So, one of the reasons that I never got into Shadowrun past 3rd edition was the fact that all of a sudden the characters started running around with smartphones and wifi, whereas a big part of 80s lore about the future of communications and electronics would be that everything would be physically large, visually stimulating, and trailing large fiberoptic wires.

And of course one of the things that has been discussed a lot on this forum are questions like, "why would anyone need to make a gun be hackable via wifi, just have an offline or purely mechanical gun", and things like that.

However, apparently nowadays all kinds of devices have stupid, pointless, and completely unnecessary wifi features that also make them vulnerable to malware and hacking. For example, someone just demonstrated ransomware that could affect a certain thermostat. Can you imagine someone making your heater go full blast 24/7 so your house would be like 100 degrees F, and you have to pay a ransom to be able to turn it off? Or, imagine something like that affecting the central heating system of an apartment complex, so that all apartments suddenly start heating full blast in the middle of the summer.

So, I guess that maybe the whole thing about wifi guns wasn't that far fetched after all. I mean, I can't imagine in ten thousand years why in the history of mankind we would want thermostats, refrigerators, etc. with these functions and vulnerabilities, but that doesn't mean that some manufacturers didn't think this would let them sell lots of expensive product to consumers. (Why don't the consumers THINK about these sorts of security issues!?!?!?) It makes no sense whatsoever but this is apparently something people actually do in reality!

I don't know, people. I think I really need help; that is, help understanding how people think. I mean, really. Who sees a wifi fridge and says, "BOY HOWDY! I can pay a lot more money for a formerly simple device that kept my food from spoiling, in order to add software bugs and vulnerabilities, unnecessary electronic components that represent additional possible sources of device failure, AND which make the whole thing that much more expensive and difficult to service and maintain! Furthermore, it means that the device will strictly be suitable for locations with a stable power grid, since power outages or anomalies will probably fry the circuit boards, so if I move to a rural or natural disaster prone area, or if the local power company ever starts dropping the ball, I'll basically have to either get a different fridge, or buy, maintain, and service an automatic backup generator for my house! HELL YEAH JUST WHAT I WANTED TO SPEND MY HARD EARNED MONEY ON!" If anyone understands the how and the why of people being remotely interested in such a device, please tell me. I feel like you will have solved one of the mysteries of mankind for me. And then maybe I'll be mentally ready to play late-edition Shadowrun, having finally come to terms with this mystery. (IMG:style_emoticons/default/wink.gif)

(I mean, I would rather have an icebox from the 1950s and require regular ice delivery than have to manage a fridge like that!)

I'm starting to think this might be a question that can only be answered via initiation astral quest.....

Article that sparked this post: http://thenextweb.com/gadgets/2016/08/08/t...e-because-2016/

To be honest I LOVE electronics. I have more gizmos than I regularly use. I have a cell phone, 2 tablets, 4 laptops, one Chromebook, a desktop tower, a streaming TV box, and 2 or 3 HDMI stick computers. With that said, the idea of having my front door, thermostat, or refrigerator controlled by WiFi does NOT interest me at all. The security on those things makes me cringe. I've already said this on XDA-Delevopers (paraphrasing because I don't remember exactly what I said) "You could have the most perfect security in the UNIVERSE on the device, but other end of equation is a phone that has crap for security."

Now add in this little fact, most people are idiots when it comes to computer security. They'll download the latest in garbage ware that is riddled with spyware and other drek. Also the US has pretty poor cyber security. We REGULARLY get owned by the Chinese and the Russians. Hell, we get owned by the NORTH KOREANS from time to time! While US colleges are trying to get more people to take gender studies and regularly worry about bathrooms and microagressions; the Chinese, the Russians, and the Koreans are putting their people though hard sciences and hard core cyber boot camp.

