846017785770922
> Since 2020 I have been speaking out against the fraudulent pandemic and the intentionally dangerous injections and my experience has been to have been censored and smeared. If you have not heard of me before, that's the reason.
One weird trick to make your insignificance seem significant!
Why do you think it is misinformation? The person seems to have great credentials to be speaking on the topic. This is the video linked from putty.org:
https://x.com/oraclefilmsuk/status/1940851935797461481
This seems similar to the Notepad++ team using their platform to promote political viewpoints.
The same thing happened with Facebook "pages", when they became a personal "soap box" by the owner of the page. It was downhill from there... You might as well turn the whole web into FB/Twitter/X/Insta promotional spam at that point.
It's not at all similar, and that doesn't have anything to do with the quality or lack thereof of the viewpoints.
The Notepad++ site is run by the authors and reflects their stance. Putty.org is run by an outside party who hijacks the reputation of the PuTTY project to push their agenda.
It's one thing to say "stand with Ukraine", and an entirely different thing to spread vaccine misinformation...
This seemed suspicious at first, but https://www.chiark.greenend.org.uk/~sgtatham/putty/ (the original official site) confirms it's real.
First thing I thought of was JiaTan75’s pushing of a new website for XZ.
Wow the way the new page text was written still had me guessing.
Maybe just call this the Future Home of Putty or something with a big link to the official page.
I suppose word will get around pretty fast but still.
The man himself also posted about it on his social media https://hachyderm.io/@simontatham/115025974777386803
As much as I like fedi, it does make it hard to understand which user on which instance is the correct one.
Luckily, fediverse has an account-to-website verification feature, see https://joinmastodon.org/verification . Mr. Tatham's account on hachyderm.io uses it, so we can be reasonably certain that it's the correct account for him.
Cool, but hachyderm.io also is not a trusted/recognizable domain for me. Trust issues all the way down!
It's definitionally the correct domain for Simon Tatham's social media. What are you expecting here?
How would the average person know that?
Average person aware of trust on social network / internet - because https://hachyderm.io/@simontatham has a validated link to the author's homepage.
Others - they don't understand the trust anyway, so there prerequisite steps missing before the main question anyway.
hachyderm.io says it has a validated link to his homepage, but if you don't already trust hachyderm.io that means nothing.
If you check the source of the website that it links to [1], on line 168, we have this
<p>I'm on Mastodon as <a rel="me" href="https://hachyderm.io/@simontatham">@simontatham@hachyderm.io</a>.</p>
If you trust that website, then you can be sure that this Mastodon account is the right one.
1. https://www.chiark.greenend.org.uk/~sgtatham/
It means a lot - you need to check the other side's meta to confirm yourself. https://fedi.tips/how-do-i-verify-my-account/
And that's why the fediverse thing is so niche :)
Looks like it's as complicated as a parts inventory system developed in house for a half a million employee company...
There's a link on one side and a meta tag on the other. It's as simple as you can make the validation between two sites. It's not even fediverse-specific really - there were other services doing something similar before.
For example, at https://www.chiark.greenend.org.uk/~sgtatham/ : (the rel=me is the important part)
No, it really means nothing. Identity on the internet is not a solved problem.
You are wrong.
It means that whoever owns the website marked as verified also owns the social account. See https://joinmastodon.org/verification for a quick overview of how it works.
No, it means a certain link exists on the website. On Hacker News of all sites, I would think we should all know that's not sufficient evidence of identity for an update regarding the source of critical software like a terminal.
Nobody claimed it validates the identity in any way. It validates that the person at the other website confirms it's their social account and the social account matches the other direction. The real identity is not involved here in any way and never was. You're disagreeing with someone nobody here raises.
But the link validation confirms that if you believed that the original download site belongs to the author, then you would have almost the same guarantee about the social account. (+/- the chances of the putty website being hacked)
Yes, your caveat at the end there is exactly why this method shouldn't be trusted, as it's indistinguishable from an attacker with access to embed a single link.
So it doesn't confirm the account belongs to the author, it confirms the site has a specific link and nothing more.
A regular link won't do, since it requires the rel="me" attribute, which is intended for this purpose: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/...
Adding a <meta> tag or creating a page with certain content are already used even for more impactful verification, like getting issued a certificate for that domain.
