I think this would require exploit instead of spoof. On some level it's hard to spoof myself.

Now, once you get what you need from the commlink, spoofing anyone else's while acting as Sugar Lips Commlink would be easy enough.

In the age of nigh infinite memory capacity and ubiquitous wireless, it's really much better to think of the commlink containing access codes to content rather then the content itself. Most of the time. The current parallel is that I do not need very much memory on my current Internet interface device in order to access anything of huge data size on the Internet, whether I use my phone, or my laptop, or my kickass video gaming machine, they can all access Dumpshock Boards, which contains vast amounts of data that obviously wouldn't fit on my phone. Yet it's still accessible through all these devices as long as I have the account codes. Not a big deal in this case, though interestingly this does bring back the possibility of Spoof working, though only once you've done the Exploit for the original access.

I do like that interpretation. For example, once the hacker knew which Matrix Service Provider was used, he could contact them, pretending to be me, and check my email - without having to hack my commlink. And, the important piece, here, is that he might need to exploit his way onto the commlink once to get that data - but it COULD be done some other way (social engineering, maybe a data-search for average people, etc).

Working on my rolls/responses. Incoming shortly.

Okay, waiting on one question I sent to adamu before proceeding, but here's a partial response, while we're waiting:

Just a couple of things... (sorry for being a stinker about the hacking rules, but since you're hacking me, I'm not THAT sorry - I'm sure you understand)

1. Encryption. You *technically* need to break encryption *before* attempting to exploit the system. It is a minor nitpick (because Smith hasn't had time, since he reset his system, to set up a difficult threshold on his encryption - assuming we're even using that rule from Unwired). I'm willing to hand-wave the whole thing - because a sprite with decrypt 6 can get past by rating 5 encryption in a second or two. For the sake of speeding up this process, I am willing to concede encryption, and just say you spent your first initiative pass calling up the sprite, and then having it break encryption while you threaded exploit and made your first attempt (which, it seems, would have been a more efficient way to go about it anyway).

2. You seem to be threading a lot of programs - that or letting them go after using them. In either case, each one imposes a -2 penalty to all tests, which I'm not seeing. Another reason to call the sprite first. There *could* be some FAQ or errata that says you don't take that penalty on the test for using the program you threaded (I've thought about this before, because otherwise you'd need to thread at least a rating 3 program to improve your dice pool at all) - but looking at my BBB, it doesn't look like it. It doesn't apply for resisting fading, but definitely applies for matrix tests. So, my assumption with that is that your stealth is a 6 (looks like it, from your comment below), you're no longer threading track (no reason to), and that you might lose one hit on that hacking roll, due to your -2 penalty. It doesn't matter, though, because my firewall is a 6, and that would still leave you with 7 hits. Except for...



3. Basic access would not (automatically) be sufficient to access the files of the admin user (It could still be done, but would require hacking for every action - potentially every file - it is all very vague). Previously, you assumed (rightly) that Smith is admin of his own commlink - so I'll point out that, because of that assumption, logging in as a basic user wouldn't give you access to anything interesting at all (because there are no other basic users on this system, so no data that you would automatically have access to). In fact, to make a backup of the entire machine, you would probably need security-level at least (since that is generally as security or system-administrator task)... but since the ultimate goal seems to be to get at Smith's data, you'll need to match his access - or use hacking for every action, following the very abstract rules in Unwired and the BBB - with potentially more chances to get caught.

However, I understand that there might be ulterior motives at work (I played one hacker before who always hacking in at basic level first) - so, I'll leave it at that. If you want in with basic access, your hits are probably sufficient - but, if you were hoping to have you or a sprite data-search the place, and find what you are looking for, you'll have to go for admin access, so you would be 7 (or out of 12 - and not quite in yet.

I know I've got some rolls to make, but I had to check on something first. It should be quick once that is resolved, though.

Actually, after posting, I bothered to look up the encryption rules. THey're not as pointless as I thought ,but still overcomable easily.

Instead of taking a second or two, it would take 6-12 seconds for your sprite to throw 12 dice against a threshold of 10.

Much less trivial, except that it is impossible for me to be tipped off to anything going on until after you've decrypt it - and a pause of a few seconds in our conversation isn't unreasonable. You might want to take some of that time (since you can't attempt to hack in until it has happened, and you have several passes there) to keep talking to Smith and keep him on the line (he has passes too).

