There is a time and a place for nonsensical adventuring, and it is called Dungeons and Dragons. How does a room full of top predators stay alive and successfully breeding new generations for hundreds if years inside a locked tomb in the middle of the desert? Who cares!? Let's kill them and take their stuff. Stuff which they have, for no reason.

But in games with a "grittier" feel, there is a desire for the world to make some sense. If you're breaking into a building full of monsters and locked doors, someone actually built that building. They also had some well-paid architect go through and design the fire escapes, the locking mechanisms, the floor plan. And you had someone actually put all the monsters there. And they didn't ust put duck-rabbits all over the place in order to fight adventurers and drop loot, they put magical animals in specific locations for use as guards, research subects, and pets. They do not have wandering monsters wandering around their homes and offices because that would cause their employees to get killed. That would be bad.

Nash Equilibrium

The basic concept of Nash Equilibrium is that if you are in conflict with others it is best for you to use your best strategies. Sounds non-controversial, right? Well, the second part about Nash Equilibrium can best be summated with the "Wine in front of me" argument from The Princess Bride - because the people you are in conflict with know that you are going to want to use your best strategies. And you know that they are going to use their best strategies, and they know that you know and all that.

But the third part of Nash Eqilibrium is that your "best" strategy depends upon what your opponents are doing. And your opponet's best strategy depends upon what you are doing. That attacks and defenses evolve, and do so extremely quickly, to maximize the effectiveness of their offenses and defenses against their opponents.

Your Opponents Are Not Static
It is all well and good to plan the perfect heist, the killer crime, the ultimate attack. But the fact is that you are not the only tactician in the world. Other people are also inventing, also perceiving and closing weaknesses, and if you wait long enough your attack will be decidedly less than ultimate. Shaka Zulu did some amazing strategic and tactical innovations right up until he met with gun toting Europeans coming the other way.

So regardless of how the world is described, if there is an exploitable weakness in it which is fixable in a manner which is affordable and simple, that weakness will not last long. If a problem has an easily presentable solution, that problem will be solved. And soon.

Which means that if the game world depends upon the players exploiting some weakness over and over again in order to accomplish things, the solution to that problem cannot be "easy", or the world is inherently unstable. The entire campaign has a very perceivable end which wil approach very very soon.

Budgets are not infinite
A lone nut can, on occassion, stand on the upper story of a book depository and shoot a very important man in the face. This is generally quite difficult because powerfl individuals have people going around looking for guys with firearms and axes to grind. Given enough of these people, they would find all the lone nuts, but as is they merely catch most of them. Vulnerabilities which are sufficiently expensive to solve 100% of the time are not going to be solved 100% of the time.

A really useful fact for the game world is that if security that is good enough to keep out all of the rabble and merely challenging for the player characters happens to be the economical choice based on costs and projected losses - it is reasonable to expect security which is challenging and exciting every time you run into it.

Computer Security
Modern day covert ops teams don't bring computer hackers with them. The reason is multifarious; from the fact that may hackers can do their thing from home, to the fact that most hackers work at least as well on their own, to the fact that hackers tend to not be super good at a lot of "covert ops" style tasks. But the really important part is that computer security that is essentially unbeatable by anyone who does not have your password or physical access to your computer in their laboratory is extremely easy to come by.

Noone has ever hacked a z/OS server and they probably never will. NetBSD is essentially impenetrable, and is likely to stay that way for the foreseeable future. Using the "sneaker net" - that is putting a physical lack of connection between the outside world your data, carrying flash drives with the tranmissable data to networked machines and keeping the secure data in a place which is actually secure - has been shown to be essentially unhackable under any circumsyances.

Nash Equilibrium in the Modern Day
What this means is that the Nash Equilibrium has already been reached in the modern world using realistic computer standards of 2007. Actually secure data cannot be hacked and Navy Seals don't bring hackers on covert missions. Not even into hostile office buildings.

And what that means is that any system which falls back on any of the core assumptions we make about modern computer security - will inevitably result in a Nash Equilibrium which maps to our present experience: covert operations teams don't even bother having a Computer Specialist. And while you could run a game like that quite easily, the Shadowrun conceit is that the team has Dodger, Sally Tsung, and Ghost Who Walks on it. And for that conceit to hold, the Nash Equilibrium has to include computer specialists as its endstage.

