SR3R Project Forum

Discussion and debate for the SR3R Project
It is currently Mon Oct 21, 2019 2:51 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 43 posts ] 
Author Message
PostPosted: Mon Feb 04, 2008 1:36 am 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
Ok a step back to SR2 for those who never saw it (I had to go dig up VR 2.0).

System Operations:
Once inside a node a decker could perform any number of system operations (download data, mess with slaves, etc etc). These required a computer + hacking pool roll against a TN equal to the security rating of the host. The security code (blue/green/orange/red) determined the threshold for the test (1/2/3/4 respectively). That was it for system operations. The roll was unopposed.

Utilities:
On top of the default operations there were a bunch of individual utility programs the likes of analyze, browse, sleaze, attack, etc etc. These were generic and applied to everything. You ran analyze to analyze data, a host, an icon, IC, a slave.

You ran them just like a system operation only the system would actively resist their operation so it was an opposed roll with the system rolling a number of dice equal to it's rating vs. the Evasion rating of the decker. The decker must defeat the same threshold as above in this test (so they needed to defeat threshold + opposed successes).


IC: When attacking IC the decker first must "run" the program like any other utility which requires the rolls described above. But assuming the combat program is up and going then the decker must attack with it. They roll a number of dice equal to the program rating + hacking pool, against a TN equal to the Node's Security rating. The IC resists with a number of dice equal to it's rating, against a TN of the decker's computer skill. If the IC is attacking it rolls a number of dice equal to its rating against a TN equal to the persona's Bod. The decker resists damage by rolling a number of dice equal to MPCP + hacking pool, against a TN equal to the security rating of the Node.


Some of that is right fucked up to be honest. SR3 certain owns SR2 when it comes to consistency of target numbers and general mechanics. That said some of SR2 can be looked at as good, the way utilities were generic and were generally used only to augment basic operations is an awesome simplification from SR3/VR 2.0. I recommend we seriously consider a nice merger in the following fashion. I'll try to put together a formal proposal tomorrow.

SR2 Goodness
- Generic utilities that don't much care what operation is being performed on.
- Single host ratings/codes (let IC do the rest)

SR3 Goodness
- Security tally/sheathes
- SR3 TN/threshold consistencies (SR2 is a royal mess)
- SR3 total dice pool levels
- SR3 Skill + pool mechanic.


I could see the following being how things work.

Decker enters node using a Deception utility to defeat the security. The decker rolls skill+pool vs TN of the security rating, the host resists with a number of dice equal to its rating vs a TN of the Deception program rating. Potentially gains some security tally.

Decker uses the utility Analyze on the host to see what kind of data/slaves/IC/whatever is in the host. skill + pool vs security rating, vs host rating vs Analyze rating. Gain some tally.

Decker's Analyze finds some slaves and th decker desides to loop the cameras so his friends can sneak by. Decker uses the utility Manipulate/Edit on each slave. skill + pool vs security rating, vs host rating vs Manipulate/Edit rating. Gain some tally.

That right there works pretty slick for basically everything you could ever want to do that does not involve combat or IC. A nice, simple, easy, consistent system for all non-combat operations that would take minimal effort on the GM and the player's part to do quickly and easily. The GM can give special nodes extra rating vs certain operations (SAN's could have +2 rating vs Deception/Authentication utilities), or whatever.

The only issue is figuring out where/how persona programs come into play. See it's at persona programs that everything falls apart. In some cases they serve best as dice pools, in others as TN's. My gut feeling is that persona programs should really only serve a purpose against IC and otherwise let programs handle everything. The following is the best I could do and it's not completely consistent which pisses me off, but it feels like a nice improvement over SR3.

Masking is the TN that all IC rolls for passive tests against the persona. For instance all trace IC is always rolled against a TN of Masking, but analyze and probe rolls from other IC will also fall against a TN of masking.

Evasion is the TN that all IC rolls for active tests against the persona. For instance blaster IC or tar babies or whatnot roll against a TN of the persona's evasion.

Bod is used as a dice pool strictly to resist damage once an attack succeeds.

Sensors I have no idea what to do with them. Beyond the generic (and lame) "free" sensors roll that is described I don't know what to do with sensors. I mean I suppose it has a lot of use on the other side of decking, like a defensive decker could use their sensors to track a fleeing decker. It should probably be used as a dice pool in situations where a decker needs to see/find a piece of IC or another decker. Still that feels pretty weak compared to the other three which have larger roles.

My big gripe with the 4 persona programs is that 2 are slated to be pools, 2 as TN's. I suppose its ok, I mean in SR2 and SR3 they really never cleanly and consistently figure out what to do with persona programs. I really like the masking/evasion relationship a lot. Bod just feels necessary because its a staple of SR. Sensors though feels like it could serve a larger role. Perhaps it could work it's way into some utility use for analyze/search style utilities ... thus giving it an expanded role. I don't know because that would make it unique in that it would affect non-IC operations.

Anyhow given the above cyber combat would be.

Decker attacks a piece of IC using skill + pool vs a TN of the IC's rating. IC defending using the Node's security rating vs a TN of the Attack program.

