I'm pretty sure this is explicitly covered in the BBB where it talks about defensive measures for protecting cyberware - something about "cracking up the Firewall and loading up the IC". This would pretty much say to me agents/IC can definitely run on cyberware and you can put IC in your Smartlink, MBW, Skillwires, etc.

I was thinking that slaving your skillwires to an internal commlink may not be such a bad idea anyway. Use that for storage of all your skillsofts, agents to update them, massive IC to protect them, etc.

Would it be possible to have an agent loaded with skillsofts and load those instead? A bit of a stretch but I'm just wondering.

- J.

It is a very bad idea, as anybody having hacked your comlink will immeadiatly have full access to your skillwires.

Usually, a secure cyberware setup is a followed (no additional cost, neither in nuyen nor essence per RAW):

No datajack(!), no wifi & skinlink (at all, not even deactivated) on any implant other than the implanted commlink, only selected internal interconnects, every implant (cluster) strong ecrypted for 24h and stealthed, every implant with the hardware limitation that DNI always retains Admin access and DNI can't be disabled - (neural) triggers have the hardware limitation so they can't be disabled anyway.

The internal commlink (with an automatic trigger to be shut off by the internal biomonitor if the user become unconcious) is the door and chokepoint to the world, running the usual (hacking) programs (the standard ones as ergonomic versions, so ergonomic malware will automatically fail to run) - the only connection in is to the senseware cluster running sensorsoft, tacsoft and much IC (which can, by Unwired, hop onto the commlink node while still running on and consuming system rescources of the cluster).
Then there are two connections out: One to the skill-system cluster consisting of a skillwire and a sim module (with an automatic trigger to be shut off by the internal biomonitor if the user takes physical matrix damage), running all skillsofts and IC, the other to the bio-system cluster, usually consisting of a (nano)biomonitor and stuff like autoinjectors (usuall with automatic trigger to be activated if the user become unconcious) and nanite hives.

Of course, the skill-system cluster will have it's network suspended by default - if you need to transfer software, you can always turn it on with a free action.

Normally I'd agree it pays to be this paranoid (I work in IT Security!) but the ability to download, search for skillsofts, obtain automatic updates - is very powerful. Using a datajack at least means there is no means to hack you by wireless methods and adds another layer of separation.

- J.

While the Horizon option is nice, it only exists for registered knowsoft - and any registered software is a no-go for runners using more than one SIN. (That is, any runner still alive)

To search for skillsoft, your commlink suffices - and periodic updates and download in the 'paranoid mode' just require you to use two additional free actions by mental command... hardly anything compared to the number of complex and simple actions spend to search and download said software.

Actually, a normal datajack provides wifi - and, additionally, the attacker with the exception to directly access every implant - and of course, the ability to feed you black snuff BTLs.

Depends on how much you want to nerf them. IMHO, I think limiting it to the skillwire rating is sufficient. One of the drawbacks in previous editions was that skillwires could not add dice from the diecpools, this, I think adds the same flavor.


Think about an opposed succes with firearms: Robot Wannabe Runner Ronney rolls 6 dice for a firearms (3 for agility, 3 for 3 Firearms skillwires) he gets four successes (so only 3). Dodger don the physad he's shooting at gets to roll his dodge+reaction and needs only 3 successes to get out of the way. Also, it makes any task with a higher threshold than the skill wire impossible to achieve.

That aside none of my players have even broached skillwires or emotoys yet...

I know, I remember the passage. However, Unwired came out later than the BBB, specifically to address questions as possible "exploits" in the rules. I remember in the BBB that it mentions putting IC in a Smartgun or Cyberarm, but Unwired specifically lists a Smartgun as a "Peripheral" Node, of which the GM has ruling over what exactly the OS of the Peripheral node can run. Here's the point (as far as I see it). There was perceived to be an "exploit" in the rules that was called "Agent Smith." Essentially, since there were no specific rules preventing someone from simply copying an Agent, and because "everything's a node" and there were no rules limiting what a particular device could and couldn't run, it was perceived that a Hacker could go out buy 100 toasters for about 10 apiece, copy 100 Agents on to them, and sic their army on any Node they wanted, which would inevitably fall under the sheer weight of probability.