Nash Equilibrium in the Shadowrn Future
So here's the important parts: it can't be simple or cheap to keep out a matrix specialist, or people would do that. That means that the air gap, even the sneaker net, can't work. But it's more than that. The cheapest alternative of all of course is simply not having a computer, which means that you're down to one of three possibilities:

1. People gain benefits from computers which are so astoundingly awesome that they would genuinely be willing to accept the vulnerability of potential hacking anyway.
2. Not having computers makes you more vulnerable to hacking.
3. You have some sort of crazy ace that I don't even know.

But in order to make the game work, you are going to have to encode one of those into actual rules. Seriously.

-Frank

Well, couldn't one simply say that in 2071, that AR is so relevant and needed, that people would suffer, say a -6 to all actions? I think that would give the SR world the feel it is trying to put forth in fluff, that everyone has a commlink and everyone is ultra-reliant on AR to function everyday.

I mean, even mages would have to follow this...

There's a solution that doesn't involve brain hacking and is relatively easy to implant into any existing game...

But that is personal taste...I think the SR4 world is open to either of those options, those being:

1) People are so dependent on computers (i.e. AR) that they actually find it harder to do everything without

2) That the brain has been unlocked and a "hacker" with the write tools and knowledge, can target any mind and attack it, regardless of its connectivity to the matrix

Those are both plausible assumptions in 2071.

So is a post-nuclear holocaust. But that would be Fallout... Or maybe Gamma World.

Either case, its not really "Shadowrun" anymore. Brain hacking your mom for no reason is not necessarily "Shadowrun" except for extremely rare occurances of wtfbbq stuff (otaku etc).

I mean, I am no expert on SR background info, but that seems like a rather severe departure from the accepted reality of the 6th world.

- der menkey

"Certainly there is no hunting like the hunting of man and those who have hunted armed men long enough and liked it, never really care for anything else thereafter."
~ Ernest Hemingway

Frank, I'm not entirely certain I fully grasp get why you so emphatically reject both air gap and sneaker net. If I understand your point correctly (and please do correct me if I don't!) you consider them the anathema to ShadowRun's long-standing practice of including computer specialists in runner teams.

But the sneaker net doesn't appaer to necessarily preclude, to me, connections between servers behind such a sneaker net. Even if all terminals in a given location are run by sneaker-netting data around, that only seems to serve as even more of an incentive to take the data extraction specialists to the servers so that they may do their job via hardwire access.

That, in turn, strikes me as not at all at odds with the RAW. Granted, the BBB uses "WiFi-repellent paint" and similarly slightly silly gizmos in place of a good old-fashioned guy with a datachip in his pocket (or, to return to more cyberpunk-relevant imagery, in his head). But the principle is the same.

Also, I have been thinking about the vulnerability of brains to haking attempts that you posit as a fundamental to your system. While it makes absolute sense to assume that with ASIST-technology having been around for about half a century, going in the reverse direction would be easily accomplished, I cannot wrap my head around how hacking unconnected brains could work on "targets who don't have any special antenna equipment on them". Surely, whatever else may be necessary in order to perform such a feat, the victim would need to be outfited with one or the other form of DNI transmitter, be it electrodes or datajack? Everything else smacks to me of confusing hacking with Technomancy.

I agree strongly with at least part of your position: Technomancers should have recourse to such actions, even in cases where no DNI interface was involved. But hackers need a go-between to establish the hacker-victim connection. This cannot be optional: for it to be so would be to place one foot on the slope of fallacy. Your main argument is that ASIST makes the brain accessible to hackers -- but if the targets can be hacked without such cybernetics involved, why should hackers be so restricted?

The consequence would be abandoning mundane hackers altogether and making Technomancers the norm. (Which, incidentally, is also the final stage of considering them the next stage of human evolution.) For if there were no difference between the two but for name and BP cost, why uphold the divide?

Your post is excellent, but fails to detail one important note - it assumes both players are rational.

