Decking, the SR3R way Options

[Aku]

I would expect VP's to have ATLEAST security grade access on their hosts, and, if there are only a handful of them, or they happen to particularly savvy, they might even have (or hacked) superuser access.

[Shockwave_IIc]

[Eyeless Blond]

[Shockwave_IIc]

[Eyeless Blond]

[hahnsoo]

Here's another explanation that doesn't require any rewrites of the rules: The security tally represents the awareness of the system resources against an individual decker. The IC are always at least partially active (like sleeping giants or royal guards that are motionlessly standing at the front gate), but more experienced deckers learn to sidestep the obvious ones and thus don't bring up the security tally as much. In effect, the IC are always patrolling and guarding, and the decker is sneaking around those sentries, and the security tally is a "random encounter" table. IC aren't individual pieces of software, but instead represent one copy (out of many) that the system can replicate as needed, limited by hardware. In this case, we assume that deckers are smart enough to evade IC, tactically getting themselves into situations where they can fight IC one at a time (unless faced with custom code).

Passive and Active Alerts are affect all deckers, as they are klaxons to mobilize resources security-wise. The IC kick up into high gear and start to actively chase around any possible intruders.

[Kagetenshi]

Decking Revised: A Retrospective

Here's what we have now. Some issues are tagged "further discussion welcomed"—in a strict sense this is true for everything, but the ones noted as such are particularly still up in the air.

Assumptions:

The WMI does not exist, or if it does it does not use rules meaningfully different from those currently used for wireless links (see #4, Link Utilities).

The Matrix does not crash and is not replaced by something meaningfully different in the timespan currently being focused on.

1) Too many operations. What can we combine?

Access
Deception
Logon
Freeze Vanishing SAN
Graceful Logoff

Encrypt/decrypt

Extensibility: quite simple, really. If it's an Access operation that doesn't involve encrypting or decrypting, it uses Deception.

Commentary: You'll still be using Access as the TN to do things like crash the Access subsystem, but I don't consider that an Access operation per se (you aren't Accessing anything).

Control
Analyze
Analyze Host
Analyze Icon
Analyze Process
Inject
Abort Host Shutdown
Block System Operation
Crash Host
Alter Icon*
Redirect
Decoy
Redirect Datatrail
Relocate Trace
Validate
Dump Log
Invalidate Account
Restrict Icon
Validate Account

Extensibility guidelines: if it involves analysis, stick it under Analyze. If it involves interfering with a running process, use Inject. If it involves falsifying data or otherwise confusing system monitors, Decoy. If it involves logs, user accounts, or using the system's own security systems to allow you to do something or disallow someone else from doing something, it's a Validate issue.

Commentary: Altering an icon at will seems similar enough to the idea of injecting arbitrary code that I stuck it in there with it. Opinion?

Index
Browse
Locate System Resource
Trace MXP Address
Scanner
Locate Icon

Extensibility guidelines: If it's finding something that's a basic part of the system or can be considered a file, folder, subsystem, whatever rather than an active user (keeping in mind that processes can be users too), it goes under Browse. If it's finding something that has an icon, it goes under Scanner.

Or, to simplify it further: if it moves, it's Scanner. If it doesn't, it's Browse.

Commentary: Self-explanatory, I think. We'll need to define what a system resource is or come up with a better term, though.

Files
Read/Write
Manipulate Data

Encrypt/Decrypt

Extensibility guideline: this one's really pretty basic. If it has to do with reading data from or writing data to something that isn't a slave or protected by special permissions (logs, user databases), it goes under Read/Write.

Commentary: something about Make Comcall being here doesn't sit right with me. Any thoughts for a better place to put it? Possibly combine Commlink and Triangulate and put them both under Slave? Update: Done.

Slave
Spoof
Control Slave
Edit Slave
Monitor Slave
Commlink
Make Comcall
Triangulate

Encrypt/Decrypt

Extensibility Guideline: if it's a slave node, it falls under Spoof. This one's really easy as long as you don't try to make Slave do something that Slave shouldn't do.

Commentary: The exception is for cases like Triangulate. Is there another case someone can point out where additional information might be gleaned from a Slave that would need a program to calculate? Also, see Files commentary. Update: Triangulate no longer uses a separate utility.

