Help - Search - Members - Calendar
Full Version: Thoughts on the Hacker issue
Dumpshock Forums > Discussion > Shadowrun
Spike
Recent debates about the comparative costs of hackers gear vs. technomancer complex forms had me thinking about the low buy in for hackers and what it means. Since everyone can get the skills and the gear is reasonably priced (heck, I've seen published adventures that paid more than it takes to get a custom deck at 6/6/6/6 and all the programs to go with it...)... it means every player can become reasonably good, even great, at hacking making the dedicated hacker a thing of the past.


Or does it? The text of the Matrix chapter repeats over and over again that this stuff, this hardware these programs... these are all cutting edge. Todays 6/6/6/6 commlink is a crappy 1/1/1/1 next year. Maybe not that bad, but if we could compair the hardest, most fantastic systems on the market in 2006 against the christmas toys handed out to young corp punks... well, we'd be crying into our alienware or what have you.

I should state that unlike cyberware and guns, say, SOTA is something that NEEDS to be measured. Unlike computer gear, which is rated against other computer gear, guns and cyberware (and cars...) are rateable against fixed numbers. A human's maximum potential doesn't change nearly as fast as processing power, thus max plus one half (like so much cyber...) is a fixed constant as well. The upgrades wouldn't be in performance necessarily. Guns are limited by gas-expansion rates, material science advances and so forth, constants we can still measure in game in many ways.

But back to our SOTA and hacking. Exploit particularly, among software, seems to need upgrading with some frequency. Consider today, where popular systems get hacked by exploits all the time, then there is a patch and the hackers start looking for the next exploit in a never ending cycle. But the same can be true of any of the software, opposed or not. Google is the top dog in search engines right now, but five years ago who had heard of it? Google keeps that top dog status by upgrading behind the scenes every chance they get.

It strikes me that a dedicated hacker should be keeping up with the current run of SOTA software and hardware, something less dedicated character types can't, or won't afford to do.

Thus we come to rules. Unlike some folks here, I don't want to write over the whole matrix chapter, nor do I want complex page long lists of how to track stuff. I want players to be able to Grok the houserule fast and easy, and I don't want to have to look up stuff every time I need to use it.

Instinct tells me that every time a player glitches using either hardware or software for something that it looses a point of rating. It is damn fast, and damn easy. Software sees more rolls than hardware, so it will degrade faster. Can't upgrade the stuff, have to buy all new stuff, that's just how it works.

On the other hand, that's almost too simple, too fast. Maybe make it a critical glitch? But the dice pools are big enough that won't happen very often. Besides, it still doesn't really address the fact that I can't find any real times to roll hardware enough to make a difference. So...

Programs degrade like so:

Hacking programs degrade at a rate of 10-Rating in glitches, with every run counting as one glitch. So even on a perfectly rolled series of runs, exploit needs to be replaced ever 4 runs to keep it at rating 6.

Regular Programs degrade at 2(10-rating) in glitches, without counting runs as glitches.

Hardware: Signal doesn't degrade, it's measured in real measurements.
Firewall has to be upgraded at a rate of 10-rating in... times Exploit has to be upgraded. So, running weaker software on average will extend the lifespan of your Firewall. Not sure if I like it yet.

System and Response lose rating at the 10-rating as everything else, where the iteration is... Every Fourth Program upgraded to six (or repurchaced up to six), as we can suggest these newer programs are larger and more unweildy on older machines, making it an interesting way to measure system degradation. So, as long as you keep running older software your hardware and OS are perfectly fine, but your SOTA software needs a SOTA system to run it.


Not nearly as clean and neat as I'd envisioned it. I'm not the computer head some folks are around here, but I am a rules monkey. Tell me whatcha think. Can it be tightened up? Improved? Should I put the book down now and back away slowly?
RunnerPaul
SGM 1.1 has some very clean rules for handling SotA.
Spike
QUOTE (RunnerPaul)
SGM 1.1 has some very clean rules for handling SotA.