If an attacker does have broad access to edit the HTML of your website, I feel that's already the issue and Mastodon verifying that "this person controls this website" isn't even really wrong.
It was bad enough that we had to tell developers to trust some rando website to download a tool that we'd use to potentially plug in sensitive production usernames + credentials.
A link that looks like this:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...
And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing. Yeah, talk about a grey-beard get-off-my-lawn developer screaming at the wind and wanting to make it worse for themselves and their "brand".
So… what would be a trusted domain, for you, then?
https://www.chiark.greenend.org.uk/~sgtatham/putty/
Exactly. Which nicely confirms all this by saying:
Latest news
2025-08-14 New website, putty.software
We have a new domain name for the PuTTY website!
...
What if someone hacked his site and inserted that news item? Better to visit the guy in person and verify.
What if someone planted the idea of adding a new website for the project while he was asleep?
Which is what the original response linked to. :P
Hi that sad. I remember years ago sitting with a colleague and we had to download putty. Then we found the usual page. There is always the concern if it is legit or a fake site with malware. But I remember my colleague saying "it has to be genuine, only a computer scientist could make such a primitive web site"
Simon Tatham's most important work is keeping its page:
https://www.chiark.greenend.org.uk/~sgtatham/puzzles/
Try Mines, you never have to guess.
This is a perfect version of the game, nice.
I love these kind of webpages with little programs to discover.
That's a great variation of the game. Thanks for sharing the page. It's a gem!
The first thing I install in every Android device.
Ever since Windows gained Terminal and OpenSSH, my usage of Putty has almost entirely ceased except for serial for embedded systems work.
Then I realised Putty ships with a CLI version which I now use in Terminal for accessing serial.
I haven't used Putty since I stopped using Windows for anything serious (in the early 00s.) It was my favorite quick and dirty SSH and serial client before then though!
I have to say, I liked SecureCRT a lot, too.
PuTTY was just easier to get ahold of on a new install.
I think that's why it won out for me. That and its simplicity.
I always used mingw and similar projects. IMO, putty was always annoying (but very useful) software. The "ecosystem" seems better now though.
Indeed, that and “git bash” were always the weird outliers. I’m glad there’s now native options.
mingw predates git on windows (and in general), but yeah, indeed.
interesting to scan the log on that: https://github.com/git-for-windows/build-extra/blob/main/Rel...
I remember my journey trying to disambiguate Git Bash, Git for Windows, MinGW and MSYS2. To this day, I'm still not sure I have the full story right.
> Terminal
Have they fixed font rendering yet? cmd.exe looks better on my laptop
Have they fixed it spying on you? https://github.com/MicrosoftDocs/terminal/issues/139
Windows is basically spyware at this point. The only way to win is to not play.
Are you referring to the pixel-level font smoothing they use by default (as opposed to CMD's subpixel-level font smoothing)?
You need to define the "antialiasingMode" key in the settings JSON for the default profile to hold the value "cleartype", rather than "grayscale" (which is the default value). I don't believe this is exposed in the GUI settings page.
Note that this only affects the actual terminal emulation area. The rest of the application will still be pixel-level font smoothed (so e.g. the tab titlebars, the settings, etc.).
The first time I ever saw it, the text already looked better than cmd.exe via conhost.
https://imgur.com/a/qA1fr71
Something wrong with my eyes? Doesn't cmd.exe look smoother in this screenshot?
cmd.exe looks worse to me. Particularly because of the lack of padding on the left.
I agree. In those screenshots cmd looks better. Not sure what's up.
cmd looks pixelated.
I find the Terminal more readable because the white seems brighter in your screenshots
The color is configurable for both.
My Terminal looks great! https://imgur.com/a/js6Yzxf
Terminal looks far better.
I've only used it through RDP on Wayland and it's been fine visually. Downloading it can be a challenge if you don't know where to look (Github, not Microsoft's App Store...)
I’ve never noticed any issues on any computer with it…
I don't trust Windows with my SSH keys. Since about 2 years, I am actively preparing my final migration to Linux. There's some Windows software left that I need to replace before this move is possible, but I am close.
