A.9.3 Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned) ...
Searching for "putty ssh" on both DDG and Google now return putty.org as their top result.
There's software called PuTTY, and non-technical or less technical people, or even technical people who are running on autopilot, might reasonably expect that it's hosted on putty.org.
They just need to be more careful.
Here's an analogy.
Even capable programmers keep screwing up when using C and end up with memory leaks and security vulnerabilities. But that's no reason to stop using it ... people should just be more careful.
No analogy is perfect, every example has problems and loopholes, but this seems a reasonable one. Just as people should use programming languages that make it harder to make mistakes, so companies should not behave in deceptive manners, and when they do, they should be called out on it.
Similarly, telcos keep accepting and showing any cooked up caller ID over their SS7, and when someone gets scammed because they trusted the caller ID, the messaging I hear always actually is "people should just be more careful."
Same as banks requiring only card number to give someone money from the account. "you shoul be more careful with your card number."
It is sad to hear the level of victim blaming from the big industry.
I don't think the issue really stems from putty.org being there. It stems from a "trusted" third-party, the search engine, suggesting you the wrong place.
Therefore I think you are missing the point with your analogy.
Google (not saying it's a good search engine, but people use it) puts putty.org at the top of search results.
The results shows as:
Download PuTTY - a free SSH and telnet client for Windows.
PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source...
> “The difference is not one of profit, it is one of philosophy. You believe software can be managed by a committee. I believe software requires an owner, otherwise it is dead.”
This justification is even worse than the domain squatting itself.
Some of the most influential software in history (Linux, Git, GCC, and yes, PuTTY) thrived under community-driven development. The idea that software "dies" without a single corporate owner is not just false, it’s insulting to the open-source ecosystem.
If Bitvise truly believes in their philosophy, they wouldn’t need to borrow PuTTY’s reputation by holding putty.org. Maybe they should spend less time on branding and more time studying how successful open-source projects actually work.
I see where you're coming from, but I think your examples actually prove the opposite point.
I've always seen Linux and Git not as projects run by a committee, but as projects guided by a single, trusted leader. Linus Torvalds is the owner of the kernel's vision. He has the final say. That isn't community consensus; it's benevolent dictatorship.
So while the putty.org situation is shady, I believe the core idea is right: great software needs a final arbiter with a clear vision, not just a crowd.
I seriously doubt that they're talking about leadership when they say ownership. Otherwise it would make little sense because few foss projects are democracies anyway.
The thing is that this was his "answer" to what was really the quite reasonable question of "do you think this is ethical?" To start talking about this sort of thing is completely disconnected from the actual question.
Of course you can have discussion about these aspects of the open source ecosystem; this is a long-running discussion where many people have discussed and disagreed in good faith. I don't entirely agree with your take personally, but I also don't entirely disagree and can see where you're coming from, and it's of course an interesting thing to discus.
However, in this context, as an "answer" to that question, it's hard to see it as anything other than just self-serving post-hoc rationalisation for being a selfish wanker. This is classic nihilism where the abuse of everything and everyone is justified as long as you can get away with it. Everything that moves the needle and you can get away with is morally justified because it moves the needle and you can get away with it.
> The domain, long associated by users with PuTTY [...] a domain name that clearly and historically signals the PuTTY project
This seems a bit misleading. The domain has never, as far as I know, belonged to the project, so it can only have been "long associated" in the minds of users mistakenly trying to guess the URL and "historically" navigating to the wrong website.
> “The PuTTY project never had this domain”
Right.
> Search engines treat domain names like putty.org as authoritative.
Do they? Domain names "like" putty.org in what sense? Which search engines, by what mechanism?
both sides are at fault here (the "journalist" and Bitvise - the PuTTY maintainers have nothing to do with this).
the Bitvise owner shouldn't have responded so unprofessionally, and their views on open source software are strange - but they're correct that the domain was never "historically associated with PuTTY", it just uses its name.
additionally, the usage of unformatted markdown in each "journalist" email makes me think this story was at least partially assisted by an LLM
(https://putty.org/20250713-MiraiF-Emails.txt)
LLM written, spurring up controversy, holding a private company accountable like they are the government. If they - PuTTY - is bothered enough, they are allowed to sue or request a takedown, and if legal grounds are not viable I don't think Google would mind ranking the correct website up after request. This "issue" has been present for years and this journalist picks up on it, presses on the guy as if he was in the Panama Papers or something and writes the article with newgen LLM no less. Disgraceful.
Has the putty.org website changed in the few hours since this was posted? I see nothing there about any kind of software at all. It appears to be about someone called Mike Yeadon, and scandals in the pharmaceutical industry. That's not what anyone else here is describing.
On the wayback machine it does appear that putty.org recently changed. If you go to www.putty.org you can see the page everyone is talking about still present.
Here they think that what is doing Bitvise is legal but I think that it might not be the case in the law of a number of countries and even possibly in domain names "regulation"?
This is parasitism, or deceptive practice to hold the domain name of a competitor claiming your are to be associated with the other project.
extremely subjective. the damage of allowing schoolmarm types to determine laws based on what they think is parasitic or deceptive is more dangerous than the unambiguous and coherent concept of property. PuTTY owns https://www.chiark.greenend.org.uk/~sgtatham/putty/
There are a number of strings in this domain that cause me great distress. Should I be allowed to seize their property?
