A.9.3 Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned) ...
Searching for "putty ssh" on both DDG and Google now return putty.org as their top result.
This is definitely something that should be raised to the putty team. But with how the rest of the text is worded, I doubt that will change their mind.
... and when the results are junk, you go back to Google and so the KPI "time spent on Google" rises.
That's the problem when the metrics are focused on how the company is doing and not how the user is doing, but when there is barely any competition that is not dogshit you don't have to care about how the customer feels because they can't go anywhere anyway so you can feel free to extract the maximum profit from them.
That's also why Google, Facebook, Microsoft and OpenAI are all so hellbent on AI: they all want to be the one and only place that you interact with to get answers to your questions so that as much of your "eyeball time" as possible (and with it, ad income) stays in their respective walled gardens.
haha i swear for a super brief period of time they actually did have a little link if you ever travelled back to search results where you could feedback or filter the dumb sites... then someone was forced to re-read the company mandate and had to sign HR paperwork that now only evil
There's software called PuTTY, and non-technical or less technical people, or even technical people who are running on autopilot, might reasonably expect that it's hosted on putty.org.
They just need to be more careful.
Here's an analogy.
Even capable programmers keep screwing up when using C and end up with memory leaks and security vulnerabilities. But that's no reason to stop using it ... people should just be more careful.
No analogy is perfect, every example has problems and loopholes, but this seems a reasonable one. Just as people should use programming languages that make it harder to make mistakes, so companies should not behave in deceptive manners, and when they do, they should be called out on it.
Similarly, telcos keep accepting and showing any cooked up caller ID over their SS7, and when someone gets scammed because they trusted the caller ID, the messaging I hear always actually is "people should just be more careful."
Same as banks requiring only card number to give someone money from the account. "you shoul be more careful with your card number."
It is sad to hear the level of victim blaming from the big industry.
I don't think the issue really stems from putty.org being there. It stems from a "trusted" third-party, the search engine, suggesting you the wrong place.
Therefore I think you are missing the point with your analogy.
Google (not saying it's a good search engine, but people use it) puts putty.org at the top of search results.
The results shows as:
Download PuTTY - a free SSH and telnet client for Windows.
PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source...
It's a nice idea in principle, but one problem with that is that for many names, there are multiple "official" meanings. Apple Inc. and Apple Records is a well-known example. This is why Wikipedia has (sometimes lengthy) disambiguation pages.
> “The difference is not one of profit, it is one of philosophy. You believe software can be managed by a committee. I believe software requires an owner, otherwise it is dead.”
This justification is even worse than the domain squatting itself.
Some of the most influential software in history (Linux, Git, GCC, and yes, PuTTY) thrived under community-driven development. The idea that software "dies" without a single corporate owner is not just false, it’s insulting to the open-source ecosystem.
If Bitvise truly believes in their philosophy, they wouldn’t need to borrow PuTTY’s reputation by holding putty.org. Maybe they should spend less time on branding and more time studying how successful open-source projects actually work.
I see where you're coming from, but I think your examples actually prove the opposite point.
I've always seen Linux and Git not as projects run by a committee, but as projects guided by a single, trusted leader. Linus Torvalds is the owner of the kernel's vision. He has the final say. That isn't community consensus; it's benevolent dictatorship.
So while the putty.org situation is shady, I believe the core idea is right: great software needs a final arbiter with a clear vision, not just a crowd.
I seriously doubt that they're talking about leadership when they say ownership. Otherwise it would make little sense because few foss projects are democracies anyway.
The thing is that this was his "answer" to what was really the quite reasonable question of "do you think this is ethical?" To start talking about this sort of thing is completely disconnected from the actual question.
Of course you can have discussion about these aspects of the open source ecosystem; this is a long-running discussion where many people have discussed and disagreed in good faith. I don't entirely agree with your take personally, but I also don't entirely disagree and can see where you're coming from, and it's of course an interesting thing to discus.
However, in this context, as an "answer" to that question, it's hard to see it as anything other than just self-serving post-hoc rationalisation for being a selfish wanker. This is classic nihilism where the abuse of everything and everyone is justified as long as you can get away with it. Everything that moves the needle and you can get away with is morally justified because it moves the needle and you can get away with it.