I agree with you and just wanted to add that for what it's worth one can optionally limit where ssh keys are useful by adding network restrictions on the public key / server side. e.g.
or wherever your system is configured to look for public keys, typically /home/username/.ssh/id_dsa.pub. I use a different location. Even being really broad like adding a /16 or /8 for a home ISP is still better than allowing the entire internet. This can also be useful where machine-to-machine ssh keys are utilized one can limit the access to that network so that should keys leak the potential blast radius of damage is reduced. For example, the keys for an Ansible account can be restricted to the Primary/Secondary Ansible server IP addresses or at very least the CIDR block(s) of the network(s) they reside in. Broad restrictions are not perfect but perfect is the enemy of good or good enough.Example use case would be that lets say a contractor from Microsoft tries one of your keys. Your restriction limits the key validity to 24.0.0.0/8 and they are coming from 207.0.0.0/8. They will be denied Authentication refused and you now have log entries that can be shared with their fraud department, the world, whomever.
Just pull the trigger. A surprisingly large amount of software just works on wine.
I'm a c# dev with near 20 years experience, and I finally got the shits with advertising in the start menu. Arch Linux, because I figured why not do it properly?
I game a fair bit, and find most things on steam just work.
> I'm a c# dev with near 20 years experience
Which IDE do you use? JetBrains Rider?
Is such paranoia warranted? Millions of corporate laptops run Windows 11 just fine. I know M$ is evil and spying on you, but not to such degree.
Having a Windows 11 corporate laptop with a domain/Entra login, I actually trust it more than a home Windows 11 with a Microsoft account. Because if I lock myself out, I have a contact (corporate support) that is actually interested in helping me recover everything. With a Microsoft account it's a mess. I had so many problems with Microsoft accounts that I lost count of how many I have, and most are broken in some way, because of different issues and different service integrations over time. The Skype account is now useless. I never recovered my paid Minecraft account after one event. With a machine with a local account, now I have to be very careful on what I click related to MS accounts, because trying to solve various issues with Teams, I managed to get the local account linked with that MS account. I spent hours trying to recover a different account after I randomly filled one nagging question about birth date - who wants to give the real birth date to Microsoft - and then I got locked out because I said was underage :). So yes, one of the big issues is the push to have a linked OS account where you have to rely on MS support to solve your issues, otherwise you basically get locked out of your machine and other things you paid for.
Also, domain policies offer more control over the corporate PCs (this is how some of the MS spying is shut off on corporate PCs; it's debatable if the corporate spying added by other domain policies is an improvement).
I have to agree, I've also suffered account problems. I was locked out from an email address I used for 20 years. It refuses to take my password which is still valid. I've changed phone number since 20 years ago so can't use that and the security questions were nonsense as I was a teenager. Originally my account never had phone number, they insisted I add it when they integrated my Skype account perhaps. So I didn't expect access to that phone number to be a strong ongoing requirement.
I recently, by playing around with the LAN's default PAC file and a dummy HTTP server, discovered that on a machine that says in System Settings that Proxy Auto-Discovery is turned off, the PAC file is still fetched and used by a too-large number of Microsoft/Google background auto-update services, from Windows Update to Office.
* https://mastodonapp.uk/@JdeBP/114693762493884550
I had been lucky through having done my own experimentation, decades ago, with setting up a default PAC file on the LAN and having left it in just-send-everything-directly mode, keeping it as I upgraded things on the LAN, all of these years. Because otherwise I would have been vulnerable to a third-party in the search path for years, on a machine that clearly and unequivocally, including per direct inspection of the setting in the registry, has this switched off.
* https://jdebp.uk/FGA/web-browser-auto-proxy-configuration.ht...
> Is such paranoia warranted? Millions of corporate laptops run Windows 11 just fine.
Yes. With Windows Recall data mining surveillance screenshots taken every 5-7 seconds, completely disregarding if this may compromise your security, safety or privacy, we move from "you're the product" to "you're a pet in a zoo, and we want to learn from your behavior."
> I know M$ is evil and spying on you, but not to such degree.*
I mean, they could be recording every second.
I'm pretty sure that's a bandwidth issue.
Not because they really feel like giving you 3-4 second pockets of security, safety and privacy.
I don't trust microsoft to not push an update that exposes all my stuff. Their updates the last few years have been an absolutely shitshow in so many regards.
If Windows were to steal your SSH keys (lol), would you really think using a third-party program would protect you? The evil code could just read the key you configured in PuTTY.
Why replace it? Wine works fine.
Can you tell us which software? (Even if it’s very niche) I’m really curious where the gaps are.
