GrinderTheTroll
May 12 2006, 06:28 PM
Hi all,
I've been blowing up the forums lately with my quetions about Subscriber Lists, Nodes, Camera and the like. I apprecaite everyone's patience with me while I get all this mess sorted out in my head and with my SR group. Which brings me to my point, have I been generalizing SR4 too much?
SR4 says (and I am paraphrasing here), "Your subscription list can be unlimited in size, but a Persona (ie. a Hacker) can only access Sysx2 devices at a time". In retrospect this makes perfect sence and also points out the difference between a commlink and a backbone matrix system. My assumption was that this also applied to Nodes/Devices/Systems but no where in SR4 is anything mentioned beyond Persona limitations. The exact wording in this section is what's trigged me to rethink my position.
More specifically, it makes no sense that a security terminal can't be in constant communication with all it's devices at once. SR4 explicitly mentions the limitation of a Persona and by not mentioning non-Personas it indirectly implies they suffer no such limitations.
So I can have a SecTerm-5 controlling 5, 10, 50 or 100 cameras with no problem. I don't need to have layered SecTerms (unless I want it) only controlling Sysx2 devices at a time. A Hacker (Persona) would have a limitation of trying to access too-many different devices/nodes/systems at one time.
Moon-Hawk
May 12 2006, 06:33 PM
Really? If so, that's great. Makes the whole thing make a lot more sense.
Glayvin34
May 12 2006, 06:36 PM
Ooo, that's good.
You could apply that logic to all non-crashable entities, Sprites, IC/Agents/Pilots and Personas, then you'd really prevent the subscribing-to-the-world problem.
And if the people who read these forums are anything like me (which they very well could not), then we enjoy reading other people's thought processes, it helps us think about the rules in ways we were unlikely to on our own.
Backgammon
May 12 2006, 07:05 PM
Ok, but it still doesn't solve the 'problem' of terminals only being able to run a few programs at a time before suffering from Response loss, which IMO is still nonesensical for me. Especially since someone tought of making DoS attacks with Agents on a server to quickly and efficiently bring it to it's knees.
stevebugge
May 12 2006, 07:08 PM
It seems that servers/hosts should have either much higher system ratings or should have a different multiplier for the number of programs they can run before suffering response decrease.
DireRadiant
May 12 2006, 07:13 PM
My take.
Subscription List = Phone Book
Persona|Device X2 Active Subscription imits = Number of active connections
I have everyones phone number, but my phone only allows 5 people on the conference call.
How does a system handle if you want to talk to more then 5 people. You need to drop one and add the next and cycle through all the people you need to talk to. Slow if it's a phone call, Incredibly fast for commlinks|ComputerNodes.
Security trick - Secure Node has a subscription list that is limited to the specific devices it's supposed to have. Security device onyl has the subscription list of the security node it is meant to talk to.
Security Node (Imagine a sec console with 100 cameras it's monitoring)
Subscription list contains the commcode for 100 cameras.
System Rating 5 = 10 active connection.
Security Node POV
Security Node subscribes to the first ten cameras on the list, issues command to transmit the last ten seconds of video to security console in a high speed burst.
Security Node receives data.
Security Node Unsubscribes first ten cameras
Security Node Subscribes to next ten cameras
repeat
Camera POV
Camera gets susbcription request from Security Node.
Camera check subscription list (Which only has the Secuity Node commcode)
Camera allows active subscription
Camera receives download command
Camera transmits download
Camera gets unsubscription request
Camera unsubscribes
repeat
Since most devices are response 3, it's pretty easy to set up a very quickly expanding tree with redundancy to effectively get a large aggregated data feed from a large set of devices. Consider the effect of having each camera subscribe and share data with at least one other camera.
mdynna
May 12 2006, 08:25 PM
Thank you Grinder. I have been trying to say as much for some time but no one has been listening.
I have extended the "not a Persona-based node" rules to say that these "mainframes" are also not subject to the Response decrease rules. As mentioned above, I don't like the idea of a Hacker being able to bring an Agent army onto a node to bring it to its knees. There is a simple fix for this problem: the Agent is always considered "running" on the Hacker's Commlink. Thus, it counts against their running programs limit.
Does this make sense considering that Agents can run autonimously? No. That's why I like the "no response decrease" rule better. However, the "agent DoS attack" could be applied to other people's Commlinks. Usually when I get into a sticky situation like this, I usually use the "be careful what you wish for" technique. Namely, I have an enemy Hacker apply the same technique (usually in the extreme) to the player. I lay waste to them in some spectacular fashion (don't kill them, but give them a solid pounding). Then I'll say, "Now, would you like to pretend that insert player exploit here can't actually be done?"
GrinderTheTroll
May 12 2006, 09:43 PM
QUOTE (Backgammon @ May 12 2006, 12:05 PM) |
Ok, but it still doesn't solve the 'problem' of terminals only being able to run a few programs at a time before suffering from Response loss, which IMO is still nonesensical for me. Especially since someone tought of making DoS attacks with Agents on a server to quickly and efficiently bring it to it's knees. |
I've asked this question in another thread but it bears repeating here.
