Mastodawn

Jernej Simončič �3d ago

General reminder:

The domain name putty.org is *NOT* run by the #PuTTY developers. It is run by somebody not associated with us, who uses the domain to interpose advertising for their unrelated commercial products. We do not endorse those products in any way, and we have never given any kind of agreement for PuTTY's name to be used in promoting them.

Please do not perpetuate the claim that putty.org is the PuTTY website. If anyone is linking to it on that basis, please change the link. The PuTTY website is https://www.chiark.greenend.org.uk/~sgtatham/putty/ and it always has been.

You can check this by downloading the source code, which cites that URL in many places (the README, the documentation, some strings in the actual code), or by using the "Visit Web Site" menu options in the official Windows binaries (the ones signed with my personal Authenticode certificate). The true PuTTY website is the one that PuTTY itself says it is.

Many search engines list putty.org above chiark. I don't know if this is due to active SEO on the part of the domain owner, or a heuristic in the rankings. Either way, don't believe them. It's not our site.

PuTTY: a free SSH and Telnet client

@simontatham thanks for putty

it is essential software literally everywhere I've been

🤩

@simontatham incidentally that's the longest URL I know by heart and also probably the one I've known by heart for the longest. must be 25 years now.

Eric Stein �3d ago

@zip @simontatham haha, same... I've had that memorized since I was a teen

@zip
I always used this google request to download putty: wikipedia putty

A few years ago, I found out ssh.exe and scp.exe are now always present on windows's cmd.exe prompt, hence I stopped downloading Putty.

Thanks for the work, @simontatham ; is there some way to give money to you?

@simontatham to be fair the official uri looks a lot less official and I can understand everyone who will mistake it as unprofessional / not the real deal / fan site

Simon Tatham 3d ago

@saxnot yes, with hindsight it was a mistake not to grab putty.org at the earliest opportunity, before some other opportunist did. But then PuTTY never *aimed* to become widely known. Its fame grew gradually by word of mouth, so it was never quite clear when it would be a good idea to get the most obvious domain – until it was too late.

The chiark URL is of a type that was very common in the 90s, especially for software published by someone who didn't yet know whether it would have more than a dozen users – which was exactly the situation when I started!

Alexander Dyas 3d ago

@simontatham @saxnot Have you thought about hosting it on Github, with the executables as releases? This is where I'm tending to go these days for trusted downloads.

Cassandrich 3d ago

@alexanderdyas @simontatham @saxnot GitHub is headed in the direction of untrustworthy. And they're ultimately owned by the same party that owns the deceptive putty.org... 🤦

Simon Tatham 3d ago

@dalias @alexanderdyas @saxnot even before Github was owned by MS, I didn't like the look of it.

Partly because it's not itself free software: unlike Gitlab, if you want to export your project with all its metadata like the bug database, you can't make a compatible instance to move it to. If you can see the vendor lock-in coming _before_ you're already committed, avoid it.

And partly _because_ it was trying so hard to make itself the One True Place. There shouldn't _be_ a One True Place. As soon as there is, someone can buy it out and monetise / enshittify / generally do bad things with it.

I'd rather contribute to the Internet being distributed, than contribute to it being centralised. That's why I'm on Mastodon and was never on the birdsite, and it's why I don't use Github (except for sending patches to projects that are already hosted there).

Alexander Dyas 3d ago

@simontatham @dalias @saxnot Can't disagree with anything you're saying. All good points.

Cassandrich 3d ago

@simontatham @alexanderdyas @saxnot This. TBH in the modern internet, something in the form of the current putty url looks more trustworthy than most.

Alexander Dyas 3d ago

@dalias @simontatham @saxnot Microsoft own putty.org?

Cassandrich 3d ago

@alexanderdyas @simontatham @saxnot Apparently they own the malware company that owns putty.org: https://mk.absturztau.be/notes/aa5arsrdj9i4025w

Max ◎▼◎ (@bigbird)

@mattwelke@mstdn.ca @simontatham@hachyderm.io I guess so, the Domain seems to be owned by the Team of BitVise wich is owned by Microsoft. This is nasty. Edit: Let's see what they answer. (📎1) RE: @bigbird@mk.absturztau.be @simontatham@hachyderm.io Up for me. The website has a bunch of disclaimers that they're not affiliated with the PuTTY project. Could they have taken the website down for maintenance and added those disclaimers just now, in response to this toot? RE: ...

ぷにすきー

Alexander Dyas 3d ago

@dalias @simontatham @saxnot 😳

Craig Stuntz 3d ago

@dalias @alexanderdyas @simontatham @saxnot I do not think it’s true that Microsoft owns Bitvise.

Space Hobo 3d ago

@simontatham @saxnot The hierarchy of long hostnames was also seen in the 90s as a source of authenticity. If you got your software from like ftp.paphnutios.vision.cs.miskatonic.edu, then it meant that if it went down or got hacked, you kind of knew you could track out the Computer Science folks at that university and ask after problems in the vision lab... maybe you know someone who's into old Byzantine saints perhaps?

