Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned), and we don't believe the administrative hassle of moving the site would be worth the benefit.
I wonder if they changed their mind because Google ceased to be a reliable way to find them.
ahmedfromtunis 1 days ago [-]
The first link I get when I searched for "putty" was `putty.org` which, according to the footer: "The PuTTY project or its authors have never owned this domain, registered it, or purchased it."
Nevertheless, I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
Also, these days, after decades of habit building and a rise in awareness about scam-related stuff, I think people expect to see the name of the project early on in the URL, not in 7th position as it is currently.
sambull 18 hours ago [-]
> I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
That's pretty much all of the AI industry and clients.
nicce 16 hours ago [-]
Pretty much how the whole world works and why ads are multi-trillion dollar business.
herf 15 hours ago [-]
Google right now lists the title of putty.org as "PuTTY", even though right now this text is only in the footer. Up until August I guess it provided a download link, but the title was not "PuTTY".
I suspect that the recent kerfuffle motivated people to finally clean out bogus hyperlinks that casually listed putty.org as the download site, which would have been contributing to inflated page rank up to that point. I found one on a wiki and fixed it, myself, and I'm sure that I was not the only person who went looking.
whizzter 22 hours ago [-]
It's not inconceivable that some Googlers reads here or otherwise and took note to punish that site.
reader9274 18 hours ago [-]
Hmm why punish that site?
whizzter 17 hours ago [-]
Because it's affiliated with _another_ ssh client and there seems to have been various levels of shadyness over time, see previous discussion: https://news.ycombinator.com/item?id=44558328
pandemic_region 23 hours ago [-]
Assuming he owns the green end.org.uk domain, why not letting people land on putty.greenend.org.uk ?
JdeBP 16 hours ago [-]
Your assumption is false, so the question is without proper foundation. GreenEnd's Chiark is owned by Ian Jackson. Simon Tatham is a user on the system, with a home directory. One of a list of such users, including Rachel Coleman and Matthew Garrett.
It seems almost hostile to users. Why should I need to use some third party tool to find your thing? If you're paying for a domain anyway, pay for a meaningful one.
… Well, I guess that's what they've done. Surely nobody could ever have been this naïve, though; it's not as though Google massaging results into unusable mess is anything new.
kelnos 12 hours ago [-]
> Why should I need to use some third party tool to find your thing?
How else would you find it? By typing domain name guesses into your address bar until you hit the right one? How would you be sure you've hit the right one and not a scammer/squatter?
This is not a particularly easy problem to solve, and I agree that relying on Google to accurately and safely deliver you to the correct web site isn't great either, but I think we'd be much worse off without search engines.
whoamii 17 hours ago [-]
Should’ve used a goo.gl short link. ;)
hammock 19 hours ago [-]
I barely know what SSH keys are, but last week when I was asked to provide one for an stfp site at work they said create a pair using putty.
Well I googled putty and found a couple different .org domains, one who which said it was legit but not official, and another which said it was official but looked wildly out of date.
Neither one I could find a download for Mac that worked. The one I tried gave a scary “we no longer allow putty sudo access as it’s dangerous” and when I googled this error I could find no explanation to assuage me.
And since I wanted to make sure what I was doing was legit, I searched for alternatives.
Eventually I discovered I could use command line in mac to generate the keys I needed. But first I installed Xcode then ran the command (I used chatgpt to tell me exactly how to get the type and length I needed). It was easy.
Side note, the whole culture of downloading random software and using it with just a single line in a terminal is always sketchy to me too. But I’m not a coder so I’m not used to it.
lanyard-textile 17 hours ago [-]
It is sketchy. :) Your intuition is correct.
The idea is that you will need to put some trust in the project anyway, since you’re trying to install it. Might as well make it easier with a one line install.
Edit: You should only do this if someone reliable tells you to, honestly. Doing this with truly random projects you aimlessly find is not a good idea.
ok_computer 18 hours ago [-]
If you hadn’t discovered this already with you mac CLI commands, OpenSSH from OpenSSL ‘ssh-keygen’ command is a good way to create SSH keys in ClI and ships in many OSes or is a lightweight download. The OpenSSL website name is unambiguous, which is a benefit.
This is helpful (and something I've used wikipedia for myself) but it's far from ideal since it wouldn't be too hard for someone to edit that page to point to a malicious domain. Not sure if that's happened before, but I can see it as something that could go unnoticed for a quite a while as long as the target site looks legit enough.
hammock 9 hours ago [-]
That’s the outdated looking website I found that didn’t have mac version. I’m guessing I’m supposed to use the Unix version there?
The website I was sketched out by (but tried it anyway, then got the scary error) was puttygen.com which had me install homebrew (whatever that is) and then do “sudo brew install putty”
zerocrates 8 hours ago [-]
"Use PuTTY" is more or less advice just for Windows users.
II2II 7 hours ago [-]
Homebrew is a reputable package manager (a.k.a. software installer, for Unix applications on the Mac). That said, I'm pretty sure the version of ssh shipping with the Mac could do the key generation for you so you wouldn't need putty.
rezonant 1 days ago [-]
Unfortunately the person who owns putty.org started to use it to spread misinformation about vaccines and the pandemic, as you can see on the site today.
This recently [1][2] got a lot of attention on the web and here on HN, along with a post on Mastodon from the author [3]
I imagine trying to disincentivize this and provide another shorter more official looking link is the hope here.
Did putty.org once link to the putty software? Or an alternative SSH client? Why did the site ever become popular?
I'm trying to grok this, but all of the posts sort of obliquely refer to things that happened in the past (even the old HN links here), rather than explicitly just explain what the hell happened.
Macha 10 hours ago [-]
It used to link to Putty _and_ to the domain owner's competing software:
The domain owner seems to feel he was providing a service to putty by providing the short domain name and feels slighted that they are moving to have their own now that he is taking actions that they find more objectionable than just also linking to his competitor, but to be honest it always seemed some unethical squatting to me, based on the Putty devs not having the time to complete a UDRP process.
teaearlgraycold 1 days ago [-]
> Since 2020 I have been speaking out against the fraudulent pandemic and the intentionally dangerous injections and my experience has been to have been censored and smeared. If you have not heard of me before, that's the reason.
One weird trick to make your insignificance seem significant!
1970-01-01 16 hours ago [-]
Hilarious how putty.org hasn't been updated, and still has a FINAL WARNING video on the landing page.
Extrapolated to the present time, all of us vaccinated individuals are now suffering the big consequences.
Too bad all nutjobs aren't so easy to disprove by simply taking a single large breath. :)
nailer 21 hours ago [-]
[flagged]
zettabomb 21 hours ago [-]
Argument from authority is not particularly strong. The information on putty.org is considered misinformation by the vast majority of professionals in the field of infectious diseases.
nailer 19 hours ago [-]
I thought it was argument from expertise? And while you’re on the topic of epistemology truth isn’t determined by how common an idea is.
0manrho 19 hours ago [-]
He's not an expert on vaccines or infectious disease and pushed known provably false narratives during the pandemic.
nailer 14 hours ago [-]
I don't think being a medical and phramaceutical expert disqualifies him speaking about vaccines, do you?
What's the problem with them sharing they find it unfortunate?
Hackbraten 1 days ago [-]
That’s not how discourse works imho. Yeadon is making extraordinary claims, so the burden of explaining and backing up those claims should be on them, not on us. Until they do, there’s no point in addressing their concerns.
avar 11 hours ago [-]
> Unfortunately the person who owns putty.org
> started to use it to spread misinformation
> about vaccines and[...]