No, I would NEVER trust WiFi connections for something as vital operating my gun. In SR4, my character has cyber, but also has a full on set of cyber security and two Agents (one from the commlink and one from the Cluster of all his other cyberware that is slaved to the commlink) running full on IC. One is set for full defense and one is set for offense.

/rant:

Wounded Ronin, I'm sorry to use your thread for a rant, but feel it did fit into your disbelief about adding WiFi to things that DO NOT need it.

So, what are your password practices like?

Do you:

1: Commit an entirely-unique, 25-character-minimum password to memory for each and every individual website you use?
2: Let a password manager/auto-fill-in thingamajigie do it for you?
3: Use one of a few, easily-memorizable passwords that you've used for a decade+?

I'm willing to bet it was 2 or 3, or closer thereto, than to 1.

And that is why: because convenience is always going to trump security. And if security is engineered in such a way as to make things intentionally inconvenient to force security, the hackers and other malefactors won't have to do anything, because the users will have defeated their own security for them; see also, anyone who ever left door-wedge in a secured side door that automatically locks so they won't have to walk all the way around the building to the front door and the security checkpoint when they slip out to have a smoke.

(All of this is strictly in my opinion. I don’t claim to have studied any of this in any formal way or to have expert knowledge from inside the design industry)

To an extent is manufacturers trying to make things look more modern and cutting edge, and counting on consumers to assume that these things really will make life better. Think of the bigger and bigger fins on cars in the fifties – we’ve just replaced that sort of design feature with gratuitous electronics (and fridges look silly with fins, anyway).

To an extent I think this trend was started before smart phones became so ubiquitous. With a smart fridge you could build your shopping list right on the basic tablet built into the fridge door! Except that now you could do the same on the phone in your pocket, and have it with you at the store without having to print out the list or transfer it between devices (of course, you could also have a note pad on the fridge door accompanied by a pen on a string, but that wouldn’t look modern and fancy enough).

And to an extent there is the possibility that someday the whole smart infrastructure comes together in useful and powerful ways, and no major manufacturer wants to miss that wave. Let’s say that you have your house programmed to expect you home at 6pm—it will bring the house to your preferred temperature by that time, turn on the light in the front hall, have your preferred evening radio station playing, etc. And that morning put some frozen pork chops in a special compartment of the fridge that is programmed to thaw them for that time, set the rice maker to have rice cooked perfectly at that time, and the kettle heated up so water is hot to use in steaming some vegetables. By noon you find out that you are going to be taking clients out for dinner and won’t be home until probably 9pm and won’t be eating at home that night – you ping your house the change in plans it figures out not to thaw the meat or cook the rice or boil the water, it leaves the house cooler/warmer until later to save on power, doesn’t put on that light until later, doesn’t put the radio on at all but instead plays some soothing music.

Is any of that big deal? No, not really. But if most of your house is built that way anyway, but the rice cooker isn’t (so you come home to cold, lumped together, rice), it is annoying – so odds on you don’t buy a rice cooker that doesn’t connect into your home network, to avoid that situation.

Now, personally, I curse the power windows in my car and generally try to avoid gadgets and electronics added to my appliances because I view them as ‘just one more thing to break.’ But I’m a guy (likely to have a stronger inclination to want to directly control, manipulate, and fiddle with inanimate objects, and less apt to be juggling multiple domestic priorities), and old enough to remember the novelty of getting a remote control and VCR for the TV (i.e. didn’t grow up assuming everything can and should be remotely or automatically controlled). For someone growing up more surrounded by automation, I could imagination the main frustration being that it just doesn’t work very well yet.

I think a Shark Like Refrigerator (Refrigerator with Fins) would be cool... (IMG:style_emoticons/default/smile.gif)

No a Wi-Fi refrigerator! Where do I get that?


