This is yet another matrix system but this one tries to stay close to the canon rules and fluff. It just explains and expands some aspects. It is not a complete Matrix system, but I hope it’ll help some of you.

Fluff

History

After the first crash, the rising corps took the opportunity to create their own network, to their liking. Much more closed than the internet, full of DRM, and with far less free contents and services. This explains the way the matrix was in the first editions. Gradually, it opened itself, leading to SR3's matrix, but then came the second crash.
The corps were once again able to rebuild their own system, learning from their past mistake to make sure it wouldn't get out of control again.

Each crash also allowed governments to create new laws against "cyber-criminality". In 2070, all police forces have a hacking department and matrix threats are considered as dangerous as magical or physical threats. The means and methods of the Lone Star Matrix Department are roughly the same as those of their physical counterpart. And they don’t limit their action to the Matrix side. They can also do physical interventions to catch hackers.
Legally, corps can physically catch a hacker even outside of their territory.

Most of the population accepted the changes made to the Matrix, even if most of the time it meant losing freedom. Nobody wanted the crash to happen again. But some people realized that most of what was being made wasn’t made for better security, but just for the corps to get a tighter control on the Matrix. They started protesting about it and created alternative free networks. These networks and their creators became the first target of the new Matrix laws. This led many of them to stop the fight. Those who were left decided to fight directly the official Matrix. They created underground hacker communities everywhere in the Matrix.
In 2070 hacker communities are still going strong, but because of the constant fight by corps and governments (especially after the second crash), there are actually very few real hackers in the Shadows. Roughly the same number as mages, actually.


What is the Matrix?

Nowadays, most people use the Matrix term to talk about the international mesh network, but the Matrix term can also be used to describe any kind of network.

All Matrix-compatible devices (which cover nearly everything you can buy in 2070) can connect directly to nearby devices or route their connection through some router. Some devices, like commlink, can also act as a router. In most places, there are public routers which will connect the devices to the Matrix backbone. Most of this backbone is wired (wires weren’t affected by the second crash), but routers can also fallback on wireless communications if needed. This architecture has a lot advantages. Even if you’re far from a router, you can route your signal through different nodes to eventually reach one. It is also more resistant to crashes. If a big communication hub crashes, the traffic can be easily routed through another one, or even through any working devices.

DNI and the metaphor

The major feature of the Matrix over past computer systems is the use of DNI.
Together with the metaphor, it makes UI really intuitive. The metaphor has nothing to do with past virtual worlds, which were limited both in inputs and outputs. For example a 3D modeller can now shape his objects with his hands, feel it, rotate it, see it under different lights as he would do with a physical object. (Actually, most of the time he'll just have to think about the object to have it created)

Actually, the metaphor is also the best way to interact directly with the computer. It's the first UI to best command lines in speed and flexibility. After all the first use of DNI assisted computing was of course Echo Mirage squadrons. Previous system administrators were kicked out of the system as soon as they logged in. Thanks to DNI, the Echo Mirage members could see the streams of data rushing to them and dodge them with a single thought. They just had to look around them to identify the infected files...

The use of DNI and matrix metaphor give the user the data in the most efficient way, by doing it the way he is used to get it in the physical world, and receives input directly from the brain. Both inputs and outputs use advanced techniques to exploit this ability to the maximum. Even if the visual representation is the most common way to send data, it can also be directly sent to the brain, the way knowchips work.

Matrix views

The metaphor is great but how can we be sure that it will show us the best suited view? A customer will feel comfortable in the aisles of a virtual shop, but it's not really convenient for spiders who want to check everything without having inexistent aisles blocking their view.

That's why the matrix doesn't just store and transmit information but also tailor it to fit the needs of the user. This is done through the use of "matrix views".

There are three main matrix views:
1. Simple data: sometimes you just want data without having to go to a virtual world. With this view you get only what you need: schedules, pictures, music... There's not even a "webpage". The data itself is fetched directly. Of course some sites might refuse to send the data without the whole webpage around it, but these tend to be rare.
Example: A travel agency will send the offers matching your request, and they’ll be displayed (or read to you) just like what you can have today on the Internet.

2. The user view: the user view is the most common view, the system uses a user friendly metaphor to interact with the user. Most matrix sites now offer limited user view for AR browsing: rather than be immersed in the virtual environment, the user will interact with a few smalls ARO.
Most of the matrix sites generate a view for the user depending on the requested data and the metaphor but some force the user to experience it through one fixed representation. On the opposite some sites allow the user to use the user’s own metaphor to “dress� the data.
Example: In the full view, the user will be inside an office, talking to a virtual assistant who’ll help him find what’s best for him, just like in the physical world. If he wants, the user can have a virtual sample of the destinations; visit the hotels and so on.
In the limited view, the user will only have a small AR window showing the assistant, as if it was a vidphone call.

3. The system view (or dev view): this view still uses the metaphor, but the environment is arranged to be close to the machine's state. All useless objects are removed, the positions of each objects are mapped to the memory blocks they are running on... This is the view used by hackers.
If the developer wants, he can have the user view mapped to the system view, so that both view will be more or less the same. But both views can also be totally different even if most of the time they’ll both use the same metaphor to dress up the icons and environment.

The views also come into play in the global Matrix when immersed in VR (or accessed inside an AR window). Your view can fit your geographic position, showing you the icons corresponding to the nodes around you but you can also arrange the icons in any way you want them.

More on the system view
- In system view, the position of each icons show the exact position of the corresponding files, program or persona resources in the system’s memory.
- Even if the persona is running on the user’s commlink, it’ll appear inside the system view. Actually, connecting to a node creates some bridge between the node and the commlink. Part of the commlink’s system will “merge� with the node. In the system view, the persona will appear where the node handles its resources, but this part will be linked to the commlink system. Thus, programs running on the user commlink will impact the node as if the persona was running directly on the node and programs affecting the persona in the node will have an effect on the user’s commlink.
- Each icon will be able to “see� the icons it is allowed to. But if the icon is hidden, the only way to see it will be to have it come in range of the analyze program (and to be detected)
- Walls can still exist in the system view: processes and thread can lock some memory blocks, so that other processes won’t be able to see the content. In the system view, this will lead to walls blocking the view and the access.
- Matrix security experts are able to sculpt the system view to make the system more secure: ICEs will patrol near sensitive memory blocks, walls will limit the view of the hacker, and data bomb will be planted on strategic places. But even if they can turn the system view into a real matrix bunker, they will only do it for high security systems. A too secure system view is more complicated to maintain and might have bad repercussions on the user view.

Nodes and hosts, why size doesn't matter

In 2070 size and computing power aren’t related, except for some experimental systems. You can have the same computing power in a big computer and in a small commlink. Even using several CPU in parallel processing won’t give any significant boost. The only advantage of big node networks is that they can handle much more traffic and programs at the same time.
If one intruder breaking into a rating 5 commlink will face 2 rating 5 ICEs, 10 intruders breaking into a similar rating 5 host will face 2 rating 5 ICEs each. It’s as if each user connected to his own node, except that all users of the same host will be able to interact with other users on the same host.