Isn't that rather fortunate in the grand scheme of things? It could have been a landing page monetizing various SSH clients for windows.
Instead it's just some guy's website clearly unrelated to PuTTY. He's even gone out of his way to point people looking for PuTTY in the right direction. Who cares what his opinion is about anything else?
zo1 22 hours ago [-]
This seems similar to the Notepad++ team using their platform to promote political viewpoints.
The same thing happened with Facebook "pages", when they became a personal "soap box" by the owner of the page. It was downhill from there... You might as well turn the whole web into FB/Twitter/X/Insta promotional spam at that point.
kryptiskt 21 hours ago [-]
It's not at all similar, and that doesn't have anything to do with the quality or lack thereof of the viewpoints.
The Notepad++ site is run by the authors and reflects their stance. Putty.org is run by an outside party who hijacks the reputation of the PuTTY project to push their agenda.
rokkamokka 22 hours ago [-]
It's one thing to say "stand with Ukraine", and an entirely different thing to spread vaccine misinformation...
As much as I like fedi, it does make it hard to understand which user on which instance is the correct one.
pferde 1 days ago [-]
Luckily, fediverse has an account-to-website verification feature, see https://joinmastodon.org/verification . Mr. Tatham's account on hachyderm.io uses it, so we can be reasonably certain that it's the correct account for him.
throaway920181 1 days ago [-]
Cool, but hachyderm.io also is not a trusted/recognizable domain for me. Trust issues all the way down!
andrewflnr 1 days ago [-]
It's definitionally the correct domain for Simon Tatham's social media. What are you expecting here?
closewith 1 days ago [-]
How would the average person know that?
viraptor 1 days ago [-]
Average person aware of trust on social network / internet - because https://hachyderm.io/@simontatham has a validated link to the author's homepage.
Others - they don't understand the trust anyway, so there prerequisite steps missing before the main question anyway.
jstanley 1 days ago [-]
hachyderm.io says it has a validated link to his homepage, but if you don't already trust hachyderm.io that means nothing.
Looks like it's as complicated as a parts inventory system developed in house for a half a million employee company...
viraptor 24 hours ago [-]
There's a link on one side and a meta tag on the other. It's as simple as you can make the validation between two sites. It's not even fediverse-specific really - there were other services doing something similar before.
bentinata 6 hours ago [-]
It's because freedom and correctness is hard. Yeah, most people prefer convenience and would rather someone be the source of authority to do it for them, but people on fediverse are not those kind of people.
closewith 1 days ago [-]
No, it really means nothing. Identity on the internet is not a solved problem.
pferde 1 days ago [-]
You are wrong.
It means that whoever owns the website marked as verified also owns the social account. See https://joinmastodon.org/verification for a quick overview of how it works.
closewith 1 days ago [-]
No, it means a certain link exists on the website. On Hacker News of all sites, I would think we should all know that's not sufficient evidence of identity for an update regarding the source of critical software like a terminal.
viraptor 24 hours ago [-]
Nobody claimed it validates the identity in any way. It validates that the person at the other website confirms it's their social account and the social account matches the other direction. The real identity is not involved here in any way and never was. You're disagreeing with someone nobody here raises.
But the link validation confirms that if you believed that the original download site belongs to the author, then you would have almost the same guarantee about the social account. (+/- the chances of the putty website being hacked)
closewith 23 hours ago [-]
Yes, your caveat at the end there is exactly why this method shouldn't be trusted, as it's indistinguishable from an attacker with access to embed a single link.
So it doesn't confirm the account belongs to the author, it confirms the site has a specific link and nothing more.
Adding a <meta> tag or creating a page with certain content are already used even for more impactful verification, like getting issued a certificate for that domain.
If an attacker does have broad access to edit the HTML of your website, I feel that's already the issue and Mastodon verifying that "this person controls this website" isn't even really wrong.
closewith 20 hours ago [-]
So you have read that page and understand its purpose is to link social media profiles for informational purposes, but don't understand that it's not suitable for any kind of auth, let alone in a software supply chain?
Ukv 20 hours ago [-]
By the XFN spec, it "demonstrates that the same person has control over [the pages]". The docs page I linked links to two further specs for using it for authentication in the way that Mastodon does.
closewith 19 hours ago [-]
I'm sorry. The XHTML Friends Network rel tag is neither reliable identification nor authentication. It's designed to say "this is my blog" in low stakes environments.
No sane sober person would use it to authenticate messages about changing URLs in a software supply chain.
nickv 18 hours ago [-]
No, if somebody has access to edit your home page directly, your blog, your company site, etc - you've already lost the game.
How is this any different than your email address being compromised? How is this different than having your laptop compromised and somebody downloading your .ssh folder?
The issue here isn't "is this reliable identification" - because it IS reliable. Your concern is "how likely is this to be compromised vs other things" and that's a fair concern - but there are plenty of very secure web sites out there. This isn't saying "I am john doe and this is my identity", this is saying with some confidence "this person on mastadon is the same person as the person who wrote this web site copy" and that's a totally fine piece of identification for the right context.
Ukv 19 hours ago [-]
If an attacker has control over the page to edit arbitrary HTML, that chain is already compromised. Even if the attacker's exploit only allowed certain attributes, just the href and rel attributes needed for this protocol would already be enough to execute javascript and load stylesheets on that page.
This is in addition to the original site linking to the new one with a news post. Does that also mean nothing because an attacker could add a news post to the page?
aembleton 22 hours ago [-]
If you check the source of the website that it links to [1], on line 168, we have this
<p>I'm on Mastodon as <a rel="me" href="https://hachyderm.io/@simontatham">@simontatham@hachyderm.io</a>.</p>
If you trust that website, then you can be sure that this Mastodon account is the right one.
Sure, but by the time you've verified that, you could also have just visited the PuTTY website (the old/current one) to verify that putty.software is legit.
zo1 22 hours ago [-]
It was bad enough that we had to tell developers to trust some rando website to download a tool that we'd use to potentially plug in sensitive production usernames + credentials.
And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing. Yeah, talk about a grey-beard get-off-my-lawn developer screaming at the wind and wanting to make it worse for themselves and their "brand".
viraptor 20 hours ago [-]
> on their weird "hachyderm" social media post thing
At this point tech people should understand what Mastodon is. For their own benefit. It's been years.
closewith 19 hours ago [-]
10 MM MAU estimated. Not exactly foundational to online discourse.
viraptor 12 hours ago [-]
We're talking in context of Putty which is itself an extremely niche software. But if you think of just the software/tech people - Mastodon is quite an important place.
That's a great variation of the game. Thanks for sharing the page. It's a gem!
3836293648 12 hours ago [-]
If you never have to guess there must be one more strategy to figuring it out I've never seen anyone mention, because I frequently get stuck with two options on the very hardest difficulty.
genrilz 11 hours ago [-]
One non-obvious strategy is that the number of mines that are left on the field is known. Especially near the end, this can break a tie between two patterns of mines.
ycuser2 23 hours ago [-]
I love these kind of webpages with little programs to discover.
zvr 24 hours ago [-]
The first thing I install in every Android device.
vovavili 21 hours ago [-]
This is a perfect version of the game, nice.
horizion2025 21 hours ago [-]
Hi that sad. I remember years ago sitting with a colleague and we had to download putty. Then we found the usual page. There is always the concern if it is legit or a fake site with malware. But I remember my colleague saying "it has to be genuine, only a computer scientist could make such a primitive web site"
MortyWaves 1 days ago [-]
Ever since Windows gained Terminal and OpenSSH, my usage of Putty has almost entirely ceased except for serial for embedded systems work.