I know Altium doesn’t work, which is very important if you need to provide someone else files in Altium format. If you just want to work on designs there’s always Kicad, which is increasingly very good! But it can’t save in Altium format, and I’m not sure I’d trust it for manufacturing.
The other thing I’m missing is my 3D Gerber viewer called ZofZPCB. I’ve not gotten either it or Altium to even start.
I was expecting a modern redesign when I read the headline, but I was so delighted to be greeted by such a nostalgic style!
Cheers to decades of memories with PuTTY!
Thank you PuTTY for saving my butt so many times in archaic security-theatre companies who would block all ssh apps except leave the PuTTY website and downloads still available.
> Unlike other landing pages, this one is run by the PuTTY team itself, and not by a third party with their own agenda.
No idea what this means.
Anyway Simon Tatham's games are so good I think he gets a pass on anything else he does.
Context: "The domain name putty.org is NOT run by the #PuTTY developers" (https://hachyderm.io/@simontatham/114846017785770922 discussed before at https://news.ycombinator.com/item?id=44558328), but by a competitor who historically used the site at that domain to promote their own product.
It's much weirder now.
The current holder of that domain is using it to host a single page that pushes anti-vax nonsense under the guise of fighting censorship... but also links to the actual PuTTY site. Very weird mix of maybe-well-meaning and nonsense.
The guy behind that page and bitvise appears to have gone totally crazy during the pandemic. On his blog, he said in 2021 "I forecast that 2/3 of those who accept Covid vaccines are going to die by January 1, 2025."
And in 2022, he wrote "Covid-19 is mostly snake venom added to drinking water in selected locations. There may also be a virus, but the main vehicle of hospitalizations is boatloads of powder, mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake venom."
> mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake ven
Whaaaaat the fuuuuuuck
Can anyone debug this statement?? I’m not looped into weird this realm of paranoid delusion torecognizs what they’re referring to here.
That looks like an open and shut ICANN trademark case to me.
https://web.archive.org/web/20250728091154/https://www.putty...
They publish (right at the bottom of that page) the emails where a journalist asked them why they're squatting the PuTTY domain and somehow think they make the journalist look bad?! https://web.archive.org/web/20250728091156/https://www.putty...
The guy who runs putty.org is absolutely the South Park basement guy
Do they have a trademark? It costs $325 per year plus roughly $650 for the initial application (even if rejected). Is he paying that?
There isn't a trademark for PuTTY.
Simon Tatham's Portable Puzzle Collection (https://www.chiark.greenend.org.uk/~sgtatham/puzzles/) is a fantastic set of logic games that's been ported to practically every platform imaginable.
I don’t really want to give it credit by linking to it, but this seems to refer to putty[.]org which is using its search ranking to push things unrelated to PuTTY.
See https://news.ycombinator.com/item?id=44558328 and https://news.ycombinator.com/item?id=44579265 for background.
I rather enjoyed the suggestion that the new WWW site could retain the flavour of the old, for the Unix shell syntax diehards. (-:
* https://mastodon.gamedev.place/@thomastc/115031906344758192
lol is this a joke? Why are the screenshots blurry and miniscule? And randomly spaced in the middle of the page.
Come on, even ChatGPT can do a better job than this.
People have tried to hijack PuTTY and WinSCP forever.
This landing page looks suspicious. Even though the HTML links look like they go back to the legit site (https://www.chiark.greenend.org.uk/~sgtatham/putty) I'm not clicking through to find out. There have been spoofing of links for 100's years.
Yes, the domain was suspicious to me too, but the legit site links back to it.
I hope they only change the domain name, and keep the spartan websiste.
The regular page looks designed by the rules of the earliest version of HTML from 1993: no colors, no fonts, no graphics; it could be a port of a Gopher page. But the new landing page goes all the way to 1995, with fancy custom link colors, and colorful bitmap graphics!
The new one even has CSS making it much more modern.
Related recent context/controversy that maybe fueled some of this:
putty.org is not run by the PuTTY developers
https://news.ycombinator.com/item?id=44558328
Hijacking Trust? Bitvise Under Fire for Controlling Domain of FOSS Project PuTTY
https://news.ycombinator.com/item?id=44579265
There's no "maybe" to it. (-:
* https://hachyderm.io/@simontatham/115026616955174986
Not sure what all the negative comments are trying to accomplish. It's a perfect and simple little landing page. Simon has finally done what everyone has been asking for, so why are some people still complaining and harping about "trust" ? Get a grip.