Assuming you ask even one question, and he answers, though - I think this will become a non-issue.

no worries


Thanks, I'll also deduct 1 task from the sprite tasks owed



I have stopped holding onto the stealth threading from before, and I am not sustaining and of the other programs I threaded, and thus do not receive the penalty. The exception of course was sustaining the threaded track long enough to make the extended test, and now it looks like I will be sustaining the exploit long enough to make the extended tests, but my understanding is that the penalty for sustaining a threaded CF does not apply to use of that CF.
From the Official FAQ

So with nothing sustained, no penalties.


I am just probing the place first and seeing what is available. I abandoned my plan of making and copying a back up. If I need to hack higher levels, then I will.

Looks good, then. I thought I had read something like that quote from the FAQ.

1. Sorry this has taken so long. You have left me with a lot to deal with.

2. The first time I read BH's last IC post, I somehow missed where he gave Error the commcodes for the three people he is supposed to contact. Wondering if DV also missed that detail??? If not, and you have other reasons for spoofing/hacking Smith, 'nuff said - I will butt out.

3. The hack so far is fairly straightforward. Error does get Basic access, and is not noticed (yes, I am tardy enough, so I rolled that for BH after some PMs - however, from now on we will let all players make their own rolls in all PVP situations).

4. DV - you have two successes on your analyze. That gives you two specific questions about the node you are in. To give you any info, I need two things:
(A) From DV, the exact questions - the "see if I can spot any IC, agents, sprites or other aggressive security features" is four questions, the last of which is too vague.
(B) From BH - dude, I have a print-out of your comm set-up (i.e. active programs etc.), but it is from August 2006! And it does not jive with some things you have been saying about your comm. You may have sent me something more recent, but I can't locate it. Could you shoot me a PM with details of your current commlink configuration?

5. There was a question about using the Encryption rules from Unwired. Only Dramatic Encryption is optional, and that's basically a GM tool. All others are RAW, including Strong Encryption. So we are using them - BUT - I have a lot of questions about the Strong Encrytion rule - says in the fluff it takes extra processing power, but then the rule says it just takes time to set up - so can anyone run their R1 Encryption program, do a 24-hour set-up, and then forever after the threshhold to Decrypt is 24 hours? That's how I read the RAW, but it looks like a pretty sloppily written rule to me....

6. The spoof question:
My criteria - first, what makes the game fun. Second, RAW. Third, fancy comparisons to real world computer stuff.
No final answer from me yet - but I have some questions for anyone that cares to weigh in.

--Any response to the point that if you can just spoof a command on a commlink, there is no point to ever doing any actual hacking? There are some hints in the Advanced Spoofing section of Unwired...for instance, I am inclined to say that the order to download EVERYTHING would be invalid. It is probably not a valid command on the commlink node itself; rather, it is the kind of command requiring a Pilot to interpret and carry out. Especially if the owner was smart enough to put in a basic safeguard like that - and since few players are going to take the time to write out and PM me with so much detail, there is a point at which I assume most commlinks come with such fundamental safeguards against particularly devastating commands. So my inclination would be to say that one spoofed command is good for one type of file to be downloaded - maybe empty the access code file, or the subscription list, or the storage memory (and maybe not all of that). This interpretation seems very much in line with the discussion on pp. 98-99.

--On one hand, I tend to agree with DV that it is the Persona that commands the device. That is straight RAW from BBB 224. I don't see the problem, in principle with directly spoofing a command to a commlink - I don't see where it says anything about the command coming from a discrete external device. It comes from whoever has a persona with the right access code, via whatever access device/medium they may be using. I am discussing this cuz I know I may have missed something, so please for all these questions anyone feel very free to educate me.

--On the other hand, also using the basic rules of BBB 224, the test to spoof command is vs. Pilot + Firewall. Now, a basic commlink node generally doesn't have a Pilot - that much is clear to me from the discussion on BBB 213-214. So does this just make spoofing a commlink node twice as easy (maybe with the limited returns discussed above that you are commanding a very stupid machine?)? Or is it a strong implication that the rules mean what they say about the targets of Spoof Command: Agent or Drone on BBB 224; agents, drones, sprites on BBB 227; drones, agents, sprites...electronic devices, and slaved nodes on U 98? Could the Pilot + Firewall test imply that a node must have a Pilot to receive the Spoofed Command?

