Printable Version of Topic

Click here to view this topic in its original format

Dumpshock Forums _ Shadowrun _ Response and IC, I am confused

Posted by: Serbitar May 3 2006, 10:21 PM

What response rating does a mainframe have? Only 6?
Why does a credstick have a device rating of 6? This means that it has System 6, Response 6, Firewall 6, Singal 6?
Why does anybody buy comlinks if your credstick is so powerfull? Just modify your credstick.
How much IC can you load onto simple nodes that are not meant to work as "real" mainframes?
How much IC can you load on "real" mainframes?
Why shouldn't there be a huge difference between both kinds of system?
How does IC or an Agent affect a nodes response (as indicated in p. 228, in the paragraph "Intrusion Countermeasures")? Does every of the 4 attributes count as a program? Does only the IC count as a program? If yes, why? Do the programmes, the IC is running, count toward the response limit of the node?
How does a lowered response affect the standard duties? Does this even matter?

The fact, that almost everything now has a device rating, which must fit into the 1-6 levels, smartgun node in your weapon and supermainframe alike, imposes some huge problems.
Does anybody know a solution?
Is there any way to bring comlinks with system ratings of 6, hightech devices with devicerating 6 that are not originally meant to work as superpower processors, and real mainframes that can only have a rating of 6 together?

Do I just have to accept the ratings and roll on random tables for node responses because reasoning is futile?

Help me, for I am confused.

Posted by: blakkie May 3 2006, 10:31 PM

Matrix nodes are not limited to rating 6. MATRIX ATTRIBUTES, page 212. More detail coming in Unwired of course. In the meantime just cluster up those cutting edge bad boys to groups, and handwave things like the main Ares mainframe.

Posted by: Serbitar May 3 2006, 10:37 PM

Hm, I really hope that the writers of unwired try to model something which is at least consistent on first sight . . .

But the Problem at hand is: How many agents can a comlink, a credstick and your IngramSmartguns node run?
and
Is there any reason not to load every IC available at the first net hit of the node and track the hell out of everything?
Just having the IC loaded everytime does not inhibit anything, so tehre is no reason not to do load the full set at the slightest hint of danger.

I have no idea.

Unwired should have definately been the first book to be released after BBB. Not doing this is a very very big mistake.

Posted by: blakkie May 3 2006, 10:44 PM

Here are a few someones posting somethings about hosts.

http://forums.dumpshock.com/index.php?showtopic=12458

As for IC on everything, there isn't really much need for it on most of your PAN items because they seem to get treated more like end devices. It is your commlink's IC that is going to come into play.

Certified Credsticks i wouldn't even bother give a real Signal too. They aren't what they used to be, the main retail cash device.

Posted by: Glayvin34 May 3 2006, 10:55 PM

I'm kinda glad that I got into Shadow Run for the fourth edition, sounds like third edition knowledge mucks up the understandings.

Anywho, I've read and reread the Wireless chapter many times, and there are some oddities there, but it's consistent throughout, for the most part.

You can run IC from your Smartgun or Datajack or whatever, but you need a response upgrade for that to be effective. Datajacks and Smartguns have ratings around 3, for every 3 programs (rounding down) you loose 1 response. Also, whatever IC you're running can't act higher than the modified response value. But the short answer is that yes, you can load IC on every device and bit of cyberware that you own. I guess you could load IC on a credstick, I don't think that credsticks are self-powered.

All devices have a System rating, and all you need beyond that to run a program is a response rating. Any character with some Hardware skill can make a response upgrade in a few days at half cost (see page 240), so that you can load a shitload of IC into your PAN.

The Hacker that I play spends his downtime putting together response 4 commlink upgrades for 1,000. Then he copies over system 6 from his main comm, and, bam, he has an IC node that runs around 10 active Agents with rating 3. Set four or five of those in tandem without a wireless link between your comm and your PAN and no one's getting in. And if someone attacks you can have 40 agents run out and start to kick their ass.

Posted by: Moon-Hawk May 3 2006, 10:57 PM

So then, if this is so cheap and easy, then everyone in your game does this, right?

Posted by: James McMurray May 3 2006, 10:57 PM

My rigger /street sam has IC on everything he owns that can carry it and won't be overly affected adversely by it. With free program copying there's no reason not to.

Posted by: Glayvin34 May 3 2006, 11:02 PM

QUOTE (Moon-Hawk)

So then, if this is so cheap and easy, then everyone in your game does this, right?

Pretty much.
The GM figured it out, too, so if I set off the alarm in a node and don't get a good intiative, I get the crap kicked out of me by 30 IC agents.

Posted by: Moon-Hawk May 3 2006, 11:02 PM

See, it's the "there's no reason not to" part that bothers me.

Posted by: James McMurray May 3 2006, 11:04 PM

Why does that bother you?

Posted by: Voran May 3 2006, 11:06 PM

Yeah it does get a little wonky when the old fairlight excal was a million bucks, and currently the best comlink can be carried by darn near everyone (at least every runner, hacker or not) and be pretty much hacker-grade forwhat, under 10 grand?

Mainframes should at least have a couple points higher than rating 6. Or at least have a higher thresholds or be less negatively affected by running many programs at once than someone on a comlink.

Posted by: James McMurray May 3 2006, 11:08 PM

Unwired will probably have commlinks with higher ratings and much higher costs.

Posted by: Ophis May 3 2006, 11:15 PM

My take on it is to allow mainframes to break rules about howmany programs are running on them. I don't go for the IC running node idea myself I take the Node the IC is running in to be the one it is acting in. This prevents the why isn't everyone doing it problem.

Posted by: Serbitar May 3 2006, 11:19 PM

QUOTE (Glayvin34)

QUOTE (Moon-Hawk @ May 3 2006, 05:57 PM)

So then, if this is so cheap and easy, then everyone in your game does this, right?

Pretty much.
The GM figured it out, too, so if I set off the alarm in a node and don't get a good intiative, I get the crap kicked out of me by 30 IC agents.

I would call that inconsistent and unbalanced.

Furthermore: Why does an IC only count as 1 programm and not as the 2 persona programms plus the programms it is running?

Furthermore: A mainframe sholud have at least 10 times the processing power of a mere comlink, if not 100 times. And certainly not just " a couple of points".
Say hello to response 50 mainframes with related initative.

I would call that unbalanced (but not inconsistent), too.

I am still confused.

Posted by: Kanada Ten May 3 2006, 11:25 PM

I don't see why a mainframe needs more than a rating 9, it's really more of a hub and attached are nodes such as "off-line storage","coffee machine", "I/O Port". The mainframe is only a large PAN, it doesn't need to run lots of programs.

Posted by: Glayvin34 May 3 2006, 11:30 PM

QUOTE (Serbitar)

I fundamentally agree with you on the Mainframe part, and if Mainframes had a rating of more like 20 then the whole system would be more balanced. That would make a Hacker with a upper limit of 6 only modestly capable, even with 30 rating 3 agents. Or you could just raise the firewall of Mainframes to 20, then not even a host of rating 6 Agents would do much damage if their threshold is periodically higher than their dice pool.

Apparently processing power and data storage is cheap in 2070. Nanometer scale circuits seem to be commonplace. So if you try to hack a credstick 4 or 5 Rating 6 Agents pop out and tell on you.

A better way to balance this would be to say that an Agent's Load counts against the max programs running. Attack IC needs at least Armor, Attack and Stealth Programs, so that would be 4 programs instead of one.

Posted by: blakkie May 4 2006, 05:39 AM

QUOTE (Serbitar @ May 3 2006, 05:19 PM)

I am still confused.

I think it partly has to do with your assumption that a single matrix node must equate to a "mainframe". A "mainframe" could easily consist of multiple nodes at a software level, and very likely a cluster of hardware whose divisions don't nessasarily match that of the software divisions. That would really be a lot closer to real computer architecture.

If you look further down that link i found with Search there is a suggestion about the better systems being able to run some IC without putting a load on a node's resources. Will Unwired have that sort of stuff? *shrug* I don't know, but it seems like a workable solution.

QUOTE (Glayvin34)

The GM figured it out, too, so if I set off the alarm in a node and don't get a good intiative, I get the crap kicked out of me by 30 IC agents.

30 agents? WTF? Isn't that going to load the crap out of the node? They'll be tossing a die or two each. There are people that know that chapter's rules better, but having that many Agents load up all at once seems quite a stretch. Certainly a perversion.

Of course that is just another great reason to intepret the vague copy protection cracking rule as a one per cracking extended test copy instead of unlimited copying for a single cracking extended test.

Posted by: The Jopp May 4 2006, 11:05 AM

QUOTE (blakkie)

Rating 6 node with 30 agents:

6 Agents = Response 5
12 Agents = Response 4
18 Agents = Response 3
24 Agents= Response 2
30 Agents= Response 1

Ok, so the GM toss 30 agents against you. Well, first they have to find you. They need Analyze and will roll 2D6 against..say that you run 9 programs on a response 5 commlink so you have 8D6 in total. One of them need to find you in order to call on the others to attack you.

