It's like this: You are a gun fighter. Not the worlds greatest gun fighter, you are a little slow, not the best shot, but you have your trusty predator full of APDS ammo and a bag of extra loaded magazines. Your opponents will almost always get the first shot at you and have a little better chance of dodging your shots than you dodging theirs. But all the other gunfighters are armed with Nerf guns. Who is going to win?

Michael Sutherland had this setup (basically) back in SR2 days. This was documented in novels and in the Prime Runners book, so its even captured canon.

- J.

"There is not really any thing nasty you can apply to an AR HAcker from teh Matrix... However, there are times when you want to be in VR... VR Probing is 24 times faster than AR Probing (Interval 1 Hour vs 24 Hours)... so for probes, you probably want to be in VR Mode, at least if time is a constraint..." - Tymeaus Jalynsfein

I agree. Cold sim VR allows most of the benefits (except +2 dice) without the risk.

So: do you want an extra two dice with the risk of physical injury? (IMG:style_emoticons/default/biggrin.gif)

Another issue might be risk of addiction with hot sim. Although I have never seen or heard of a GM who enforced this.

I think they went a bit overboard on the addiction theme in SR4. I expect to start losing Essence for eating food every day by SR5.

Anyway, why not just use VR to probe your way in, then switch to AR? The probing is pretty safe anyway, there's no documented system for noticing it and tracing it back AFAIK.

YOUR BODY DISSOLVES INTO A [CHARACTER NAME] TASTING SOUP. YOUR TITANIUM LINED BONES TWITCH FOR A MOMENT.

Man, that would really suck. Although, I'd just make it so that it essentially slagged their brain and datajack and any of their electronic gear within reach.

I'm put into mind of the critical hit tables from Dark Heresy, the WH40k RPG - on a high enough roll, you could get ludicrous stuff like your limb exploding, sending out bone fragments like a grenade and damaging everyone nearby.

So, something like that. You die so hard that everyone else's commlinks blow up too.

'With a shriek of rending metal and bone, you guys see JTrade's face suddenly go slack. That's not all you notice, though. With no noise at all, all of your commlinks suddenly shut off and emit smells that are suspiciously along the lines of 'something is on fire'. JTrade's cyberhand is currently melting into slag, by the way as he twitches in his chair, already dead. Smoke comes out of his cybereyes and there is a horrible smell of melted plastic and metal mixed with charred flesh. What are you doing with those commlinks, by the way? And Steeler, how far away from JTrade's body are you? I need to see how dramatically your cyberlegs explode.'

We had a character that was admittedly addicted to the Rush of Hot VR SIm... It was quite funny in fact... and it was the thing that killed him in the end...

Keep the Faith

If you are probing and missed that critical piece of information that there was a databomb on the port... you could be in somewhat of a pickle... Even Cold sim takes Stun damage from the Databomb (rather than Physical), and even a rating 4 Databomb on a good roll will still kill you... you had better be really certain about your hacking at that point... Watched the Technomancer suck up a fairly lame roll from a databomb on his intrusion, and he still had to soak 12 points of damage... it was pretty brutal, but an important lesson indeed...

Keep the Faith

Attaching data bombs to the firewall? That's a new one.. I'm not sure that's really provided for by the rules. It's rather iffy too: the whole point of probing is to find a spot that's NOT protected to slip in through.

Given the number of probes by botnets, I also think such data bombs would be exploding all the time.

I think what Tymaeus is referring to is the fact that a data bomb can be set to trigger upon access to a node without providing the proper passcode (SR4A 231, "Set Data Bomb" action). If you're hacking your way in, you can't see the data bomb.

This is a security system with very low tolerance for false positives, so it's not the sort of thing you'd have on your publicly accessible Matrix node - maybe tucked deep in a subsystem somewhere. After all, you don't want to hurt legit users by mistake.

Actually, this brings up a good point - how do you not trigger that data bomb, as a hacker? It seems like if you connect to that node, you're fucked no matter what. There must be a way to, I don't know, "check for traps" or something...

"Analyze for Bombs?"

Of course, but you can't analyze a node that you're not connected to, and you can't connect to the node without setting off the bomb. See the problem? It's like only being able to check for traps on the part of the floor you're standing on.

I'm not sure you can attack a data bomb to a firewall.

a) Any probe, even the first second of the first hour, is an attempt to access the node, which would immediately set off the data bomb. I don't think they can affect things outside their node however, which means that's useless. It also requires a program option to set a new data bomb.

b) Probing means you find a hole in the firewall to sneak in. If the firewall can't see you going in, why would the data bomb see you? If the data bomb can see you, why can't the firewall?

I don't have SR4A, but the description in SR4 is rather sparse.

a) Aye, the option's called Pavlov. Not as effective as a Singularity Encore, which will not only rearm an exploded Data Bomb, but will reset a diffused one.

b) I'd argue that you can have a bomb which explodes on Access, but it would first attach on entry and would only detonate when access is detected. So, you'd have to choose between disarming the bomb, when you notice it, or just making sure you stay hidden and get out before the oh-so-deadline.

