NightmareX
Jul 24 2007, 12:24 PM
QUOTE (Blade) |
About agents, you might like to add that there are two different interpretations and, as far as I know, there hasn't been any official answer about it.
1) An agent can be loaded on a node and act on another Agent is loaded on rating 6 node A and its "persona" goes in rating 3 node B. It will still have it rating 6 because he's still running on node A
2) An agent has to load itself on a node to act on it. Agent is loaded on rating 6 node A and it wants to go on rating 3 node B. It will unload itself from rating 6 node A and load on rating 3 node B, downgrading his attributes to 3.
If you don't have any official answer, please don't start an argument about it. It has been discussed numerous times and nobody has found any proof that clearly shows the canon answer. Both interpretation have their own advantages and disadvantages and, despite what some people like to say, their own consistency. |
Ok, this begs several questions in my mind - not to start an argument, but rather just out of simple logic. If option 2 above is the case of how agents are supposed to work, how do they go about loading onto the second node in the first place? Since logically they'd have to first hack the firewall (unless it was a public access node)?
Also, wouldn't option 2 make spoofing one's datatrail or tracking said trail impossible (presuming personas would have to log unto nodes to effect them and the data logs that make up a datatrail are logically housed on external nodes)?
Unless of course, one rules that they can hack a node from the outside (ie run Exploit on it) but must be on the inside of the node to effect it (ie run Attack to crash it, Edit, etc)? A compromise solution maybe (but one that still leaves makes spoofing/tracking a total pain)?
Perhaps I'm just being dumb - as I've said, the Matrix is hardly my specialty.
Dashifen
Jul 24 2007, 12:46 PM
My search-fu is weak but there was an extended thread regarding this topic (at least peripherally if not specifically) in which I debated with others. Unfortunately, I can't find it. If anyone else can, that might be handy. If nothing else, I wonder if my views on the matter have changed which is why I was looking for it last week but failed.
I have a long winded response, but I have to get started with my work day. I'll probably respond to the long winded responses of others later on. Stupid real world.
Blade
Jul 24 2007, 12:49 PM
Even if it looks strange, option 2 is the one that's used by today's agents (which are mostly used in labs for now because of obvious security issues).
As far as logging on is concerned, I see it that way:
Node A (or user A) sends an agent to node B. Node B can check if it's on the allowed list (not every node/user can be authorized to send an agent to this node). If so, it receives the agent (if not a spoof roll done on node A can help forge the request to make it look like it's from an authorized node). The agent is loaded but doesn't have any access, it needs to log-on to have this access. This log-on sequence allows node B to check the agent's integrity. That's when an exploit check is needed. For that check, the agent runs on node B.
To prevent exploits of this system a node should have a limit of slots available to incoming agents.
I don't see the trouble with the datatrail: the nodes keep track of where the agent comes from and where it goes... But maybe I didn't understand your question.
Dashifen
Jul 24 2007, 12:54 PM
Ah. That's a good point, Blade, and I can also mention that I've done work in distributed agent-based networking and it is actually true that they will transmit their code from one part of the network to another. In fact, part of the programming that I was in charge of was an agent that determined which portions of the network had the lightest load and directed other agents to move to those nodes, if you will, so that their payload could be executed with the most available computing resources.
I would also ad to Blade's note that I allow security access on some systems and administrative access on others to run agents in a node without having to spoof their access; the node itself could be programmed to allow users of significant enough access rights the privilege of running their own software on the node's resources.
DireRadiant
Jul 24 2007, 12:56 PM
Is there any reason an Agent can't both be able to distribute itself and act on distributed nodes? As with any software there are usually lots of options in how it is used.
Dashifen
Jul 24 2007, 12:56 PM
QUOTE (Blade) |
I don't see the trouble with the datatrail: the nodes keep track of where the agent comes from and where it goes... But maybe I didn't understand your question. |
Also note that the first sentence of p. 228 indicates that agents can be offloaded into "a particular node separate from your persona" and p. 227 (last sentence) tells us that "[agents] loaded into your persona have the same datatrail, so Track programs that go after an agent will trace back to your own point of origin."
This has always indicated to me that if you have removed an agent from your persona, besides reducing the load on your own systems it also separates the datatrail of the agent. I've forced spiders and other forensic hackers to track an agent back to its point of origin (where it was offloaded) and then depending on player actions (i.e., did they remove a log of who began to run that agent in the node) they might be stumped or they might be able to perform a new Track action to try and find the PC.
NightmareX
Jul 24 2007, 01:46 PM
QUOTE (Dashifen) |
My search-fu is weak but there was an extended thread regarding this topic (at least peripherally if not specifically) in which I debated with others. Unfortunately, I can't find it. If anyone else can, that might be handy. If nothing else, I wonder if my views on the matter have changed which is why I was looking for it last week but failed. |
I know - I've avoid such discussions like the plague in the past! I'll run the search fu tonight (getting tired) but just wanted to put the thoughts out there.