Their attack programs will be a rating 1 program and they attack with 2D6, you defend with 8D6- Each attack they do might do 1DV+ damage, you resist with around 8D6.

In order to defeat them just upload 6 agents of your own on the node to attack the other agents. Once you have uploaded 6 agents it will be 36 agents on a rating 6 node and it will reach Response 0.

Not a good tactic. He should stop with 12 agents rolling 8D6 each on attack tests with rating 4 programs.

Posted by: Serbitar May 4 2006, 11:24 AM

I think even 5 IC that are loaded when the node gets 1 hit in detecting the intruder is overkill and ruins the whole game balance. But there is no logical reason not to do it.
Furthermore I still think an agent should count as "2 (System, Firewall)+number of programs on the agent" programs. This would even make IC count on response 1-6 devices reasonable.

AND I still think that a mainframe (realistically) should have response 50-100 if a comlink can have 6.
Even if a mainframe is running multiple nodes (why should it?) it has enough power reseves to do whatever it wants (and provide ultra high intiative for its IC).
Remember: A comlink has to be small. A mainframe can be the size of todays midi towers. It should be very easy to squeeze 10-100 times the processor power of an usb-stick sized comlink into such a mainframe at a cost that is much lower than the comlink. (Just compare todays PDAs, destkop pcs and mainframes)

Posted by: Voran May 4 2006, 11:50 AM

I'm wondering at the math for agents/IC. After looking over the program section again for agents/IC, I'm wondering if I understand the math correctly.

An agent, if run in my persona, counts as 1 program. But while loaded in my persona, does nothing unless I give it a program to do. So lets say I give it Heal to do. That would give me a program count of at least 2, using both active at the same time. This could then be set to run heal on me every turn or something, freeing me to do other things. But this leaves me with 2 less 'slots' for programs if I want to avoid my own lag. Alternately I could dump the agent by itself in the node I'm at and load him with heal. He could still do the heal every turn of its turn, but now I have 2 freed up slots in my persona to run other stuff. He counts towards my subscription, however. The agent, now independent, can impact the node response, since its not running off my personal resources anymore.

Thing is, does the now free floating agent count as 1 prog or 2 (agent+heal) for purposes of impacting the node response rating? Likewise does an IC loaded with analyze, attack, blackhammer, blackout, and trace count as 1 or 6? (IC + 5 progs).

Yes in a way memory is functionally unlimited. But if they're putting in a mechanic of # of programs affects function, that still sorta implies that # of programs run within an agent/IC count towards total count too? Which would also lead nicely to less agents/IC being run at one time, rather than swarm tactics, unless you ran agents/IC with only 1 loaded prog each, or something.

Posted by: blakkie May 4 2006, 12:21 PM

QUOTE (Serbitar @ May 4 2006, 05:24 AM)

I think even 5 IC that are loaded when the node gets 1 hit in detecting the intruder is overkill and ruins the whole game balance. But there is no logical reason not to do it.

Other than it is overkill? Thanks for that breakdown Jopp, but i was thinking more along the lines that it would take an IP per Agent brough up by the system that is not already actively running. So ever IP the system might throw another log on the fire, taking a full turn to get 3 up. Or is that 2 per pass? So you face this cascading dogpile if you don't get the hell out of Dodge fast, but it isn't a total dump on you right from the start.

QUOTE

Even if a mainframe is running multiple nodes (why should it?) it has enough power reseves to do whatever it wants (and provide ultra high intiative for its IC).
Remember: A comlink has to be small. A mainframe can be the size of todays midi towers. It should be very easy to squeeze 10-100 times the processor power of an usb-stick sized comlink into such a mainframe at a cost that is much lower than the comlink. (Just compare todays PDAs, destkop pcs and mainframes)

AND I still think that a mainframe (realistically) should have response 50-100 if a comlink can have 6.

The whole big cluster of the hardware that comprises the "mainframe" might have that collective power, but a single matrix -node- that you get to see on it from the inside out does not. A mainframe isn't really organized like a desktop. Besides, try to keep in mind that this is SR computing. Try too hard to rationalize it and your eyeballs will get sucked right out the back of their sockets.

P.S. Balance? You keep using that word. I do not think that word means what you think it means.

Posted by: Glayvin34 May 4 2006, 04:54 PM

Hm. Now I'm confused about the rules. Does the IC need to be in the same node as you to initiate cybercombat or just subscribed to the node you're in? For almighty BALANCE, they would have to be in the same node as you, but I can't tell from the Cybercombat section in the book.

In this thread everyone seems to think that you can just subscribe 10 IC nodes to your main node for the aforementioned 30-40 Agents:
http://forums.dumpshock.com/index.php?showtopic=12440

Posted by: mdynna May 4 2006, 05:28 PM

Although every "device" in the game has the same ratings, for sanity purposes in my games I have put them into 2 classes: device, and host (call them whatever you want).

The first class, "device" is mostly everything in the world: Commlinks, credsticks, vending machines, cars. They follow all of the rules listed, as standard.

A "host" (or mainframe) is what the whole Matrix "backbone" is made of, and what corps run for all of their stuff. Any Node classified as a "host" ignores the rule for Response Decrease. It still has all of the ratings, but has unlimited "bandwidth" or "multitasking" capabilities.

To take the Response Decrease rules and apply them blindly and universally to everything is just silly. Think about an MSP for a second, it must have a Response of.... 5 BILLION or so? I think those Response Decrease rules were written to prevent the "Hacker with an Agent army" problem.

I think a lot of people are still suffering from some SR3-rules "hangover." Under SR3 there were micro-management rules and number crunching for everything: Storage Memory, Active Memeory, I/O Speed, Party IC, Cascading IC, Trap IC, yadda yadda (did anyone get as far to use the Optional Bug rules?). This reduced the game to a crawl and made Decking an exercise in mathematics to the nth degree. Even then, players found "holes" all over the place and ways to exploit the game. Now, we have general rule "guidelines" and the mantra of SR has become whatever you think is reasonable. The rules, in many cases, are a starting point. Take them as such, and extend and build upon them as your situations arise.

Posted by: GrinderTheTroll May 4 2006, 07:40 PM

Put aside trying to deistinguish between a "device" and a "mainframe" they are all nodes in SR4.

So as such, isn't the max device rating 6? System is capped at Response, so you could have Systemx2 programs before Response degrades by 1? So a Rating 6 node could employ 12 Agents before you'd see a performance issue? So once a 13th Agent enters, the nodes response drops 1 to 5 effective reducing any Agent's ratings of 6+ to 5. This also includes your agents, since they are "free" of you, they take on the Reponse of the node the occupy.

As long as my understanding holds true, standing in a Node rated 6, and it launched 20 Agents rated 6, they'd all suffer from Reponse degradation and become Rating 4.

Am I correct in this?

Posted by: Moon-Hawk May 4 2006, 08:44 PM

The biggest reason, to me, that you have to distinguish between a device and a mainframe is that a device can only connect to system x 2 other devices at a time. An average home would have dozens, hundreds, possibly thousands of wireless devices in it that the telecom should be monitoring and managing. An office building mainframe should have hundreds of users logged on at one time. There's no way a rating 6 device can connect to that many people and run that many personas at once. Unless of course the mainframe is dozens of rating 6 commlinks wired together in parallel, in which case it could become a sort of virtual commlink that still only runs at rating 6, but can connect hundreds of users before it slows down, hey, let's call it a mainframe!

Posted by: Serbitar May 4 2006, 09:15 PM

Mainfraimes are not nodes in SR4, because rating 6 nods have restrictions that no mainframe would have. Furthermore, as I mentioned before, a device 100 times bigger than a small comlink can easily have a rating of 50 and be cheaper than a comlink.

But still: Can anybody resolve the "why not load the maximum number of agents at first node hit" problem?

Posted by: blakkie May 4 2006, 09:17 PM

@mdynna

Usually though a big iron system will set a choke point on system resources used by an individual login or virtual machine. A node isn't exactly that, but the reasons for limiting the resources remain largely applicable.

In some ways comlinks, in regard to the things that Voran mentioned, make a lot more sense under a mainframe type situation than with a handheld commlink. Because the commlink already has this slicing up of resources happening where just having multiple logins by Agents on a commlink appears to pull resources out of nowhere.

@Glayvin34 The rules kind of hint at on page 227, but don't come right out and say, that an Agent that is acting on it's own must be in the node it is performing its action in. Although it gets a little murkier with things like Track, i'd make the assumption there is the action is being performed in the node where the target icon is located. Not on the path leading back to the physical location, which would require the Agent to node hop back along the datatrail.

@Moon-Hawk

Being able to manage enormous numbers of I/O devices is certainly something that is a characteristic of a mainframe type system. Acting as the communication hub for perhaps thousands of user logins at one time.

