Unwired PDF: a small and fast review, I am not a native english speaker ... Options

[Jaid]

i'll clarify; i don't think agents can spoof their access id to be one for a normal user. i absolutely agree that they can spoof in general, however, i just don't think you can make a persona access ID look like an agent's, or vice versa.

[Sombranox]

So all matrix user accounts across the board are barred from logging into the same node more than once? Because agents are. And if a node can't tell the difference between an agent logon and a live person, then you have to bar double logons for everyone.

The fluff in the security chapter on page 73 says that spiders can configure nodes to allow only a single copy of each access id or limit the number of connections to a small number to deter botnets and malware. That said, I'm not going to weigh in on the option of agents spoofing their own access id. I'm still making a close pass over the book.

[RunnerPaul]

So, by the text on p 73, accounts aren't barred across the board from having more than one simultaneous logon by default, though an administrator can choose to limit them in such a way.

And yet, when two copies of an agent that share an AccessID (whether it's their real AccessID, or one that was spoofed when the original was loaded on to a node), the section on Copied Agents and ID on p.110-111 makes it clear that nodes automatically refuse the copied agent's login attempt if the original is already logged in, to prevent a runaway Agent Smith scenario. (Limited Agent Smith Scenarios, where you've made all the copies you want to use before hand, and take the time and effort needed to spoof each agent a different AccessID as it is loaded are still permitted).

[Jaid]

as i understood it, the logon limitation was to keep multiple logins from happening in rapid succession. ie, if you have 500 login attempts in 1 IP, it's good odds that you don't want them to get in, no matter what their access ID is (IMG:style_emoticons/default/wink.gif)

but i may have misunderstood that.

[RunnerPaul]

ie, if you have 500 login attempts in 1 IP, it's good odds that you don't want them to get in, no matter what their access ID is (IMG:style_emoticons/default/wink.gif)

No wonder BattleShop's servers kept choking on Unwired PDF Release Day.
(IMG:style_emoticons/default/biggrin.gif)

[crizh]

when two copies of an agent that share an AccessID [] nodes automatically refuse the copied agent's login attempt if the original is already logged in,

Not strictly true

If a copy tries to access a node on which an agent with the same access ID is already running...

Not a node where the copy is already logged in or a node that a copy is already accessing but a node that has a copy loaded onto it.

[RunnerPaul]

Not a node where the copy is already logged in or a node that a copy is already accessing but a node that has a copy loaded onto it.

So the whole rule about "Preventing the Agent Smith Scenerio" doesn't even do what it says on the tin?

**reads section again**
Well, I'll be snookered. It don't.

[Dr Funfrock]

So the whole rule about "Preventing the Agent Smith Scenerio" doesn't even do what it says on the tin?

**reads section again**
Well, I'll be snookered. It don't.

It does, more or less.

As I understand it, yes, you can load a hundred copies of the same agent on to a hundred different stolen commlinks and have them all hack the same system. However the moment the Sys-admin realises he's being bombarded by the same access-ID attempting 100 simultaneous logins he's just going to ban that access-ID. Since an Agent's access-ID is hardcoded, they're now completely screwed. Job over, go home.
Hackers get away with a lot of what they do because they can just back off from a system that has spotted them, change their access-ID, and try again. Agent's don't have that option, so they have to get it right first time. This also limits the "Hacker in a box" scenario, by making Agents perfectly good at standard matrix stuff, but a bit naff at hacking, because they only get to screw up once on any given system.

Spoofing is the issue, and from what I've read so far something that needs some careful interpretation, and possibly a word or two from the devs on exactly how it works, and what you can or can't spoof.

[Sombranox]

It does, more or less.