--Am I missing something, or is it, like, hella easy to get someone's access ID? Matrix Perception? GM sets threshhold from a chart that goes up to 4? But then it says your Access Code is just your Commcode?

That is enough on this topic for now - I remain open to input, since this seems like a question that is important, and as usual, even with Unwired the rules remain hopelessly unclear (though a hell of a lot better than before).

I will continue studying Unwired - I understand it as I read it, but the moment I close the book, I have forgotten what it said - unlike guns and cars and magic, the rules don't stick in my head because there is nothing in my personal reality for them to overlay onto.

So also, thanks everyone for continuing to clearly map out what you are doing with your matrix actions so I can follow along clearly.

I don't mind. As he said, with 11 dice, my success was unlikely. As far as him not being noticed. He isn't noticed by the system on entry - but as soon as he logs in and looks around, wouldn't Smith (who is active and online) and his agent (who is also set up for analyze) get a roll to spot the icon?

Sure, I'll dig up the psot a few pages back (when I first met DV online) that has my new program loadout. Was there anything besides that, that you were curious about? If I've said something that isn't written down anywhere, and I never declared it, I am okay with going with what you have, instead.

As I understand it, you have to redo the strong encryption every time you encrypt something. So, if DV and Smith were having a conversation - and decided to encrypt their connection to one another - they would have to spend 24 hours preparing to make the threshold for eavesdropping a 24. One COULD encrypt their node with strong encryption - but I would probably rule that whenever you turn the commlink off and on again (a good way to get a new access id, kill your data-trail, and dump any agents sneaking about on board) you'd have to reencrypt the node. For that reason, since Smith did reboot his comm, I'm going with the assumption that his encryption is not strong.

So, waiting on those two things (Does Smith and his Agent get a matrix perception test? and which other things Adamu needs to know about the commlink). I'll go digup a quote to that program loadout.

Also, I keep forgetting about the FAQ, but I had to look that up the last time I got hacked by a teammate (Probably the August 2006 where your notes are from ). So, all those programs are running at rating 4, rather than 5. I have room for one more rating 4 program, but didn't say what it was, so for now, its wasted space.

Also, let me know if this is an issue. I didn't really think of it this way, but if DV thinks he *needs* to hack in to get at their contact info, that's probably not the case.

IMHO, Hackers rarely need a *reason* to hack someone's commlink, so much as an *excuse* to.

Unless I missed something, a commcode alone is not enough to track a person to their physical location. I suppose you could send a message and then track the message, but I don't think there is anything in RAW about doing that. However Blackhat could very well have records of their faces, addresses, recorded video... or at least enough data for a Sleuth Sprite to use the Traceroute power.

No, a commcode isn't enough to track someone's position.
Smith could *potentially* (not saying that he does, or doesn't) have data like faces, recordings, addresses, etc in his commlink, but none of that would let you run a track program on them either.
A commcode is, however, enough to call them on the phone.
And, not that I am endorsing that sort of behavior, but once such a connection is made, I believe THAT is enough to begin a trace.

Going into the conversation with more information (faces, addresses, notes from their employer) is a totally valid tactic, though. Other than the risk of biting the hand that feeds you (potentially), more information is generally better.

BlackHat -

First, sorry to make you bring that post forward. It wasn't exactly ancient history buried in the depths of the thread!

Just to confirm, from running your numbers it appears that all your active programs are being run both as resident programs and actively run by the agent. Fine.

The rules are not horribly clear about exactly HOW users and IC (which I am treating your agent as) spot intruders. FAQ helps some, but not very cut and dry.

Since it is PVP I hesitate to go into much detail. But since the rules are so vague, and there is no criteria I am using that both your characters wouldn't know about:

As noted, your agent is an IC, and I use the parameters in the FAQ - i.e. I adjudicate it as if it was a security guard in the node.
Based on that, you have a very small node, with not a lot else for your IC to do.
Thus, it will probably look for an active icon to match up with any functions that are performed actively against/on your commlink (that would usually not include just Analyzing/looking around, but it would definitely include compiling a sprite). Your resident Analyze program can help with this (I am pretty sure I read that idea in a discussion of matrix security - and if that is wrong I will freak, cuz a lone Analyze program resident on a node isn't going to find squat - but I am ready to be corrected).
As for you yourself - one could call you a security hacker, but since you have not indicated particular vigilance, that would be a stretch. With the intruder using Stealth 6, you would at best have a chance to accidentally notice another icon in your node.
That said, U 52 tells me (how much does it still suck that I have to sift through this damned book for freaking CLUES as to how to run things???) that once someone gets user access - what Error has now - they get a slot on the subscription list. I have a hard time seeing how that can go unnoticed on a commlink that as a rule only ever has one user....Hacking in automatically handles Authentication protocols, but that is in a different section from this thing on account privileges - is that also automatically covered?
And yes, to respond to an earlier point, and the rules on "simple devices" support this, on this node there is ONLY admin access - so being on as a user gets Error in, but without access to anything without further hacking.

