Unwired Questions, Now with Merge-y Goodness Options

[Jaid]

the appearance of an icon, persona, etc has no meaning in the matrix. i could have a persona that looks identical to your persona, and everyone would still be able to tell us apart unless i faked having your access ID. you're basically just faking your access ID to that one program instead of to the entire matrix, is all.

[Rotbart van Dain...]

the appearance of an icon, persona, etc has no meaning in the matrix.

Obviously, it has.

you're basically just faking your access ID to that one program instead of to the entire matrix, is all.

No. Neither do the rules imply or say that an Access ID is involed, nor is it feasible - otherwise the targeted program would need to know every Access ID of every icon that it's not supposed to work against, including future ones. Your assumption is completly off and I don't even understand where you get it from - did you bother reading the rules at all? Are you just making up stuff?

You fake the response to that program about a certification/property:

For example, a Renraku security hacker may be wielding an Attack program with a Limitation that prevents it from being used on certified Renraku personas. A hacker who has learned this may spoof his persona to appear Renraku-certified, thus making himself invulnerable to the program.

And if you can pretend to be Renraku-certified, pretending that you have a legit program to update isn't really hard.

[Muspellsheimr]

It is good to play with fire & sharp metallic objects.

[Jaid]

did you bother reading the rules at all? Are you just making up stuff?

do i hear the pot calling the kettle black?

your made-up rule that because spoof can be used to protect against specifically limited programs being able to target you equaling "you can change anything to appear as anything else without limitations" is somehow more legitimate than my ruling on how spoofing protection works?

because given neither of us are employees of catalyst, or in any way authorised to issue errata, or clarifications, i could've swore that we're both equally qualified to present our interpretations of the rules.

appearance in the matrix is meaningless. i can fire up 500 different reality filters on 500 different commlinks and view the same icon through each of them, and in every single case the appearance of the icon would be different but what that icon represents would remain the same. if it was just appearance, i wouldn't need spoof, i would need a reality filter, which is the program that changes what things look like.

as far as the program needing to know every single AID for every single renraku (or whatever organisation) user, presumably each company that wants to have it's own stuff marked as being that company's presumably uses a specific prefix or something in their AID. these prefixes are probably actually even public domain, since it's probably marketed as a way for people to know that something is really a good quality renraku program, and not just a cheap knockoff. spoofing said prefix (or other identifying marker) into how the limited program sees your AID is the only logical way i can see spoofing protection to work.

[Rotbart van Dain...]

your made-up rule that because spoof can be used to protect against specifically limited programs being able to target you equaling "you can change anything to appear as anything else without limitations" is somehow more legitimate than my ruling on how spoofing protection works?

Your assumption lacks a foundation in the rules - mine isn't even an assumption.
If the rules say that Spoof can be used on the 'persona so that it appears to be something it’s not.'... then that's it.
And if they don't say that you need to aquire and spoof Access IDs to do so... than you don't need to, by RAW.

(or other identifying marker)

Yes, that's what the rules say, and what I say.

how the limited program sees your AID is the only logical way i can see spoofing protection to work.

Actually, you just did see another way than involving Access ID.
Indeed, Access IDs are not the only kind of verification in the Matrix.

[Aaron]

Folks, I'm not seeing anywhere that suggests that Spoof can make Matrix icons look like other Matrix icons. I've found one where you can use Stealth to do that, but not Spoof.

It seems to me that Spoof is used to convince nodes to do something by forging orders to them. That doesn't sound like disguising icons to me.

[Rotbart van Dain...]

Folks, I'm not seeing anywhere that suggests that Spoof can make Matrix icons look like other Matrix icons.

'Looking' isn't a Problem - there's noting required but the right icon.
Reading to Analyse/Firewall would like something different would be.

I've found one where you can use Stealth to do that, but not Spoof.

Where, exactly? Stealth is supposed to make you 'invisible'.

It seems to me that Spoof is used to convince nodes to do something by forging orders to them. That doesn't sound like disguising icons to me.

Sure, it can do that, too. But that's not the point here. It's:

To do this, the hacker must be aware that the program has that specific option, via an appropriate Matrix Perception Test.
He can then attempt to spoof his persona so that it appears to be something it’s not.
For example, a Renraku security hacker may be wielding an Attack program with a Limitation that prevents it from being used on certified Renraku personas. A hacker who has learned this may spoof his persona to appear Renraku-certified, thus making himself invulnerable to the program.

[Aaron]

'Looking' isn't a Problem - there's noting required but the right icon.
Reading to Analyse/Firewall would like something different would be.