And yeah, you'd find out that the Internet depended in part on a third-hand sparcstation with clogged fans that sat on someone's desk and shared a circuit breaker with a video array that drew too many amps, but everyone would hear the story and know they could expect it back in a few days.

bazingoid 3d ago

@simontatham @saxnot i mean, since putty *is* more than 1 tool (telnet, ssh, key conversion i think? havent used it in a while), wouldn't putty.tools work? it's not taken as of writing this

@bazingoid @simontatham good idea!

Wilfried Klaebe 3d ago

Well... PuTTY more or less belongs on the "WHO Essential Medicines List" for (windows) computing now...

@simontatham @saxnot

Michael Knudsen 3d ago

@simontatham @saxnot the chiark URI reminds me of a time when the web was a lot more fun. Uglier, maybe, but diverse and lots of fun!

verifiedlesbian

@saxnot I've already come across cases where people warn not to visit URLs with a tilde in them because they're not 'proper' web sites that don't even have their own domain and can contain anything.

Naturally the talking points are BS, but when I first time in my life installed PuTTY, I would've gone to putty.org easily over an URL that I can't even read out aloud to someone on the phone without having to spell out several parts of it.

PuTTY is easily past the point where it should live under its own domain.

Henrik Pauli 3d ago

@aamurusko79 @saxnot That's nothing new tbf :) hosting stuff in your own public_html has been odd for anything "serious" for over two decades at the very least. But, it is how it is, it's just kind of a bummer that Simon has to put up with the faker.

Arne Babenhauserheide 3d ago

@simontatham did you already discuss registering a brand for PuTTY and then asking the domain owner nicely to hand over the domain?

@ArneBab @simontatham At this point, it would be absolutely the right thing to get the domain back, one way or another.

(Probably register the trademark first if that isn't too expensive, then ask nicely, and then get out the lawyers)

Simon Tatham 3d ago

@Sobex @ArneBab@rollenspiel.social I'd like nothing better, but I think I'd have to _start_ with a lawyer, just to get any idea at all of where to begin. I did try contacting one once, but they never replied to my query.

For example, I have no idea whether it _is_ the right strategy to start by registering the trademark, or how to do that, or even which country to do it in. (I'm guessing the USA, because it's .org and not .org.[country] – but _I'm_ not in the USA, so can I register a trademark there at all?)

@simontatham I wonder if that's where all the free software ecosystem already has actors with a presence in the US and lawyers who might help. (What is the FSF job if not that one ?)

Demi Marie Obenour 3d ago

@simontatham @Sobex A WIPO dispute can get the registrar to give you the name.

Demi Marie Obenour 3d ago

@simontatham @Sobex and WIPO is worldwide, so jurisdiction doesn’t matter.

neel chauhan 3d ago

@alwayscurious @simontatham @Sobex once pfSense devs bought OPNsense.com in order to defame OPNsense developers.

OPNsense got the domain, eventually.

OPNsense® Shop – Everything to secure your network and more

Eugen Rochko 3d ago

@simontatham @Sobex You absolutely can. There are online services that will facilitate this for you, though the process takes a long time (up to a year). I’ve used tramatm.com in the past.

Zalasur 🇺🇦3d ago

@Gargron @simontatham @Sobex One potential obstacle I can see right away is that "putty" is something of a generic term which might make it untrademarkable. Also, "Silly Putty" is a registered trademark (owned by Crayola) and you very well might run into a roadblock there.

You might have to modify the name of the project to something that a Trademark office might consider unique enough to trademark.

But yeah as Gargron as noted, there are services available to help with this process.

Zalasur 🇺🇦3d ago

@Gargron @simontatham @Sobex

FYI, there is a potential solution that might help solve your problem without having to resort to a trademark in the short term.

One reason why putty dot org outranks the official PuTTY site is that they host their page on a the root path of their domain. Search engines will *always* add more weight to those sites than one hosted under a personal user account directory.

I'd find another domain to register and host it there. That might solve 80% of the problem.

Fish Id Wardrobe 3d ago

@simontatham @Sobex to be fair, it could be worse. they link to your site at the top and then also a couple other products which they make clear are not yours.

(unless I am missing a lot of ads because I block 'em.)

Arne Babenhauserheide 3d ago

@Sobex For the two important domains where I don’t hold effective rights-due-to-use I registered a brand as defense. I remember when Shareaza got the domain taken away by a malware peddler (via registering the brand and then telling the domain registrar), so to be safe, the actual maintainers of a tool should own the matching brand to be able to defend against such.
@simontatham

Stellar 🇫🇷

@simontatham henlo, thank you for making putty! every sysadmin i know has used or still use putty!

very goob software we love you

Stefan Baur 7 * 💉3d ago

@simontatham I think you should absolutely lawyer up and file a WIPO Domain Name Dispute Resolution complaint. https://www.wipo.int/amc/en/domains/

"When your brand is misused to deceive consumers online (also known as “cybersquatting”), WIPO – the global leader in domain name dispute resolution – can help you reclaim the infringing domain name using an online enforcement tool called the UDRP or a national “ccTLD” variant."

