So what happened in the end?, CGL, state of Dumpshock, etc. Options

[Stahlseele]

I'm kind of confused as to why people are acting like none of this happened with SR5.

not nearly as much as it did with SR4 though.
probably because some of the most vocal people had already left.
and more had left after LLC embezzeled 1 million dollars for his new house.

and the rest simply does not give as much of a shit about things CGL fucks up anymore it seems.

[Fatum]

Well, when something happens regularly, it tends to lose its novelty.

[Wounded Ronin]

This thread is like the bad ending to a video game.

[Abschalten]

This thread is like the bad ending to a video game.

And entirely self-inflicted by Catalyst and the decisions they've made concerning the game. Shadowrun ends with a whimper and not a bang.

[Elfenlied]

Makes Catalyst sound like EA.

[Glyph]

I'm kind of confused as to why people are acting like none of this happened with SR5.

Compared to SR3 to SR4, this is pretty mild. And even a lot of the people like me, who dislike it, are less "Bah, don't change my Shadowrun," and more "I wanted to like it, but...".

[kzt]

The fact that they seem to want us to shell out for all new core books every 5 years gets damn expensive

I'm waiting for CGL to offer to send out the errata for SR5 real soon now. In exchange for you sending them a mere $45 bucks for a new hardcover.

[kzt]

Shadowrunners get their target designated first, and then deckers/hackers are expected to be able to hack them within a short timeframe (or do nothing for the entire adventure).

One guy I played SR with a few times was an Air Force Pave Low pilot for Air Force Special Operations in real life. He mentioned once that the real life missions he went on had a hundred or more people researching and planning the mission for weeks to months with multiple full rehearsals before they did the mission for real, in SR they met some dude in a bar and broke into a supersecret site 6 hours later.

[Critias]

One guy I played SR with a few times was an Air Force Pave Low pilot for Air Force Special Operations in real life. He mentioned once that the real life missions he went on had a hundred or more people researching and planning the mission for weeks to months with multiple full rehearsals before they did the mission for real, in SR they met some dude in a bar and broke into a supersecret site 6 hours later.

You give your PCs six hours of prep time? That's crazy talk! (IMG:style_emoticons/default/wink.gif)

[kzt]

Gunplay outperforming melee by a bit isn't a terrible problem, but a vast gulf is.

You shouldn't have to be superhuman to kill people with a sword or axe. What you should have to do is get close enough to hit them before becoming a colander, as contact weapons like that do horrific damage to the human body. The problem in 4th was that you could get there and then not really hurt them.

[Kai]

I read this thread cause I'm actually going to get to play Shadowrun for the first time in close to 4 years soon, and I wanted to know what the world was like from the trenches as it were. I haven't gotten to much into 5th yet, but so far, nothing has made me have to repeat it to others to see if they laugh as hard as I did, so...it can't be that bad. (IMG:style_emoticons/default/biggrin.gif)

Someone remarked it was the Appeasement Edition for the old players, and I do have to say, who else are you thinking are buying tabletop RPGs anymore? The advent of MMOs, where no one has to be the GM has cut out at least half the people that would have been tabletop players a generation ago, I'd go so far as 75%. The people who have the cash and the interest in RPG books are old RPG players who are looking back at the games they played in high school and college with nostalgia, and the occasional bored new gamer who has a local brick and mortar store that sells books at all, and has more than D&D which is getting to be quite rare.

Same as any other edition, we'll read it, play it, change the rules we all agree are dumb(I'm still looking at you, auras can pass through each other rules). As for the 'where did all the old names go'....it'll happen to all of you someday, you'll get tired of the feeling of deja vu every time you start to post, seeing the same old discussions with new names substituted and wonder why you are bothering about halfway through typing out a reply, and lurk instead :7

[Elfenlied]

You shouldn't have to be superhuman to kill people with a sword or axe. What you should have to do is get close enough to hit them before becoming a colander, as contact weapons like that do horrific damage to the human body. The problem in 4th was that you could get there and then not really hurt them.

Running around with a sword or axe when firearms are cheap and abundant is just asking for it, though. This isn't an anime or Joss Whedon game, where swordguy is equally viable to assault rifle guy. This is a game where guns are supposed to be the optimal choice in terms of combat for mundanes, and the system does a good job of modelling it by making melee inherently worse, with the option of playing a melee specialist if you invest a lot in it. And even then, that melee specialist should have some ranged attack options.

Also note that body armor in SR is supposed to outclass most of what we have today in terms of body armor, whereas melee weapons have not made vast improvements, with certain exceptions such as monowire. Going frontal assault with a sword against an armored, trained and cybered professional with an automatic rifle should result in a dead swordsman, otherwise the system gets ridiculous.