A forty page PDF is hardly 'clean' rules. I do believe that is longer than the actual matrix chapter in the main book. indifferent.gif

I want something I can explain to players in less than five minutes and use at the table without referring to a cheat sheet....

Besides, I'm still butting heads with Sertior and FrankTrollman over the current matrix rules in another thread. We seem to be viewing the troubles from very opposite perspectives. I want to use the rules as easily as possible without offending players or cutting out half my book, they want them to reflect their computer wizbangery...

Eight or nine years ago I would have been right along side them, and the guys posting eighty calibers of ammo and more. Now I just don't have the time for that sort of thing. Fast, easy, and mostly by the book is how I want it. If I can toss in a rough guideline to fill a hole, I'm all for it... but thats it. Spackle, not 'replace whole wall'...
ShadowDragon8685
And they uniformly suck.

Sure, it's realistic. It's also realistic that no matter what precautions the 'runners take, the corps will use a CSI team to find material for a ritual link (all they need is ONE CELL, c'mon!) and then use said ritual sorcery to either track them, or just deliver a ridiculously powerful Manabolt from who-knows-where.


Don't introduce an artificial SOTA cost into Hacker's already-complicated lives.

Besides, if computer technology really obsoleted as fast as it should, why would anyone get an implanted commlink?
Garrowolf
I think that the answer to your question depends on what you are doing for.

If you are trying to use it as a way to balence hackers and technomancers then I don't think that SOTA is going to do it. If you are trying to force hackers to spend money then make it a form of upkeep like lifestyle.

I think that the hacker buying things paradigm is very much against the hacker paradigm. They should be building all their own equipment and code. I never liked the hot of the shelf commlink idea. It was worse with cyberdecks, I'll give you that. I require high skill levels and all of their ratings come from those skill levels. They don't have to worry about SOTA because they write and rewrite all the time.

If you buy the software from someone else then I have a secret roll depending on the level of security in the target. Take the number of months since you bought the software and add the security level in dice. Roll it and add that threshold to all rolls against that system. If you buy a new copy or you have a hacker team mate keep up with the SOTA then no extra roll.
RunnerPaul
QUOTE (Spike @ Feb 1 2007, 02:54 AM)
A forty page PDF is hardly 'clean' rules.

The SotA rules in SGM take up half of one column of one page of those rules, not all 40 pages. And he provides a handy table of contents that can link you straight to the section in question. Did you even bother to look for them and read them before dismissing them? If not, let me excerpt them for you:
QUOTE (SGM 1.1)
2.1 SOTA and security

Why is not everybody and his brother running
around with firewall 6? Maintenance! Today’s system
admins spend a considerable amount of time
fixing security holes and trying to stay on top of
everything.
This section will give a short overview on how
one can balance things and give examples if one
wants to micromange this fact.

Maintenance times per month

Programs (everything except firewall): 1 hour per
5 points
Firewall 6: 10/100 hours per node/cluster
Firewall 5: 3/30 hours per node/cluster
Firewall 4: 1/10 hours per node/cluster
Firewall 3: 10 minutes/2 hours per node/cluster

A whole group of similar devices (for example
security cameras) can be treated like a cluster of
nodes. Firewall ratings of 2 and 1 need virtually
no maintenance. If the needed amount of time is
not spent in a month, the rating decreases by one.
This can be reversed if the needed time is spent in
the next month, otherwise, the reduction becomes
permanent.
If the hacking skill is not of the program rating,
the time needed is doubled. If its only half the
rating, it is quadrupled.
A typical hacker in Shadowrun works 200 hours
a month (9 hours work day). With sleep regulator
this can be increased to 250 hours (11 hours work
day).


So, which part of this isn't straightforward, simple, to the point, and explainable in 5 minutes? (Aside from the phrasing "if the hacking skill is not of the program rating" which I would have translated from the original German into English as "if the hacking skill isn't greater than or equal to the program rating", but that's a minor quibble at best.)
Serbitar
Thanks for the hint Paul.