Posted by: GrinderTheTroll May 4 2006, 09:23 PM

QUOTE (Serbitar)

No rules exist in SR4 for anything other than a node. Anything aside from what's in SR4 will have to be House Ruled.

Yeah it sucks having to wait for source books to come into play, but there are lots of good ideas in this thread.

Posted by: blakkie May 4 2006, 09:28 PM

QUOTE (Serbitar @ May 4 2006, 03:15 PM)

But still: Can anybody resolve the "why not load the maximum number of agents at first node hit" problem?

*sigh* First off, as pointed out about the downside of bogging down the system you are suppose to be protecting:

QUOTE (page 228)

Note that nodes are careful not to run so many IC programs
at once that it aff ects their performance (see Response, p. 212).

Second, loading an Agent is a action, and since you apparently don't have the book i'll look it up.....page 219, it is a Complex action. So one IC Agent loaded per IP.

I and others have mentioned this before in this thread. What is the problem? You just don't -like- the answer, or what?

Posted by: GrinderTheTroll May 4 2006, 09:32 PM

*snip*

QUOTE (Serbitar)

Is there any reason not to load every IC available at the first net hit of the node and track the hell out of everything?

I'm not sure if I understand this part of your question. Do you mean "why not dump all the Agents into a node once the system's on alert?" If so, then it's a matter of preference on how the target would respond. I imagine most systems wouldn't unleash an army of Agents unless there was good reason or unless the node in question is paranoid like that.

You can dump large amounts of Agents at a time with enough IP, but you'd suffer response/rating degradation if you get too many in the same node.

EDIT - I suppose other nodes could release Agents in response to an alert and they could move into the invaded node.

Posted by: Serbitar May 4 2006, 09:50 PM

QUOTE (blakkie @ May 4 2006, 04:28 PM)

I and others have mentioned this before in this thread. What is the problem? You just don't -like- the answer, or what?

Yes, I want a justification for a security sheet like thing, where IC is triggered only after a certain number of node ihts. With increasing security (more IC, alert, shotdown . . .) as the node hits increase.

Posted by: blakkie May 4 2006, 09:54 PM

QUOTE (Serbitar @ May 4 2006, 03:50 PM)

QUOTE (blakkie @ May 4 2006, 04:28 PM)

I and others have mentioned this before in this thread. What is the problem? You just don't -like- the answer, or what?

Yes, I want aj ustification for a security sheet like thing, when IC is triggered only after a certain number of node its. With increasing security as the node hits increase.

Congratulations, you just wrote it down! Now go forth and be fruitful!

P.S. As has been mentioned a few times you can wait for Unwired to come out with the port of the relavent info. Or hey, why not just go and port it yourself. Past canon seems to be sort of a justification, yes? Page 228 does mention different flavours of IC based on their program loadout.

EDIT: I'm pretty sure I've seen someone doing a translation of the old Tar Baby and such into program loadouts.

EDIT2:

Ya, it was in that thread i linked for you. The first response post.

Posted by: blakkie May 4 2006, 09:59 PM

QUOTE (GrinderTheTroll)

EDIT - I suppose other nodes could release Agents in response to an alert and they could move into the invaded node.

That's a interesting idea. IC are independant Agents that can move around node to node. But that's going to introduce a bit of a delay (request for IC goes out, load occurs, IC moves in). They'll too still bog the crap out of the node they are coming to the aid of when they move in.

Posted by: damaleon May 4 2006, 10:04 PM

Here is something I read in the Linking and Subscribing section:

QUOTE

The subscription list may be unlimited in size, but the number of nodes, agents, or drones that a persona may actively subscribe to (access) at any one time is limited to the persona’s System x 2.

If you apply that to the node (from someone's commlink to the access gateway to a AAA host) you are limited to at most 12 IC accessing/protecting any one node, less since it is connecting to other nodes.

For someone's commlink, I would count any cyber that is accessing wirelessly, like cybereyes transmitting visuals to another team member or a smartlink to a weapon without a skinlink, against the subscription limit. A drone could be activated, issued instructions and then unsubscribed to act on its own, no longer counting against the limit.

For a rating 5 network gateway, it would likely have its own IC (say 2 for detecting hackers), subscribing to 2-3 nodes and multiple IC actively running on other nodes within the network (up to 5-6 other IC possible, takes at least a CT to show up) that it can call for backup if an alert is triggered. I would have all the programs that the IC can use running on the node it is loaded on, so IC and programs they use would count against response, however you decide to handle major hardware.
Personally I don't see a AAA corp's system slowing down if it is running only 6 programs. I would consider any "node" to be a mesh network of equivalent devices hardwired together with its own gateways, allowing a much higher number of programs, but still limiting active subscriptions to System x 2 (so 12 for any rating 6 system).

But this is all how I would do it, so as someone else already said, just do what seems reasonable.

Posted by: GrinderTheTroll May 4 2006, 10:15 PM

QUOTE (blakkie)

QUOTE (GrinderTheTroll @ May 4 2006, 03:32 PM)

EDIT - I suppose other nodes could release Agents in response to an alert and they could move into the invaded node.

Reminds me of Matrix 2 when all the Agent Smith's started coming into the area a little at a time... then Whammo!

Posted by: mdynna May 4 2006, 11:03 PM

Ok, just stop and think about this whole "everything is a node with the same rules" concept for a moment. As has been pointed out, the cheapest/most efficient way to make a Rating 6 Commlink is to buy a Meta Link and upgrade everything up to 6. Right? If a suped-up Meta Link can do exactly every other device can do, then why not do it? You know corps are always looking for the most cost effecient way to do things. So, they would use the "upgraded Meta Link" method. Think about it. Renraku's AI Research Host is a modified Meta Link Commlink. Aztechnology's Blood Magic Library is a modified Meta Link Commlink. News headline: "THE ZURICH ORBITAL HOST HAS JUST UPGRADED ITSELF TO A META LINK COMMLINK"

Meta is now the most powerful Megacorp in the world because EVERYTHING IN THE WORLD RUNS ON THEIR COMMLINKS. "Everything is a node?" "Corp hosts use the same rules as everyone's Commlink?" No. My SR4 Matrix is not built on legions of Meta Link commlinks. What's yours?

Posted by: Kanada Ten May 4 2006, 11:09 PM

Meh, the corps probably would make it cheaper than the Meta since they don't need the roll out keyboards and other interfaces for most things. Now we know why it only took 5 years to upgrade all the tech, though. Just billions and billions of skeletal commlinks interconnected.

Posted by: James McMurray May 4 2006, 11:16 PM

In today's world it is cheaper in terms of straight money to buy a junk computer and upgrade it. It doesn't happen in corporations for a few reasons:

1) you incur more costs in terms of the time it takes people to build these computers for you

2) large computer companies offer discounts for large purchases

3) many managers who aren't tech savvy don't think that a hoemade computer can be as good as a brand name one

In SR you also come across situations where many of the bigger corporations either manufacture or have ties to people that manufacture computers. If you own an assembly line, building name brand computers is even cheaper than buying and upgrading.

Posted by: Glayvin34 May 4 2006, 11:24 PM

My question is still about the Load that an Agent has. Say you've got a Response 6 ICberg running 2 Agents and you don't want to decrease the response, does the program list look like this:
1.Agent1
2.Agent2
3.Armor
4.Attack
5.Stealth
or like this? (with a -1 response)
1.Agent1
2.Armor1
3.Attack1
4.Agent2
5.Armor2
6.Attack2

Does an Agent use programs that the node is running or does it use its own load and can't share programs? Because if they use programs on the node, then one program is taking multiple actions each Turn (which I guess could be possible).

Posted by: damaleon May 4 2006, 11:42 PM

QUOTE (Glayvin34)

I would run it as option 1, each agent has access to all 3 programs. I see it as multiple users reading the same part of a cache to queue an instruction.

Posted by: GrinderTheTroll May 4 2006, 11:46 PM

QUOTE (Glayvin34)

It's not the Agent's rating that degrades the node (although the Agent is capped at the node Rating), it's the number of Agents running in a node that degrade it. The Agent's Reponse equals that of the node it occupies.

A Rating 3 node can have 6 Agents running and any Agent will function at a MAX Rating of 3 even if >3. If the Agent moved into a Rating 5 node, then that node could handle 10 Agents before degrading and the Agent would function at a MAX Rating of 5 even if >5.

IIRC the limit to how much you can load into an Agent, is its Rating x2 in Program Ratings. So Agent 6 could have Trace-3, Attack-3.

Can anyone verify this?

Posted by: Shrike30 May 4 2006, 11:55 PM

Did you mean Trace-6, Attack-6?

Posted by: Glayvin34 May 5 2006, 12:02 AM

QUOTE (GrinderTheTroll)

First, from page 212:
"Response may be affected if you run too many programs. For every x number of programs you have actively running, where x = System rating, your Response is reduced by 1. So if you’re running 10 programs with a System 5, your Response will be reduced by 2."
So at each multiple of your system you take a -1 to response.