[apple]

But even if you have Str as base damage in SR45, a ranged weapon should still be better, especially when used with normal human strength 3-6.

SYL

[Brazilian_Shinob...]

I'm sorry, but NDAs prevent me from giving specifics, but please take my word for it that this is utterly incorrect. Some pretty small time hobbyists will pretend to play secret agent, and do all these things. Usually the overlap involves people with a background in psychology as well as computer science or software engineering (although plenty of others are self taught). All it really takes is one guy with a believable smile, and some time on his hands, and a computer or two.

And just on the off chance that there is a CIO or anything reading this: every time you tell your admins to just get it done and nobody cares about cracking us guys like that get wood.

No specifics are needed, but you are really telling me that someone can break a good secure host/LAN in less than one day WITHOUT the need of social engineering? Just using softwares and L33T skillz®? Because that's stuff that hackers/deckers CAN DO in Shadowrun and I find highly unlikely having spent 6 months as an intern working on the security of the company I now work full time that someone can breach your network so fast except in two occasions:

1- He somehow social engineered to get his way accross.
2- He somehow worked on the place before and left a backdoor. Which I actually learned to do and left for a time to see how much time my boss would notice it, he noticed the day later I tested the backdoor from home when he got to work, by then, ok, he noticed and I really didn't try hard to cover my tracks and anyway if I wanted to do harm it would be done already.

So, I'm not telling I'm a security expert but I dabbled on it and this is from my own experience and perhaps the bias of the company I work having a fairly competent spider, but I'm really interested, again, no specifics needed, if this is indeed possible.

[Sengir]

You mean, like the recoil rules in 2nd edition Fields of Fire (1 point of RC for every two points of Strength, starting at 5), or 3rd edition Cannon Companion (1 point of RC for every 6 points of Strength, starting at 6), or 4th edition Arsenal (1 point of RC for every 4 points of Strength, starting at 6) ?

Or SR5, which gives STR/3 (rounded UP!)? (IMG:style_emoticons/default/wink.gif)

[Nath]

Or SR5, which gives STR/3 (rounded UP!)? (IMG:style_emoticons/default/wink.gif) E

My bad, I always forgot that 5th edition rulebook now that I shelved it next to the D&D 4th books and the Star Wars 1-3 and Matrix 2-3 DVD.

[binarywraith]

Or SR5, which gives STR/3 (rounded UP!)? (IMG:style_emoticons/default/wink.gif)

Got a page ref for that? I can't find a damn thing in this book, and I must've missed it on the first several read throughs. (IMG:style_emoticons/default/frown.gif)

[Sengir]

Got a page ref for that? I can't find a damn thing in this book, and I must've missed it on the first several read throughs. (IMG:style_emoticons/default/frown.gif)

P. 175, third paragraph under the "Recoil" heading.

[Nath]

Only slightly related, but I'm still bemused at the idea that, as editions pass and the technology advances, drones become less and less capable of rivalling with metahuman shooters (not having a Strength attribute in this case, using Body instead, so a medium drone now gets just as much as a tough ork, it's mostly other things like autopilot and autosofts stuck at rating 6 max).

[apple]

No specifics are needed, but you are really telling me that someone can break a good secure host/LAN in less than one day WITHOUT the need of social engineering? Just using softwares and L33T skillz®?

Zero Day Exploit knowledge and custom written program for that. It would of course depends on the connections and/or knowledge (access) of the hacker, but this is partially simulated by the horrible SOTA rules in SR4 (and partially in skills like hacking, matrix theory, security protocols, host knowlege, network design etc)

SYL

[Warlordtheft]

Isn't it rather self-evident that SR hacking has zero in common with real life hacking? I mean, in Shadowrun, you (for some reason) slip into a simulated Virtual Reality avatar to shoot actual anti-theft program avatars (IC) with simulated guns (programs). There is literally no reason whatsoever for hacking, or to be honest, anything outside video games to have full VR, and yet there it is. And for some reason destroying the avatar or representation of something in VR is equivalent to actually hacking it.

If you ever had a chance, go read the Background and fluff from the 1st matrix book. The concept of metaphor is sometimes lost in some of these matrix threads. Attack programs focus on corrupting, removing important files, black IC is trying to override your safety protocols and deal a heafty amount of voltage directly to your brain, stealth programs remove traces of your exsistance.

I guess what I am getting at is that the core concept of decking has not changed, just the rules used.

[Koekepan]

Zero Day Exploit knowledge and custom written program for that. It would of course depends on the connections and/or knowledge (access) of the hacker, but this is partially simulated by the horrible SOTA rules in SR4 (and partially in skills like hacking, matrix theory, security protocols, host knowlege, network design etc)

What Apple said.