Then I realised Putty ships with a CLI version which I now use in Terminal for accessing serial.
throaway920181 1 days ago [-]
I haven't used Putty since I stopped using Windows for anything serious (in the early 00s.) It was my favorite quick and dirty SSH and serial client before then though!
sshine 1 days ago [-]
I have to say, I liked SecureCRT a lot, too.
PuTTY was just easier to get ahold of on a new install.
I think that's why it won out for me. That and its simplicity.
ZYbCRq22HbJ2y7 1 days ago [-]
I always used mingw and similar projects. IMO, putty was always annoying (but very useful) software. The "ecosystem" seems better now though.
MortyWaves 1 days ago [-]
Indeed, that and “git bash” were always the weird outliers. I’m glad there’s now native options.
ZYbCRq22HbJ2y7 1 days ago [-]
mingw predates git on windows (and in general), but yeah, indeed.
I remember my journey trying to disambiguate Git Bash, Git for Windows, MinGW and MSYS2. To this day, I'm still not sure I have the full story right.
1oooqooq 16 hours ago [-]
just install msys2.
i cannot imagine windows without it. even wsl garbage pales in comparison
Helmut10001 1 days ago [-]
I don't trust Windows with my SSH keys. Since about 2 years, I am actively preparing my final migration to Linux. There's some Windows software left that I need to replace before this move is possible, but I am close.
Bender 21 hours ago [-]
I agree with you and just wanted to add that for what it's worth one can optionally limit where ssh keys are useful by adding network restrictions on the public key / server side. e.g.
or wherever your system is configured to look for public keys, typically /home/username/.ssh/id_dsa.pub. I use a different location. Even being really broad like adding a /16 or /8 for a home ISP is still better than allowing the entire internet. This can also be useful where machine-to-machine ssh keys are utilized one can limit the access to that network so that should keys leak the potential blast radius of damage is reduced. For example, the keys for an Ansible account can be restricted to the Primary/Secondary Ansible server IP addresses or at very least the CIDR block(s) of the network(s) they reside in. Broad restrictions are not perfect but perfect is the enemy of good or good enough.
Example use case would be that lets say a contractor from Microsoft tries one of your keys. Your restriction limits the key validity to 24.0.0.0/8 and they are coming from 207.0.0.0/8. They will be denied Authentication refused and you now have log entries that can be shared with their fraud department, the world, whomever. Obviously the tighter the restrictions the better, at the risk of requiring a static IPv4 or IPv6 address if too tight. One can always have lighter restrictions on a fall-back account that requires additional hoops to sudo / doas / su.
gregoryl 1 days ago [-]
Just pull the trigger. A surprisingly large amount of software just works on wine.
I'm a c# dev with near 20 years experience, and I finally got the shits with advertising in the start menu. Arch Linux, because I figured why not do it properly?
I game a fair bit, and find most things on steam just work.
samuell 17 hours ago [-]
Wine can be a bit of a headache if you are on a couple year older distro as it can make it harder to install newer Wine versions.
But I found that the Bottles project pretty much solves this, by installing everything in some kind of sandboxed environment:
Has worked wonderfully for the few cases where plain Wine failed.
pepa65 4 hours ago [-]
Too bad it's only flatpak, I'd try it out if it had an AppImage.
1oooqooq 16 hours ago [-]
bottles is garbage. i mean wine is extremely dangerous too... but bottles lie and that make it more dangerous.
they don't have sandbox. only if you install the flatpack AND DISABLE SOME CONVENIENCES you actually get something I'd call a safe sandbox.
but their site lies and make you feel safe while being extremely vulnerable installing cracked games (which is what everyone used bubble for).
magnat 1 days ago [-]
> I'm a c# dev with near 20 years experience
Which IDE do you use? JetBrains Rider?
seabrookmx 17 hours ago [-]
Not the person you asked, but I'm in a similar boat (15 years, polyglot but a lot of C#).
I mostly use VS Code to be honest. I use VSCode for other languages and for a long time it was the only graphical editor to have good remote development (over SSH) support.
Rider has that feature now though and is pretty nice too. I typically jump over to it when I need to profile something as it integrates with dotTrace. If you're coming from full-fat Visual Studio you'll probably prefer Rider.
gregoryl 16 hours ago [-]
Rider; however that's on a Windows work machine. We are a solid way to getting a linux/mac dev env going; maybe 30% is netstandard2.0, 10% is net9, the remainder net472 (including an old school non-sdk web app on IIS). Maybe ~ million LOC in its 14 year lifespan.
My personal dev is shifting to Rust.
pepa65 4 hours ago [-]
On one Windows box I once put my password in for a private Github site. Never had to do that again, it just 'remembered' it... Not what I would expect or want.
mystifyingpoi 1 days ago [-]
Is such paranoia warranted? Millions of corporate laptops run Windows 11 just fine. I know M$ is evil and spying on you, but not to such degree.
miahi 1 days ago [-]
Having a Windows 11 corporate laptop with a domain/Entra login, I actually trust it more than a home Windows 11 with a Microsoft account. Because if I lock myself out, I have a contact (corporate support) that is actually interested in helping me recover everything. With a Microsoft account it's a mess. I had so many problems with Microsoft accounts that I lost count of how many I have, and most are broken in some way, because of different issues and different service integrations over time. The Skype account is now useless. I never recovered my paid Minecraft account after one event. With a machine with a local account, now I have to be very careful on what I click related to MS accounts, because trying to solve various issues with Teams, I managed to get the local account linked with that MS account. I spent hours trying to recover a different account after I randomly filled one nagging question about birth date - who wants to give the real birth date to Microsoft - and then I got locked out because I said was underage :). So yes, one of the big issues is the push to have a linked OS account where you have to rely on MS support to solve your issues, otherwise you basically get locked out of your machine and other things you paid for.
Also, domain policies offer more control over the corporate PCs (this is how some of the MS spying is shut off on corporate PCs; it's debatable if the corporate spying added by other domain policies is an improvement).
RyanHamilton 1 days ago [-]
I have to agree, I've also suffered account problems. I was locked out from an email address I used for 20 years. It refuses to take my password which is still valid. I've changed phone number since 20 years ago so can't use that and the security questions were nonsense as I was a teenager. Originally my account never had phone number, they insisted I add it when they integrated my Skype account perhaps. So I didn't expect access to that phone number to be a strong ongoing requirement.
JdeBP 24 hours ago [-]
I recently, by playing around with the LAN's default PAC file and a dummy HTTP server, discovered that on a machine that says in System Settings that Proxy Auto-Discovery is turned off, the PAC file is still fetched and used by a too-large number of Microsoft/Google background auto-update services, from Windows Update to Office.
I had been lucky through having done my own experimentation, decades ago, with setting up a default PAC file on the LAN and having left it in just-send-everything-directly mode, keeping it as I upgraded things on the LAN, all of these years. Because otherwise I would have been vulnerable to a third-party in the search path for years, on a machine that clearly and unequivocally, including per direct inspection of the setting in the registry, has this switched off.
> Is such paranoia warranted? Millions of corporate laptops run Windows 11 just fine.
Yes. With Windows Recall data mining surveillance screenshots taken every 5-7 seconds, completely disregarding if this may compromise your security, safety or privacy, we move from "you're the product" to "you're a pet in a zoo, and we want to learn from your behavior."
