A.9.3 Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned) ...
Searching for "putty ssh" on both DDG and Google now return putty.org as their top result.
whywhywhywhy · 4h ago
It's not even on the screen for me when searching "putty"
1: putty.org
2: "People also ask, What is putty and why is it used?" then 4 other questions about the material putty taking up most of the page
3: Videos "How to use Putty to SSH on Windows"
----- Fold -----
4. Video "How to Use Putty?"
5: Video "How to SSH Without a Password with Putty"
This is definitely something that should be raised to the putty team. But with how the rest of the text is worded, I doubt that will change their mind.
peanut-walrus · 2h ago
Huh weird, usually top 3 results are "sponsored" links serving malware.
asimops · 1h ago
Might be one of those weirdos using an ad blocker ;)
ColinWright · 5h ago
Here's a framing of the problem.
There's software called PuTTY, and non-technical or less technical people, or even technical people who are running on autopilot, might reasonably expect that it's hosted on putty.org.
They just need to be more careful.
Here's an analogy.
Even capable programmers keep screwing up when using C and end up with memory leaks and security vulnerabilities. But that's no reason to stop using it ... people should just be more careful.
No analogy is perfect, every example has problems and loopholes, but this seems a reasonable one. Just as people should use programming languages that make it harder to make mistakes, so companies should not behave in deceptive manners, and when they do, they should be called out on it.
112233 · 4h ago
It is good analogy.
Similarly, telcos keep accepting and showing any cooked up caller ID over their SS7, and when someone gets scammed because they trusted the caller ID, the messaging I hear always actually is "people should just be more careful."
Same as banks requiring only card number to give someone money from the account. "you shoul be more careful with your card number."
It is sad to hear the level of victim blaming from the big industry.
asimops · 1h ago
I don't think the issue really stems from putty.org being there. It stems from a "trusted" third-party, the search engine, suggesting you the wrong place.
Therefore I think you are missing the point with your analogy.
richrichardsson · 3h ago
Except Google, DuckDuckGo, Bing all return putty.org as the top result. The "official" PuTTY website appears as either the 2nd or 3rd result.
putty.org has this on their page:
> On July 13, 2025, Bitvise was contacted by a political interrogator posing as a journalist.
They are doing a great job of making themselves look like assholes.
asimops · 2h ago
IMHO neither of the two showed exactly nice behavior. But I don't think that this is particularly relevant.
sdflhasjd · 5h ago
Google (not saying it's a good search engine, but people use it) puts putty.org at the top of search results.
The results shows as:
Download PuTTY - a free SSH and telnet client for Windows.
PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source...
TonyTrapp · 5h ago
How does your example relate? keepass.info is the official Keepass website, owned by the Keepass developer.
Still there were multiple requests to the Keepass project to change that domain to "a proper" domain like keepass.com
stavros · 3h ago
I, too, took your comment to mean that keepass.info is to KeePass as putty.org is to PuTTY.
asimops · 1h ago
Well, classic sender receiver mismatch I guess :D
Is my intent more clear with that second try to explain? If not, I'm more then welcome to talk about a better way to phrase it :)
mnaimd · 6h ago
> “The difference is not one of profit, it is one of philosophy. You believe software can be managed by a committee. I believe software requires an owner, otherwise it is dead.”
This justification is even worse than the domain squatting itself.
Some of the most influential software in history (Linux, Git, GCC, and yes, PuTTY) thrived under community-driven development. The idea that software "dies" without a single corporate owner is not just false, it’s insulting to the open-source ecosystem.
If Bitvise truly believes in their philosophy, they wouldn’t need to borrow PuTTY’s reputation by holding putty.org. Maybe they should spend less time on branding and more time studying how successful open-source projects actually work.
TrevorStepnikkk · 4h ago
I see where you're coming from, but I think your examples actually prove the opposite point.
I've always seen Linux and Git not as projects run by a committee, but as projects guided by a single, trusted leader. Linus Torvalds is the owner of the kernel's vision. He has the final say. That isn't community consensus; it's benevolent dictatorship.
So while the putty.org situation is shady, I believe the core idea is right: great software needs a final arbiter with a clear vision, not just a crowd.
goku12 · 4h ago
I seriously doubt that they're talking about leadership when they say ownership. Otherwise it would make little sense because few foss projects are democracies anyway.
bstsb · 5h ago
both sides are at fault here (the "journalist" and Bitvise - the PuTTY maintainers have nothing to do with this).
the Bitvise owner shouldn't have responded so unprofessionally, and their views on open source software are strange - but they're correct that the domain was never "historically associated with PuTTY", it just uses its name.