IC attacks a Decker using the node's security rating vs a TN of the Decker's Evasion or Masking. Decker defends using Skill + pool vs a TN of the IC's rating. Any damage that gets through gets resisted by Bod vs a TN of the IC's rating - hardening.

That feels very slick to me. Nodes work just like decking itself, only instead of skill + pool the node uses it's rating. And instead of using a program rating to determine the opposing TN's, they use IC's rating. It's consistent and simple.

And honestly if anything could be figured out for sensors that was simple enough ... I think we'd have everything we needed for the backbone of a full system right there. It *should* be that simple, the devil should be in the details. Certainly combat utilities could really go a long ways here to liven up combat. SR2 had cool utilities like Smoke and Mirrors and whatnot.

It's also important to note that I completely abandoned the idea of system operations here. Basically I have EVERY action as utility based. This requires a few good, generic utilities ... OR we could go the skill way and have utilities like Analyze and Search and whatnot be replaced by some interesting skill and then you could maybe use Sensor rating as the TN for hosts to oppose those tests and then blah blah blah ... I ignored it for now because I am suspecting I will run into a hailstorm of opposition for the above already.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 1:53 am 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
In restrospect I think non-utility based operations are a good thing. This can be combined with the proposed expansion of decker skills and reduction of utility load to knock out three birds with on stone. I'm tired, so bear with me.

Given the above, you introduce a fair amount of non-utility actions that can be done by deckers.

- Analysis
- Search
- Manipulation (looping cameras, reprogramming icons, editing things)
- I/O

There's room for ancillary utilities that can assist in some of it (like Decrypt/Encrypt, or paydata search utilities)

Now you cut up our computer skill into 3.

Hacking - for cyber combat and active utility use (deception, tracing, etc ...)
Computer - For Analysis/Search/ I/O rolls (most of what normal people do)
Programming - Can be used for Manipulation operations, for improvised attacks/defenses, as well as offline programming.


And now suddenly your sensors can be the third TN, as follows.

You roll skill + pool for everything. The TN is the Host security rating for everything non combat, and IC rating for combat. Host rolls rating vs Program rating for utility use and rating vs Sensors for those operations (search/analyze/manipulation/ I/O). IC rolls host rating vs Masking or Evasion depending on type/circumstances. And Bod is just used to soak damage. We keep security tally/sheathes and SR3 hacking pool and whatnot.

That's about the best I've got at 2am. Sorry for the fragments. I hope it makes as much sense to people as it does to me. Seems like a nice solid improvement over SR3.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 1:55 am 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
Or even masking could be used as the Host's TN when the decker is performing an manipulation, which would give masking a bit more teeth since Evasion will end up being used when it REALLY counts (against the nasties) and masking will mostly be relegated against trace and probe IC.


Top
 Profile  
 
PostPosted: Mon Feb 04, 2008 2:29 am 
Offline

Joined: Thu Jul 19, 2007 9:34 pm
Posts: 105
Location: Oceania
feralminded wrote:
Ok a step back to SR2 for those who never saw it (I had to go dig up VR 2.0).

VR2 is the same a SR3 and Matrix. The division is SR1, VR & SR2 (Matrix 1.0) and VR2, SR3 & Matrix (Matrix 2.0) just to be pedantic (this is all from VR2).

On cybercombat I'd put matrix combat in line with astral & melee with a base TN of 4 amongst other things.

System Operations and operational utilities are intertwined in Matrix 2.0 and I think the value of system ops is in spelling out a choice of actions.

Matrix 2.0 strove to be mapless but has all sorts of host arrays. Maybe a host/node/system should be 1 thing with slaves, datastores etc. and ACIFS would cover the lot.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 3:24 am 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
To summarize from the other thread, your two good things:

- Generic utilities that don't much care what operation is being performed on.
If you look at the other thread, we're already doing this. There are now... exactly 10 utilities that operate on the host's subsystems. Some, like Validate and Inject, you might be able to get away without, but the majority are pretty much required, and will be stated as such. Just about everything you do, system operations-wise, will fall under those 10 utilities, and basically nothing else.

So, basically yeah, we got that. :)

- Single host ratings/codes (let IC do the rest)
You know, I still don't think this is important. I mean, sure, currently you need 6 numbers and a color to describe the basic stats of a host... but then, you also need 6 numbers and a race to describe the basic stats of a security guard, or a dog. You need 11 stats to describe a vehicle! I have a hard time with the idea that we need to reduce the number of basic stats a host has.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 11:04 am 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
I know of very few players who ever enjoyed AFICS while decking. I know of very few players who ever enjoyed the idea of utilities at all (and the resulting inflated, needless, target numbers). Honestly the ONLY people I've ever talked to at any convention or on any forum who ever liked AFICS have been GMs, specifically the kind who in D&D used to draw out the maps of their dungeons and walk the players through on a grid. The gritty, dramatic storyteller kind of GM's have always tended to hate AFICS. I feel like SR3 was a huge step forward from SR2 in regards to adding a lot of consistency to the rolling and the target numbers and the dice pools, but was a step backwards with the AFICS paradigm.

