I've been thinking about that Authority system, and I do like it a lot. It gets rid of the clunky "low-level" business of trying to define the meaning of having various account privileges. It also helps move beyond specifics of RL-hacking.

I'm not entirely happy yet though. It still runs the risk of being a sub-game. Chopping it up into "macro-hacking" which is like legwork, and "micro-hacking" which is done at combat speeds would be a good step.

"Warez" is also an issue. While I want to make equipment and SOTA matter somehow, rating commlinks 1-6 is dull and results in everyone having rating 6 commlinks. Like medkits. Also, software has the free download issue. And even IF you have to pay for it, you'd still have access to a much bigger and faster market (the Matrix) than possible for physical items.

For hardware, I'm thinking about making them rather like guns; a couple of traits like Signal, Response, and maybe some other gimmicks. Instead of just choosing brute power, you get several different choices with each their own advantages and disadvantages. And I want cyberdecks to be one of those choices; more power, but bigger.

For software, I'm inclined towards abstraction; programs shouldn't necessarily be a kind of "gear". Anyone with Data Search will have programs. Only MacGuffin programs need mention, because they enable unusual hacking "maneuvers". All such programs will also invariably have unusual hardware requirements and/or copy protections that can't be easily circumvented.

Good plan.

System would be your "Computing Power" (eg, Requirements: Computer Power Rating 3+)
Response would be a modifier to effective lead. Aka, even if the system has +4 more Authority than you, but your Response is 2 higher, the effective Lead is +2. At least that's what I'd do for determining how long each hack action takes, higher lead more time. Better response, lower lead, less time per hack action.
Signal would really only be applicable in a wireless matrix.



Personally I'd run with a "you have software X or you don't." Eg. "do you have a medkit?" not "what rating is the medkit?"

I suppose another comlink tidbit might be how many programs it can run at once (unrelated to response), so if there are 6 "this hack action requires [program]" actions, no comlink could ever run all 6 of those programs at once. You'd get maybe 3, which would limit your options between hacking moves depending on your strategy.

i was reading unwired again, and the section on pirate networks is interesting.

lets say you have data search 4, browse 4. you can buy 2 hits, which means you can find a new pirate network in 4 days. once you find that network, you could find and purchase (at 10% cost) your programs in a few minutes, as the interval is then by the combat turn. spending 600 for a rating 6 hacking program after about 9 combat turns of searching is a good deal. an even better deal is how easy it is to find optimized, virus resistant ergonomic versions of those programs. sure the GM fiat thing comes into play here, but a lot of stuff makes too much sense not to be there.

honestly, i cant see any reason under the rules in unwired to not just charge hackers 10% of cost for programs and raise availability for programs to something like 20. its fairly simple and cheap to load a deck up so that the only question becomes how loaded programs impact your matrix initiative. this makes dicepools a lot easier to deal with in general. skill 4 rating 6 with +2 hot sim and +2 enchephalon 2 makes for some fun hacking rolls of 14 dice. and starts to make the fetch module seem a little bit redundant.

I'm wondering if we wouldn't be off not bothering with specific programs altogether. And dispense with tracking how many programs you can run and all that.

Just your Attribute+Skill; modifiers as dependent on what you're trying to do.

You have software; we don't care what software. If you have hacking skills, you are 99% likely to have hacking software.

I can't agree with this more. While the system of using programs and combined ratings and deck stats... etc. are fun for number crunching, in the new system where you can pirate everything *cheaply* if you're a regular hacker... why bother? Up the prices on 'hacking comms' vs. standard comms and you've got the same price impact on starting hackers as you do otherwise, which is the only real restriction.

I like the idea of the authority point system, and it works well with the IP system, I think, with some tweaking. Not that SR can officially ever steal directly from Spycraft, but with enough rewording...

I'm working on a writeup right now (on and off around work), but one of the things I did was give AR hackers 2 IPs, always, and VR hackers 4, always. This averts the issue of a drugged up AR hacker being better than the VR hacker.

I'm also using a hacking time table based on Lead like in Spycraft, though I've severely lowered the interval. At a lead of 9 it's only 10 minutes between each hack action. Down where players should be, Lead of 4, its down on a minute or less (VR hackers use "half the listed interval" because they get 4 actions in a pass vs. the AR hacker's 2 so it averts having to list everything as a number of complex actions, while not penalizing when the interval moves to "minutes").