The problem is that probably firewalls get probed by botnets or accessed in a faulty manner by a broken protocol just about every minute.. that generates a lot of nuisance and dubious positives.

That just made me think of something hilarious: Worm infected people getting completely jacked up just because they walked near a Seoulpa guy running Juhseung Saja IC. The Worm pings the Triad guy's com and gets busted by the firewall. The Juhseung Saja IC Traces the offending signal the guys com, Spoofs a copy over and starts killing all the guys friends and family as is its nature.

You must be able to perform rudimentary analysis to the node, otherwise you cannot tell that you have to decrypt it. You can detect that the node is Encrypted, therefore you must decrypt the node before you access it... Using this logic, you can obviously scan the access port... if you do not see the bomb, then yes, you are pretty screwed indeed... If you do not like the ability to "scan" the node prior to hacking it, then you use the idea that the obvious needs not scan... there is an obvious Databomb securing the node... either way works.

Also, Legitimate users would have the access codes embedded in their hardware most liksly, for a system that has this setup, so the databomb receives that confirmation upon logon to the node... hwoever, if you cannot provide the legitimate data, then BOOM... which is why you would need to defuse the bomb before hacking a log on...

Anyways...

Keep the Faith

Again, you are not setting it on the Firewall... You are attaching the Databomb to a HArdware Access Gate... A Port, as it were... and the rules allow you to do such things...see the description of the Databomb... it may be attached to a File or Device... the node is the Device... therefore it must be on the gateway, as that is the only thing that you interact with on the entire node Hardware wise...

The Databomb does not see anything... it controls access... anything passing through without providing the codes gets "bombed"...

That is why there are such things as Gateways and chokepoints... you MUST pass through them, you cannot hack your way AROUND them... legitimate users have the proper coded information, so they are not a worry... illegitimate users, however, do not... and as such must Defuse the bomb before passing through the gateway...

Make any more Sense now?

Keep teh Faith

I think that you are missing the point... Firewall is Software... A Node's Gateway is Hardware... we are setting the Databomb on the Hardware side of the situation, not the Software side... and having the Databomb going off every 10 seconds is of no real concern to the normal users of the system, no more so than the firewall detecting an intruder attempt every 10 seconds or so...

Keep the Faith

Ok, but then how do you disarm the data bomb without being connected to the node? Or is it just a matter of "There's a data bomb on this node, I'm screwed"?

Again, you do not have actual access to the node (through the Gateway) until after you have hacked your way past the firewall... however, to do that you must pass through the gate... the Databomb is the dog guarding that gate... you feed it a milkbone to get it out of the way (Defuse it) so that you may enter the gate... if you forget to feed it the bone, it bites your head off...

Keep the Faith

I don't think a port is really a "Device" in the sense that Shadowrun uses the word "Device". A Device in Shadowrun is a whole system; it has its own Firewall, Reponse, System and Signal attributes. A drone is a device. A commlink is a device. I don't think the parts of a commlink are a device.

Again it is an abstraction... call your "port" a Node if you like, or an Access Point... Same BAsic Effects... you can detect if a node is encrypted prior to hacking (thus the requirement to decrypt before hacking) so by inference, you can detect the Databomb on the node before hacking as it is a defensive measure, much like the encryption was... Ergo... you must attempt to defuse the databomb before you hack the node... if you choose not to even look before you hack, the databomb goes off, prior tp the hack... this has the added benefit of probably killing the intruder if it si a powerful databomb, and also alerting hte system that something may be amiss... yes, you may get a lot of false positives...but if you design your system in such a way as to minimize these false positives, you will not be constantly on an alert status...

This security schema will not be applied to many (most) of your public access areas... as the amount of traffic that they encounter is prohibitive for such measures... but for those system areasa where Security is paramount, I can see this being applied to each and every node involved...

Your mileage may vary, but it is never a bad thing to take your time and make sure that you are not about to eat a truckload of damage just for accessing a secured node... on the Security side of things... anything that gives the system more time to single out and identify the Intruders is a good thing, and things that slow the intruder down are a cheap and easy way to do so (generally cheaper than full time, highly experienced Spiders, which the system will probably have as well, if it is a highly secured system)...

Will this catch everyone... absolutely not... Top Line Hackers (like many of the Hacker examples provided here on dumpshock) with there high ratings in Software and their hich ratings in teh Skills (5-10 Right?) should not have many problems with such a system, but it will slow them down, and may even catch on by surprise now and again, which is what they are designed to do... Those who are somewhat less gifted, on the other hand, will have the devil's own time trying to navigate such a system, as they will be triggering the security systems more often than not... especially for those high end facilities.