When Hacking on the Fly (SR4a, p235), you create an account and are automatically logged in.

Data Bombs can be set on a node so that when "an icon logs onto a node ... without using the data bomb's passcode", it goes *boom* (SR4a, p.230).

The end result is that it seems that as soon as you finish Hacking-on-the-Fly, hacker go *boom*.

On a file with a Data Bomb (rather than a node), this doesn't seem to be an issue. Spotting a Data Bomb on a file is simple enough - since you are already in the node and can use a Matrix Perception test (SR4a, p.231) followed by a Disarm Data Bomb action (SR4a, p.230).

On a node with a Data Bomb, however, how do you spot it when you haven't logged into the node yet? Am I just missing a step in the process? Can you disarm a Data Bomb-ed Node from outside the node? Is there anything RAW to support this?

The whole concept of Hack-on-the-Fly and logging on is a logical problem within the rules, to begin with. I'd just allow a normal Analyze Node to find the bomb, and let them disarm it from the outside; that is, the bomb is 'outside' the node, not 'inside' it.

Yeah, nothing prevents you from Analyzing a node before you're 'inside' it, i believe.

Correct, Nothing prevents this at all... and is often a very good practice for the above reason stated...

It's good security.

Only one problem: People.

"WHAT THE FRAG? THE SYSTEM IS DOWN!" "Yeah... Jerry in IT Security typed his password in incorrectly, and with his permissions, the Data Bomb security you insisted upon after reading about it in a magazine took out... Um... Well, we're reloading the OS. From disk." "How long?" "Two hours." "That's 100,000 down the drain in time, minimum!" "At best." "And even more money at worst!"

That's how I always played it.

In terms of visualizing the matrix I typically describe entering/exiting a node as going through a door. Data bombing the node is like rigging the door's handle/frame/etc, a careful look at the door will reveal it and allow you to act on it.

Databombs do not have to target any system resources other than an Icon if they are set that way...

Well, I did point out it was a Manager's idea. We all know what happens when you get an MBA.

...

Well, folks in IT know. Oh, by the love of all that's holy and right, do we ever know... *Curls up into corner and rocks back and forth, crying*

And that's why so many hackers and technos turn to crime.

Do it! Do it before it breaks your spirit like it broke mine!

There's a couple ways around this:

1) Assume that the hacker, using Hack-on-the-fly (and probe, even), does not properly log on. They don't have an account, they've sort of slipped through the seams. If the data bomb was on the door, they just went through the window. If they subsequently create a legit account, then log on with that account, they'd face this data bomb.

2) The data bomb must prompt for the passcode, no? At that point the hacker could fire up his Defuse or Analyze or log off or whatever.

3) You could say that yes, the hacker can analyze the node before logging on (i.e. peeks at the login requirements, perhaps).

4) The data bomb has to detect the hacker (i.e. see through his Stealth) to go off.

Personally, I'd go with 1-3, and instead data bomb the node so that any account not on a white list gets hit with the data bomb, along with encryption of course.

You actually need a simple action to count the icons, then an additional simple action to actually identify the icons. This can take a LONG time if someone cleverly placed 3507 unrated programs in the node.

Where does it say that? And which unrated programs?

Bullshit.

What -actually- happens is your analyzer automatically rolls your computer skill for you against every icon present.

The 'simple action for everything, oh god the matrix is terrible' mentality is something people latch onto, instead of reading the rules.



No, fuck that noise. With Changed Linked Device Mode as a free action through DNI, and Node Script options to turn it back one every once in a while, automatic rendering is pretty much a guaranteed default setting. its just inefficient, and, more importantly, dumb.

It also makes more common sense. With automatic rendering on, the program alerts you if it finds something wrong(norton has found a virus! unauthorized user detected. Alert: data bomb detected or even 'user has connected') instead of spending A. Simple. Action. For. Every. Icon. Agent. Ic. File. User. Node. And. Program. In the entire system.

That being said, since these rolls are supposed to go on in secret(presumably as the GM sets the scene for this particular node, including details your analyzer picked up when you logged in), its always a good idea to check things out for yourself. If you want a job done right, you can' t let your toys do all the work for you. Mitigating the 'i know everything instantly' factor somewhat are the matrix perception rules: One relevant piece of information per net hit. The stealth program Decoy rules(unwired 73) also serve to muddy up the vast sea of information by giving a piece of false information if it wins the opposed Stealth test(faking out a bad analyze program when it tries to probe you, basically.)

SR4A P224 "Your persona is represented by an icon in the Matrix, as are
your running programs, files, agents, IC, links to nodes, etc."

SR4A P228: "If you wish to specifically examine an ARO, users, programs, IC,
nodes, files, etc., take a Simple Action to Analyze Icon/Node (p. 229).
Make a Matrix Perception test using your Computer + Analyze program
(rather than Perception + Intuition). Your hits determine how
successful the examination is. For each hit scored, you can ask for one
piece of information about the object—this could be type, rating, alert
status, or any other pertinent information; a list of possible details you
could gather from a Matrix Perception test can be found in the Matrix
Perception Data sidebar."