Now, Unwired attempted to mitigate this with a couple of updates: 1) Although Agents can be copied, they still have the same Access ID and thus when the copy of an Agent attempts to access a Node where another copy is already running, the logon is automatically rejected. Changing a copied Agent's Access ID takes a significant amount of time: Rating x 3 weeks (Unwired pg. 111) (IMO, the option to patch an Agent's Access ID should be removed entirely); 2) Not every Node can run an Agent (eg. a toaster). Thus Unwired classifies some things as "Peripheral Nodes" and leaves it up to the GM what the OS of said Node can or cannot run.

So, the conclusion here is that it's all about how you like to run your game. In my SR4 games, I like to keep my Matrix stuff fast and to the point. Thus, I heavily emphasize the "central node" idea where there is a central Node that controls a whole bunch of "little" nodes. You can go and Hack all the little nodes if your really but that will take time, or may not be an option if they are Slaved to a Central Node. Thus, its far more efficient (even if it is more dangerous) to just Hack the central Node, have some fun Cybercombat, and subvert the system from there. Usually the Hacker is getting into the system to do something: disable devices, look for files, take control of things, I prefer that the rules not bog the player down in a bunch of time-wasting before they get to do what they came to do (SR2).

Where does it say that datajacks provide wifi?

Also pirated software doesn't auto update. I believe we were speaking about hacked software that is dirt cheap, hence the point re: using agents to autoupdate.

Malachi, thanks. I after that post I think we see things more on the same wavelength than I originally thought.

- J.

In 2070 every electronic device provides wifi.

Still, that's no disadvantage as you can always deactivate it (and with a hardware switch no hacker can reactivate it).

By the wording of some of the posts in this thread, I am getting the impression that some think the datajack is a venue for hacking the software/hardware in a person by allowing the attacker to plug into it physically. Am I reading this correctly?

It would seem to me, as at least one other poster has said, that if the attacker is that close and can stick something into your head, you have more worries than being hacked.

Peter

People always tend to forget that sooner than later, said datajack is connected somewhere by the user.

Yeah, and connecting something else to your head via fibreoptic cable is more secure than any other method, not less.

All cyberware has a Device Rating, which in turn means it has a Signal rating.

No. I don't have my books handy, but IIRC, a datajack provides a direct line to all your cyber, as well as everything you've got plugged into it. This direct line will bypass even a slaved system. Additionally, since a datajack is wifi-enabled, you can't stop this back door unless you slave your datajack-- which kinda ruins the point of having one. If you shut off the wifi, you also lose a lot of the capabilities of the datajack.

Does shutting off the wifi interfere with the use of an optical cable?

And doesn't a skillwire system have all the memory it needs anyway, so there is no need to keep skillsofts outside?

Peter

No

Yes

Me

i don't know how people can say that it's not secure to first bring your comlink online to download the latest patches and softs.
then hardwired switch off the wifi . . run scanners, defrag, antivir and everything else you might need to clean up such stuff . .
then connect the comlink now without wireless to the completely wireless datajack(beta used ripped out of some old guys head who got it in a time where such jacks did not have wifi) and transfer the softs into the system, then disconnect the optical cable and you are done . .

I have just assumed it functioned like the old versions (a faulty presumption to some extent) - basically a socket in your head which allows DNI to your cyberware.

Allowing open wireless to any piece of cyber is just plain silly (penile implants anyone???).

I don't care what the rulebook says on wireless. Common sense has to prevail at some point. I play with 2 other IT techs and agree that the cyberware and Matrix rules need serious houseruling to maintain even "partial" suspension of disbelief.

- J.