My intention for the SOTA rules was:
Nobody really wants to spent lots of time calculating SOTA, rolling dice and whatever. Esentially no PC want to care much about SOTA. Its just a hassle. But it is needed at least as a GM tool to explain this and that, and sometimes as a balancing tool.

The idea is: OK, lets make it "not random" so you dont need dice rolls. And dont make it cost anything, most of the time work-time can be used as currency.
So you calculate the time you need for a PC once and you are essentially done with it. You now have a good explanation what your hacker is doing most of the time, you can estimate how many different super hightech commlinks he can maintain, and you can just add time if he wants to add additional commlinks to his "service" time.

You can also do handy things like estimate how expensive it is for a corp to have each and every security device on rating 6 (knowing that the average computer skill of a corp hacker is 3).
Serbitar
QUOTE (ShadowDragon8685 @ Feb 1 2007, 08:57 AM)
And they uniformly suck.

Well, too bad. But really, my rules are actually simpler than RAW (I have much less exceptions than RAW). Its just more text because I dont do things like "no rules for this, make em up yourself". You can always dismiss a rule if you dont like it, but you can at least take the rule as a suggestion for a consistent solution. And I give examples.

The actual "rule part" in SGM, including the description of every program, takes about 5 pages (rough estimate). Less than RAW (which is giving no example thresholds, no sample hacking runs, no AR examples and so on).

Of course it is not for people that have a problem with house rules in general.

And one thing: My ruls are not complex at all. They are exactly of the same complexity as RAW (sometimes even less, because I skipped a lot of exceptions). RAW is just ignoring a lot of cases, where I state the problem and try to give a solution.
Blade
I like Serbitar's SOTA rules but I think that if you consider this you also have to consider the necessity to regularly train to keep up stats ratings (both attributes and skills) and the cyberware SOTA (I guess we'll have that one covered in Augmentation).

Otherwise, it wouldn't be very fair.
Aaron
I dunno how everybody else does it, but I handle SOTA in my games with intervals and lifestyle. Hacking programs, for example, have an interval of one month and a lifestyle of Middle, meaning that if you have a Middle lifestyle or higher, you can update your programs along with your bills, otherwise they degrade by one Rating per month.
Serbitar
Doesnt that imply that you pay others to maintain your software, commlink?

I wouldnt want that as a runner.
The Jopp
QUOTE (Serbitar)
Doesnt that imply that you pay others to maintain your software, commlink?

I wouldnt want that as a runner.

Well, not all hackers have the luxury of high programming and hardware skills - they might be damn good at finding information and hackign into systems but not as good at upgrading programs.

It could be implemented that the cost of having it put into lifestyle is the cost for hardware upgrades, software, cyberdocs (for cranial comms) and other costs (software pirate contact).
Serbitar
Ah, you are raising a good point. Maybe I should replace "hacking" with "software" in my above rules. Would be an incentive to get the (not so often used) skill.
Spike
Serb... I think he was saying my rules uniformly suck... but we'd have to ask him.


Actually, I did toy with the lifestyle maintence of programs too. You know, maybe 10% of the cost of their programs and hardware against levied a month but...


... in the cyberpunk literature, and in gaming, hackers are always making/stealing/aquiring hot new 'ware. It's a staple of hackerdom that you get new ware as often as you can, the hottest of the hot, etc. In Shadowrun, as it stands, you layout you nuyen.gif for the hottest stuff once and use it forever. If you want something hotter, you raise the rating and keep it forever. So, unless you are constantly raising the ratings of your 'ware, you can't emulate this very easily at all. Even if you did, players would just skip to the highest NEW rating available, and the cycle would start all over.

While Serbitar's maintenance cycle is interesting, making it nearly impossible to keep a rack of rating 6 programs (over 200 hours of mainantence a month!!! Thats a week without sleep!) it doesn't really allow much for a hacker to be handed the hottest chinese icebreaker as a reward for a challenging run. He'll go look at it

"Eh, I already have a rating 6 exploit and rating 6 Attack. I keep those top shelf, mandatory. Only two hours a month for those...."