But what if there are 9 legitimate users and 1 intruder? Will he be sent 10 rating 5 ICEs? It’s possible but this kind of situation will rarely arise because you can’t be sure that the 9 other users are really legitimate users. Sending all your ICEs on the same intruder would be like sending all your troops to attack an intruder in a building, leaving the rest of the building without anyone.

But what if the host is able to handle 100 personas at the same time, but there’s only 1 person connected? Will the 200 ICEs check him? Once again, it’s possible but they won’t, and exactly for the same reasons: you can’t be sure that the 99 other slots are really inactive. A good hacker can enter the node without being detected.
Besides, running too many ICEs on the same slot often leads to more trouble than it’s worth: a hacker can disguise himself as an ICE, so each ICE should check each ICE it comes in contact with. So when you have 100 ICE for 1 user, the probability that one ICE will check the intruder is much lower than if you only had 2.
That’s why most of the time you won’t have hordes of ICE defending a host.

Hacking

Hacking a system is really close to infiltrating a building. You first have to find its location (find the node), then you can spend time to study it, get a valid maglock pass and so on (probing the node) or you can go in straight, hoping to get through the checks (hacking on the fly).
Once inside, you can move around freely, but you can’t get through doors. Contrary to the physical realm, you can fly or even teleport everywhere as long as you’re allowed to. You have to be careful about guards (spiders) and drones (ICEs). You can try to hide from them or be disguised (stealth program), you can convince them you’re supposed to be there (spoof), or take the appearance of a known individual (spoof to get the matrix signature of a legitimate user). Your fake pass may not allow you to get everywhere and open every locker (you can have limited access rights), or you may need another one to get access to some places, even if you have the CEO’s pass (you need to get inside another node, with a new passcode).

Of course, as mentioned, there are some differences with the physical world, but it’s quite close and the best way to represent it. It helps players to get into it quickly and most problems and questions the GM can have can be resolved by comparing the situation to a similar situation in the physical world. Once players and GM are comfortable with it, they can move on to use elements that are specific to the Matrix.
Another benefit of this system is that it allows GM to handle the Matrix scenes in a way that every player can understand so that anyone can listen to it just like they’d listen to the battle the street samurai can have on his own instead of doing something else while you resolve the Matrix scene. But you also have to be careful to make it different from what a player infiltrating a building will do. Use the metaphor to show a totally different world.

Rules

Most of the hacking rules of the BBB apply.
In the Matrix, the Matrix skills are considered as attributes and the programs as skills. If you don’t have the program, you roll skill – 1, if you don’t have the skill, you roll skill rating (0 or -1 if you’re incompetent) + program.

This rule system doesn’t rely on a fixed set of actions. But to each action the hacker can try there’s a corresponding program. Here is a rundown of what is covered by some multi-use programs:

Analyze = Perception skill
Exploit = Exploit design flaws. Can be used to go through a Matrix wall, evade an ID check by an ICE by using a flaw (a master password, an action that breaks the check routine…)
Sniffer = Spying utility, akin to some detection spells or sensors. Can be used to “eavesdrop� data exchange between two icons (for example to listen to the passcode an ICE gives another when checked)
Spoof = Con skill. It is used to give false identification, to impersonate another user (if the hacker has analyzed his matrix signature before)…
Stealth = Stealth skillgroup. It is used to hide (passively or actively, in which case the hacker can roll hacking+stealth), disguise (as data packets or “anonymous� icons, impersonating someone is covered by Spoof).

Simple/quick hacking

In some situations all you want to do is a simple action on a device. In these situations a full hack takes is superfluous (and takes too long to play). This is especially the case in combat situation: you don’t want to spend all combat trying to hack one device, and you don’t want to spend 10 minutes to resolve your hacking in the middle of a tense combat.

That’s why this is resolved through a new system: simple hacking.

There are two simple hacks:
• Messages hacks: sending an order to a device to have it execute one action
• Exploit hacks: hack the node itself but only for one simple effect.

The limits of what a hacker can do with simple hacking are up to the GM, but they should be restricted to quick hacks when there’s no need to play the whole hacking session. Even if programs rating are less important in simple hacking the GM shouldn’t hesitate to give negative modifiers to a character who’d only take the programs taken into account for simple hacking.
For the hacker there is no difference between doing a simple hacking and the regular hacking. The difference is in the rules. You can compare that to rolling charisma+con for a whole conversation instead of playing it all, rolling all kind of social checks.


Message hacks are resolved by rolling a Logic+Electronic Warfare (target’s firewall or pilot rating) test, the number of hits are limited by the rating of the Spoof program. The threshold is the rating of the node or agent the hacker is trying to hack. If the hacker is successful, the device or agent does as ordered. The effect of a message act has to be something the device or agent could be ordered to do. For example if a camera is set to refuse all orders, it isn’t vulnerable to message hacks. If it can be remote controlled but not reset or switched off with simple messages, then the hacker will only be able to move it around.

Exploits hack are resolved by rolling a Logic+Hacking (target’s system+firewall rating, 1 IP) extended test, the number of hits of each roll is limited by the rating of the Exploit program. If the intended action requires admin or root access, raise the threshold as for hacking tests. Actually, the only difference between this and the regular hacking is that the node doesn’t roll to detect the intruder: if the hack is successful the intruder isn’t detected if it isn’t the intruder is detected.

Each hack after the first one will require a new test. If the hacker fails, he gets a -2 modifier for each following test on this node and -1 for any other node on the same “network� (for example if the hacker fails to hack the commlink of an opponent, he will have a -2 modifier if he wants to hack the commlink of another member of the team). The negative modifiers are cumulative. If he fails 4 simple hackings inside the same network, the hacker will have a -4 modifier. This modifier can be reset by hacking the controlling node and stopping the alert, which can’t be done with simple hacking.

Agents

Agents are assistants made for different purposes:
• Help with software: Advanced image editing software can do a lot of complex operations without needing much knowledge from the user: add or remove elements from a picture, correct the lightning and so on. But they still need the user to give their instruction step by step, and the automatic job won’t be as good as what an expert can do and can even sometimes totally fail. That’s where agents come into play. Agents are semi-intelligent. They can consider things in a more human way of thinking. For example, you want to remove a car from a picture. With the image editing software, you’ll have to tell it to select the car and ask for the software to remove it, then select the car’s shadow and ask for the software to remove it, then you might need to adjust other part of the picture (such as reflections of the car somewhere). With the agents, all you need to do is ask it to remove the car.
• Personal assistant: agents can handle your agenda, manage your money, and remind you of important dates and events…
• Answering machine: you’re not always online; sometimes you have to get some sleep. Your agent is still there (even if your commlink isn’t connected, it can load itself on another node) and can take care of any incoming information. It can do more than just store it, if you want, it can process it as well.
• Matrix tasks: Your agent can take care of tasks on the Matrix. As soon as the task is given, the agent will literally go around the Matrix, loading itself on the nodes to get a direct access to information, and going back to your commlink (or another node to wait for your commlink to get back online if your commlink isn’t there when its task is over or if the agent itself is stuck.)
• Guard: Agents can defend nodes, though commercial agents available to the mass market will only patrol and report intrusions. Security agency with the right authorization can sell combating agents, but those can’t be controlled by the client.