Oh well, it was worth a shot. I understand my mad ramblings at 2 am are likely incoherent and that didn't help my cause. I also realize you guys have done a lot of work to try and salvage AFICS but this was a proposal for a newer, simpler direction ... that's all. I consider any work on AFICS to be polishing a turd at this point, it's garbage simply because it's unneeded to have a rich and fun matrix experience. Less can be more if done right. When it comes to decking SR3 is a complete failure simply because so much is required of the GM and the player that it causes endless continuity breaks and the dreaded "decker time" occurs where the decker and the GM go off into their corner while everyone else's eyes glaze over.

Honestly a dramatic reduction of complexity is necessary in order to better integrate a decker into a party. Whenever a decker needs to "deck" it should be a few quick rolls and it should be over so that everyone can move on. No different than someone trying to sneak or drive a car or fire a gun. Quick, fast, effective, done. That's all I am proposing. AFICS and complex matrix layouts would be fine if that's all this game was, if everyone played some kind of decker. It's also fine as an OPTION for players and groups who want a full on Neuromancer matrix experience. That said I strongly recommend we push a simple, quick resolution system with optional components that can add deeper complexity for those who want it, but sets the status quo at a much quicker pace. That way the majority of decker interaction will work like mage's general astral space interaction ... quick and in parallel with everyone else. But you can still have the rest of the details there for those metaplanar travels.

I feel like I'm preaching to a wall.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 11:53 am 
Offline
Site Admin

Joined: Tue Jul 17, 2007 11:39 am
Posts: 875
Location: Boston
Well, yeah. We've got a fundamental mismatch, a failure to have a meeting of the minds—specifically, over the question of whether decking as it is is complex. I really don't see how you can consider it to be. You apparently can't see how I can consider it not to be.

I'm going to have to give some though to how we can establish some understanding on this point.

~J

_________________
Failure: when your best just isn't good enough.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 11:58 am 
Offline

Joined: Tue Jul 17, 2007 12:14 pm
Posts: 138
Keep preaching, I like where you are going with this.

I find that the AFICS system is too granular, and I would think that a system host would have 1 single authentication module.

Yes, programs/scripts and file actions have permissions, but those are boolean. Either you can do them or your cannot.

From my understanding, you are trying to get the host to think you are someone that can, not trying to access a complex memory leak to execute and exploit.

I like the idea of a decker floating around a host, slowly adding up his tally. but I think at anytime the user could put in a CPU request and be transported to the CPU for a login test.
--

I was thinking about the whole pre-run idea, and there are indexing systems that would poll the matrix looking for data. What about having those act as SK's that can do some of the tedious searching for you. Each index would have a rating.

ie. GoogleSK - rating 3 -
You are looking for some background information regarding the old microsoft facility in redmond.

This kind of works like a social test:
Roll 3 dice -
TN assigned by GM - 4 - general knowledge
base time is 1 hour.
number of successes give you more information.
Decker can add additional dice up to rating of index but is locked down at the index.

Certain organizations would each have their own indexes
Yakuza -
Renraku -

The decker would basically need user/pass of a renaraku employee
You can obtain these from criminal organizations, buy them ... have a fake id of an employee etc.

You can basically create a very quick, but niche way of obtaining information.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 1:24 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
Like Link said, VR2.0 is the precursor of SR3. SR1/2 matrix was a little less abstract. I can't remember all the details, but off the cuff...

The host is made up, sort of like well, a dungeon, with a series of nodes. There are access ports, slaves, data stores, minor processors and the major processor (I think that's it).

You start out logging in at an access point. Access points correspond to places in either physical reality (if you're plugging directly into the host) or the matrix (generally its LTG access point). Assuming you log in, each node has its own IC. So say the Access point has a Blaster IC. From there you can move only along pre-determined routes, since you're basically running through a schematic. I believe SANs are generally used as the backbone, so after the Access point you're probably going to a SAN. There's another IC waiting for you, maybe a Killer. I believe your Search utility will tell you which direction to go to find particular things, but you're basically exploring the map square by square, with each square holding its own little IC monsters. If you reach the central processor, you gain full control over the system. You can turn off all the IC, reveal the map and so on. So yes, it's somewhat similar to an astral quest (I know that makes EB uneasy).

As a method it is a little slower to run and slower to generate than what's in SR. However, it's also more clear. As a GM, I know that if Matrix Joe wants to turn off the cameras, he has to get to Slave node X and defeat the IC there. In SR3, as far as I can tell, for Joe to do the same thing, he just needs to run a Search operation, then a Control Slave operation, which means it is insanely easy, and there's no special way to put special guards on say your camera or door locks. It also means that if the runners are approaching a door, for Joe to get from managing the cameras to the doors, he actually has to spend some amount of time to get there, and there's a clear advantage to his having already mapped out the system ahead of time. In SR3, the advantage to having already become familiar with the system seems minimal, and the transportation time is non-existent. You just find it and *poof* you're there, which means there's no stress of 'what if the decker doesn't make it before the elevator opens and guards kill us all!' It's just a stress of 'how much can we get away with before the decker's security tally becomes too high to be manageable?


