My question is fairly simple: we know that an Admin account can kill privileges even to itself. When two Technomancers duke it out in a Bio-Node, is it a viable tactic to go after an Admin account (likely the only one) and start cutting privileges?

This is just one of many questions that come up for combat in Bio-nodes. If, for instance, the answer to the above question is yes, how can a Technomancer fix the damage? Since it is all meditative thought forms and the like, would a simple reboot do the trick? I noted in a previous thread that it states the interval for a Technomancer is an hour per attempt at the Extended test as per SR4 core (rather than SR4A, which apparently had no specific text on Technomancer reboots). It said a reboot would reset all matrix attributes, which suggests damage to Complex forms and the like.

Any opinions on the matter? I may need to reason it out soon, due to an upcoming session where I'm sure two Technomancers will go head to head.

I'd imagine that a TMs account to their own node would be 'hard coded' in, and could never have its privileges altered. They could maybe do stuff like cut connections, or get into a TM's other stuff, and I suppose they could nuke it to drop down response and eventually crash the bionode.

TMs are immune to Nuke and response degradation. I personally don't think they should be, though.

Hmm, they are? I don't remember that. Well, can still cut connections to stuff and generally make the other TM unable to do anything besides come onto the bionode to kick you out.

It would have been interesting if a TM's response was based on their willpower.
I still find the idea that someone can come in and hack a tm's brain seems a little weird. it's their brain, they should be able to boot you out fairly easily.

Technically, it isn't their brain. It states that the Bio-Node is distinctly separate of the TM brain, so another TM cannot 'mind control' another TM.

And they can boot others out easier: they have the home turf advantage of a hacked system.

Yeah, which all in all raises the question of why you would really want to hack into a bionode. I mean, think about it, the TM could cut off their wireless for a second and give the invading TM dumpshock, and there isn't a heck of a lot that the invading TM can do in the bionode. No files to mess with, can't crash it, can't crash CFs, etc.

It's like "Congratulations, you've successfully broken into the empty room."

Depends what you do in there, I think. It may be possible to put a Dissonance virus in, for instance. Besides, if you go in swinging with Blackhammer or Blackout Complex forms, you can prevent the other TM from immediately forcing Dumpshock on you. Also leaving a few Sprites might be brutal.

It might also be a good argument for saying you can mess with privileges: break into the Bio-Node and you can hurt the TM badly.

Yeah, dissonance could be bad, but normal TMs aren't much of a problem.

Blackhammer or blackout doesn't help the invading TM any. Defending TM notices that there is an intruder, shuts down wireless, intruder is gone. You can't use blackhammer/out on a node directly.

Few sprites could indeed be a pain though.

Sorry, edited my post above real quick. I'll include the line here as well: "It might also be a good argument for saying you can mess with privileges: break into the Bio-Node and you can hurt the TM badly."

I meant if they are in the Bio-Node at the time. It can be risky, but Dumpshock will go away in a few hours. The potential payoff may be worth it if you ambush a TM.

Poli is Greek, by the way.

I know, it's a quote.

And yeah, it is an argument for that I suppose, but that seems a bit too powerful... I'd rather allow them to use nuke on each others bionode. Are you sure TMs can't get hit by it?

Also, seems weird that admin accounts can modify each other, but I suppose someone has to be able to delete the old CEOs account after he gets voted out.

Ah, all right.

Linux is a good example: if the Admin account has the privilege to change its own privileges (which it does by default), it can make it so it cannot perform an action. If you tell the root account to delete vital files, you kill your OS outright. It isn't overly powerful due to one fact: the savvy TM can set the Admin account to be unable to change privileges and thus completely negate that attack. So it makes for a great one time wonder against a new player, especially if you allow them to regain their privileges with a complete reboot (since that seems to rebuild the Bio-Node from the text).

Yeah, I forget the page, but it does specifically say under Nuke that TMs are immune. Of course, a GM can always take the option to say that isn't so. There is a sidebar in Unwired that suggested a number of things TMs can be immune to which I disliked, so I decided not to run with it. I did keep Nuke as unable to touch TMs, since it made a sort of sense to me.

Removed because of redundancy.

It might also depend on how one sees the Slaved comlink rules, I guess. That might be an advantage as well.

Restricting account priviledges is something people like to point towards as abusable on dumpshock a lot. Its a good defensive strateg, but, personally, I don't see why restricting priviledges for legit accounts would do anything for a hacked account.

Just about every Greek word has a Latin copy. Latin was even more of a lexicological thief than English is.

Maybe because you dont just great a new account out of thin air when you hack in.

Wait I thought the Bio node was realted to the hackers physical mind. So to me that means it is also causing mass distraction and pain as the user is in there. So what are the IC measures a hacker should have other than a tranq patch to knock them out when such a thing happens?

I think It should be more along the lines that there is no admin level accounts in the Bio-node but ever bit of damage slowly damageable his thought process. knocking him to unconsciousness or causing slight temporary mental quirks.

Jolly skull

You actually do. Thats what Hacking on the Fly is. Its creating a crack in the firewall to get roughly the same priviledges as a -real- account, depending on how far you worm your way into the system.

