[X] My Assistant

[Sir_Psycho]

Oh, I was meaning to ask, being unfamiliar with all the Matrix Operations. Are any of those listed from the Matrix sourcebook?

[Kagetenshi]

Yes. In general, the work of SR3R takes into account all of the core SR3 books (SR3, Matrix, Man and Machine, Cannon Companion, SRComp, Magic in the Shadows, Rigger 3 Revised, I don't think I missed any did I?), and tries to take into account all SR3 books except Shadows of Europe, Shadows of Asia, SotA:2064, and Mr. Johnson's Little Black Book (I think that's it). At this time, we are not involved in any specific effort to make a version of SR3R playable with just the core book, though it's entirely probable that some improvement may be made to the core book by the application of those rules that are relevant to it.

~J

[nezumi]

Alright, I've finished compiling this thread. My notes are as such:

Agreed upon rules largely posted elsewhere:

[ Spoiler ]

A) Combined functions (see decking thread)
B) Validate and invalidate Account works only on main user database. All other Validate functions can be used anywhere
C) Link utilities are removed, only HW is required for a wireless link
D) Sleaze has been removed. Masking alone determined Detection Factor.
E) Combat utilities use decker's skill with program rating determining power. Killjoy and Black Hammer determine damage based on the host
F) Guardian is now gone, replaced by appropriate security hardware
G) Hacking pool can be exchanged for Detection Factor
H) Tally is kept system wide, brought up to the tally of the highest individual on the host
I) Detection modes are removed

Issues without suggested rules:
1. Hacking pool should have more basis on skill or attributes
2. Multiple systems for deckers, one quicker for interaction with non-decking PCs, one more expansive, both equivalent except for speed and detail
3. Determine if programming tools is too easy
4. Deck construction rules need to be reworked


Suggested rules:
A) Drop response increase in favor of mental-initiative boosting cyber (like a VCR)
1. Should be capped by deck
X (Has this suggestion been retracted or voted down?)
B) Redirect Datatrail success adds +1 to the Location cycle (making it take longer, not harder)
C) IC are just frame agents loaded with appropriate programs
1. All IC get the features of Probe IC (adding to the value of System Tests)
D) Persona attributes can be redistributed with a complex action while in the system
1. Optional rule: you can go above the MPCP limit by paying 2 MPCP pts per attribute point
E) Drop memory requirements (like SR4)
F) Agent rules are kinder, allowing a decker to have multiple agents. Drones are agents with bodies (SR4)
G) AR allows for people to do simple things without physically disengaging from the real world (SR4)
H) Drones and matrix simsense feeds are identical, allowing deckers to give orders to drones and CCSS rules (SR4)
I) All electronic devices (including cyber) can be connected to the matrix and thereby hacked (SR4)
1. ACIFS of 2*rating for all areas
J) Everyone should be able to use AR and therefore the matrix, making the computer skill much more common


I would add the following three:
K) IC should have to spend time searching rather than immediately appear next to the decker after the tally has increased
L) The decker should be able to directly deceive the IC, not JUST the host
M) A legitimate user who commits an illegal operation may be dumped with no tests
N) Prices should be included for non-illegal decks in the main manual

K, L and M are based on the paradigm of decking. The host does not know where the decker is, or which user is causing these violations. In theory, the system SHOULD be keeping track of all legitimate users. The problem is the decker is a ghost in the system, hence the reason why he isn't mobbed when he gets a tally of 1. Because legitimate users ARE tracked, they're dumped. The V-P who is peeking at a file he shouldn't after a script-kiddy has run up the security tally will be disconnected and his violation (possibly) logged. If the V-P goes home and connects using an illegal deck by abusing a security hole in the login script in violation of corporate policy, he may be dealt with like a common criminal as he now is.

On the flip side, the decker who is bopping around is impossible to directly trace. As the security tally goes up, the host begins dispensing extra IC, multiple copies of IC likely (one per area) to search for the decker. IC will query any icon in the area to determine if it's a legitimate user or system icon (in which case it's left alone) or anomalous, in which case it's dealt with however the IC deals with things (attacking it, in short). The decker then has a chance to evade pursuit (which is difficult, since you can't really hide), respond to the IC's query, then to defend himself.