Instead of going "Awesome, that's easily worth a few thousand nuyen to me, my shit's already weak, dropped down to five with some dings on it. Sweet!"

Which is what we want to here when rewarding them.


As for SOTAing cyberware: We have a fixed point of reference in that cyberware, namely limbs say, are measurable against the human body. Like major mechanical devices, their SOTA either comes in tiny conviences or in slow gradual improvements. Like cars really. The car I bought ten years ago had the same MPG and driveability as the car I bought last year. Were there improvements in those ten years? Yeah, but they didn't suddenly render my older car useless, or even particularly less fun to drive. In cyberware, we can measure the SOTA changes in the cost in nuyen.gif or essence between editions, along with newer toys to add, and I'm fine with that. Heavy cyber users already have a crapload of upgrades they'll have to go through to maximize their potential in the heavy cost of Delta grade cyberware.

What is the difference between a 2070 cyberlimb and a 2050 cyberlimb? The 2050 cyberlimb looks clunkier and isn't wireless. In less obvious terms, it probably is a bit more uncomfortable to the owner, requires more frequent checkups because it doesn't tell you when the joints are getting worn. It's not weaker or less capable, because the real limit there is the stresses on the human body it's attached to.
Blade
I think it's the same for cyberware and "hackingware".
What's the difference between 2069 wired reflexes and 2070 wired reflexes ? 1 µs... but that's the µs you'll need if you want to stay the quickest guy in town.
Serbitar
QUOTE (Spike @ Feb 1 2007, 04:36 PM)
Serb... I think he was saying my rules uniformly suck... but we'd have to ask him. 

Well, yours arent bad. They just involve a large amount of bookkeeping which is generally not that good.

Concerning my math: There are about 22? programs I think. having them all at rating 6 would be ~200/5 = 40 hours. 80 hours for somebody with hacking < 6 and 160for hacking < 3.

adding 10/20/40 hours for every firewall 6 comlink.

My idea was that a hacker could maintain all available software, and some 4-5 comlinks (he has runner friends, that might need help) and a bunch of drones, all of his hacking rating, and still have some time left for running. But not much more.

Of course the numbers are completely arbitrary.

And you can always just invent a time to money ratio and just pay somebody (who will then have access to your stuff!).

As for the "hot software" thing: It might come up in a novel once in a while, but it really isnt very realistic and thus hard to reproduce by halfway realistic rules.

Lets face it: There is no such thing as "bleeding edge software" (can you name one today?) or "bleeding edge cyberware" like there is no "bleeding edge car" or "bleeding edge tv-set".

Yes, there is new and high tech stuff. But its never so "bleeding edge" that it has any considerable advantage over everything that was there before.
Spike
QUOTE (Serbitar)
QUOTE (Spike @ Feb 1 2007, 04:36 PM)
Serb... I think he was saying my rules uniformly suck... but we'd have to ask him. 

Well, yours arent bad. They just involve a large amount of bookkeeping which is generally not that good.

And tracking man hours of maintance isn't bookkeeping? nyahnyah.gif

I think it'd be simple, just put a checkmark next to the program each run and glitch, then mark the rating down and erase the checkmarks. The players can do it if you trust them, and if you don't you probably already have copies of their characters sheets.

Then again, I have a disgustingly good memory for crap like that for some reason...

'Say, bob, wasn't that the eighth glitch you've had on your Exploit-6? Should be a 4 by now.... you aren't cheating me, are you?" cyber.gif
Spike
Your math lost me... why did you divide by 5??? I saw 20 odd programs at 6, plus firewalls and rounded to 200, ironically about how many hours a month hackers work in your SOTA document. Now I need to recreate how I got it fully to make sense...

Lessee....


Um...