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 1:26 pm 
Offline
Site Admin

Joined: Tue Jul 17, 2007 11:39 am
Posts: 875
Location: Boston
SPUs and the CPU, IIRC.

~J

_________________
Failure: when your best just isn't good enough.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 1:56 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
Oh God, so it is the hokey version of Tron. Wow.

Okay, I'll detail exactly how and why that is a stupid idea later. For now, it would be a really good idea for everyone here not familiar with it to go read the Infiltration Challenge (though the link to the older thread seems to be gone). There's also the Idiot's Guide, though I don't know how well that one covered overwatch.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 2:02 pm 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
I suppose all I was guaging was interest in a departure from AFICS towards a simpler, quicker resolution mechanism that could more of a focus on what the decker is doing than how they are doing it. The idea is that you can simplify decking and now suddenly you can be enabled to have the decker work more in parallel with a team rather than the inevitable serialization that occurs in current SR3.

Basically what I'm looking for is.

Sammy the Sam shoots down a guard, notices a security sensor and screams at the decker that he needs it dealt with immediately.

Bob the decker jacks into the host, performs an authentication/deception to get access to the sensor. This is a utility test (hacking skill + pool vs host rating, host opposes with dice equal to rating vs the utility's rating). Bob succeeds, maybe gets a little tally ... whatever.

Bob then performs an analyze operation on the host/node. This has no utility and he uses Computer skill + pool vs a TN of the host. The host resists with its rating in dice vs Bob's sensor's rating. Bob succeeds and gets some tally.

Bob finds the slave from the analyze operation and then performs a manipulation. This has no utility but requires him to edit the slave. Bob rolls his Programming skill + pool vs a TN of the host rating. The host resists with its rating vs a TN of bob's Masking. Bob succeeds and gets some tally, maybe probe IC comes and plays with him.

The probe IC rolls the Host's rating in Dice vs bob's Masking rating. Bob resists by rolling his hacking skill + pool vs a TN of the probe's rating. Bob gains whatever tally is appropriate.

Bob jacks out before things go to passive alert and so its very likely that nobody will come look at the sensor he just hacked any time soon. Bob spent 3 turns in the host, or 9-10 seconds, and the GM now has to decide if anyone noticed the sensor's output in that time. Regardless the group moves on.


That's what I would LOVE to see decking be ... or some facimile. No arbitrarily enormous constructs of hosts, sans, vanishing sans, AFICS, arduous and unnecessary reality filters, etc etc. No insanely complicated or long and detailed "decker runs". Nope, the decker is just another tool in the team's toolbox and whenever anything is encountered that he can deal with, he does it right then, right there. The above example features exactly 4 rolls ... fast enough for the decker to be an effective part of the party without slowing them down. It's all fast enough that it could be done IN COMBAT. The decker could be hacking into the security system while a firefight was going on around him to maybe close off some security doors or maybe turn an automated defense system against whoever they are facing. Fast enough so that the decker's actions take no more effort than anyone else's to arbitrate in parallel.

That said the above features 3 different decking skills as well as both utility and non-utility based operations. The decker could have further complexity by using agents or frames to do these things in parallel with him (deploy a smart frame to take out the sensor while the team moves on).

And again none of this precludes the use of heavier, beefier, and more complex host/node architectures ... but honestly imho those should be reserved for special occasions while the majority should be run as these simpler systems and the dice system should facilitate it. I mean am I really alone in thinking that a simplistic, stripped down node architecture could really serve to help integrate the decker MORE in the group.

I guess a big sticker for me is the overweight host/node architecture stuff. The more I think about how SR4 stripped all of that away the more I think that was a GREAT move for deckers in general. While I have some issues with "Augmented Reality" as a metaphor shift, I think the simplification actually made deckers a lot more fun because they no longer had to be a separate part of the group and no longer had to feel guilty about monopolizing the GM for long stretches at a time.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 3:14 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
I read through most of Infiltration Challenge. I started reading Idiot's Guide, and it actually helped a lot, but I didn't finish it (23 pages!!! We need an idiot's guide to the idiot's guide!)

What I note about Infiltration Challenge - the decker was an NPC, so was completely happy being solely a support character. So while it was educational on how an ideal decker should be run, I still don't know if, done during a normal game, the decker would feel like he's twiddling his thumbs, nor the precise mechanics involved.

I'd like to point out that Idiot's Guide included heavy examples of regionalization - the decker enters, has to go through chokeholds, deal with stationary IC and so on. This harks back more to SR2 than what EB seems to be interested in, but it made a lot of sense to me.

I am a little concerned that decking under the current paradigm will never be truly engrossing for the decker because there's so little risk. The drone rigger is 'there', has to sneak by guards, and is risking, at minimum, an expensive drone, at most everything, as he usually has to park nearby. The sam is there in person, sneaking by guards as well. However the decker is dealing with purely reactive defenses and if things go south, he just unplugs. That sort of limits how really dangerous and exciting it will be.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 3:32 pm 
Offline

Joined: Tue Jul 17, 2007 12:14 pm
Posts: 138
One thing that is never pushed enough in shadowrun is decking from within the site.