This also meshes better with the question of stationary IC. It's not uncommon to have a room or node full of stationary IC to serve as a chokehold. Currently, as the decker wanders through, he is completely safe from this IC (assuming it's not a tar baby/pit) assuming the system doesn't do anything that bumps up his tally, in which case he just has the IC that's in the room with him attack with better speed (since they're already there). Having a rating 9 black IC guarding an access point to a particular server does nothing beyond that. It can't double check that users are valid or attack people on sight. It sits there until the user's tally goes up, THEN does something scary. Seems broken to me.

With my suggestion, when the decker comes into sight, the IC continues to query him and verify he's a valid icon. If he fails the query, the IC "sounds the alarm" by attacking and then crashing the decker or adding to his tally (in theory). It makes IC into a useful sentry.

This also helps us deal with the question of why the user isn't mobbed when something goes wrong. The answer is there are multiple versions of the same IC, but they're spread out since they need to find him first. If he jumps around too much and has a tally of 5, he will accumulate multiple probe IC, even if he never bumps up the tally again. The mob of deckers is no more dangerous than a squad of runners, however the lone decker can still survive a host made to deal with a mob of deckers by just being sneaky.


Thoughts? Comments?

[nezumi]

To again vote on my own notes...

A) (Response increase due to cyber)

Yes, sounds cool and helps differentiate between real deckers and people with the computer skill

B) (Redirect Datatrail makes tracking longer, not harder)

Sure

C) (IC are frame agents)

Yes, some should be. It's simpler and allows for a good deal of customization relatively easily. I don't know that purely reactive IC should be though (data bombs, tar pits, etc.)

1. (All IC also Probe IC)

No, but make it so the Probe functionality can be added. This feeds customization.

D) (Attributes redistributed on the fly)

No opinion

1. (Overclocking)

I'd avoid it for now.

E) (Drop memory requirements (like SR4))

No

F) (Agent rules are kinder,)

Yes

(Drones are agents with bodies (SR4))

Hmm... It would be cool if some were. More on this later.

G) (AR for simple actions)

Yes, definitely. People should be able to do a certain amount of stuff through this simple interface; search for information, give simple commands to their trid, give basic orders to drones, etc. This is commonsense functionality, allows for non-deckers to feel the world is more wired, and gives deckers and riggers the flexibility to play their class without completely disengaging from the party.

HOWEVER, this should in no way be a replacement for decking. Imagine this allows for things you can do with no utilities. Nothing complex or too fast. Captain's chair only with drones, no decking against anything tougher than a Blue host. To really do stuff drek-fast, you still need to get into the mud with it.

H) (Drones and matrix simsense feeds are identical)

At times it should be. I feel that many drones should be accessible through the Access Slave actions (which require the appropriate skill). The little cleaner drone in your house is modified using that, and the security drone can be given orders by the decker. However this functionality can be disabled, and a pure decker can never jump "into" a drone, nor can a rigger function appropriately in the matrix without the appropriate gear and skills

I) (All electronic devices can be hacked)
1. (ACIFS of 2*rating)

Some should be. A trid can be. We need more small time gear. But most can't. Cyberware can't, too much is firmware or hardware. ACIFS*2 is reasonable.

J) (AR for everyone!)

As above, yes. This also helps fulfill Kage's dream that everyone needs the computer skill (without requiring they put down a few thousand for a deck). This can also tie into the Credstick question, since everyone has a way to interact with it (although while instructions may be sent using a third device, the two credsticks only actually exchange money between them through physical contact, helping to increase security.)

K) (IC should search for the decker)
L) (Decker can deceive IC directly)
M) (Legit users dumped with no tests)
N) (Prices for legal computers listed)

Yes to all for reasons I've already specified.

[SirBedevere]

I'm pretty much in agreement with you nezumi with the exception of:

D) Agreed

1) Disagree

[nezumi]

I was up last night thinking about the security tally problem (yeah, I know).

I think the best way to setup matrix security is keep it analogous to physical security. A host is akin to a facility.

Our decker is an intruder. He doesn't attract notice because of his Masking rating. It works by maintaining and creating several false facades it presents in response to standard queries. If the query is actually more along the lines of a password, Masking isn't sufficient, because it can't represent something based on the surrounding terrain, so the decker has to use its Deception utility. Analyze is a more pointed, more thorough query, and so that's the only point where Masking is at all tested.

