Ugh the Matrix is confusing Options

[DarkCrisis]

They way it reads in the book is that once you hack in you are done.

The old matrix had it set up where you went from node to node to node.

Even in the 1st offical adventures for 4thEd the one NPC who has a network in her home has it listed for one Node. Apparently you have to hack that ONE node then you have access to all her stuff.

I would like to think that it's still similar to the old matrix. Where there are "rooms" One node leds to another to another etc. All coming from the main CPU node.

But the way it's set up doesnt seem that way.

If the main CPU node had a System rating of 6 doesn't that mean the whole matrix network of that corp building would have the same system rating.

Basicly they are all running Windows XP and the network is based on that.

Sure you could have the different pcs actually contected to the network running a different OS but all the sub-systems would be the same. As in the Security node doesn't have a physical location in the real world it's just it's own sub-system on the central pc.

Thus meaning only the firewall would be different for each node, but why? Might as well use your best Firewall program for everything.

So every node in a network would have the same stats. That's assuming I'm right that a network is still made up of multiple nodes that the Hacker has to hack each one individually.

[stevebugge]

In some ways dropping to one node really helps speed up game play by eliminating the old "Decker Dungeon Crawl" where you could have the decker playing for an hour to map the system and find one important clue, while everyone had to find something else to do.

[hobgoblin]

if you want a real world comparison to the one node/multiple boxes scenario, search up plan9 the os.

if correctly set up, it the whole network would look like one single big computer at first glance. and for all practical reasons would act like one big computer...

and they dropped the virtual D&D kind of matrix as way back as SR2 with the virtual realitys 2.0 books (that and awakenings are my fav sr2 books).

and with the new AR way of accessing nodes, you can have the hacker fire a gun at the security one moment and trying to tell the office node to open a door the next...

[Eryk the Red]

There can still be multiple nodes to traverse, depending on how things are set up. A single device is a single node. But often there will be several networked devices. Each is its own node. The computer/commlink/other data storage device is where you go for documents and files. There might be several such machines. There could also be security cameras, a virtual "breaker box" for the lights, etc.

Networks are what you make of them. They can be as complex as suits your use. Me, I'm gonna keep this stuff simple. But that's because my group is more about shooting people right in the face for money.

[mfb]

[kigmatzomat]

I think the confusion is between peripheral devices (image-linked contacts, smartguns, sunsurra walls, etc) and linked autonomous devices (e.g. drones).

Drones are their own node; they can be unsubscribed and sent off on their own tasks and never report back to Comm ever again.

A smartgun...not so much. IMO anything that operates independent of an external brain is a node. Your contacts may handle flare comp automatically but without a Comm you can't enable/disable thermo or low-light or even adjust the zoom. Contacts are obviously a peripheral. A smartgun operates as a firearm automatically but it can't do any "smart" functions without a comm so it is also a peripheral.

Coffee makers, refridgerators, and other such doohickies that do their jobs on their own but don't have their own brains are really peripherals though they may seem otherwise.

[GrinderTheTroll]

@DarkCrisis: SR4 has abstracted and generalized a lot of how the Matrix works. You can make your system as complex or simple as you like.

As you've pointed out in older matrix versions, systems where more a "room-to-room" fashion and that's all entirely possible in SR4 if that's what you like. Sometime this might be called for, but you risk slow game play down to a crawl and effectively isolating some of your players doing so. On the other hand, if you don't need 200 rooms and 3 nodes suffice, then go for it.

[mdynna]

There are systems with multiple nodes in SR4 but those are probably the bigger, more expensive corporate host and such. The system you are referring to in the SR4 "On the Run" adventure is just someone's home security system. She doesn't have the resources to run a big multi-tiered security system.

I would like everyone to realize that just because SR4 calls things a "node" doesn't mean we are going back to the SR2 "node hopping" system. That system was utter, painful, death to play. Remeber in VR2.0 they introduced the "fluff" idea of a "sculputed system." Basically, computing from VR2.0 on "abstracted" all of the Nodes into one integrated access sytem. The decker/hacker was accessing the multiple nodes but without having to hop from one to the other.

Now, this doesn't mean that every system in SR4 only has 1 Node. Even under SR3's Matrix rules, every Corp system didn't have only 1 "host." There were "chokepoint hosts" that protected more main hosts in behind. So, if anything, convert SR3 hosts to SR4 nodes. But please don't go back to the SR2 node map for everyone's sake.

[DarkCrisis]

Can you expand on that, Mdynna? I don't quite get what you mean.

The "sculpted system" seems to basicly have the same thing, you have to hack different nodes to do certian things. Sure you aren't going to a different "room" but you still have to hack multiple things.

I'm just saying it would seem fromt eh th ed book that once you hack an admin account you can do anything to the whole system. Pretty a couple rolls in and your done.

But then again the book also says thier are roaming IC and corp hackers, so I guess a multiple node network is possible.

[Serbitar]

Mdynna means that in SR4 a hacking run should involve one, two maybe three nodes (sometimes if it is a long hacking run), but not more.
The goal of SR4 hacking rules are to make hacking fast. And even now, there are several rolls involved in hacking even one node, so it is a good idea not to let the hacker run through too many nodes.