Well I believe there's also the fact that Device Rating serves as whichever stats are appropriate for that device. I am not aware of any rule which states that anything with a device rating automatically has a signal rating. From what I can see it's just a useful little catch-all stat for whatever the GM happens to need at the time, to save on giving detailed stats to everything.

I'm not a computer nerd or IT guy, so I'll take your word on it. I will say that by RAW, bone lacing is wireless. I'll also say that since there's a lot of people like me out there, people who only have the slightest idea what wi-fi is all about, common sense isn't going to be too common.


Anything with a Device rating has a value that stands in for its Matrix stats. Appropriateness doesn't factor into it. However, even if we give it varied stats-- Signal 0-- it can still be hacked from any node or person within 3 meters.

Keep in mind that "Signal 0" is not the same as "no signal". The first describes a really weak wifi capability, the second describes quite literally no capability for wireless information exchange whatsoever. You simply cannot hack a device that can't communicate with you (in fact, you can't hack a device which doesn't want to communicate with you, either, so you don't even need to mechanically kill the wifi capability to be unhackable).

Bone lacing is wireless by default, because it makes the job of the cybertechnician that performs the maintenance on it easier (he can look at its diagnostics without having to cut you open), you can get almost the same ease of use with a wifi-less hardware link that breaks your skin, though, and still be unhackable (a hardware link like, say, your datajack). Or you could opt to make the technicians job more annoying and simply deactivate external access alltogether.
And a datajack is nothing more than a piece of ware allowing you to have a wired DNI-link to a device outside of your body. It doesn't need wifi (infact, its main point is making you less dependent of wifi). It doesn't allow anyone to hack your cyberware just because it's there. Your cyberware is vulnerable if it's connected to your PAN and your PAN is accessible for the hacker (by being wireless, for example), there's no magic way to get access to a piece of ware you don't allow access to one way or the other.

Hey everyone... I've got a question. If you have a datajack in a cluster that's slaved to your commlink can the 'Link override the "accept no connections except from the link" so that you can use it to talk to your smartgun or hook into an external commlink?

I can see the datajack being set in a bridge mode where the data traffic is pumped directly into the 'Link and not through the cluster at all.

While I agree with the first point, isn't hacking how you defeat the second point? Right now, if I find an encrypted wi-fi network, it doesn't want to talk to me, thereby blocking me out. But if I use a few tricks, I can hack the network, and start communicating with it. Doesn't that amount to the same thing?

There is a world of difference between you're suggesting vs physically not even being able to CONNECT to it in order to attempt to hack it (which is what I'm proposing).

Side note, not all cyber is wireless. It specifically says (BBB IIRC, or maybe Augmentation) that stuff like bioware and some stuff like bone lacing is NOT wireless.

- J.

Actually, if you use a datajack to connect to a commlink, terminal or any other out-bound-capable device... it is less secure than using an internal commlink. Because the latter does not allow your enemy a free pass on all your implants or brain.

Bioware is explicitly not the same thing as cyberware. Cyberware is electronic and mechanical, and has a Device Rating, bioware does not. If you check p 214, BBB, you'll see that cyberware types all have a Device rating; bone lacing, being Bodyware, has a Device rating of 1.

As for your setup: again, I'm not an IT guy, so you may need to explain it again. But unless you've physically turned the wireless off, my understanding is that there's no 100% perfect method of protecting it. Someone can always crack it. If the wireless is on, by definition isn't any attempt to break into it "hacking"?

In SR all software and firmware that try to keep some users from connection to a system amount to a firewall rating. All software and firmware help you get into a system amount to a exploit program of given rating.

In real life people use encryption and frequency hoping to make many valid SR attacks literally or effectively imposable; at least until there is some earth shattering advances in either pure math or computing power. If you dig up Frank's post on encryption he breaks it down pretty well. It's geared towards justifying his matrix rules, but the analysis is spot on whatever your take on his rules may be.