What i've proposed is this: Programs running on the Node, that is, not as free-floating agents, but on the node count towards your Response/System limit. Programs launched as Agents/IC don't count towards the Reponse/System limit.
This is identical to how Personas count Agents and Programs. If you have the Agent loaded it counts towards the R/S limit, but once you launch it, it no longer counts towards your limit, it's now "free".
For example, a SecTerm-5 could have 9 Programs loaded at 10 you'd lose a Reponse point: Analyze, Trace, Browse, Encrypt, Attack/IC, Attack-Trace/IC, Attack-Trace/IC, Blackout/IC, BlackHammer/IC (9 total running) and maybe 20 more ICs offline.
If the node loaded one more program, it'd suffer R/S penalties, so if it launched all it's IC apps (Attack/IC, Attack-Trace/IC, Attack-Trace/IC, Blackout/IC, BlackHammer/IC) once an Intruder shows up, it would now have lots of space to run more programs.
The question is, do IC/Agents count towards a node R/S penalty or does this penalty refer to just programs you are running?
Sounds like the current interpretation is they do, but I have a feeling it the latter case is true: Once launched, they are "free" from the original controlling system.
GrinderTheTroll
May 12 2006, 09:51 PM
QUOTE (DireRadiant @ May 12 2006, 12:13 PM) |
My take.
Subscription List = Phone Book Persona|Device X2 Active Subscription imits = Number of active connections
I have everyones phone number, but my phone only allows 5 people on the conference call.
How does a system handle if you want to talk to more then 5 people. You need to drop one and add the next and cycle through all the people you need to talk to. Slow if it's a phone call, Incredibly fast for commlinks|ComputerNodes.
Security trick - Secure Node has a subscription list that is limited to the specific devices it's supposed to have. Security device onyl has the subscription list of the security node it is meant to talk to.
Security Node (Imagine a sec console with 100 cameras it's monitoring) Subscription list contains the commcode for 100 cameras. System Rating 5 = 10 active connection.
Security Node POV Security Node subscribes to the first ten cameras on the list, issues command to transmit the last ten seconds of video to security console in a high speed burst. Security Node receives data. Security Node Unsubscribes first ten cameras Security Node Subscribes to next ten cameras repeat
Camera POV Camera gets susbcription request from Security Node. Camera check subscription list (Which only has the Secuity Node commcode) Camera allows active subscription Camera receives download command Camera transmits download Camera gets unsubscription request Camera unsubscribes repeat
Since most devices are response 3, it's pretty easy to set up a very quickly expanding tree with redundancy to effectively get a large aggregated data feed from a large set of devices. Consider the effect of having each camera subscribe and share data with at least one other camera. |
This was how I used to think all this worked, but the limitation in SR4 only mention Personas. Backbone matrix machines are and should be worlds more powerful than your commlink.
By holding non-Personas to the Sysx2 rule you'd have to have tons of nodes just to manage 50 cameras since a regular SecTerm is rated 5, you'd have to have 6 nodes of 9 cameras each (at the Sysx2 you lose the Response point) and then have those 6 subscribed to a larger node. If you have 100 cameras, you have 12 nodes just for camera management, and 2 security nodes to manage those. As you can see, it get very messy quickly.
In my current line of reasoning, you could subscribe all 100 to one SecTerm.
Given the wording in SR4 about Subscription Lists and the limitations to Personas, I belive they are implicitly excluding non-Personas from these limitations.
mdynna
May 12 2006, 10:32 PM
On the other hand, if the Sysx2 rule applied to everything and you wanted to Hack that security system you would have to muddle your way through dozens of nodes with similar features. Let's call them "sub-processors." Oh, and the central hub node can be called the "CPU", and nodes that just store and sort data can be called "datastores", and nodes that control things will be "Slave Nodes" and nodes that connect the whole network to the outside world will be "SANs." Then we'll create a horrendously complex system of only being able to get to some nodes from certain other nodes. Every system will have to have a stupid little map showing you which nodes are connected to which and the Decker (oops Hacker) will have to move throw this little "node maze." Hacking will take hours and everyone else on the team will get bored and quit, or ban Hackers altogether.
Wait, has this idea been done alreay? SR2 anyone?
[/heavy sarcasm off]
GrinderTheTroll
May 12 2006, 10:43 PM
Haha. Nicely done.
Kanada Ten
May 12 2006, 10:47 PM
Even an unlimited subscriber list doesn't prevent a security set up such as that. It just doesn't make it a requirement.
mfb
May 12 2006, 11:10 PM
what about allowing all devices of a single type to be treated as a single device? keyword being devices, ie not drones or commlinks. basically, if you've got 500 cameras, your commlink treats them as a single device with 500 inputs.
hobgoblin
May 13 2006, 12:38 AM
about the subscription thing:
cameras and other devices that do not have their own matrix icon i would say is background noice, but you cant connect to them in-directly. they have to be within range of the comlink or node they are subscribed to. and it does not help if the comlink have a range of 400km+ if the device have a range of 3 meters
about the response reduction:
my take is that its only an effective response that only affect the personas initiative, not the system rating. this avoids the spiral of death and explains why a mainframe node can have any number of active agents and programs (its not supporting a persona).
allso, a reduction of effective response will not affect a agents internal response even tho its based on he node its running on. allso, in no way do the programs loaded into a agent count as seperate programs for the calculations of effective response. from the view of the system(os) its just one gigantic prosess.
these are all my personal interpetations of the rules...