If we go with this, we can assume that any user who is authorized or who is running a legal deck (no masking attribute) does not have this benefit. There is a clear electronic trail connecting the user to his actions. He has a personal security tally, and if he does bad stuff, he is the only one to suffer for it. We can also safely assume that around step 6 or 10 or whatever, there is a "boot user" command on the sheaf. Authorized users get a few probes on the initial misstep, then booted, and their information is sent to security to follow up on. Everything is nice and contained. This also means the validate account action is not such a great action because it means if you do something the system KNOWS is wrong, you don't have a lot of leeway.

Our decker, however, does not leave such a nice trail to follow. He can't be dumped because the system doesn't know which icon is him (since his icon is constantly shifting). If the decker goes into an area of the host where there is no activity, and the host is complex enough to recognize this anomaly, it can then determine that any activity there is illegal and all icons there should be dumped. This would be a good anti-decker trap, he enters a room with no exits, and the system dumps him (or whatever). But as long as the decker stays to areas with other active icons, there is so much activity the decker simply 'blends into the crowd'. It would take too much processing time to determine which of the two thousand actions were linked to which icons (remember, there are more than IC and deckers working in the system, there are legitimate business processes which Masking mimics as well), and by the time the system determines which icon committed the action, the decker is already elsewhere. The system just can't get a lock.


HOWEVER, the system DOES know 'something' is happening and where its happening, and it can respond by following the security sheaf. First it sends the low level IC to determine if it was a glitch, then continues on up. Since the system knows where, it can immediately spawn IC at the location of the last illegal activity. Unfortunately, that IC has to now actively search for the decker, using analyze icon on different objects (since the decker is still part of the crowd). This gives the decker a little more time since he's found. All non-reactive IC would rely heavily on Analyze Icon as it goes through to actually determine which icon is anomalous, and therefore should be followed or dealt with (I can imagine sometimes glitches cause business process icons to appear odd, and the IC then attack that instead, crashing the process).

So there are a few changes from the current rules:
1) IC reacts instantly, but it takes time to FIND the decker. The time is based on how much activity is in the area, how far the decker has moved, and how much in the way of system resources are dedicated towards running this piece of IC (in other words, rating of the IC).

2) The process of finding the decker is pretty simple. Analyze icon, if it comes up as anything other than what it should be (legitimate icon), the IC does whatever it does. If for some reason, a legitimate icon appears odd to a probe IC, the IC NEVER REACHES THE DECKER! If it appears odd to a gray IC, the gray IC crashes it (since it can't fight back), and resumes searching.

With both of these, Evade Detection (and therefore, the Icon's Evasion rating) can be used to put more distance between the decker and the IC before the IC locks on, possibly making it so the IC never finds the decker at all.

3) Security tally is applied to the lowest level possible. If a legitimate user commits illegal operations, only that user has a tally. If it can't be attached to a user, that region (that node and the neighboring nodes) have a tally, with surrounding nodes perhaps having a slightly lower tally. If illegal actions are fairly dispersed, indicating the decker is moving quickly, this can result in the decker either "outrunning" his tally (since the actions in two very separated areas are too far apart for the system to think they're related), or may result in an increased tally across the system. A pair of illegal deckers on opposite sides of the system may see some very odd results with the security tally. Decker A may get a probe, then a few turns later, see Black IC, because the global tally is being bumped up by Decker B elsewhere. Legitimate users, however, only see a slow down in the system as more resources are dedicated to hunting IC.

3b) A system may decide to try and isolate a hacker. This includes not only 'no-exit' rooms, but actually disallowing any traffic from one node (or one group of nodes) to the rest of the system. This is a very dangerous thing to do, since it not only cuts off the decker, but stops ALL processes, legitimate or otherwise from conducting business that extends beyond that area. However, this is obviously better than a shut-down. An unwary decker with a high tally may find himself suddenly trapped in one part of the system, as its inundated with white IC.

4) IC serve as the host's eyes. That means if a decker has a probe tailing him, the host has a lock-on. IC does not have to hunt, it just goes to where the probe is. Similarly, the system doesn't have to hunt and can bump the decker when it likes. Wandering around with a happy probe is far more of a threat than it was before.