Maybe a Wi-Fi clock: "sorry boss, I'm late, got my clock hacked"

wifi-enabled refrigerators and thermostats don't bother me *that* much (though the article you linked seems to indicate the vulnerability comes from inserting an SD card into your thermostat, so uhh... don't put your thermostat on the outside of your house in a location where someone could be hidden while uploading a virus i guess?). i mean, i don't see huge benefits to doing so, but there are some benefits and let's face it, the average random person isn't going to be a target the majority of the time.

it's when we start talking about gear that has no major benefits (who needs to be able to fire their gun when it isn't in their hand and they can't aim it? makes sense for a smart firing platform. makes sense on a drone. makes NO sense on a handheld weapon. a simple location beacon that broadcasts basic information about gun model sounds reasonable though). and it gets even more silly when we're talking about gear where the only reasonable use strongly indicates that it should be offline, like a military grade stealth suit designed for snipers or wired reflexes that are basically only ever going to be used by highly trained covert operatives (because if it's overt, it's probably cheaper and more reliable to just send more people most of the time)

It's because People in General are gullible and easy to fool
Here you've got Donald Trump telling Lies and half of the US believes what he's blubbering
and in SR you've got all the Megacorps that tell 24/7 how safe ,secure and easy to use WiFi is.
Regard the WiFi "Horror" as being part of the SR Dystopia

And I don't think that the Population in SR2075/2080 is as smart as the People of todays real world


Why do people buy the newest Smartphone Year after Year, standing in a Que for Days just to get the next edition.
The answer lies somewhere between Greed and Lazyness

He who won't dance with capital Sins
Medicineman

There are blue tooth enabled pregnancy test kits available today. Think about that. Companies will put wi-fi on anything if they think it will sell and it is cheap enough to do. Increase the margins. Sell it to the suckers. At no time will the manufacturers, sales staff or anyone else in the supply chain mention the vulnerabilities adding wi-fi brings. They will only upsell it, explain how it makes your life easier and keep a positive spin. That is why people buy it. If you are never exposed to the negative or you foolishly assume the manufacturers took care to ensure a device's security, then of course you can be convinced to buy it no matter what hidden problems the device has. Think of the number of times car companies have gone ahead with faulty parts because it is cheaper to pay out death benefits than to recall the faulty vehicles.

Good point, although my practice is a weird blend of the above. For stuff I don't consider really high security (either rightly or wrongly I suppose) I'll do #3, but for some things I prioritize, those have unique passwords, and then for some, I don't even write the passwords down, so I forget them and end up resetting them repeatedly, which I guess is technically close to #1.

But, I'm a weirdo, and yes, excellent point! (IMG:style_emoticons/default/smile.gif)

That is just crazy! You would think that of all things, a pregnancy kit would be something you'd want to be totally offline, for maximum confidentiality and personal control of the information divulged. If I were to improve it, I would have a way to "scrub" the results from the test after viewing, like a chemical result eraser, not have a way to broadcast the results wirelessly!

I think the thermostat malware was more a proof of concept project, but the way I would see the thermostat being compromised would be if someone hacks a software update for the thermostat which the user then voluntarily installs, or alternately for a place like an apartment building someone who is planning to shake down the management manages to break in and install the malware at 2 AM, and then turns around and makes demands of the building management.

1.) There's a Ray Bradbury story where such a house is portrayed as disembodied and creepy; I guess he really managed to predict the future. There Will Come Soft Rains: http://www.gs.cidsnet.de/englisch-online/o.../soft_rains.htm

2.) I'm like you, I hate unnecessary electronics and automation in cars. The next time I buy a vehicle, I want it to possibly be the last time, and I want an old pickup with minimal electronics and possibly manual transmission, that I can just keep running forever. I am so annoyed that now manufacturers throw so much stupid electronic frills into cars (that will be obsolete before the car is ready to be scrapped!) and have literally created vulnerabilities through which cars can be remotely hacked, and then they smile and want you to be happy to pay for that. It gives me a visceral sense of disgust and I'd rather drive an old manual pickup, for real.