As I understand it, yes, you can load a hundred copies of the same agent on to a hundred different stolen commlinks and have them all hack the same system. However the moment the Sys-admin realises he's being bombarded by the same access-ID attempting 100 simultaneous logins he's just going to ban that access-ID. Since an Agent's access-ID is hardcoded, they're now completely screwed. Job over, go home.
Hackers get away with a lot of what they do because they can just back off from a system that has spotted them, change their access-ID, and try again. Agent's don't have that option, so they have to get it right first time. This also limits the "Hacker in a box" scenario, by making Agents perfectly good at standard matrix stuff, but a bit naff at hacking, because they only get to screw up once on any given system.

Spoofing is the issue, and from what I've read so far something that needs some careful interpretation, and possibly a word or two from the devs on exactly how it works, and what you can or can't spoof.

The whole point is they nicely did away with agent smith armies by hardcoding the access id into agents, then went right along and provided an ability to spoof that ID when loading an agent, which was stupid.

I'm just planning to ignore the ability to spoof an agent ID. make it so the agent's by the new matrix protocols are required to constantly feed nodes their hardcoded agent ID, so if the hacker spoofs the datatrail on loading, it doesn't stop the agent from contradicting that spoof by broadcasting its real ID. And since the agent can't change its own ID after loading, it is stuck to what is hardcoded.

The only way to have more than one agent run on the same node is to hack the agent ID through the process given (essentially recoding the agent to broadcast a new agent ID). No more quick spoof-loading, but still provides the opportunity to slowly build up an army of agents over a few weeks if you for some reason REALLY need them.

[Dashifen]

Yeah, I think the timespan is the limiter here. Like I mentioned in a different thread, though I seem to be in the minority, I've had whole campaigns of many months in real time that only encompass a few weeks of game time. Sure, you might get one free agent with a new access ID out of a week or two of programming, but if that in-game time takes months out-of-game it's easier to just buy a new (unregistered) Agent to do what you need to do.

[Synner]

The whole point is they nicely did away with agent smith armies by hardcoding the access id into agents, then went right along and provided an ability to spoof that ID when loading an agent, which was stupid.

This was indeed a mistake. The section about being able to spoof an agent's Access ID when uploading was a remnant from a previous draft and should have been removed. Unfortunately we missed it in proofing. It will be corrected in the first errata. The Access ID of an agent is integral to its code and was only intended to be changed with a patch.

[Jaid]

This was indeed a mistake. The section about being able to spoof an agent when uploading was a remnant from a previous draft and should have been removed. Unfortunately we missed it in proofing. It will be corrected in the first errata. The Access ID of an agent is integral to its code and was only intended changed with a patch.

well, that does help. at least it dramatically slows down the accumulation of the agent smith army.

[Sombranox]

This was indeed a mistake. The section about being able to spoof an agent's Access ID when uploading was a remnant from a previous draft and should have been removed. Unfortunately we missed it in proofing. It will be corrected in the first errata. The Access ID of an agent is integral to its code and was only intended to be changed with a patch.

Yay! Down with the mook armies!!! *coughs* Anyways. Thanks for the info Synner. That'll probably put at least some people at ease.

[RunnerPaul]

This was indeed a mistake. The section about being able to spoof an agent's Access ID when uploading was a remnant from a previous draft and should have been removed. Unfortunately we missed it in proofing. It will be corrected in the first errata. The Access ID of an agent is integral to its code and was only intended to be changed with a patch.

And, so, going back to the original question that spawned this particular line of debate: does this mean when someone/something logs into a node, that node can easily distinguish between a logon from a live human ana a logon from an agent?

[De Badd Ass]

And, so, going back to the original question that spawned this particular line of debate: does this mean when someone/something logs into a node, that node can easily distinguish between a logon from a live human ana a logon from an agent?

In Real Life, there are SOTA ways to distinquish between a human and an agent, and SOTA ways for an agent to fool a system that is not SOTA.

I imagine that a game mechanic to handle this reality would involve ratings, and rating degradation via SOTA rules implementation. I haven't read Unwired, so I don't know how it handles this. I just know that the word "easily" corrupts your question.