It's that second part that I'm wondering about. Does an Agent's Load count against the total number of programs running? It says on page 228 that
"Agents can be loaded up with copies of your programs so that the agent may employ them on its own. If an agent is acting independently, any programs it’s carrying must be active, and so may affect its Response."

Now it seems to be that the Agent runs the program on whatever node it's on, affecting response. So if you've got the aforementioned attack IC, you'll need it to run about 3 programs to be effective in cybercombat, plus the fact it's an Agent, so that means one attack IC with Attack, Stealth and Armor takes up 4 programs. Does that not sound right to anyone?

Posted by: Glayvin34 May 5 2006, 01:23 AM

On 232 there's that "Simultaneous Combat in Multiple Nodes" section, it seems to indicate that you can get attacked through any node you're subscribed to. So if you're in a node with 10 ICbergs subscribed to it, like any high-security "Mainframe" (I use the word lightly) is likely to have, then each of the ICbergs attacks you.
So I guess being subscribed to a node and being in the node is the same thing for personas? Agents can enter a node so if they're tracked the track just goes to whatever node they are running on (I think).

Posted by: damaleon May 5 2006, 01:33 AM

Here is how I see it.

System/Response 6 node running the following programs:
1. Agent Attacker (Pilot 4)
2. Agent Detector (Pilot 6)
3. Agent Hunter (Pilot 5)
4. Attack-6
5. Analyze-6
6. Blackout-6 (node loses 1 response, now at 5)
7. Stealth-6
8. Armor-6
9. Track-6
10. Exploit-6
11. Decrypt-6

Node is now effectively System/Response 5 and Programs only get max of 5 dice. Another program or agent would reduce response again, down to 4.

Now the Agents are loaded as such:
Attacker - Defend node
-- Attack, Blackout, Armor, Stealth (-1 response for 4 programs with a 4 pilot)
Equivalent to a 4 system(pilot), 4 firewall, 4 response persona (node response at 5, -1 for programs), programs limited to 4 by Pilot rating

Detector - Detect intrusion and locate source of intruder
-- Analyze, Stealth, Track, Exploit, Decrypt (no response loss due to programs, but pilot is limited to 5 effectiveness by node response of 5)
Equiv. to a 5 sys, 5 firewall, 5 response (limited by 5 response node), programs at 5

Hunter - Defend node or attack intruder's node
-- All programs listed above (8 programs, -1 response loss for 5-9 programs loaded)
Equiv. to a 4 sys, 4 firewall, 4 response persona, programs at 4

Obviously this would not be an ideal loadout, but I was trying to cover as many situations as possible. What do you guys think?

Posted by: Big D May 5 2006, 01:45 AM

Backing away from the exact mechanics for a second...

If I'm hacking a server, and see some alert flags pop up, but want to stave off the inevitable for a few rounds while my team gets out, can I do something as simple as uploading a few agents and then ordering them to go out and create havoc in other nodes on the system, then uploading a few more?

It sounds like once I get into a system, I can basically DOS it with agents. The IC and deckers will be so busy tracing down my agents, that they won't be able to get control of the system. I probably won't either, but this is a "run away" tactic, not a take and hold ground tactic.

Also, was there any mention of party ice in the BBB? I don't remember seeing it. I think it would need some kind of special treatment under the "stacking" rules discussed here.

Posted by: Glayvin34 May 5 2006, 01:47 AM

Yeah, Damaleon's model seems to be right. But about the Hunter Agent, do Agents lose response for the programs they have loaded? They're not running the programs themselves, the node is. All that's in the book is the programs "must be active, and so may affect its Response" line on page 228, I think that's referring to the Response of the node the Agent is running on, not the Agent itself.

Posted by: Glayvin34 May 5 2006, 01:56 AM

QUOTE (Big D)

Ooo, good one. You could have a Comm full of Agents that all run out and slow down whatever node is running the IC that is coming after you. If they were all loaded up with programs, they could go and run them all on the ICberg protecting the system you're infiltrating, and the Mainframe's Response would bottom out. That's kinda cheap, though.

Posted by: damaleon May 5 2006, 02:02 AM

QUOTE

Payload
Agents can be loaded up with copies of your programs so that the agent may employ them on its own. If an agent is acting independently, any programs it’s carrying must be active, and so may aff ect its Response (see p. 212). Any program run by an agent
is limited by the Pilot rating.

I read the independent agent and payload rules like the agent is a mini system, running on the node and granted access to programs also running on the node. I see the agent being able to handle only so many threads before it loses efficency. Basicly it is only smart enough to handle access to so many programs before its logic routines take longer to decide what to do, like in turn based strategy games when the computer has more and more units to control and more places to attack you from.

Posted by: damaleon May 5 2006, 02:10 AM

Yeah, I would agree with Big D, as long as you can hack the proper access needed to load an Agent on their system, it should be possible. I would restrict running Agents to security or admin access, so it takes longer to hack in, but if you manage to do that, you should be able to use their system's resources against them.

I wouldn't allow you to do it immediately though, except for what programs/IC/agents are already available to the node your on. If for some reason there is no agent available to that node, it isn't rated high enough for you, I would make you spend several actions transfering some of your's to the node before you could activate them. Not a problem when the system isn't on alert, but it can take precious IPs away if you're being attacked, which is a suitable penalty if you don't think ahead.

Posted by: Big D May 5 2006, 02:18 AM

Stupid question... does a TM need any hacker skills to drop a commlink full of Agent Smiths onto a system (ordering them to go forth and destroy in waves before they overcrowd the node)?

Posted by: Glayvin34 May 5 2006, 02:35 AM

QUOTE (Big D)

Stupid question... does a TM need any hacker skills to drop a commlink full of Agent Smiths onto a system (ordering them to go forth and destroy in waves before they overcrowd the node)?

I don't think so. You don't need any skills to fire up your Agents and send them forth.

Posted by: damaleon May 5 2006, 02:37 AM

QUOTE (Big D)

Stupid question... does a TM need any hacker skills to drop a commlink full of Agent Smiths onto a system (ordering them to go forth and destroy in waves before they overcrowd the node)?

As long as he can get the necessary level of access and has programs not on the node that he wants to run stored in physical storage he has access to, I don't see why not.

Assuming the TM doesn't have Hacking or the Exploit complex form, you can Default Hacking with the -1 penalty and thread Exploit to "Hack on the Fly" in an extended hacking+exploit (Firewall, 1 IP) extended test (FW + 3 for security access and FW +6 for admin). In this case, getting your threaded Exploit - 3 (- 1 die for defaulting, -2 dice for sustaining the threaded form) each IP, so you need at least 4 net hits for threading to even have a chance. You won't have much of a chance, but it can, theoretically, be done.

Posted by: Big D May 5 2006, 02:43 AM

damaleon: Sorry, didn't mean he didn't have TM skills, I was just referencing the earlier thread where I had missed that a TM has to have "normal" hacking skill to use programs off of a commlink, in addition to TM hacking.

Posted by: damaleon May 5 2006, 02:48 AM

oh, didn't realize that. in that case, I agree with Glayvin34, once he has access, everyone knows basic operation like loading a program. Even a TM would be force to learn how if he had any type of formal schooling, no matter how slow and backward he/she thinks it is.

Posted by: GrinderTheTroll May 5 2006, 06:01 PM

QUOTE (Glayvin34)

QUOTE (GrinderTheTroll)

Thanks for the corrections, I knew I was on the right track.

I appreciate it.

Posted by: GrinderTheTroll May 5 2006, 06:17 PM

QUOTE (damaleon)

Distributed Denial of Service attacks (DDoS) on current day websites envlove getting thousands of "users" to all login at once and overload a target system. They don't require admin access, but attempt to choke bandwidth and server resouces.

This is modeled in SR4 by lots of Agents entering the same node. There is no mention of personas causing Reponse issues, but instead Agents. This model allows an infinite amount of users, but only a limited number of "free thinking" programs (Agents) to draw on it's resoueces.

I like the idea of being able to do this and I don't see the need to restrict it since you'd need to get all those Agents into the system in the first place by unloading yourself or having them Hack in themselves.

DDoS-2070: (aka ZombieArmy)
Agent (Pilot-3+)
Exploit-3+

DumpBot: (Persona dumped)
Agent (Pilot-1)

Posted by: Big D May 5 2006, 06:25 PM

Well, I'm thinking beyond just sitting there and eating CPU...

Launch a bunch of agents and have them go out and start trashing the system, perhaps focusing on key nodes if you've mapped out the system. That buys you a few precious turns, maybe even a few minutes, before the ice cleans out the system or the admin gives up and reboots.

Also, because they're not as limited in number as spirits or sprites, you can make one heck of a distraction against one system while you sneak into another one.

Posted by: Rotbart van Dainig May 5 2006, 06:59 PM

QUOTE (Serbitar)

What response rating does a mainframe have?

