The implications in RAW seem contradictory (no, seriously).

On the one hand it seems one needs to succeed in a Matrix perception test to spot one, but then if it relies on a passcode system to allow legitimate access surely asking for the passcode would tip off an unwary intruder?

If you go to open a file and it asks for a passcode that you do not know then I can only think of two possibilities -

A) It's an encryption passcode so you're not getting in anyway

or

B) It's a databomb passcode that won't stop you getting in, but you will be blown up the very instant that you do

So what reason would anyone have for trying to open the file without filling in the passcode?
Does it make sense that the passcode can be supplied by the user without being asked for it, thus forming a trap for the unwary intruder?

It's an encryption passcode so you're not getting in anyway.
No, that would be an encryption passcode and not a databomb, obviously.

It's a databomb passcode that won't stop you getting in, but you will be blown up the very instant that you do.
That's right.

So what reason would anyone have for trying to open the file without filling in the passcode?
Simply, not knowing the databomb is there. You don't check every door for internal security systems before trying to use the doorknob either.

Does it make sense that the passcode can be supplied by the user without being asked for it, thus forming a trap for the unwary intruder? Think of the passcode as an invisible tripwire. If you know where it is you can easily pass.
If you know it's there but not where you can try to avoid it while passing. If you don't see it you set off the bomb.

What Infornography said.

Look, compare it to one of those panel-based alarms stores have. You get in, you don't tell it things are ok, and the alarm goes off. Some of them are silent - they don't beep to warn you they're counting down.

Most alarms just call for the cops instead of setting off a kill-charge. You still get the idea, however.

So you play it that the user is not asked for the passcode - they submit it off their own back through some undefined means that they know that particular bomb will understand. I can't shake the image of someone opening a Word document whilst simultaneously typing the password into Notepad.

Ah well, I guess it's within the scope of handwavium.

Try this image instead. Open file xyz.docx?p=here's_the_bonus-password_don't"blow-up"this_time.

Not so much a query, just if the additional code isn't attached to the query (or logon or whatever) the bomb goes boom.

That is how I picture it, anyway.

It's more like entering a cheat code during the loading screen of an old game.

What's the 'obvious' difference from the user's perspective exactly?


If I knew that keypads were often bombed and I saw one on a door I wouldn't try the handle.


That's a really inapt metaphor - the passcode is what you give to the security system through some vehicle or other so that it can match it against its records. No match equals boom. A better metaphor is the keypad on a door, and in those terms my question was 'do you see a keypad or do you have to already know where on the door the invisible keypad is?'.

The answer to all your questions is that you don't "see" the databomb and it doesn't "ask" for the passcode.

You either have to know it's there or analyze the file, node or whatever you want to access.
It's not like a keypad pops up and you actually have to enter a passcode.
You just send the signal that tells the bomb it's cool to let you pass.

And the metaphor was perfectly fine. You just didn't get it.

Isn't that called a passcode? Which is specifically what SR4A p233 calls it.

Incidentally, is a non-Pavlov (stupidest option ever) data bomb deleted upon successful legit use? It is described at 'defused' when you enter the passcode; doesn't this mean you have to re-set it if you still want it there later? (I'd never thought about it before, that's all. )

If the bomb goes off it's gone.
If someone defuses it, it's still there and active for everyone.
If I remember correctly, you can't defuse it for someone else.
Also if the bomb is on a "door" and you defused it to get in you have to defuse it again if you want to get out, I think.

Even though Pavlov stays active after it went off, it's weaker than the bomb.
I think the bomb is more like a data terrorist thing than a corporate security measure.

Ah, I forgot. I'm talking SR3 here. Don't know if it's still the same in SR4.

That is so arrogant. Even if it's true, it's interesting that you as the author take no responsibility.

Word of advice - if someone asks for help and you treat them like an idiot from the get-go don't be surprised if feathers get ruffled.

Thanks Yerameyahu, that's the kind of answer I was needing.

Eeh? I didn't mean to be rude. There's nothing wrong with not getting something. I don't get things all the time.
And I certainly didn't call you an idiot.

See, I feel like data bombs still act like you described: you 'defuse' for yourself only, which really just means you pass. It's not defusing at all, so it's a bad metaphor. The only way to get rid of them is to 'blow them up'—even the owner doesn't appear to have delete rights, and there's no 'clearing' them. This seems odd, so I figure I'm just mis-remembering/-reading. The bit I mentioned a moment ago is just (badly) vague, so it could go either way.

Data bombs really are a mess. There's no reason not to have them on literally everything (files, nodes, etc.). They can be easily configured to destroy data or not, they can cheaply be made to recur (or not), and you only have to buy the program once to plant infinite bombs. They use no processor power or memory space. And so on. :/ I don't hate the idea of them, but jeez. It's like having a magic nanotech gun that plants camouflaged grenades.

I never said you defuse the "tripwire", just that you pass it.
I think it should be possible to completely remove the bomb without setting it off or set it off without beeing hit. Maybe with a dumbframe?
Anyway it's pretty confusing that the Defuse program actually doesn't defuse anything. Should've been called Fool instead.

Corporations would only use them until the first sararyman fucks up giving the passcode and dies.
Like I said, I think of them as more of a surprise from data terrorists than actual security measures.

You didn't say it, SR4A did. It specifically says 'defuse' when you enter the passcode. And the Defuse program 'disables' the bomb, which is both wrong… and a weird situation not to use the word defuse.

Ah, but see: there are zero rules about 'messing up the passcode'. Theoretically, it's handled automatically in the background by your machine. And sararimen wouldn't be hot VR. That's my point: they're a *great* security measure.

I wouldn't know, since I didn't look into the 4th ed matrix, yet.
In 3 Defuse fools the bomb in making it see you as a legitimate user.
Or maybe I'm just confusing things. Sorry, if I am.

Yeah, I do think things are roughly the same as they were in 3. Which is to say, still a mess of bad terminology and balance issues.

Exactly. That's why I prefer roleplaying the matrix and only make some checks here and there so that those 60% of your character doesn't go down the drain. It works for astral space so why shouldn't it work for the matrix too?

Small caveat I suspect you already know but want to note in case.

While you can put them on literally everything you can only put one per node.

The rest of your comments? yeah.

Right: one per anything. One on the node, one on every file in that node, etc.

huh. Went back to re-read it and can see how you get that. I'd always read it as meaning if one was in the node it stopped the rest.

A Particular File does not a device make, and vice versa. I Am with Yerameyahu on this. You may have one on a Device, and one per any file you want ON that device. It is a great choice for setting up Honey Pots in my opinion.
No worries though.

Oh, I see. I feel like it would just say '1 per node', if it meant 1 total. Hmm.

If you can attach one bomb to one particular file, that doesn't exclude you from having one every file, and therefore multiple bombs inside (not on) a node.