> The domain, long associated by users with PuTTY [...] a domain name that clearly and historically signals the PuTTY project
This seems a bit misleading. The domain has never, as far as I know, belonged to the project, so it can only have been "long associated" in the minds of users mistakenly trying to guess the URL and "historically" navigating to the wrong website.
> “The PuTTY project never had this domain”
Right.
> Search engines treat domain names like putty.org as authoritative.
Do they? Domain names "like" putty.org in what sense? Which search engines, by what mechanism?
both sides are at fault here (the "journalist" and Bitvise - the PuTTY maintainers have nothing to do with this).
the Bitvise owner shouldn't have responded so unprofessionally, and their views on open source software are strange - but they're correct that the domain was never "historically associated with PuTTY", it just uses its name.
additionally, the usage of unformatted markdown in each "journalist" email makes me think this story was at least partially assisted by an LLM
(https://putty.org/20250713-MiraiF-Emails.txt)
LLM written, spurring up controversy, holding a private company accountable like they are the government. If they - PuTTY - is bothered enough, they are allowed to sue or request a takedown, and if legal grounds are not viable I don't think Google would mind ranking the correct website up after request. This "issue" has been present for years and this journalist picks up on it, presses on the guy as if he was in the Panama Papers or something and writes the article with newgen LLM no less. Disgraceful.
Has the putty.org website changed in the few hours since this was posted? I see nothing there about any kind of software at all. It appears to be about someone called Mike Yeadon, and scandals in the pharmaceutical industry. That's not what anyone else here is describing.
On the wayback machine it does appear that putty.org recently changed. If you go to www.putty.org you can see the page everyone is talking about still present.
Here they think that what is doing Bitvise is legal but I think that it might not be the case in the law of a number of countries and even possibly in domain names "regulation"?
This is parasitism, or deceptive practice to hold the domain name of a competitor claiming your are to be associated with the other project.
Look, I understand. Excess of information leads people to start skimming all text. But look:
"Below suggestions are independent of PuTTY. They are not endorsements by the PuTTY project."
Above of this is a direct link to PuTTY's website.
I'm afraid this is a non-issue. Sure, you are free to rant, and I appreciate the good intentions behind it, but count me out on raging.
www.putty.org SHOULD be the correct address. Failing that, LINKING to the correct website is an acceptable measure, specially when such linking is on top.
Want to blame someone? Blame SEO, where a decent 2000 website with no issues whatsoever is pushed down the results.
I don't think Bitvise is even doing anything wrong here? There's nothing wrong with running what is essentially a fan site and promoting your own things on it.
I don't get it. The putty website has always been https://www.chiark.greenend.org.uk/~sgtatham/putty/
This has never changed.
Just because someone likes to use short circuit routing in their head doesn't make putty.org the official site for putty.
That is the same attitude as telling the Keepass folks that https://keepass.info/ is wrong...
edit:
Maybe also have a look at the putty FAQ, especially 9.3
https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#...
Point of information.
From that doc:
A.9.3 Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned) ...
Searching for "putty ssh" on both DDG and Google now return putty.org as their top result.
It's not even on the screen for me when searching "putty"
1: putty.org
2: "People also ask, What is putty and why is it used?" then 4 other questions about the material putty taking up most of the page
3: Videos "How to use Putty to SSH on Windows"
----- Fold -----
4. Video "How to Use Putty?"
5: Video "How to SSH Without a Password with Putty"
6: https://www.chiark.greenend.org.uk/~sgtatham/putty/ the actual site
This is definitely something that should be raised to the putty team. But with how the rest of the text is worded, I doubt that will change their mind.
Huh weird, usually top 3 results are "sponsored" links serving malware.
Might be one of those weirdos using an ad blocker ;)
Really? You're telling me you weren't looking for softwaredownload.com free download software today?
Mojeek and brave return 1) putty.org, 2) official site; and additionally a snippet from wikipedia in a sidebar with a correct address.
How do we report disappointing search results to Google? (Does anyone know please?)
They don’t care if results are disappointing for you, they just want you to click more ads
... and when the results are junk, you go back to Google and so the KPI "time spent on Google" rises.