If you have to access a network from the matrix you require a valid account or a back door.
If you don't have either then immediately double the target numbers ratings of the system.
Hacking the firewall should be next to impossible. Also because of encryption and protocols
you 1/2 your initiative.

Another thing that is often overlooked is if you travel onsite and do some homework you might
be able to find a device or san which drops you right into that subsystem that you were
looking for. If you drop into a subsystem you should carry your security tally with you and
you also get a -2 init per subsystem because of relay times.

Making the rules so they engage a user is one thing... but how often are scenarios setup to
make proper use of a decker? This is something that also needs to be developed.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 4:10 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
nezumi wrote:
I read through most of Infiltration Challenge. I started reading Idiot's Guide, and it actually helped a lot, but I didn't finish it (23 pages!!! We need an idiot's guide to the idiot's guide!)

What I note about Infiltration Challenge - the decker was an NPC, so was completely happy being solely a support character. So while it was educational on how an ideal decker should be run, I still don't know if, done during a normal game, the decker would feel like he's twiddling his thumbs, nor the precise mechanics involved.
Well, kinda. The way the Infiltration thread was run basically made every character an NPC; decisions for everyone were made by committee, either in-thread or out-of-thread as I recall, and actual die rolls were taken out of the equation. The purpose there was to analyze the situation, rather than getting bogged down in the rules (which unfortunately did happen later in the thread).

Quote:
I'd like to point out that Idiot's Guide included heavy examples of regionalization - the decker enters, has to go through chokeholds, deal with stationary IC and so on. This harks back more to SR2 than what EB seems to be interested in, but it made a lot of sense to me.
That kind of regionalization doesn't bother me so much, as it's a series of hosts rather than some sort of weird digital hike through a computer's circuitry**. There is some concern that having a complicated set of chokepoints for the decker to wade through on the way to the target host makes for one of those tedious "pre-run runs" that has the decker and the GM holed up in a corner while everyone else waits (im)patiently for their turn to play; this is a concern I share with feralminded.

I don't think, though, that eliminating ACIFS will do anything to help this. The problem isn't ACIFS, anyway; it's, "the overweight host/node architecture stuff." Some of that overweight comes from all the unnecessary stuff that is piled in front of the decker to slow him down. Scramble IC for example is total busywork BS, something that just exists to sit in between the decker and his objective and steal time and rack up tally.

Quote:
I am a little concerned that decking under the current paradigm will never be truly engrossing for the decker because there's so little risk. The drone rigger is 'there', has to sneak by guards, and is risking, at minimum, an expensive drone, at most everything, as he usually has to park nearby. The sam is there in person, sneaking by guards as well. However the decker is dealing with purely reactive defenses and if things go south, he just unplugs. That sort of limits how really dangerous and exciting it will be.
That's like saying the drone rigger doesn't care if he gets caught because all he loses is a few drones. You get knocked out by IC or hit with a trace, you'll have Lone Star--or worse, the corp's private enforcer squad!--knocking on your door while you're still functionally dead. It's a bit more cerebral a risk than, "Oh I got seen now I get shot!" but it's definitely there.

There's also Black IC, naturally.

**One thing that *does* bother me is this idea that tally itself is "regionalized", and that you can move a certain "distance" from the tally and effectively eliminate it, all without ever leaving the current host/PLTG/whatever. That turns tally from a serious measure of system security to mere theater. "Oh, the hacker didn't get my whole system: my security program only detected an intrusion in the Documents folder on my hard drive! That means I don't need to check to see if anything else is compromised; it's a good thing I have this security program or I'd have to check my whole hard drive!"


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 4:11 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
Platinum: are those actual rules or suggestions? Or are they from SR1-2? I don't recall reading either of them in any SR3 books.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 4:16 pm 
Offline
Site Admin

Joined: Tue Jul 17, 2007 11:39 am
Posts: 875
Location: Boston
The problem with on-site deckers is that then you have to be semi-comatose somewhere inside enemy territory. I think we have a "Listen Up You Primitive Screwheads" issue here.

~J

_________________
Failure: when your best just isn't good enough.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 4:23 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
And this comes back to why I like the idea of both program carriers and, to a degree, SR4's wireless matrix, where the decker enters the facility with the group, then does matrix stuff while dodging fire.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 4:38 pm 
Offline

Joined: Tue Jul 17, 2007 12:14 pm
Posts: 138
Eyeless Blond wrote:
Platinum: are those actual rules or suggestions? Or are they from SR1-2? I don't recall reading either of them in any SR3 books.


Suggestions to the hybrid system. Although I like the idea of having to weave around in a host

nezumi wrote:
And this comes back to why I like the idea of both program carriers and, to a degree, SR4's wireless matrix, where the decker enters the facility with the group, then does matrix stuff while dodging fire.