People continue to pay twice as much for a product that works only half as well as its competitor, because it has better advertising or looks neater. Everyone knows it's good to eat in moderation and exercise regularly, but we continue to smoke, drink and watch Family Guy. Corporations generally invest not based on long-term financial gain, but on short term rises in perceived value (which sometimes results in their intentionally NOT producing anything of value except their own PR). Government operates such that if you perform underbudget, your budget gets cut next year, so use it or lose it.

Granted, within their perceived worlds each of these players is in fact rational (although not especially bright, since he refuses to look beyond first impressions). But the fact remains, people do not always choose what is best for them. No where is this more clear than when it comes to security.

How many people have a $10 door lock as the only thing protecting their $1,000 computer (and $20,000 in other goods)? Raise your hands? Doesn't this strike you as odd? How many people thinking windows Automatic Update is a pain in the rear and hates seeing that little window pop up when you're busy looking at porn?

Now you're certainly right, Shadowrun computer security should be waaay better than it is. In SR3 it always bothers me that characters will almost always be able to get INTO the system without much trouble, but realistically, getting INTO the system should be the single most difficult step. So definitely, some concessions have been made. However with both SR3 and SR4, the assumption is definitely that technology has become so convenient and so easy to use, everyone uses it. It's just that securing it isn't nearly as easy as using it.

It's all about the Benjamins.

Productivity is measured in units/time. Any discrete unit of production can be converted into currency. Therefore, productivity is measured in money/time. In this case, it is nuyen/time.

In order to determine profits, one must subtract the productivity from the costs. Remember to keep the units the same. Costs include losses.

The losses incurred from hacking can be measured as nuyen/event and the number of events can be measured as event/time so losses from hacking can be measured as nuyen/time.

The profit from highly hackable networked business is then [(productivity in nuyen)/time - (losses from hacking in nuyen)/time - (other losses in nuyen)/time] while the profit from non-networked businesses is [(Productivity2 in nuyen)/time - (other losses in nuyen)/time]

Now, other losses will be the same, so if productivity-hacking > productivity2, it only makes sense to use extremely hackable networked systems.

Most shadowrunners will be hitting white-collar side of business. There isn't an profit in stealing baby food one can at a time but there is in stealing the brand new secret formula for great-tasting baby food.
There is a great deal of productivity interference in the traditional model of white-collar employment. One has to commute to an office, which wastes valuable time. Since white-collar employees are salaried, commute time comes out the the company's pockets. Virtual telecommuting with remote lock-in (the same technology used by Black IC to prevent jacking out) ensures a most productive middle-management employee. Entirely replacing physical offices with virtual offices also saves floor space which can be put to great use.
Science can benefit from both telecommuting and AR, though it is not possible to eliminate the physical laboratory.

Okay, the Matrix is everywhere and everything. You can't even legally walk in some places without being connected to the Matrix.

Want to listen to the Radio (or even to your own music albums)? Connect to the Matrix.
Want to be able to contact your friends and be contacted? Connect to the Matrix.
Want to watch TV? Connect to the Matrix.
Want to read a Book? Connect to the Matrix.
Want an official document? Connect to the Matrix.
Want a map of the area? Connect to the Matrix.
Want to check if you forgot something at home? Connect to the Matrix Books?
Want your car to pick you up? Connect to the Matrix.
Want to pay the bus ride? Connect to the Matrix.
And the list can go on.

Not using the Matrix is nearly impossible. Some things we can do today without using any device are harder to do without in 2070 because of the material or infrastructural issues: paying, getting a map of the place, reading a book...
Some other have been lost. Are you able to light a fire with just a piece of wood and a string? Why bother? We have lighters and matches.
Some other are just more trouble without the Matrix. People often forget that AR gives a +2 bonus to any kind of action that could be helped by using it... And there's actually a lot of them.

Sure, there are hackers. Well, that doesn't prevent people from connecting to the Internet in 2007. Brain cancer doesn't prevent them from using mobile phones. Anyway, what's the risk? All their precious data is on "secured" servers. Bank account? My bank takes care of the security. And I think that by 2070 all security companies offer a 3 in 1 physical, magical and matrix protection of your home. In the case of the Matrix, it means your commlink. So everyone who today has some alarm system at home is likely to have a firewall+IC pack for his commlink, with spiders ready to check if an alarm is triggered.