As there is actually no fluff text about it, invent your fluff text and sculpture your matrix systems accordingly.

[stevebugge]

The other distinction to be made is that you may not have to make an access roll for each new node/construct like was required in 2nd edition. Once you have a security or admin account you have access to the networked nodes, only requiring new access to be made at GM discretion rather than every single time you changed virtual locations.

[Serbitar]

That is an interpretation at most, if not an outright house rule. I would say that hacked accounts are only valid for the hacked node.

[stevebugge]

[Jaid]

it would depend, IMO. i might consider treating multiple devices as one "node" for example (such as if someone has mutliple drones subscribed into one slot) but i would certainly make, say, security and marketing into two separate "nodes" even though the devices are connected, and you would need to get into each separately, on the other hand, if you're in the marketing node for product X and the company also makes product Y, i would probably assume that your marketing ID (hacked of course) works in both, even though they might be separate "nodes", your one access ID would get you into both of them equally well. it probably wouldn't let you get into the management node or the personnel node though.

of course, it also depends how the corp system is set up... it may be set up based on physical location (this room is one node, next room is another, etc) product, department, and so forth.

as far as hacking someone's personal node, such as the one in their apartment, i would assume that all the separate nodes (coffemaker, fridge, microwave) are probably set up to accept instructions from the main node without questioning it, generally speaking... after all, how many people are going to want to have to give a special code just to get their morning coffee, or open the fridge without setting off an alarm?

[stevebugge]

[mdynna]

[GrinderTheTroll]

[hobgoblin]

hmm, one optional way of using the physical passkey would be to basicly hardwire it into a terminal. that way, unless you sit down at that exact terminal, no admin access for you ;)

[Dranem]

Sortof like we do today with thumb drive password keys.... Can't access the data till you slot the thumb drive in.... could be done with credsticks or even a direct fibre connect from specific commlinks.

[GrinderTheTroll]

[kigmatzomat]

IRL I've worked in IT. Not security per se but along side it so I've seen an assortment of security schema.

Some systems have been configured so full admin access was not available except on a console (aka direct connected to the box). Various grades of user or security privs were available remotely, depending on the system. Any attempts to log in as root (admin) remotely immediately resulted in an alert sent to the security staff pagers. One site had a precursor to current intrusion monitoring software that started screaming if any applications were run as root with an external IP.

In SR4 terms, this means Admin access can only be done while cable-connected to the server. An Analyze-equipped IC is loaded every time an Admin logs in to verify they are, in fact, local and not an exploit.

On the flip side, the place I work now has a much simpler security schema that relies on the a forest of domain controllers (DCs). Gain Admin access on a domain controller and you p0wnz0rs that particular subnet. Even though there's ~100 separate machines, an Admin can access them pretty much at will.

In SR4 that each Domain would be a node. Each node may actually be a complex web of computers and peripheral devices but from a simplified viewpoint, once you crack the device that handles authentication, everything attached will obey.


Back in the days of SR1, each computer tended to be locally authenticated requiring breaking in one device at a time. The adoption of Kerberos, LDAP and RADIIUS authentication servers in the 90s resulted in one login applying to an entire network of devices. SR2 did not catch up and SR3 tried a bit but was still too granular. ACIFS is simply too complicated for a game. Heck, the unix user/group/other schema is often said to be too complicated by many a sys admin. (usually MSCEs but that's a different rant). For SR4 they decided to remember this was a game and to put fun ahead of any attempt at realism.

[hobgoblin]

MSCE's think UGO and RWX is complicated? yea right :P

guess thats why i never could bother to even try to pass the MSCE exam. to bad it was mixed in with a cisco exam and i could not afford to retry that one another time. 1 silly question that i missinterpeted and i failed, two times :(

[TBRMInsanity]

I think the new system is a God sent. The main reasons are:
1. everyone can go on the Matix now with little to no pelaties (unlike SR3-)
2. I don't have to stop my game if the decker does something anymore.

[cx2]

I can see this working reasonably realistically, at least enough for someone with basic knowledge of network layouts.

Hack matrix proxy/server (enough for advertising on the matrix)
Hack the login/file/application server
Find data
Disconnect

Anywhere with maybe 15-20 computers upwards could have a server for login, files and apps (why more than one? Maybe more in a big corp building, but not smaller places). Most security would be on the proxy, so once you're through there and have the login you're safe.

Even with seperate app/file servers they would probably get authorisation from the login server.

Why not include each individual computer? Because most places even today use file servers, even schools with only 30-40 computers. Having the data in one place makes it far simpler to back up. Data security is also about stopping loss to fault. Could hack these machines if you needed something special though.

This is more than enough depth for an average SR game I think, at least personally speaking.

And you can access someone's contacts/smartlink without going through the commlink if you spoof the signal I seem to recall.

[hobgoblin]

a node is a very loose term. i have a feel that it can be any number of physical machines as long as they share a login system. ie, the account you have is valid on any one of them.

diffrent node, diffrent login system, diffrent accounts...