That depends on it's role, see Device Rating Table and funds of the owner.

QUOTE (Serbitar)

Why does a credstick have a device rating of 6? This means that it has System 6, Response 6, Firewall 6, Singal 6?

It means it has the first four at 6, and Signal at whatever fits per Signal Table.

QUOTE (Serbitar)

Why does anybody buy comlinks if your credstick is so powerfull?

It's a checkstick, no real interface included.

QUOTE (Serbitar)

How much IC can you load onto simple nodes that are not meant to work as "real" mainframes?

Infinite - running too many may cause them to be ineffective, though.

QUOTE (Serbitar)

How much IC can you load on "real" mainframes?

Infinite - running too many may cause them to be ineffective, though.

QUOTE (Serbitar)

Why shouldn't there be a huge difference between both kinds of system?

Because exceptions kill any rule.

QUOTE (Serbitar)

Does only the IC count as a program? If yes, why?

Because it's just one program.

QUOTE (Serbitar)

Do the programmes, the IC is running, count toward the response limit of the node?

No, they do count against the inherited Response of the IC/Agent.

QUOTE (Serbitar)

How does a lowered response affect the standard duties?

Not at all... except RP.

QUOTE (Serbitar)

The fact, that almost everything now has a device rating, which must fit into the 1-6 levels, smartgun node in your weapon and supermainframe alike, imposes some huge problems.

You didn't even touch the real problem: Connections.

At first, the rules state you can only run your Persona on Systemx2 Nodes simultaniously... which is fine. Then that changes to connections overall.

Which causes any server to accept... a dozen connections at best.
Even with the castrated half-open connections max of WXP SP2, you can still have hundreds of the with any normal PC, today.

Basically, this results in applying the Systemx2 limit only for Persona Access, and handwaving the rest.

Posted by: James McMurray May 5 2006, 07:05 PM

QUOTE (Rotbart van Dainig)

Because exceptions kill any rule.

Not if they're well defined. A rule that fits every occasion perfectly is of course optional, but rarely possible.

Posted by: Rotbart van Dainig May 5 2006, 07:24 PM

QUOTE (James McMurray)

Not if they're well defined.

The problem is not as much as when they apply... it's about remembering them in the first place.

QUOTE (James McMurray)

A rule that fits every occasion perfectly is of course optional, but rarely possible.

At which point SR4 allows judgement calls... which is more flexible, yet requires more experience/trust.

Posted by: James McMurray May 5 2006, 08:03 PM

True. Some exceptions are comon enough to need a rule, for the rest flexibility is better.

Posted by: Serbitar May 5 2006, 08:20 PM

Thanks Rotbart for the comments. (Actually I was wondering where you and Frank Trollman have been lately. It is hard to get good comments and suggestions these days)

But I think I have already made up my mind. Copying from the "Idiots guide to Matrix 2.0" thread:

"Furthermore I would subdivide nodes into "devices" and "hosts". It is extremely silly to think that a full blown matrix host would have the processing power of a mere comlink.
Thus I would rule, that "devices" (comlink and everything else that does not have a bigger computer behind it) are affected by response "degradation", but hosts are not. That solves the DOS attack. IC would have to be restricted by common sense (as it was in SR3), maybe with some traffic arguments to make it reasonable (high traffic nodes have less IC and are less secure, and vice versa). Furthermore a host can maintain alsmost infinite subscriptions (or matrix cafes wouldnt be possible)."

I would further suggest, that programmes run by IC/agents count towards the response limit, so you cannot protect your comlink better than any "host" would be protected using balance arguments.

Then I would rule that only nodes are allowed to check a persona for illegimate acess (instead of analyzing IC), and only when this persona takes actions that exeeds its hacked (or valid) permissions.

I did a couple of consistency checks and propability calculations with these suggestions and found that they are good guidelines for a veriety of SR4 situations.

Posted by: blakkie May 5 2006, 08:27 PM

@Serbitar

Degradation for a given login can occur on mainframe. Because the system will not feed a process or login all it's resources, outside of the top tier of security priority (many level of security, with some sort of "system" level at the top). That top tier wouldn't really equate to the Admin login level in the SR rules, mostly because of there being so many different piority levels.

It does in an attempt to protect the entirety of system from degradation. If it didn't some shmuck's do nothing infinite loop program or inifite open file loop could bring the whole damn thing to it's knees.

That's really a key to how a mainframe can effectively handle so many users, rationing of resources. It is entirely reasonable for similar throtling to occur on a node that is hosted on a mainframe equivalent.

P.S. Note that in that thread i linked there was a suggestion further down that the better computers would provide some limited support for extra IC that operated outside of the limit. Those IC would be running on a security/priority rating above Admin. But the system would definately want to limit how many of those they had because they represent a serious threat to overall system performance and uptime (which is king for big iron).

Posted by: damaleon May 5 2006, 08:33 PM

QUOTE (GrinderTheTroll)

From what I remember, there is nothing limiting or degrading a node's performance by having more and more people access it currently described in the rules. It does mention that you are limited to System X 2 nodes, agents, and drones that you can simultaneously access, but nothing about how many people can be reading a node at the same time, so the effect of a current day DDoS attack is not described in the rules. It does mention that a subscription list can be practically unlimited in size, but you can only subscribe (I think it means link or actively subscribe) to so many at once.

As I read it, the only way to degrade a node's response is to load more and more programs, be they agents, hacking tools, common use programs or what not, and that would require you to gain access to the node and make it run programs. If that's the case, an agent only affect the node it can be traced back to, not the ones it accesses (so if a hacker loads an agent on his Response 5 commlink sends it out to a Response 3 system before logging off, it would still be at a Response 5).

I kind of see wireless like this:
you can have 1 person shouting to 1 or 1 million and the only thing that affect whether they hear you is distance (signal strength) so as many people are in range can read a what a node
if 100 people are shouting different things, you can only make out one or a couple at any given time (active subscription or linking limit) but you can change you you focus on at any given time
If you are shouting back and forth, both have to focus on listening (you both count against the linking limit of the other)

I'd apply all this to any single device and consider mainframes meshed networks, many devices completely interconnected but acting as 1 device with a common set of attributes, which then allows an expansion of the # of programs and interacting users, but doesn't increase the system, response, or firewall rating.

Posted by: Rotbart van Dainig May 5 2006, 08:36 PM

QUOTE (Serbitar)

Thus I would rule, that "devices" (comlink and everything else that does not have a bigger computer behind it) are affected by response "degradation", but hosts are not. That solves the DOS attack. IC would have to be restricted by common sense (as it was in SR3), maybe with some traffic arguments to make it reasonable (high traffic nodes have less IC and are less secure, and vice versa).

That means you just removed the 'hard' limit to implement a 'common sense' limit... which would be around... not more than a handfull of them?
Six of one, half a dozen of the other.

QUOTE (Serbitar)

Furthermore a host can maintain alsmost infinite subscriptions (or matrix cafes wouldnt be possible).

A device should, too. Otherwise, the whole AR concept breaks down in DoS.

QUOTE (Serbitar)

I would further suggest, that programmes run by IC/agents count towards the response limit, so you cannot protect your comlink better than any "host" would be protected using balance arguments.

They do already count... to the Response of the IC/Agent, which degrades it's effectiveness very quickly, as any Program it owns must be running.
Slapping them onto the device results in immediate DoS dropout.

QUOTE (Serbitar)

Then I would rule that only nodes are allowed to check a persona for illegimate acess (instead of analyzing IC), and only when this persona takes actions that exeeds its hacked (or valid) permissions.

No real reason for that - that's what the System+Firewall is for, initally... if one does try to exceed one's right, it fails and gets reported anyway.
Using RL analogies, even a home gateway running linux has a fullblown right managment system.

Posted by: GrinderTheTroll May 5 2006, 09:14 PM

QUOTE (damaleon)

QUOTE (GrinderTheTroll)

I think you missed my point: Personas don't effect reponse, but Agents do.

QUOTE

This is modeled in SR4 by lots of Agents entering the same node. There is no mention of personas causing Reponse issues, but instead Agents do. This model allows an infinite amount of users, but only a limited number of "free thinking" programs (Agents) to draw on it's resources.

PS - I fixed my typos in the quote.

Posted by: Serbitar May 5 2006, 09:44 PM

QUOTE (Rotbart van Dainig)

That means you just removed the 'hard' limit to implement a 'common sense' limit... which would be around... not more than a handfull of them?
Six of one, half a dozen of the other.

No I think that 3 IC in one system should almost be the maximum. Add more and you have super tight, unhackable security. Nobody can defeat 3+ IC of about equal rating. You may as well log off.
Furthermore I sacrifice the "hard" limit due to balancing considerations. (see beyond)

QUOTE

A device should, too. Otherwise, the whole AR concept breaks down in DoS.

No problem with this. I dont really see what should be unbalanced if you completely skip that rule.