Edward
May 13 2006, 05:21 AM
Assuming you allow a lot of IC to run on a single note, solve the subscription and programs running problems there is still one problem.
Hacking is still easy. Success is more likely than failure when hacking a single node (if your careful) and security hackers and designers know this. In the world of SR security personnel should be paranoid to a level exceeded only buy the runners themselves and suffers of some mental illnesses.
Given the technology available and the skill of hackers the most effective defense (and providing the best value for money) is a multi level architecture that holds all secure data behind a series of ic laden chokepoints.
We have a choice between running the security designers as idiots, having longwinded hacking, or braking the rules as written to have higher rating corporate hosts.
Edward
Backgammon
May 14 2006, 05:01 AM
Ok, here is the text from the relevant sections:
QUOTE |
Response is the device’s processing power, or how quickly it reacts to input and processes commands and information. [...] Response may be aff ected if you run too many programs. For every x number of programs you have actively running, where x = System rating, your Response is reduced by 1.
|
(bold mine)
There is no doubt that nodes suffer from Response loss, it's NOT a Personna thing. Corporate terminals have to be careful how many programs they run.
QUOTE |
If you wish for your agent to operate in the Matrix independently, you must load it on a particular node separate from your persona. The agent will continue to operate in the Matrix even if your persona goes offline. In this case, the agent doesn’t count toward your persona’s active program limits like running programs do, but it does count as a subscriber toward your subscription limit (see p. 212).
|
Ok, I just noticed something: nowhere does it say the Agent becomes loaded on the node you dump it on. It simply states you don't run it anymore. So technically, this solves the DoS attack problem, as dumping Agents on a Node does NOT affect the number of programs it's running.
Kremlin KOA
May 14 2006, 05:03 AM
it also solves the DDos by noting that the agent is still a subscriber
mdynna
May 15 2006, 04:17 PM
Don't get me wrong: I'm not saying that mutli-host, tiered architecture doesn't exist. I ceratinly think it does. However, I think there should be a reasonable limit. The SR2 system of node-hopping made a great board game and if everyone was playing it would probably be fun. However, everyone else was sitting and watching, so it wasn't fun.
A very low budget corp or your average household probably only has 1 node.
A average sized corp's system probably has 2-3 nodes: a "public" host with unimportant information, a Security controller host (that serves as a chokepoint), and a "secure" host/datastore.
Larger corps, I think, would follow this same kind of structure but might sub-divide things further. For example, each department might have its own 3 node "cluster." However, if you find your systems growing to the 10+ node level it might be time to scale things back as this would take an exceedingly long time to Hack.
Also remember that systems should be much more accessible once you are inside the building. The added danger of the physical intrusion is an effective game balance for reducing the Matrix security. Besides, I think when the writers of SR4 came up with the AR idea, this is what they had in mind: more Hackers coming along with the team.
GrinderTheTroll
May 15 2006, 04:42 PM
QUOTE (Backgammon) |
Ok, here is the text from the relevant sections:
QUOTE | Response is the device’s processing power, or how quickly it reacts to input and processes commands and information. [...] Response may be aff ected if you run too many programs. For every x number of programs you have actively running, where x = System rating, your Response is reduced by 1.
|
(bold mine)
There is no doubt that nodes suffer from Response loss, it's NOT a Personna thing. Corporate terminals have to be careful how many programs they run.
QUOTE | If you wish for your agent to operate in the Matrix independently, you must load it on a particular node separate from your persona. The agent will continue to operate in the Matrix even if your persona goes offline. In this case, the agent doesn’t count toward your persona’s active program limits like running programs do, but it does count as a subscriber toward your subscription limit (see p. 212).
|
Ok, I just noticed something: nowhere does it say the Agent becomes loaded on the node you dump it on. It simply states you don't run it anymore. So technically, this solves the DoS attack problem, as dumping Agents on a Node does NOT affect the number of programs it's running.
|
After doing some reading this weekend notice at end of the Agent sections (SR4.212?) it talks about nodes running IC/Agents, then at the very end says something like "Nodes must be careful not to overload themselves by running too much IC, etc."
Although it does mention that Personas no longer have to count the Agent as part of their running program count, it does mention that Nodes be mindful of how many IC they are running. You could imply, albeit loosely, that since the Agent uses the Reponse rating of a Node its on, the Node would technically be "running" the Agent and count it against it's program total.
I real terms, the Node now has a virus and it wants to be ride of it since it's eating it resources (Reponse).
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.