Agents and hacking

When building the Matrix 2.0, corps and governments wanted to prevent wide scale attacks and agents were a big issue. One of their concerns was the Agent Smith phenomenon: hackers using clusters of commlinks to send hordes of agents on the target nodes. To prevent this issue, they designed a protocol that prevented agents from connecting to a node the way a persona does, and created strict rules controlling the agent behaviour. In the wake of the 2.0 crash, they also created security teams whose job is to track down and eliminate every threat of virus (hacking agent) both in the Matrix and outside.

Of course, all protections can be broken, and as long as a persona can connect to a node, an agent should be able to do so but so far the corps did a good job of preventing hackers from breaking the protection. It has already been broken several times, but it took big teams of hackers and a long time of work to do so, and some of the teams have been identified and a lot of their members were caught. All in all, breaking that protection has become too difficult and dangerous to be really useful, except for a major attack.

The regular agent’s connection behaviour is simple: the agent requires a connection. To prevent DoS attacks, the port listening to the agent’s request can be closed if the number of agents or outstanding request is too high. If the request is accepted the agent transfers itself to the node. The node will then scan the agent and, if no problems are found, run it. Most of the time, nodes need to read the owner’s commcode in the agent to accept it (this commcode has to be good enough, because the agent uses it to go back to its owner’s commlink when its tasks are over). Nodes are free to apply whatever other limitation they want.

Because of this special security on agents, a lot of nodes actually grant bigger rights to agents than to standard users, or only allow agents to access some data. Agents can also be used for secure transactions: rather than send the raw data, the nodes send agents with the instructions loaded inside. When scanning the agent, they can check for any modification to the agent’s code.

Commercial agents aren’t able to do hacking. Even Cybercombat is restricted to security agencies. So the only way to get a hacking agent is either to program one or to get one from a hacker. As corps and governments track all hacking agent’s programmers, most hackers prefer to keep their agents for themselves and contacts they can trust. So finding a hacking agent isn’t that easy, but anyone with a hacker contact hope to get one.
Hacking agents still need to load themselves on the nodes they’re attacking. Of course, they are programmed to get around the protection systems, but you’ll need an up-to-date agent to be able to hack a node properly. Accordingly, hacking agents have a +2 modifier when trying to exploit a node, and a -2 modifier when trying to evade removal when detected. If the agent isn’t up-to-date, another -2 modifier can apply. All these modifiers can be nullified if the agent is tailored for the node.

Of course, another way to hack with an agent would be to have the persona load the agent and send the persona with the attacking agent. In that case, the agent doesn’t have any modifiers.

Encryption

By request from a community member my encryption house rules were sent for playtest. I’m not sure if I can publish them here.

Technomancers

I didn't really have time to think about them but if I had to rewrite their rules, I'd have them use complex forms that are as different from programs that spells are different from gear, and I'll have them work exactly as spells (you don't have to buy ratings, you have to thread it each time you need it)...

Other rules

Check page 2 for additional details.

----

Congratulations if you’ve read anything. Feel free to comment, as long as it’s done politely and in a constructive way.

Having real encryption work isn't hard to handle if you remember that:

-People are terrible at remembering lots of passwords.

-People are terrible at creating good passwords.

-People are lazy.

-Having written books of passwords is impractical, terribly insecure and generally silly, not to mention frowned upon by security officers everywhere.

So you have to use automated tools. Automated tools automatically encrypt and decrypt files for users using the correct, highly secure, good passwords.

Automated key management tools will decrypt the files for user123 for anyone who is logged in as user123 or has the correct rights to do this (like their boss). The user never has to enter a decryption password, as it's all part of their account.

Hence hackers pretty much NEVER have to actually try to decrypt files, they get them handed to them by the computer already automatically decrypted once they break into the users account. Also, somewhere in the system is a set of key management data that has a list of users, files and decryption passwords.

The only time they would have to try to decrypt files is if they actually choose to steal hardware full of encrypted files without having hacked the system with the passwords first. And then they are pretty much screwed unless they have a million years or so to wait.

So let me get this straight... your solution to the army of Agent Smiths is to ostrich yourself and hope it won't happen? Your explanation of the why and how you won't get sucker punched by an arbitrarily large number of IC, or why your unlimited horde of agents won't conquer Earth is that it's "probably too much trouble." I find that hard to accept.

But the real thing I have a hard time accepting is how in your universe every single icon, Hacker and IC alike, can simply tag out all of their Matrix Damage every IP as a free action with no limit to how many times you can do this. How? Unfortunately, the answer is simple.

You've gone the other direction from me on computer abstraction. but where I said "no matter how large a number of physical devices you have, you still only have one network", your answer is "no matter how small a number of real devices you have, you still have as many networks as you feel like." This means that the classic BBB cheese of simply running an asstonne of commlinks simultaneously and then simply swapping which one you were acting through each IP is even easier - you don't even need to carry extra hardware.

When you face IC there is an arbitrary amount of it, but the network only bothers assigning one of them to fight you. When you damage an IC, that IC fades to the background and another takes its place as a free action because it's still in the same node.

Your level of abstraction is to my mind unworkable. The actual player character is completely unnecessary: mere software can generate dice pools and actions. and hardware of any size can run an unlimited number of copies of any programs.

This means that everyone everywhere is already an infinity threat before they have left the house or done anything. Only one round takedowns have meaning, and even those frankly mean very little because you can still jus switch to another "device" for free at any time.

There's no way to force people to risk anything of any value in any Matrix confrontation, nor is there any way to stop people from playing arbitrarily large number of seats at any table. The poker game would be completely nuclear if anything meaningful was actually being done to the other side (which it is not).

-Frank

Okay, there are a few things I've forgotten to mention. Thanks for reminding me.

About agent Smith: compare it to terrorists using nuclear bombs. It's the ultimate weapon but no terrorist got hold of one. Why?