> I know M$ is evil and spying on you, but not to such degree.*
I mean, they could be recording every second.
I'm pretty sure that's a bandwidth issue.
Not because they really feel like giving you 3-4 second pockets of security, safety and privacy.
TiredOfLife 16 hours ago [-]
I can't wait for the AI overlords to take ower. Maybe then we can finally be free from people spreading misinformation and fud.
delfinom 19 hours ago [-]
>Windows Recall data mining surveillance screenshots
Some of you people are just too far gone to turn off a setting.
chainingsolid 18 hours ago [-]
We don't trust them to not turn it back on later...
TiredOfLife 16 hours ago [-]
Turn on. It's off by default. But people on HN, reddit and twitter are too stupid.
xigoi 14 hours ago [-]
> It's off by default.
For now. This is Microsoft we’re talking about. Needing a Microsoft account to log in to Windows used to be optional.
chneu 1 days ago [-]
I don't trust microsoft to not push an update that exposes all my stuff. Their updates the last few years have been an absolutely shitshow in so many regards.
malux85 1 days ago [-]
Can you tell us which software? (Even if it’s very niche) I’m really curious where the gaps are.
xobs 1 days ago [-]
I know Altium doesn’t work, which is very important if you need to provide someone else files in Altium format. If you just want to work on designs there’s always Kicad, which is increasingly very good! But it can’t save in Altium format, and I’m not sure I’d trust it for manufacturing.
The other thing I’m missing is my 3D Gerber viewer called ZofZPCB. I’ve not gotten either it or Altium to even start.
Helmut10001 4 hours ago [-]
The biggest migration challenge isn't finding one-to-one replacements for software, but rebuilding tested workflows and processes.
For years, I've had a seamless document management process on Windows for all my receipts and bills:
1. My ScanSnap scans, auto-crops, and OCRs documents into a designated folder.
2. A small open-source tool, DropIt [1], monitors that folder.
3. Based on about 100 custom rules that parse the OCR'd text (for tax IDs, phone numbers, etc.), DropIt automatically renames and moves the PDFs into the correct subfolders.
4. Nextcloud then syncs the organized files, and I can discard the paper originals.
This "fire-and-forget" system has been incredibly reliable.
When I explored replicating this on Linux, I found the building blocks exist. For instance, ocrmypdf seems to be a powerful OCR tool, and SANE drivers combined with gscan2pdf can handle the scanning. [2] I also found several tools for automated file renaming and organization.[3] However, the Fujitsu ScanSnap Home software provides an all-in-one experience for the initial capture.[4] More importantly, I'd have to manually translate all my pattern-matching rules from DropIt to a new system, likely a collection of shell scripts. I still feel that this is too fragile. I would need to program all exceptions myself: file renaming issues, special characters, length of document names, issues with OCR and alerting, should anything go wrong. The system needs to be fail-safe because once I throw the original away, there is no going back.
Then, another challenge is to find the time to replace this reliable system with the shortest "downtime" possible. I need this daily.. so I already decided I need a migration phase, where both systems run in parallel. Perhaps this better explains my slowness to migrate to Linux.
The fact that there isn't a well-known, integrated tool for this on Linux seems suspicious. It makes me wonder if I'm approaching the problem from the wrong direction. Is there a more "Linux-native" philosophy for this kind of workflow automation that I'm missing?
And yes, I'm aware of Paperless-ngx. It's a fantastic project, but I'm committed to my current folder structure and prefer to avoid a solution that centralizes my documents in a database, away from my Nextcloud setup and my filesystem-first-philosophy for document management. I don't trust that paperless-ngx will be available in 40+ years from now, but I need my document management to last that long.
If Windows were to steal your SSH keys (lol), would you really think using a third-party program would protect you? The evil code could just read the key you configured in PuTTY.
1 days ago [-]
oguz-ismail 1 days ago [-]
> Terminal
Have they fixed font rendering yet? cmd.exe looks better on my laptop
They probably meant conhost.exe (it gets you the regular console on Windows 11).
Lammy 12 hours ago [-]
Fun fact: if you have Windows Terminal installed, it takes over `conhost.exe` and brings telemetry spying even to old apps which never had it before :D
Windows is basically spyware at this point. The only way to win is to not play.
perching_aix 23 hours ago [-]
Are you referring to the pixel-level font smoothing they use by default (as opposed to CMD's subpixel-level font smoothing)?
You need to define the "antialiasingMode" key in the settings JSON for the default profile to hold the value "cleartype", rather than "grayscale" (which is the default value). I don't believe this is exposed in the GUI settings page.
Note that this only affects the actual terminal emulation area. The rest of the application will still be pixel-level font smoothed (so e.g. the tab titlebars, the settings, etc.).
MortyWaves 1 days ago [-]
I’ve never noticed any issues on any computer with it…
recursive 1 days ago [-]
The first time I ever saw it, the text already looked better than cmd.exe via conhost.
Something wrong with my eyes? Doesn't cmd.exe look smoother in this screenshot?
recursive 1 days ago [-]
I agree. In those screenshots cmd looks better. Not sure what's up.
DrinkyBird 20 hours ago [-]
It's the lack of subpixel anti-aliasing (aka ClearType). For some reason it's being erased from a lot of modern software. It's why Windows >= 8 UWP apps and GNOME look so blurry.
Looks like you’ve gone for something like the classic text mode 80x25?
trenchpilgrim 11 hours ago [-]
More Perfect DOS with a CRT filter, to remind me of my handmedown MS DOS/Win95 PC from elementary school.
MortyWaves 1 days ago [-]
I find the Terminal more readable because the white seems brighter in your screenshots
layer8 21 hours ago [-]
The color is configurable for both.
Geezus_42 21 hours ago [-]
cmd.exe looks worse to me. Particularly because of the lack of padding on the left.
mvdtnz 1 days ago [-]
Terminal looks far better.
Kwpolska 22 hours ago [-]
cmd looks pixelated.
throaway920181 1 days ago [-]
I've only used it through RDP on Wayland and it's been fine visually. Downloading it can be a challenge if you don't know where to look (Github, not Microsoft's App Store...)
someodd 1 days ago [-]
I was expecting a modern redesign when I read the headline, but I was so delighted to be greeted by such a nostalgic style!
Cheers to decades of memories with PuTTY!
Simon_O_Rourke 1 days ago [-]
Thank you PuTTY for saving my butt so many times in archaic security-theatre companies who would block all ssh apps except leave the PuTTY website and downloads still available.
Y_Y 1 days ago [-]
> Unlike other landing pages, this one is run by the PuTTY team itself, and not by a third party with their own agenda.
No idea what this means.
Anyway Simon Tatham's games are so good I think he gets a pass on anything else he does.
The current holder of that domain is using it to host a single page that pushes anti-vax nonsense under the guise of fighting censorship... but also links to the actual PuTTY site. Very weird mix of maybe-well-meaning and nonsense.
kahirsch 1 days ago [-]
The guy behind that page and bitvise appears to have gone totally crazy during the pandemic. On his blog, he said in 2021 "I forecast that 2/3 of those who accept Covid vaccines are going to die by January 1, 2025."
And in 2022, he wrote "Covid-19 is mostly snake venom added to drinking water in selected locations. There may also be a virus, but the main vehicle of hospitalizations is boatloads of powder, mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake venom."
mock-possum 1 days ago [-]
> mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake ven
Whaaaaat the fuuuuuuck
Can anyone debug this statement?? I’m not looped into weird this realm of paranoid delusion torecognizs what they’re referring to here.
chuckadams 19 hours ago [-]
There's no sense debugging the output when the hardware that produced it is clearly defective.
neilv 1 days ago [-]
That looks like an open and shut ICANN trademark case to me.