Maybe I skipped a step. embarrassed.gif nevermind then....
Serbitar
QUOTE (Spike @ Feb 1 2007, 05:44 PM)
QUOTE (Serbitar @ Feb 1 2007, 08:33 AM)
QUOTE (Spike @ Feb 1 2007, 04:36 PM)
Serb... I think he was saying my rules uniformly suck... but we'd have to ask him. 

Well, yours arent bad. They just involve a large amount of bookkeeping which is generally not that good.

And tracking man hours of maintance isn't bookkeeping? nyahnyah.gif

No. You get the maintainance amount once. Divide it by 30 and thats it. You know your hacker will spend time X every day doing this stuff. If he doesnt you can write it down and do it tomorrow or next week (if it sonly 5 hours short out of 100, nobody cares anyway). But most of the time, you just have less free time, which is not roleplayed most of the time anyway.

In the optimal case, you calculate once, adjust your roleplaying, knowing that you have to spend time X every day, and never bother with it again.

I think thats about as convenient a SOTA rule will ever get short of "you pay amount X every month".
Spike
You want convienent! For Shadowrunners!

For shame. They need to WORK to keep that cutting edge. Lost free time out of handwaved 'RP downtime'! Might as well just say...

You keep the cutting edge honed in your downtime, next adventure please.


And thats it! Why bother with the rules then?

Of course, I think we're both missing out on just how many firewalls that hacker's gonna have to upkeep. Every bit of cyberware, everything in every player's PAN... all of it needs a good firewall, unless the hacker wants a full time job of doing overwatch to keep hostile hackers from jacking over his team!

Now, me personally? I'd never have a wireless connection to anything that was physically part of me, not in a world where it was possible to hack any wireless connection. Nope. I'd prefer not to have an arm to having one that could be used to strangle me in my sleep! And I'm not even a shadowrunner in real life! (scary, no?) I don't care how many funny looks the cyberdoc gives me, my cyberware is strictly hardwired, if even that.
Serbitar
Yes I know that all of this applies the each and every node there is. But thats why most nodes only have firewall 1-2.

And JoeNormal will for sure pay some hacker for the maintainance on his firewall 3-4 stuff. While a shadowrunner should worry whom to trust ...

It is mostly a balancing and GM tool, to keep things realistic without too much effort. Thats after all, what SOTA rules are for.
cetiah
I like Garrowolf's idea. I'm going to incorporate it into my house rules. But with some modifications (because I do that with everything...)
Aaron
QUOTE (Serbitar)
Doesnt that imply that you pay others to maintain your software, commlink?

Not entirely. It also implies that if you're living a life where you have to walk or use public transit everywhere, scrounge for new furnishings, carry clothes to a laundromat, and do grocery runs twice a week because your mini-fridge won't hold enough NERPS frozen dinners, you don't have as much time to keep up with the changes and improvements of your equipment (including software).

And don't you pay others to upgrade your computer in the real world? I install my own new CPU, sure, but nobody just gave it to me. If I had a Low lifestyle, I would have to save up for that CPU. Since I'm Middle, I can just buy it with the cash I have sitting around in my checking account.
Serbitar
Well, but I am no Shadowrunner, who has life threatening data to keep secret.
A shadowrunner whos commlink is compromised is a dead shadowrunner.
ornot
I have to say that I rather like Serbitar's SOTA rules for maintaining programs. It's not become an issue yet, but my group is now making characters, almost all of whom seem to be hackers!

I had wondered about the "buy once, run forever" issue of rating 6 programs, but had resolved to just hand wave program maintenance in free time. I may well use those time requirements if it becomes an issue.
kzt
QUOTE (Serbitar)
Lets face it: There is no such thing as "bleeding edge software" (can you name one today?) or "bleeding edge cyberware" like there is no "bleeding edge car" or "bleeding edge tv-set".

Yes, there is new and high tech stuff. But its never so "bleeding edge" that it has any considerable advantage over everything that was there before.

Attack software is the exception. IIRC, we had someone scan our entire IP space (32,000 IPs), locate 6 vulnerable machines, and compromise and install rootkits on them. In 11 seconds.