If they are opening or changing the main page, then the main page should be spamming everyone that it is their new legitimate page, but it is not.
This looks like a PuTTY/WinSCP hijack all over again.
Get over yourself.
It is. The very first news item on the original page mentions it. It's plain as 1993.
Since windows started shipping open ssh I don’t have any use for putty.
I see no mention in this thread of KiTTY <https://www.9bis.net/kitty/>, no one uses this instead of PuTTY?
I'm sure it's a great piece of software, but sometimes, the simpler is better. I used PuTTY for a decade or so, and while it was kinda ugly and clunky, it's very beautiful and perfect because of its imperfections.
There are two pieces of software named Kitty. That one is the other one. (-:
When the first sentence on the page is "This website requires Javascript to be enabled.", I leave; but not before looking at the source and discovering a relative monstrosity, unlike the original PuTTY site which is almost pure content.
Somehow, these new long TLDs just feel spammy and "fake" and I usually ignore them when they show up in search results. Unfortunately the .com, .net and .org are already taken.
The org. one being already taken being the straw that broke the camel's back in this case. It has been a FAQ item for years. But the org. domain squatter's recent behaviour crossed the line, from what M. Tatham has said on the FediVerse.
I (and I suspect several others) suggested a TLD that you would probably have no qualms about, a few weeks ago. M. Tatham went with software. instead; which is fair enough. software. has been around for a while, and is stable and a fairly on-point choice.
Be thankful that it was not putty.party. . (-:
They were originally a protection racket to shake down brands on the idea they’d have to register them all. Donuts even had the Domain protected marks list which let you pay to block registration but not have the domain yourself
I agree, there's some good alternatives available too of about the same length (if you include name + TLD):
Those actually feel spammy too; e.g. seeing "official" or "download" in a name has always triggered a suspicion, because normally there's no need to specially say your site is "official" or "download" besides to mislead.
Then again, I may be biased due to always remembering PuTTY's official page being someone's personal site hosted on a .org.uk server.
There is actually a mirror at https://www.puttyssh.org/
I also noticed https://getputty.org is as well.
anything with "download" in the domain name looks scammy to me
All of these are better than and I assume cheaper than that .software one.
Even puttytelnet.com/org/net is available.
Hell the puttytel.net is available
Not a big deal, because they tend to be trusted eventually by the search engines and the language models, though I don't trust much the latter to tbh.
Certificate by Let's Encrypt, issued to "putty.software" no other info.
Sometimes I feel like we are training users to disregard safety mechanisms for phishing.
Using putty was never the pinnacle of professionalism and open source auditing anyway, it's just a binary you download on windows before you hear the gospel of linux and ssh.
Why would that be disregarding safety? There's no extra text you can put on the website that would prove anything else (apart from messages signed by a known key, but honestly nobody would check those). Certificates don't provide any identity validation in practice.
I'm sure you could ask Mr Tatham to offer a version with feel-good certificates for the low low price of a couple Silicon Valley lattes per month...
> Using putty was never the pinnacle of professionalism and open source auditing anyway
Huh? The source is available on the original site and TTBOMK always has been, you're welcome to compile it yourself.
And thus NextDNS blocked it under NRDs blocking criteria :)
Is it just me that feels www.chiark.greenend.org.uk/~sgtatham/putty/ has some kind of sentimental value? I built a locked-down version fof PuTTY for their termainl-based (book) library system in 1998. It's been with me a long time.
What is the point of PuTTY these days?
Will putty ever reach 1.0?
https://0ver.org/
Nice page.
I do see this type of versioning as an indictment of such a technology for production scenarios, it's all a house of cards if that's what you are building upon.
It's a liability disclaimer versioning schema
wow! I used PuTTY about 18 years ago.
JFC I wish they would stop using Courier as the default font. It's like looking down the barrels of a shotgun. Consolas ftw.
At least it’s readable on a phone with text reflowing unlike the main site, although there is no text to read, so not much of a win…
Why not add a link on the old page to the new one? Bad practice and suspicious.
https://www.chiark.greenend.org.uk/~sgtatham/putty/ says: 2025-08-14 New website, putty.software