Alternate Hacking Systems, Post your own! Options

[Ascalaphus]

With regards to VR/AR, my thoughts are these:

- VR is basically an extension of AR; you filter out more of the meatworld to focus exclusively on the Matrix. It'll have some benefits; you won't take as much penalties from distractions or something. Clearer matrix perception. But nothing too major. Also, it's possible to "project" in VR and appear visibly as a ARO; some areas feature this heavily. Both virtual and meat guests welcome.
- The big difference is DNI vs. tortoise interfacing. You can use AR through DNI, and use VR with a helmet and gloves. The more directly connected to the Matrix you are, the faster you'll be in the Matrix. However, you'll also be more vulnerable to biofeedback.
- Sculpting of systems has no real game effect. That's a kind of Gibsonian lunacy that, if you read carefully, even Gibson didn't really believe in. Tron was a funny movie, but these days, nobody can suspend that much disbelief. If form and function of the system happen to match, that's meant for the convenience of legitimate users. IC will tend to look inconspicuous and innocent.



With regards to programs/hardware:

- Part of the fluff of any hacking story is a lot of talk about how SOTA your stuff is, and how quickly everything is getting even faster and nastier. However, actually tracking game effects of SOTA will quickly result in tedious amounts of bookkeeping. This needs to be avoided.
- Hollywood has some good ideas about making hacking fun; don't obsess about details. Hacking programs are like spells that you throw at computers.
- Programs should do something specific, clearly and explicitly defined. Like guns or spells. For different tasks, different programs.
- While programs are a lot like other equipment, their availability is a different thing altogether. Downloading is the norm, and programs are basically free, except for MacGuffin programs that do really unusual or exceptionally powerful things. (Plot items, most of the time.)
- There's no reason not to use the best programs you can get. Ratings therefore are a needless abstraction (Rating 1-5 medkits anyone?). Hacking uses Attribute+Skill rolls.



Encryption/Security of the everyday matrix:
I don't know very much about encryption myself. I know just enough to feel very unconvinced by Unwired. It looks arcane, complicated and yet wrong.

- One time pads are a safe and much-used method of encryption. Most devices are equipped with a VAST one-time pad shared with a trusted party, like a MSP. To communicate with a third party, you send the MSP an encrypted message; they decrypt, then re-encrypt with the one-time pad of the intended recipient. Now and then you buy a new datachip with a gazillion lines of new one-time-pad at a local StufferShack.
- Breaking high-end encryption is impossible; you need to just hack the receiver or sender.

Or something like that. Like I said, I don't know all that much about encryption; more sophisticated safe communication protocols surely exist.



Some general thoughts:
- It shouldn't turn into a big sub-game
- The hacker's most important job is to disable security systems that otherwise are nearly impossible to circumvent (motion sensors on the other side of a door.) This needs to be doable, most of the time.
- Fluff and game mechanics shouldn't contradict each other.
- Not too hard, no cakewalk either.
- Plausible security for the masses (at least against non-elite hackers)
- Mechanically similar to other game rules (guns, spells)
- More than one way to get things done; meaningful choice of tactics
- Designing a network shouldn't take the GM's whole afternoon
- Suspension of disbelief shouldn't be too hard
- Usable both by computer nerds and people who think Hollywood Hacking is totally awesome.
- No brainhacking without DNI.

Well, looks like I got my work cut out for me... I'm going to be stealing lots of ideas from Frank, I think.

EDIT: On second thought, this is really way too much work. I've got some papers to write, and I shouldn't pick up anything this big at the same time (IMG:style_emoticons/default/sarcastic.gif)

[Crusher Bob]

The reason the brain hacking was included in Frank's rules system was to force everyone else to care about the Matrix. More importantly, it forces the people you are interested in to care about the Matrix. For J. Q. Public, the fact that he can get free p()rn and watch all the latest TV programs is more or less a good enough reason; but for the people who are choosing the 9mm retirement plan and have deadly secrets to keep, free p()rn just isn't a good enough reason.