That wouldn't have been possible several years ago because it was a large scale distributed sweep from a multitude of tightly coordinated hosts (bots) scattered across the Internet. It also wouldn't have worked if the machines had been properly patched, and it wouldn't work again now that we have seen the attack.

Another example was a very clever rootkit that was installed on many machines. This one kind of sucked, because we have no idea what vulnerability the attacker exploited as it seemed to get fully patched systems running current AV. We got it added to the AV definition files, so it won't work again for the next person who tries it.
Rotbart van Dainig
People brought Sony-BMG 'CD's to work?
kzt
QUOTE (Rotbart van Dainig)
People brought Sony-BMG 'CD's to work?

Nope, it was a remote exploit. Then the compromised systems were used to attack someone else.
NightmareX
QUOTE (Spike)
Now I just don't have the time for that sort of thing.  Fast, easy, and mostly by the book is how I want it. If I can toss in a rough guideline to fill a hole, I'm all for it... but thats it. Spackle, not 'replace whole wall'...

Agreed - that's why I use the following:

Program Degradation – Due to the constant progress of SOTA software, a character’s common use and hacking programs tend to degrade in effectiveness if not regularly updated. Every three months (for common use programs except Encrypt) or every month (from hacking programs and the Encrypt program), a character’s programs loose one point of rating (to a minimum rating of 1) unless the character makes an effort to keep the program up to date. For common use programs (including Encrypt) this can be as simple as paying for upgrades, which generally cost 1/10th the initial purchase price of the program. A hacker can bypass this cost and upgrade the program himself by making an extended Logic + Software (program rating; 1 hour) test, and indeed is almost required to do so with hacking programs as no legal update services for such programs exist.
sunnyside
As an aside something I use with SOTA is the idea that programs that are all over the place gets patches against them sooner and so they degrade faster. This makes sense because even in the real world if you've got a hot piece of code and you use it to infect the nation you'll get patched inside a week. If you keep it to yourself you can keep using it on isolated targets.

This is the reason why your hacker can't write a piece of hacking code that's worth thousands of nuyen and make millions selling it in shadowland to sammies who don't want to code stuff themselves. It's also why all the script kiddies aren't running rating 6 progs copied by one person somewhere. Or, to a lesser degree, why one team member doesn't just by good programs and then break the encryption to give them to the whole team and your ganger buddies.

Maybe a way to plug it into the OPs system would be that whenever someone with a program rolls a critical glitch the program is fine for now, but in a week ALL copies of that program degrade when the patches come through. So a single hacker will have to do some maintenence, and may use Karma to prevent critical glitches, but if they give copies to all their friends things will start to hurt.
X-Kalibur
I just make sprites do all my upkeep on programs in drones and commlinks wink.gif
NightmareX
QUOTE (sunnyside)
It's also why all the script kiddies aren't running rating 6 progs copied by one person somewhere.

Yup - solving the script kiddie problem was my biggest goal.

QUOTE (X-Kalibur)
I just make sprites do all my upkeep on programs in drones and commlinks  wink.gif

Sprites, grrr, hates sprites we does precious. mad.gif
Kerris
QUOTE (Serbitar)
Lets face it: There is no such thing as "bleeding edge software" (can you name one today?) or "bleeding edge cyberware" like there is no "bleeding edge car" or "bleeding edge tv-set".

Yes, there is new and high tech stuff. But its never so "bleeding edge" that it has any considerable advantage over everything that was there before.

The fact that I can't name anything that is considered "bleeding edge software" is just a testament to how few people have access to the bleeding edge. Once the public knows about the bleeding edge software and/or hardware, it's no longer bleeding edge.

As for the SotA rules presented, I actually think that simply having the programs and hardware degrade over time is completely appropriate. Rates of decay should differ from hacking programs to general-use programs to hardware, but I like the thought of runners looking for the most bleeding edge stuff out there. If it's sufficiently bleeding-edge, then it might even be rating 7 until it degrades to 6. I wouldn't allow it to stay at 7 for any extended length of time, though.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012