That's why I kind of wanted to reduce everything down to a hacker commlink. As far as what was said above about everyone running a commlink 6, they wouldn't if it cost a half million nuyen or whatever. We're spoiled right now on a 10k maxed out commlink.

I'm just tired of the super granular matrix rules which are just enough real-world and detail oriented to encourage common sense, yet abstract enough that none of that common sense applies.

I also wasn't inferring that the above rules were all there was to hackers. I have no problem creating an extended system for legwork and adding other goodies into the bag of tricks. But that's not the main problem. The main problem is that the current matrix rules are crap and need a complete overhaul. I see where they were going, and I liked it, but under the surface the mechanics just don't strike me as fun or balanced.

Oh, and spycraft 1.0 *was* published under the OGL. That might open up some bits and pieces of it for licensing/cribbing. I'd have to read the OGL agreement at the front of the book to know for sure.

I just borrowed Spycraft, I'm gonna check it out too.

There's also the concept of core vs. secondary rule books, which has fed SR for years. Thinking about this from a publishing perspective (instead of the home-rules perspective which we're currently discussing), imagine the core rules being this simplified set and the redonkulus matrix rules self contained in a secondary rulebook with a giant "Optional" stamped on the cover.

Why? Because, well, I still love the old SR2 matrix rules, the full out node dungeon, the number crunching and deck building and software programming and... well, you get it. It's just a different game. It's like randomly shoe-horning in a Star-Fox sim into the middle of a shadowrun. "Okay, your pilot hops into the simulator in the middle of the building and has to get a score of 1000 to turn off security..." "Wait, what? Who wants what on the pizza, I'll go pickup."

I could see legwork being a subset of the skills needed for public venues, and for more 'shadow oriented' ones, it would rely more on their matrix presence... kinda like a 'street cred' in the matrix. I can't see that being difficult to formulate a rule set for and would make sense... word of mouth gets you into Shadowland and private VPN's where you can contribute... and get information.

I think with enough use and abuse on the idea we could come up with a system that would satisfy the geeky gods who want to do a Johnny Mnemonic as well as a system with enough speed and intelligence the Sammy doesn't start doing target practice with gnats while waiting, and can also follow it. I mean, what's the point of being in the spotlight if noone's got a clue of what your 20 minutes of acting does until they finally hear the key words: "Okay, the cameras are off!"

One of the things I have in my new hacking rules is an entire section on how to bypass a maglock:

Maglock passkeys, forged passkeys, legitimate passkeys, duplicated passkeys (mechanically identical to stolen legit ones), and "Break it open already!" Aka "Cut the blue wire."

I even included a bonus to maglock passkeys and forged passkeys if you can get a hold of a legitimate one.

I just picked up a copy as well and while most D20 systems have never really appealed to me, I have to admit that from what I've read so far SpyCraft 2.0 looks like it could be a lot of fun. I may have to get my group to try it after our current SR campaing ends.

Its hard to get my group to switch and try new games, especially if the person who finds it (in this case, me) isn't willing to run the system.

So its unlikely that I'll ever get to try it out.

Spycraft 2.0 is neat, but very, very crunchy. The myriad of little rules are all over the place. Though, as far as d20 games go, it is one of the ony ones I would really consider playing (Fantasy Craft more likely).

As for hacking, it can be problematic, but just like being able to shoot a gun, hacking skills shouldn't only be the pervue of the hacker. Every runner should have computer, data search, and electronic warfare skills - if only as a defensive measure. They should all have the best Stealth program they can find, even if it is to just slow down a tracker. Also, it doesn't hurt if one or more can assist the hacker in taking on the corp facility as the facility is surely of a higher rating than the hacker.

That said, I agree with the attribute+skill+misc concept; it is done for the other aspects of the game, why do this differently? Also, if the highest end cyber/bioware costs an arm and a leg (literally, in some cases) why not hacking equipment?

As for the Medikit example bouncing around, I have already concidered it and have thought of this: Ratings 1-3 (civilian/home kits) = Rating Squared x 100 (1 = 100, 2 = 400, 3 = 900); Ratings 4-6 (Professional) = Rating Squared x 500 (4 = 8,000 12R, 5 = 12,500 15R, 6 = 18,000 18R); resupplies cost 10% total cost of the medikit being resupplied, and have the same availiblity (controlled substances are, well, controlled.)

The same can be done for the programs which could be the limiting factor of the number of successes you can get from a skill check - sort of like the power level of a spell. Increase the costs and availibility which means that the hacker has room to grow and things to shoot for.

