No idea what this means.
Anyway Simon Tatham's games are so good I think he gets a pass on anything else he does.
The current holder of that domain is using it to host a single page that pushes anti-vax nonsense under the guise of fighting censorship... but also links to the actual PuTTY site. Very weird mix of maybe-well-meaning and nonsense.
And in 2022, he wrote "Covid-19 is mostly snake venom added to drinking water in selected locations. There may also be a virus, but the main vehicle of hospitalizations is boatloads of powder, mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake venom."
Whaaaaat the fuuuuuuck
Can anyone debug this statement?? I’m not looped into weird this realm of paranoid delusion torecognizs what they’re referring to here.
https://web.archive.org/web/20250728091154/https://www.putty...
Plus, I can find absolutely zero evidence of the existence of a German journalist called "Mirai F", so I'm a bit suspicious. (It might be the "PuPRed" person being maybe-doxxed -- but that's a blog site which entirely consists of a single article about PuTTY, so I'm not convinced "journalist" applies in a meaningful sense.)
The Bitvise answers also don't look good, of course. Nobody comes out of that one smelling like roses.
I say this as someone who thinks putty.org was pretty sketchy before it went full anti-vax, and is currently looking like a slam-dunk example of the kind of thing trademark law was meant for.
I do see this type of versioning as an indictment of such a technology for production scenarios, it's all a house of cards if that's what you are building upon.
It's a liability disclaimer versioning schema
Then I realised Putty ships with a CLI version which I now use in Terminal for accessing serial.
Have they fixed font rendering yet? cmd.exe looks better on my laptop
Something wrong with my eyes? Doesn't cmd.exe look smoother in this screenshot?
https://github.com/microsoft/terminal/commit/906edf7002b8ccf...
You need to define the "antialiasingMode" key in the settings JSON for the default profile to hold the value "cleartype", rather than "grayscale" (which is the default value). I don't believe this is exposed in the GUI settings page.
Note that this only affects the actual terminal emulation area. The rest of the application will still be pixel-level font smoothed (so e.g. the tab titlebars, the settings, etc.).
interesting to scan the log on that: https://github.com/git-for-windows/build-extra/blob/main/Rel...
i cannot imagine windows without it. even wsl garbage pales in comparison
PuTTY was just easier to get ahold of on a new install.
I think that's why it won out for me. That and its simplicity.
Also, domain policies offer more control over the corporate PCs (this is how some of the MS spying is shut off on corporate PCs; it's debatable if the corporate spying added by other domain policies is an improvement).
Yes. With Windows Recall data mining surveillance screenshots taken every 5-7 seconds, completely disregarding if this may compromise your security, safety or privacy, we move from "you're the product" to "you're a pet in a zoo, and we want to learn from your behavior."
> I know M$ is evil and spying on you, but not to such degree.*
I mean, they could be recording every second.
I'm pretty sure that's a bandwidth issue.
Not because they really feel like giving you 3-4 second pockets of security, safety and privacy.
Some of you people are just too far gone to turn off a setting.
For now. This is Microsoft we’re talking about. Needing a Microsoft account to log in to Windows used to be optional.
My lack of trust in Microsoft (or Google) to keep my interest in mind is rooted in experience.
The problem is: once your organisation is so corrupt that they think of this shit, turning off bad ideas becomes a game of whack-a-mole.
Just say no to this kind of behaviour.
* https://mastodonapp.uk/@JdeBP/114693762493884550
I had been lucky through having done my own experimentation, decades ago, with setting up a default PAC file on the LAN and having left it in just-send-everything-directly mode, keeping it as I upgraded things on the LAN, all of these years. Because otherwise I would have been vulnerable to a third-party in the search path for years, on a machine that clearly and unequivocally, including per direct inspection of the setting in the registry, has this switched off.
* https://jdebp.uk/FGA/web-browser-auto-proxy-configuration.ht...