Domain Name Disputes

Avoid court proceedings by using the WIPO Arbitration and Mediation Center's domain name dispute resolution services.

Gytis Repečka 3d ago

@farbenstau @simontatham Typically if brand name is registered after domain, there is no chance getting a domain other than buying it from owner. Unless you can prove your unregistered trade mark is well known and that current domain owner is referencing to your brand and not some similar.

In short, always register domain and then registered trade mark/name afterwards before getting your brand public

Simon Tatham 3d ago

@gytisrepecka @farbenstau in this case it does seem pretty clear that the current domain owner is referring to the same PuTTY I am, and isn't talking about some unrelated thing with the same name!

Gytis Repečka 3d ago

@simontatham In that case it is more than possible to get the domain

Jeff McNeill 3d ago

@simontatham Ever think "maybe I need a better domain name?"?

Simon Tatham 3d ago

@jeffmcneill the project history went through three phases:

1. no idea yet whether this is going to be a widely used tool

2. domain names cost money and admin faff, search engines can find our website anyway, on balance doesn't seem worth it

3. too late

Jeff McNeill 3d ago

@simontatham never too late to improve SEO

Simon Tatham 3d ago

@jeffmcneill it is when the obvious domain name has already been registered by somebody else!

@simontatham @jeffmcneill firstly, thanks for making Putty! I love it.

Secondly, perhaps putty.some-other-tld is still available?

smolwaffle 3d ago

@simontatham
How about something like puttyssh.org, or puttyshell.org?
@jeffmcneill

Jeff McNeill 3d ago

@simontatham there are always available unique domain names that are on-brand.

Space Hobo 3d ago

@jeffmcneill @simontatham The SEO speedwagon is long gone: everyone's getting absurd made-up generative slop now.

Jeff McNeill 3d ago

@spacehobo @simontatham DNS names are a part of a brand. There is nothing extinct about basic branding principles.

Space Hobo 2d ago

@jeffmcneill @simontatham Search Engines are extinct. Therefore Optimising for them is an exercise in nostalgia.

Jeff McNeill 2d ago

@spacehobo @simontatham exact match domains aren't going away, even in this fantasy world without search engines.

Space Hobo 1d ago

@jeffmcneill @simontatham Huh, so what does the "SE" in "SEO" stand for, to you?

Eva Mikkonen 3d ago

@simontatham Doesn't sound like proper use case of .org, dispute it on that ground?

Dan Getz 3d ago

@evamik Anyone can register a .org, if that's what you mean. Some of the .org.countrycode domains might have restrictions on who can register, but not .org

Khleedril 3d ago

@simontatham The internet in particular, and the worldwide adoption of new technology in general, are well broken at this point. Yours is a perfect example of this.

Perhaps we need a TLD where you don't even have to apply for a name: you become automatically associated with an address by implication, and become free to use it as needed.

verifiedlesbian

@simontatham To be honest, nowdays an URL like that, especially one with a tilde in it, would make a less tech savvy person think this looks a lot like a phishing URL, especially when there's the 'obvious' .org site that the search engines like.

Nowdays even a weekend long event has their own domain, PuTTY should have something that you can just tell people go to, instead of 'Just google download putty' and it's up there in the results'.

There has to be free software advocates organizations out there who'd take it as their project to liberate the .org without huge legal costs.

Major Denis Bloodnok 3d ago

@simontatham There are a huge number of imitators (mostly malicious) of popular piracy site "fitgirl", and likewise everything you get from there has the right URL plastered over it in all possible places.

Clearly you should agree with her that she'll mention the PuTTY URL and you'll tell people where to yarr games. :-)

novaTopFlex 3d ago

@simontatham Absolutely. I have never accessed the PuTTY website until this disclaimer was mentioned, and I had been compelled to visit the “PuTTY” website that is unrelated. Yes, the contents of the website that claims to be “PuTTY” are indeed associated with PuTTY without any relation to the true project developers.

GothPanda 3d ago

@simontatham I'm assuming this site also isn't you folks?

https://the.earth.li/~sgtatham/putty/0.83/

I've found them because they provide versions for older versions of Windows, but wasn't sure if it was related, because of the username.

Index of /~sgtatham/putty/0.83

Colin Watson 3d ago

@gothpanda @simontatham The individual file download links on https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html point there. (IIRC this is a question of which friendly people can readily afford the bulk bandwidth costs.)

Download PuTTY: latest release (0.83)