QUOTE

The agent uses the nodes response. They dont have independent response. Furthermore you are multiplying total response if you grant every agent his own response and lower it only when the number of programms activated by the agent exceed his response. For example,you can run a total number of 36 programms on a node of response 6 without lowering response if you pack them into 6 agents. But you can only run 6 programms without lowering response if you let them run without agents.
This sounds illogical.
But the main problem is balancing. I do not want to let players or npcs run 6 agents with 6 programms on their raiting 6 commlink. This collides with my consideration, that 3 IC should be almost the maximumin security.
On the other hand, if I count each programm seperately I get something which is quite consistent AND is quite good for the game balance.

QUOTE

No real reason for that - that's what the System+Firewall is for, initally... if one does try to exceed one's right, it fails and gets reported anyway.

You mean that everytime you attempt an illegimate action and fails, this is reported, and no other firewall+analyze actions by the node are needed? That would be perfectly OK for me. (Although I cant finde any statement in the rules, that every hack action is an opposed test between hacking+programme vs system+firewall).

Thanks again for the comments.

Posted by: Serbitar May 5 2006, 09:57 PM

QUOTE (blakkie @ May 5 2006, 03:27 PM)

Degradation for a given login can occur on mainframe. Because the system will not feed a process or login all it's resources, outside of the top tier of security priority (many level of security, with some sort of "system" level at the top). That top tier wouldn't really equate to the Admin login level in the SR rules, mostly because of there being so many different piority levels.

It does in an attempt to protect the entirety of system from degradation. If it didn't some shmuck's do nothing infinite loop program or inifite open file loop could bring the whole damn thing to it's knees.

That's really a key to how a mainframe can effectively handle so many users, rationing of resources. It is entirely reasonable for similar throtling to occur on a node that is hosted on a mainframe equivalent.

Good explanation. But my problem with the whole degradation buisnes is the following:

If an agent counts only as 1 programme, players and NPCs can make their comlink into IC castles. I do not want that for balancing reasons. There is no way to handwave this, as players need rules to know what they can do with their comlink and what they can not.

So I have to rule, that each program in an agent counts towards the response limit, to keep players from building the aforementioned ICbergs. But now I have a problem with matrix nodes. They should be able to be preotected a little better than mere comlinks. Thats why I skip the degradation rule there, and fortunately I can do this, because I am now in the region where players will never go (meaning ruleswise, they will most likely never design matrix hosts). I can handwave IC numbers by introducing traffic arguments and such.

After all I am just looking for rules with the following baselines:

Rules that comlinks even of response 6 can not be loaded (without a severe response hit) with more than 2 agents containing 6 programs at max.
There cant be more because I can not handwave agruments that not all available agents are not launched immediately. Nobody can face more than 2 such monsters at once,and I want to give players achance, that want to hack commlinks of NPCs, that have such a configuration (why shouldnt they, when they players can do it).

Handwaving arguments that normal Matrix nodes have about 2 IC with 4 programmes, and extreme high security nodes have about a maximum of 4 IC with 6 programmes. Furthermore I need handwaving arguments that not all the IC is loaded immediately but in a way that adds more to the tension of a good hacking experience (like a tracing routine IC first, and if it is crashed an attacking IC and then a black hammer IC and such). With the normal rules there is no reason to not load all the IC at once. Thats why I need handwaving there.

The combination of:
"Programmes in agents affect response" and "matrix hosts do not care about response reduction" delivers the baseline I want. The rest is just fluff tailored to fit this baseline.

Posted by: Rotbart van Dainig May 5 2006, 10:19 PM

QUOTE (Serbitar)

If an agent counts only as 1 programme, players and NPCs can make their comlink into IC castles. I do not want that for balancing reasons.

Speaking from play experience:

You are worrying waaay too much.

Usually, IC will never even spot an intruder - Stealth is tough to beat on Matrix Perception tests.
Even if it would, nothing prevents a hacker using Agents, too.

It's a bit like letting guards patrol alone...

PS: The real ugly thing are data bombs.

Posted by: blakkie May 5 2006, 10:46 PM

QUOTE

Didn't i warn you about trying to make sense of SR computing?

Actually there is some handwaving to deal with this, but you should probably drop a microdot before attempting to read it. So get ready, and make sure you stay away from the brown blotters with the Mickey Mouse stencil, people are getting really bad trips off those:

An Agent is it's own program space, with all the programs that it is running integrated within that. This works because it only has one or two programs doing things at any given moment. A persona has no program space of it's own, which is why it doesn't take up a slot. So any program loaded for use by the persona must have it's own program space. Why not, then, just have a program space to load all the programs into it for a persona? Because that adds an extra layer of interface that would require extra communication interaction in the same way that you have to spend an action to tell an Agent what to do and then there is another action spent for the Agent to do it.

Now just meditate on that while you listen to the chirping of the gecko pattern on the wallpaper.

Posted by: Serbitar May 5 2006, 11:14 PM

QUOTE (Rotbart van Dainig @ May 5 2006, 05:19 PM)

QUOTE (Serbitar @ May 5 2006, 11:57 PM)

If an agent counts only as 1 programme, players and NPCs can make their comlink into IC castles. I do not want that for balancing reasons.

Speaking from play experience:

You are worrying waaay too much.

You should definately read the "Idiots guide to Matrix 2.0" thread.

There they argue, that if the IC wins in an pilot+analyze vs hacking+stealth test, they IC has sucessfully uncovered the hacker as such, a hacker with faked permissions.

Thats what I am fighting against. This idea is pertly backed up by the patrolling IC paragraph on p. 222.

And the chances to lose a for example 10 vs 10 dice opposed test are not low, 41,4%.
Thats why I do not want IC that is constantly scanning everything and uncovering hackers with this opposed test.

Still, there is lots n lots of confusion about the matrix rules out there . . .

BTW:Agents are bad. They highten the danger of beeing detected, and when you are detected, the matrix run is mostly over. I think agents are mostly for doing stuff for you in a node when you have left.

Posted by: blakkie May 5 2006, 11:29 PM

IC are not loaded until the security alert has been raised (page 228). So no multiple IC until you screw up. (EDIT:Unless this is a hyper serious about security system, then they might allocate the resources to roaming security Agents that are constantly sweeping, but that'll cost processing power which equals money, and really they have to be able to notice you and then correctly Analyze you to figure out that you aren't legit)

Once the security alert is raised the drek hits the fan, as fast as one IC per IP at a time depending on how agressive the system security is. But even then, depending on Init rolls and you noticing the IC loading (it takes a Complex Action worth of time for the loading to occur), you have a chance that'll you'll get the option to scram before the IC even gets to act.

So the system is still quite safe until you set off a Data Bomb or the system itself detects you. Just like in SR3, the key is to not get noticed and you can cakewalk through. Actually that's like a lot of things in SR.

Posted by: Rotbart van Dainig May 5 2006, 11:32 PM

QUOTE (Serbitar)

You should definately read the "Idiots guide to Matrix 2.0" thread.

Well, maybe I could.

QUOTE (Serbitar)

There they argue, that if the IC wins in an pilot+analyze vs hacking+stealth test, they IC has sucessfully uncovered the hacker as such, a hacker with faked permissions.

Basically, that is correct.
Keep in mind that if the IC tries again before a certain intervall, it will lose dice.

QUOTE (Serbitar)

And the chances to lose a for example 10 vs 10 dice opposed test are not low, 41,4%.

Sure... some action is good.
Any hacker with about two to three runs will have Response 6, though, and most Node will run around 4.

QUOTE (Serbitar)

Thats why I do not want IC that is constantly scanning everything and uncovering hackers with this opposed test.

That's a necessity, in fact - as there are no more security tallies.

QUOTE (Serbitar)

Agents are bad. They highten the danger of beeing detected

Only if you run them on the Node... if they run in your Persona, they count as Programs and are only detected if you are, anyway.

Posted by: Serbitar May 6 2006, 12:08 AM

Now we are turning in circles:

QUOTE (Rotbart)

QUOTE (Serbitar)

Thats why I do not want IC that is constantly scanning everything and uncovering hackers with this opposed test.

That's a necessity, in fact - as there are no more security tallies.

QUOTE (Rotbart)

QUOTE (Serbitar)

So what? Scanning IC or System+Firewall?
I would substitute a an analyze+firewall(stealth) test everytimea hacker performs an illegitimate action for the security tallies. No need for analyzing IC.

Btw: The chance of losing a 12 vs 8 (hacker skill 6 stealth 6, vs pilot 4 analyze 4) are still 20%. Add the standard assumption that IC counts only as 1 programme, and you have 3-4 of these scanners in a 4 node. That gives you a 50%-60% chance of being detected (3-4 times 12 vs

. Too high for my taste. A 4 node should be fair game for a 6/6 Hacker (at least 80% propability to hack in, perform 3 actions and log out undetected)

Posted by: Rotbart van Dainig May 6 2006, 12:14 AM

QUOTE (Serbitar)

So what? Scanning IC or System+Firewall?