I'm a c# dev with near 20 years experience, and I finally got the shits with advertising in the start menu. Arch Linux, because I figured why not do it properly?
I game a fair bit, and find most things on steam just work.
Which IDE do you use? JetBrains Rider?
I mostly use VS Code to be honest. I use VSCode for other languages and for a long time it was the only graphical editor to have good remote development (over SSH) support.
Rider has that feature now though and is pretty nice too. I typically jump over to it when I need to profile something as it integrates with dotTrace. If you're coming from full-fat Visual Studio you'll probably prefer Rider.
My personal dev is shifting to Rust.
But I found that the Bottles project pretty much solves this, by installing everything in some kind of sandboxed environment:
https://github.com/bottlesdevs/Bottles
Has worked wonderfully for the few cases where plain Wine failed.
they don't have sandbox. only if you install the flatpack AND DISABLE SOME CONVENIENCES you actually get something I'd call a safe sandbox.
but their site lies and make you feel safe while being extremely vulnerable installing cracked games (which is what everyone used bubble for).
The other thing I’m missing is my 3D Gerber viewer called ZofZPCB. I’ve not gotten either it or Altium to even start.
For years, I've had a seamless document management process on Windows for all my receipts and bills:
1. My ScanSnap scans, auto-crops, and OCRs documents into a designated folder.
2. A small open-source tool, DropIt [1], monitors that folder.
3. Based on about 100 custom rules that parse the OCR'd text (for tax IDs, phone numbers, etc.), DropIt automatically renames and moves the PDFs into the correct subfolders.
4. Nextcloud then syncs the organized files, and I can discard the paper originals.
When I explored replicating this on Linux, I found the building blocks exist. For instance, ocrmypdf seems to be a powerful OCR tool, and SANE drivers combined with gscan2pdf can handle the scanning. [2] I also found several tools for automated file renaming and organization.[3] However, the Fujitsu ScanSnap Home software provides an all-in-one experience for the initial capture.[4] More importantly, I'd have to manually translate all my pattern-matching rules from DropIt to a new system, likely a collection of shell scripts. I still feel that this is too fragile. I would need to program all exceptions myself: file renaming issues, special characters, length of document names, issues with OCR and alerting, should anything go wrong. The system needs to be fail-safe because once I throw the original away, there is no going back.
Then, another challenge is to find the time to replace this reliable system with the shortest "downtime" possible. I need this daily.. so I already decided I need a migration phase, where both systems run in parallel. Perhaps this better explains my slowness to migrate to Linux.
The fact that there isn't a well-known, integrated tool for this on Linux seems suspicious. It makes me wonder if I'm approaching the problem from the wrong direction. Is there a more "Linux-native" philosophy for this kind of workflow automation that I'm missing?
And yes, I'm aware of Paperless-ngx. It's a fantastic project, but I'm committed to my current folder structure and prefer to avoid a solution that centralizes my documents in a database, away from my Nextcloud setup and my filesystem-first-philosophy for document management. I don't trust that paperless-ngx will be available in 40+ years from now, but I need my document management to last that long.
[1]: http://www.dropitproject.com/
[2]: https://github.com/ocrmypdf/OCRmyPDF
[3]: https://github.com/ptmrio/autorename-pdf
[4]: https://forum.manjaro.org/t/fujitsu-scansnap-home-software-f...
grep AuthorizedKeysFile /etc/ssh/sshd_config
AuthorizedKeysFile /etc/ssh/keys/%u
cat /etc/ssh/keys/bender
from="[192.redacted]/24,[redacted]/20" ssh-ed25519 AAAAC[snip...] comment
Example use case would be that lets say a contractor from Microsoft tries one of your keys. Your restriction limits the key validity to 24.0.0.0/8 and they are coming from 207.0.0.0/8. They will be denied Authentication refused and you now have log entries that can be shared with their fraud department, the world, whomever. Obviously the tighter the restrictions the better, at the risk of requiring a static IPv4 or IPv6 address if too tight. One can always have lighter restrictions on a fall-back account that requires additional hoops to sudo / doas / su.