About icons crashing, I've forgotten to mention a few details: when you crash an IC it doesn't disappear. It appears as fully working but it doesn't, or it behaves eratically. If there's a spider around he can see that remove it and load a new one. So you can potentially have IC coming back each time it's crashed, but you need someone to use his actions to do it.
As for switching between commlinks there's a big problem in your reasoning: either the persona is the same for all commlinks or it's not. If it's the same, you'll switch to the other commlink but will have the same damage. If it's not, then the new persona won't be connected to the node and you'll have to hack it once again. Or if he is, then he's getting kicked at the same time as the first one is and because of the clusters of nodes, each and every other persona you have will get his ass kicked at the same time by the same number of ICEs.
And by the way, you can't have mirror personas (using various commlinks at the same time with more or less the same inputs), and you can't use more than one commlink to run a persona. To each commlink its persona.

...hmm, Matrix Specialists as uncommon as mages?

I am not sure what I am missing that would make a 4e Matrix Specialist as "unique" as even Deckers were in the older editions. Back then it was she sheer expense of your primary tools: the Cyberdeck and Programmes, that pretty much meant the character was "dedicated" to her profession if she wanted to be any good at it. For example, Black Hammer 5 in 3e could run you 200,000 alone and took up 1,000 MP of active memory (that is the total memory of a stock Renraku Kraftwerk which was the best deck a character could get a chargen). In 4e Black Hammer 5 costs 5,000 and uses one programme "slot" against your commlink's system/response rating.

I was able to outfit my Matrix Specialist with a 5,5,6,6 Commlink (built as a "custom" design) and rating 5 programmes for under 90,000 leaving a lot for implants a couple surveillance drones with maxed out autosofts, and other gear to make her more survivable (and effective) in the meat world than her 3e counterpart. The 3e version of her sank over 70% of her resources out of 1,000,000 into her deck - a Kraftwerk with several custom upgrades - and utility programmes (with no Black Hammer or Blackout utility). Outside of the Matrix, she was pretty much useless except for springing maglocks with her Electronics/Electronics B&R skill (as long a the mage made her invisible) and understanding a few things about the corporate scene.

The bottom line is, 4e makes it easier (and therefore more attractive) to be a Matrix decent Specialist than the earlier editions as it is a lot more "cost effective".

Is it possible to point out where exactly this system is better than the BBB one?

Handwaving away the scriptkiddies isn't something I can easily buy. It is not hard to get hacking tools. Even if you up the availability abit. And there are loads of people with too much time on their hand. You might be able to rule out the quality, but not the quantity.

Sure, alot of people prefer solid jobs inside a save corporation. But what stops the corps to utilize that? Its even better and cheaper than corp military. And we know they fund that.

As I said this system is more intended to explain and expand a bit the system of the BBB than to rewrite it totally. The only real addition is the simple hacking system.

How can you say that getting hacking tools is easy? Because of the availability? Because you can create a character with a complete hacking set?

Okay, let's go your way and consider that there are script kiddies everywhere. Everyone also has a smartlinked Ares Predator, an armored jacket, grenades and a rating 5 pistols active soft. I mean, it's not hard to get these. Oh, and they are awakened too, it's only a few BPs.

I don't see why I can't consider that hackers are as rare as, let's say Street Samurais, or Faces, or any other kind of shadowrunner?

Whoops!

The problem with the 'GM/Player ambigiously agree not to do something' way of stopping the rules breaking down is that its an undefined solution that the players are agreeing too. You could just make a house rule like 'people are only allowed one agent each' or whatever instead of 'don't abuse agents' which sets a defined limit on what you can do rules mechanicy.

The problem with your solution Thanee, and indeed blades approach to agents is it really is just a 'GM/Player detente' with undefined limits around agents that the GM on the spot has to rule, which is fine if you want to play 'Fiatrun' but thats what your doing.

The other problem with agents as presented by blade is thats is seriously confusing the logic behind them. Making independant agents is presented as 'difficult' and 'not worth the cost' but I'm not sure why it's not worth the cost, and even if there is an inter-corp dentente not to use them. MAD and all that.

I think things could only be improved by saying 'One agent per DNI' Thats a defined, clear unambigious concept that gives everyone a clear perspective on how agents work - tapping into someones brain for decision making, at a rate of one agent per brain.

As for blades comparison of 'axiom of my system is that people don't abuse agents' to franks 'axiom of my system is that people have discovered how to influnence arbitary electricial devices including brains together at a distance' is a matter of logic.

Players in a co-operative storytelling game need a common framework for understanding the world and predicting the outcome of their actions within the framework of the game. Basic scientific principles work well for this (say, star wars' approach to FTL travel), but behavioural ones don't, because there is no reason for the players to do the same thing as they are free actors. And if the players consistently do something radically different from everyone else, something is up.

So ideally you want to define basic principals of how the world work 'FTL travel is possible with special engines and requires special computers and astrogation to drive the engines and navigate' or 'connecting to the matrix gives you +3 dice to everything due to the vast fonts of infomation and computing power that can be harnessed to your tasks' rather than 'people bring along R2D2 astronagivation driods' or 'everyone connects to the matrix'

In the first examples, it is obvious why people choose to engage in the behaviours - a driod like R2D2 can provide special computation and navigation skills, making him very useful, and +3 dice at everything makes the average guy 50% more effective, so matrixing is going to be wildly popular. Without that underpinning reasoning, it comes off as rather strange.

@Zak: Actually, the reasoning of the RIAA you're mentioning is exactly what I say is happening in the 6th world. Now hacking is serious as dangerous as murder. There's a Matrix Police out there.

Because of this, the hacker scene is far more discreet than today and don't distribute their hacking software everywhere (because it can lead to him). Also the general public consider hackers as we consider murderers today... I'm not sure the average kid wants to try shooting people for fun.
But even if he does it'll be hard for him to know a hacker (and know he's one) or to find a hacking tool. And even if he does, he'll likely get caught with his first hacking attempt.

That's an important part of my Matrix rules: the Matrix is not the Internet. 2070 Hackers aren't 2007 Hackers (actually they are closer to 80's hackers).

@Cthuludreams: not worth the cost because it's not that powerful. The best you can get with them is some kind of DoS attack. Well maybe you can get a successful hacking, but the results may even not be as good as what you could get on your own (or with a team of hackers). And the next thing you know there'll be a VTOL landing on your roof with a strike team to shoot you on sight.

And if the corps don't use them it's because they don't want them. They actually designed the system to prevent their use: they have much more to lose if they allow them (remember the Crash virus) than if they don't (they can hire efficient hackers who'll do the job for them).

...so basically what you are implying a character like my Violet (#56) could not be a Matrix Specialist (again I hate the term Hacker) in the shadows given her backstory because she would have been caught and slapped down the first time she went out into the matrix on her own. By this rationale, she would have become MetaTech's (and later Neonet's) little gene-engineered matrix wageslave (e.g. an NPC) and I would be playing a different character.

...sorry, too restricting & I do not think my GM would go for that.

I still fail to see the problem with Agent Smith.

If an Agent is working alongside a Persona it can only go where that persona goes and acts with Response = to Response of commlink. Agent counts as 1 program as well as any programs it is currently using.

