More about Agents and IC Options

[GrinderTheTroll]

Hi again all,

Talking about Agents and IC recently got me thinking about why exactly there exist different terms to define essentially the same thing so I started looking at the text on SR4.227-228 to get a better idea.

On SR4.227 it says, "Agents use the Reponse attribute of whatever node they are run on: this means that the attributes of an agent operating independently may vary as it moves from node to node".

On SR4.228 it goes on to say about independently operating agents, "The agent continues to operate in the Matrix even if your persona goes offline. In this case, the agents doesn't count towrads your persona's active program limits like running programs do..."

Further down under "Payload", "If an agent is acting independently, any programs it's carrying must be active, and so may affect its Reponse. Any programs run are limited by the Pilot rating". This doesn't say it affects the node's Reponse, but the Reponse of the agent. Fat agents would eat the processing time the node's granted it and slow themselves down.

Here's what's said about Intrusion Countermeasures:

On SR4.228, "...it [IC] specifically refers to a specialized type of agent program that is used to defend a system. For all game purposes, IC programs are the equivilant to agents and function the same.

So IC is the same as an agent, but that doesn't mean an agent is the same as IC and the last line of the "Intrusion Countermeasures" section would only apply to IC: "Note that nodes are careful not to run so many IC programs at once that if affects their performance"

So what I am driving at here is that in the "Agent" section, there is no mention of an agent affecting a nodes Reponse, only the Reponse of the agent itself based on its own program load. However, IC (a special type of agent) does affect the node it is present on and could futher degrade it's own relative Reponse based on its own program load.

If this holds true, my conclusion would be that any amount of user agents would be alllowed without node's Reponse degrading but can "self degrade" with an excessive program load.

Any comments are welcome.

~GTT

[The Jopp]

Hmm, that would mean that any runner worth his salt could run an unlimited number of agents on their commlink without them affecting the response of said ’link. That sounds like abuse of the highest degree to me since you could have a few thousand agents assisting you in attacking a node’s defense, who in turn have their own armada of agents.

The main difference between Agent and IC is that the system itself can upload and activate IC and what program load they can have in order to defend itself, so in a way the system itself has a limited pilot program that can identify threats (if Analyze is loaded) and run their own programs (IC).

Agent on the other hand can only be run by the user and will not run themselves if destroyed while the OS can initiate IC as soon as one go down.

….

Here’s a few oddities I wonder about. Programs loaded on an Agent, do they affect response on the node they are run on? Example: Hacker running a Response 5 ‘link and has 1 agent with 4 programs, does that mean that the response goes down by 1 then or is the entire agent including the 4 programs counted as 1 program?

If I have a response 5 commlink and run 5 programs and 4 agents (9 total, which gives -1 reponse), thus lowering my response to 4. The agents are rating 4 and runs 4 programs each. Does this lower the agents response first to 4 because the commlink goes down a notch and then another down to 3 because they are now response 4 agents running 4 programs? Or does one only count from the commlinks original response of 5?

[Serbitar]

The rules mean:

Node 6 running 6 agents gets the nodes response lowered to 5
Node 6 running 1 agent 6 that is running 6 programmes gets the agents response lowered to 5

node 6 running 6 agents running 6 programmes each get the nodes response lowered to 5 and the agents response lowered to 4

(note that the rules are unrealistic, processing power wise, but that has to be accepted when playing RAW)

I would only apply thoses node rules to devices. Real matrix host workstations would have unlimited processing power in this respect. Certainly more than a comlink. I would limit the nunber of IC by some baseline assumptions about traffic, security, hackability, gameblancing and fluff.

[hobgoblin]

higher rating os, better task switching routines ;)

[Moon-Hawk]

First of all, I want to send big love to Grinder for using quotes and referencing pages.
I think you have an interesting point, but the possibility remains that you're reading too much into the language. Possibly.
Personally, it kind of makes sense for IC to load a host but for an Agent not to. An Agent is very much like a persona, and only does a set amount of stuff at any one time. IC, while a specialized form of Agent, is different in that no matter how large a host/node/mainframe gets, it is still responsible for the entire host/node/mainframe. Thus, the amount of work the IC is doing scales with the node it's running on. So even if the host is some massively parallel system that can support thousands of users, the fact that the one IC still has to monitor and be responsible for ALL of them means that it is using a fantastic amount of system resources, and still loads the host normally. Meanwhile, a hacker's Agent is still just doing his one or two little things just like any other user, no matter how big or powerful the host is.
So from that perspective it makes perfect sense for IC to count against a host's load, but for personas and agents not to. Of course, I'm only talking about mainframe-style hosts. Not devices or commlinks, which should be loaded by everything. For a device this simple, the workload of IC shrinks considerably, so it only takes up the same resources as any other Agent or persona.
It all comes down to large hosts following a different set of rules than devices and commlinks, which makes a lot of sense but isn't exactly by the RAW.
Speaking of making sense, am I?

[mdynna]

I am so glad that people seem to be coming around and realizing that the game is going to have different rules for "mainframe hosts."

Now, I don't really have a problem with the player's being able to load "effectively" unlimited Agents onto a target host for a couple of reasons:
1) I have ruled that Agents cannot be copied. You have to buy or build each one individually.
2) Agents must start in the user's Commlink before they are loaded onto the target host.