additionally, the usage of unformatted markdown in each "journalist" email makes me think this story was at least partially assisted by an LLM
(https://putty.org/20250713-MiraiF-Emails.txt)
in short this is a nothing story
tojumpship · 5h ago
LLM written, spurring up controversy, holding a private company accountable like they are the government. If they - PuTTY - is bothered enough, they are allowed to sue or request a takedown, and if legal grounds are not viable I don't think Google would mind ranking the correct website up after request. This "issue" has been present for years and this journalist picks up on it, presses on the guy as if he was in the Panama Papers or something and writes the article with newgen LLM no less. Disgraceful.
ptx · 5h ago
> The domain, long associated by users with PuTTY [...] a domain name that clearly and historically signals the PuTTY project
This seems a bit misleading. The domain has never, as far as I know, belonged to the project, so it can only have been "long associated" in the minds of users mistakenly trying to guess the URL and "historically" navigating to the wrong website.
> “The PuTTY project never had this domain”
Right.
> Search engines treat domain names like putty.org as authoritative.
Do they? Domain names "like" putty.org in what sense? Which search engines, by what mechanism?
greatgib · 7h ago
Here they think that what is doing Bitvise is legal but I think that it might not be the case in the law of a number of countries and even possibly in domain names "regulation"?
This is parasitism, or deceptive practice to hold the domain name of a competitor claiming your are to be associated with the other project.
extremely subjective. the damage of allowing schoolmarm types to determine laws based on what they think is parasitic or deceptive is more dangerous than the unambiguous and coherent concept of property. PuTTY owns https://www.chiark.greenend.org.uk/~sgtatham/putty/
There are a number of strings in this domain that cause me great distress. Should I be allowed to seize their property?
brabel · 4h ago
What a ridiculous argument. Every project and company that has a trademark should be allowed to protect that, including by claiming domains clearly intended to appear associated with their trademark. Being offended by strings has nothing to do with that and it’s childish to try to derail the conversation like that.
It's best to just ignore them instead of trying to play their games.
fifteen1506 · 3h ago
Look, I understand. Excess of information leads people to start skimming all text. But look:
"Below suggestions are independent of PuTTY. They are not endorsements by the PuTTY project."
Above of this is a direct link to PuTTY's website.
I'm afraid this is a non-issue. Sure, you are free to rant, and I appreciate the good intentions behind it, but count me out on raging.
www.putty.org SHOULD be the correct address. Failing that, LINKING to the correct website is an acceptable measure, specially when such linking is on top.
Want to blame someone? Blame SEO, where a decent 2000 website with no issues whatsoever is pushed down the results.
msgodel · 6h ago
I don't think Bitvise is even doing anything wrong here? There's nothing wrong with running what is essentially a fan site and promoting your own things on it.
SpaceNugget · 5h ago
It's a company who bought the domain of the exact name of the largest open source project that they directly compete with and then advertise themselves on it? This is at the very least unethical. You can't just use a competitors exact name to run a website that tries to snipe users looking for your competitor and call it a "fan site".
The comments on this submission are pretty strange. What are the chances that a bunch of non-sockpuppet HN type of people are in support of this kind of garbage? Generally with sort of abysmal behaviour like the email communication in the article, there's people going to bat against actually defensible actions purely in the name of civility on HN. These bitvise people seem bad from both angles and yet the of early comments are either ignoring the issue and redirecting (e.g. "who even uses putty") or outright defending their shitty behaviour?
whywhywhywhy · 4h ago
It's definitely unethical but the creator of Putty keeps insisting and repeating that the Putty website is the long old homepage style URL and "always has been" and "if people search they can find it".
I think if they actually have a problem with it and are not just repeating that to cope they need to start acting like they have a problem with it. Trademarks need defending and you come out the door with the mental model that it's yours, you own it, the other group are in the wrong. If you opened your trademark dispute with "Well our trademark has always been X and people know to find us at X" you're gonna lose your dispute.
It's just hard to argue it's actually a real problem if the individual it's affecting keeps sort of pretending and saying that it's not even if deep down it is.
msgodel · 5h ago
You can buy domain names with competitors names in them. People do this all the time. If you don't want people doing that you need to register the names yourself.
ColinWright · 5h ago
So someone who has written something and made it available for the common good, and makes no money from it, should now go and buy every possible domain that people might use in a deceptive manner.
This is a great example of what drives people away from providing anything for free.
whywhywhywhy · 4h ago
Yes, all the ones actually worth owning are only a few dollars if you have a unique project name, you don't need "every possible domain" you just need one that looks legit.
Unfortunately this is the world we live in where if you don't then someone else will and they'll abuse it so you have to act defensively.
Either you put the time into the project and care about it in which case you should spend the few dollars a year defending it from drama like this, or you don't care even a few dollars worth about the project in which case just let whatever happens happen because you don't care, a .org is the price of a few coffees.