I still fail to see where that idea comes from. A datajack doesn't allow your enemy a free pass on all your implants or brain (infact, nothing short of a PAB unit allows anyone a pass at your brain). It just gives you a wired DNI. Nothing more, nothing less.
If you connect to the matrix via the commlink in your pocket that's connected to your datajack you can operate the commlink by thought and any hacker wirelessy compromising your commlink can do with it whatever he wants and can even connect to your datajack. If you're dumb enough to slave essential cyberware to the jack, he now has access to that ware as well.
If you connect to the matrix via your internal commlink you can operate the commlink by thought and any hacker wirelessy compromising your commlink can do with it whatever he wants. If you're dumb enough to slave essential cyberware to the link, he now has access to that ware as well.
In both situations the commlink is securely wired to your brain, with the (wireless) link itself being the only angle of attack.
Where's the difference exactly?


Close, but not quite. Spoofing basically tries to tell a system that you are someone that has the right to give orders to the system, so it better listens up. There are ways to communicate that simply are impossible to spoof, however. The one I talked about is a commlink connected to your jack set to "don't accept any wireless orders, only listen to those order coming up through the cable". Even with the abstraction in the SR-rules, a basic point still remains: For any spoofing attempt to have a chance of success, there has to be a legitimate way to fake. If the link is set to ignore all wireless traffic, not even FastJack can hack it via wifi.
Imagine a door secured with a passkey system: It doesn't matter how good the passkey forger trying to enter is, if the door simply rejects every try as there isn't actually a "correct" key. There's nothing to copy and no way to trick the system.

If the cluster is slaved, it accepts connections from the master only. What you want is routing however, not a subscription (connection), and that is currently automatic (as subscription attempts are forwarded to the master).



Some other points:
- the device rating table is a shortcut. If the shortcut is wrong, it is wrong. A device without wireless adapter is a device without signal rating.
- the datajack gets some unique abilities in the Unwired section on hacking cyberware. I would just kill the offending sentence, and work out optional wired connections (missing from Augmentation) using common sense.
- attacking a brain is possible if the brain-owner is also a SIMsense user. Blackout/Black Hammer + Psychotrope Option.
- there are earth-shattering advances in computing power and math, RL knowledge is completely invalidated.

So you missed the part where it said "Example" at the top of that column?

The entire Device Rating rule is an abstraction, meant to heavily simplify the rules for an aspect of the system that just isn't going to come up all that much. All abstractions require common sense from the GM and the players, not people pointing at a table and saying "Look, it says it here so it's RAW, you cannot argue with the RAW."

Yes, "provides". You can have a direct neural interface that way, you don't have to. It doesn't say "that happens all the time and there's nothing you can do about".
A gun provides you with a means to kill people at range, still not all people drop dead as soon as they come into sight.
A commlink provides you with wireless access to the matrix, but you can still switch it off.

I'd have to go through my books to find it. I don't know my understanding is that just because it has a device ID doesn't make it wireless. Likewise, I didn't believe bone lacing supports wireless.

More importantly, if you can explain to me how any red blooded male - even in a fictional universe - would allow open wireless onto a penile implant, I'm all ears.



I'm not talking about the ability to hack it so much as I am the ability to connect. Hypothetically if I slave all my cybernetics to my datajack and make it so that the datajack has wireless disabled (presuming it even has wireless, which I don't believe it does) that means the only way for someone to hack it is to connect directly (i.e. with a cable) to my datajack. The datajack itself may still be hackable in the strict sense, but if you cannot connect to it then you cannot even begin the hack.

It's like me saying I want to go racing on a freeway at 200km/hr. If both ends of the freeway (and all entrance ramps) are closed off, how can I get on it and speed?

It's a pre-existing condition that must be met in order to pull it off.

- J.

Actually, it does, as this is the attacker's perspective, detailed under 'Hacking Cyberware'.

Oh, I can already see a way to beat that one. Computers don't distinguish incoming signals by type, they do it by port. If it comes through a wireless port, the computer thinks it must be wireless. Spoof a signal so that the port ID is changed, and you're in. I pulled a similar trick when I was setting up my laptop to receive wireless.