They do kinda make the journalist look bad. That email exchange opened with a bunch of extremely-loaded questions, and quickly transitioned into the journalist actively advocating for the transfer of the domain, and using "I'm going to report about this" as a threat.
Plus, I can find absolutely zero evidence of the existence of a German journalist called "Mirai F", so I'm a bit suspicious. (It might be the "PuPRed" person being maybe-doxxed -- but that's a blog site which entirely consists of a single article about PuTTY, so I'm not convinced "journalist" applies in a meaningful sense.)
The Bitvise answers also don't look good, of course. Nobody comes out of that one smelling like roses.
I say this as someone who thinks putty.org was pretty sketchy before it went full anti-vax, and is currently looking like a slam-dunk example of the kind of thing trademark law was meant for.
tanepiper 1 days ago [-]
The guy who runs putty.org is absolutely the South Park basement guy
commandersaki 1 days ago [-]
There isn't a trademark for PuTTY.
immibis 24 hours ago [-]
Do they have a trademark? It costs $325 per year plus roughly $650 for the initial application (even if rejected). Is he paying that?
I don’t really want to give it credit by linking to it, but this seems to refer to putty[.]org which is using its search ranking to push things unrelated to PuTTY.
I hope they only change the domain name, and keep the spartan websiste.
nine_k 1 days ago [-]
The regular page looks designed by the rules of the earliest version of HTML from 1993: no colors, no fonts, no graphics; it could be a port of a Gopher page. But the new landing page goes all the way to 1995, with fancy custom link colors, and colorful bitmap graphics!
aembleton 22 hours ago [-]
The new one even has CSS making it much more modern.
spicyusername 20 hours ago [-]
It's incredible to me that this tool is still needed.
Using putty as my daily driver was definitely part of my coming-of-age story as a windows sysadmin way back when.
layer8 16 hours ago [-]
It’s not needed on modern Windows strictly speaking, but many users still prefer it.
accrual 16 hours ago [-]
Yeah, I use Windows Terminal for a lot of day-to-day stuff, but PuTTY is still my go-to for older systems, serial stuff, SSH tunnels, and anything needing more detailed control over the session.
password4321 18 hours ago [-]
I'm pretty sure PuTTY is no longer needed needed except possibly as a user mode pageant.
accrual 16 hours ago [-]
As far as I know it's still one of the best ways to handle serial connections on Windows, and a surprising amount stuff still supports or defaults to serial. Great for managing headless OpenBSD systems.
lttlrck 9 hours ago [-]
How strange. It's just an interstitial to the main websites that look less sketchy to my eyes.
ChrisArchitect 1 days ago [-]
Related recent context/controversy that maybe fueled some of this:
I think PupRed is a troll and stirred this up with the intent to provoke an escalation.
flowerthoughts 1 days ago [-]
Is it just me that feels www.chiark.greenend.org.uk/~sgtatham/putty/ has some kind of sentimental value? I built a locked-down version fof PuTTY for their termainl-based (book) library system in 1998. It's been with me a long time.
ozim 1 days ago [-]
Since windows started shipping open ssh I don’t have any use for putty.
bdavbdav 17 hours ago [-]
Genuine question ( I avoid windows) is putty still necessary now that WSL is a thing?
tonymet 17 hours ago [-]
Putty is obsolete for SSH terminals, but is still useful for serial terminals (like when you need to flash a bricked router )
Putty is a terminal emulator and an SSH + telnet client all in one. Now Microsoft offers a number of platforms that overlap to provide similar functionality.
WSL2 (aka WSL) is the Linux system that runs a Linux kernel and apps within Windows (technically a hidden HyperV VM) with some loose bindings to the OS resources for networking, files etc.
OpenSSH is the SSH client installed with Windows. It can be used via CMD or Windows Terminal + Powershell . You don’t need WSL installed. So it’s great for VMs or remote shells.
Powershell is the Windows Shell (like bash on Linux or CMD on earlier windows) that lets you run openssh and other windows CLI Apps
Windows Terminal is the new-ish (6+ years) terminal emulator that lets you run a variety of shells. Most commonly Powershell , Bash (WSL), or you can SSH to any host using openssh . It works like tmux with tabs/windows into any remote host .
I decided to lay this all out because Windows apps for SSH and terminals are a little different than Linux.
II2II 17 hours ago [-]
Windows has shipped with OpenSSH (client and server) for years. Windows Terminal has also been available for years, and now ships with Windows. So you do not need PuTTY.
That said, some people like PuTTY. It is much easier to setup and use. It also offers other features (like serial communications).
jddecker 17 hours ago [-]
The OpenSSH SSH client has been included in Windows as default since 2018, so you don't even need WSL to use it anymore.
Just open a terminal and type ssh just like you would in Linux.
simcop2387 17 hours ago [-]
Sometimes, lots of companies will lock down WSL and similar because they can't as easily control what's running in it for security or policy reasons. In those cases putting would be easier to audit and deal with since it's much more single purpose
stephenlf 17 hours ago [-]
OpenSSL was available on Windows even before WSL.
indigodaddy 1 days ago [-]
Not sure what all the negative comments are trying to accomplish. It's a perfect and simple little landing page. Simon has finally done what everyone has been asking for, so why are some people still complaining and harping about "trust" ? Get a grip.
roguebloodrage 1 days ago [-]
[flagged]
nulbyte 21 hours ago [-]
It is. The very first news item on the original page mentions it. It's plain as 1993.
esskay 18 hours ago [-]
Thats a blast from the past, I'd completely forgotten about putty (moved away from Windows when Vista came out). The pain of SSH on an OS that seems to be intentionally made to be as clunky as hell for developers however is never something I'll miss.
accrual 16 hours ago [-]
It's kinda wild it took until part way through Windows 10's life to get an integrated SSH client. Even then it had to be downloaded from the store. I believe it's a native part of Windows 11 now.
I'm pretty happy with Windows Terminal these days, but before then, it was all PuTTY + SecureCRT.
userbinator 1 days ago [-]
Somehow, these new long TLDs just feel spammy and "fake" and I usually ignore them when they show up in search results. Unfortunately the .com, .net and .org are already taken.
CalRobert 1 days ago [-]
They were originally a protection racket to shake down brands on the idea they’d have to register them all. Donuts even had the Domain protected marks list which let you pay to block registration but not have the domain yourself
rconti 15 hours ago [-]
Alternatively, the "popular" TLDs are a money grab by vested interests who already own popular domains.
neuralkoi 1 days ago [-]
I agree, there's some good alternatives available too of about the same length (if you include name + TLD):
Those actually feel spammy too; e.g. seeing "official" or "download" in a name has always triggered a suspicion, because normally there's no need to specially say your site is "official" or "download" besides to mislead.
Then again, I may be biased due to always remembering PuTTY's official page being someone's personal site hosted on a .org.uk server.
anything with "download" in the domain name looks scammy to me
crossroadsguy 1 days ago [-]
All of these are better than and I assume cheaper than that .software one.
Even puttytelnet.com/org/net is available.
Hell the puttytel.net is available
JdeBP 23 hours ago [-]
The org. one being already taken being the straw that broke the camel's back in this case. It has been a FAQ item for years. But the org. domain squatter's recent behaviour crossed the line, from what M. Tatham has said on the FediVerse.