[Rotbart van Dain...]

I'm currently swamped and unable to find the time to properly address the degradation rules issues that have been raised. Right now my priority is to get some other books off to press.

I recognize that there are indeed some issues which do require clarification and errata, but what I will say (for now) is that too many people seem to believe that the software degradation rules were somehow concieved with the intention that a hacker would spend most of his time patching all his own software and making roll after roll. This was never our intent, and that is why it isn't necessary.

Hackers are not asocial hermits living in basements and working alone (that's a long dead stereotype). They can program and patch their own software or they can turn to a cracker contact and warez group. These individuals/groups trade, sell, and distribute programs and patches amongst themselves. Serious hackers will have the contacts and abilities to trade or buy what they need peer-to-peer, and they will program because trading or hacking a corp database to steal a patch is actually good for their rep and credibility as hackers (script kiddies and dabblers will quickly be weeded out as leeches). Yes, this alternative can cost money (but it need not, for instance, there's no reason you couldn't trade one of your updated patches for different patches with different people on a warez group). But even if it does, it's intentionally easy to make it a precalculated monthly payment that you can tack on to Lifestyle costs or simply pay a steady supplier/contact. I also believe the case for extra accounting is being overstated, but I'll address that at a later date when I have more time.

Per RAW, no matter if you search for a patch, code it yourself or negotiate for it - it's a test. And the problem isn't that it's cracked - the problem is that it's not registered (and thus not continously supported).
Each program needs it's own test. In fact, autosofts, sensorsoft, skillsoft and even the build-in software running on gear you aquired on the black market (and thus the registration isn't valid) needs patches - or it will degrade into oblivion.

If played strictly by the book, this subsequently turns into a book-keeping nightmare as you need to account for every piece of degrading software. Which runners will have by the dozens, given the horrendous datatrails they would produce otherwise.

The problem is illustrated by the premise that every program characters own until now is legally bought and registered. However this isn't the case, most programs are aquired through availability tests - and thus, on the black market.

[Synner]

I did say that some stuff required clarification and errata. That's one of them. Errata will include a line to say that at the GMs discretion all updates can be located with a single search (using the highest availablity) and bought paying the sum total for patches. GMs may even allow straight trade offs of patches of equal value that you've coded yourself without negotiating. Alternatively, assuming characters have a regular source/supplier such as a cracker group and makes a point of maintaining their contacts, GMs wishing to minimize Tests may allow them to update everything by adding the sum total of the patch costs to the character's monthly Lifestyle expenses. (This latter option will be bolstered with the Group and Virtual Contact rules in Runner's Companion.) The month and two month degradation intervals were chosen specifically to tie into Lifestyle intervals if desired.

Another issue requiring clarification is exactly what programs do degrade. That'll be addressed soon.

Availability Tests do not apply at character generation and characters who buy programs at chargen are assumed to begin play with all of them legal - unless the gamemaster allows players access to the Cracker Underground at chargen so they can be picked up at a lower cost but as cracked warez. Each group decides. Heck, a player can even begin with a legal program cracked at the start of play, that's his perrogative. Regardless, keeping track of degradaton simply means putting a C for cracked next to the program line on your character sheet and jotting down the cost to keep it at its current value and whether its monthly or bimonthly in a patch column.

[Tycho]

Thanks for the Info, Synner.

For me, this will fix the whole dice rolling/bookkeeping issue. I would have done it that way anyway regardless the rules, but so I think there is less reason for discussions.

cya
Tycho

[Rotbart van Dain...]

Another issue requiring clarification is exactly what programs do degrade. That'll be addressed soon.

Thanks, that would be most helpful - even more so if it could be streamlined with a clarification what software counts against processor limit.

Availability Tests do not apply at character generation and characters who buy programs at chargen are assumed to begin play with all of them legal - unless the gamemaster allows players access to the Cracker Underground at chargen so they can be picked up at a lower cost but as cracked warez.