If you want to discuss house rules, then propose one. Several people here have done just that. But don't go saying: "The rules don't work that way!" when they do; and especially don't follow up that with: "The rules are great, if you use common sense and fix them!"

So, do you have an easy house rule, non-arbitrary, to determine which pieces of cyber get Device ratings and which do not?

Color me confused, but isn't that the same thing as physically turning off the wireless?

there's this silly nanite stuff that allows to turn on wifi, even if it's been switched off by a hardwired physical switch right?
i can see it now, the market for second hand beta cyber that is in good shape but before everything became wireless will boom ^^

Yes, sorry - I just realised I misread your earlier post.

I thought you meant that with it disabled you can still hack it. My bad. Not enough coffee.

- J.

or get your gear with the wireless never installed (BBB pg 304):

*massive amounts of face-palm*

Do you honestly believe that everything comes down to RAW and "House Rules"? Is that actually how you run your games? Why even bother to have a GM at the table at all? You could have a computer run the scenario. The entire point of roleplaying is that there is a GM whose job is to make judgement calls when needed. Rules are a guideline, a structure, and often the rules are deliberately simplified, because the designers made the (apparently ludicrous) assumption that the people playing the game actually posessed some kind of common sense.

Do you assume that everything in the Shadowrun world is weightless because they didn't include encumbrance rules?
Do you assume that every human in the entire shadowrun world walks at precisely the same speed just because they abstracted movement rates?
Do you assume that cars can't actually fit people in them because they didn't include specific passenger amounts (or the converse, that 500 people can squeeze into a mini, just because they never explicitly stated that they can't)?

Sure, you can try your hardest to take the most literal, most useless interpretations of statements from the rules taken out of context, but why bother? All you're doing is making the game less fun for yourself. It's not "house rules" to understand what is explained clearly within the text; that certain rules don't model exactly how the reality of the setting works, they just model it closely enough for most purposes. The stated intention of device ratings is that they be a rough guide. The rules explicitly state that where required a GM should give a device more detailed stats. As with all of the rules, the application of common sense is the underlying assumption.

My issue stems from the singular assumption all cyberware has wireless and it is enabled by default. This is explicitly stated/inferred/whatever - I don't care.

If I really had to, I'd go through both Augmentation and the BBB and cover every single piece of cyberware and house rule whether it comes with wireless. I'm hoping it won't come to that.

On a side note, I have explained to my runners that cyberware can have the wireless disabled but by default it is enabled and can be hacked. They all know this.

What's hillarious is they haven't said they're disabling it - despite a) full knowing of the consequences and b) being IT guys who are well aware of the risk of wireless networks hahaha.

They've just assumed its disabled. Nope, I'm not going to tell them again. That's the problem with assumptions - they make an ass out of u...

- J.

Welcome to Dumpshock.

Seriously, now, we're here to discuss the rules of Shadowrun; but if we just assume our interpretation and house rules are the correct ones, we'd have no common ground. So, when discussing a rule here, we have to start with the Rules As Written, then make our way to Rules That Work.

I quoted the RAW. You don't like it, fine. Tell us how you'd fix it. Or, say it's fine the way it is, I don't really care. But don't go waving around "common sense", because everyone's got a different version of common sense. I've lost count of the "common sense" fixes for the Matrix alone, many of which contradict each other. For example, someone earlier in this thread explained how it was "common sense" to have wireless bone lacing: it's loaded with RFID tags, so you can check positioning and alignment easily.

Fact is, the book makes it pretty clear that just about everything has a Device Rating. How you deal with that is a matter of personal choice. But it's definitely not "common sense"; someone here (a developer?) argued that wi-fi underwear was perfectly acceptable, because it'd tell the laundry machines how to wash it. Go figure.

You may have to. At the very least, most cyber is going to come with a RFID tag or two that holds technical specs. And each RFID tag has a Device rating of 1, making it a full-fledged node. It's not hard to remove, but it will have wi-fi capacity.