The idea of "spoofing as you go" through the corp dungeon, doesn't make too much sense as the sensors aren't what you would be hacking, what they are connected to is. For the most part, runs are "after-hours" jobs, done when the wage-slaves go home (or where ever) so the idea of wirelessly attacking the place is not usually an option - most of that would be shut down at night as there is no one but security there to use it (and you don't want your security guys to be watching p()rn when they should be watching the multi-million nuyen facility). In this case, the previous editions were a bit more accurate: the hacker had to plug into the system on site to do anything. Daytime would be for the very slow poking around to get a feel for the place, maybe learn the types of defenses they will need to deal with and such,a nd maybe slipping in a worm or something to help them on the run later.

I don't really like all the extended tests for hacking skills, sorry, but eventually you give up. I have tied it to the characters willpower; they will only do as many rolls as they have points of willpower before they give up (getting frustated and the like - it happens now, so it would happen then). If they want to force themselves, I will allow them a composure (2) roll, every net success means another roll. Otherwise, I prefer to set a static TN and they roll for that, with me determining how long it took for them to dig up the information, or whatever.

The Authority Point System (APS) seems like it mike be workable, will look into it withmy Spycraft books as well.

The Spycraft system is pretty interesting. It would take several changes to incorporate into SR though.

SR combat is sequential, while the Spycraft system is parallel. That can be changed though. Better initiative would enable you to put up the perfect defenses by delaying your action to see what the lower-initiative person is doing; this is okay if the benefits from matching attacks to defenses aren't too excessive. The last strategy used by predator and prey would remain on the table to affect the contest.

IC should be able to take the place of a spider to protect a system; but it should be better at defense than attacking. If IC loses control of a system, it can't recapture it, at that point you need to call the spider.

I'm thinking maybe the chase analogy shouldn't be taken too far. Having a core war between three different sides should be possible too. What about the following:

- Every "Person" in a system has a number of APs. You need > 0 APs to stay in the system. 10 APs denotes unlimited Root authority.
- Persons can carry a list of other Persons and how many APs those Persons should have. For example, the IC's list says the SysAdmin should have 10 APs, the SysOp 8 and the accountants should have 3 APs.
- All actions require a minimum amount of APs to enact. Otherwise the hardware will not process your instructions.
- There is an action to detect the AP level of another Person. IC uses this to check if people haven't hacked their way up beyond their intended privileges. If they do, they're classed as intruders.
- There is an action (at a lot of AP) to put yourself on another Person's trusted list. With enough APs, you can cause the IC to believe you belong in the system.
- There are actions to increase or decrease Person's APs.

Furthermore, IC can have Logic and "Willpower", but not Intuition. Some actions use Intuition, particularly attacks. This means IC has a hard time attacking foreign systems.

Also, certain actions require special software, hardware, or access to the target system's hardware.


---

As for hacking being doable by other characters...

On the one hand, I might cut the number of computer skills; Cybercombat might disappear, and Electronic Warfare might become Signals Warfare. I'm probably going to merge Computers, Software and Hacking into 1-2 skills, with as the end result a single hacking skill group: Signals Warfare, Hardware, Hacking and Data Search*. That means it gets within closer reach of other "classes".

On the other hand, I'm inclined to increase the basic security rating of most devices, so that you don't quite need to be as skilled for your commlink to be safe. Elementary security precautions (wifi-disabled cyberware) will reduce the amount of risk hacking poses to most characters. A smartlink should be safe if it's set up to be that way.

On the gripping hand, TacNets and drones, which are nearly useless without wireless communication, remain vulnerable.


* Seriously, it took me forever to figure out what exactly Computers did.

Just as an update on how much work rewriting the hacking system is, the write up I have is 25,000 character (including spaces) which, I believe, is just over half of the size limit on a single post (40k characters?). That's 11 pages in Times New Roman 12 point font, single spaced.

And I haven't even dealt with Technomancers.

Nancy Regan had the right idea about Technomancers.

Who?

"Just Say No"

Hehe.

In any case, I think I can work them in. Their living node is just like a comlink, so they lose complex forms and Threading (oh no, whatever shall they do with their Karma?) but otherwise they'd fit in pretty well.

Much, much, much too long and intricate.

I thought the idea was to come up with something that's different to what currently exists, and different in it's use ??
I've not seen discussion and testing - just individuals putting their view forward.