If an Agent is working alone it is still controlled by the originating persona and acts at Response = to Response of currently Accessed node. Agent counts as 1 program against commlink as well as any programs it is currently using.

Okay so you have 10 commlinks, rating 6, all running Agent, Attack, Armor, and Medic 6. You log on to the target node with first commlink and send your agent to attack. You now have to bring the other 9 in. How do you do this?

1) Log out of current commlink and log in with another. Okay Complex Action to log off, free action to switch commlink, and Complex Action to log on with new commlink. Assuming you have Access to target node with all 10 commlinks this also takes a Complex Action. So your first Persona has been sitting in the target node for 3 IPs totally defenseless. Any security could dump you in 3 IPs.

2) Stay logged in with current persona and spoof all the other Agents. Okay lets say it is a free action to switch from one node to another. Spoof Command is a Complex Action, but you have to succeed in a roll against 12 dice (probably with your 14). Then you have to Issue Command which is Simple. The Agent is now acting independently and begins to take time to log onto the system (again Complex Action and we assume that you can give it automatic access). Once again you are looking at 3 IPs for each Agent that you want to bring to the party. So 27 IPs to bring all 10 in.

In Case 1 the Agents are limited by your Commlink (which is no problem) in the second they are limited by the target Node (which likely is reducing their Response and therefore their System). So in the best case scenario you are being beaten with a big stick for 3 IPs without any defenses nor are you Redirecting Trace. I'm pretty sure they'd know where your meatbod is with 27 IPs to trace you.

Sorry got it slightly wrong. In Case 1 it would be a Free Action to get out of the first Persona. So it only takes 2 IPs plus a Simple Action to bring the other agent to bear. So 2.5 IPs worth of free beats for Security

She could have somehow been caught by G.O.D. or LoneStar Matrix Police and gotten a Criminal SIN instead.

@Kyoto Kid: Yes, that's a bit extreme to me. Except if she was good enough to avoid getting caught each and every time...
To me it's like saying "My street samurai learned his combat skills by shooting [insert corp's name here]'s guards every night."

I think that downplaying the importance of Matrix security is a mistake... but each GM is free to play as he wants.

@Frank : What's strange with your post is that when I read them I discover things about my rules. For example, loading an agent becomes a free action, an agent can simultaneously act on as many ports as he wants... All this is NOT in my rules. Please stop twisting them the way you want to support your point.

...without going deep into Vi's backstory, (which is rather detailed) she was basically a "prototype" herself, gene-engineered and augmented by Metatech for the purpose (or so she believes) of matrix espionage in the "new" wireless environment. Her skill was developed though various exercises and "runs" against the Corp's internal system.

Where they screwed up was: making her too good at what she did. That takes care of the "learning curve" for her.

The disappearance of her parents and being made a ward of the corporation, fueled her suspicions and anger towards MetaTech which led to her selling the plans to the commlink and bolting to the shadows.

Again in her case, that works.

For someone else, in the setting proposed in the OP, the learning curve would be a lot tougher to near impossible unless they already had a background or worked in a high level matrix based occupation. However such a position would most likely be fairly good paying with little or no danger of getting shot at or arrested. Why would one want to leave such a stable and comfortable lifestyle for the uncertainty and danger of the shadows? In this way then yes, Matrix Specialists in the shadows would be fairly rare and pretty much need to be of the Fastjack/Dodger calibre in order to survive.

There are other ways to make matrix operations challenging than just making it so dangerous only the best of the best can cut it. I have done it. In a 3e campaign I had a player who ran the team's decker shaking in his boots just from the description of the sculpting and the way his icon had to deal with things. He didn't even encounter any of the really bad IC before he became so paranoid he jacked out.

Cheops: I'm sure you THINK it's not as bad, but trust me it is. There was a god damn 15+ page topic on it and even the FAQ talks about it.

So here's some help (NOTICE: Standard Matrix):

1.) Program/Agent rating is limited by the System rating running it.
2.) For every (System Rating) programs/agent on a device, -1 to Response.
3.) Agent's exist independently of the user in the Matrix (pg.227)
4.) Agents use the response of the device they are running on.
5.) You may load an agent onto another device and still use it. (pg.228) Even if your offline. IN THIS CASE THE AGEN DOESNT COUNT TOWARDS YOUR PERSONAS ACTIVE PROGRAM LIMITS LIKE RUNNING PROGRAMS DO (#1+#2).
6.) You can issue commands to an agent.
7.) Commlinks can be subscribed to other commlinks, allowing a 'tree' of sorts.

Cost of a R4 System/R4 Response Commlink: 2,000+2,000:4,000
Cost of a R4 Agent: 10,000

10 Commlinks: 40,000(8BP)
1 R4 Agent: 10,000(2BP)
Copying the agent 5 times for each commlink to produce 50 agents (Without loosing response and not actually having to travel with them), doubles to 100 if you want -2 Reponse? Priceless.

Edit: These are things that throw 8-10 dice (Pilot+Program)

We all obviously have different interpretations of the rules and from what I've seen of your comments in other threads I can tell that I am not going to sway you one bit. My reading of the rules is different than yours and my reading works for me so I'm disengaging right now. Bye.

@Kyoto: It's still possible for hackers to learn while living in the Shadows, but they'll need to be subtle. For example they can start by hacking easy targets, just like the street samurai will start with street fights in the Barrens. Or he can find a mentor who'll teach him everything...

My aim was not to make hacking challenging, I had two goals
1) Consistency. Hacking should be uncommon. In a society that relies so much on computer, hackers shouldn't be everywhere, even if it's cheap to get hacking gear.
2) Atmosphere. I don't want hackers to be 12 year old kids with public blogs about their achievments. I want them to be hardened professional, with small underground communities (online or physical)... Much more like 80's hackers (and the 80's cyberpunk hackers) or even today's hackers (as opposed to crackers) rather than like today's script kiddies (or even today's crackers).

SR4 allows a player to be a hacker and be able to do something else at the same time, and that's good. But that shouldn't lead players to believe that every kid with enough nuyens will start hacking right away.

----

About the agent discussion, I'd appreciate it if you didn't turn this topic into a new topic about agents according to SR4's BBB. But since it seems that it's the only topic that interest anyone I'll try to give better explanations about agents in my system as soon as I have time to work on it.

...so in effect, more like Redford's team in Sneakers than "Crash" & "Burn" in Hackers.

I've realized there's a lot I forgot to say. I've also realized there were a few angles I didn't consider. Everything should be covered now, what follows should be added to the opening post.

Most of what is here is just explanations to make it troll proof but there also are a few new rules or small modifications to existing rules.