Other
Analyze
Analyze Subsystem
Inject
Crash Application
Purge
Disarm Data Bomb
Disinfect
Relevant worm
Infect
Sniffer
Intercept Data
Commlink
Tap Comcall
None
Swap Memory

Encrypt and Decrypt
Separate utilities, but it makes little sense to discuss them separately.

2) Validate makes the world obsolete.

Tentative: Validate and Invalidate Account can only be performed on the main user database, which may be protected or on another host altogether. Other functions of Validate may be used anywhere. Discussion welcomed.

3) Program sizes: needed detail and balance, or needlessly complex? Moreover, do we need active memory? Does it need to be adjusted?

Program sizes are maintained, as is active memory.

Possible issue: this may make it too easy to program necessary tools. This will be looked at again when programming is considered.

4) Link Utilities: do we need them?

No. Link utilities are now gone. The appropriate hardware is all that is required to use a wireless link.

5) Null Operations: what the hell do we do with this?

Nothing. Rules stay as is.

6) Sleaze+masking: keep or toss?

Tentatively keep both. Further discussion welcomed.

7) Combat Utilities: how are they going to work?

Attack utilities use decker's skill, with program rating determining attack Power. Killjoy and Black Hammer determine their damage level based on the host they're on; the explanation for this is that the utilities involve using the host's processing power against the opposing decker. The Power remains the rating of the utility.

8) Guardian: do we need it? Should it be software?

Guardian is now gone, and will be replaced by appropriate security hardware.

9) Maneuvers: do they add anything? Do they need to be trimmed or altered, or removed completely?

More discussion needed.

10) Multiple Deckers: how do we deal with them? Multiple copies of IC or single? User-generated tally or host-global? Does tally follow users?

More discussion needed. Three suggestions:

1: every user has their own security tally, which follows them as in canon SR3. The highest of all the tallies on a host is the one that determines IC, and only one copy of IC shows up.

Issues: too easy to mob and overpower IC with a decker pack.

2: tally is held by the host and follows deckers amongst security-linked systems, but not elsewhere. Tally is equal to the tally generated by all deckers on the host.

Issues: makes tally generated on a RTG not worth bothering about.

3: Both the user and the host have tally counts. Every point of tally gained on a system adds one to the tally of the user who triggered it and to the tally of the host itself. Anytime a decker joins a host that has less tally than he or she does, the host's tally rises to equal that of the decker.

Issues: involves the most bookkeeping.

Thoughts?

~J

[Eyeless Blond]

I'm still in favor of ditching Sleaze altogether and having DF just be dependent on the firmware in the Masking chip. It's not like Sleaze is used for anything other than increasing DF: why *wouldn't* that piece of the software be hardwired into the Masking chip, which does the same exact thing?

As for tally accumulation, I perfer option 2. Since tally never accrues when jumping from RTG to RTG anyway it's already pretty easy to just keep bouncing from RTG to RTG until you don't get any before logging into your target host. Plus while you're doing so you can Redirect Datatrail a few dozen times preventing traces from ever looking at you. Consider it a simplifying assumption that all competent deckers are going to do this anyway, and there is essentially no difference between Options 1 and 2 except the system no longer looks like it was specifically designed to give deckers a challenge while still letting them get away with whatever they want. :)

[pragma]

On the issue of multiple deckers:

I am in favor of option two because it balances the increased security tally increase rate of multiple deckers against the greater ease of suppressing IC. Further, it requires minimal bookkeeping and streamlines runs by cutting out the RTG level (which I've always felt to be largely frivolous and inconvenient).

On the issue of maneuvers:

In my experience all are valuable (evade detection far and away the most valuable though) and none are unbalanced.

On the issue of sleaze:

Drop it and have the software represented as a component of the persona attribute (call it a driver ... or something else if I'm wrong). This keeps the necessary number of utilities down and reduces the number of special utilities, which makes utility function more uniform.

[Eyeless Blond]

Okay so that's two votes for dropping Sleaze and two for Option 2 for Tally Accumulation (tally is a static number held by host and activates IC as it grows; multiple deckers share tally and tally increases) Any other votes?