That is part of what I really don't like about wireless. There's no way that you can be focused and immersed hacking ic and devices when you are dodging bullets. Besides, when you have billions of dollars on the line you are not going to allow a wide open passage to your trade secrets. Might as well put a glass wall around your secret R&D labs and place them on your front lawn. It's unrealistic and just plain silly.

EDIT:
Kagetenshi wrote:
The problem with on-site deckers is that then you have to be semi-comatose somewhere inside enemy territory. I think we have a "Listen Up You Primitive Screwheads" issue here.

Which is why they go in with a team, and everyone get paid so much money.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 5:16 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
I agree that wireless is silly, that's why I haven't implemented it in my games (although those glass-walled R&D systems don't need to be on the front lawn. With the reflective paint, generally the deckers need to get inside of the facility to connect at least.) But I think they're on the right track. The decker is in clear, mortal danger, obviously part of the team, and still plays his specialist role.

I imagine more disconnected systems could also help, in that every time you get a certain distance you need to plug in again. But then you still have to deal with the fact that you regularly have a comatose body lying around (which, again, comes back to program carriers...)


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 04, 2008 7:50 pm 
Offline

Joined: Thu Jul 19, 2007 9:34 pm
Posts: 105
Location: Oceania
I don't have a complete understanding of AR in SR4 but I've envisioned that one could deck (perhaps using a cranial deck) thru a wireless link with the ASIST hardware turned down a bit while onsite.
(Can someone using VR can interact with someone using AR? Sort of like astral projection vs. astral perception.)

I think there's a fair bit of common ground. The system just needs the ability to be simple but allow detail like ACIFS and complex host designs when desired. feral's short decking example above is almost by the book, just using a simple host and avoiding any tally complications.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 12:09 am 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
I dont think wireless should be completely dismissed. I mean really if a decker can "hack" through a firewall like they so easily can, then they sure as hell can "hack" through a wireless hub. Regardless where wireless should really come in to play is with electronic devices. Slaves like cameras and doors and whatnot are very probably going to be wireless to some degree and hacking those will likely prove more fruitful than trying to hack wirelessly into a secured datastore.

Additionally another nice option is for the decker to find some hidden jack of some kind and put in place a wireless transceiver so he can remain mobile in a place but still access the local grid for security information and can manipulate it on the fly (fill it with disinformation so they deploy troops to the wrong places and whatnot).

I really think the decker can be made a mobile paradigm with some work on both the system proper and the metaphor.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 9:50 am 
Offline

Joined: Tue Jul 17, 2007 12:14 pm
Posts: 138
I agree that wireless should not be completely dismissed but it will not be as pervasive as they tried to outline in 4e.

I use wireless systems and an "augmented reality" or holography in places like restaurants etc, where you can alter your experience for entertainment purposes. I would actually like to use an "augmented reality" experience in a run, so the players have to think and solve clues in order to get what they need. This becomes a little too much like a metaplane quest however.

Wireless modules, laser links etc are not used as much as they should be. The problem is that people forget to add ecm and eccms onto the device, which drastically drive up the cost. One you do so, you then have to get into hacking broadcast signals which is painful. It takes rating x rating minutes to infultrate, before you can even start. Which is an eternity on a run, and would probably tick off the rest of the group.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 2:17 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
The thing about wireless systems is that most of them will almost invariably have strong broadcast encryption attached to them, which is basically impossible to defeat in the realtime that we're looking at. I'm not so sure we should be making broadcast encryption easy to break, as that can seriously hose the riggers out there.

What do you think?


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 2:23 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
I think there are encryption methods you can use when there's one, known point contacting with only one additional known point, and those same methods will not work when you're working with a group, or if you don't have the time to personally interact with each connecting point.

(Not a simulationist answer, but if we accept that premise, it goes a long way to resolve the rigger/decker discrepancy)


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 2:45 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
Well that would make it worse, right? I mean, that would make hacking the security camera difficult, but make hacking the drone network easy? I don't think we need that.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 3:02 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
No, quite to the contrary.

The drone must be added to a rigger's subscription list. That creates a 1:1 encryption link which would be harder to crack. He might have twelve drones running, but each one is connected directly to him in a web pattern. It's 12 1:1 connections. In theory, the rigger actually touches and works with each drone before sending it on its way, doing whatever work is necessary to physically establish a secure connection.

Meanwhile, the camera either connects wirelessly on its own (in which case it connects to some degree with the host, with all the other neighboring cameras, and to all the security folk who come through and need to be able to attach to it for whatever reason). This is a many to one connection (although there may not be any connections or only one connection at a given time). Alternatively, the camera is connected to a host and the host manages all the wireless connections. In this case, there are dozens or hundreds of people and devices which need to connect at any given time. Their log-in credentials are likely software or just something the user knows, not through physical manipulation of the system or system-specific (for instance, my work computer gives me access to the work wireless network because I put in my password, not because there's something special on my computer. I could connect with my personal computer, as long as I had that password.)

