All things considered, that's actually quite reasonable.

@Volker


Schmidt is talking about the bootstrap program:

Bootstrap: An IT expert’s tool of choice when working with boot code of a device. Corrupted by many hackers, Bootstrap allows for hidden commands to be input
into the device after the next reboot. Popular options include announcing the location of the device when it connects to the Matrix, adjusting the processing of the device so that the default device attributes are the choice of the user, annoying the user with constant demands for ownership permissions, and making a record of every action on the device. This cyberprogram allows for a variety of tasks to be set up in the boot record by way of a Format Device action rather than just setting the device up to no longer function. (p.56 Datatrails)

one such hidden command could be not to trigger the alert function but to continue sending "everything's peachy"

Yeah, so does bnc ^^ That's why I/she said, it won't work.

Reason 1 (IC): From my technical and medical understanding (which is far superior to bnc's but still not bad as I'm a programmer and a paramedic), that's not how I would expect such a system to work. A biomonitor would, from my perspective, not just send "green light" or "red light", but rather information about pulse, blood pressure, blood sugar, and so forth. I imagine a host drawing conclusions from these stats, including the creation of alert messages to certain subscribers.
Even if it works differently, sending one command while rebooting would change nothing at all. Whichever server or device contacts the biomonitor (or is contacted) will do so several times a minute, or in this case rather several times a second. So I need to create a long-term solution, which a bootstrap program can per definition not perform.

Reason 2 (OoC): I find it fitting that at least now and than bnc, who is an expert on both medicine and matrix security operations, should be able to provide a better solution than some random Johnson who did his homework well. I though this might be such an occasion.

EDIT: Also, I think it's somehow Shadowrunnier to generate a virtual datafeeder class from stolen data and redirect it as a source of output for the biomonitor than just running a pre-defined program and rolling a check.

Feel free to do it the hard way

But the bio-monitor in this case is nothing more than a modified panic button that sends an alert when the vital functions show some dangerous change.

Biomonitor: This compact device measures life signs—heart rate, blood pressure, temperature, and so on. The biomonitor can also analyze blood, sweat, and
skin samples. [...]
Wireless: The biomonitor shares information with other wireless devices you designate and can auto-alert DocWagon or another ambulance service if your life
signs reach certain thresholds.

You really don't want to send all your vitals information at all times and everyday to your employer - they'd see every shit you take and every time you get an orgasm, every time you go out for a smoke and every time you aren't actually working but taking a little break.
You can do that with low level personal, but not with expensive specialists - especially not with those who can manipulate the system anyway.

I never said you send your vitals to your employer. I said, you send them to the server of the company who is running your biomonitor. The exact thing you describe is happening already 2017. Firms can tell when you take a shit if you wear one of these fitness wristbands. And other firms alread pay for that info.

But even in SR biomonitors are discreeter and process, as you suggest, the info on their own. Then there are two ways how they communicate with, in that case, your employer:
1) There's no communication unless there is a problem, in which case an alert is sent. If this is how they do it, there's no need for a bootstrap prog. We just fry the darn thing or shut it down.
2) There's constant communication, sending green light as long everything's fine. More traffic, more processing powers, more security. In this case - that's the one I was assuming - bootstrap is worthless. We can send a single glimpse of green light, then the boot is done. Next heartbeat, the biomonitor will process its sensoric data and raise alarm. This is where bnc's idea of redirecting the biomonitor to a virtual system comes into play.

So from my perspective it's not doing "it the hard way". It's doing it at all.

bootstrap permanently alters the behavior of a device without the need for a mark. It essentially allows you to force a specific behavior - i.e. send a fake loop of green light.

Rerooting to a virtual environment sounds good, but has no equivalent in the SR rules. There is only the editing file action to manipulate a data feed (like that from a camera) which means you have to spend a complex action every combat round to keep the feed under control - that's the hard way.

As you will. I thought you might favor a creative solution over "the players (yet again) do as the npc tells them to".
I edited the post. We can proceed.

I am open for alternative solutions - just tell me how you want to set them up rules wise.