There's also other ways to get on the system without an account/passcode at all (hidden access points).

Per unwired, Probing(instead of hacking on the fly) can instead uncover existing accounts, other people's backdoors, or resusable exploits. There's more than just four account types (standard, security and admin. People often forget about Public).

So yeah. Thats why I think its stupid that restrictions to legitimate accounts automatically apply to illegal access to a node. At best, its a speedbump - its entirely possible to make new accounts with a complex action (legitimate accounts, unwired) which wouldn't have any restrictions on it. Is there any reason at all a hacker couldn't take an opposed Hacking test to force the system/node to take a restricted action it wouldn't normally say 'Yes, admin, you have the priviledges to do that' to?



Thats not how it works. See Roleplaying Biological Node Hacking, unwired 136.

Even if you create a new acount out of thin air its still some kind of account, if admin acounts cant do somethink, it doesn't reaally matter whether your using an existing account or creating a new one, same limits ably. If you limit account priviledges at a deep enought level, then only way to get past those limitations is to instal a new OS.

Yeah, I don't think so. Can you quote me a rule on that?

It isn't in the rules, it is just well known among computer savy people. You can adjust what an admin account (as in any account that has 'admin' privileges attached to it, including those created later) can do, and it is (or was) possible to adjust the admin account so that the admin account could no longer adjust anything. This was generally done by mistake and considered a design flaw, but if you were trying to make your computer more difficult to hack, you could in theory set the admin account to have limited privileges, and thus getting access to it wouldn't do much. The problem with this method of course is that a 'real' admin can't do anything either.

So basically you mess up your ability to do important things with your computer/commlink in an attempt to mess up a potential hacker's ability to do anything. This doesn't really work outside of a personal computer though, and even then it can be a huge annoyance.

It's basically a "I'm so paranoid that I fire an automatic shotgun through every door and around every corner to make sure no one tries to ambush me." level though.

Which is why Hackers will be one of the only ones to really do it. Or Spiders in the case of Drones and things of the sort.



I do think so. If the admin has no way to get to it, that means it is isolated and unable to be accessed. You can seriously damage your OS in this way. Like reformatting your main disk drive: you really don't want to do that.

In any case, even when you hack on the fly you tend not to create a new account. You break into the privileges of an account. Probing the target is just being more careful about it. They're the same thing. In the rare cases that you do create a new account, it still follows the rules and privileges of its type, which is why, in both cases, you have to choose normal, security, or admin account (it isn't impossible to create a new account. Sometimes it is the one, and sometimes it is the other.)

Okay, so a hacker can always take Hacking + Blank tests to force a system to do something (opposed by system+firewall).
Why would making a specific action not possibly for any account type, even an admin, stop a hacker from brute forcing it?

Cause, really, the actions you take when hacking a node are something like this
Hacker> I want to do Blank. (like edit some the access log)
GM> Well. You're a basic user, and you don't have the rights to do that. Roll opposed hacking +edit.
Same scenario:
Hacker> I want to do Blank. (like edit some the access log)
GM> Well. You're an admin user, good job on your hacking role....... and you still don't have the user rights to do that.
Hacker> Well. Shit. You mean the node won't let admins just take that action?
GM> Yep.
Hacker> So.... hacking + edit vs system + firewall again?
GM> Yep.

Read above. Basically, it comes down to this: if the Admin can't, no one can. No amount of hacking will allow someone to access something like that largely because hacking is not magical. It follows logical codes and exploits in a system.

Think of it like a road: if the bridge is out, you're not getting to that place. Not the best metaphor, but it suffices.

EDIT: Your ninja edit is strong. In the case of basic user, the privileges exist, just in another account. You temporarily play with that. In the case of admin, if it isn't there, it flat isn't there. You can even erase the privilege entirely.

This is not to say it is impossible to deal with: if you want to get in and regain that privilege, you might be able to program something that you load into their system, potentially something that emulates the privilege and that you load through the admin account. There are ways around it, but running into it with no such preparation will cause you to hit a brick wall.

I have to disagree with you there. Removing a priviledge is a lot like using a computer in a university computer lab. You can access the internet and print, but if you try to, say, run minesweeper or solitaire you'll often get a big red popup message saying something like 'YOU ARE NOT ALLOWED TO DO THAT. Hit okay to close this error box, and consult your network administrator'. Or other functions, like, say, the control panel.

And removing priviledges from account types works like that. It doesn't matter if a priviledge is removed from an admin type or not. The point is, when they try to take a restricted action, the sytem says 'no, you're not authorized to do blank'.
What SR hackers have is the ability to go 'no, fuck you, hacking check, work you POS' to cut through the crap of the system saying no. ( this is also the mechanic they rely upon when an active Alert has been triggered on them).

The only difference the system automatically saying 'no, you can't do that' is it forces that check sooner. To steal your metaphor: Think of it less like a road, and more like a bridge: Someone chopped out the road, but the button you want is still there on the other side. You just have to convince gravity to let you fly over and press it it. Thats hacking.


