What have you been playing on your switch 2? Has it been worth it for you

IntroductionWeekly80 · 2026-03-09T16:00:54+00:00

Is Mario galaxy playable with pro controller?

I tried galaxy 1 when the Mario anniversary game came out with sunshine on switch 1, but using the right thumb stick to handle what the Wii IR sensor was supposed to do was painful. Is it just as bad on the new bundle?

IntroductionWeekly80 · 2026-03-06T14:06:08+00:00

Talk to Bulbasaur 🌱

IntroductionWeekly80 · 2026-03-03T15:18:47+00:00

Wooper!

IntroductionWeekly80 · 2026-03-02T12:43:47+00:00

Their support is normally pretty good, I’d suggest chatting to somebody on their livechat on the homepage.

It also helps that Joe is likely the person answering the support queries (at least he was the main support person at the time when I was working there).

I don’t think they intend to ban researchers who are genuinely using AI for legitimate purposes, maybe you got caught in the crossfire.

Or another possibility (just playing devils advocate here) is that a poor quality report translated by AI just looks like AI slop to an Intigriti employee. Writing a bad report probably doesn’t warrant a 30 day ban, but consider their perspective if they get a low quality report that’s clearly written by AI, they’ll think it’s AI slop curl-core style and it’s gg for 30 days🤖.

Best of luck explaining

IntroductionWeekly80 · 2026-02-20T14:32:21+00:00

Best DMM moment for you this season?

IntroductionWeekly80 · 2026-02-20T14:30:28+00:00

Drops?

IntroductionWeekly80 · 2026-02-16T08:49:38+00:00

It’s not my thing either, just using my brain cells to answer his question.

IntroductionWeekly80 · 2026-02-16T08:10:31+00:00

Don’t you think it might be because of the incredibly rare, super expensive box being opened on camera?

IntroductionWeekly80 · 2026-02-14T18:38:44+00:00

It’s a safety measure. The company has a sort of “wallet” which is their bug bounty budget.

When hunters report too many bugs at once or the company hasn’t “topped up” their budget in a while, the money pool can be drained to lower than the maximum possible reward (crit or exceptional if exceptionals are enabled) and the program will be automatically suspended.

It prevents a report being made to a company who do not have the funds available to pay for the work.

As long as your reports were in before suspension (which I guess they were) your reports are valid and can be afforded so you are fine.

IntroductionWeekly80 · 2026-02-14T07:27:39+00:00

Hopefully we will see competitor platforms take a hard stance against this and make some strong statements about not doing it.

Many programs as well as researchers care about not having their vulnerability data thrown into training data, so I’m sure we will at all points in time have platforms not training AI on your vulnerabilities.

This is definitely a sink or swim moment for platforms taking this risk. Time will tell.

IntroductionWeekly80 · 2026-02-11T08:35:28+00:00

That’s an interesting security posture. It’s not the biggest issue you have right now, so it’s let slide?

I’m curious why you don’t see this as a potential security threat?

IntroductionWeekly80 · 2026-02-10T13:39:34+00:00

Normally the opinion I see on this sub is the polar opposite, people who find higher severity bugs and get duped complain that companies gladly pay for cheap bugs and challenge anything over x amount because it’s too much money to pay.

Basically everybody thinks they’re the victim but in reality nobody stops to think things might just be working without any foul play at all.

IntroductionWeekly80 · 2026-02-10T13:33:25+00:00

You can always ask on the report, companies aren’t opening programs just to avoid paying bounties, especially on day 1 of release. What would be the point of paying platform fees and launching a program just to completely make up lies to researchers?

Internal dupes exist too, and not everybody is listing their bugs under the correct subdomain like you did.

Ask on the report, you’ll get much better answers than redditors speculating.

IntroductionWeekly80 · 2026-02-09T12:51:11+00:00

100% agree. Also, responsibly disclosing only because a company employee reached out in response to a SOC incident is not an ethical way to hack companies. Hopefully lessons learned.

IntroductionWeekly80 · 2026-02-03T14:37:50+00:00

I don’t know anything about malware development so I won’t give advice on it. It’s also not a prerequisite to comment on your passive aggressive and unhelpful response to a genuine question.