So these are the points of my reasoning. I am going to make rolls for anything that doesn't have Edge to speed things up.
Earlier in my ruling on the Hack, I skipped the decrypt step. Edge didn't come into question - the sprite rolls four successes on 12 dice, so that's the decrypt in three seconds.

Now I am going to give the IC a chance to detect the intrusion at the point of the sprite compilation and the decrypt action. Correct me if I am wrong - anywhere in this mess correct me if I am wrong - but I think an effectively R4-rated Agent + its Analyze + Resident Analyze = 12 dice vs. the hacking + stealth of the target.

There - okay, DV, I know how many successes the IC got on each test - let me know how many you get for yourself on the compilation, and for the Sprite on the Decrypt.

BlackHat - you have a chance on Intuition + Logic to accidentally notice something is up with your commlink (IC busy but not yet saying anything, hiccup in conversation with Error, subscription slot occupied, whatever).
I know the threshhold - let me know what you get.

Once again, if I have made any anti-RAW errors or misinterpretations, someone shout out. Or if I am just overlooking the magical part of the rules where they actually make any of this stuff clear.

And if anything I have said lies in a non-RAW-covered gray area, then power to me, the GM. Comment if you like, but my rule-of-thumb is, GM should treat matrix just like an alternate meat world and use common-sense adjudication.

oops - lotsa cross posts - gimme a minute to catch up....

Okay - never mind - last posts did not require my attention.

(Glad you guys (A) know the rules pretty well, and (B) usually come to reasonable agreements on your own.)

With the Sprite's traceroute power, all I need is "a small hoard of data" and the sprite can find their physical location. But yes, a phonecall could be traced.

For the perception roll, I will ask if there are any IC, and are there any agents.

Also, the sprite was compiled BEFORE entering the node. Originally I put it as being compiled once I was inside, but then me and balckhad discussed the node being decrypted, and we decided to simplfy things by saying I compiled it before, and had it use a task to decrypt the node.
Thus since it wasn't compiled in the node, I the IC wouldn't spot the compiling. But I will give you a few stealth tests anyways, just to save time. give me a sec as I edit them in.
EDIT: Oh, I really don't like the logic+intuition to notice something is up. That really makes no sense to me. As for a hacker taking up a subscription slot, I think it would be hidden at least, so the only way to discover you were missing a slot would be if you tried to suscribe to something, and found you couldn't.
Also, Blackhat is in the middle of composing a letter to me. I believe only 6 or 7 seconds have past since he sent the first message, and still has a few more to go. I find it hard to beleive that while he is busy dictating the terms of his test he will notice anything. Also, it is a HUGE blow to hacking if anyone can notice something off with a simple logic+intuition. Whats the point of Stealth, or analyze?

Oh, and a quick question. Can I buy hits when resisting fading?

Actually, he already composed a letter. He's waiting for your reply.

The sprite, since it WASN'T compiled in this node, will need to take an action (from you, to order it, and it, to obey) to log in - but can use your exploit/username I believe.

Ruels for the access log are on unwired pg.65 - and explicitly call out that log-on and log-off actions are recorded (only with the date/time, not with the user doing them - but it could be strange that any user logged on while I was on). It also specifically states that Spiders and agents routinely use the access log as part of thier job. It points out that hackers usually go out of their way to find and edit that file (using data-search and edit, respectively) and that unless this is done, there will be evidence of the incursion (but no information as who accomplished it or what they did).

it also says the access log can be encrypted - so I think it would be safe to say that a node running encryption should have done so.

So, I think the Intuition + Logic thing makes sense for getting some gut feeling that something is up (or noticing things taking longer on the system, and basically getting the idea to go check the log. If Error is busy logging his sprite on behind him, threading more programs, decrypting the access log, etc - that all might buy Smith enough time to look there and see that something is going on, without having to actually spot the intruder doing it.