1. Connection slots, hosts, scale, security and ICE.

The subscription limits only applies to personas, it doesn't apply to nodes. But nodes can also limit the number of allowed connections.
For example, you can decide that you can't have more than 5 personas subscribed to your commlink at the same time. That's what most corp nodes do. To be able to handle a lot of connection at once, they often have a lot of nodes with limited subscriptions.
For example if they have a cluster of 1000 nodes allowing 1 connection each, the cluster will be able to handle 1000 personas at once, each one being monitored by one analyze program, and as many ICEs as are loaded on their node.
But the user won't notice that, because he'll be able to see other users and interact with them even if they aren't on the same "node", all nodes are linked seamlessly. Actually the user might as well be moving between nodes as his persona moves through the host, but the user won't notice it.
So to make it simpler, in game mechanics terms, we can consider that he is on a single node.

We can compare it to a building. A home will be smaller than a hotel, but there will be much more people in the hotel than in the house. According to that, there will be many more beds in the hotel than in the house. But for one individual, it will be the same: if he wants to sleep, he'll have enough bed at home and he'll also find one in the hotel.

This also applies for the security: to protect the home one or two guard(s) is(are) enough. To equally protect the hotel you'll need more. If you want each customer to be as safe as he'd be in the house with one guard, you'll have 1 guard per customer (or less if you consider that a guard can keep an eye on two customer). But overscaling isn't good: if your home is swarming with guards, an intruder can easily enter by dressing as one. Either that or you'll need to have guards check the guards, which won't be efficient.

Now let's imagine that there's a problem in the hotel. You can send all your guards to deal with it. But then anyone who can pick locks will be able to steal anything left in the other rooms while everyone is away. So you'll need to leave the other guards to guard the rest of the building.

What you can do is send other guards, from a guard room or from another building.
You can also do that in the Matrix, but it can be dangerous. If they are in the same node, you'll need to prevent the overscaling problem (too many agents hiding the rest of the traffic, or checking each other all the time) so you'll need to deactive them most of the time and activate them when there's a problem. But experienced hackers can use this to their benefits by modifying the code of the inactive agents so that when activated they'll help him.
Another way would be to store the agents in another system, disconnected from this one which will be connected in case of emergency (calling guards from another building). It's more efficient, as long as the hacker doesn't block the connection to this other node beforehand (blocking the door of the hotel, or even the road to it). But there's another problem : to allow for more agents to load themselves on the node you need to have slots for ICEs (which aren't the same as slots for regular agents, because they don't have the same privileges). These slots can be used by the hacker to upload and run his own hacking agents.

Another idea would be to replace crashed agents with new agents. But a crashed agent isn't removed from the system. It just becomes inactive, freezes, doesn't do anything useful, fooling the system which won't realize that something has happened to it. That's why you need a security hacker to see it, unload the agent and upload a new one, which takes some time. Some security hackers, nicknamed necromancers or archviles, are specialized in this behaviour and are the first target of most hackers.

2. Agent Smith

The "Agent Smith" phenomenon is a problem that corps don't want to see. The benefits it could give attackers far overcome the benefits the security could get out of it. That's why they designed the Matrix protocol to avoid it and also why a lot of cyber security experts are paid to proactively look for and eradicate any such threat that might appear.

There are two ways for an attacker to get an Agent Smith effect.

2.1 Loading an agent swarm

As explained previously, programming an agent that can act the same way a persona does (running on another node) means bypassing a lot of protections hardcoded in the Matrix protocols, making it extremely difficult. The data on the Matrix protocols is hard to get (and prone to attract attention from cyberpolice) and reverse engineering is long and strenuous.

The only other way to go is to follow the protocol and have the agent load itself on the node.
Agents have several limitations they can't enforce:
* they can't load other agents
* they need to have some kind of "superuser" access to be able to use cybercombat software (or exploit the node each time they choose to use one).
* They can't have admin access, and can't even spoof or exploit the node to get it. This means that one agent won't be able to allow access to other hacking agents.
* Most nodes have a limit of allowed basic and superuser agents, and most of them always fill their superuser agent slots to prevent hackers from loading their hacking agents. When the limit is reached, the port listening for agent request is closed, preventing any agent from trying to connect. To prevent DoS attack, the closing of the port often triggers a global agent check to remove any idle or suspicious agents.
* Each agent has to carry the matrix signature of their user, this signature will be checked upon connection. A hacker (or the agent itself) can bypass this by spoofing a false commcode ID, or by exploiting the node to connect.

The first way to do a swarm attack is to load your agents on some nodes and ask them to exploit the target node. The problem of that method is that due to the difficulty for an independant agent to exploit a node (see opening post), there's a good probability of failure. If the targeted node detects several hacking attempts by agents in a limited amount of time, it will trigger an alert.
Another way would be to load them as basic user agents and have them suddenly attack. Because of the matrix signature check, this option will also probably trigger an alarm.
A third way is to use an array of commlinks to connect personas running agents to the target node. This method is rarely used, because it needs more gear, more commcodes, and the hacker needs to "anonymize" each connection.

When an alarm is trigged all connected agents are scanned with the alert bonus. All agents trying to load themselves on the node or exploit the node afterwards will suffer the alert penalty. Most of the time the alert will also trigger track attempts.

On a big host with a lot of agents, it could be possible for a few agents to bypass all these. It's then a possibility that at least one of the agent will be able to pull off the job. That's why a hacker can augment his chances by sending more agents, but that will also augment the chances a track will successfully lead to him. In nearly all cases, the system will be aware of a massive hack attempt, which will probably lead to a close investigation later on.

Rules: a hacker (or anyone else) can try to storm a host with an agent swarm. It takes 1 hour per bonus point (up to +4). To simplify things, the hacker will then roll for one agent. The swarm bonus is added to his dice pool. Even if the hack succeeds, the node can do a Track attempt on the hacker with the same bonus to its dice pool. If the hacker is connected during the track attempt, he can try a redirect action. If he isn't, the agents can do it. Both tests don't benefit from the bonus. The node, if successful, can still get the hacker's Matrix ID, and gather data which will be useful to an investigation (such as the hacker's location). Spoofing the datatrail might slow down the investigation but won't protect from it.

2.2. Independent agent swarm

If someone can somehow get his hands on an independent agent and decide to use multiples copies for an Agent Smith strike, the system will react as if faced with a massive hacker attack (attack by several hackers at the same time). Most of the time, the host will be disconnected and the Matrix security service (or Matrix security contractors) will go on full alert. They can route the connection point of the target node to a security host designed especially to deal with such problems. The main objective of the security spiders will be to find the source of the problem and attack it directly, in the Matrix or in the physical world. Such threats aren't taken lightly and may result in a joint operation by several Matrix security corporations.

Rules: Developing an independent agent doesn't just require programming skills. You need gear, you need knowledge that's hard to get, you need time and more than everything you must avoid being detected by the various Matrix security experts. Actually, it's kinda like building your own nuclear weapon. Finding and purchasing one is also like getting your own nuke. There aren't rules about it; this can only be the result of a long and dangerous adventure.