So 3507 files of random data look generally like the file you really want. All you have to do is use a simple action on EVERY SINGLE ICON to tell what they are. What could possibly go wrong as you spend the next few hours looking at the icons in a secure corporate host?

Actually, that action is covered by Data Search( a complex action, since you're searching within a specific system). THEN you can proceed to analyze it.

Additionally, as far as i'm reading this, you'd need a stealth program running for every file being decoyed. You simply don't have enough room in your program limit to make the system as impossible to navigate as you seem to think it is.
Additionally, stealth programs are illegal, which limits the casual users from gaining access to it. (also, remember, that anyone can tell you're using an illegal stealth program if they beat it, because running programs are something you can see with matrix perception tests.)

Kzt, that IS one way to analyze programs, but if you read past it just a bit, you're given a much better alternative.
No, those 3507 random files - simple action to turn automatic rendering on, your analyzer rolls computer+analyze against ALL 3507 files, and tells you what it sees.
Now, asking your GM to roll that many dice just isn't going to fly, but it -should- be rolled against the important ones.
Its when it -doesn't- find anything suspicious that you have to worry.

Thanks everyone! I think you just saved the lives of a few PC hackers out there.

kzt, regarding finding a specific file/program/subscription/etc, we always use the Data Search + Browse for those tests followed by the Matrix Perception as you described it once it was located. Mostly for finding the access log, subscription lists, connected nodes, or specific paydata.
[Edit: beat to the punch by Udoshi. I shoulda invested in that Simsense Accelerator after all.)

This, exactly.

If you're looking to throw a few nasty(but not lethal) surprises at your party, you should read some of the first half of unwired. There's a particularly neat trick in which you can put an IC inside an Encrypted file archive, which pops out if someone opens the box.
"We got the paydata!"
"Whats inside?"
"Shit! we're being traced! its calling home!"
Thats on page 66 or so.

Indeed, kzt, you're simply reading that section wrong. It specifically says that you can use Analyze on the whole node at once for basic info, as others pointed out.

No, if you run stealth it's a LOT harder. It's a data file. Or more accurately an icon of a data folder. There are thousands of them. You can see that there are thousands of them. Which has the data you want? You run a data search and it sends you a list of thousands of icons. You want to know more? "take a Simple Action to Analyze Icon/Node (p. 229)". I'm not saying this makes a lot of sense, I'm saying that is what the rules say.


A Corporations laws usually don't limit what a corp node can run. So no, it's not illegal. It's illegal for YOU to run a stealth program. But their stealth program or their 40 agents with Black Hammer are not illegal.


Actually what that does is "It will report the
presence of any new icons to you. It will maintain that task for as
long as you are on that node, until you use it for another purpose,
or until you deactivate it."

Cool, so it will tell you about the new icons that show up. This is helpful in this situation how?

It is supposed to be hard to find details on a node, particularly when you are an uninvited hacker. This is RAI. See Unwired.

Unwired p57:
All icons carry an identifying tag, giving the VR user instant knowledge about the kind of icon he is looking at; AR users get a small descriptive tag next to the icon. The kind of information provided depends on the access rights of the Matrix user. In some cases wrong tags may be supplied. While a spider with security access might be informed that the knight's armor in front of him is a trace IC, the hacker with only user privileges might be told that it is only a piece of data. In this case the hacker must use Analyze software to get the complete information.

Do you just not get processor limit? A system cannot have 'thousands of data files' covered by a decoy, because they would need a stealth program for each.

A Corporations laws usually don't limit what a corp node can run. So no, it's not illegal. It's illegal for YOU to run a stealth program. But their stealth program or their 40 agents with Black Hammer are not illegal.



You're cherrypicking quotes, instead of using the full text. It also automatically scans other users/icons on that node.(4a 288) It ALSO reports new icons, but that is not all it does. The two rules are not incompatable. You pointed it out yourself: Files are icons, therefore they also get automatically scanned.
Look at the rule again. Once the automatic mode is turned on, it scans icons on the node.
Are you going to argue now that the icons/files aren't on the node?
If someone logs in to investigate the activity,then.... they get scanned automatically as well.
I don't see how these two functions are mutually exclusive.

(I mean automatic in the sense that it doesn't take an action; a Matrix perception test must still be rolled for each icon.)




Gee. We -are- using analyze.
And it IS making Computer+analyze rolls for us.
Are you -trying- to win my arguement for me?

there's a big difference between the information programs and icons provide about themselves without a test, and the information you get from a successful matrix perception test.

Seems like a Data Search to me. If we consult the table we even have a threshold for "Hidden or Actively Hunted and Erased" of 24, and we are searching a node. So, if we are on the appropriate node that the correct file is on we should be able to data search for it even if the file is hidden, though in this case I would suggest that the player should roll Data Search + Analyze rather then Data Search + Browse as finding a stealthed file would not turn up under normal browsing, but would with Analyze. So I think our test for this type of task would be an extended Data Search + Analyze(24, Complex Action).

Minor nitpick - its Browse, not Analyze.

Stealthed isn't exactly the same thing as hidden. It's a personal call, but that's my reasoning.

Honestly, it depends. Could be either.