And I think that's a trend that goes further than that. Governments all around the world still have trouble dealing with Internet crime today. In 2070 Matrix Crime is now fully covered by the law, and the Lone Star can come kick the ass of any hacker they catch abusing the citizens of any place they are paid to protect.

So most people have enough to be protected from too simple hacking techniques (low skilled hackers and low rating programs) and governments actively fight higher hacking threats.

[What follows is more a personal take on the Shadowrun universe]

If you add on top of that a closed Matrix, made for and by corps, instead of a mostly free and anarchic Internet, and you'll realize that hackers shouldn't be so many, or at least so many to stay long enough in the buisiness. Widely distributing high rating hacking programs will get you arrested in no time, so most of them are just distributed in small underground networks.

And that's where we get back at the Cyberpunk. Real hackers aren't that common. Actually, there should be nearly as few "real" hackers as mages running the shadows (for example). Besides most of them don't target Joe Average. If they're interested in money, they can get much more elsewhere (and Matrix-assisted scams are easier to pull off anyway). Anyway, that's not what most of them are into. Being a real hacker in Shadowrun isn't just being good with computers and using it as a criminal. All hackers share more or less the same traits: they like to discover secrets, they like to deconstruct things to find what's inside... And they like to share it. Information should be free, small hacker communities and all that kind of stuff.
The 2070 hacker isn't the "finance minister of Nigeria", he's not the WaReZ KiNg, he's closer to Richard Stallman, and all those people who fight for free software, or P2P as an ideal. Yes, I know,there's a big legal difference between Free Software and Pirate's Bay. But in 2070 they are all "dangerous criminals".

Well, actually this last part isn't necessary, you can have a small hacker population without them being neo anarchists, but I just happen to like the idea and to think it goes along well in a Cyberpunk world. The main point, regarding the topic of this thread, is that real hackers simply aren't enough to be that much of a threat to Joe Average.

So, basically, I think that the 1st solution is the best, but I'll expand it further:

"People gain benefits from computers which are astoundingly awesome (and actually, society has been too far to pull back: it NEEDS them) and they would genuinely be willing to accept the vulnerability of potential hacking anyway, because the threat is small so the benefits largely outweigh the drawbacks.

I know it leaves some question opens about corporate security, but I'll get back on this later.

Essentially, you're saying that it's easy enough for targets to isolate all their important paydata from the Matrix, and if they can do that, why have a hacker?

In 2nd edition, we assumed pretty much the same thing up until the last 2nd ed. campaign I played. It coincided nicely with the fact that until the last campaign, we were all too lazy to actually learn the matrix rules. The big problem with that was that you're left trying to fill that classic Gibson-type cyberpunk void you've suddenly left by isolating every important computer system, which essentially kills the idea of the Matrix. We just started using lots and lots of Johnny Mnemonic-style couriers (who, by the way, really have no use if there IS a matrix). But eventually we put down the beer, learned the Matrix rules, and greatly improved our game, even if it DIDN'T make sense for companies to have sensitive information out there where the Super Deckers of the 6th world could snag it. Sometimes you have to suspend disbelief for the sake of atmosphere. If not, most corps would probably find a better solution to their illegal needs than the fixer/shadowrunner system. "You're willing to do nearly anything for money? Fantastic, let me turn you into damning evidence against me and ask you to pretty please not tell anyone about it!"

Good thread.

I fall back on the "this is cyberpunk" argument. Corporations are well aware their networks are not secure but accept it as a cost of doing business, and hide that fact from Joe Average.

Can Joe Average's bank account be hacked? Oh yes. Is Joe Average concerned about that? No, cause the bank lies to him and tells him it's impossible, or at least if does happen, magical insurance will cover it and he will never notice.

There are cases of people's SINs being wiped out. That's your entire history, your bank accounts, everything. Has that caused anyone to question that maybe the way SINs are handled is perhaps a not very good idea? Nope. Just offer amnesty to those who can sort of prove they used to have a SIN, and those that fall in the cracks can go fuck themselves. Why? Cause nobody cares about anyone else but number 1 in a very deep, deep way.