Could you rephrase this? I have no idea what you're getting at, here.

Where, exactly?

Decoys, p. 72, Unwired.

Stealth is supposed to make you 'invisible'.

If by "invisible" you mean "as 'invisible' as possible" (which is, I believe, the context of what you're quoting), then I agree. If your icon was completely invisible, the node you're in will stop sending you signals, and you'd stop being in the node. The description of the Stealth program doesn't actually say it makes you invisible, but rather than copy-and-paste here, I'll just send you to page 227 of your hymnal.

Sure, it can do that, too. But that's not the point here. It's:

Awesome. Could you offer a reference, or are you asking us to take on faith that you quoted it verbatim from a printed source?

[Rotbart van Dain...]

I have no idea what you're getting at, here.

Just changing your Icon into a Renraku Icon won't help you - you need Spoof to read like a Renraku Icon to the Firewall or Analyse, too.

Decoys, p. 72, Unwired.

That only affects files and nodes, though.

If by "invisible" you mean "as 'invisible' as possible" (which is, I believe, the context of what you're quoting), then I agree.

Sure, as long somebody doesn't beat you in the Matrix Perception Test, he won't notice you.
We are just talking about how you can fool somebody/something that noticed you. And that's what Spoof can do per Unwired.

Could you offer a reference, or are you asking us to take on faith that you quoted it verbatim from a printed source?

Sure. The quote is from Unwired, p. 99 Advanced Spoofing, Spoofing Protection.

[Aaron]

Just changing your Icon into a Renraku Icon won't help you - you need Spoof to read like a Renraku Icon to the Firewall or Analyse, too.

I concur. Stealth makes your icon look innocuous. You have to spoof the onlooker to convince it that you're legit (see below).

Sure. The quote is from Unwired, p. 99 Advanced Spoofing, Spoofing Protection.

So I read the quote, plus the entire paragraph in which it appears. It looks a lot like regular spoofing to me, although in this case the directive isn't "unlock the door" or "send me the file" but "add me to your safe list." I mean, look at the test involved: an Opposed Test against the onlooker. That ain't a passive use of a program (a la Stealth) and it ain't a Simple Test (a la Spoofing the Datatrail).

I heard once that truth is fact plus context. I was just thinking about that this morning.

[Tarantula]

So, you're spoofing the update server, with a "add me to your validated users who can update list"

[Jaid]

your [edit: 'your' meaning 'rotbart van dainig'[/edit] house rule is that because you can explicitly (by some means which you are assuming has absolutely nothing to do with every other use of spoof) use spoof to fool a program into thinking you're on it's list of targets it can't blow up, that you can therefore use spoof to making anything else think whatever you want. so heck, i'll just spoof my persona when people try to ID it so that it returns code just like an attack program sends out and destroy everyone who is perceiving me, because apparently you consider that to be a legitimate use of spoof. also, instead of stealth, i'll just spoof myself to be allowed everywhere. and instead of editing files, i'll just spoof them into becoming something different, because apparently according to you, that works.

spoofing protection requires a successful matrix perception test to see the program option that limits your opponent from attacking you. it's not a stretch at all to assume that you use your knowledge of what it's looking for in it's target's AID and then spoof your AID with respect to that one entity (which we know to be possible, that's how spoofing commands works) so that it has what the program is looking for. this, at least, would be in line with all of the other uses of spoof, and is the interpretation i'm going to be sticking with rather than assuming that spoof also has a side use of making anything look like anything else it wants to, but that only one use of that entire function is listed anywhere in any of the core rulebooks.

[Jaid]

So, you're spoofing the update server, with a "add me to your validated users who can update list"

it's not a matter of being a validated user or not (i do agree you could spoof yourself to look like you're a validated user, provided you have the access ID of a valid user), it's a matter of convincing the program that your illegal, cracked version of the program is allowed to be patched. logically, no one has the authority to change that setting; there is never any need to grant someone's illegal, cracked program to be patched. there is nobody authorised to give that order, so there is no access ID you can spoof to the server to be granted that privilege.

now of course, if you had an uncracked copy, you could spoof the server to add you to the list, since there is presumably somebody who has the authority to do that (for example, whoever it is that is responsible for looking into complaints of program theft could add or remove people from the list of people who can receive the patch). but that's a whole different kettle of fish.

[Tarantula]

You simply spoof your program to look as if it had the correct program option (copy protection). It checks the program, your spoof fools it, and it goes, "ok, this is a valid copy, update it".