I (and I suspect several others) suggested a TLD that you would probably have no qualms about, a few weeks ago. M. Tatham went with software. instead; which is fair enough. software. has been around for a while, and is stable and a fairly on-point choice.
Be thankful that it was not putty.party. . (-:
1 days ago [-]
epigramx 1 days ago [-]
Not a big deal, because they tend to be trusted eventually by the search engines and the language models, though I don't trust much the latter to tbh.
1 days ago [-]
crossroadsguy 1 days ago [-]
And thus NextDNS blocked it under NRDs blocking criteria :)
TZubiri 1 days ago [-]
Certificate by Let's Encrypt, issued to "putty.software" no other info.
Sometimes I feel like we are training users to disregard safety mechanisms for phishing.
Using putty was never the pinnacle of professionalism and open source auditing anyway, it's just a binary you download on windows before you hear the gospel of linux and ssh.
viraptor 1 days ago [-]
Why would that be disregarding safety? There's no extra text you can put on the website that would prove anything else (apart from messages signed by a known key, but honestly nobody would check those). Certificates don't provide any identity validation in practice.
TZubiri 17 hours ago [-]
Certificates have fields for location, company or name of person.
mbrndtgn 2 hours ago [-]
So you're suggesting we should bring back extended validation? Currently they don't mean anything.
viraptor 12 hours ago [-]
They mean very little. Even the fully reviewed software signing cert I got with id validation was a total hack job (company didn't know how to read my ID, asked to change some field and they did).
akoboldfrying 1 days ago [-]
> Using putty was never the pinnacle of professionalism and open source auditing anyway
Huh? The source is available on the original site and TTBOMK always has been, you're welcome to compile it yourself.
TZubiri 17 hours ago [-]
No one in the history of humanity has compiled a tool from source in windows
mdaniel 16 hours ago [-]
Apologies, detecting sarcasm on the Internet is always tricky, but relevant to this discussion I have even gone so far as to make a CMake descriptor for PuTTY because I was compiling on Windows to fix some quirk that I didn't like (it was so many years ago I don't recall, but I did recall thinking "whhhhyyyyy!!!" to people that do cutesy home-grown build systems)
For context, I believe that a tool isn't open source unless I can build it, so I actually build almost anything I can from source for that reason
TZubiri 13 hours ago [-]
Congratulations on being the first to build something from source on Windows! (It's more of hyperbole than sarcasm.)
nottorp 1 days ago [-]
I'm sure you could ask Mr Tatham to offer a version with feel-good certificates for the low low price of a couple Silicon Valley lattes per month...
conorcleary 11 hours ago [-]
What if Linus is serious about IPv4?
nilslindemann 20 hours ago [-]
These useless mini screenshots.
indigodaddy 20 hours ago [-]
I think they were just trying to fill out the page a little bit.
nilslindemann 12 hours ago [-]
Well, they say that they are planning to move everything to this page, so I guess it's just temporary.
roguebloodrage 1 days ago [-]
People have tried to hijack PuTTY and WinSCP forever.
This landing page looks suspicious. Even though the HTML links look like they go back to the legit site (https://www.chiark.greenend.org.uk/~sgtatham/putty) I'm not clicking through to find out. There have been spoofing of links for 100's years.
layer8 21 hours ago [-]
Browsers have been giving you the ability to view what the actual link URL is since forever.
yreg 19 hours ago [-]
There is the homograph attack, but browsers do their best to mitigate it nowadays.
I'm sure it's a great piece of software, but sometimes, the simpler is better. I used PuTTY for a decade or so, and while it was kinda ugly and clunky, it's very beautiful and perfect because of its imperfections.
userbinator 24 hours ago [-]
When the first sentence on the page is "This website requires Javascript to be enabled.", I leave; but not before looking at the source and discovering a relative monstrosity, unlike the original PuTTY site which is almost pure content.
JdeBP 23 hours ago [-]
There are two pieces of software named Kitty. That one is the other one. (-:
Geezus_42 21 hours ago [-]
I used to. Being able to store all my configs in simple text files that I could easily move from machine to machine was the killer feature for me.
Squarex 18 hours ago [-]
Little bit unrelated, but it is super annoying that this site breaks back button in browser.
I do see this type of versioning as an indictment of such a technology for production scenarios, it's all a house of cards if that's what you are building upon.
It's a liability disclaimer versioning schema
tux2bsd 1 days ago [-]
[dead]
snvzz 20 hours ago [-]
It requires an extra click to get to the actual website.
PuTTY's website is fairly clean and accessible, unlike this landing page.
Narishma 18 hours ago [-]
The page is temporary, until the website is moved there.
IshKebab 21 hours ago [-]
lol is this a joke? Why are the screenshots blurry and miniscule? And randomly spaced in the middle of the page.
Come on, even ChatGPT can do a better job than this.
wainguo 1 days ago [-]
wow! I used PuTTY about 18 years ago.
thrown-0825 1 days ago [-]
What is the point of PuTTY these days?
mekster 19 hours ago [-]
Come on, AI can make a better looking site in 10 minutes these days.
JFC I wish they would stop using Courier as the default font. It's like looking down the barrels of a shotgun. Consolas ftw.
blueflow 21 hours ago [-]
I like Courier. Are we gonna bash our heads in and argue over personal preferences?
mappu 8 hours ago [-]
One assumes PuTTY uses Courier as the default font because it was the default monospace font on Windows at the time of release (1999). But Consolas has been the replacement default since Vista (2006).
It is a reasonable change to make. Do the rest of their native Win32 UI controls still use MS Sans Serif (Windows 98) or Tahoma (XP) instead of Segoe UI (Vista)?
GloriousMEEPT 16 hours ago [-]
What else is there to do? We live in an era where there's nothing left to talk about except gpu enabled terminal emulators and how much capitalism sucks
eviks 1 days ago [-]
At least it’s readable on a phone with text reflowing unlike the main site, although there is no text to read, so not much of a win…
Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned), and we don't believe the administrative hassle of moving the site would be worth the benefit.
I wonder if they changed their mind because Google ceased to be a reliable way to find them.
Nevertheless, I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
Also, these days, after decades of habit building and a rise in awareness about scam-related stuff, I think people expect to see the name of the project early on in the URL, not in 7th position as it is currently.
That's pretty much all of the AI industry and clients.
* https://hachyderm.io/@simontatham/115027646348662282
I suspect that the recent kerfuffle motivated people to finally clean out bogus hyperlinks that casually listed putty.org as the download site, which would have been contributing to inflated page rank up to that point. I found one on a wiki and fixed it, myself, and I'm sure that I was not the only person who went looking.
… Well, I guess that's what they've done. Surely nobody could ever have been this naïve, though; it's not as though Google massaging results into unusable mess is anything new.
How else would you find it? By typing domain name guesses into your address bar until you hit the right one? How would you be sure you've hit the right one and not a scammer/squatter?
This is not a particularly easy problem to solve, and I agree that relying on Google to accurately and safely deliver you to the correct web site isn't great either, but I think we'd be much worse off without search engines.
Well I googled putty and found a couple different .org domains, one who which said it was legit but not official, and another which said it was official but looked wildly out of date.
Neither one I could find a download for Mac that worked. The one I tried gave a scary “we no longer allow putty sudo access as it’s dangerous” and when I googled this error I could find no explanation to assuage me.
And since I wanted to make sure what I was doing was legit, I searched for alternatives.