He won't necesasrily *know* it was Error, or what Error was doing - but he could take actions to stop it.

I am kind of thinking about it like when my laptop gets slow, and I press Ctrl+Alt+Del to bring up the task-manager to see what's running, and which programs are eating up a ton of memory. If I notice something out of the ordinary running, or some program eating ungodly amounts of memory, I can kill it. I might not have noticed the worm/virus/buggy software/whatever being installed, but I can get a feeling that my computer isn't behaving the usual way and check and see a record of what is abnormal.

My understanding from your last IC was that you sent three separate messages. ERROR started hacking as soon as you sent the first message. I don't think 7 seconds is long enough for have composed and sent the other two messages, so it seems to me you must still be typing.
But anyways, once I know whether the agent spotted me I can get on to the next round of actions.

A good compromise could be that the Intuition+Logic roll can give the inkling, but that all that does is allow a matrix perception test (which I still think every icon on the node should be getting, anyway)... and if THAT doesn't beat your stealth, then its assumed your programs did a good job of cleaning up the evidence.

The point is, Adam is logged onto his node. He has an icon on there, and it should get a chance to notice every other icon on the system (that is how you see in the matrix). If he sees something new enter his node - he'll STOP typing his message, and react to that. I just didn't anticipate that you would do this, so I finished my post to move things along. I'm not above editing it if something interrupts my actions.

Also, this would all be taking place upon entrance to the node as reactions, though, so threading new programs won't help, immediately - since that would happen the following pass (if the sprite isn't called to this node).

DV -

1. For your two questions, since I am treating his agent as an IC, you can spot it for one question. You have one more question.

2. Noted on the pre-hack compilation. No chance of that being noticed.

3. I see your point about the Logic + Intuition test.
But how do you respond to
(A) the point about him being active on his own tiny node - has he no chance of ever seeing anything is up in there?
(B) the Security Hacker paragraph on BBB 222. Assuming the commlink owner's active presence counts as a watered-down sec hacker, what do "monitor" and "watch for signs of intrusion" mean to you in game terms? How else should this be handled, to equivalate a wary human intelligence, as opposed to a bunch of fixed-dice programs? And if they are the same, why use humans as the ultimate matrix security?
The rules here are vague, so see my comment on just treating the matrix like another meat world. But I remain totally open to alternative answers to the questions above.

On this point, if you can hack Smith's commlink while you chat with Smith, why can't Smith notice it while he chats with you? Seems like you are doing the harder of the two tasks, while distracted to the same degree he is.

As for what's the point of Stealth or Analyze, they both work against the far-more-common IC and Resident programs. And even if a human intelligence senses something is up, he still needs to use Analyze to beat your Stealth to actually spot you.

No, I am afraid by your reasoning, extrapolating things out to a greater extreme, his comm could explode but he would be disallowed to suspect something was up, which is all his Logic + Intuition test gives him.

4. You can buy hits on fade resistance in non-stress situation, for example, before you actually take an action against a target node.

5. You can thread the stealth if you have time and reason (in PVP - with everyone open like this). Your analyze will give you plenty of reason, and since we have been loose on elapsed time, I will say you had the time. Everything until now has been based on your earlier declaration that you were not maintaining the Stealth threading...

BUT NOTE -

6. As of now, the only action taken in the node has been by the sleuth sprite, which cannot thread. Also, I don't believe a sprite gets the full-VR bonus. Again correct me if I am wrong, but if not then I will have to lop two dice off the right-hand end of your dice-string, per my usual way of applying modifiers.

Sorry to all for coming off like a hard-ass on these rules - but PVP requires the strict attention to detail and best attempt at an impartial tone.

As far as Intuition + Logic


Also, I never really thought it would come up like this, but Adam's "Obscure" quality might come into play here once the search for data begins. It also might not. The sprite would be doing a data-search, but since its not necessarily searching for information directly about Adam/Smith (only about what information he keeps on his commlink), it may or may not be penalized. I'll leave it up to you.

Looks like you guys are already discussing my questions in Point 3 above, sort of.

BlackHat - note that it is NOT reasonable to assume your access log would have Encryption over and above your whole-node Encryption, since that is clearly stated in the RAW as requiring a dedicated Encryption program.

Okay - I have BlackHat's roll, along with persuasive arguments, but I will wait for DV's rebuttal on this topic and the others I listed.