I already have. There are two possibilities how the biomonitor software would know where the data comes from.
1^st (and usual): There is a variable in the source code that defines that. In this case, I'd need a GIGO to replace loadSensorData with loadTestClassData.
2^nd: That variable isn't defined in the source code but in a meta file. In this case I need an Edit File to alter this variable. Rest see above.

This approach has one big advantage. I don't have to reboot anything, which could be noticed by someone. Or something.

That works - GIGO is always a solution - until the biomonitor is rebooted.
The edit file solution works until an update replaces it.
Both work but have to be used relatively close to the beginn of the heist.

I'd assume that a bootstrap would be overwritten by an update as well - even more probable than a file which should be untouched by most updates.

Nope, bootstrap is a function of format device - that needs a complete new system setup (an Extended Software
+ Logic [Mental] (12, 1 hour) Test)

From a technical point of view, that doesn't make any sense at all.
But I don't think it's worth arguing. Let's just proceed.

I believe we should clarify this OoC before we continue IC.

I see it in analogy to a computer. If someone is still logged in in his facebook account and goes to the toilet, I can just post whatever I want and no one is able to notice that I'm not him/her. So you misunderstood me slightly. I didn't mean manual control. I meant going in full VR with his persona. I want to fool the commlink into believing I'm Vandemark. And why wouldn't it work? If I control all the data that goes into the commlink, how should it be possible for it to determine which physical person I am? The commlink can't see or think. It can only interprete the data its sensors receive. I can control all this data. There might be security measurements to prevent people from doing this. But those can be circumvented.

From a technical side, I see the biggest problem in the interpretation of the DNI. A DNI must certainly be configured to a specific person, since brain waves are pretty much an individual thing. The same input generated from a different person would result in absolute nonsense. But then, I imagine, that each DNI includes a kind of firmware that translates these individual signals into code that is readable by devices, say, a commlink. What bnc would have to do, is to change the input source of his commlink from Vandemark's DNI to her own. Once she's done that, there is no way the machine could tell the difference.

Do you agree as a GM?

I'm hitting the books right now to get a more founded explanation.

First the good news: Going unconscious will dump you automatically in AR
"Usually, if you fall unconscious in VR, your commlink or deck automatically switches you to AR. If you’re linklocked, you remain online and in VR. IC typically doesn’t care whether its target is conscious, so it will probably keep attacking you." Core p.229

But that means also that a device automatically notices when your brain is no longer sending the right information. After all, the computer is reading your brain and it doesn't take a genius to realize that this is even more unique than a fingerprint.

You can only get frustrated if you compare Shadowrun fluff and crunch to real world technology. There are so many things wrong with the matrix, that starting to nitpick specific things will only lead to unraveling the whole thing.

Speaking of Rules:
You can't go in with his persona while his persona is still in. That at least is made explicitly clear in the rules if noting else: There can only be ever one persona on a given device (with the explicit exception of AIs and Agents). Changing a persona necessitates a reboot.

The facebook analogy falls short since this is a much more secure system (that's one of the selling points of the 5e matrix: Much stronger security and almost no options to reach ownership level access without being the owner.)
It's more like you have a webcam that at all times scans your face, keeps track of the pattern of your typing, listens to the sound of your voice and periodically tests your reaction to only subconsciously perceivable cues.

I mean, even todays modern car keys use encryption to ensure that just recording and replaying the signal coming from the key won't allow you to open the car. Even I have my phone defaulting to ask me to unlock it every time I closed the cover or have not touched the screen for five seconds.

I just don't see how you can do what you want to do within the rules. You'd have to be an AI or a Technomancer with Puppeteer.

That brainwaves and such are absolutely unique, I pointed out in my earlier post already. That's why I think that DNI comes with firmware. It would be grotesquely unflexible, unhandy and un-whatnot if every single commlink or deck or whatever gear would have to adapt to your unique central nervous system on its own. Not to speak of the costs. So I assume that your DNI translates this in code. That's why the facebook analogy would still work.
This would be where bnc would attack. So it would be a kind of a FIFO: The command getDataFromDNI(Vandemark) is replaced by getDataFromDNI(Axis), basically.

Also, I don't want to go in with a second persona. I want to go in with his device and use his persona.