3. Commlinks, personas and users

A commlink has one persona. The persona isn't a program, it's a part of the commlink's system. Multiple commlinks can't share the same persona and one persona can't use several commlinks at the same time (for example running programs on another commlink).

A persona can be on different nodes at the same time but you can't have multiple instances of a persona on one node (or one node cluster). Also a local network can refuse to have more than one instance of the persona on the network.

A user can have multiple commlinks. He'll need a valid commcode for each one, though. And even if one individual (one SIN) can have multiple commcodes, people will start to suspect something if one SIN is linked to more than 3 commcodes. Of course, it's still possible for hackers to get someone else's commcode, to hack the database to get one or to get a commcode from some illegal Matrix service provider.

Even if it's technically possible to have several personas answering to the same commands (for example using the same input device for several commlinks), doing so won't work. The Matrix protocol is designed to detect and refuse such behaviour. Adding small differences in the behaviour or the timing of each persona isn't enough to prevent detection (except if the time difference is big enough: two personas can do the exact same thing two or three hours after the other without any trouble).
So the only way to control several personas at the same time is to switch between different personas and command each one manually or to have a large enough time difference between their actions. It is possible to record the input (DNI or other) and have it replayed later, but as the Matrix is constantly shifting, an action will probably not get the same result when replayed.

One DNI can only command one commlink at the same time. Removing the DNI access to the commlink will log off the user from the commlink (security measure, so that stealing a DNI-linked commlink will disconnect the user). The only way to use several commlinks at the same time with DNI is to have more than one DNI, as it's impossible to use more than one trode net at the same time, it necessarily means having multiple datajacks.
For example if the user has two DNI he can switch from one to the other with one free action.

Simple interfaces such as keyboards or AR gloves don't suffer from the same limitation (for the hacker) as the user can stop to use them without logging off from the persona. He'll just need to switch the input from one device to another (simple action). This is a long process, and most nodes can detect the strange behaviour this method leads to.

For example if a user wants to hack a node using 10 commlinks, he'll need to exploit the node with each commlink (or get an admin access with one and then create accounts for the others). He then has 10 personas inside the place. If things get tough, the personas that aren't manned are sitting duck and will have their connection terminated by the node. Besides, don't forget that each persona will have their own server resources, meaning that they'll each face the same number of IC.
Once again, we can compare it to intruder inside a building. If only one intruder is detected, the security will only dispatch a few guards to deal with him. If different intruders are detected in different places in the building, each one of them will face the same number of guards. If the intruders are all in the same place, then a lot of guards will be sent to that place.

Using multiple personas for hacking is actually not efficient. This method isn't used to defend either because of the useless load it adds to the hosts, especially since spiders can log back in quickly enough. Some spiders can connect without using DNI (to avoid getting blackhammered) and come back as soon as their personas are destroyed, but the drawbacks outweighs the benefits (coming back to get your ass kicked every time isn't as efficient as going just once but actually damaging the opponent).

Small aside on DNI, AR and VR
* Using DNI is much more efficient than using another input interface. When not using DNI, all actions take twice as long. Besides, for situations which require reactivity, such as cybercombat, the user suffers a -2 modifier. But using DNI, even in AR, opens the door to biofeedback.
* Actually there's not much difference between DNI AR and DNI Cold Sim VR, except that when In VR you don't have that pesky real world to bother you when hacking. According to that, hacking in AR in most situations where switching to VR isn't a solution will probably lead to a negative modifier due to distraction.
Another difference is that some signals, especially for the feedback are blocked by the RAS (so that AR users don't start doing what their persona is supposed to do). The good news is that it acts as some kind of biofeedback filter (rating 4), but the bad news is that some of this feedback is useful for situations such as cybercombat. According to this, users engaged in cybercombat in AR suffer a -2 modifier to their cybercombat actions.
A user engaged in cybercombat in AR without a DNI will suffer a -4 modifier.


3. Architecture

When accessing the global Matrix grid with the user (or system) view, each accessible node will be represented by some object. One inside you'll see the content of the node, according to the settings of the Matrix architect. From one node, you'll be able to hop to a nearby node, without even knowing you're routing your connection through that first node, if both nodes allow that. Of course, in system view you'll be able to see the relationship between nodes and know the exact path you're following to access a node.

A routing node can't force a hopping persona to stop. This is intended to prevent hackers from using "trap" nodes, forcing the user to stop by the node when he wants to access another node by routing his connection through this node. But it's possible to have a node with selective routing. This node will only accept to route some personas. Most of the time, such nodes will then proceed to route the connections of the personas which went to a specific point in the node. The user will have to log on the node, go to a specific place (most probably in front of some kind of door) and he will be granted access to the next node (even if the next node might also require identification). A lot of corporate networks use this to have all personas checked in a high security node before being able to connect to other nodes in the network. In that case, the only node visible in the global matrix grid will be the entrance node and all users will have to connect to it to be able to access other nodes in this network.

Each chokepoint node the network have adds to the security of the network, but it's not good to have too many of them. Each node requires the user to log in, and most legitimate users don't want to have to log in 10 times before getting to the data they need. High security systems might include more of these chokepoints and most hacker will have better luck going physically on site to bypass these.

A node can be the master of other nodes. In that case, a user having access to the master node will be able to go to the slave node without having to log in the slave node. He might even not see the difference between the master and slave nodes. But a user accessing the slave directly not will have to log in the master node to access it. Sometimes, such slaves nodes are used as traps: when a hacker goes inside that slave node, his account on the master node is destroyed and the hacker won't be able to get back on the master node.

4. Special node behaviour

In this system, Matrix security is quite close to physical security: doors, guards, drones, lock and so on. But a big part of hacking and Matrix security lies in thinking outside the box. Here are a few examples of Matrix tricks that nodes or networks can use for a better protection.

4.1 Tracking

Some nodes require the user to route his connection through a specific node or to connect from a specific area (or not to connect from one). In that case, the connection of each persona will be tracked to the user's commlink. Hacking these nodes (require redirecting the trace to a legitimate connection point.
Some node can do that tracking to check if the user is routing his connection from an anonymizer.

4.2 No persona

Some nodes (such as DNI, cyberware, cameras and slave devices) don't need to have personas at all. They just communicate with master nodes. In that case it's simply impossible for a user to log on this node. The only way to hack it is to spoof a message.
Such nodes can have a physical flip to allow for a persona in some cases (maintenance for example).

4.3 Hostage persona

Some secure networks might require the user to leave an instance of his persona in one (or multiple) node(s) - probably a high security node - so that if he turns out to be an intruder, his persona will be attacked in this node. This security procedure is quite rare because of its use of node's resources (maintaining an inactive persona) and potential danger (what if a hacker spoofs the matrix signature of a legitimate user?)