5) Reactive IC is linked to an action, so will always hit only the icon who commits the action. They don't need to hunt. Similarly, stationary IC (like a blaster posted at a valuable node) will analyze every icon that passes by and will automatically attack suspicious icons, regardless as to their tally. These are the sentries.

6) Increases in alert levels are system-wide, and possibly network wide. Alert just means the system is being more cautious.

As an aside, there should be more visible activity than we get from reading the rules. There's a line in the matrix section about how 99% of the activity is blocked from our eyes. But I ask, how are you supposed to interact with a world you can't see? Yes, you can set your deck so it doesn't show the icons of users, or of business processes or IC or what-have you. But that's something you'd manually set, otherwise you see EVERYTHING. On the flip side, due to the decker's masking rating making him ambiguous, normal users and processes will regularly "see" the decker for a few moments, but represented as something else like a file, a phone call, another user, etc. Meanwhile, the decker can set his filters to see everything, so he can interact with the whole world. This would include funny pranks like modifying a legitimate user's icon so it no longer appears legitimate or has a tally of 40, so suddenly a bazillion grey and black IC jump out and attack him. Imagine the laughs! But most certainly, the decker's success depends on blending into existing traffic, becoming amorphous.

So what are the advantages of my suggested system?
- Bad things done by legitimate users are handled quickly, quietly and safely
- Bad things done by illegitimate users are restricted in scope, so legitimate users aren't handed an inappropriate response
- The system doesn't simply "know", and IC doesn't magically appear after 1d6 rounds, but the same system, even while its programs attack you, can't just disconnect you.
- If the system DOES know where you are, it can boot you
- This adds much more 'color', since the decker can interact with his whole environment including other users, and can play funny pranks on them

The primary disadvantage I can see is that it makes the rules more vague. The decker increases the tally in Node A. When he moves to Node F, what is his tally? The best suggestion I have is determine how to split large hosts down into sub-hosts or regions, and the tally applies to the entire sub-host. All surrounding sub-hosts have a fraction of the alerted sub-hosts. So a fast moving decker's tally will gradually decrease, but on the other hand, camping out in one area (which is generally what deckers do) will simply suffer the standard rules. This may rely more on having a good GM who can come up with good rulings based on guidelines.


Thoughts? Comments?

[Eyeless Blond]

Wow, amazing to see all this (semi)-active! I've been gone for... over a year and people are still plugging away; I'm impressed and pleased. :)

To respond to nezumi's points:

A) Absolutely agree that initiative-boosters should be all cyber-based, rather than external-hardware based (I came up with the idea; one has to be his own biggest fan :D). The breakdown, as I saw it, went thusly:

• "Physical" initiative boosts came from Wired Reflexes (+2+d6 init/rating level, can be switched off to avoid "twitch-fire"), or their bioware equivalent (Synaptic Accelorators, harder to detect but cannot be switched off). These affect actions made in meatspace, but not purely mental actions like decking, using DNI to drive a car, etc.
• "Mental" initiative boosts come from the Encephalon (again, +2+d6 init/rating level). These affect only purely mental actions: DNI driving, decking, CCSS system-interaction, etc. Encephalons no longer provide Task Pool. Dunno about a Bioware equivalent here, at least not pre-2070.
• Reaction Enhancers (+1 Reaction/level) and their bioware equivalents (Boosted Reaction treatments, +1 Reaction/level) affect both physical and mental initiative.
• VCRs have their init-boosting effects stripped out, and only provide the driving bonuses. Essence and nuyen cost are reduced.
• A given deck can only handle a maximum-rated Encephalon rating of MPCP/3, round down to a minimum of 0. Beyond that the headware is just too advanced for the hardware to cope with, much like having a persona attribute that's set too high.
• (HIGHLY DEBATABLE): Combat turns could be run like this: if your Encephalon rating is higher than your Wired Reflexes rating, roll the extra die separately. If you get an extra init pass, that pass can only be used for purely mental actions (observe in detail, etc). If opposite is true, any extra init pass gained by WR can only be used on purely physical actions.