You interpretation opens up so many holes in the matrix system its not funny. 'Oh, i'm sorry, this node doesn't let anyone log out. OOPS' 'oh, and you can't Jack Out either. My bad'. 'Terminate connection on yourself? Clever, but we disallowed that too. '
No, it pretty much turns the matrix into a sea of wankery, GM dick moves, useless rules, and a 'ha-ha, i outsmarted you loserfest'. Do you really want to put that capability in the hands of a casual player, who, with a little bit of brainpower can make an unhackable PAN?

Besides, if something's deleted, it'd get auto-patched back into functionality. Or a new account made with unaltered, intact access rights.. Or, heaven forbid, someone clicks the Factory Defaults setting.

And I say again: If you think user right restrictions work like you say they do..... then prove it. I don't care about real world networking - this is a fantasy game of fictional game mechanics. Reality has nothing to do with it, so whip out Unwired and put your page numbers where your mouth is.

Then I ask of you the same. Because there is a story that supports my argument in SR4A core at the beginning of the Matrix section detailing how Netcat and Slamm-O could not force a Drone to do something because it no longer had the privilege. So, yeah. There you have it. No need to be rude, my friend.

If you want an example that makes our case and breaks yours, you can find it there. At that point, no amount of arguing from your side can say a hacker can gain access to a privilege that is denied to Admin.

Otherwise, you have to make it so the system still works. Even the most paranoid Admin will not kill their system. If they can't log out either, then they run into some major problems. Or they could just do a hard reset and take dumpshock. Hell, IC does exactly that.

The fact of the matter is that a hacker can always hack in: if there is an account, they can get in. If you want that PAN to do anything, you have to have the privileges to do it. A GM cannot be overly dick with these things because the people who use the system have to be able to do things with that system as well: what is true for the one is for the other.

I'm trying to figure out exactly how your university example helps your case. Of course, it doesn't if you say real world networks have no bearing and since there is an example of why it works the way Karoline, Max, and I have been saying.

What this tells me is that you have never really worked with computer systems much. If you really want to know, get a computer you don't care about, put Linux on it, and see what you can do to it.

In the real world you dont even have to intentionally try to fuck your system up, some relatively simple mistakes can mean you will be spending the next houer or two re installing your OS.
One fun, but not too catastrophic mistake is the classic "dissallow all remote acces options" on a computer your remotly accessing, first you wonder "what the hell happened to my connection" and then you go over what you just did in your head and then you smash your head to a table a couple times
Thats a situation for which only solution is to physically go to the computer and re-allow remote acces for yourself, Udoshi seems to be of the opinion that in SR it should still be possible for the hacker to hack his way in remotely, which ofcource doesn't make any sense.

Yeah, exactly. That's an excellent example.

SR4A pg 235 says that the goal of hacking is to create your own account.



If memory serves correctly, there is a way to restore all admin functionality to any Linux OS, assuming you know what you're doing and have the time (reinstalling is generally considered to be faster, and is a lot easier/take far less knowledge). Disabling remote access for everyone will dump everyone and leave the node unable to be accessed remotely, but if the hacker gets direct access, they can still change things. There's also things like Microsoft removed the Format command from Windows with ME, however the Format command was only about 2 kB, so people were able to easily include it in viruses to kill Windows systems.

It's why I said that it wasn't totally impossible earlier: if you have a program prepared ahead of time that you can insert and know what you're dealing with, you might be able to do something about it. Otherwise, considering the situation one often finds out that they do not have access in, you usually don't have nearly that amount of time. It also depends what you do to the system. In some cases you can really fry your system through and through, or completely lock certain privileges. There are points of no return: quite a few of them. My teacher was happy to point them all out.

Hence the need for the hacking software...

After reading through the passage you mention, it doesn't say Netcat was unable to add the permission, just that she didn't have the permission normally. She was facing a spider and hacking a new permission for her account would have made her easier to find (both the node and the spider would have been looking), so it is likely she chose not to risk it.

Not just easier to find: the element of time is very important. To add a new permission, you would need a new program. Look in the book at the rules on coding a new program: it takes a lot of time. You can, as a GM, ad hoc it a little depending to shorten the time, but it would still take at least a full day for some very simple things. Full privileges are more complex. The point there is that you need to also start ad hoccing.

Also important is that the real world has relevance on this system: when it says privileges a security or admin account has access to, it does not specifically list all types of things each account might have, down to the finest detail. You have to either guess if you have no experience in computers, or fill the blanks.

But it does depend, as stated before. If it is remote access, it is a simple on/off. If the admin just shut it off for all other accounts, then get an admin account. If it is completely removed, you can put it back in over a great deal of time. Or, you may be prepared and somehow knew exactly what privileges were cut. In some cases, that is just good leg/guesswork. You can suspect a Spider will cut certain privileges or you may know the Spider's personality. Then you prep a month or two in advance and nothing he does will help.

Hacking a privilege that an admin has no access to is not as simple as saying "I want this privilege". It really isn't. Then you get into programming.

But in any case, this is rather far afield of the original intent of this thread.

What, did you forget where you are?

No, I did not. I'm trying to get the thread more or less back on track.