Using your brains, Putting attributes back into hacking the Matrix... Options

[kzt]

Or are you really going to sit here and try to say that a program written ten years ago -- especially hacking (ie, viral) software -- is going to be at 100% operating efficiency despite up-to-date and state-of-the-art security (ie, antiviral) software or even because of hardware upgrades (good luck finding drivers for most of today's hardware for, I don't know, Windows 3.11)? Because that's pretty much what you're arguing for. As opposed to software that has, say, a subscription fee attached to it, such as many security (ie, corporation-written) programs do. Which is completely different from the former, but a fair comparison to what the errata is talking about.

Well, sure, but these are SRworld computers, which are mystically far slower then people operating 15,000 km away. "What's latency?" So obviously realism isn't a serious concern.

If you are going to try to play the "realism" card all hacking tools are obsolete as soon as a firewall developer get them and writes code to recognize them. Luckily, since he can buy a "legit" version of the highest grade, he'll get automatic updates so he can make sure to keep his product up to date. So all hacking tools programs get you immediately recognized as hostile by any node you enter.

[Ol' Scratch]

I was using examples from today to explain the rules as written. There's two separate rules people are combining into one. All programs degrade over time (outdated and obsolete compared to state of the art programs). There's also a largely optional rule where they also degrade because of the megacorpoations sabotaging the code so that it eventually becomes useless if you don't keep paying them (subscription). They then go into more detail in the sideline to offer even more options for how to deal with it. But at no time, except for saying that a GM decide to ignore the first rule (which is a duh anyway), is the first rule negated by the errata.

Nevermind that you just described the exact nature of the first rule; patching a program to update it. It's a constant war. You never get the luxury of just writing a program once and never having to worry about it. It's just that if you do write your own programs, you never have to worry about the sabotaged/subscription "bugs" that commercial products have.

[Cthulhudreams]

Given the design goals given at the start of this thread, program degradation should be removed.

[Ol' Scratch]

I tend to agree there. If you're going to use the old SOTA rules -- which is pretty much what these are -- apply to everything or don't bother.

[Ascalaphus]

I think that if you pirate software, when you remove the anti-copying protection, you'd also remove the planned obsolescence "features".

It would make sense that the more "public" a piece of security* software is, the quicker it degrades.

Your personal secret hacking program will eventually degrade, but since people don't know much about how it works, it's hard to protect against it. A well-known hacking program (or Firewall) is available for everyone to study and should degrade faster.

Of course, not all companies can afford to stay cutting-edge, so most systems would have mid-level security rather than be completely SOTA themselves, resulting in rating 3-4 security programs.

I'd like to ignore the planned obsolescence - that's bookkeeping and detail that's not really necessary.

[Ascalaphus]

This is entirely appropriate... just 'buy' the software and call it house written.

Look at the time requirements to actually write software. That's just a fancy way of substitutiong the money you spent on your lifestyle while writing it rather than ponying up cash to buy someone elses mass-marketed version.

The point of chargen and BP costs is to balance starting resources. Just because you didn't pay in coin for the resource doesn't mean you didn't pay for it in some other denomination (such as time you could have spent earning money... EG: lost wages or other oppurtunity costs).

But should a Logic 1 Software 1 hacker be allowed to start with self-written Rating 6 programs?

[Ascalaphus]

Spirits don't really - most spirits will be smarted than the summoner, and they genuinely want to help. It's like saying that it takes lots of supervision and skill to handle the SAS. While that is true, if you just tell them 'go kill some bad guys and create a distraction' they'll probably do something effective.

Summoning and compelling spirits to do your bidding does take quite some skill - reflecting Magic, Conjuring Skills and Drain. That's what I was getting at - the power of spirits is still linked to the competence of the summoner.

[Drraagh]

I will admit, I don't know SR4 as well as I probably could. However, the way I saw this thread, at least the opening bits I read, the idea is to turn Hacking from the Hackers movie type stuff it resembles, sort of like the Hacking game Uplink and turn it more into something like Street Hacker or Hacker Evolution games.

A system where it relies more on people's skill to determine their knowledge of commands, system flaws, things like that. Basically, stuff like what you see at Defcon, for example, people commenting on little system tricks and tips and the like. There was a couple years ago, the group that had found a flaw in a local subway system's token system but were stopped from being able to report on it until the subway had a chance to fix the problem.

I can see how it could work that way, turning program use checks into skill use checks, though at the same time, I have read some people's reviews/writeups where hacking programs are actually a collection of different tricks and tips that the hacker is already using, just combined under one name. The program rating is actually just saying 'You got a better collection of various little programs and command understanding'.

Like, the program to access systems would include things like port scan, sendmail vulnerabilities, known firewall shortcomings, packet sniffers. Then once you're in you'll have things like buffer overflow, password crackers, things like that. Different ways to keep yourself under the radar, accessing the system or doing different tasks. For example, you might be able to find a file, but without knowing how to change file access times, you basically leave a huge digital fingerprint behind, thus a 'failure' on your edit file check.

Not sure if this really fits with the current direction of the thread, but it was my take on the whole hacking thing.