So, you have two basic ways to force the people you are interested in to care about the Matrix: the carrot or the stick. Frank's approach is mostly stick based; if you don't care about the Matrix, you'll get hit with a huge stick. So everyone who we are interested in cares a lot about the Matrix. Or you can have a carrot based approach (see my sample idea here). The bonuses provided by being connected to the Matrix are so important to non-matrix related stuff that people will risk being exposed to hacking to get them.

Of course, you still have to deal with things like banking, electronic money, and encryption too.

[Cthulhudreams]

Bob is correct that you need an incentive to people not to just switch 'hacking' to 'off' which is entirely possible in the core rules. The stick works better than the carrot because it doesn't interfer with other dice pools.

This is the biggest problem with taking out 'brain hacking' from Frank's rules - generally it re-introduces the hacking to off option, and you need an altenative way to compensate

[Ascalaphus]

What exactly do you mean by "forcing to care about the Matrix"? I don't really get your problem.

You don't have to force people to use the internet; they'll do so themselves. And even if they didn't - why would you want to force them?

[Crusher Bob]

Read Frank's opeing post: Nash Equilibria and Matrices, Your targets are not stupid..

The short version, if people can 'not care' about the Matrix, then the hacker isn't a very viable PC archetype. Which means that our rules contradict our fluff, break genre, or however you want to phrase it. And since we are playing the game for the fluff, not for teh rules, we'd rather have rules that agree with the fluff rather than contradict it. So how do you get rules that agree with the fluff? By forcing people to participate in the Matrix, so the hacker has a reason to put on his ninja suit, like everyone else.

[Ryu]

Read Frank's opeing post: Nash Equilibria and Matrices, Your targets are not stupid..

The short version, if people can 'not care' about the Matrix, then the hacker isn't a very viable PC archetype. Which means that our rules contradict our fluff, break genre, or however you want to phrase it. And since we are playing the game for the fluff, not for teh rules, we'd rather have rules that agree with the fluff rather than contradict it. So how do you get rules that agree with the fluff? By forcing people to participate in the Matrix, so the hacker has a reason to put on his ninja suit, like everyone else.

The interesting question regarding Mr. Nash, once you´ve gotten how that works, is what values to assign to the matrix. If you arrive at the conclusion that the chance of being hacked is worse than loosing free communication, matrix dp boni, TacNets, and "being hacked instead of shot", you might have used the wrong ones. Just saying (again).

[Blade]

That's one of the biggest issue I have with Frank's system, but I see that I've already said what I had to say about it in the 10th post of the aforementioned thread.

[Cthulhudreams]

The interesting question regarding Mr. Nash, once you´ve gotten how that works, is what values to assign to the matrix. If you arrive at the conclusion that the chance of being hacked is worse than loosing free communication, matrix dp boni, TacNets, and "being hacked instead of shot", you might have used the wrong ones. Just saying (again).

That's the point, when the consquence of 'being hacked' is 'you lose millions of credits and/or die' then the equilibrium is set to 'turn hacking to off' especially given the ease of doing that.

Plus your suggested boni don't apply to, say, a secure door. It doesn't better from free comms, matrix DP bonuses or tacnets, so why won't it have hacking set to off?

[Blade]

What's the probability of getting hacked? What's the perceived probability of getting hacked? What's the perceived probability that YOU can get hacked, especially with that SOTA "Security Suite" you pay every month for?
How much easier do you make your life by having a door that opens automatically when you are near?

Nash Equilibrium is fine for game theorist, but it can't be applied to many real-life situations. And even if you could find the right values for all that, you'd still make the mistake of considering that people are rational. How many people have I heard saying: "I have only one password I use for everything, and it's a dictionary word. I know it's bad, but I don't have anything important so why bother?"? And most of these people use online banking. Even when their lives are concerned: just look at how many people drive while drunk or texting... Most people don't perceive risks correctly, they'll be afraid of flying but won't have any problem driving even if it's statistically far more dangerous.

[Crusher Bob]

Because the people who use one password for everything are not the people we are interested in. The game is about very high security places, where we can expect security to be implemented by the most paranoid, knowledgeable, and meticulous guys around. Remember that free p()rn is a great excuse for J. Q. Public to have a matrix connection. But not a very good excuse for the super secret war crimes lab. So, the rules have to give a reason for the super secret war crimes lab to be hackable, not for some random guys home PC. Also, we can't rely on the excuse that the guys who run the security at the SSWCL to be idiots excuse for why they are hackable.