5. Ratings, security and usage

A rating 6 firewall isn't that expensive, especially for a corp. Why would a corporation have firewalls with a smaller rating? Taking SOTA into account isn't enough: nothing prevents the corporation from copying their latest firewall to all their sites.
But there are 3 reasons why this won't be the case:

1. Connection to the outside: upgrading the firewall through the Matrix means getting it from an outside connection. This means that a hacker can intercept it, modify it and send a firewall with security holes instead. This won't be too easy to do (there are a lot of anti-tamper systems involved) but it can be done. That's why it's better to have them brought and installed physically, which will be slower and more expensive.

2. Widespread use: using the same firewall everywhere means that if a hacker can find a hole in one firewall, he'll be able to exploit it in all similar firewalls. Due to the use of heuristic and other factors this isn't always true, but it's still a danger that has to be taken into account. Of course, the security hole will probably be quickly fixed, but if the intrusion was in a minor system, it can take weeks or even months before it is discovered.

3. Ease of use: a rating 6 firewall is more than a high-end program. Actually, it's not that at all (that's why you can have one on a rating 1 device). It means that the OS is really secure (think BSD) but this security can be detrimental to the ease of use (think BSD installation). It also means that the log-in system is more complex. Most nodes running a rating 6 firewall will require a dongle, a special chip or piece of hardware or biometric data (or all of them) to log-in.

--------------

I hope that everything is covered now, let me know if there's still something missing (or broken).

If I can limit my number of connections, why don't I make my base security system, then limit the number of connections to none. Or better yet, make my top secret lair security system limited to one connection, then log into it myself, via a hardwire link?

Doesn't this feature make it completely impossible to hack security systems?

Lots of your rule don't actually seem to have mechanics attached. You mention that in the 1000 node example as one system 1000 people can connect, and then ICE can 'move' between 'nodes' and there are some 'effects' associated with that. Except you haven't actually defined them at all.

What happens when I have 2 Ice on each node, and when a hacker alerts me to his presence I send 1 ICE from each node to attack him

You mention dongles and shit to log in to a rating 6 firewall. Can I spoof having them if I am logging in remotely/ If not, why not? What does spoof even do in your system?

Also, the spoofing the matrix signiture thing in the hostage persona's section? How does that even work? Also, no matter how you make it work I can kill any hacker arbitarily who uses hotsim.

All I have to do is get that 1000 node setup mentioned under ICE, spoof the guys matrix persona? logged on as 999 hostage personas, then make my ICE kill him, as he will die as he gets attacked by 999 black hammers.

Seriously, the ideas are good, but there are no mechanics attached to any of the 'rules' and you probably need to fix this.

It's covered: you can set your node to refuse personas.

As for limiting it to one persona then logging yourself, it's a good way to make your system secure, but it's not impossible to hack: the hacker can still use spoofed messages to act on your node (in the limit of what's possible with messages) or lure your persona in another node to attack it, disconnect it and replace it. And then it'll be harder for you to get back. Besides, you can't do it on every node.

As for the mechanics, the idea of this rule system is to be open and flexible, programs can do a lot of different things, so rather than list them all, I just list the main idea of each program and a few examples and it's up to the hacker to find clever uses. Just like it's done with the standard skills in the physical world.

For example, the Spoof program is used to fool drones into believing you are the legitimate user. This means you can use it to impersonate the Matrix signature of a legitimate user. So it means that with a hacking+Spoof roll the hacker can impersonate a legitimate user (of course he'll need to know what the signature of this user is). The nodes, ICEs and spiders will roll a Matrix perception test: computer+analyze. If they get more hit than you, they'll be able to see that you're not the user you're pretending to be.
Actually you can compare the Spoof program to the impersonation skill, and the Analyze program to the perception skill.

But you're right, there are some details I forgot:

* About the 1000 node, the best way to consider it is to forget everything about the 1000 node thing and just consider it as 1 big node, that will be able to run a lot of programs and agents at the same time, so that each user will get the same attention from the node.
Really, the best is to compare it with a building : you can send a guard from point A to point B without any problem, except that there won't be any guard at point A aftewards.

* About dongles and stuff, it's just a fluff explanation to how rating 6 firewall systems are. Spoofing them isn't necessary, it's already covered by the high rating which in turn has an impact on the Exploit test. So there's no need to make it more difficult. On the other hand, if the hacker can get the dongle, he'll get a +4 bonus to his exploit test (a nice way to help novice hackers to hack big nodes).

I edited the answers to your issues

The messages limits aren't limits to the amount of messages you can send, but limits to what you can do with messages. These limits can be whatever limits the system administrator wants. For example you can decide that a node can't be "remotely" turned off, only a connected persona can do it. In that case, the hacker can send a spoofed message telling the node to turn off, but the node won't do anything about it (though it might report it, if ordered to).

The problem with proposing a rules framework is that there has to actually be rules at some point.

So lets drill down into the hostage persona and spoofing a users matrix signiture thing. I have 20 commlinks at home in my hacker stack, each with an ICE loaded with black hammer. I am fighting a security spider who is hot VRing

From that hostage persona line I spoof his signiture, load it into the 20 commlinks in my hackastack and he dies instantly from being attacked by 20 ICE with black hammer at the same time? Even if he only takes stun this means I auto win any fight ever.

Your 'message limits' thing renders any node completely unhackable.

I create the node. I define any activity except 'connecting' as outside the limits of the node. I connect to the node. I set the persona limit to one.

My node is now completely unhackable. Anyone is just going to do this with all their gear/drones/whathave you. (I render my core commlink unhackable by defining any action except connecting via the DNI as not permissable and setting the persona lmit to 0

Hostage issue: spoofing the signature doesn't make the spoofed persona have any impact on the real persona. If you impersonate the president and kill yourself, the president won't die.

Message limit: yes your personal node is nearly unhackable... But you'll have serious limitations on what you can do with it : you can't just send messages with it, because you won't receive the answer, so you'll need to send your persona on the nodes you want to interact with.
Now let's consider that for a moment you get disconnected. Either someone cut your wire, someone kicked your persona's ass in another node, someone jammed the signal between your DNI and your node... And before you're able to log-in, he's in there. You've lost your node, and you'll have to do the same thing he did to get it back. It's a risk you can choose to take.

Besides, only a few users (most probably shadowrunners or security agents) would limit to one persona: allowing for other personas to connect to your node is great to let your friends and family see your pictures or your blog and so on.
And even less are likely to limit messages to just connecting.

The hostage thing is an example of a trick that can be used by nodes to enhance the security of the network. To compare it to a physical world situation, it's like going in a building with a cortex bomb and leaving the detonator to the guards at the front door. If you're caught doing something illegal in the building, they trigger the bomb.
But if you dress up as someone who's inside the building (which means he left his detonator at the front desk) and start wreaking havoc, the guards will think that this guy is causing problem and blow his head off.

But if you enter the building dressed as the guy and give your detonator, if you're seen causing problems, they'll blow your head off, not the otehr guy's.