For someone to connect to the rigger's network he would have to do the following:
1) Break the drone's connection to the rigger (since the drone will only entertain 1 connection at a time) or get the rigger to add the attacker to his subscription list
2) Have whatever system-specific thing marks the rigger's drones and allows them to communicate with him
3) Continue cracking like normal

For someone to enter the host system above, he would have to:
1) Get within range of the wireless connection and initiate a connection (the host does nothing to vet systems at this stage)
2) Crack like normal (i.e. - falsify a password or somesuch)


If you'd like, you can say there's a $10,000 device which adds the rigger's encryption. You COULD add this for normal computers, but it costs $10,000 per device, so most corporations will say it's just not worth it and will spend the money to upgrade the door locks instead (since an internal wireless network, if properly deployed, isn't accessibly without getting past the front doors, however computers are oftentimes lost and damaged).


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 3:11 pm 
Offline

Joined: Tue Jul 17, 2007 12:14 pm
Posts: 138
nezumi wrote:
No, quite to the contrary.

The drone must be added to a rigger's subscription list. That creates a 1:1 encryption link which would be harder to crack. He might have twelve drones running, but each one is connected directly to him in a web pattern. It's 12 1:1 connections. In theory, the rigger actually touches and works with each drone before sending it on its way, doing whatever work is necessary to physically establish a secure connection.

Meanwhile, the camera either connects wirelessly on its own (in which case it connects to some degree with the host, with all the other neighboring cameras, and to all the security folk who come through and need to be able to attach to it for whatever reason). This is a many to one connection (although there may not be any connections or only one connection at a given time). Alternatively, the camera is connected to a host and the host manages all the wireless connections. In this case, there are dozens or hundreds of people and devices which need to connect at any given time. Their log-in credentials are likely software or just something the user knows, not through physical manipulation of the system or system-specific (for instance, my work computer gives me access to the work wireless network because I put in my password, not because there's something special on my computer. I could connect with my personal computer, as long as I had that password.)


-snip

No actually ... the wireless camera still needs to negotiate with the network server. This can either be an automated process like our current DHCP, or can be manually where the sysadmin puts in preshared keys. They work the same way.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 3:45 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
In the real world, yes. However Shadowrun isn't the real world, and certainly doesn't use real computer technology like DHCP.

Now you could argue that stationary things like some computers, security equipment, etc. (basically anything that's a slave node) could have some of the tough-to-crack wireless connections for whatever reason, while mobile devices like laptops, pocket secretaries and so on would be easy to crack, and the decker would get on the network pretending to be one of those. It isn't especially relevant, as long as drones are hard to steal, but it's still easy to get access to a wireless computer network. Where we put the line between those two extremes is pretty irrelevant.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 3:57 pm 
Offline

Joined: Tue Jul 17, 2007 12:14 pm
Posts: 138
I agree with you that the game is fictional, but why would a secure methodology be abanadoned so needlessly in order to create a security flaw where it is so easy to not have it?

I would like to find something better.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 3:59 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
I don't think you'll be able to answer that question without completely overhauling the Shadowrun decking paradigm.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 5:07 pm 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
Yeah. As long as deckers can crack corporate firewalls, we need to assume deckers can do other nigh-impossible things. We have to be careful with how much logic we try and apply here or else cyberspace won't really exist.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 5:28 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
Indeed, that kind of thing is what makes me think that there is something fundamentally different going on in decks than in current computers. Could this be what happens when quantum computers become practical, and factoring of large numbers (the cornerstone of modern cryptography methods) suddenly becomes computationally easy?


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 5:32 pm 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
Well one thing is sure ... IC wouldn't be necessary if people couldn't get in. The SR1/2/3 metaphor assumes that policing of security is more about fear and less about actual security. Sure the security can stop your turtles and regular script kiddies but deckers are all but assumed to get inside and the majority of security is based on the idea that a corporation can't necessarily prevent them from getting in, but they can prevent them from getting out. Realistic or not, this makes for a very FUN metaphor where absurd things like cybercombat can actually happen.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 05, 2008 8:57 pm 
Offline

Joined: Tue Jul 17, 2007 12:14 pm
Posts: 138
I have never interpreted things in that manner. I always assumed that deckers were top crackers that run against odds. They are not run of the mill people. Who spends 90K +++ on computers and programs??? When ic pops up and starts burning your deck and brain I would consider that actual security.

The problem is that we are trying to guess at an unknown future, and create a system that is scalable, challenging and fun. It's Scalability and challenge levels are something that we are going to have to look at seriously. maybe have deckers karma total /25 added t host ratings... or something like that.

As a techy, I have a hard time disassociating myself from today's methodologies and architecture. I am not necessarily looking for something that is realistic... but I don't want to see anything that is unbelievable either.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 06, 2008 8:51 am 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
I think EB is right in that the basic assumption we have to start on is perfect or even truly effective cryptography is not financially feasible for any system which hosts hundreds or more external nodes and users. It may be that 1-to-1 cryptography is possible, and is cheap enough to allow relatively safe rigging, however.