QUOTE (Blade) |
Even if it looks strange, option 2 is the one that's used by today's agents (which are mostly used in labs for now because of obvious security issues). |
See, this is why I avoid Matrix discussions like the plague
Some of you guys are WAY beyond my knowledge/understanding of computer science, and frankly it hurts my wee brain at times
QUOTE |
As far as logging on is concerned, I see it that way: Node A (or user A) sends an agent to node B. Node B can check if it's on the allowed list (not every node/user can be authorized to send an agent to this node). If so, it receives the agent (if not a spoof roll done on node A can help forge the request to make it look like it's from an authorized node). The agent is loaded but doesn't have any access, it needs to log-on to have this access. This log-on sequence allows node B to check the agent's integrity. That's when an exploit check is needed. For that check, the agent runs on node B. |
I think I see what you mean - the agent is essentially received in queue (or something - basically the modem equivalent?) and is on the node without having access (That require a Spoof test to get it into the node's queue to begin with, as you note?. Wouldn't they have noted that in the rules if the was the intention - assuming one cares about RAW that is.) It would essentially be using the nodes own resources to hack the node (??? How could it do that without breaching the firewall? Wouldn't that require CPU control to insert it's code into the RAM-equivalent to be run?).
QUOTE |
To prevent exploits of this system a node should have a limit of slots available to incoming agents. |
Limited queue size in essence? As a security measure not a bandwidth issue. And this queue is also what bounces transmissions around to enable the functioning of the mesh network, right? Is this kinda what you're talking about Dashifen?
QUOTE |
I don't see the trouble with the datatrail: the nodes keep track of where the agent comes from and where it goes... But maybe I didn't understand your question. |
Ok, the way I see it, the login data (access IDs, login time, logout time, etc) would be stored on the node itself - as opposed to in this hypothetical queue that anyone can get into - logically for security purposes. In order to read (ie per the track program) or alter (ie the spoof program) your datatrail, you'd need to get past the firewall of each node you access (unless you already have security/admin access) in order to view or alter these logs logically if this is true. Not just agents but anyone. You couldn't logically spoof your datatrail by just running a program on your commlink (as the RAW states you can).
If this is correct, wouldn't the fact that the RAW lets you spoof your datatrail without all this work imply that the designers meant for option 1 above be the case? (Or were just lazy/wanted to make play easier, since what I just said makes no sense from a security standpoint)?
QUOTE (Dashifen) |
This has always indicated to me that if you have removed an agent from your persona, besides reducing the load on your own systems it also separates the datatrail of the agent. I've forced spiders and other forensic hackers to track an agent back to its point of origin (where it was offloaded) and then depending on player actions (i.e., did they remove a log of who began to run that agent in the node) they might be stumped or they might be able to perform a new Track action to try and find the PC. |
That sounds right.
Serbitar
Jul 24 2007, 01:52 PM
NightmareX
Jul 24 2007, 01:59 PM
Thanks Serbitar! Now wish me luck so my brain don't explode!
Blade
Jul 24 2007, 02:15 PM
QUOTE ("NightmareX") |
Wouldn't they have noted that in the rules if the was the intention - assuming one cares about RAW that is. |
Actually that's (with the queue and other stuff) the kind of things I add to the rules... I tend to see the Matrix rules as just a base canvas just like the combat rules will explain how I can shoot, how the enemy can dodge and how I can move but not how I can jump over the enemy, press my gun against his head and shoot.
So I just consider: I want to protect my system from hacking agents, what do I do? I choose which nodes are authorized to send an agent. I want to hack this protection, what do I do? I can edit the list, but that requires an access. If I want to hack without altering the target node, I need to fake my request to make the node think I am on the list, which can be done with the Spoof program. Another way would be to make the node think I am not an agent but just random data and then to reconstruct the agent inside the node, that'd be exploit. I like it that way, but it might put off those who prefer to have a fixed set of rules and action. In that case, I'd recommend you to take a look at Serbitar's (or other's) alternate rules.
Anyway, you might skip all this and just consider that the exploit roll takes care of that too... But actually, if you want to play it strictly according to the rules, you'll just roll exploit without knowing exactly which rating to use
.
QUOTE ("NightmareX") |
It would essentially be using the nodes own resources to hack the node [...] How could it do that without breaching the firewall? Wouldn't that require CPU control to insert it's code into the RAM-equivalent to be run? |
A virus/trojan runs on your computer to hack it. Doing that without breaching the firewall is simply what hacking is about.
Let's take the (simplified and hopefully simple) example of today's hacking of through a virtualized computer . The target computer is running a virtualization program which 'emulates' another computer with its own Memory. Basically, the virtual computer should not be able to access the rest of the memory of the real computer, right ? But if you are able to overflow the memory of the virtual computer (and if the virtualization program is badly written) you'll overflow into the memory of the real computer. Hacking is all about lateral thinking.
Dashifen
Jul 24 2007, 04:55 PM
Edit: actually, that wasn't the thread I remembered, though it was a good one. There was a thread where we discussed the differences, if any, between an icon and a persona which related to the method by which agents could move from node to node.
NightmareX
Jul 25 2007, 08:51 AM
QUOTE (Blade) |
Anyway, you might skip all this and just consider that the exploit roll takes care of that too... But actually, if you want to play it strictly according to the rules, you'll just roll exploit without knowing exactly which rating to use . |
As a player, I could accept doing that, but as a GM I prefer to actually have some idea of what's actually happening in-setting. That and I like to know how many dice I should be rolling, so ratings are kinda important
Thank you for your explanations btw - they are helping out a lot!
Blade
Jul 25 2007, 09:01 AM
QUOTE ("NightmareX") |
As a player, I could accept doing that, but as a GM I prefer to actually have some idea of what's actually happening in-setting. That and I like to know how many dice I should be rolling, so ratings are kinda important |
If you want a canon answer to that question you can try asking the FAQ. I tried a long time ago but didn't get any answer.
EDIT:
@Dashifen: I think you're referring to
this one.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.