[Sponge]

In the interest of playing the advocate of KISS, what's wrong with stat+skill+program? You do it with firearms (smartgun/laser) and cars (maneuverability), drones use rating+skillsoft+hardware, why not the net?

There's nothing wrong with it per se, but that kind of change will require some serious re-thinking of threshold numbers - it's not as simple a change in terms of the mechanics as is, say, capping hits or number of extended test rolls.

[kzt]

RL, really clever people (white or black hat) don't depend on someone else's tools, they develop their own unknown exploits of weaknesses. And these are often really effective for a very limited amount of time (typically against a limited set of targets), but once you start using them they usually become totally worthless against anyone but the clueless in short order. For example, the MS DNS vulnerability from a few years ago.

We, for historical reasons, had internet facing MS DNS servers (I know it's stupid...). So we were one of the first people targeted by the totally clever out of the blue day-zero MS DNS attack. And it was pretty bad. However our security engineer was able to determine what happened, reconstruct the attack and had a copy of the attack code to MS security and a bunch of other people the next day. Which is why a few days later there were counters and about two weeks later the hole was patched. And unless you had disabled autopatching your systems would be totally unaffected by the attack within a month.

But the reality is that many people are developing attacks. Some are very good, they are very focused and this is how they make their living. If they can't produce effective code they and their families don't eat. Being on the attack allows you to choose when and where to attack, the defender can't begin to counter the attack until it starts. And often the attack isn't an OS bug, but using features of an application in an unanticipated fashion.

[Warlordtheft]

There's nothing wrong with it per se, but that kind of change will require some serious re-thinking of threshold numbers - it's not as simple a change in terms of the mechanics as is, say, capping hits or number of extended test rolls.

I think that is part of the problem with hacking. While I am not happy with either solution (come on a Logic 1 hacker running a rating 6 program!!), I've run into issues with the stat plus logic optional rule in unwired (I think it favors technos to a degree).

Options beyond the attribute like the suggestions in previous posts. Namely you change it some way to incorporate logic and you break something else in the rules.

You could always go with GM fiat: Umm, your PC has a logic 1 and a 5 computer skill??? I don't think I'll allow that.

[Godwyn]

But should a Logic 1 Software 1 hacker be allowed to start with self-written Rating 6 programs?

It is unfortunately golden as far as RAW go.

Even limiting the number of tests on threshold checks can only help somewhat, as people will just spend edge in their programming down time.

[Ascalaphus]

It is unfortunately golden as far as RAW go.

Even limiting the number of tests on threshold checks can only help somewhat, as people will just spend edge in their programming down time.

RAW is that you can't start with self-written programs.
This is somewhat bad. Bad is also that you need to start session one with upgrading your hardware to get that Response 6 custom commlink. Some sensible rules for starting with stuff that you could plausibly make yourself would be nice.

[Tymeaus Jalynsfe...]

Oh I see, you're misinterpreting what you read again.

First, that errata replaces the last paragraph of the quoted section. The section I quoted occurs in a completely different paragraph. Second, the portion you're quoting is referring to a completely different kind of degradation, one based on security rather than it becoming obsolete. What I quoted referred to patching due to the software literally becoming outdated, which is what the last part of your quote is referring to. Furthermore, the errata in question mentions that it's up to the GM and the group (which itself is a boggling thing to say in the core rules) to determine what software and how often degradation occurs -- numerous times, in fact. And even then, they go back to mentioning that you still have to patch the software, just emphasizing that you can do it on your own rather than paying/hunting for them. Hell, they even offer another option to let you just not worry about it by adding it into your Lifestyle costs. In other words, it's all essentially a set of optional rules you can use instead of the default degradation rules.

Long story short, the following is still in the rules despite the errata: "In game terms, illegal and pirated software—and also programs that a character has coded himself (p. 118)—degrade over time, reflecting that the program is slowly becoming outdated."

So yes, degradation does occur. Even if you write the software yourself. The errata just gives a bunch of overly optional rules to deal with it. Which, in and of itself, is idiotic. That crap needs to be in a sidebar or something.

You are wrong, Just live with it...

Keep the Faith

[Tymeaus Jalynsfe...]

Again, the errata is talking about a different kind of degradation. Not patching to keep up with other software. It's saying that, in addition to software degrading in that fashion, corporations also include code in their software to degrade for the sole sake of degrading it in order to acquire extra income and as an added security feature. Code that you program yourself does not degrade in that fashion. You'll note that the very same sentence that claims that points back to the patching rules which are required because software becomes obsolete over time.

Or are you really going to sit here and try to say that a program written ten years ago -- especially hacking (ie, viral) software -- is going to be at 100% operating efficiency despite up-to-date and state-of-the-art security (ie, antiviral) software or even because of hardware upgrades (good luck finding drivers for most of today's hardware for, I don't know, Windows 3.11)? Because that's pretty much what you're arguing for. As opposed to software that has, say, a subscription fee attached to it, such as many security (ie, corporation-written) programs do. Which is completely different from the former, but a fair comparison to what the errata is talking about.

No... At that point I am going to enforce the option that You MAY have to patch it on occassion... BUT IT IS STILL OPTIONAL...