Sometimes I feel like we are training users to disregard safety mechanisms for phishing.
Using putty was never the pinnacle of professionalism and open source auditing anyway, it's just a binary you download on windows before you hear the gospel of linux and ssh.
Huh? The source is available on the original site and TTBOMK always has been, you're welcome to compile it yourself.
However, it seems that the universe heard my pleas https://git.tartarus.org/?p=simon/putty.git;a=commit;h=c19e7... Replace mkfiles.pl with a CMake build system
For context, I believe that a tool isn't open source unless I can build it, so I actually build almost anything I can from source for that reason
That's how domain validated certificates that are used on most website today work.
And yes, it's bonkers that we need to rely on authorities like Let's Encrypt for this instead of just delegating trust via the same hierarchy as DNS.
puttyclient.com
puttyofficial.com
puttytools.com
puttydownloads.com
downloadputty.orgEven puttytelnet.com/org/net is available.
Hell the puttytel.net is available
Then again, I may be biased due to always remembering PuTTY's official page being someone's personal site hosted on a .org.uk server.
There is actually a mirror at https://www.puttyssh.org/
This sounds like a virus site.
I (and I suspect several others) suggested a TLD that you would probably have no qualms about, a few weeks ago. M. Tatham went with software. instead; which is fair enough. software. has been around for a while, and is stable and a fairly on-point choice.
Be thankful that it was not putty.party. . (-:
Even a .com/org/net with something like getputty or similar as the domain name would feel less sketchy than putty.sofware.
putty.net is also up for sale but probably will be an unreasonable price and paying the troll toll would suck.
https://www.chiark.greenend.org.uk/~sgtatham/puzzles/
Try Mines, you never have to guess.
putty.org is not run by the PuTTY developers
https://news.ycombinator.com/item?id=44558328
Hijacking Trust? Bitvise Under Fire for Controlling Domain of FOSS Project PuTTY
Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned), and we don't believe the administrative hassle of moving the site would be worth the benefit.
I wonder if they changed their mind because Google ceased to be a reliable way to find them.
Nevertheless, I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
Also, these days, after decades of habit building and a rise in awareness about scam-related stuff, I think people expect to see the name of the project early on in the URL, not in 7th position as it is currently.
* https://hachyderm.io/@simontatham/115027646348662282
I suspect that the recent kerfuffle motivated people to finally clean out bogus hyperlinks that casually listed putty.org as the download site, which would have been contributing to inflated page rank up to that point. I found one on a wiki and fixed it, myself, and I'm sure that I was not the only person who went looking.
That's pretty much all of the AI industry and clients.
This recently [1][2] got a lot of attention on the web and here on HN, along with a post on Mastodon from the author [3]
I imagine trying to disincentivize this and provide another shorter more official looking link is the hope here.
[1] https://www.theregister.com/2025/07/17/puttyorg_website_cont...
One weird trick to make your insignificance seem significant!
Extrapolated to the present time, all of us vaccinated individuals are now suffering the big consequences.
Too bad all nutjobs aren't so easy to disprove by simply taking a single large breath. :)
The same thing happened with Facebook "pages", when they became a personal "soap box" by the owner of the page. It was downhill from there... You might as well turn the whole web into FB/Twitter/X/Insta promotional spam at that point.
The Notepad++ site is run by the authors and reflects their stance. Putty.org is run by an outside party who hijacks the reputation of the PuTTY project to push their agenda.
I'm sure we can then find experts with those kinds of qualifications who also pushed covid misinformation (or to use more old-school terms, straight up fucking lies and unfounded, conspiratorial speculations) and held minority opinions.
Then we can lament on how having a minority opinion means your opinion is definitely being unjustly oppressed, as opposed to justly oppressed, which somehow we'll not be able to produce an example for. Does that really matter though if we can just pretend that we do have an example, or even believe outright we do and just not agree?