Yeah, you got the idea. Where it's possible, is gamemaster's descretion. You decide. If you say yes, I'll go for it, if you say no we just knock him out and leave him be. You said you'd appreciate creative solutions, so I try to think like bnc would. Hacking can be so much more than just landing marks and deleting files.

The point I'm making is, that you can't just access that file in plaintext. The DNI does translate the brainwaves but it also generates a key from them that prevents anyone from just spoofing them (just like a DNA test doesn't look at the functioning parts of the DNA that is identical within most humans but at the garbage data that is unique in each individual). At least that's how I wrap my head around the concept of Personas.

Letting anyone copy a persona would pretty much undo all and every system based on ownership, granting you total access to just about everything.



Your plan still works with physical access to the device to direct the deck through buttons, image link and an AR gloves, but I say no to spoofing a persona on the device the persona is build, because a rule change like that would have very far reaching consequences for the game world.

Wakata yo.

That's maybe unwise to ask, but: If I can do all this manually, wouldn't the effect be the same? I mean, I would still control his ID and thus have ownership to everything he owns, or did I miss something?

This only works as long as he is unconscious (DNI beats manual controls) and nothing causes the deck to reboot.
Also, you don't have ownership. You can't use this to change ownership of any of his devices or to open his protected files (without hacking them) - that includes his bank accounts.

So what you're saying is that ownership doesn't refer to a device but to a natural person?
I still don't quite understand how you see this. Let's say, I own a car. Does that mean that my car double-checks my deck or my actual brainwaves?
It suddenly doesn't make any sense at all anymore. If ownership refers to a device, I should have ownership to anything the device owns, when I controll the device.
If ownership refers to a natural person, taking his commlink would be no use at all (except that I can sell it for 200 nuyen and he's gonna hate me forever).

I'm sorry. I'm not trying to make this more complicated, but I can't wrap my head about how you think rights are granted and double-checked in shadowrun.

I warned you that this is the murky part of the rules - and I've seen those discussions in the forums pop up regularly because Catalyst can't be arsed to do anything about it.

My personal interpretation is thus:

Your Persona is an individually generated key that creates an identifier in the matrix. This key can not be copied with normal means, because it is based on your user history and/or brain waves. That's why no matter on which device you log in, you always have the same persona and all messages for you can be accessed by you, as well as all devices you have Ownership for.

Ownership is separate from your Persona. It's a profile that is kept in a register within the matrix and linked to your persona (heavily encrypted). It is purposefully complicated to change ownership to prevent accidentally or involuntarily transferring any devices. The process includes active input (passwords) as well as identity checks against your persona.

The device you are logged in is secondary to all this. It facilitates access to the online stored profiles and is the basis on which your Persona is projected (that's why the device is subsumed by your Persona in the Matrix and can't be accessed separately as long as your persona is active on it.

Whenever you open or do something with restricted access (files, matrix actions) your persona gets checked to verify that you have the correct access rights (MARKs) (with DNI you don't notice this, since it can verify against your brain waves) with manual controls I imagine it to be the future equivalent of a lockscreen gesture.

In other words, it doesn't work at all. Fine.

No, it works as I outlined earlier: As long as you keep to manual controls and legal actions like edit file, perception, search etc. you can use his session - provided he stays connected.

Yeah, but what use is his session if the rights are bound to his persona, not the session or the device?

Provided you can use the session in a way you'd find useful, how does that change our plan?

My plan was, if I could use the session and the rights granted with it - that is, if the host thinks I'm Vandemark - I could control the cameras, the vent sys and so forth without needing to hack everything myself.

If the rights, however, are granted to a persona, we can drop the entire part, just send an elemental to Vandemark and bnc goes in herself.

That plan still works - depending on which host he is logged in. In the security host, you can edit the camera feeds without problem, since edit file is not an illegal action and therefore won't trigger a security check - provided you keep to manual controls and he stays logged in and the camera files aren't encrypted/databombed.

The vents need a (legal) control device action and are likewise no trouble with manual controls.

The snag is, that you can't change hosts without triggering a security check, so whichever host he's in is the one you have to work with.