So SR computer networks operate with huge flaws, but nobody cares. The cost of properly securing them outweighs the benefits.

to be two specific problems wrapped up in here. The first is why, from a narrative perspective, it is at all believable that people and corporations bother with the matrix. The second is why, from a gaming standpoint, they do so. I'll address them one at a time.

First, from a fiction standpoint.

I've actually worked as a network manager at military sites so I can tell you from personal experience that air gaps suck balls.

Yes, keeping your computers completely sealed from the internet definitely helps to keep out hackers, viruses, trojan horses, etc., but the amount of labor needed to keep systems updated is a huge pain in the ass and gets worse every year. I can see how by 2070, computer systems will become so complicated that there will be no choice but to keep your systems hooked up to the internet 24/7 just to make sure your systems are up to date and functioning at least as good as your competitors' systems. As competition comes down to a razor's edge, having your systems running 1% slower than your competitors for 1 day could mean the difference of millions of nuyen of profit and lost opportunities. Keeping your systems updated 24/7 becomes mandatory.

Besides, with the movement towards web applications, I wouldn't be surprised if 100% internet-based systems become the norm rather than the exception. Who would expose their secret software to reverse engineering when you could just make customers connect to your black box web service instead?

However from a game standpoint, I can see why the authors want air gaps and wifi repelling paint: so the characters have to get off the couch and run into dungeons...uh I mean office buildings, and have all kinds of cool sword fights and gun battles.

It all comes down to deciding what kind of game you want:

• Do you want bunker hackers? If yes, then make air gaps extremely rare in your world.
• Do you want Mission Impossible special forces hackers? If yes, then make lots of air gap systems in your world.
• Do you want to give hackers more to do than hack commlinks? If yes, allow brain hacking.
• Do you want to have non-mages competing for the mage role? If yes, allow brain hacking.
• Do you want to enforce strict character roles and stereotypes? If yes, do not allow brain hacking or air gaps.

I can connect my brain to a cybernetic appendage and move it around, even blind, deaf, and hearing impaired.


Requirements for that statement to be true:

1.) The appendage must be connected to the brain.
2.) The appendage must be able to move.
3.) The appendage must have some way of knowing what to do.
-A.) The program that tells the appendage what to do must be on a computer.
-B.) The program must be able to translate brain thoughts into computer language.
-C.) The program must be able to send information (Tactile or otherwise) back to the brain.


This man's brain is already hacked, and we didn't even have to look at the matrix rules.


EDIT: Ok, forgot to post the point to this. Shit like Math SPU's, Encephs, Datajacks linked to Sim moduals linked to knowledge softs, they all send things to the brain that your brain processes and sends information back. To have a VR work at all you've got to send and receive, so we know that shit can go in, the question is how. Alright, so the shit that goes in is data, just data the brain understands. If you can send this data via a cord you can send it over the waves. We know Trode nets send their signal to the brains, because thats how they work. So obviously some part of our brains (Or all) can receive this shit, unless trode nets are magic. So if it's specific, what happens when other parts of our brain get the signal? Does it suddenly go "NO THE BRAIN WONT EXCEPT ANYTHING NOW!" No, it does diddly squat. The parts that do accept it, accept it and take it without question. Easy! So, if I blast you with BrainData ™, the parts that receive take it and like it, cus they're bitches like that. Which means your signal doesnt have to be fine pin point focus.

1. Brains can send and receive data of a specific type.
2. 2070 computers can translate from computer data to brain data.
3. Brains can receive AND SEND this data via cable and air (Trodes).
4. Either the whole brain is able to, or specific parts can do all of the above (Sans 2).
-If it's the whole brain, you do not need a pin point focus.
-If it's specific parts of the brain, you do not need pin point focus
--The parts that can send/receive do.
--The parts that dont send/receive dont.

Your logic is faulty. By that rationale, any time your computer connects to the internet, it is being 'hacked'.

To 'hack' an object, one is instructing the object to do something that it would not normally do, or is otherwise ordinarily prevented from doing. Simply sending data to it isn't hacking it.

In the context of SR, it arguably is. Hackers use the Hacking skill with the Spoof program, rather than Spoofing it outright, so that so far as RAW goes, Spoofing is a "subspecies" of Hacking.