Definitely don't want to rush forward without everyone having their say.

Ah, missed that. Well, in the future, that would be a good program to put in that unused program slot - but I agree with you.

I would then ask about sprites.

A) He is in AR, not VR. He basically has a computer screen in front of him, and is writing an email as he walks down the street. He is not watching the entire contents of his computer. Consider all the files on your computer. All the program files, images, docs, etc. You cannot watch the whole thing at one time while writing an email. Also, the whole point of the stealth program is to hide the fact that anything is up. To compare it to a modern computer, if you have a trojan virus running, and you call up the task manager, you are not going to see a program labeled VIRUS!! Instead, you would have to go into the processes tab, and know the exact name of the virus, and then sort it out from the other hundred or so processes that are going on. It is the whole point of the stealth program to make sure that there is not chance of ever just happening to notice something is up. Also, the task manage is an example of an analyze program. It analyzes your system, and tells you want is happening. Just checking what programs is running is what someone with computer skill of 1 or 2 would do, while checking the list of processes is more a computer 3 or 4 thing. It is exactly what a stealth program is designed to hide you from. To call up the task manager would be to make a matrix perception test. Consider that I pick up about 25 tracking cookies a day. They don't slow my down, I would never notice unless I run a spyware scan, which I do, every day. Consider the cyber attack on Estonia a while back. Thousands of people had their laptops or computers infected by bots that were running denial of service attacks on the country entire internet, and the users never knew. Adam is just writing an email. Its not like I am going to accidentally make all the letters dance, or the screen turn red, or even flicker.
B) Next action, I am going to send a spoof command to the agent, telling him to add myself and the sleuth sprite (which is still on the node) to the list of acceptable users. After that, I won't even need to run stealth, because it will accept my presence. A security hacker cannot be fooled in such a manner. He can also check the IC to make sure their lists are not tampered with. The security hacker, mechanically, is no better than IC, except that he can use edge, and may have more IPs with the right technology. But he cannot be reprogramed with a spoof check. Also, an IC cannot do things like hunt for back doors (well, actually maybe) but it certainly couldn't patch any back doors. Also, lets say I hi-jack an IC, and get it to hunt for files from me. All the other IC would not bother it. But a security hacker watching the behavior of the IC would know that it shouldn't be doing that. These are just some examples off the top of my head why humans would still be used in addition to IC. I think the only way that humans are better then IC is in that they cannot be spoofed, can make independent decisions, and have higher die pools (humans can get specialties, spend edge, and lets not even talk about how a TM is better than IC).


I am not chatting with Smith. He is sending me three emails. While he composes those emails, I am hacking. When he finishes the emails, I can compose my own email. I am also in hotsim VR, while he is in AR. This means that my brain is working three times as fast as his. Furthermore, I am deliberately multitasking, where as he has made no mention of deliberately being on the watch for intruders in his commlink. Actually, it is not even mult-tasking, because I am just waiting for him to finish typing, then I will be notified automatically. And he is preoccupied with trying to make sure there are no loop holes in his instructions.


Again, I would say that to notice something was amiss with the non-physical of his commlink, he would need some kind of analyze program. The analyze program represents that kind of awareness. Unless I slow down the speed of his commlink (such as by over-flowing his subcription list), or do something blatant like delete a file (and even then only noticeable if one tried to find the file), crash a program, etc there would simply be no way of knowing without an analyze program. Now, the commlink exploding example would be a matter for his physical senses, because it is hardware, not software. Also, that is an example of an informal logical fallacy. I can't remember which kind though...



No worries about being hard with the rules.
As to the sprite decrypting the node, I thought that was done before exploiting the node, and as such the slueth sprite never entered it, and thus it is still outside and out of reach of the IC.

First off - if I had known this would turn into such a big deal, I'd have called for initiatives and asked for everyone's actions by PM right from the start. My bad. But I didn't and I am not going to start now - we'll suffer through and make it a learning experience for all! Happy day.

DV -

No sprites.

You make a strong argument. So do BlackHat and I. I will have to reread all those arguments again and give it more thought (sign of a horrifically written set of rules). I still do not see an answer for how I am supposed to treat the sec hacker paragraph on BBB 222. Especially in PVP - how shall we determine if Smith carried out one of these specific "check the logs" actions?
I simply have a hard time ruling that there is NO way a human user will ever notice extraneous signs of something fishy with their computer. And while I find your RL examples quite convincing about how vast and complex the workings of even a simple laptop are, the analogy only applies to SR to a certain point - it remains a game, and it remains tech that is way way beyond RL.
So I will think, and if people want to toss in their further opinions, fine. At some point hopefully soon I will rule, and that will be the end of it, at least as regards this scene.