Both.
Initial and long term difficulty.

QUOTE (Serbitar)

Add the standard assumption that IC counts only as 1 programme, and you have 3-4 of these scanners in a 4 node.

3, if you have Analyze running.
Less if you want Agents performing tasks.

QUOTE (Serbitar)

A 4 node should be fair game for a 6/6 Hacker (at least 80% propability to hack in, perform 3 actions and log out undetected)

The key question deciding that is - how 'often' does IC patrol?

Posted by: Serbitar May 6 2006, 12:26 AM

Any reason not to let it constantly scan everything?

Posted by: Rotbart van Dainig May 6 2006, 12:33 AM

The 'Try again' rules?

Load balancing, sheer amount of sessions, drekcetera.
There's where rationalisation starts, for the sake of a fun/balanced game.

Posted by: blakkie May 6 2006, 01:08 AM

I should add one thing Sebitar that i missed mentioning before. When the big iron limits resources on node it is hosting it -might- throtle it by node/account pairing. So if a persona comes on and loads 15 programs it only affects itself, not other personnas in that node. Under that i'd expect that independant Agents (including IC) would limit each other by count as they would be grouped together as being programs 'owned' by the system itself. So for a Response 6 node you could have up to 6 Agents/IC running before they were subject to performance degradation. But even if there was 7 Agents on the node, a persona coming into the node would not be subject to that degradation. Likewise each persona would count their own programs loaded only when checking to see if the performance was degradated for themselves.

That seems to me a pretty reasonable step up in room on a mainframe node from a portable computing device while allowing a big iron host to avoid the unlimited access to computing resources that could bog the whole machine. It also nicely handles the idea of supporting hundreds or thousands of simultaneous persona accessing a node.

To personas in it i imagine it would look like a convention room, a mall hallway, or some other really big space with lots of room for all sorts of personas, maybe even with LOS blocking stuff to sort of visually break up the node, like say a park with rows of bushes, trees and embankments.

Posted by: damaleon May 6 2006, 02:03 AM

QUOTE (GrinderTheTroll)

I think you missed my point: Personas don't effect reponse, but Agents do.

I don't think I missed it, but mine got lost in all the stuff I typed.

Mine was that, as I understand it, Agents only slow down the node they originate from, not the node they are currently in (unless it it the node the originated from). So sending a bunch of Agents to a node won't slow it.

Posted by: blakkie May 6 2006, 02:15 AM

QUOTE (damaleon @ May 5 2006, 08:03 PM)

QUOTE (GrinderTheTroll)

I think you missed my point: Personas don't effect reponse, but Agents do.

That seems to fly in the face of other's current thinking. Certainly mine. That when the Agent moves (you are talking about an independant Agent, right?), it completely moves including all it's proccessing and memory usage.

I know the rules are kinda vague in that area, but could your give the rundown on the reasoning behind your take? Or is there something that is in the "Idiot's Guide to the Matrix 2.0" better explaining that position? If so could you link me to a good entry on it. I stopped reading it some time back when the swirling vortex of mush got above my threshold, and i'd rather not try sort through a couple hundred posts to try find it.

Posted by: damaleon May 6 2006, 02:23 AM

Okay, I'm wrong. I missed the last line of the Agent description saying "this means that the attributes of an agent operating independently may vary as it moves from node to node."

Would this make an independent agent impossible to track back to the person that controls it unless you intercept its wireless commands?

Posted by: blakkie May 6 2006, 02:42 AM

QUOTE (damaleon @ May 5 2006, 08:23 PM)

Would this make an independent agent impossible to track back to the person that controls it unless you intercept its wireless commands?

If there was still an Agent to controller subscription in place they could track back on that, similar to someone tracing back from a drone. But if the Agent is out there operating on it's own and not reporting back (and wasn't given information about how to contact with the originator that you could extract out of the Agent somehow) then they'd have to try trace the Agent's movements through datatrails to see where it was initially spawned (i think it would leave a datatrail). Even then that location need not be the true originator's commlink as you can spawn an Agent in any node you have access to.

At that point i think the rules get very nebulous as to whether they could check the node's log to see if they could figure out who spawned the Agent. My best guess as a GM would be an Analyze by the tracker with lots of hits might overcome the efforts of the originator trying keep his identity hidden, and that would pick up the datatrail again (i think, maybe, but maybe not if the persona is no longer there).

So yup, it's tough to track back the perp of a worm Agent. And that is basically what a malicious independant Agent is, a worm.

Posted by: damaleon May 6 2006, 03:02 AM

Okay, now that I have to re-think independent agents, tell me if this makes sense to you.

A hacker creates an independent agent with a Pilot 4 while on Response 5 node, loading it with 6 programs and send it to try and get a file from another node. While in this node, the 6 programs lowers the Response for the Agent to 4 (but the Node still has a 5?) and it manages to hack of the fly to the node it is attacking and it has a Response of 3, so is the Agent is at a Response 1 or 2? Would the max response of 3 in the new node limit the pilot of the Agent to 3 making the 6 programs reduce its Response by 2, or would the Pilot still be 4 keeping the Response penalty -1? All programs the Agents run would also be limited by the response of the Agent as well right?

Would IC that can move from node to node be affected the same way (since they are specialized agents)? If that were the case, could you get IC to follow you to a low Response node to make it easier to defeat?

Posted by: blakkie May 6 2006, 03:15 AM

Ok, the Agent 4 with 6 programs active going to the Response 3 node. Now the Response 3 of the node limits the System of the node to 3. So immediately the Agent is lowered effectively to an Agent 3.

When calculating the Response degredaton of the Agent by counting the Programs running you use the Agent rating (not the System of the device/node). So it will be a 6/3 = -2. So yes, the Response for the Agent becomes a 3-2=1. Barely moving. If that agent tries to move to a Response/System 2 device it basically stops running (or maybe it can choose to shutdown programs to keep going, but it is going to need to shed a lot of them).

EDIT: BTW that means that in the original example if the Agent had 8 programs loaded instead of 6, even though it was on a Response/System 5 node, it would have an 8/4= -2 penalty to it's own Response rating. Thus having an effective Response of 5-2=3.

Anyone that sees a problem with this please jump in. I think i understand this stuff, but the wireless chapter is still my weakest section since i've not really used it extensively in play yet. We are still getting use to the idea that deckers can be real PCs.

Posted by: damaleon May 6 2006, 03:20 AM

Okay, I get that.

So an easy way to put a roadblock in the way of any IC or independent agent that is following your datatrail would be to go through several Response 1 or 2 nodes to make them stop functioning or at least unable to enter and follow the trail?

Posted by: maikeru May 6 2006, 03:25 AM

Wow, this stuff is confusing, good thing I haven't needed to use the matrix much.

Posted by: blakkie May 6 2006, 03:30 AM

QUOTE (damaleon)

Hrmm, didn't think of that. Maybe. Though as i mentioned earlier in the thread i read the Trace action acting on an active persona as all occuring from the node where the persona is being tracked from. So until the IC finds the end of the trail they don't leave their home node.

When they do find the end of the trail they pass the location onto a meat-world security team and then pull out the can of whoopazz to knock out the intruder's meat body or maybe even hop to his node if his physical location is moving so it can try to disable whatever vehicle he is moving around in.

Posted by: blakkie May 6 2006, 03:51 AM

QUOTE (maikeru @ May 5 2006, 09:25 PM)

Wow, this stuff is confusing, good thing I haven't needed to use the matrix much.

So far in game we've just winged it. Nobody else at my table has nearly the same depth of background in computers as me, so in play it tends to be much lighter and fluffer than these indepth rules senarios.

Posted by: Rotbart van Dainig May 6 2006, 08:27 AM

QUOTE (blakkie)

That assumes that every Node in that chain allows Access... otherwise, that Node would have to be hacked to continue tracking.

Posted by: blakkie May 6 2006, 11:44 AM

QUOTE (Rotbart van Dainig)

QUOTE (blakkie @ May 6 2006, 05:30 AM)

That assumes that every Node in that chain allows Access... otherwise, that Node would have to be hacked to continue tracking.

Maybe. But because they are following the live packets themselves, in the same way that you don't need to hack into a node to use it to relay your signal (assumed) you should be able to follow the signal.

In fact once your persona moves out of the intermediary device and on i'm not sure there is a guarantee that that device is even used for relaying. In the same way that the current internet does not guarantee a path of travel for a specific packette, the Matrix could be adjusting . Being wireless, and therefore having even more potential routes, i'd expect this to be even moreso.

Except for some specific chokepoints going into or out of facilities where it switches from wireless to a fixed path for security perimeter reasons, but those are very unlikely to be low rating devices.

So just hoping your persona into a rating 1 Device first and then hoping onto the target system is no guarantee that your active path of packets from the traget system is going to flow through that rating 1 Device.