Eventually I discovered I could use command line in mac to generate the keys I needed. But first I installed Xcode then ran the command (I used chatgpt to tell me exactly how to get the type and length I needed). It was easy.
Side note, the whole culture of downloading random software and using it with just a single line in a terminal is always sketchy to me too. But I’m not a coder so I’m not used to it.
The idea is that you will need to put some trust in the project anyway, since you’re trying to install it. Might as well make it easier with a one line install.
Edit: You should only do this if someone reliable tells you to, honestly. Doing this with truly random projects you aimlessly find is not a good idea.
https://docs.github.com/en/authentication/connecting-to-gith...
The website I was sketched out by (but tried it anyway, then got the scary error) was puttygen.com which had me install homebrew (whatever that is) and then do “sudo brew install putty”
This recently [1][2] got a lot of attention on the web and here on HN, along with a post on Mastodon from the author [3]
I imagine trying to disincentivize this and provide another shorter more official looking link is the hope here.
[1] https://www.theregister.com/2025/07/17/puttyorg_website_cont...
[2] https://news.ycombinator.com/item?id=44579265
[3] https://hachyderm.io/@simontatham/114846017785770922
I'm trying to grok this, but all of the posts sort of obliquely refer to things that happened in the past (even the old HN links here), rather than explicitly just explain what the hell happened.
https://web.archive.org/web/20170822083048/http://www.putty....
The domain owner seems to feel he was providing a service to putty by providing the short domain name and feels slighted that they are moving to have their own now that he is taking actions that they find more objectionable than just also linking to his competitor, but to be honest it always seemed some unethical squatting to me, based on the Putty devs not having the time to complete a UDRP process.
One weird trick to make your insignificance seem significant!
Extrapolated to the present time, all of us vaccinated individuals are now suffering the big consequences.
Too bad all nutjobs aren't so easy to disprove by simply taking a single large breath. :)
Instead it's just some guy's website clearly unrelated to PuTTY. He's even gone out of his way to point people looking for PuTTY in the right direction. Who cares what his opinion is about anything else?
The same thing happened with Facebook "pages", when they became a personal "soap box" by the owner of the page. It was downhill from there... You might as well turn the whole web into FB/Twitter/X/Insta promotional spam at that point.
The Notepad++ site is run by the authors and reflects their stance. Putty.org is run by an outside party who hijacks the reputation of the PuTTY project to push their agenda.
Others - they don't understand the trust anyway, so there prerequisite steps missing before the main question anyway.
Looks like it's as complicated as a parts inventory system developed in house for a half a million employee company...
It means that whoever owns the website marked as verified also owns the social account. See https://joinmastodon.org/verification for a quick overview of how it works.
But the link validation confirms that if you believed that the original download site belongs to the author, then you would have almost the same guarantee about the social account. (+/- the chances of the putty website being hacked)
So it doesn't confirm the account belongs to the author, it confirms the site has a specific link and nothing more.
Adding a <meta> tag or creating a page with certain content are already used even for more impactful verification, like getting issued a certificate for that domain.
If an attacker does have broad access to edit the HTML of your website, I feel that's already the issue and Mastodon verifying that "this person controls this website" isn't even really wrong.
No sane sober person would use it to authenticate messages about changing URLs in a software supply chain.
How is this any different than your email address being compromised? How is this different than having your laptop compromised and somebody downloading your .ssh folder?
The issue here isn't "is this reliable identification" - because it IS reliable. Your concern is "how likely is this to be compromised vs other things" and that's a fair concern - but there are plenty of very secure web sites out there. This isn't saying "I am john doe and this is my identity", this is saying with some confidence "this person on mastadon is the same person as the person who wrote this web site copy" and that's a totally fine piece of identification for the right context.
This is in addition to the original site linking to the new one with a news post. Does that also mean nothing because an attacker could add a news post to the page?
<p>I'm on Mastodon as <a rel="me" href="https://hachyderm.io/@simontatham">@simontatham@hachyderm.io</a>.</p>
If you trust that website, then you can be sure that this Mastodon account is the right one.
1. https://www.chiark.greenend.org.uk/~sgtatham/
A link that looks like this:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...
And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing. Yeah, talk about a grey-beard get-off-my-lawn developer screaming at the wind and wanting to make it worse for themselves and their "brand".
At this point tech people should understand what Mastodon is. For their own benefit. It's been years.
Latest news
2025-08-14 New website, putty.software
We have a new domain name for the PuTTY website!
...
Maybe just call this the Future Home of Putty or something with a big link to the official page.
I suppose word will get around pretty fast but still.
https://www.chiark.greenend.org.uk/~sgtatham/puzzles/
Try Mines, you never have to guess.
Then I realised Putty ships with a CLI version which I now use in Terminal for accessing serial.
PuTTY was just easier to get ahold of on a new install.
I think that's why it won out for me. That and its simplicity.
interesting to scan the log on that: https://github.com/git-for-windows/build-extra/blob/main/Rel...
i cannot imagine windows without it. even wsl garbage pales in comparison
Example use case would be that lets say a contractor from Microsoft tries one of your keys. Your restriction limits the key validity to 24.0.0.0/8 and they are coming from 207.0.0.0/8. They will be denied Authentication refused and you now have log entries that can be shared with their fraud department, the world, whomever. Obviously the tighter the restrictions the better, at the risk of requiring a static IPv4 or IPv6 address if too tight. One can always have lighter restrictions on a fall-back account that requires additional hoops to sudo / doas / su.
I'm a c# dev with near 20 years experience, and I finally got the shits with advertising in the start menu. Arch Linux, because I figured why not do it properly?
I game a fair bit, and find most things on steam just work.
But I found that the Bottles project pretty much solves this, by installing everything in some kind of sandboxed environment:
https://usebottles.com/
https://github.com/bottlesdevs/Bottles
Has worked wonderfully for the few cases where plain Wine failed.
they don't have sandbox. only if you install the flatpack AND DISABLE SOME CONVENIENCES you actually get something I'd call a safe sandbox.
but their site lies and make you feel safe while being extremely vulnerable installing cracked games (which is what everyone used bubble for).
Which IDE do you use? JetBrains Rider?
I mostly use VS Code to be honest. I use VSCode for other languages and for a long time it was the only graphical editor to have good remote development (over SSH) support.
Rider has that feature now though and is pretty nice too. I typically jump over to it when I need to profile something as it integrates with dotTrace. If you're coming from full-fat Visual Studio you'll probably prefer Rider.
My personal dev is shifting to Rust.
Also, domain policies offer more control over the corporate PCs (this is how some of the MS spying is shut off on corporate PCs; it's debatable if the corporate spying added by other domain policies is an improvement).
* https://mastodonapp.uk/@JdeBP/114693762493884550
I had been lucky through having done my own experimentation, decades ago, with setting up a default PAC file on the LAN and having left it in just-send-everything-directly mode, keeping it as I upgraded things on the LAN, all of these years. Because otherwise I would have been vulnerable to a third-party in the search path for years, on a machine that clearly and unequivocally, including per direct inspection of the setting in the registry, has this switched off.
* https://jdebp.uk/FGA/web-browser-auto-proxy-configuration.ht...
Yes. With Windows Recall data mining surveillance screenshots taken every 5-7 seconds, completely disregarding if this may compromise your security, safety or privacy, we move from "you're the product" to "you're a pet in a zoo, and we want to learn from your behavior."
> I know M$ is evil and spying on you, but not to such degree.*
I mean, they could be recording every second.
I'm pretty sure that's a bandwidth issue.