B) Agree on redirect making it take longer to find you instead of harder.
C) Agree on IC as Agents as Drone-rains. Also agree that Probe should be a program run on an IC/Agent.
D) Not sure about this one. I do kinda want something similar to modes, but I think this one'll need a little more thought. At the very least it shouldn't be as simple as a complex action.
E, F, G, H, I) Emphatically YES! These are the best parts of SR4's Matrix; we should definitely cherry-pick them.
I-1) ACIFS of rating+5 for all areas (oddly, that better simulates the ranges given in the books, though maybe rating*1.5 + 3 would also work).

J) How about this instead: Computers as an active skill refers to the more advanced uses--programming, conducting advanced searches, hacking, etc--while the knowledge version is used for more everyday activities, like finding recipes or looking up stock quotes. Most literate characters will have at least a few ranks in the Computer knowledge skill just to get by, but only hackers will bother learning the extreme nuts-and-bolts of an active skill discipline.

K, L, M, N) Absolutely.


Also re: the recent essay. This brings up an interesting point: exactly what is the difference between Evasion and Masking, and how should each interplay in keeping a decker's deck hidden? As it stands Masking is far and away more useful than Evasion, especially now that Sleaze is out of the picture. We should really change that. Maybe we should tinker with DF and how an icon is detected in its entirety. It actually rather bothers me that DF needs to be so darn high for a decker to amount to anything; should we be monkeying with that?

[Kagetenshi]

Welcome back! I was hoping you'd drop by these parts again.

Actual responses when I've had more than two hours sleep in 36 hours.

~J

[Eyeless Blond]

To add a few suggestions to nezumi's list:

[Platinum]

I personally think that a cpu should have absolutely nothing to do with your hacking pool. It has so much more to do with your skill, and intelligence. If you want willpower to have an effect I am ok with it ... but I am not a huge fan.

I really like toasting the reaction increase on a deck ... it never made sense to me.
I think the persona chips are messed up and should really be based on the MPCP.

Running in certain modes will allow you to move the values around, and should be reconfigurable on the fly. Like you said ... you need to charge a great deal more for the MPCP.

I never understood how security tallies can accumulate across multiple hosts? I know it is a mechanism to get the decker to leave their house .... but I think there should be reaction penalties or hacking pool penalty per host and not tallies. I think that higher code systems should impose more of a penalty because they will require more upkeep.

green 0
blue -1
orange -2
red -3

I would like to see many more init based penalties since it really hits a decker where it hurts.

[Eyeless Blond]

[Link]

SR has traditionally placed great stock in the best hardware. Removing the MPCP contribution to the Hacking Pool as well as eliminating response increase means a deck looks less impressive, is the MPCP's main effect to allow higher software ratings?

Unlimited deck memory I dislike. While there may be free shitty Matrix memory through AreSpace & MCTMail, it should be insecure and slow. Having more RAM & HDD space is as desireable as it was 10 years ago so what's the logic behind SR4's unlimited memory - simplifying the rules?

What's tunnelling etc? Is it subsumed under Host Logon tests and Access ratings for the less technically savvy? :wobble:

[Vvornth]

I started following this thread in hope to find rules making Decking more logical and skillbased but ended up getting a headache. :read:

[Herald of Verjig...]

[Kagetenshi]

Yeah, pretty much. I intend the final ruleset to be logical and relatively easy to follow. I do not require any such thing of the discussion leading to the final ruleset. Edit: well, ok, maybe I do require the discussion to be logical. Maybe not logically ordered.

Is someone going to present the argument for why decking should be less reliant on the deck's rating?

~J

[Platinum]

[Platinum]

[Link]

[Platinum]

well .... basically ... it just means logging onto a host.

if you can get admin access to host a, you can start a connection process to another host b. When the tracer from host b tries to trace you, they get the address of host a. They would then have to crack host a in order to find your starting connection.

logging into the host and starting a connection to another host is what I meant.

[Eyeless Blond]

[Kagetenshi]

I think we're not talking about the same thing. I was referring to the proposal to take MPCP out of the hacking pool calculation.

~J

[Eyeless Blond]

[Eyeless Blond]

Looking through the rules in Matrix reminded me, we kinda also need to change how security deckers work. Currently the rules are a little nonsensical--a new guy coming in every three seconds, from here to eternity? No way does that make sense, especially with this re-envisioning of how tally works.

[Eyeless Blond]

[Kagetenshi]

A VCR does add directly to your control pool. An RCD is an optional addon for rigging.

~J