That may open a can of worms, though:

Up until now, the only things that mattered for picking gear at chargen were availability and money. It never depended on wheter you aquired said gear legally or if you stole it... if you started with it, it cost a certain amount of build points and you didn't need to have a SIN with proper licences either to start with it (though it was helpful).

The Registration option has more requirements, which is a first for chargen.

[Jaid]

That may open a can of worms, though:

Up until now, the only things that mattered for picking gear at chargen were availability and money. It never depended on wheter you aquired said gear legally or if you stole it... if you started with it, it cost a certain amount of build points and you didn't need to have a SIN with proper licences either to start with it (though it was helpful).

The Registration option has more requirements, which is a first for chargen.

would it help if you thought of cracked programs as being a separate piece of gear from registered, legal ones?

[Sombranox]

would it help if you thought of cracked programs as being a separate piece of gear from registered, legal ones?

The only problem I have with treating them as being separate and available at chargen is why would any runner pay the full price for any software?

I guess if they don't have a data search skill and browse program, any warez contacts, or hacker friends it would be a pain to get the patches, but 10% is just too good to pass up. I played with a hacker build using 10% available at chargen and ended up just going crazy with the spending, especially on activesofts and linguasofts. Figured it out afterwords that if I'd bought the programs at full cost it would have been a good 250K just in programs.

Realistically, this fits with how much money the corps are losing to warez every day, but damned if I didn't feel just a little cheap about getting so many goodies for so little cost and still having a lot left over for stuff I couldn't cram in before like extra cyber, some decent drones and other such toys.

So I dunno. It's nice to have extra money, but I think if I allow it in my group, it'll be limited to rating 4 hacking programs and rating 3 autosofts, activesofts, linguasofts, knowsofts, OS progs, and pilots. If they want things at 5 or 6 right off, they'll have to pay the money. Otherwise, they'll have to wait til they're out in the world and can go download the rating 6's.

Or something. It could be that it's really no big deal and all programs should just be 10% off at the start. If anyone actually implements the rules in their own games, I hope they share how the players take to it (and if it gets abused)

[Cthulhudreams]

Availability Tests do not apply at character generation and characters who buy programs at chargen are assumed to begin play with all of them legal - unless the gamemaster allows players access to the Cracker Underground at chargen so they can be picked up at a lower cost but as cracked warez. Each group decides. Heck, a player can even begin with a legal program cracked at the start of play, that's his perrogative. Regardless, keeping track of degradaton simply means putting a C for cracked next to the program line on your character sheet and jotting down the cost to keep it at its current value and whether its monthly or bimonthly in a patch column.

Doesn't this completely bone hackers as all their starting programs are now going to be spraying digital fingerprints around when the game starts and they need to hack into a computer during session 1?

Doesn;t that pretty much suck for them?

I'm not seeing why that is a good idea. Seems like a straight up bad idea.

[Mäx]

You apparently missed the part were synner said that legal programs can be cracked if the player chooces them to be.

[Rotbart van Dain...]

And that does heal the fact that some characters were never allowed to legally buy them how?

[Rotbart van Dain...]

would it help if you thought of cracked programs as being a separate piece of gear from registered, legal ones?

Not really. Just tell me:

You are new to SR4, just picked up the main book, build yourself a nice hacker - or even used the archetype - and when you actually play it, everyone just tells you that your' stupid. Because you build your character with a kind of gear that will get him caught and is just ten times expensive as the stuff he really needs. With not even the slightest hint to that in the main book - in fact, the main book tells you that every true hacker writes his software himself, and chargen tells you that you have to pay resource costs no matter how the character aquired it.


The easiest way of fixing this is that starting hackers are assumed to have aquired (no matter how) the unregistered, unprotected sourcecode of the software they own. And that everyting else is a 'in game' rule. Which fits the rules of the main book.