[Jaid]

You simply spoof your program to look as if it had the correct program option (copy protection). It checks the program, your spoof fools it, and it goes, "ok, this is a valid copy, update it".

but here's the thing: there's only one place that even remotely *implies* that spoof can do that, and it never really says how spoof does what it does.

so either spoof has a second function of which only one use is given, or spoofing protection doesn't work the way rotbart thinks it does. i know which one i'm going with.

[Rotbart van Dain...]

but here's the thing: there's only one place that even remotely *implies* that spoof can do that, and it never really says how spoof does what it does.

Actually, it's no problem at all:

It is possible to create a Crash (or Disarm) Program with the Limitation (Not against Programs with valid Registration & Copy Protection).
Thus, Spoofing Protection can make your Registration and Copy Protection appear valid.

[Jaid]

If the hacker is facing an opponent that is wielding an offensive program with the Limitation option (p. 114), he may attempt to spoof his persona in a way that the limited program will not work against him. To do this, the hacker must be aware that the program has that specific option, via an appropriate Matrix Perception Test. He can then attempt to spoof his persona so that it appears to be something it’s not. For example, a Renraku security hacker may be wielding an Attack program with a Limitation that prevents it from being used on certified Renraku personas. A hacker who has learned this may spoof his persona to appear Renraku-certified, thus making himself invulnerable to the program.

(bolding is mine of course).

so no, you can't spoof the program, per the spoofing protection rules. you may spoof your persona, which fits in with what spoof does in every other circumstance it is used.

[Tarantula]

And the program runs on your persona. So your persona heads over to the update servers, and they analyze it, see you're running the superfancywhatever 6.1 and they have a patch for 6.2. You spoof that it has copy protection and registration. So they say, ok, heres your patch.

[Jaid]

And the program runs on your persona. So your persona heads over to the update servers, and they analyze it, see you're running the superfancywhatever 6.1 and they have a patch for 6.2. You spoof that it has copy protection and registration. So they say, ok, heres your patch.

no, because it doesn't say anything about spoofing your persona to make your programs protected from anything targeted at your programs.

[Tarantula]

They analyze your persona to find out about your programs. The program is on your persona.

Its not like you could send them the program to verify, after all, its supposed to be copy-protected.

[Rotbart van Dain...]

(bolding is mine of course).

Sure, you are just drawing the wrong conclusion.

Per main book, the Persona is the sum of it's Programs plus Icon.
Spoofing the Persona causes all of you Programs to appear valid - you don't need to do a test for each of them.

[Jaid]

they can analyze your program, actually. just like you can analyze a file, and not just teh node the file is on.

rotbart may be on to something though. so, *if* you can find a security decker (or otherwise authorised person) to get their AID and that security decker has the exact same program(s) as you, *and* there isn't a limit of one patch per program owned (this could also be circumvented if you got the AID of a customer service tech by spoofing to the server that the original patch didn't work and resetting it to allow a second patch), you *might* be able to spoof your programs (which, being run by a software company that is probably selling all kinds of software that is forbidden availability, probably didn't slouch on it's matrix security).

assuming, of course, that your program is even written by a company that offers patching services, that is, and isn't something your hacker wrote himself, or traded for with another hacker, etc.

so, i guess it might work. i still don't think i would allow someone to spoof for patching services as easily as lifestyle, because for lifestyle you're just looking for someone with poor matrix security around their money, whereas with most programs you're looking for someone who has poor matrix security around their illegal programs, and not only are people with legal access to said programs less common than people with money, but those people with legal access to said programs are probably also more matrix security conscious on average then the average person who has access to money.

and of course, as it mentions in the spoofing lifestyle section, you do have to worry about the company noticing that the guy you're spoofing seems to need multiple patching attempts every single month, and get suspicious (which, if i remember the spoofing lifestyles rules right, is a possibility on a glitch or critical glitch).

so, it looks like it might even actually be possible. i still don't think it was intended for spoof to cover this sort of thing, but RAW it seems to work.

[Rotbart van Dain...]

they can analyze your program, actually. just like you can analyze a file, and not just teh node the file is on.

Guess what - resisting Spoofing Protection involves Analyse. (IMG:style_emoticons/default/wink.gif)

rotbart may be on to something though. so, *if* you can find a security decker (or otherwise authorised person) to get their AID and that security decker has the exact same program(s) as you, *and* there isn't a limit of one patch per program owned (this could also be circumvented if you got the AID of a customer service tech by spoofing to the server that the original patch didn't work and resetting it to allow a second patch), you *might* be able to spoof your programs (which, being run by a software company that is probably selling all kinds of software that is forbidden availability, probably didn't slouch on it's matrix security).