To that option 2 for tally accumulation, maybe there could be rules for variable proliferation of tally from parent RTG to child LTGs. What I mean is you *can* have tally inherited from the parent RTG, as the RTG issues sort of systemwide "alerts" or something, but it's not going to be complete as it would be from within an LTG/PLTG and possibly be variable, as the main RTG is probably always giving off systemwide alerts of some kind or another from all the idiots doing stupid stuff to the grid.

[SirBedevere]

As Sleaze only affects Masking, yes I think Sleaze should be dropped as well.

As for tally I do agree that option #2 seems the easiest to work with. Go for it.

[Kagetenshi]

Security tally: Option 2 implemented.

Sleaze: tentatively dropped.

Does anyone see other issues that need fixing right now, or do we go to a round of playtesting to identify issues?

~J

[Shockwave_IIc]

If i remember correctly i votes for Sleaze to be dropped a way back.

[Kagetenshi]

Since there are no other issues being proposed at the moment, I need a few volunteers for playtesting.

Where: Welcome to the Shadows, this thread. Directions are there.

~J

[Fix-it]

About #10, multiple deckers.

I like solution 1 the best, and it makes sense in my mind. Distributed Denial of Service attacks are some of the worst on the web right now (Read: a buttload of computers mobbing the host)

the solution to limiting the number of deckers on a host is limiting the amount of programs and personas the host can handle along with normal traffic, before flatlining itself, or deleting the largest unesssecary proccesses (the ones without hard-coded priority)

Include IC in this count, and throw in a random dice modifer to determine current legit traffic. any excess gets hardware resources taken away, and the programs will crash. this may mean that the host will stop functioning to legit users as the matrix battle gets underway, or it may mean that the decker's hot new attack program fails to load.

I apologize if I've flogged the dead horse here. I just walked into this thread and I think it's a damn good idea after looking at all the negativity floating around the SR4 forum.

[Kagetenshi]

No problem, unless something truly gets beyond the point of there being anything new being said by anyone, revisiting old topics is just fine. We'll toss in a round or three of Solution 1 in playtesting just to see how it shakes out in comparison.

~J

[Wolfen]

Very interesting. I can see I'll need to keep up with this thread, having often been the frustrated decker of my group :)

As an alternative way of handling the multiple deckers/pack attack problem;

When a piece of IC is triggered, it goes after the decker that caused the triggering event and attempts to locate them.

On finding them, it does it's normal task. (validating their presence, logging them, attacking them, etc)

Any decker (or other entity) that commits an act that COULD raise security tally while the IC is present (by using a non-authorised system command, initiating cybercombat against the IC, etc) will add itself to the IC's list of unengaged threats.

The IC can, as a free action, at the start of any cybercombat round if combat is already taking place make a system call to clone itself, assigning the clone to deal with the first entity on it's 'unengaged threats' list and moving that entity to it's 'engaged threats' list to prevent it spawning any more copies for that entity.

This would allow decker teams the advantage if they move fast. It only spawns IC for identified threats (so is not wasting resources) and doesn't increase the tally independantly of the security rules. It gives the system a chance to avoid the pack attack problem if the deckers aren't on their toes, or if they are unlucky.

Wolfen.

[sanctusmortis]

I am currently creating for a game I'm running soon "Gigabit Decking". Basically, there is no Decker in the group, it's an Otaku. As such, I can massively streamline the entire ruleset. So far:

*Thanks to an intimate knowledge of computer programming learned from my CAP dad and the simplicity of the Channels system, I've managed to cut the entire system of programs down to nigh-on nothing. Example: you want to run a search to find a datastream on the LTG on a subject you are interested in. To do so, you create a search program; the Channel is Index (you're searching, so bypassing the Index rating is your first priority), difficulty as normal. Once this done, you have the search function program; now to make it work. Obviously, you need to access Files next; TN as encryption level of data (if data is just the latest news or some other freely available details, the difficulty is 4 to find a good source that's actually reliable...). After that, if successful you have the file. Voila. Accessing systems is even easier, as it's just a matter of rolling Access...