However when following a cold trail, where you have to check for arrival and departure in the logs, that might be true that the Agent has to hop into the device to get access to that. I'd still be inclined though to treat it like a Matrix Search and let it be done remotely (if you didn't let Search be done remotely a rating 1 Device would become fairly secure from Agent searches

Posted by: Rotbart van Dainig May 6 2006, 01:06 PM

It's quite easy to force routing in SR4, especially if you create those 'anonymizer nodes' yourself.

Posted by: blakkie May 6 2006, 02:16 PM

An anonymizer duplicates the original requester and then passes back the results. So there is actual proccessing that needs to occur on the node to emulate both sides. For a web browser that's pretty straightforward. How easy that is within the SR Matrix, and whether or not a crappy node could pull it off without impact on performance of the end persona, isn't clear as that is getting well outside of the rules IMO.

Posted by: Rotbart van Dainig May 6 2006, 05:21 PM

Not really - that's exactly what the rules call hopping nodes.

Posted by: blakkie May 6 2006, 05:35 PM

Which page are you talking about? I didn't get that from my reading, but i want to make sure i'm looking at the same thing as you and didn't miss something.

Posted by: Rotbart van Dainig May 6 2006, 06:04 PM

p. 220, Loggin On/Off.

Posted by: blakkie May 7 2006, 02:33 PM

Ya, i don't get that as fuctioning as an anonymizer at all. I would perfer to read that as not having the requirement that you log into the node that you are hopping. The wording is vague, but if they required that you log in as a user on the node that would make the Matrix either a very unfriendly or a very unsecure place. I'm thinking in terms of the internet now, if i had to log into every system that datapackets traveled on to/from me....the mind boggles. That is how the internet works so well, routing is just happens by whatever means the network deems best. It doesn't even guarantee that each individual packet will travel the same route as the last. It doesn't even guarantee, if i remember correctly, that the order of packet arrival will be the same as the order sent.

Posted by: Rotbart van Dainig May 7 2006, 02:55 PM

That's the fundamental difference between Nodes that allow public access and nodes that don't - the latter don't route traffic, normally.
Cracking a vending machine and using it as anonymizer node is simple.

BTW, it's quite easy to make routing work a certain way... that's what proxies are for.

Posted by: blakkie May 7 2006, 09:24 PM

QUOTE (Rotbart van Dainig @ May 7 2006, 08:55 AM)

That's the fundamental difference between Nodes that allow public access and nodes that don't - the latter don't route traffic, normally.

Because of the range limitations of a low signal, i evision part of the protocol that each device do it's Matrix good citizenship duty by being willing to forwarding towards the nearest known hub node or the destination device/node the packets without requiring any sort of login. Yes this is somewhat different than the more fixed heirarchy of the internet, but the internet doesn't include as valid world addresses things with the kind of limited range that the Matrix seems to, nor does it have the Matrix's seemingly universal transmission rates.

QUOTE

Cracking a vending machine and using it as anonymizer node is simple.

BTW, it's quite easy to make routing work a certain way... that's what proxies are for.

Thus my point about it requiring processing power and specific programs, which proxy/firewall/anonymizers do. If you are trying to use a rating 1 device that has some other type of use it's going to suck going through it. There aren't specific rules because it falls somewhat outside the core's range of explaination. If someone tried to argue that it was crippling IC by them going through like that it is clearly an excellent place for the GM to use a great big "nuh-ah". Perhaps even inflicting a bit of physical pain on the player via thrown dice?

Remember also that such a system would be very easy to exploit to get it to cough up the anonymizer patch list. A lot better idea would be to use a hard to get into system (perhaps one that is partially trusted by the target system) that was protected with IC, sprites, or some other watchdog to protecting the hop. As a GM i would generally add those as steps that the hacker realizes they must do just to have any chance of success. But even then for a live connection the i see the Trace program sniffing the traffic going in and out to try track without having to log into the node itself.

Really all that fancy stuff is already abstracted into the Track action, page 219, quite neatly as things that a decker and their Stealth software would normally be trying to do. So as such it makes great fluff, and can be used by the GM to add spice (both crunch and fluffwise) to a run on a host by making certain hops defacto mandatory. Or perhaps giving IC bonus dice to their Track action or for the target system to notice the illegal login attempt from an untrusted system if the decker chooses not to do the intermediary hop(s).

Posted by: Rotbart van Dainig May 7 2006, 09:41 PM

QUOTE (blakkie)

That may or may not be so - it is not specified. However, it is quite secondary on the question at hand.

QUOTE (blakkie)

You might want to prove that.

QUOTE (blakkie)

That doesn't really matter - it costs time... the time you have to pull the plug.

QUOTE (blakkie)

As a GM i would generally add those as steps that the hacker realizes they must do just to have any chance of success.

As the rules are pretty explicit about hackers having success without any hops at all, that does not really impress me.

QUOTE (blakkie)

But even then for a live connection the i see the Trace program sniffing the traffic going in and out to try track without having to log into the node itself.

Not really... it would make Track allmighty.
Aside from being able to track Damien Knight back to his personal office, it would be the ultimate exploit.

QUOTE (blakkie)

Really all that fancy stuff is already abstracted into the Track action, page 219, quite neatly as things that a decker and their Stealth software would normally be trying to do.

Stealth does not relay traffic - Stealth disguises it.

QUOTE (blakkie)

So as such it makes great fluff, and can be used by the GM to add spice (both crunch and fluffwise) to a run on a host by making certain hops defacto mandatory (or perhaps giving IC bonus dice to their Track action if the decker chose not to do the intermediary hop(s)).

Again, there is nothing to find about that being mandatory... in fact, it's rather the exception than the rule.
As Anonymizer Hosts popped up in Matrix, I expect such tricks to be featured by Unwired.

Posted by: blakkie May 7 2006, 10:30 PM

QUOTE

Stealth does not relay traffic - Stealth disguises it.

If you don't disguse the traffic (Spoof/Stealth) then going through a node buys you very little because the tracker can just watch for an easy to spot correlation between stuff going in and stuff going out.

QUOTE

But even then for a live connection the i see the Trace program sniffing the traffic going in and out to try track without having to log into the node itself.

Not really... it would make Track allmighty.

See that as you may, that is how the rules currently work.

QUOTE

As the rules are pretty explicit about hackers having success without any hops at all, that does not really impress me.

Actually the rules in the core book are such that it doesn't matter if you go through 50 hops (login or not) or none. It comes down to the Track Extended Test, and the only thing that makes that more difficult is the Stealth of the target (which subtracts dice from the tracker's pool) and the target scoring net hits on a Redirect (Hacking+Spoof vs. System+Track) action which increase the theshold of the Track Extended Test.

Track chews up and spits out hops like they weren't even there.

No login checks required.

What my suggestions are doing is actually simulating benefits of those hops, since the core rules just don't have them (and Unwired is minimum a year away). Roughly speaking the rules are:
1. A hop does you very little unless it is has a very large volume of traffic, and has sizable processing capabilities to allow Stealth and Spoof to execute their funky stuff on the node to disguse the traffic. Rule of thumb is the processing capability to run the Stealth and Spoof programs you are using (but without the bother of checking the node for program load vs. System).
2. The more background traffic between the hop and the target system the better (this ties in with the "trusted" angle, and also using the traffic as cover)
3. A system has an inherent security paranoia rating that is not expressed in terms numbers, but instead just making it general knowledge that a semi-experienced decker would know (general trade knowledge) that it is nigh impossible to pull off an illegal entry without specified benefits using rules #1 and #2.

Currently i don't assign any dice benefits, i just lay out the narative for the decker about what he figures out to make 1+2=3. Another decker with a better Hacking skill might figure out a superior set of hops, but that's all factored in by the dice each decker rolls for a Redirect (if they actively take a Redirect action to take advantage of this "superior hop planning").

EDIT: Why no extra dice benefits for #1 & #2 beyond what #3 "requires"? Because creating numbers would tend to players wanting to me to tell them those numbers, which is certainly fair. That would require solid fleshed out numbers to stand by that bring with them the risk of not only skewing dice pools, but in the end just creating a set of standard hop actions that get used every time. Basically making number crunching busy work for the player, or effectively penalizing him for not taking the time for number crunching busy work.

EDIT: Likewise for why i haven't bothered for the dice pool modifiers for #3. I'll give a player an option if they ask for it, i'd do it if they actually wanted to consider going against their the advice of the "little voice" in the character's head. Or professional gut instinct if you want to call it that. Or in OOC terms GM definition of the world. However i'd make clear that it was case by case, and would not be ready to give hard and fast numbers. I'm a bit more comfortable with not giving penalty numbers, especially when i always provide them with the dice pool modifier neutral solution so they don't have to guess or just repeat the same thing over and over each senario.

EDIT2: Once the decker's player become comfortable with it i suppose he could be helping with the narative with suggestions of 1 & 2 to help overcome 3. Who comes up with it is really about the GM/playing style of the table and how experience the player is.