Realistically, very few sites actually keep up with their vendors' patch schedules because of perceived risks to function (not all mythology - I've seen vendor patches break things horribly), and vendors are often well behind the security curve in the patches they put out - weeks or months.

And yes, I have (in the context of security checks) used tools to get into real, running sites in minutes without credentials, stolen or otherwise. Sometimes it's just having a recent hack on hand, but usually it's a hack which was patched many months ago. Then I talk to the actual admins, and this is almost invariably the structure of the conversation:

Me: So, couldn't help but notice that I owned your ecommerce server with a crack which was out 18 months ago, and patched 16 months ago. How about patching it?

Admin: No can do. Can't run production changes without change management approval and QA testing, and we can't get on their schedule because the devs are always pushing their deadlines.

Me: Same as every other place. OK, well, your workaround would have been to lock down port blahblahblah through the firewall, why wasn't this done?

Admin: No can do. We reported that to the project manager at the time, but they wouldn't put in the specification change without QA time, and there's never time for that.

Me: You're looking for a different job, right?

Admin: Nope. They are all the same unless I work for the government and that's even worse.

The only time I have ever seen anyone seriously punished or fired for a security breach, it was the security guy who put out gigantic warnings about what was wrong, well ahead of time - this wasn't me, but I learned my lesson and moved into other fields. And until that changes, information security is basically a fever dream.

That said, the shadowrun world contains all the ingredients for actually changing this, because the incentive structure is radically changed. One of the worst syndromes of real life silicon valley crotchstrokers is their apparent inability to plan for a maintenance cycle on deployed applications, by which I don't mean occasional functional patches, but everything else down to OS updates and hardware refreshes. I know, I know, it takes longer and costs more. That there sure is a bummer.

[Koekepan]

Running around with a sword or axe when firearms are cheap and abundant is just asking for it, though. This isn't an anime or Joss Whedon game, where swordguy is equally viable to assault rifle guy. This is a game where guns are supposed to be the optimal choice in terms of combat for mundanes, and the system does a good job of modelling it by making melee inherently worse, with the option of playing a melee specialist if you invest a lot in it. And even then, that melee specialist should have some ranged attack options.

Also note that body armor in SR is supposed to outclass most of what we have today in terms of body armor, whereas melee weapons have not made vast improvements, with certain exceptions such as monowire. Going frontal assault with a sword against an armored, trained and cybered professional with an automatic rifle should result in a dead swordsman, otherwise the system gets ridiculous.

A lot of people forget that it doesn't have to be one or the other. Bayonets work just fine. Rifle butts work just fine. There's nothing wrong with toting an LMG, but keeping a combat tomahawk strapped to your thigh just in case.

One tomahawk maker has a well known product - I know that there are others. Take that, scale up for a troll, and it'll do a fairly quick and quiet take down through all but the toughest armour.

[nezumi]

Regarding security, I can echo Koekepan's claim.

Cracking into a network where management cares about security is in fact extremely difficult and time consuming. It is almost trivially easy to shut out 90% of attacks (in fact, the NSA just recently released a report saying exactly that!) But since the majority of attacks are invisible and the only visible cost is a hit to network performance (if anything), most managers have other priorities. Patching takes time, every office manager is king of his own dominion so installs his own software, everyone with any sway at all gets an admin account just for asking. I'm glad where Shinobi works they have their stuff together, but out of the past 3 places I've worked, none of them I would consider secure.

It's pretty easy to create a little back door application and email it to someone in the organization saying it's the agenda for today's meeting. Send it to 10 people, you get 6 hits. Sure, that's technically social engineering, but it's nothing that requires a pornomancer.

[kzt]

No specifics are needed, but you are really telling me that someone can break a good secure host/LAN in less than one day WITHOUT the need of social engineering? Just using softwares and L33T skillz®? Because that's stuff that hackers/deckers CAN DO in Shadowrun and I find highly unlikely having spent 6 months as an intern working on the security of the company I now work full time that someone can breach your network so fast except in two occasions:

We find that when we hire a company (trustcc) to do a penetration test that they have always managed to accomplish a lot more than we though they could. Often via things that make me want to bang my head on a desk. Unless you have had a professional run pen tests you really don't know how secure you are. The fact that it is in theory possible to secure your network if you do everything correctly doesn't mean everyone is in fact doing everything correctly. Adobe lost pretty much EVERYTHING (users, passwords, source code) due to a well known issue in ColdFusion (an Adobe product) that was not properly patched or properly deployed on several of adobe's web sites.