
PuTTY 0.63 released, fixing four security holes - bwblabs
http://www.chiark.greenend.org.uk/~sgtatham/putty/
======
jontro
The security holes are not critical but of course you should upgrade anyways.

3 of the holes have the following notice: We are currently unaware of any way
in which this can lead to remote code execution.

4th hole is that putty does not cleanup sensitive memory when it could.

~~~
gcb0
3 better-safe-than-sorry-in-improbably-scenario ones and one that requires an
attacker to have physical access to your machine (or just to your memory and a
good freezer, if you remember that hack hack :)

Seems like the best time to upgrade is in a few weeks after the crypto
community had some time to analyse the changes. Maybe upgrading in a rush is
as bad nowadays than not upgrading, with all the ... terrorism?... going on.

------
randallsquared
Since starting to use Windows 8, I found that the grouping behavior of the
taskbar combined with a dozen open PuTTY windows drove me insane. There's a
multiple-tabbed PuTTY shell, but it was hard to get used to as well. I finally
switched to the Chrome SSH client, which has been much better (though it
doesn't have nearly the features of PuTTY, of course).

~~~
oinksoft
It's been a while since I was stuck on a Windows box, but I found the
combination of Console2 (tabbed terminal emulator) with Cygwin[1] was quite
nice. Then you can use `ssh', `scp', etc. like you would on a Unix machine.
You might want to try this approach if you're willing to go as far as to do
this from your browser (which gives me shivers). This was on Windows XP but I
imagine it still works.

[1]
[http://sourceforge.net/projects/console/files/](http://sourceforge.net/projects/console/files/)

~~~
emmelaich
Console2 looks good.

I played with "Putty Session Manager" for a while before moving entirely to
Mintty under Cygwin.

------
bwblabs
Some other projects who depend on PuTTY like FileZilla have new builds too:
[https://filezilla-project.org/](https://filezilla-project.org/)

------
VMG
Is there a client that has UTF8 as default and something different than the
courier font?

~~~
gcb0
It's two clicks after you install putty.

select Default, go change those two options (recommend the Mensch font, but
that's purely personal). Go back to the sessions screen, save this as default.

done. now every session you create will have UTF8 and a decent font by
default.

I also suggest you change scroll back to 999 or 9999. And change the color of
bold blue to something readable.

~~~
VMG
Those are actually more than two clicks and sadly enough to frustrate me every
time.

There must be a fork with sane defaults out there somewhere.

~~~
eli
You could probably export a Registry file that has all your settings and then
import on a new machine.

~~~
e12e
The last time I used windows a bit (I think it was around the Planetside 2
launch...), I noted down this:

# set up for putty: # From: [http://mshnitzer.wordpress.com/2009/10/09/export-
putty-setti...](http://mshnitzer.wordpress.com/2009/10/09/export-putty-
settings-with-a-single-command/) comment:

reg export HKCU\Software\SimonTatham putty.reg reg import putty.reg

I'm not sure what's the standard now, but I also always set "use ssh protocol
v2 _only_ " \-- and you probably should too (on the off chance that you have
some ancient device that doesn't handle version 2, you should probably make an
exception in that profile).

------
megaman821
As an alternative to PuTTY, MinGW with the OpenSSH package has been great.

------
ereckers
I was using Putty Connection Manager (puttycm) to allow for tabbed browsing of
multiple windows, and after upgrading Putty I now get issues. Loads nothing
but a grey screen.

I'm working my way through it, but just wanted to pop in to see if anyone else
had an issue.

Circling back. Here's the solution:

=> open Putty Connection Manager

=> select Tools > Options

=> select Plugins > Putty

=> select "Enable additional timing for PuTTY capture (ms): set to 300ms

=> select Apply & OK

------
voltagex_
I wonder if the diff will apply cleanly to Futty/PuTTYTray - they're still
based on a 2012 build of 0.62.

Edit: Blergh, SVN.

------
ilikejam
PuTTY's pretty much relegated to the emergency usb key these days. Runs on
pretty much any Windows and without installing, but not really ideal for heavy
use imho.

Cygwin + urxvt + clusterssh is the choice of Windows-mandated champions.

------
georgiecasey
If anyone is looking for a Putty alternative, check out ZOC. It's great but it
costs money.

------
caoimhin
It's 2013. Why the fuck is anyone still using Windows?

~~~
kyrra
I know this is a troll statement, but I feel Windows does a lot of things
well.

* For large organizations, domain controls make managing a large number of desktops much easier.

* I feel MS Office on windows is a better product than the mac version (if you do a lot of document work).

* Gaming. Windows is still dominant for desktop games.

* Windows isn't the walled garden that Mac is going towards.

* Backwards compatibility. Software written 10+ years ago for Windows still has a good chance of working on Windows 8.

* Familiar. People are used to it. I'm not going to force my parents to learn a Mac and all the weird behaviors that go with it.

* Isn't tied to hardware only made by Microsoft (which makes hardware a commodity).

I'm sure there are a number of other points I'm missing, but it's the ones
that I like. But there are a number of things I really dislike about it:

* It's not unix based. So the filesystem layout differs, I can't share perl/bash scripts as easily across them. / vs \ for filesystem paths. EOL characters in ascii files.

* It took too long to get a good command line. Powershell is nice, but just too different than what I'm used to with Bash that I get on OSX and Linux.

* Many developer tools today are becoming OSX focused. Windows has a lot of great software still, but many of the smaller nitch tools that I discover are OSX or Linux focused.

~~~
tene
Would you mind explaining what domain controls offer? I've never worked with a
large windows desktop install base, so I have no idea what domain controls do
exactly.

~~~
jiggy2011
A "Domain Controller" is basically a server that has authority for a domain. A
domain in Active Directory is really the same thing as a "normal" internet
domain (in fact is uses DNS) in that it can have sub domains where authority
can be delegated to other DCs etc.

Each domain can have a collection of resources such as other servers and
printers/storage etc. So once you authenticate against the domain controller
(usually by logging into a computer using a pattern like \\\Domain\Username
rather than just username) you get a secure signed "token" back from the DC.

This token can be sent to other computers on the network that are members of
the domain (or sent to web apps via a cookie) and it will identify the user as
a member of that domain and also provide information as to what levels of
access should be allowed without having to authenticate separately with each
system.

That's kind of hand wavey though and Active Directory provides too many
features to be enumerated here.

[http://en.wikipedia.org/wiki/Active_Directory](http://en.wikipedia.org/wiki/Active_Directory)