That's the problem when the metrics are focused on how the company is doing and not how the user is doing, but when there is barely any competition that is not dogshit you don't have to care about how the customer feels because they can't go anywhere anyway so you can feel free to extract the maximum profit from them.
That's also why Google, Facebook, Microsoft and OpenAI are all so hellbent on AI: they all want to be the one and only place that you interact with to get answers to your questions so that as much of your "eyeball time" as possible (and with it, ad income) stays in their respective walled gardens.
haha i swear for a super brief period of time they actually did have a little link if you ever travelled back to search results where you could feedback or filter the dumb sites... then someone was forced to re-read the company mandate and had to sign HR paperwork that now only evil
Here's a framing of the problem.
There's software called PuTTY, and non-technical or less technical people, or even technical people who are running on autopilot, might reasonably expect that it's hosted on putty.org.
They just need to be more careful.
Here's an analogy.
Even capable programmers keep screwing up when using C and end up with memory leaks and security vulnerabilities. But that's no reason to stop using it ... people should just be more careful.
No analogy is perfect, every example has problems and loopholes, but this seems a reasonable one. Just as people should use programming languages that make it harder to make mistakes, so companies should not behave in deceptive manners, and when they do, they should be called out on it.
It is good analogy.
Similarly, telcos keep accepting and showing any cooked up caller ID over their SS7, and when someone gets scammed because they trusted the caller ID, the messaging I hear always actually is "people should just be more careful."
Same as banks requiring only card number to give someone money from the account. "you shoul be more careful with your card number."
It is sad to hear the level of victim blaming from the big industry.
Nontechnical people afraid of a scary console window use putty?
Yes. Unfortunately.
I don't think the issue really stems from putty.org being there. It stems from a "trusted" third-party, the search engine, suggesting you the wrong place.
Therefore I think you are missing the point with your analogy.
Except Google, DuckDuckGo, Bing all return putty.org as the top result. The "official" PuTTY website appears as either the 2nd or 3rd result.
putty.org has this on their page:
> On July 13, 2025, Bitvise was contacted by a political interrogator posing as a journalist.
They are doing a great job of making themselves look like assholes.
IMHO neither of the two showed exactly nice behavior. But I don't think that this is particularly relevant.
Google (not saying it's a good search engine, but people use it) puts putty.org at the top of search results.
The results shows as:
How does your example relate? keepass.info is the official Keepass website, owned by the Keepass developer.
As is https://www.chiark.greenend.org.uk/~sgtatham/putty/ to Putty.
Still there were multiple requests to the Keepass project to change that domain to "a proper" domain like keepass.com
I, too, took your comment to mean that keepass.info is to KeePass as putty.org is to PuTTY.
Well, classic sender receiver mismatch I guess :D
Is my intent more clear with that second try to explain? If not, I'm more then welcome to talk about a better way to phrase it :)
I was confused as well and panicked that I'd been installing KeePass from a fake site all these years. But keepass.info is indeed the official site.
Suggest: That is the same attitude as critics telling the Keepass maintainer to migrate the (official) keepass.info domain to a .com...
For some reason there's no .official tld, there's .app, .codes, .dev, .download, .kosher
It's a nice idea in principle, but one problem with that is that for many names, there are multiple "official" meanings. Apple Inc. and Apple Records is a well-known example. This is why Wikipedia has (sometimes lengthy) disambiguation pages.
Yes, that captures my intent :) Sadly, I cannot edit the post anymore.
> “The difference is not one of profit, it is one of philosophy. You believe software can be managed by a committee. I believe software requires an owner, otherwise it is dead.”
This justification is even worse than the domain squatting itself.
Some of the most influential software in history (Linux, Git, GCC, and yes, PuTTY) thrived under community-driven development. The idea that software "dies" without a single corporate owner is not just false, it’s insulting to the open-source ecosystem.
If Bitvise truly believes in their philosophy, they wouldn’t need to borrow PuTTY’s reputation by holding putty.org. Maybe they should spend less time on branding and more time studying how successful open-source projects actually work.
I see where you're coming from, but I think your examples actually prove the opposite point.
I've always seen Linux and Git not as projects run by a committee, but as projects guided by a single, trusted leader. Linus Torvalds is the owner of the kernel's vision. He has the final say. That isn't community consensus; it's benevolent dictatorship.