[Cthulhudreams]

We're talking about the end of town that doesn't connect their computers to the internet today, the sort of people who have professionals on staff to

a) be paranoid; and

b) kill people who are threats.

In that enviroment, where you are hiring professional killers, why would you have a wireless enabled door?

[Draco18s]

Most people don't perceive risks correctly, they'll be afraid of flying but won't have any problem driving even if it's statistically far more dangerous.

Even more importantly, they perceive risks they take themselves as less risky than risks others ask them to take.

Continuing with the bad password example: Many, many, many people use the password "password," despite how insecure and obvious it is. But they're perfectly willing to take that risk. But as soon as someone else mandates what their password should be, they'll be up in arms about it: "Someone knows what my password is! Must rebel against authority!"

Because the people who use one password for everything are not the people we are interested in. The game is about very high security places, where we can expect security to be implemented by the most paranoid, knowledgeable, and meticulous guys around.

Brain hacking doesn't solve this problem. Brain hacking solves the John Q. Public not being online. Brain hacking in no way prevents a large secure corporation from taking their secure servers offline.

[Blade]

The people who use one password for everything are the same as the people who work in the high security places.
Anyway, the goal of high security places isn't to be secure: it's to do their job. Sure, you can protect a place from hacking by having no network or no computers, but if you can't get any (or enough) work done without computers or a network access, then your secure place is useless.

[Crusher Bob]

Brain hacking doesn't solve this problem. Brain hacking solves the John Q. Public not being online. Brain hacking in no way prevents a large secure corporation from taking their secure servers offline.

I supposed, to be more specific, it is the ability to high density signal to manipulate any equipment, of which brains are just one example, within range.

[Ascalaphus]

Okay, so I plowed my way through that flame-hammered thread. Some interesting tidbits here and there. I've found that people have the following issues:

Without brain-hacking, hackers don't have anything to do in combat
This is very dubious. A total hacking specialist might be in trouble, but generally you can:
- Learn to use a weapon
- Drones
- Mess up the enemy's TacNet
- Otherwise try to manipulate the battlefield

People can just Opt-Out of the Matrix
Yes, they can. Let them; Shadowrun should have neo-Luddite tribes in the forest, weirdo eco-shamans and paranoid crazies with tinfoil hats. And while the R&D server may be offline, consider the following:
- Companies need some measure of Matrix access for their daily functioning. To communicate with vendors/ customers/ in-house departments located elsewhere
- Companies need to communicate with their personnel
- Drones pretty much require WiFi to be useful
- Normal people will have commlinks the way people have cell phones in the present
- The Matrix is very convenient
- Matrix assistance is so very very useful. Generally a +2 to almost all tasks.

"Normal" security isn't good enough
This can be fixed by constructing the difficulty in a different way.

"High" security is too hard for PCs
This can be fixed by constructing the difficulty in a different way.

Matrix use is a subgame
So is sneaking in, astral projection and Face-work. All players must occasionally sit back and watch someone else do something. That's okay as long as it's cool and fun to watch.
The problem is that hacking takes too long, has a lot of clunky rules and as a result isn't very exciting. This can mostly be addressed by having more exciting things happen, more diversity in what happens during hacking, and smoother (less layers) game mechanics. Any extended check that can be reasonably converted into a single check saves a minute of counting dice.

Script Kiddies
Hacking will be Attribute+Skill based. You simply need programs and hardware to do anything at all, just like you need a gun to shoot people. And just like there are different guns with different benefits, there are different programs with different benefits.

Agent Smith
Agents will be limited to a rating of 4, which is it's Attribute for Matrix tests. It needs Activesofts to gain hacking skills. There will be limits to how much brute force is worth in hacking, but there is a role somewhere for botnets.

I've though about brainhacking, and I like some of it. But not Frank's interpretation;
- Two-way DNI is required for most serious brainhacking, and only local receivers can receive a brain.
- One-way signals to the brain are essentially either a microwave ray gun, or brown noise. Neither is really an instance of brain hacking.