What a ridiculous argument. Every project and company that has a trademark should be allowed to protect that, including by claiming domains clearly intended to appear associated with their trademark. Being offended by strings has nothing to do with that and it’s childish to try to derail the conversation like that.
Look, I understand. Excess of information leads people to start skimming all text. But look:
"Below suggestions are independent of PuTTY. They are not endorsements by the PuTTY project."
Above of this is a direct link to PuTTY's website.
I'm afraid this is a non-issue. Sure, you are free to rant, and I appreciate the good intentions behind it, but count me out on raging.
www.putty.org SHOULD be the correct address. Failing that, LINKING to the correct website is an acceptable measure, specially when such linking is on top.
Want to blame someone? Blame SEO, where a decent 2000 website with no issues whatsoever is pushed down the results.
Readit News
This has never changed.
Just because someone likes to use short circuit routing in their head doesn't make putty.org the official site for putty.
That is the same attitude as telling the Keepass folks that https://keepass.info/ is wrong...
edit:
Maybe also have a look at the putty FAQ, especially 9.3
https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#...
From that doc:
A.9.3 Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned) ...
Searching for "putty ssh" on both DDG and Google now return putty.org as their top result.
1: putty.org
2: "People also ask, What is putty and why is it used?" then 4 other questions about the material putty taking up most of the page
3: Videos "How to use Putty to SSH on Windows"
----- Fold -----
4. Video "How to Use Putty?"
5: Video "How to SSH Without a Password with Putty"
6: https://www.chiark.greenend.org.uk/~sgtatham/putty/ the actual site
There's software called PuTTY, and non-technical or less technical people, or even technical people who are running on autopilot, might reasonably expect that it's hosted on putty.org.
They just need to be more careful.
Here's an analogy.
Even capable programmers keep screwing up when using C and end up with memory leaks and security vulnerabilities. But that's no reason to stop using it ... people should just be more careful.
No analogy is perfect, every example has problems and loopholes, but this seems a reasonable one. Just as people should use programming languages that make it harder to make mistakes, so companies should not behave in deceptive manners, and when they do, they should be called out on it.
Similarly, telcos keep accepting and showing any cooked up caller ID over their SS7, and when someone gets scammed because they trusted the caller ID, the messaging I hear always actually is "people should just be more careful."
Same as banks requiring only card number to give someone money from the account. "you shoul be more careful with your card number."
It is sad to hear the level of victim blaming from the big industry.
Therefore I think you are missing the point with your analogy.
putty.org has this on their page:
> On July 13, 2025, Bitvise was contacted by a political interrogator posing as a journalist.
They are doing a great job of making themselves look like assholes.
The results shows as:
Still there were multiple requests to the Keepass project to change that domain to "a proper" domain like keepass.com
This justification is even worse than the domain squatting itself.
Some of the most influential software in history (Linux, Git, GCC, and yes, PuTTY) thrived under community-driven development. The idea that software "dies" without a single corporate owner is not just false, it’s insulting to the open-source ecosystem.
If Bitvise truly believes in their philosophy, they wouldn’t need to borrow PuTTY’s reputation by holding putty.org. Maybe they should spend less time on branding and more time studying how successful open-source projects actually work.
I've always seen Linux and Git not as projects run by a committee, but as projects guided by a single, trusted leader. Linus Torvalds is the owner of the kernel's vision. He has the final say. That isn't community consensus; it's benevolent dictatorship.
So while the putty.org situation is shady, I believe the core idea is right: great software needs a final arbiter with a clear vision, not just a crowd.
Of course you can have discussion about these aspects of the open source ecosystem; this is a long-running discussion where many people have discussed and disagreed in good faith. I don't entirely agree with your take personally, but I also don't entirely disagree and can see where you're coming from, and it's of course an interesting thing to discus.
However, in this context, as an "answer" to that question, it's hard to see it as anything other than just self-serving post-hoc rationalisation for being a selfish wanker. This is classic nihilism where the abuse of everything and everyone is justified as long as you can get away with it. Everything that moves the needle and you can get away with is morally justified because it moves the needle and you can get away with it.
This seems a bit misleading. The domain has never, as far as I know, belonged to the project, so it can only have been "long associated" in the minds of users mistakenly trying to guess the URL and "historically" navigating to the wrong website.
> “The PuTTY project never had this domain”
Right.
> Search engines treat domain names like putty.org as authoritative.
Do they? Domain names "like" putty.org in what sense? Which search engines, by what mechanism?
the Bitvise owner shouldn't have responded so unprofessionally, and their views on open source software are strange - but they're correct that the domain was never "historically associated with PuTTY", it just uses its name.
additionally, the usage of unformatted markdown in each "journalist" email makes me think this story was at least partially assisted by an LLM (https://putty.org/20250713-MiraiF-Emails.txt)
in short this is a nothing story
This is parasitism, or deceptive practice to hold the domain name of a competitor claiming your are to be associated with the other project.
"Below suggestions are independent of PuTTY. They are not endorsements by the PuTTY project."
Above of this is a direct link to PuTTY's website.
I'm afraid this is a non-issue. Sure, you are free to rant, and I appreciate the good intentions behind it, but count me out on raging.
www.putty.org SHOULD be the correct address. Failing that, LINKING to the correct website is an acceptable measure, specially when such linking is on top.
Want to blame someone? Blame SEO, where a decent 2000 website with no issues whatsoever is pushed down the results.