Keep the Faith

[Tymeaus Jalynsfe...]

I was using examples from today to explain the rules as written. There's two separate rules people are combining into one. All programs degrade over time (outdated and obsolete compared to state of the art programs). There's also a largely optional rule where they also degrade because of the megacorpoations sabotaging the code so that it eventually becomes useless if you don't keep paying them (subscription). They then go into more detail in the sideline to offer even more options for how to deal with it. But at no time, except for saying that a GM decide to ignore the first rule (which is a duh anyway), is the first rule negated by the errata.

Nevermind that you just described the exact nature of the first rule; patching a program to update it. It's a constant war. You never get the luxury of just writing a program once and never having to worry about it. It's just that if you do write your own programs, you never have to worry about the sabotaged/subscription "bugs" that commercial products have.

And that is your consistent problem, trying to apply real world technology 60 years out of date to the 2070's...

Stop that and you will have far less problems playing in the Shadowrun Universe...

Keep the Faith

[kigmatzomat]

There's nothing wrong with it per se, but that kind of change will require some serious re-thinking of threshold numbers - it's not as simple a change in terms of the mechanics as is, say, capping hits or number of extended test rolls.

I don't think it's a big deal. The range of the logic stat, including common cyber, is 1-9. that amounts a difference in successes of 0-3.

Easy tests: no change
Average tests: +1 threshold
Hard: +2 threshold
Extreme:+3 threshold

You can replicate that range for any tests that are based on fixed singular values (Firewall/Stealth/etc) by multiplying them by 1.5 (round down)

1 -> 1
2 -> 3
3 -> 4
4 -> 6
5 -> 7
6 -> 9

Anything that is based on 2 stats (e.g. crash program has Firewall + System, decrypt threshold is Encrypt x2) try to add a base level stat (Logic or System) where ever plausible, or the program rating. E.g. crash program would become Firewall + system + system while the decrypt threshold would be Encryptionx3.

Some modifiers, like matrix perception tests, don't really need adjustment as they rely on the core system perception test TNs, which already expect stat+skill+sensory gear. (well, they did in SR4, not sure about 4A)

[JoelHalpern]

On degradation, I think I understand Dr. Funkenstein as argueing that there are two different kinds of degradation described in the rules. And that the "automatically degrades over time at a specified rate" is an option that should be just discarded.

Unfortunately, the way they wrote it, the degredation that is described as mandatory is described as applying to virtually every form of softwawre. Linguasofts, skillsofts, ... Everything except OS and Firewall.
That includes an awful lot of things that simply do not become worse in the time-frame of the game. Over several years, even conventional programs might become less effective. But a skilsoft for shooting a gun? Sorry, it doesn't change.

And, from a game play perspective the degradation introduces a set of strange effects that you have to deal with, for no benefit. Somehow, TMs complex forms keep up with changing technology, even when other programs don't? And don't AIs have their inherent forms get less effective? And who needs yet more numbers that change from run to run to keep track of anyway?
The other little problem with things getting worse as and when the GM decides is that the GM has to decide. And has to decide in a way that does not either feel like kicking the player for no good reason, or being too generous. Just don't bother.

Yours,
Joel

[JoelHalpern]

With regard to the original topic, I think that in terms of making the game feel like the character matters more, the change is probably a good idea.

The change does shift the odds for some tests, in unfortuante ways. (The SR dice mechanic is essentially a long tail mechanice where the high values have a noticeable impact on the distribution. THis is not big enough to break things, but needs to be kept in mind. (A really hot hacker with 18 dice and a rating 6 program has an average of 5.2 hits, not 6 hits, per roll. As I say, not too big, but SR dice alreay tend to give unexpected results frequently, and this shifts the odds a bit to unexpected-bad.)

In terms of realism, I suspect that the tools ahve more impact than this rule allows. But I rather expect it to feel more sensible, even if it is actually worse.

There is one drawback I can see. This was alluded to, but not discussed much.
A rating 6 mook is an availability 20 item. Hard, but not crazy. The problem is that it is now MUCH better than the character. We have a character with attribute 5, skill 4 (very good), but the mook has 6/6.
One can solve it by outlawing Agents. But it is sort of hard to see why one would rule them out. After all, if the IC can patrol my node and attack an intruder, it would seem like I could take it with me and then have it attack someone else when I need to. (And to answer the question as to why agents having hacking skills, they are needed for defense.)

Yours,
Joel

[kigmatzomat]

I don't see why agents would have hacking skills for defense. Or rather, why they would get the skill rating for free. Drone AI use their Pilot rating + autosoft + gear modifier. Since vehicles (that can hit people and damage property) normally operate with Pilot 3 (or less) with gear modifier (maneuver) of -2 to +2 so some will only get 1 die, I don't see any justification for a mere agent to be equipped with autosofts.

Drone Pilotsput corp property directly at risk so if the setting will let them roam the streets then Agents shouldn't get a free ride.

Forcing people to buy autosofts for agents would raise the cost barrier of Agent Smith, while still being useful for doing scut work. IC are currently cost free so the "expense" of autosofts is no biggie.