Wearing my technical hat, that shit can be as fancy as any cybertechnician/architect/GM wants it to be.

I could argue that a penile implant to be telescoping up to any arbitrary length sine the length can be specified by the subject. Hell, make it go for ten feet and have it double up as club as well if I want. Why? Because I can choose the size. An blunt object of random size wielded counts as a bludgeoning weapon under the improvised rules. All 100% legal and by the rules.

Now if a GM did not bitch slap me for trying that, I'd bitch slap him for allowing it.

Its a fair point you make - but some stuff like emotitoys offering +6 dice to rolls that should never be happening is madness. Please don't tell me common sense doesn't enter into it there.



Wifi isn't a catchall solution that solves all technical issues with a wave of a magic wand either - which is how it is being touted in many ways.

That said, if you don't like the use of the word "common sense" call it "house ruling" or "GM fiat". Whatever. I don't care.

But RAW is the start, not the end.



The group I game with live and die by house rules. We're just shithouse at recording them unfortunately (but we generally remember them all pretty well). Our D&D 3.5 game needs a couple of notepads so we can start record dot revisions for all our changes (e.g. D&D 3.5.1).

- J.

Emotitoys is another can of worms. But the fact is, a in-depth reading tells people it does just that. If you don't like that, fix it in your home games! Just don't assume that everyone agrees with you, or even knows that's how you feel about it. Their common sense will tell them one thing, while yours tells you something very different.

Agreed. Here, on Dumpshock, RAW is the start of every rules discussion. We need that, in order to have common ground to discuss things. Someone discussing the literal RAW is not flaming, he's setting the grounds for the debate.


That's great! It works for you, keep it up. When I was a Missions GM, however, I had to stick to strict RAW. And some people here like the RAW, for all its flaws. If you come in assuming we'll accept all your house rules because they're "common sense", all you'll do is start a fight and cause confusion.

Since you're a RAW guru, please verify whether or not I can use a telescoping penile implant as an improvised (clubbing) weapon.

- J.

This advice also applies to "common" house rules too. Assuming that the house rules you have implemented is something commonly used can cause much confusion too. Some people come to the forums and post their house rules and ask for "constructive criticism", sometimes what these people are looking for is actually praise and agreement. And anything that actually criticises their house rules is negative.

Like Cain said, don't assume that we know what your house rules are. Assumptions makes our discussions more fruity than fruitful, more so than normal. Except that I am of the "RAW is the start and the end" school.

I would think that you could, but I would turn off the nerves in it otherwise...

PAIN EDITOR !

- J.

Isn't a penile implant cybernetic?

Response may be NSFW.

But if you really want to get technical, when you're fighting in unarmed combat, the book makes no mention of which appendage you happen to be using. You can go knees, elbows, or even headbutts; why not other parts of your body? Also, I've been reading a book called "American Shaolin", which describes Iron Crotch Kung Fu. Make of that what you will.

Incidentally, I'm not the RAW guru. Toturi is.

We'll have to agree to disagree then, as even rereading that exact section I don't see how the provided DNI-access is even remotely implied as being unavoidable or impossible to disable. It just states the usual occurence of the datajack of joe normal-no-idea-of-system-security on the streets.

Long-distance blowjobs from your distant girlfriend, of course!

The problem is that it invents a whole new attack vector for datajacks only that has no way of fixing except removing DNI from implants. Which, frankly, isn't an option, so datajacks are neither.

The critical information from "hacking cyberware" is not that you can access all other implants from the datajack, but that this access is a question of DNI.

The former SOTA was datajack--DNI-> brain, datajack--wires->other implants. Now it´s datajack--DNI->other implants.

Consequence: DNI is now a biological implant network, instead of a dedicated brain-implant connection. That state is a believable technological development, but suffers from the lack of a DNI definition (main book: DNI = brain-implant, optional wires). The easiest fix is just cutting the sentence that gives datajacks access to DNI devices. You now have a consistent state of DNI tech, but also unhackable implants.