However, I do agree that how IC is deployed is a bit silly. If an illegal operation occurs, or even a suspected illegal operation, the host should begin deploying both some low-level scouts to gather information, but also its heavy hitters almost immediately. You don't wait for the operations to continue. Unless it's pretty common for authorized users to engage in actions which are of indeterminate legality, the current paradigm doesn't make a lot of logical sense.

One thing that I do think we should do, now that I stop to consider it, is to define what precisely constitutes a 'host'. Is my home PC a host? My fridge which orders more milk when I'm out? My trid? What about at work, we have a few hundred large and small servers in our server rooms. Are they each separate hosts, or are they all the same host? What about virtual servers, are they virtual hosts, or just parts of the main host? Are all the computers at my work network hosts or slaves, and does that change when they disconnect from the network?


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 06, 2008 11:52 am 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
Here's my take:

Well, one consequence of having ineffective cheap cryptography is that you can't just have random devices connecting to the Matrix directly, like you can with the internet today. What you'd have to do is create a centralized, single host, and have everything else slaved to it. There are no more "direct" connections anymore, like there are with TCP/IP; everything goes through your host.

So your fridge, your trid, probably even your own home computer will all be slave nodes to your MSP's host, which you (hopefully) trust to keep your data safe via its Slave subsystem. At work, all your servers create a cluster-host, which binds the individual servers/clients as slave nodes. If you're truly paranoid, you'll set aside a few servers to create a second cluster-host to act as a gateway to your "main" cluster-host; this second cluster-host is what we call a chokepoint. You're free of course to create as many cluster-hosts as you feel you can afford and you have the processing power to support.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 06, 2008 12:04 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
I'm not quite following the reasoning on that.

If it's hard to set up proper cryptography, why is it suddenly a bad idea to have a connection between my fridge and my toaster, but okay to have one between my fridge and the main host? Or are you referring more to where the data resides - i.e. putting personal data on the fridge is dangerous, so keep the personal data on the (relatively) secured host, and the host does all the functions that require access to your personal data (like ordering more food), while your fridge isn't trusted to anything more personal than how many candy bars you're REALLY hiding in your freezer?


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 06, 2008 12:41 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
nezumi wrote:
I'm not quite following the reasoning on that.

If it's hard to set up proper cryptography, why is it suddenly a bad idea to have a connection between my fridge and my toaster, but okay to have one between my fridge and the main host?
What's not okay is having a connection between the fridge and the grocery store. The fridge connects to the host, then the host does everything with the rest of the Matrix. The assumption is that the Matrix is not only infected with something, but that something is a semi-intelligent, malevolent virus that utterly crashed the Internet 40 years ago. So, not only the connection filtered, but the direct connection is outright forbidden. The Matrix connects to the host, the host vetts the incoming data, then the host connects to the slave. Application-level firewalling, in other words.

Quote:
Or are you referring more to where the data resides - i.e. putting personal data on the fridge is dangerous, so keep the personal data on the (relatively) secured host, and the host does all the functions that require access to your personal data (like ordering more food), while your fridge isn't trusted to anything more personal than how many candy bars you're REALLY hiding in your freezer?
The data may well be on the host as well; that may or may not be relevant. The point is you can't trust what's coming from the Matrix, so there is no direct connection between most slave nodes and anything on the network, like there is with the internet today.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 06, 2008 1:34 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
Ah, I understand. So the idea of a host is just to make a little island of safety amid the chaos of the general matrix (where sharks live). The firewall of the island offers a basic level of security against the general viruses and nasties that live out there, so even a low-level firewall offers protection against 99% of the stuff (or allows the island to easily cut itself off should another crash come rolling along, which means it's easy to plug holes and quarantine yourself). However, now and again something climbs up on shore anyway.

I'd agree with that, viewing the Matrix as a necessary but ultimately hostile environment.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 06, 2008 3:10 pm 
Offline

Joined: Fri Jan 25, 2008 5:20 pm
Posts: 175
Location: Worcester, MA
Its really not any different than today's DMZ layout in large corporations. The area between the internal firewall and the external firewall. In the matrix this is typically represented by the SAN.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 06, 2008 3:30 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
Right, with a host as essentially a giant Layer 7 firewall combined with semi-intelligent error detection routines (aka security tally). Tally, as I see it, is basically just any kind of error that has been caught by the system; tally points don't necessarily mean anything, but a whole lot of them in a short amount of time can indicate a problem, that may or may not be security related.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 06, 2008 3:38 pm 
Offline
Site Admin

Joined: Tue Jul 17, 2007 11:39 am
Posts: 875
Location: Boston
That's pretty much my view. I mean, that's why (as pointed out) the big guns don't come out immediately and there's space between nothing and Active Alert (or even between nothing and Passive Alert). Tally exists, but tally is not "how much are people cracking me right now", it's closer to "how much do I think people might be cracking me right now".

Which is also why the first IC that comes out is typically Probe—IC whose only function is to cause deckers, if any, to fail operations more often and run up security tally more quickly.

More on the "what is a host" idea soon.

~J

_________________
Failure: when your best just isn't good enough.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 43 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group