Only a few parts of the world you can leave a bike unlocked on the street, and the internet contains the whole world.
em-bee · 2h ago
there are to many top level domains that look legitimate:
i could not tell which one of these should be more legitimate than any other. registering even just a few of those is going to add up to a sizable yearly bill.
msgodel · 5h ago
It's a namespace problem. You can't just ban people from registering anything that might be confusing like that. If we followed your idea the internet wouldn't work.
EDIT: They're not deceiving users though? The first section on the index page links directly to the real putty site. They're very clear about all of it.
EDIT2: Nope. We really don't want DNS "moderators." All of us have seen what happens with forum moderators. Like I said if that were done the internet would not work. It's not about the cost it's about being unable to clearly define what should be banned.
If you want to see a great example
of how moderation like that both stops legitimate use and fails to stop malware go look at smartphone app stores. The result is borderline unusable garbage.
Selling mushy stuff for plumbers and kids? No problem!
It takes a simple reporting system, couple moderators costing peanuts compared to what we pay for the names and a clear set of rules forbidding intentionally misleading users.
Eldt · 4h ago
That's a good way to lose your domain name
fifteen1506 · 3h ago
It's a free ad!
udev4096 · 6h ago
Who uses putty anyway? Doesn't winblows have a native ssh client?
thyristan · 6h ago
Yes, but an outdated and broken version usually. You'd have to install mingw or cygwin for a proper one, or use a Linux VM like w4lv2.
112233 · 4h ago
I use putty on linux. now what?
mrweasel · 4h ago
I hope you do, that would be pretty funny. Like using PowerShell as your shell on Linux.
112233 · 2h ago
I'll bite. What is your preferred way to use serial port console on linux? Kermit? I am really no fan of minicom...
Also, I'd take pterm over modern gpu electron nodejs turtle tower terminals. It has sane requirements and perfomance, behaves in a consistent, predictable manner and handles large scrollback very well.
Why bad?
mrweasel · 12m ago
No one said bad. Putty is awesome, it's just always funny when the best program on Linux is a Windows program running in Wine.
I didn't consider serial ports, only SSH, in that case I actually do struggle to suggest something better.
As for terminals, I don't know, I just run Xterm.
udev4096 · 4h ago
No one in their right mind would use powershell core. zsh, fish and plenty of other shells are way mature and doesn't have Microshit behind it
Putty isn't just ssh, it's also the VTE and serial terminal. Also it has its own keys/configs/shortcuts people are almost certainly used to. I don't think there's even an easy way to migrate putty shortcuts (I can't remember what they're called) to OpenSSH.
udev4096 · 4h ago
I forgot. Windows users are so inefficient that they require a GUI for doing just about anything. Have fun being inefficient!
msgodel · 1h ago
It's a different paradigm. I think just like they do sometimes we get lost in our own world. They had CUA and portable apps before malware became a big deal and got really used to that.
I think people should respect that try harder to meet users where they are.
This has never changed.
Just because someone likes to use short circuit routing in their head doesn't make putty.org the official site for putty.
That is the same attitude as telling the Keepass folks that https://keepass.info/ is wrong...
edit:
Maybe also have a look at the putty FAQ, especially 9.3
https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#...
From that doc:
A.9.3 Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned) ...
Searching for "putty ssh" on both DDG and Google now return putty.org as their top result.
1: putty.org
2: "People also ask, What is putty and why is it used?" then 4 other questions about the material putty taking up most of the page
3: Videos "How to use Putty to SSH on Windows"
----- Fold -----
4. Video "How to Use Putty?"
5: Video "How to SSH Without a Password with Putty"
6: https://www.chiark.greenend.org.uk/~sgtatham/putty/ the actual site
There's software called PuTTY, and non-technical or less technical people, or even technical people who are running on autopilot, might reasonably expect that it's hosted on putty.org.
They just need to be more careful.
Here's an analogy.
Even capable programmers keep screwing up when using C and end up with memory leaks and security vulnerabilities. But that's no reason to stop using it ... people should just be more careful.
No analogy is perfect, every example has problems and loopholes, but this seems a reasonable one. Just as people should use programming languages that make it harder to make mistakes, so companies should not behave in deceptive manners, and when they do, they should be called out on it.
Similarly, telcos keep accepting and showing any cooked up caller ID over their SS7, and when someone gets scammed because they trusted the caller ID, the messaging I hear always actually is "people should just be more careful."
Same as banks requiring only card number to give someone money from the account. "you shoul be more careful with your card number."
It is sad to hear the level of victim blaming from the big industry.
Therefore I think you are missing the point with your analogy.
putty.org has this on their page:
> On July 13, 2025, Bitvise was contacted by a political interrogator posing as a journalist.
They are doing a great job of making themselves look like assholes.