Individuals putting their view forward was about what I expected here, actually. My view is in the opening post, and can be summed as thus: programs shouldn't matter at all, and hacking a node should be handled in a single test, so that the overall action can move along as quickly as possible. My system is a modified version of the rules from GURPS Action 2 (which is what I'm actually using), pitting the hacker's skill against the system administrator's, both of which are modified by the potency of their respective hardware. Personally, I think writing 40.000 word alternate systems, or even writing rules for programs at all, are fool's errands . Don't let me stop you, though.

Keep in mind that I'm not writing a four line fluff here, I'm writing out and putting pen to paper for the actual crunch, including an example, equipment cost modifications (its necessary if software is free and abstracted out), and short (one line) fluff rationalizing design choices.*

The four line fluff is that a hack is an extended opposed test between the Predator and the Prey. Multiple participants can engage on either side (see: teamwork) and vie for control, each round consisting of an opposed check (winner gets a (potentially long term) bonus) and then an option to forgo long term advantage for short term gain (for example: sacrifice total control of a system in order to download this file right now). The bigger an advantage the Prey has, the longer it takes the Predator to make the same amount of gain. The better the hardware on both sides, the more they can push things towards being to their advantage.

*For example, as I've made remote hacking impossible as I've broken up the Matrix topology (you don't put your security server on the internet at large, that would be stupid) Signal has almost no meaning, so I made Signal the limit on the number of Agents that can be running in a node. Signal is network speed, each agent takes up a certain amount of network bandwidth or processing, thus Signal is an indication on that maximum limit.

Perhaps Signal could be a double-edged sword in that a high signal allows you to have more active agents, but also makes it quicker/easier for someone on the other end to trace your Signal? Just a random thought.

reminds me of the sr3 exapnded rule where increased bandwidth resulted in quicker trace. But back then a download could extend over several turns.

Not a bad one, but I think I won't go with it, because I'd like it if there was a good reason to take high signal Ratings. I still have to balance traces, I think (they might be taking too long; I haven't sat down and played these rules out yet, just looked at the basic "how long until system take over" or "how long until hacker banned from system"). As well as work out how a completed trace even figures into the scenario at all.

(Random thought was that a hacker couldn't get booted from a system--eg. hacker loses--until a trace was completed, but that means that the hacker would always win: breaking a trace is much easier than completing it! Not to mention that a good hacker (rating 6) gets full system control of a mediocre system (rating 4) in 4 hacking rounds* or about 12 seconds).

But I'll consider it. Might make it "number of agents in use" rather than full signal. Agents don't grant that much of a benefit to attacking a system, so having traces get a +1 bonus isn't that big of a deal, where as +6 (for having the possibility of 6 Agents) is kind of suck.

*For comparison, a rating 6 system beats a rating 4 hacker in 3 hacking rounds, or about 72 seconds.

I've been working on it, but writing up a solid system is pretty hard. I was getting quite a ways when the Spycraft idea landed, and it turned around a lot of my ideas.

My objective is a Matrix writeup of about 15 pages, including fluff, core rules and gear. More than that and it's just bloated.

part of the problem i have with the current matrix rules is the layout. its much too scattered about, so you have to know what your looking for in order to find it. the way the art breaks up parts of the matrix section in the old main book dosent help (dont have sr4a yet). really, the problem is one of clear technical writing. Although i would love to see someone do a pictograph for matrix rules like the instructions in a new computer or printer.

I think it'd look something like this.

Looking into this I need to decide how long it should take a trace to complete between an evenly matched Attacker and Defender, and if it should take less time or more, when the system would win outright (eg. if the system has a 3 dice advantage over the hacker and a lead of 6,* it will take 4 rounds to "on average win outright," so how many rounds should it take a trace to complete?)

*Hacker has hardware/skills of 4, system has hardware/skills of 6

What I'm currently having difficulties with is Stealth; how to handle the system detecting your intrusion?

Right now I'm thinking something along these lines:
- Every actor in a system has an Authority rating
- The system knows how much Authority everyone should have
- If you have more Authority than you should, you're an enemy
- You can pretend to have less Authority than you really have, to avoid detection

- Every action requires a minimum Authority to pull off
- If you do something you shouldn't have enough Authority for, the system flags you as an enemy
- You can pretend a) it wasn't you, or b) it didn't happen

I'm having trouble putting this into an elegant rule though.

I personally have trouble understanding how that works, really. Would need to hear the fluff on it.

Authority is like Lead, but I wanted to set up the system so that it works for 3+ way struggles too.