EDIT: Seven-7, I think you're steering a little too close to the same ravine Frank is already teetering on the brink of. Brains can only actively send their organic data into a machine by way of a datajack, which directly translates DNI data into machine code, or via trodes, which operate are at one remove (which they must, being non-invasive): they interprete the vastly more sophisticated 2070 analog to today's EEG, and return stimulate the brain through specifically tailored electromagnetic pulses applied to the skull. That is the only way a non-invasive ASIST technology can interact with the human brain, and as a consequence, brain hacking (which is still the overarching theme of this thread) is only possible if you go through their trode set (having hacked their commlink and hijacked the access) or by directly bypassing everything else and plugging yourself directly into the victims datajack, cerebro a cerebro.

There is no way for a mundane to hack the brain of someone who does not possess a datajack, wears a trode rig, or at the very least has a skinlink installed. That is the only restriction I argue for in Frank's ruleset, as it is the most glaring flaw in that system an the one that rightly has many people clamoring. But if this restriction is met, all bets are off.

Which definition of brain hacking is used here? In one version somebody signs the warrant by hooking up to a DNI.

In another verison of brain hacking is pointing a signal emitter at an unborn fetus in its mother's womb, and hacking its prenatal brain into eternal loyalty for Saeder Krupp. In that world, Singularity has taken hold and the game is over. There is no game to play.

I've been GMing SR4 for little time, but it's funny to think that on my first reading of the core book i just did something like "humm... this trodes and nanopaste thing is quite ridiculous..." and cutted then out of my game.

In my games there is two ways to connect to Matrix. First is with commlink, gloves, glasses and so on... your brain if protected from damage, but you can't VR or use BTLs. Want to do VR, Hot VR or use Simsense and BTLs? Install a Datajack, then your brain could have a two-way connection to your commlink and the Matrix. You can VR, Hot VR, use Simsense, BTLs and so on, but you'll put your brain "in the game". Datajack is the only way to input/output data directly on someone's brain.

Daily Matrix users just do'it through commlink, plus glasses (or cybereyes), gloves to interaction and so on, never experiencing something like VR. Hackers, professionals or people interested in VR games, Simsense or BTLs get datajacks. A hacker can't force hotsim on someone, even if the target is on VR, unless his commlink has been hardware modded to HotSim.

I don't know how many problemas could appear from this decision. As i said, i´ve GMed only a few games, and my players are SR begginers like me (old RPG players, but begginer on SR), but so far no problem with this.

(Sorry for the poor english. Brazilian guy trying hard to be undertood).
(Edit: Little edit for clarification).

What everyone is ignoring with the productivity arguments is that the accounting data for 'Bobs concrete' isn't actually something that anyone wants.

It could very well be connected to the matrix.

But thats not what shadowrunners do. (Well, maybe in your game that is what they do but whatever)

Shadowrunners

A) Steal new product infomation
B) Circumvent security systems
C) Access extremely sensative infomation.

While the threat risk assessment does dictate that stuff that is not sensative is connected to the matrix.

Risk assessments are identifying a threat actor, examining his opportunity, and looking at the impacts.

For bob the concrete guy, threat is low (no-one cares, no automated attackers in the conventional sense), opportunity is high (matrix system exposes him to the entire population of the world), impact is low (he probably has a backup. No-one cares to begin with, hell it might help with some tax evasion)


Contrast this with new drug infomation from Ares. Threat is REALLY VERY HIGH (as people are willing to pay professional criminals to obtain that information! Seriously!), oppotunity is huge (entire world again) and impact is gigantic (you lose hundreds of millions of dollars, possibly billions.)

Seriously, no one is going to accept that level of risk. If you proposed carelessly risking hundreds of millions to your manager today (and it is risking) you'd get stabbed. Potential productivity improvements arn;t going to cover it either. Teams of people working on say.. stuff to treat alzhimers seriously have 3 people in. But lets be generous and say the team has 30, and that they are risking a billion dollars.

Pool of threats: If this facility has matrix connectivity in the secure areas, lets say we are increasing the risk of losing the data to the competition from 10% to 40%. This is not unreasonable. give than I just made the pool of threats like 6 billion people.