The certification checked by the Limitation option can be many thingy, but you do neither aquire an Access ID, Passcode or Passcode before you spoof.

i still don't think i would allow someone to spoof for patching services as easily as lifestyle, because for lifestyle you're just looking for someone with poor matrix security around their money, whereas with most programs you're looking for someone who has poor matrix security around their illegal programs, and not only are people with legal access to said programs less common than people with money, but those people with legal access to said programs are probably also more matrix security conscious on average then the average person who has access to money.

Actually, poor matrix security isn't exactly what the upper end of Spoofing Life is about. (IMG:style_emoticons/default/wink.gif)

[Jaid]

The certification checked by the Limitation option can be many thingy, but you do neither aquire an Access ID, Passcode or Passcode before you spoof.

no, but you do need to detect the limitation option with a matrix perception check. if you can see the option, you can presumably also see what it is looking for, and therefore you know what to spoof from that. in essence, this is the step where you find out what access ID, passcode, etc you are looking for.

as for spoofing lifestyles not being about targeting low security stuff...

Hacking isn’t just a career, it’s a lifestyle—or it can be. By
keeping a library of access IDs and spoofing the right commands,
a hacker can effectively improve her lifestyle. To get it to work,
the hacker has to keep her virtual eyes open all the time, keeping
track of access IDs for power, water, Matrix access, rental agreements,
grocery delivery—all the essentials of life—and issuing the
right commands to bring those things to her doorstep. Of course,
sooner or later the people the hacker is ripping off are going to find
out and cut power, send her bills, reclaim property (and possibly
break her hands), so a hacker spoofing her way through life has to
be constantly juggling her needs and extras, re-issuing commands,
switching services, and grabbing new access IDs all the time.

spoofing your lifestyle is essentially identity theft. you're impersonating other people and buying stuff using their names/accounts etc, or perhaps spoofing yourself to be the maintenance worker for the local vending machines, or whatever; in essence though, you are just committing identity theft, and the rules for spoofing lifestyles are just a quicker solution than rolling hundreds of scan, sniffer, analyse, etc rolls to see what you can get. essentially, you are stealing people's financial information and such, and because it's easier to target people who are not security conscious, those are the people you're generally going to be hitting, because why make it harder for yourself than it has to be? sure, you could probably (try to) hack into the S-K Prime accounts payable files and add in a payment for your rent, but it's much easier to hack some clueless wageslave's account and send a payment through extraterritorial shadow accounts and have it end up paying your rent, because the clueless wageslave doesn't have a rating 8 firewall with rating 7 analyse runnning on his commlink, whereas S-K prime probably does. not to mention the probable rating 6 agents with all kinds of SOTA programs (or possibly a few programs that go beyond SOTA) that might get assigned to tracking you down and making sure you didn't get any important paydata while you were there, and to destroy as much of your commlink as possible in an effort to clear out any information you might have missed.

no, you're much more likely to target Joe Wageslave, who owns a commlink with a rating 1 or 2 firewall, an analyse program of likely 0-1, and who's only agent is rating 1 with a browse program provided by his MSP for performing matrix searches.

spoofing your target is done by stealing information from people, and using it to impersonate those people. that will be much easier to do to people who are not security conscious. you just do it to a whole lot more people when you want a higher lifestyle.

[Rotbart van Dain...]

no, but you do need to detect the limitation option with a matrix perception check. if you can see the option, you can presumably also see what it is looking for, and therefore you know what to spoof from that. in essence, this is the step where you find out what access ID, passcode, etc you are looking for.

No, that would take too much time. It's done in Cybercombat, it's two tests (Matrix Perception & Spoofing Protection), nothing more.
You just find out the Program is limited and spoof it - no checking up other icons for valid information, no searching around.

spoofing your lifestyle is essentially identity theft. you're impersonating other people and buying stuff using their names/accounts etc, or perhaps spoofing yourself to be the maintenance worker for the local vending machines, or whatever; in essence though, you are just committing identity theft, and the rules for spoofing lifestyles are just a quicker solution than rolling hundreds of scan, sniffer, analyse, etc rolls to see what you can get.

While I do not entirely agree to you assumption, it simply doesn't matter, mechanically.
My point is:

Spoof at the end always targets the Matrix Attributes of the entity you want to spoof.

No matter if/how you aquire/make up credentitials - at the end, you are targeting the provider.
So if you want a penthouse, spoofing it requires you to spoof somebody who is owning penthouses. And if you want around the clock security, you are going to spoof somebody who is providing it.

And at this upper end of the scale, no matter how you put it - it's pretty good security.