Remember, people value conveniences over security, because security breaches, even in 2070, are things that, statistically, happen to "other people." The average joe has never been hacked - or if he has, he's never noticed it, because his account wasn't drained, and whatever his malefactors did on his devices left no traces. He hasn't been robbed at gunpoint, he hasn't had his car stolen and sold to a chop shop/used in an armed robbery.

I mean, sure, he could make himself secure against all of the above.
He would have to forgo:
Electronic banking entirely. This would make it entirely impossible for him to buy even basic goods like food anywhere except where certified credsticks are still accepted; he has to go into a D- zone at the edge of Redmond Barrens and do his grocery shopping at the Stuffer Shack.
Living anywhere "nice," even if he's pulling down enough money to live somewhere better, because he's going to have to forgo electronic banking, and most landlords get highly suspicious if you pay your rent in certified credsticks/refuse to take the money entirely.
Having a car that comes to get him from work and take him home at the end of the day, meaning he'll have to pay for a parking rental somewhere close to his work.
Any Matrix browsing that doesn't take place on public terminals.

Etc, etc.
If you find a guy who forgoes all of that in the name of security, congratulations; you're gonna get geeked, 'cause you've identified a Shadowrunner who's changed his identity and is laying as low as possible.

And anyway, if you wanna be secure "enough?" Think like a 'Runner.
Program your devices with simple bullshit "traps," causing them to ignore all admin/user accounts that aren't your superuser account, and to immediately disregard all wireless input until manually reset if any such accounts are created/accessed. Upgrade the electronics in them with higher-tier equipment if it's important (like your car) and has to be standalone, or slave them through a single device which is high-tier if it's not - a Rating 6 desktop machine should be a great deal cheaper than an R6 commlink, and you can hardwire your apartment's kit through it, so suddenly you've raised the bar to hack your home from the R3 (at best) node on your front door, to an R6 terminal with R6 Firewall and R6 IC actively scanning all logged-in users every combat round. Suddenly you've gone from "trivial for a chargen hacker to pwn" to "as difficult as a moderately tough beginning Run target." Script kiddies and such just got locked out, etc.

But all of that costs (IMG:style_emoticons/default/nuyen.gif)

Because the thermostat connects to the window sensor which turns it down when the window is open. Both also connect to a central node which turns down the heating while nobody is at home (adjustable via smartphone) and acts as an alarm system using the window contacts as sensors and the (also connected) smoke alarms as signal...smart home, y'know? (IMG:style_emoticons/default/wink.gif)

From a security standpoint, it would actually be a boon if more of those things used Wifi instead of some proprietary protocol. One of the most important lessons in IT security is "don't roll your own crypto". By contrast, WLAN with WPA is a well-designed system building on known cryptographic primitives and audited to death twice over, without turning up significant flaws in the protocol itself. The biggest flaws are factory default passwords straight out of spaceballs and the stupidity that is WPS.


@Kitsune

May I remind you of things like Stuxnet, Duqu, Flame...? (IMG:style_emoticons/default/wink.gif)

If western countries appear more vulnerable, it's mostly because in this game attackers don't declare responsibility. So news of successful attacks depend on the target admitting it, which simply does not happen in North Korea et. al. It's kinda like the Soviet space program, which had a great security record -- because any mishap was declared a state secret. They didn't even announce Gagarin's flight until he was safely back again, whereas the US announced every launch and had to live with the "Flopnik" headlines.

I have no problem believing that wifi matrix-connected versions of EVERYTHING exist in 2070s Shadowrun. Go to any retail store today and flip on you phone's wifi scanning, and you will see connection signals from damn near every type of product there.

There will always be individuals or groups that value discretion and the ability to go undetected, however. Those will always demand non-connected equipment, and there will be a segment of manufacturing that is interested in catering to those needs.



