[userbinator]

Somehow, these new long TLDs just feel spammy and "fake" and I usually ignore them when they show up in search results. Unfortunately the .com, .net and .org are already taken.

[neuralkoi]

I agree, there's some good alternatives available too of about the same length (if you include name + TLD):

    puttyclient.com
    puttyofficial.com
    puttytools.com
    puttydownloads.com
    downloadputty.org

[userbinator]

Those actually feel spammy too; e.g. seeing "official" or "download" in a name has always triggered a suspicion, because normally there's no need to specially say your site is "official" or "download" besides to mislead.

Then again, I may be biased due to always remembering PuTTY's official page being someone's personal site hosted on a .org.uk server.

There is actually a mirror at https://www.puttyssh.org/

[neuralkoi]

I also noticed https://getputty.org is as well.

[snoopen]

anything with "download" in the domain name looks scammy to me

[mrheosuper]

>puttydownloads.com

This sounds like a virus site.

[crossroadsguy]

All of these are better than and I assume cheaper than that .software one.

Even puttytelnet.com/org/net is available.

Hell the puttytel.net is available

[CalRobert]

They were originally a protection racket to shake down brands on the idea they’d have to register them all. Donuts even had the Domain protected marks list which let you pay to block registration but not have the domain yourself

[rconti]

Alternatively, the "popular" TLDs are a money grab by vested interests who already own popular domains.

[TZubiri]

Certificate by Let's Encrypt, issued to "putty.software" no other info.

Sometimes I feel like we are training users to disregard safety mechanisms for phishing.

Using putty was never the pinnacle of professionalism and open source auditing anyway, it's just a binary you download on windows before you hear the gospel of linux and ssh.

[viraptor]

Why would that be disregarding safety? There's no extra text you can put on the website that would prove anything else (apart from messages signed by a known key, but honestly nobody would check those). Certificates don't provide any identity validation in practice.

[TZubiri]

Certificates have fields for location, company or name of person.

[viraptor]

They mean very little. Even the fully reviewed software signing cert I got with id validation was a total hack job (company didn't know how to read my ID, asked to change some field and they did).

[mbrndtgn]

So you're suggesting we should bring back extended validation? Currently they don't mean anything.

[account42]

> Certificate by Let's Encrypt, issued to "putty.software" no other info.

That's how domain validated certificates that are used on most website today work.

And yes, it's bonkers that we need to rely on authorities like Let's Encrypt for this instead of just delegating trust via the same hierarchy as DNS.

[akoboldfrying]

> Using putty was never the pinnacle of professionalism and open source auditing anyway

Huh? The source is available on the original site and TTBOMK always has been, you're welcome to compile it yourself.

[TZubiri]

No one in the history of humanity has compiled a tool from source in windows

[mdaniel]

Apologies, detecting sarcasm on the Internet is always tricky, but relevant to this discussion I have even gone so far as to make a CMake descriptor for PuTTY because I was compiling on Windows to fix some quirk that I didn't like (it was so many years ago I don't recall, but I did recall thinking "whhhhyyyyy!!!" to people that do cutesy home-grown build systems)

However, it seems that the universe heard my pleas https://git.tartarus.org/?p=simon/putty.git;a=commit;h=c19e7... Replace mkfiles.pl with a CMake build system

For context, I believe that a tool isn't open source unless I can build it, so I actually build almost anything I can from source for that reason

[TZubiri]

Congratulations on being the first to build something from source on Windows! (It's more of hyperbole than sarcasm.)

[nottorp]

I'm sure you could ask Mr Tatham to offer a version with feel-good certificates for the low low price of a couple Silicon Valley lattes per month...

[JdeBP]

The org. one being already taken being the straw that broke the camel's back in this case. It has been a FAQ item for years. But the org. domain squatter's recent behaviour crossed the line, from what M. Tatham has said on the FediVerse.

I (and I suspect several others) suggested a TLD that you would probably have no qualms about, a few weeks ago. M. Tatham went with software. instead; which is fair enough. software. has been around for a while, and is stable and a fairly on-point choice.

Be thankful that it was not putty.party. . (-:

[account42]

> Unfortunately the .com, .net and .org are already taken.

Even a .com/org/net with something like getputty or similar as the domain name would feel less sketchy than putty.sofware.

putty.net is also up for sale but probably will be an unreasonable price and paying the troll toll would suck.

[epigramx]

Not a big deal, because they tend to be trusted eventually by the search engines and the language models, though I don't trust much the latter to tbh.

[crossroadsguy]

And thus NextDNS blocked it under NRDs blocking criteria :)