So strapping someone to a chair, putting a trode net on him, and mindfucking him is perfectly fine; pointing a commlink at him from across the room isn't.

For the wannabe brain-hackers among you, I'll leave you the following thoughts:
- Capsule rounds with DMSO, Carcerands with DNI-Nanites
- Gas grenades with Carcerands and DNI-Nanites

Sure, DNI Nanites need to be introduced, but those actually make a lot of sense.

[Blade]

Matrix use is a subgame
So is sneaking in, astral projection and Face-work. All players must occasionally sit back and watch someone else do something. That's okay as long as it's cool and fun to watch.

Cool and fun to watch or quick enough to solve. Even if hacking a single camera was cool and fun to watch, I guess the other players (and eventualy the hacker too) will get bored after the third camera.
So I think you should have two resolutions methods: a quick one for simple hacks and another one for more important hacks (which could also be divided in quick hacks (a few combat turns) and long hacks (several hours with a lot of planning) since both can be interesting). And you have to make sure that the rules for the important hacks make hacking scenes interesting enough for the rest of the team to watch.

[Ascalaphus]

Cool and fun to watch or quick enough to solve. Even if hacking a single camera was cool and fun to watch, I guess the other players (and eventualy the hacker too) will get bored after the third camera.
So I think you should have two resolutions methods: a quick one for simple hacks and another one for more important hacks (which could also be divided in quick hacks (a few combat turns) and long hacks (several hours with a lot of planning) since both can be interesting). And you have to make sure that the rules for the important hacks make hacking scenes interesting enough for the rest of the team to watch.

Good point, I'll add it to the list.

Ideally, routine tasks like hacking a video camera should take roughly as long as firing a gun. Maybe that would be an interesting application of Electronic Warfare.
I'm not sure if I'll end up with exactly the same list/number of skills. Some seem to have rather few applications, or very unintuitive applications.
I'm very intrigued by the possibilities of a more Hardware-oriented hacking approach; once you get physical access, you can do things to a device that will bypass many software security measures.

[Draco18s]

Ideally, routine tasks like hacking a video camera should take roughly as long as firing a gun.

And happen about as often.

Even if its a one-roll deal, you shouldn't be making that roll to walk down each hallway (every 30 seconds).

[Ascalaphus]

And happen about as often.

Even if its a one-roll deal, you shouldn't be making that roll to walk down each hallway (every 30 seconds).

Hmm. I'm in favor of the following way of doing it:

1) Realize the facility's security cameras are not connected to the Matrix
2) Get near a camera without getting seen
3) Hardware-access the camera
4) Hack the security network through the entrance the camera's wired connection provides

[Wandering One]

Cool and fun to watch or quick enough to solve. Even if hacking a single camera was cool and fun to watch, I guess the other players (and eventualy the hacker too) will get bored after the third camera.
So I think you should have two resolutions methods: a quick one for simple hacks and another one for more important hacks (which could also be divided in quick hacks (a few combat turns) and long hacks (several hours with a lot of planning) since both can be interesting). And you have to make sure that the rules for the important hacks make hacking scenes interesting enough for the rest of the team to watch.

I'd have to generally agree with this too, and rethink, perhaps, my standpoint the core system's expected usage is the issue, though I'm not swayed very far from that yet. (IMG:style_emoticons/default/smile.gif) But, working within the confines of the existing one, this is a very good point.

Mentioned before and will be mentioned again. Social engineering will practically always beat a good encryption. Hell, commanding voice some poor Exec somewhere: "State your password!" Good grief.

I've been thinking about the encryption issues of day to day cash transfers that go *through* your local stuffer shack. They can't encrypt their financial books at the corporation (at least not without using a 24 hour key to unencrypt just to look at the things) to something useful, but they can encrypt micro-cash transactions to the banks with a high degree of safety.