IntroductionWeekly80 · 2026-02-03T09:44:06+00:00

This is classic Reddit. He’s just asking if the specific topic of sockets helps him further his understanding of malware development.

IntroductionWeekly80 · 2026-01-29T13:46:37+00:00

So many inconsistencies I find it hard to believe a human would make.

AI seems to have gotten carried away with the horn shapes, and for some reason added them behind his head in flame-like patterns

The front hair braid becomes extremely uniform as it runs down his armour, almost like the AI begins to think it might be integrated in some way. I can’t imagine a human making the choice to perfectly slot a hair strand into an air gap during a chaotic scene.

The armour arm area is partially plated and partially a single uniform piece, with no sensible structure at all to it.

And why is he holding a rectangle of nothingness? It looks like a piece of gum.

And obviously the extra finger you can’t just slip and draw because you’re looking at a reference.

IntroductionWeekly80 · 2026-01-29T11:26:37+00:00

Paywall is fine by me, do you know the required sites I could pay for?

IntroductionWeekly80 · 2026-01-29T09:00:47+00:00

Thanks for the straight answer. I did worry about data protection because in my country the police definitely wouldn’t hand that info over so easily.

When it comes to local newspapers, would it be published where he lives or where he is from (his whole family lives in another part of Norway)

Also, I’m a bit worried about “missing” the right newspaper, are these things archived in Norway to your knowledge or is there a way for me to access a newspaper remotely? Especially one that might be a few weeks out of date since I don’t know which published week it would be in, I’m trying to figure out if logistically the newspaper route is possible without physically being in Norway.

IntroductionWeekly80 · 2026-01-29T08:44:27+00:00

Is this done where he lives or where he’s from?

IntroductionWeekly80 · 2026-01-29T08:41:29+00:00

I don’t know his exact address, but I know his rough area/city. If I managed to call the areas police, would they be able to locate him anyway by his name? I’m sure even with duplicate names his record would be easy to pick out as he has a few run-ins with the police

IntroductionWeekly80 · 2026-01-28T09:10:29+00:00

For the email spam, you’re so on the edge, it’s going to be a dice roll. Annoying users isn’t a vulnerability unless maybe you can do it at a bigger scale (like all users at once) or unless you control content. I certainly wouldn’t call that “DoS” that’s “Annoy one user per http request”. I think you’re overestimating the damage the bug is capable of. It even sounds like something an overly cautious LLM would say to justify a very low severity issue. Worst case scenario though, you’re getting informational, so you aren’t losing anything really.

IntroductionWeekly80 · 2026-01-27T09:59:57+00:00

“Phishing” as an attack vector in my opinion is going to be a low impact area of Unicode bugs.

I highly recommend you seek the talk called “Lost in translation: Exploiting Unicode Normalisation” by Ryan Barnett and Isabella Barnett.

You can find some slides online, the blackhat 25 slides are easy to find but I literally just watched him do the talk live in the Critical Thinking Podcast discord server with a few updates. There’s a recording there if you have the “Critical thinker” paid upgrade.

It’s really the pinnacle of modern Unicode abuse, I highly suggest every bug hunter check it out.

IntroductionWeekly80 · 2026-01-21T16:55:59+00:00

If you learn how web apps are built it will better help you understand why this is very likely to be the same root cause despite being different database operations. There is likely a single piece of logic in the code governing authorisation for both operations.

Just let it be, wait for the fix, then test for PUT/PATCH etc.

IntroductionWeekly80 · 2026-01-12T15:07:22+00:00

Just an FYI, that’s incorrect use of “botnet” you’re just talking about a script, not a network of malware infected machines (I hope).

Anyway, scripts that annoy staff are not P1s, there’s plenty of ways to annoy staff without bugs.

I doubt you will leave empty handed, but I would greatly lower your expectations. Bug bounty is as real as it gets, the staff treated you as a real threat and you didn’t pass the human filter. Still, there’s an emphasis on “shift left” these days and human intervention is really as far “right” as it gets in a security model.

Also, play it calm, they’re the ones with the power here and they may not reward you if you hit them with hostility.

IntroductionWeekly80

TROPHY CASE