Okay so say salaries are on average 150k a head. (I vaguely remember that as being the average salary for pzifer. Lets triple that to factor in overheads. So a productivity boost of 20% from a matrix connection saves 2.7 million a year.

(which its not, because ares employees these people all in a secure installation, but keeps them together, so they can talk to each other (yay!), and makes available a huge range of material. So the things you'd do with the Internet are in fact local. So it's probably less than 20%)

Say 1 in 25 drug programs creates an outcome, so you save 67.5 million a year.

Okay so given that you are risking 300 million (or more!) from that teams potential outcomes or a saving of 67.5 million, your risk of getting stuff stolen via not having matrix separated systems only has to be 20% less than if they are matrix sepereated.

Which given that shadowrunnners and hackers exist, I think it clearly is.

So.. yeah. Simple risk management dictates that it shouldn't be connected. Why would anyone connect a sensative system like that to the matrix?

The risk is the same, either way. If the new drug fails to make it to the market, the company is out millions, perhaps billions. Patents are first-come firs-serve. If another company is working on the same drug, and one is, it becomes a race to get the patent first. The time-saving nature of the matrix, the ability for scientists to access the lab for across the world and do work without concern for time may outweigh the inherent risk to data theft, particularly since the only companies which can make use of that data or either working on the product themselves or are so far behind in development that the data won't hep them catch up in time.

And, honestly, we're taking about corps that can and do spend billions on toilet paper alone.

It seems to me (an uneducated rube) that the necessity of brain-hacking comes down to one of two things.

1) Game Balance. Hackers suck unless they can hack brains.

2) Game Logic. The tech level in the game is sufficient to hack brains, so it doesn't make sense to exclude it.

To address the second point first (and you may be asking, "Why didn't you just put the first post second, ass?" and you'd be right), the tech in the game does whatever the game designers or the GM says it does. To borrow a page from Aliens, you can have interstellar travel and 7.62mm rifles and still make a good movie. I'd be more comfortable with hackers hacking brains if computers were more brain-like. (As advanced as SR computers are supposed to be, they still seem to have more in common with the POS I'm clunking my thoughts into now than they do to some sort of dogbot with a brain for an ass.) That is to say, one can include brain-hacking or not depending on their personal preference, but I don't see it as required.

To the first point, maybe Hackers do suck ass. I don't really know, not having played one and being relatively new to SR4. A guy in my regular group plays a hacker and seems to have a good time, but he may be deluding himself. I'll bring that up at the next session. Anyway, my question for my more experienced SR4 players would be, Are Hackers the Clerics of SR4? By that, I mean do people play them not because they want to but because what they do is necessary for the game, and so somebody always ends up saying, "Fine, I'll play the damn hacker"?

It seems to me (again, an uneducated rube) that hackers (like Mages in Mage: The Ascension) benefit the most from player creativity. The rules for the physical world and the magical world are pretty much strictly defined within the system, but the rules for computers are open to a lot of interpretation. That is, the mechanics are in place to tell you how to do something, but what you do is limited only by what the player can come up with and the GM doesn't disallow.

I'm cool with you doing whatever the hell you want in a game. Who am I to decide? However, if you want any sort of logic you've got to rid of a lot of stuff.


Knowsofts
Math SPU's
Encephelon
Virtual Reality
Trodes
Active Softs
Black IC
Some programs...

There is an enormous strawman here. There is a difference between denying DNIs, and pointing a signal emitter at somebody across the room, and hacking raw mundane brain meat. (Third angle would be pointing a microwave gun at somebody's brain.)

Nobody is arguing with the DNI part. That's awesome stuff. As for the original topic, Nash's equilibrium, there are some solid thoughts there. But I don't think that 2070 is enough time for the computing world to hit the final endgame where things are intrinsically secure or insecure as a matter of logical physics. I.E. either FTL is possible is not. Is secure computing possible, or not?

There is an alternate fix to the inherent problem with hackers... they pull the GM away, they suxor at combat, etc. Make hacking very quick to play out and a relatively small investment for a character. In other words...
Hacker: Hey, Sammie, can I be on your team? I can hack computers for you from my mom's basement!
Sammie: Uh, no thanks, kid. I can hack just fine. I ain't splitting my take with you.

a.k.a. what Catalyst gave us.