Odd, but alright... but in a way, it *could* be made to make sense to both sides of the discussion, fluff-wise. Micro-transactions and small data blips are practically undecryptable precisely because they're so small, you can't get enough of an algorithm going to un-translate, but the larger files (the entire account history in the bank, for example) is large enough to do so with. It makes (more) sense with the one shot pads (even if you don't know the PAD, magic-matrix wise, the algorithm could figure out the core mechanic and then attempt a brute force) but still doesn't make the electronic world a cryptological nightmare (ie: useful).

The other side of that is why don't banks get broken into more often? Because they keep machines constantly running that have logged in with their 24 hour keys and are under physical guard that would require you to be an assault team to access, and any decrypt attempt is automatically logged to a separate system and checked by the spyder. Only the banking industry would usually undertake these measures (and any super-secure site the GM decided on).

This, at least, MIGHT help in cleaning up the fluff around matrix banking activity, something that's bothered me. If noone cared, sorry for the volume. (IMG:style_emoticons/default/smile.gif)

[Ascalaphus]

Matrix Banking is actually fairly simple.

Credsticks don't contain money; they're essentially a large one-time pad keyed to an account. For example:

You wish to transfer money from credstick A to B. You set the amount of money to transfer, and then touch them together. B tells A of an account number to which to transfer the money. A then sends a one-time-pad encrypted message to the bank holding A's bank account; they decrypt it, and transfer the money to B's account. B's account then sends an encrypted message to B-credstick to tell B that the transfer has been completed.

The accounts are linked to the credstick, allowing anonymity and trading of credsticks instead of money transfers, if you like. The transmissions to the bank are likewise secure.

All this is possible because we've got "practically unlimited storage space", and that means a credstick can hold a one-time pad that won't be exhausted in reasonable time (and they only cost 25 nuyen to replace anyway.)

Since the account isn't on the credstick, the bank isn't at risk from people inflating their accounts. However, a hacked credstick could be used to clean out an account. But that generally requires physical access to the credstick; they're so simple that they'd be very hard to hack.

[Wandering One]

My problem isn't with a hardware credstick, but with simply intercepting the local stuffer shack, dropping all the loot to an offshore account in the Caymans, and walking away from the industry which you ran from the middle of Antarctica, on some very private AAA's installation so extraterroriality will get in the way of finding you while you do a quick SIN switch.

Rich for life, and theoretically, very easy for a hacker. Why run? The rules for cashflow, outside of hardware transfers, are very iffy, at best.

[Ascalaphus]

My problem isn't with a hardware credstick, but with simply intercepting the local stuffer shack, dropping all the loot to an offshore account in the Caymans, and walking away from the industry which you ran from the middle of Antarctica, on some very private AAA's installation so extraterroriality will get in the way of finding you while you do a quick SIN switch.

Rich for life, and theoretically, very easy for a hacker. Why run? The rules for cashflow, outside of hardware transfers, are very iffy, at best.

Well, any communication could theoretically be made indecipherable with OTPs. So why doesn't the StufferShack use a credstick plugged into the register? That'd be pretty safe. (You could try to hack the register to make it think it had to pay out to a customer, I suppose. But the bank could have "receiving only" accounts for the registers.)

The problem is much more in getting all those hardware OTPs distributed; that brings us to Johnny Mnemonic-land.

OR to different encryption schemes. I know they exist; I just don't know much more about them. And when I write encrption rules, I need to know at least some basics, just to make sure I don't ignore a glaringly obvious method.

[hobgoblin]

- The big difference is DNI vs. tortoise interfacing. You can use AR through DNI, and use VR with a helmet and gloves. The more directly connected to the Matrix you are, the faster you'll be in the Matrix. However, you'll also be more vulnerable to biofeedback.

my understanding is that you cant go VR using only gloves and glasses, you need full trodes or datajack for that.

[Ascalaphus]

my understanding is that you cant go VR using only gloves and glasses, you need full trodes or datajack for that.

That's the RAW, yes. I don't agree with it.

The real important distinction to me isn't AR/VR, it's DNI or tortoise. In DNI you're much faster; many actions will take one "size" less in DNI.

For IPs, I'm thinking about just having 1 IP, but letting "meat" IP boosters apply. Perhaps a specialized booster that only increases IP for mental actions, like budget Wired Reflexes.