QUOTE (Bignaffer @ Jan 21 2010, 08:37 PM)
my question about the penalty would be: does abandoning an extended test count as failing?
as for the rolling again being a continuation of the first test i disagree, if i do anything else then i am no longer trying to hack that node and it is no longer trying to find me and would have no reason know the second attempt was from me, i mean the whole point is that it didnt detect your attempt. even if it did, how long should it hold on to the logs from the previous attempt? if i come back tomorrow do the successes stand?
As for the extended test, yes. The extended test's success is measured by it's completion. Not completing it is failing. You try the same test again on the same thing again and you're subject to the -2 penalty. I'd say if you tried the next day no, as the rule is intended for successive actions. How long you'd have to wait is a GM call.
To the detection:
Just because YOU abandon trying to hack the node doesn't mean IT abandons trying to detect you. It knows your there the moment you start hacking, it only detects you as unauthorized when it passes it's analyze + firewall (stealth) extended test. Till then it considers you a user trying to log in, but it's keeping a record of suspicious activity.
Here's an example:
Your at a convenience store with the intent to rob it. You're non-violent so you want to just nab the register drawer next time it's open, so you start to hang around and make your way to the counter. The clerk starts to get suspicious of you since it doesn't look like you're shopping and you're taking a long time. So you leave, cause you're no fool and know you've blown your chance. But then you come back an hour later wearing the same clothing and try again, only moving faster to the register. You think he won't be just as suspicious of you since you were gone for an hour? A day wearing the same clothes?
Now, change the clothes and put on a baseball cap (spoofing a new access-ID) and he doesn't recognize you and therefore doesn't associate the suspicion with you anymore. You're free to start fresh.
Anyhow, it may EVENTUALLY clear the log, but that would be set by it's security procedures and thats up to the GM. Could be a day, could be a year. Heck, doesn't HAVE to clear the log EVER given the crazy amount of storage space in that day and age, and why not keep a record of suspicious activity?
If I were a security spider I would automatically back up the log to several locations every hour and routinely check the active log to see if any were removed for it as well. Any suspicious activity that mysteriously disappeared in the ACTIVE log compared to the back ups means someone was trying to cover their footsteps, or if someone deleted the log entirely to hide actions just taken I still have my archive of banned users, exploit holes used, etc instead of losing all that valuable info.