I do not think my example is poor logic, given that I conceded from the start that I was extrapolating to an extreme.

As for the sprite -
Hmmm - first a quick recap of some rules I THINK I understand, and then a cut-and-dry question for all you rules experts:
You RUN your Persona on YOUR comm/node, but when you access another node, your Persona goes there to do things. The processing is on your node, so your Persona going to the target node does not affect its processing power.
I think I am right about that.
My question is, where does a sprite run? Who is providing the processing power? Compiler's node?

That recap done with so my head can get straight, the main question I have is this:
Can you decrypt a node that your Persona is not in? Especially if it hasn't even been Exploited yet?
Signal encryption, sure. Or steal a file, take it home, Decrypt there.
But an encrypted node, without going there?
Seems impossible to do that without getting in there first.
Am I wrong? Would appreciate a rules reference from someone here, as this topology stuff is the hardest part of all this for me.

Obviously this question must be answered before we can get any idea of what the IC may or may not be able to do prior to the upcoming spoof attempt.

The question is, what about the node is encrypted. When I read about a node being encrypted, I always too that to me that all data pertaining to the node (including the code for the firewall) was encrypted. As such, one could not even begin to exploit until the encryption was cracked. I mean, to find a weakness in a firewall you need its sourcecode. If the code is encrypted, no hacking is possible.

As for


I would say that unless the person takes an action to run an analyze program, has the analyze program set to passively sweep, or is running an I see, then I really don't see how one could. Unless the intruder starting crashing programs, locking users out of their accounts, serious hi-jacking of IC, deleting large chunks of data, or started tying up all the bandwidth downloading massive amounts data, or something equivalent.

Yes, for encrypted nodes, I believe the rules say that you have to decrypt before you can access - which implies that this is possible. Maybe you send a message (like a ping) to the system, and get back a garbled response, and have to try a number of things and compare the responses to tease out which algorithms are being used, and then work backwards to decrypt it.

The idea that anyone could decrypt something that is encrypted in any reasonable amount of time is already so far removed from reality that drawing inferences as to why the rules work the way they do is already impossible. But I think we handled it right.

As for the sprites, I think they count, like agents, against the node they are on. I BELIEVE their also subject to its response value - but for sprites that might be different (Since they are magical). I'm not as familiar with the TM rules as the hacker rules, but I remember there being some "Agent Smith" trick in the rules where you log a ton of agents onto someone elses machine slowing it to a crawl - your programs (like stealth) arn't affected, so you can hack just fine, but the other guys defenses are shot. I'm not sure if the same thing works with sprites, but I think it might.

Regarding DVs point - I do agree that there probably should be some difference between a security hacker being paid to be vigilant and a user just going about their business in a node. Whether that is just that one of them is using an analyze program, and the other is not - or whether it actually takes a complex action every IP to even get a chance to roll to see if you notice something is a different matter.

Okay - slow but sure progress.

Still no answer on where a sprite "runs", but that does not matter for now since you guys agree convincingly that the sleuth sprite did not have to be Smith's node to Decrypt.

That means no further actions have yet taken place that would give the IC a reason to Analyze for an invading icon. And since Error is the only persona intruding, his previous stealth rolls will stand, including the VR bonus.

Looks like there is SOME agreement between you two on the "Smith as sec hacker" question. All please note that the threshhold I set for Smith's roll already factored for
(A) the fact that he actually is not really a sec hacker, merely something akin to the concept as an active and reasonably vigilant user on a relatively small node, and
(B) the general unlikelihood of anything being noticed anyway.

So with those points already factored in, it simply becomes the basic question of whether a human user can EVER notice things awry with their computer simply as they go about their business as a user.
DV's points about "yes, but only if these extreme things happen" is basically a concession to my earlier point about the comm blowing up. If you concede that, along the spectrum of possibility, there is a chance of something happening way down on one end of the spectrum, then it must be conceded that more towards the middle there is also a chance, albeit an increasingly infinitesimal one (as reflected in threshholds that are crazy-high...but those are the threshholds the badass shadowrunners occasionally go for...that's what makes them shadowrunners).