-k

Yup. Which is why it is so annoying that 5th ed doesn't provide examples of those pieces of gear. It's been said again and again but there is really no reason for stealth suits or sniper rifles to announce the users presence on the matrix. I hope Patrick and friends can look at this issue and provide some sort of sane resolution. I would ideally like to see the whole wifi always on thing turned into the intended always PAN connected rather than Matrix connected.

fixing wireless bonuses is likely beyond the scope of what CGL would allow even if they do actually implement the freely provided errata this time.

so far as i can tell, CGL doesn't actually think it's stupid that the matrix makes your extendable baton extend faster or that you can't tell how much air you have left in your oxygen tanks without the matrix.

Security for wireless tends to be bad, so it's a good thing then that they haven't included it on anything important.

Also, I've heard of office buildings that penetration testers were able to enter through the wireless thermostat, but I can't find an article, so take that as you will (or provide it if you know what I'm talking about).

The first story gives me an idea for an entertaining run. A white hat/whistleblower who was punished/sued/hospitalized for trying to report a problem doesn't want the public to get the short end of the stick this time. They also want revenge. The runners must get it, and use the vulnerability in a very public way. Mayhem and hooding (-ish) combine entertainingly.

I skipped most of this thread, but it reminded me of something:
My washing machine has its control board mounted on the bottom. Know what the washing machine had under it in case of failure? A catch basin and drain.

What so you imagine happens if the washer overflows?

That's right: it burns out is own control board because some ducktard thought electronics and water played nice. Well really, it's more that someone never put 2 and 2 together and thought about it.

That's some solid engineering right there. Brilliant. Probably have something in warranty that says if you overflow the thing and the board burns out it is your fault.

My problem with wireless in SR5 isn't that Joe Average uses it for everything, it is that shadowrunners are expected/encouraged to do so, and have their 'ware or gear gimped if they show a smidgen of common sense and refuse to do so. DNI, skinlinks, and PANs that are not connected to the Matrix should still be there. It really sucks a lot of fun from the game. Not just the crippled gear, but things that used to be fun (fiber-optic hair, nanotatts), only now you have to worry it will be hacked - or that the ignorant masses will think you are a CFD victim (another lameass metaplot - because apparently augmented characters weren't already stigmatized enough).

I have to agree as the hamfisted anti-wifi hacking stance (but having to be wide open to the wi-fi rape-stick to make your goodies really work) was a pretty big factor in not going to SR5.

I mean, really. If it's that bad then every 'runner would be running around with basic weapons and gear like what you see with the various tier 1 Spec Ops boys now instead of the new Gucci gee-whiz from Ares. Military/Security sales and the reputation built by those sales drives weaponry and combat cyberware sales almost exclusively. You get a rep for having hacking issues and your product will get dropped like a hot rock en masse. Look at what happened when EOTech dropped the ball on a bunch of sights with issues that only a very few civilian consumers will ever have to worry about. They had so many returns requests from their civilian sales that they had to farm it out to a secondary processing company which ended up making the situation worse.

Of course they should still be there. The problems they were created to solve still exist, if not even more so than previously, so there should still be a demand for them. They didn't (until a worse, more expensive option was finally made available) not for any game-world reasons but because of the game designers' commitment to how they believe the players should be forced to interact with the game's technology.

It took what, two years before they finally said 'okay, I guess a PAN is fine' and published the internal router, while still making it cripplingly essence-expensive to keep up the ongoing Magicrun overtones?

Seriously. The internal router is .7 Essence and (IMG:style_emoticons/default/nuyen.gif) 15k. A full Cyberskull is .75 and (IMG:style_emoticons/default/nuyen.gif) 10k

I don't actually know. I don't think so, because it happened to us twice and it was more of an annoyance than anything (i.e. "couldn't wash clothes for a week" was a bigger problem than "cost of the repairs"). And that's with a catch basin that has a drain (not actually required). The catch basin is hilariously undersized too. It holds like a gallon of water, maybe two. A wash uses like five or ten. Despite the drain we've overflowed the catch basin, too.