Not because they really feel like giving you 3-4 second pockets of security, safety and privacy.
Some of you people are just too far gone to turn off a setting.
For now. This is Microsoft we’re talking about. Needing a Microsoft account to log in to Windows used to be optional.
The other thing I’m missing is my 3D Gerber viewer called ZofZPCB. I’ve not gotten either it or Altium to even start.
For years, I've had a seamless document management process on Windows for all my receipts and bills:
This "fire-and-forget" system has been incredibly reliable.When I explored replicating this on Linux, I found the building blocks exist. For instance, ocrmypdf seems to be a powerful OCR tool, and SANE drivers combined with gscan2pdf can handle the scanning. [2] I also found several tools for automated file renaming and organization.[3] However, the Fujitsu ScanSnap Home software provides an all-in-one experience for the initial capture.[4] More importantly, I'd have to manually translate all my pattern-matching rules from DropIt to a new system, likely a collection of shell scripts. I still feel that this is too fragile. I would need to program all exceptions myself: file renaming issues, special characters, length of document names, issues with OCR and alerting, should anything go wrong. The system needs to be fail-safe because once I throw the original away, there is no going back.
Then, another challenge is to find the time to replace this reliable system with the shortest "downtime" possible. I need this daily.. so I already decided I need a migration phase, where both systems run in parallel. Perhaps this better explains my slowness to migrate to Linux.
The fact that there isn't a well-known, integrated tool for this on Linux seems suspicious. It makes me wonder if I'm approaching the problem from the wrong direction. Is there a more "Linux-native" philosophy for this kind of workflow automation that I'm missing?
And yes, I'm aware of Paperless-ngx. It's a fantastic project, but I'm committed to my current folder structure and prefer to avoid a solution that centralizes my documents in a database, away from my Nextcloud setup and my filesystem-first-philosophy for document management. I don't trust that paperless-ngx will be available in 40+ years from now, but I need my document management to last that long.
[1]: http://www.dropitproject.com/
[2]: https://github.com/ocrmypdf/OCRmyPDF
[3]: https://github.com/ptmrio/autorename-pdf
[4]: https://forum.manjaro.org/t/fujitsu-scansnap-home-software-f...
Have they fixed font rendering yet? cmd.exe looks better on my laptop
https://github.com/microsoft/terminal/commit/906edf7002b8ccf...
You need to define the "antialiasingMode" key in the settings JSON for the default profile to hold the value "cleartype", rather than "grayscale" (which is the default value). I don't believe this is exposed in the GUI settings page.
Note that this only affects the actual terminal emulation area. The rest of the application will still be pixel-level font smoothed (so e.g. the tab titlebars, the settings, etc.).
Something wrong with my eyes? Doesn't cmd.exe look smoother in this screenshot?
Cheers to decades of memories with PuTTY!
No idea what this means.
Anyway Simon Tatham's games are so good I think he gets a pass on anything else he does.
The current holder of that domain is using it to host a single page that pushes anti-vax nonsense under the guise of fighting censorship... but also links to the actual PuTTY site. Very weird mix of maybe-well-meaning and nonsense.
And in 2022, he wrote "Covid-19 is mostly snake venom added to drinking water in selected locations. There may also be a virus, but the main vehicle of hospitalizations is boatloads of powder, mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake venom."
Whaaaaat the fuuuuuuck
Can anyone debug this statement?? I’m not looped into weird this realm of paranoid delusion torecognizs what they’re referring to here.
https://web.archive.org/web/20250728091154/https://www.putty...
Plus, I can find absolutely zero evidence of the existence of a German journalist called "Mirai F", so I'm a bit suspicious. (It might be the "PuPRed" person being maybe-doxxed -- but that's a blog site which entirely consists of a single article about PuTTY, so I'm not convinced "journalist" applies in a meaningful sense.)
The Bitvise answers also don't look good, of course. Nobody comes out of that one smelling like roses.
I say this as someone who thinks putty.org was pretty sketchy before it went full anti-vax, and is currently looking like a slam-dunk example of the kind of thing trademark law was meant for.
The homepage and the downloads page both seem fine to me.
(BTW, the collection of one-player puzzle games is super!)
* https://mastodon.gamedev.place/@thomastc/115031906344758192
Using putty as my daily driver was definitely part of my coming-of-age story as a windows sysadmin way back when.
putty.org is not run by the PuTTY developers
https://news.ycombinator.com/item?id=44558328
Hijacking Trust? Bitvise Under Fire for Controlling Domain of FOSS Project PuTTY
https://news.ycombinator.com/item?id=44579265
* https://hachyderm.io/@simontatham/115026616955174986
Putty is a terminal emulator and an SSH + telnet client all in one. Now Microsoft offers a number of platforms that overlap to provide similar functionality.
WSL2 (aka WSL) is the Linux system that runs a Linux kernel and apps within Windows (technically a hidden HyperV VM) with some loose bindings to the OS resources for networking, files etc.
OpenSSH is the SSH client installed with Windows. It can be used via CMD or Windows Terminal + Powershell . You don’t need WSL installed. So it’s great for VMs or remote shells.
Powershell is the Windows Shell (like bash on Linux or CMD on earlier windows) that lets you run openssh and other windows CLI Apps
Windows Terminal is the new-ish (6+ years) terminal emulator that lets you run a variety of shells. Most commonly Powershell , Bash (WSL), or you can SSH to any host using openssh . It works like tmux with tabs/windows into any remote host .
I decided to lay this all out because Windows apps for SSH and terminals are a little different than Linux.
That said, some people like PuTTY. It is much easier to setup and use. It also offers other features (like serial communications).
Just open a terminal and type ssh just like you would in Linux.
I'm pretty happy with Windows Terminal these days, but before then, it was all PuTTY + SecureCRT.
Then again, I may be biased due to always remembering PuTTY's official page being someone's personal site hosted on a .org.uk server.
There is actually a mirror at https://www.puttyssh.org/
Even puttytelnet.com/org/net is available.
Hell the puttytel.net is available
I (and I suspect several others) suggested a TLD that you would probably have no qualms about, a few weeks ago. M. Tatham went with software. instead; which is fair enough. software. has been around for a while, and is stable and a fairly on-point choice.
Be thankful that it was not putty.party. . (-:
Sometimes I feel like we are training users to disregard safety mechanisms for phishing.
Using putty was never the pinnacle of professionalism and open source auditing anyway, it's just a binary you download on windows before you hear the gospel of linux and ssh.
Huh? The source is available on the original site and TTBOMK always has been, you're welcome to compile it yourself.
However, it seems that the universe heard my pleas https://git.tartarus.org/?p=simon/putty.git;a=commit;h=c19e7... Replace mkfiles.pl with a CMake build system
For context, I believe that a tool isn't open source unless I can build it, so I actually build almost anything I can from source for that reason
This landing page looks suspicious. Even though the HTML links look like they go back to the legit site (https://www.chiark.greenend.org.uk/~sgtatham/putty) I'm not clicking through to find out. There have been spoofing of links for 100's years.
https://en.wikipedia.org/wiki/IDN_homograph_attack
I do see this type of versioning as an indictment of such a technology for production scenarios, it's all a house of cards if that's what you are building upon.
It's a liability disclaimer versioning schema
PuTTY's website is fairly clean and accessible, unlike this landing page.
Come on, even ChatGPT can do a better job than this.
It is a reasonable change to make. Do the rest of their native Win32 UI controls still use MS Sans Serif (Windows 98) or Tahoma (XP) instead of Segoe UI (Vista)?