The results shows as:
Still there were multiple requests to the Keepass project to change that domain to "a proper" domain like keepass.com
Is my intent more clear with that second try to explain? If not, I'm more then welcome to talk about a better way to phrase it :)
This justification is even worse than the domain squatting itself.
Some of the most influential software in history (Linux, Git, GCC, and yes, PuTTY) thrived under community-driven development. The idea that software "dies" without a single corporate owner is not just false, it’s insulting to the open-source ecosystem.
If Bitvise truly believes in their philosophy, they wouldn’t need to borrow PuTTY’s reputation by holding putty.org. Maybe they should spend less time on branding and more time studying how successful open-source projects actually work.
I've always seen Linux and Git not as projects run by a committee, but as projects guided by a single, trusted leader. Linus Torvalds is the owner of the kernel's vision. He has the final say. That isn't community consensus; it's benevolent dictatorship.
So while the putty.org situation is shady, I believe the core idea is right: great software needs a final arbiter with a clear vision, not just a crowd.
the Bitvise owner shouldn't have responded so unprofessionally, and their views on open source software are strange - but they're correct that the domain was never "historically associated with PuTTY", it just uses its name.
additionally, the usage of unformatted markdown in each "journalist" email makes me think this story was at least partially assisted by an LLM (https://putty.org/20250713-MiraiF-Emails.txt)
in short this is a nothing story
This seems a bit misleading. The domain has never, as far as I know, belonged to the project, so it can only have been "long associated" in the minds of users mistakenly trying to guess the URL and "historically" navigating to the wrong website.
> “The PuTTY project never had this domain”
Right.
> Search engines treat domain names like putty.org as authoritative.
Do they? Domain names "like" putty.org in what sense? Which search engines, by what mechanism?
This is parasitism, or deceptive practice to hold the domain name of a competitor claiming your are to be associated with the other project.
It's best to just ignore them instead of trying to play their games.
"Below suggestions are independent of PuTTY. They are not endorsements by the PuTTY project."
Above of this is a direct link to PuTTY's website.
I'm afraid this is a non-issue. Sure, you are free to rant, and I appreciate the good intentions behind it, but count me out on raging.
www.putty.org SHOULD be the correct address. Failing that, LINKING to the correct website is an acceptable measure, specially when such linking is on top.
Want to blame someone? Blame SEO, where a decent 2000 website with no issues whatsoever is pushed down the results.
The comments on this submission are pretty strange. What are the chances that a bunch of non-sockpuppet HN type of people are in support of this kind of garbage? Generally with sort of abysmal behaviour like the email communication in the article, there's people going to bat against actually defensible actions purely in the name of civility on HN. These bitvise people seem bad from both angles and yet the of early comments are either ignoring the issue and redirecting (e.g. "who even uses putty") or outright defending their shitty behaviour?
I think if they actually have a problem with it and are not just repeating that to cope they need to start acting like they have a problem with it. Trademarks need defending and you come out the door with the mental model that it's yours, you own it, the other group are in the wrong. If you opened your trademark dispute with "Well our trademark has always been X and people know to find us at X" you're gonna lose your dispute.
It's just hard to argue it's actually a real problem if the individual it's affecting keeps sort of pretending and saying that it's not even if deep down it is.
This is a great example of what drives people away from providing anything for free.
Unfortunately this is the world we live in where if you don't then someone else will and they'll abuse it so you have to act defensively.
Either you put the time into the project and care about it in which case you should spend the few dollars a year defending it from drama like this, or you don't care even a few dollars worth about the project in which case just let whatever happens happen because you don't care, a .org is the price of a few coffees.
Only a few parts of the world you can leave a bike unlocked on the street, and the internet contains the whole world.
EDIT: They're not deceiving users though? The first section on the index page links directly to the real putty site. They're very clear about all of it.
EDIT2: Nope. We really don't want DNS "moderators." All of us have seen what happens with forum moderators. Like I said if that were done the internet would not work. It's not about the cost it's about being unable to clearly define what should be banned.
If you want to see a great example of how moderation like that both stops legitimate use and fails to stop malware go look at smartphone app stores. The result is borderline unusable garbage.
Deceiving users? Warning, temporary ban, permanent ban!
Selling mushy stuff for plumbers and kids? No problem!
It takes a simple reporting system, couple moderators costing peanuts compared to what we pay for the names and a clear set of rules forbidding intentionally misleading users.
Also, I'd take pterm over modern gpu electron nodejs turtle tower terminals. It has sane requirements and perfomance, behaves in a consistent, predictable manner and handles large scrollback very well.
Why bad?
I didn't consider serial ports, only SSH, in that case I actually do struggle to suggest something better.
As for terminals, I don't know, I just run Xterm.
I think people should respect that try harder to meet users where they are.