Or maybe we can lament on how just blindly trusting either authority or expertise is possibly not the most solid idea in the world. As if we actually had the option to do otherwise at scale, even in the best case scenario, and all people were magically equal and equipped to do so.
Humans and their unattainable reasoning ability. Oh the modern world. Yeah right.
Everyone has the world the size he deserves…
Like imagine thinking that parsing this:
> I'm sure we can then find experts with those kinds of qualifications who also pushed covid misinformation (or to use more old-school terms, straight up fucking lies and unfounded, conspiratorial speculations) and held minority opinions.
as this:
> So an expert is exactly the one you want to believe, and no other person, and you tailor the definition just exactly, so only people with your opinion are experts.
resembles any form of intelligence. These two are in direct contradiction!
Is this really that big of a bar? Let's read together!
> I'm sure we can then find experts with those kinds of qualifications
So I recognize that there are experts with the "right qualifications", whatever that means to me, we don't even have to agree.
> who also pushed covid misinformation and held minority opinions.
So no, I do not stop recognizing them as experts, despite them not confirming my beliefs. Instead, what I do is consider them to have pushed covid misinformation, holding minority opinions, despite being experts with the "right qualifications".
Was this really that hard? I even featured multiple paragraphs after this arguing back and forth on your behalf!
Trusting expert or authority opinion is analogous to trusted computing. It works until it doesn't, and when there's debate among the trusted parties, there's two options: unanimous consensus, which humanity is not exactly known for as you can tell, or majority consensus, which yielded that the guy is wrong period. Choose anything else, and you're discarding the trust-based model in favor of something else; there's no trust and/or no consensus.
And what model do people turn to when there's no trust? Verifiability. This is why I brought up that at scale, verifiability is simply not viable, not as far as I can tell, and somehow this wasn't what you latched on to either. Current state of affairs could be improved a lot, I do think that academic research output has a lot of room for improvement in accessibility, and that getting up to speed with a different area to one's own shouldn't be as hard as it is. But just think about our guy and his claims in practical terms. He was claiming things like "nuh-uh, no second wave in the UK". How are you going to hand verify that yourself on your own? Are you going to act a Santa Claus one night and just visit everyone and take samples? Come on.
And so this was never actually about either of these. It was about believing different things and then piling on top whatever is available, reversing what came first: the thought, or the rationale behind that thought.
I can understand if someone, irrespective of the (majority) scientific consensus on mask use, vaccination, distancing, sanitation, and isolation, simply still chooses to not fall in line out of gut feeling or whatever, and owns up to it. That is at least intellectually honest. But this "oh so you're thinking <the exact opposite of what I said>" and this "a handful of experts out of millions claim otherwise so they're right and unjustly oppressed, and everyone else is wrong and complicit" rubbish is pitiful. The putty.org owner could swap the current text out for free infinite energy or flat earth theory and it would be equally believable. You see countless of those with the same sob story of being unjustly oppressed and then the thing somehow turning out to be bollocks or a scam, sometimes both, all the time. With the rare but convenient few experts chiming in being the occasional icing on the cake, much like the phony full time jury-only experts presenting on court in favor of insurance companies.
It is simply not reasonable to believe in what the guy is pushing, unless you've been believing that from the get-go - at which point, there's nothing to argue anyways. This is unlike the trust-based or the verification-based models, which have more going for them than just the sheer belief of individuals, and where there is capacity for arguments. Arguments that we are not having, because you're entirely too busy intentionally(?) misreading the guy's work title and qualifications, and intentionally(?) misreading what I wrote.
Amazing things happen when you crank up the level of simplification.
I'm trying to grok this, but all of the posts sort of obliquely refer to things that happened in the past (even the old HN links here), rather than explicitly just explain what the hell happened.
https://web.archive.org/web/20170822083048/http://www.putty....