Volker, is that enough a reward that it is still worth risking the home invasion, or would it be better to deal with the problem remotely using spirits?

That depends. If you hope to go unnoticed for as long as possible, it might be vital. There are a lot of cameras around the place. It's impossible to hack every single one of them. While I can provide coverage for one camera, allowing Anna to plant the stink bomb, we will be displayed as soon as the big ones enter the scene.

If you go for speed rather than sneakiness, it's absolutely not worth it.

Personally, now that the rule base is cleared, I tend to favor the option where we let the spirit do the work and bnc goes with you guys. Unless you want to try the all-ninja approach. If we can take out the whole personnel before they can raise alarm and bnc is in the spider's desk, we might pull off the whole heist unnoticed.

I agree about the elemental - but Anna has a code of honor and cannot just kill someone because he is in the way. Perhaps the spirit can knock him out somehow...

if we speak of murdering him, given the situation and the promise of money I bet she can be coerced to do so - but she'll feel bad about it and should pay some karma.

No one ever said a word about killing home. Schmidt was quite clear about his opinion on unnecessary murder, and most of the team try to avoid killing when possible. Most elementals are perfectly suitable for nocking out a helpless spider.

Well let's say that I do not 100% share your confidence about 'knocking out' as long as the said spider is not link locked.

The spider may under no condition be link locked!
For one, link lock is always the result of an attack action and that comes with a hacker alarm. For the other, if he is link locked the controls stay on VR and do not revert to AR.

What has one to do with the other? The spirit just manifests and either hits it with unarmed damage or forces himself to knock him out (tack pills or something) by using Influence.

I am not sure influence can be used that way unless he was already suicidal - but this is GM interpretation and well, the spider wakes up and escapes calls for backup. If he is linked locked it becomes trivial... Luckily we can do two spirits perhaps would give us enough time to knock him out before he calls SOS. (DNI and anything, cameras so forth).


I mean does it help to take the spider out if people know we did it? Because I imagine they'll just use another spider and put everyone on high alert.

@gilga

No-one is supposed to learn that the spider is out of action - that's why bnc will have to hack his bio-monitor. If the man is in VR he'll have very little chance to react if a spirit materializes behind and above him. One moment he is conscious, the next moment he his out for the count, while the bio-monitor continues to send the all clear signal.

Influence can make people do a lot of stuff, but explicit suicidal actions are out. That said, you can make people still do stupid things, like take recreational drugs and up the dosage.

Or as mentioned an Air Spirit's engulf power.

is air engulf stun damage?

Yes, air spirits can be made completely non-lethal, since they don't get energy aura automatically.
Noxious Breath is also stun only damage

I'd say that most recreational drugs are way more suicidal than taking sleeping pills. I never said anything about a lethal overdose. Why on Earth should we even consider that?

That approach, however, would require that he has sleeping pills at hand. It's not that improbable, as I imagine that the job as a security spider might lead to sleeping disorders. Still, that plan is way more unsecure than just knocking him out directly. The only advantage I can see is that it's very difficult to identify the attack as such. But since the bank robbery itself will attract attention, this is of little worth. So let's forget about the Influence approach and use the air elemental approach instead.

Air elemental it is... and being a first time to do something as big as a bank, she is kind of stressed.

I'm totally fine with it ^^ bnc is the one who isn't!

Jack, do you want me to roll any hacking rolls?

No rolls necessary at the moment - this training is just so that everyone really understands the plan and which steps come after which other steps

Just write how you do it.

Happy new year.

bnc and Slobbertooth have been doing this for almost 3 years now. Can't believe it.

Hi guys, it'll be yet some days before I can post. I am not gone or anything.

You sure? Should be 2 years according to my notes. She was 19 when Krestov brought her and it's only days before her 21st birthday.

Was using bnc and Slobber as a stand in for the PbP group.

Deep Black Sea was posted by Jack on Jan 28, 2015

Really? It's been that long?

Time just flies these days...

Ah, you meant OoC yeah, that's true. I started pbp back when I was in Nepal, that was 2014/15. And I hope this group will continue, despite all the losses it suffered.
Has anyone any news from SgtBoomCloud/Qwikfix?

He could not get approved for this forum.