Authority abstractly represents how much access you have in the system, to both hardware and software resources and targets. High Authority means you can access more.

One program in the system, called Master Control Program, has a Friend List with on it how much Authority people are allowed to have. For example, the Admin is allowed to have Authority 10, the MCP 9, the Spiders 7, the CEO 8, the Wageslaves 2 and nobody else should have Authority.

If you hack into the system, you try to gain enough Authority to access whatever you came to get. If the MCP notices you have more Authority than you should (more than 0, in this example), it classifies you as Foe.

But how does it know that you AREN'T the admin?

Well, it can't be sure of course. The MCP has a Friend List; if you're not on the list, you're not a Friend. However, if you hack the Friend List, the MCP will believe you're a Friend.

Of course, that's not supposed to be easy. It's comparable to winning the dramatic conflict in Spycraft terms, or installing an effective rootkit.

Of course, if you get enough Authority you should be able to put yourself on the friends list. Conversely, if you enter the node with a certain Authority gained from an authorized users access*, then it should believe you are that user until you do something that would make it think otherwise.

How you got that can be a fun encounter using the rest of the team.

That's the general idea, yes.

sounds like basically recreating the account levels to me...

It does, which is why I'm not sure about it.

My system doesn't have a "log in with a legit account" clause yet, but I'm thinking that that would start the player with bonus Authority Points and get to do so much before the system starts fighting back.

Afterall, knowing who's a legit admin and Black Bagging their account info should give you System Control outright.

I know, it's still a bit "heavy", but at least it's not as annoyingly vague as Account Levels. The problem with those was that there was really no description of what exactly they could and couldn't, or how you could take permanent control of a device.

In my system, logging in as someone on the Friend List (such as the Admin) immediately starts you off at the Authority level they're supposed to have.

i think the problem is that if one went with detailed access levels, there would be a group of players that would not use the rules as they where to "heavy".

but now, there is a different group that do not use them, as they are to "vague".

The account levels were also allowed to be left vague because on a simple device, admin would give you godlike abilities, where as on another device, admin might be locked down to a few specific actions (like not creating new accounts or removing existing, shutting down/turning on IC, etc), and you'd need a specific accessID to do the heavy security work on the item.

I think that WO has it right here: generally speaking the different administration levels have much in common, but in practice one in node A could be quite different from one in node B in what it can do/allows. So long as, when you (the GM) design the node, you dictate what each level does in that node, it doesn't truly matter what you call it. The original problem/idea wasn't access levels anyway, but the "seperate world" situation for hackers.

I truly don't think there is an easy fix to this problem, not if you plan on keeping any level of "realism" in your game. It is just up to the GM to do the best they can to incorporate it to the level their players want and not let it bog down the game - but that can be said of any single element in any RPG. An astral mage can really cause things to bog down, and the mundanes and adepts (usually) don't have any chance of interacting with them there. At least with hacking, the others with the right equipment (which isn't expensive) can go VR too. (Not that they can do much to help without the proper skills, but they can be there....)

Among other issues. But I think I've managed to address them quite well. On at least a close-to-even match up (between a hacker and a system) the entire thing is resolved in as few as 3 rolls on each side (depending on what the hacker needs to do).

As an added benefit, the GM can design how a system responds to a hack. So rather than "it calls in meat security," it can only do that under certain conditions (a certain level of threat, eg. Lead is less than Firewall, meaning that the hacker has attempted to compromise the system AND the system is losing, or it can call in IC--grants bonus to the system--or activate a trace--grants a bonus to calling in security, or...).

a system level script?

or maybe the tally optional rule from unwired? Basically the same system that SR3 used (and first showed up in VR2.0).

or scratch that, i see the tally system suggested in unwired is much more simplified then the one in SR3.

the system in SR3 was that as the tally for the hacker built up, various countermeasures where brought into effect, such as IC or alarm levels.

This, more than anything. Of course, the scripts would be simple enough that the GM could make them up on the fly. There are really only 5 Defender-Only options (most with prereqs) and 3 Anyone options (one of which is a +0 mod, no advantage, "just go" option). So its not like there are too many choices, but you could have systems that never initiate Traces or some that will try to load more and more IC.

I admit its a little scarcer than I'd like, but it's a solid starting point that contains a minimum of 3 possible options for both sides at any given moment that should be balanced against each other (things that have better long-term advantages have a DP penalty rather than a DP bonus, for example).

At last! I offer up my own attempt at a revision to the rules.