Point 2 is important because if the PC is carrying around 6 fully-loaded Agents, that is going to bog down is Commlink a lot. Then each Agent must loaded onto the host with a Complex Action. That will be a lot of rounds where the Hacker is doing nothing but sitting and loading.

[Serbitar]

@ Moonhawk.

What to do about high security host, that are NOT accessed by thousands of users? Infinite security?

[GrinderTheTroll]

[GrinderTheTroll]

[Moon-Hawk]

@Grinder: As I said, it's a possibility, but I tend to agree with you.

@Serbitar: Well, security that is capable of escalating beyond a half-dozen IC programs, sure. If whatever they're protecting is worth the however many extra million it costs to add lots and lots more processing power than you actually need, then sure. But why? If it's that darn sensitive it'll be in offline storage anyway. Or at least a network not accessible to the outside world. Their money would be better spent on other aspects of security.

[Backgammon]

Ok, here's the dillema:

a) Loading Agents on nodes does not affect the node's Response nor yours
Solves: Denial of Service attacks by loading Agents to slow down the node and then raping it
Problem: Load shitload of Agents on nodes to help you do your tasks or combat


b) Loading Agents on nodes affects it's response but not yours
Solves: You can't load a bunch of Agents to help you cause you're going to slow the node so much the Agents won't be able to do much
Problem: Denial of Service attack

What we want is 1) no DoS attacks 2) no Agent loading abuse to support your tasks, right?

Right now, I don't see how this can be done without the GM having to flat out state "you can't do that", or, like mdynna suggests, ban Agent copying.

[mfb]

the best answer i see is to simply have agents run from your node. if you want to run an agent on someone else's node, you can do so by hacking the node to accept the agent.

[Shrike30]

[GrinderTheTroll]

I'm not sure why DDOS is such a bad thing, it's a legit form of bogging down a system so you can sneak in and do your dirty work. PLus, you'd have to get all those Agents uploaded into or self-hacked into the system. Even if the system becomes frozen, you can't do anything with it since anything you want to access would be frozen as well. You probably prompt a system shutdown/reboot which would buy you some time.

[mdynna]

The problem with the DoS attack is that it's too easy, especially if you are allowed to copy Agents.

One interesting way to turn the tables would be to say that a Hacker's Response (and therefore System) ratings are limited to what the Node is running. That isn't a very "nice" solution however.

The fact is, I don't think the designers ever thought of DoS attacks with "Agent armies." There needs to be a counter-balance reason why someone wouldn't want a legion of Agents along with them all the time.

[Serbitar]

My solution: Allow infinite ammount of agents/IC on matrix hosts, but not on devices (Comlinks . . .)

[mdynna]

But the Agent is only on a PCs Commlink for a brief period of time, just long enough to upload to the "host." That doesn't really solve the issue of massive amounts of Agents.

[Serbitar]

Whats the problem with massive ammounts of angents in hosts? If you can not DoS the host, the host simply does not care. The hacker does not gain anything from it.
The more agentsyou load up, the bigger the danger to be detected gets. And once you are detected, the run is mostly over, as the host can just shut down if it wants to.

80% of the crucial hacking runs are about stealth. If you are detected, the run is over.

[hobgoblin]

hmm, if one have unlimited agents. whats stopping the company from loading the chokepoint with 10000 rating 6 IC packing rating 6 attack and analyze?

still, there is the issue of active subscriptions. a comlink can only have system X 2 active at one time. ok so its 12 agents. but in theory a node can allso field atleast 12 IC if it feels the need.

there are some talk about connecting chains of comlinks together to manage multiples of 12 agents at the same time.

hmm, you cant field the full 12 agents as you allso have to use atleast one active subscription to connect to the node your attacking. so 11 maybe?

[GrinderTheTroll]

[Cheops]

I interpret all of this differently. When you run an Agent it counts against YOUR commlink's response. When it then goes and logs onto another node it subscribes to that node but the other node doesn't subscribe to it. Therefore Agents have no negative impact on other nodes at all. In fact there could theoretically be a million users on the node at once because something subscribing to you doesn't count against your limit--only when you subscribe to something else.

You could do a DoS attack on a node but you'd have to have permission to install software on that system (either Admin or security depending on the security of the system). You'd have to legitimately log on and start loading copies of the agent. Any spider worth the money would notice that someone is loading handfuls of agents on the system and would start investigating. When he sees the new passcode he simply deletes it and now you can't load agents anymore. It's not a very efficient way of DoSing.

Technomancer with a Courier sprite with Hash. Now that's how you DoS.

[GrinderTheTroll]

[kigmatzomat]

There is another option: virtualization. This technology has been used for decades on mainframes and can be done on today's desktops with VMWare.

A "server" node is capable of allocating a portion of its resources to create a virtual device. This virtual node has a typical Response rating and suffers slow downs and the like however any slow downs have no affect on any other virtual nodes.

IC and the like run in their own virtual node, meaning they have a full Response rating available to them, but have full interaction with your virtual node. They can, if they chose, shift into your virtual node to cause it to degrade, essentially the server DDOSing a small portion of itself to take you out.

Crash system actions still work because they interfere with the virtualization process.

[GrinderTheTroll]

[kigmatzomat]

Virtualization is a concept more than a technology. Heck, you could "virtualize" an abacus by assigning the strings to tasks.