The domain owner seems to feel he was providing a service to putty by providing the short domain name and feels slighted that they are moving to have their own now that he is taking actions that they find more objectionable than just also linking to his competitor, but to be honest it always seemed some unethical squatting to me, based on the Putty devs not having the time to complete a UDRP process.
> Unfortunately the person who owns putty.org
> started to use it to spread misinformation
> about vaccines and[...]
Instead it's just some guy's website clearly unrelated to PuTTY. He's even gone out of his way to point people looking for PuTTY in the right direction. Who cares what his opinion is about anything else?
Well I googled putty and found a couple different .org domains, one who which said it was legit but not official, and another which said it was official but looked wildly out of date.
Neither one I could find a download for Mac that worked. The one I tried gave a scary “we no longer allow putty sudo access as it’s dangerous” and when I googled this error I could find no explanation to assuage me.
And since I wanted to make sure what I was doing was legit, I searched for alternatives.
Eventually I discovered I could use command line in mac to generate the keys I needed. But first I installed Xcode then ran the command (I used chatgpt to tell me exactly how to get the type and length I needed). It was easy.
Side note, the whole culture of downloading random software and using it with just a single line in a terminal is always sketchy to me too. But I’m not a coder so I’m not used to it.
https://docs.github.com/en/authentication/connecting-to-gith...
https://serverfault.com/questions/780476/generating-ssh-keys...
My knowledge was a bit outdated by about a decade.
The idea is that you will need to put some trust in the project anyway, since you’re trying to install it. Might as well make it easier with a one line install.
Edit: You should only do this if someone reliable tells you to, honestly. Doing this with truly random projects you aimlessly find is not a good idea.
The website I was sketched out by (but tried it anyway, then got the scary error) was puttygen.com which had me install homebrew (whatever that is) and then do “sudo brew install putty”
The closest I saw was a .tr.gz file (i.e. a gzipped Tape ARchive) of Unix source code, but A) I don't know of their definition of "Unix" includes OS X / MacOS; and B) judging from your comments here, you don't seem like the type who would want to install software by downloading, decompressing, and compiling source code.
I'm thinking the people who told you to use PuTTY were assuming that you are a Windows user.
… Well, I guess that's what they've done. Surely nobody could ever have been this naïve, though; it's not as though Google massaging results into unusable mess is anything new.
How else would you find it? By typing domain name guesses into your address bar until you hit the right one? How would you be sure you've hit the right one and not a scammer/squatter?
This is not a particularly easy problem to solve, and I agree that relying on Google to accurately and safely deliver you to the correct web site isn't great either, but I think we'd be much worse off without search engines.
It is a reasonable change to make. Do the rest of their native Win32 UI controls still use MS Sans Serif (Windows 98) or Tahoma (XP) instead of Segoe UI (Vista)?
Cheers to decades of memories with PuTTY!
* https://mastodon.gamedev.place/@thomastc/115031906344758192
Come on, even ChatGPT can do a better job than this.
Using putty as my daily driver was definitely part of my coming-of-age story as a windows sysadmin way back when.
PuTTY's website is fairly clean and accessible, unlike this landing page.
I'm pretty happy with Windows Terminal these days, but before then, it was all PuTTY + SecureCRT.
Just open a terminal and type ssh just like you would in Linux.
That said, some people like PuTTY. It is much easier to setup and use. It also offers other features (like serial communications).
Putty is a terminal emulator and an SSH + telnet client all in one. Now Microsoft offers a number of platforms that overlap to provide similar functionality.
WSL2 (aka WSL) is the Linux system that runs a Linux kernel and apps within Windows (technically a hidden HyperV VM) with some loose bindings to the OS resources for networking, files etc.
OpenSSH is the SSH client installed with Windows. It can be used via CMD or Windows Terminal + Powershell . You don’t need WSL installed. So it’s great for VMs or remote shells.
Powershell is the Windows Shell (like bash on Linux or CMD on earlier windows) that lets you run openssh and other windows CLI Apps
Windows Terminal is the new-ish (6+ years) terminal emulator that lets you run a variety of shells. Most commonly Powershell , Bash (WSL), or you can SSH to any host using openssh . It works like tmux with tabs/windows into any remote host .