*Current biggest problem? Combat. Currently thinking it should be like the Astral Combat, but I'll have to adapt Combat Programs to be like spells. Currently I'm thinking that Combat Programs will have to be "preprogrammed", ie made in advance. I'm thinking maybe an Otaku could "store" such programs in their Mp; however, I was kind of hoping to get round the entire concept of Mp, so maybe you can hold back CPs equal in Rating to your Willpower (so Willpower 6 = 1 Rating 6 CP, or 3 R2 CPs, etc...? Thoughts anyone on how to do this one?

*The final problem left, then, is what happens when I don't HAVE an Otaku. The entire system needs porting to Deckers, and that means adapting cyberdecks too... Erk.

So, any help would be much appreciated, as after all I will be the only person who even knows the game properly and as such I can't rely on their aid either...

[ShadowDragon8685]

Wow. Some people have put a LOT of thought into all this. I applaud it.


Personally, whenever I think about jacking into the Matrix in Shadowrun, I (and my friends, after I mentioned it to them,) start hearkening back to The Matrix. Y'know, the one with Keanu Reeves.


And I agree that having a "fair play" variable on a system is dumb. Personally, I would think of any system as being like the secured building from The Matrix. As soon as you confirm an attack underway, you send absoloutely everything you have out to deal with the threat. Not only spawn one IC instance for any individual Decker.

Errrr, 'scuse my rambling. Anyway, I'd go for Option 2, personally. IC has, I believe, waay too much chance of pwnz0ring a single decker, but if the deckers start teaming up, it should be another story. The balancing factor is that the security tally is going way up because you have more than one who're doing this stuff. This means things escalate, rapidly. Which, really, is cool if you have a decker-heavy game. I'd imagine if you had three Deckers working together, you could get more heavily into the Matrix, and it's sculpting and such. So as opposed to rolling your Computer Use dice and just calling out damage, you could start to describe more.....

Okay, I've lost myself and I'm rambling. I am of course an idiot, but maybe you can understand what I mean through all that drek?

[sanctusmortis]

That system I'm coming up with is sort-of based on the film, especially in the depth of realism present. As for how programs would appear... think origami. You fold the paper into a dove, the dove flies away (search); you fold it into a key, which you put into the lock (access); you fold it into a sword (combat); and so on.

As such, IC will appear like security, and their levels reflected in the seriousness; Black IC will look like the military, for example.

Still got to work out combat...

[ShadowDragon8685]

Sanctus, that sounds awesome.

Me?

I'd put it at (for standardized places, something like the Renraku system might have different iconology,):

White IC: Police
Grey IC: SWAT
Black IC: Military
Beyond Black (I think it's UV IC, but I'm not sure... well, you know what's coming next,): Agents. 8)

I like your origami idea, though I'd personally go with a "pulling things out of my pocket with a splash-burst of those fly Matrix symbols". :)

[sanctusmortis]

It's for the subtle approach; if someone watches you work, they're less likely to report a paper-folder than the man who pulls an AK out of his pocket...

I'd forgotten there was a beyond black... FBI does seem a good enough comparison for skin.

I think I've got round the combat issue - 2 types of program, prewritten and on the fly. Prewritten represented by a sheet of paper with fold lines drawn on, on the fly blank paper and pen. System terms, a decker can carry Mp worth of pre-mades, size dictated by Rating x50Mp. Seems the Mp issue won't go away, so I guess they're for keeps... I suppose an Otaku could have "remembered programs" that require a Computer (Programming) test to call up, TN of Rating and Rating dependant on difference it makes to damage dealt.

So, Daemons next. Hoo boy.

[Westiex]

[sanctusmortis]

Well, I may add a further level of IC anyhow; something to make players immediately evacuate an area.

So, anyone else got any ideas? I suppose Daemons won't be too hard, but do you think the combat system will work?

[Eyeless Blond]

I... actually have no idea what you're going on about. Sounds to me like you're completely scraping the current (SR3) decking rules and making up something completely different, based around the magic and otaku rules. If so then you're in the wrong thread; this one is about revising the current SR3 rules so they 1) make sense, 2) are internally consistent, 3) eliminate "special case" scenarios as much as possible, such as (I presume) Open Tests, the Maneuver Score, weird "exception" programs like Sleaze, and various other rules oddities that have cropped up.

I suggest you start a new thread if you're after a complete toss-and-rewrite; you'll even get more people reading your thread than this one as most of the important stuff here is in the testing stages, so the thread is somewhat less-than-active.