So while the putty.org situation is shady, I believe the core idea is right: great software needs a final arbiter with a clear vision, not just a crowd.
I seriously doubt that they're talking about leadership when they say ownership. Otherwise it would make little sense because few foss projects are democracies anyway.
The thing is that this was his "answer" to what was really the quite reasonable question of "do you think this is ethical?" To start talking about this sort of thing is completely disconnected from the actual question.
Of course you can have discussion about these aspects of the open source ecosystem; this is a long-running discussion where many people have discussed and disagreed in good faith. I don't entirely agree with your take personally, but I also don't entirely disagree and can see where you're coming from, and it's of course an interesting thing to discus.
However, in this context, as an "answer" to that question, it's hard to see it as anything other than just self-serving post-hoc rationalisation for being a selfish wanker. This is classic nihilism where the abuse of everything and everyone is justified as long as you can get away with it. Everything that moves the needle and you can get away with is morally justified because it moves the needle and you can get away with it.
> The domain, long associated by users with PuTTY [...] a domain name that clearly and historically signals the PuTTY project
This seems a bit misleading. The domain has never, as far as I know, belonged to the project, so it can only have been "long associated" in the minds of users mistakenly trying to guess the URL and "historically" navigating to the wrong website.
> “The PuTTY project never had this domain”
Right.
> Search engines treat domain names like putty.org as authoritative.
Do they? Domain names "like" putty.org in what sense? Which search engines, by what mechanism?
both sides are at fault here (the "journalist" and Bitvise - the PuTTY maintainers have nothing to do with this).
the Bitvise owner shouldn't have responded so unprofessionally, and their views on open source software are strange - but they're correct that the domain was never "historically associated with PuTTY", it just uses its name.
additionally, the usage of unformatted markdown in each "journalist" email makes me think this story was at least partially assisted by an LLM (https://putty.org/20250713-MiraiF-Emails.txt)
in short this is a nothing story
LLM written, spurring up controversy, holding a private company accountable like they are the government. If they - PuTTY - is bothered enough, they are allowed to sue or request a takedown, and if legal grounds are not viable I don't think Google would mind ranking the correct website up after request. This "issue" has been present for years and this journalist picks up on it, presses on the guy as if he was in the Panama Papers or something and writes the article with newgen LLM no less. Disgraceful.
Related: https://news.ycombinator.com/item?id=44558328 "putty.org is not run by PuTTY developers"
Has the putty.org website changed in the few hours since this was posted? I see nothing there about any kind of software at all. It appears to be about someone called Mike Yeadon, and scandals in the pharmaceutical industry. That's not what anyone else here is describing.
On the wayback machine it does appear that putty.org recently changed. If you go to www.putty.org you can see the page everyone is talking about still present.
How odd. Having different content on the main domain and the www subdomain is so unusual that it's hard to believe it was done on purpose.
well, if you read about the exchange beween the author and owners ... add "schwurbeln" (german) to the list of whats weird about the domain.
Here they think that what is doing Bitvise is legal but I think that it might not be the case in the law of a number of countries and even possibly in domain names "regulation"?
This is parasitism, or deceptive practice to hold the domain name of a competitor claiming your are to be associated with the other project.
Bitvise are “passing off” which is a tort in English law https://harperjames.co.uk/article/passing-off/
Certainly it's one basis for dispute (but only if it is trademarked): https://www.wipo.int/amc/en/domains/
Look, I understand. Excess of information leads people to start skimming all text. But look:
"Below suggestions are independent of PuTTY. They are not endorsements by the PuTTY project."
Above of this is a direct link to PuTTY's website.
I'm afraid this is a non-issue. Sure, you are free to rant, and I appreciate the good intentions behind it, but count me out on raging.
www.putty.org SHOULD be the correct address. Failing that, LINKING to the correct website is an acceptable measure, specially when such linking is on top.
Want to blame someone? Blame SEO, where a decent 2000 website with no issues whatsoever is pushed down the results.
Under fire from who? That "journalist"?
It's best to just ignore them instead of trying to play their games.
[dead]
[flagged]
I don't think Bitvise is even doing anything wrong here? There's nothing wrong with running what is essentially a fan site and promoting your own things on it.