I decided to lay this all out because Windows apps for SSH and terminals are a little different than Linux.
The homepage and the downloads page both seem fine to me.
(BTW, the collection of one-player puzzle games is super!)
I work in OPs and use Putty daily. For people like me, finding and downloading the correct app is simple. For non-technicals, this just seems like the perfect way to download malware and destroy a company's reputation.
Puzzling, imo.
josephcsible•5mo ago
dcrazy•5mo ago
pharrington•5mo ago
throaway920181•5mo ago
jachee•5mo ago
zaphirplane•5mo ago
zugi•5mo ago
Latest news
2025-08-14 New website, putty.software
We have a new domain name for the PuTTY website!
...
cyphar•5mo ago
roman_soldier•5mo ago
rzzzt•5mo ago
andrewflnr•5mo ago
closewith•5mo ago
viraptor•5mo ago
Others - they don't understand the trust anyway, so there prerequisite steps missing before the main question anyway.
jstanley•5mo ago
viraptor•5mo ago
mjmas•5mo ago
closewith•5mo ago
pferde•5mo ago
It means that whoever owns the website marked as verified also owns the social account. See https://joinmastodon.org/verification for a quick overview of how it works.
closewith•5mo ago
viraptor•5mo ago
But the link validation confirms that if you believed that the original download site belongs to the author, then you would have almost the same guarantee about the social account. (+/- the chances of the putty website being hacked)
closewith•5mo ago
So it doesn't confirm the account belongs to the author, it confirms the site has a specific link and nothing more.
Ukv•5mo ago
Adding a <meta> tag or creating a page with certain content are already used even for more impactful verification, like getting issued a certificate for that domain.
If an attacker does have broad access to edit the HTML of your website, I feel that's already the issue and Mastodon verifying that "this person controls this website" isn't even really wrong.
closewith•5mo ago
Ukv•5mo ago
closewith•5mo ago
No sane sober person would use it to authenticate messages about changing URLs in a software supply chain.
Ukv•5mo ago
This is in addition to the original site linking to the new one with a news post. Does that also mean nothing because an attacker could add a news post to the page?
nickv•5mo ago
How is this any different than your email address being compromised? How is this different than having your laptop compromised and somebody downloading your .ssh folder?
The issue here isn't "is this reliable identification" - because it IS reliable. Your concern is "how likely is this to be compromised vs other things" and that's a fair concern - but there are plenty of very secure web sites out there. This isn't saying "I am john doe and this is my identity", this is saying with some confidence "this person on mastadon is the same person as the person who wrote this web site copy" and that's a totally fine piece of identification for the right context.
account42•5mo ago
account42•5mo ago
nottorp•5mo ago
Looks like it's as complicated as a parts inventory system developed in house for a half a million employee company...
viraptor•5mo ago
bentinata•5mo ago
aembleton•5mo ago
<p>I'm on Mastodon as <a rel="me" href="https://hachyderm.io/@simontatham">@simontatham@hachyderm.io</a>.</p>
If you trust that website, then you can be sure that this Mastodon account is the right one.
1. https://www.chiark.greenend.org.uk/~sgtatham/
kelnos•5mo ago
zo1•5mo ago
A link that looks like this:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...
And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing. Yeah, talk about a grey-beard get-off-my-lawn developer screaming at the wind and wanting to make it worse for themselves and their "brand".
viraptor•5mo ago
At this point tech people should understand what Mastodon is. For their own benefit. It's been years.
closewith•5mo ago
viraptor•5mo ago
CRConrad•5mo ago
andrewflnr•5mo ago
RainyDayTmrw•5mo ago
pferde•5mo ago
ChrisArchitect•5mo ago
Maybe just call this the Future Home of Putty or something with a big link to the official page.
I suppose word will get around pretty fast but still.