At this point, my inclination would be to stick with the idea that it is POSSIBLE to notice, but upon consideration of DV's arguments, jack the threshhold even higher for this particular (not really a sec hacker) case. But, now that BH has made his roll, changing the threshhold seems unfair.
I will consider further, and if no further light is shed, I will simply roll a die for in whose favor this imperfect decision is made.

If the threshold was to go up now, I wouldn't think that was unfair. You are still in the middle of figuring out how you want to handle it (since the rules are always unclear) and I didn't know what the threshold was when I rolled, and there isn't anything I can do to get more hits, if I *had* known how hard it would become.

The only thing I would have preferred, is that if the threshold was going to be so high as to make rolling pointless, I would rather not waste a point of edge on something I can't actually succeed at - but there is no rule saying the PC needs to be warned if he's wasting his resources. A threshold of 4 is considered "Extreme" difficulty (according to BBB pg.56 - which is just there for rules of thumb like this), so I think 6 is pretty good. If I *had* known that the number you were looking for was something in the 8+ range, I don't think I would have bothered to roll (and saved my edge for something important). Any time you have to get more hits than you have dice - Edge isn't going to save you.

I didn't REALLY expect to get lucky and spot the intruder before he had done anything, but I figured it was worth a shot, if I got one. Having IC and people online, theoretically makes security better - but not if they can't see the intruder. But, if there isn't anything I can do, at all, to even have a chance to roll, to see if I could notice what is taking place, then feel free to move along without me. Its mostly academic to resort to asking for DV to roll for things, if that is the case, as I have no chance to detect it, much less do anything about it. He can try, over and over again, until he succeeds.

It sounds like the whole effort is pretty much a waste of Error's time, anyway (if he's looking for info on the group, or anything about Smith), so we might as well get through it quickly so the story can get back on track. Best case scenario, Error gets the names and numbers for a bunch of Smith's contacts - and probably some notes about the current job. Worse case scenario, he ever mentions that he got them, and gets booted, unceremoniously, from the team for being a douchebag.

Wake me up when the next 6 seconds have passed, and we can either finish this conversation, or Smith can start to worry because Error's not responding.

Okay BH - all very sporting of you.
The special case here is that this is not only PVP, but being handled totally in the open so we can all figure these things out.

So I will tell you exactly what is up.
The initial threshhold was 5, which is beyond extreme, mostly to reflect that you are not, in fact, an alert sec hacker.
DV's arguments convinced me the chance was even smaller, so I was inclined to jack the threshhold to 7, which is crazy hard (or at least, represents crazy hard in the game mechanic as designed).
So I will do that, which means you notice nothing.
But in the spirit of all this "out in the open business," I will let you take your Edge point back.

So, to sum up, Error's sprite decrypts you overall node.
Error slips in undetected, and takes a look around.
He sees your IC sniffing at him.

I already have the first three stealth rolls for the next times Error attempts any actions under the IC's nose.

I think that brings resolution up to date, though I still have many rules questions....

This is probably a good idea - as we'll be making a lot more use of the hacking rules now that our hacker is a PC again. I don't mind if things get rolled out (although I think you'll be doing the majority of rolling on my end), I just thought that if it was really really unlikely that anyone will notice, we could speed things up to get other people brought back into the action.

Of course, if we don't iron a few things out, now, it'll just slow down against next time. So, I see your point.

As far as the edge, since I *did* say I probably wouldn't have used it if the threshhold was crazy high - I'll stick with that, even if it means losing my one chance to notice what's going on. If something comes up down the road where I either have more dice, or the threshold is lower, I might re-use it, I suppose.

Ok. I am going to spoof a command to his agent, telling it to add my Access ID to its list of allowed users.
In practicle terms, this means that even if it spots me through the stealth, the IC won't notify anyone, set of any alerts, or attack.



Second action IP, I am going to spoof a command telling the IC to copy all data to my commlink. Now, I do not have admin privledges. However, I am sure that the Agent is allowed to tinker with the files on the commlink. It would have to if it was ever to run a search program, for example. I am sure that in a professional setting (i.e. corporate security) an IC would not have such rights, but I am guessing on a 1 agent comm like this, there is multitasking, and hence higher-than-safe levels of privileges given to agents. Also, since I am not telling it to find any specific files, but rather a massive copy/paste of all files it has access to, I am pretty sure the agent would not need to have the browse program loaded.