I was wondering when my hacker goes on his run to start scooping out nodes and such should I be throwing him into matrix intiative each time? If not how do others gm the whole hacking process?

It depends on how critical things are--if the hacker has triggered an alert, then yes I generally have them in actions and Matrix Initiative. If they are just scanning, sniffing, and probing, then I don't use Initiative.

Ok that makes sence. So another question then, when the system gets the free scan to see if it detects the intruder is that a threshold of the players Stealth program? Or does he roll his stealth and the system sees if he gets more net hits to detect?

That's a simple test with a DP of (Analyze + Firewall) and a Threshold of (hacker's Stealth).

Stealth is rolled as part of an *Opposed* Test for Matrix Perception, though.

It's not an Opposed Test, so the threshold indeed is the intruder's program rating. Note that normal matrix perception tests are Opposed Tests, however. So a spider or IC has a better chance at detecting an intruder.

So I need to be throwing IC for security systems more.

That also means most systems out there the hacker is going to break into no matter what with mostly no detection, doesn't it?

It depends, but yes: a solid investment in Stealth means you *usually* won't get detected on the way in.

Yeah, kinda depends. Especially if anyone is foolish enough not to have invested in a good quality Analyze program to run 24/7/365.

But don't forget that odd activity from whatever is hacked can also draw unwanted attention. Considering the "Game Set Match" fiction in the SR4a book, IIRC the University hacker only came to check things out the drone Netcat & Slammo! were hacking was acting strangely.

Just because a hacker gets in undetected doesn't mean he can't F-up later by causing something else that will be noticed.

Game Set Match has multiple rules violations, and still it's the best we get for an actual example of how hacking works.

As far as I'm concerned, we've been given no full system of matrix rules, just a bunch of matrix suggestions.

There needs to be a book that tells players, "this is how you ____" so that there can be actual codification.

What would really be nice would be examples of several different kinds of nodes, the operations they contain at what access levels, and the agents they run.

Well, there's a reason why the most secure systems are called glaciers, icebergs, or other IC-y allegories.

And in every decently secured system, the node accessible from the outside will merely be a gateway from which other nodes can be accessed. Only an intruder who gets past the gatekeepers in that node can gain any value from his intrusion.

@Sithney: Examples of those violations?

I found this very helpful in thinking about how to lay out a Matrix system:

http://pavao.org/shadowrun/miscellany/example_matrix.pdf

Yeah, I know that from another thread discussion on the Nuke attack program, the same kind Slammo! uses on the university hacker.

But the point I was trying to make was that detecting a hacker's activity isn't necessarily going to be limited to just the Analyze program. If odd information starts popping up on your AROs, or that security drone has been standing in one spot for too long rather than moving on in its patrol, it could be a hacker at work. Granted software/hardware malfunctions are also possible, but a hacker still cannot be ruled out, and either way will still garner the attention of a living security person.

The Runner's Toolkit will have the Anatomy of a Shadowrun. That should be very helpful for understanding how the rules and fiction come together.

Any decent node that holds information of consequence (ie paydata) should have at least one IC that runs 24/7 and is loaded with a high rating Analyze program. Load the same IC with Track and Stealth and you have a nasty little IC capable of calling friends in on the hunt.

In an old thread, I designed a few IC that I thought were appropriate for various tasks a node might be interested in. Used in combination, my Ares U-Boat and Neonet Beagle Probe IC are quite devastating. The Probe can ID an incoming hacker and begin a trace-route while calling in a wolf-pack of several U-Boats.

There are also IC examples in Unwired. Convenient, if less optimized.

ok so whats the limit on the program rating a bit of IC can use?

Theres a few things in Unwired which look an awful lot like that document I made.

The Pilot rating of an Agent limits the highest rating of a program that can be loaded as payload.

And as the IC has to run on the node it's in, the maximum rating of any of its programs is equal to the node's System.

Which is limited by the response of the device? Or as Im reading it, the device can still have a high system, but with a low response the system = the response of that node. And if that is the case, why ever have a system higher then your response?

I'm not sure if you're even allowed to run an over-high System (with the intent of it auto-scaling down), although it's not really a dangerous abuse to do so. Just a technicality.

Sesix: you are correct. The only reason I can see for having System higher than the Response would be to plan ahead in case of upgrades or System-degrading attacks.

It specifically says in SR4A that system scales down to the base Response of the node.

Ah, well there you go. I thought it might say that System was *limited* to it.

It does but then the next sentence explains more clearly. Page 222 of SR4A.

On a side note, I think it'd be more interesting if the System were limited by the *current* Response rating. As it stands, Response degradation does nothing except make you marginally slower in Cybercombat, so feel free to run as many programs and subscriptions as you want.

I tend to agree with you. Though that brings up a crap ton of book-keeping for the GM/Player.

It's Decking/Hacking rules. It's always been a metric drekton of book-keeping.

It's also worth noting that should you go by the "current Response" way of looking at it, Nuke is now your number one attack program, as it not only slows down your opponent but also effectively degrades all their programs every time you land a hit.

Speaking of which, why wouldn't you always use Nuke rather than Attack? Just in case you get hit by a TM or sprite?

It's possible you'd have to rebalance some things. I never use Attack in the first place, nor any Cybercombat. I'm thinking more about program ans subscription limits, and the lack of penalties for breaking them.

Subscription limit is given as hard, System x 2 and no more. Overloading the active programs limit (System) causes a point drop in Response. It rarely comes up, unless you have a cheap or compromised system.

Judging by the SR4 book (not SR4a), that was how it worked when they first wrote it:



What it looked like in SR4 (again, not SR4a) was that if your Response dipped too low from running programs (or any other reason), your System would drop and higher rated programs would likewise drop.

This actually made a lot of sense. If you jammed up a node with programs the Response rating would drop, and the System rating would be affected. If you piled on so many programs that the Response dropped to 0, the System would go to 0 and the whole thing would come down. This served as a limitation on players for how many programs they run, but it also served as a cap on the number of IC that a company could conceivably keep on a node for defense. Too many IC would lower the Response and System of the node, and reduce the overall effectiveness of system security.

This was never updated by errata, but it was changed in SR4A (and the FAQ has an explanation) so that the only the base Response rating matters for capping System.

This swings the pendulum completely in the opposite direction, since Response only matters in Cybercombat.

Thinking back to earlier editions, where transfer rates and file sizes mattered, I might propose some house rule to make Response a little more meaningful:

Current Response rating caps the number of hits achievable on each Data Search, Transfer File, Encrypt, Decrypt, or Edit roll made as part of an extended test. It's not crippling, but if you jam up your commlink with all your pet programs at once, you'll take a really long time to perform extended actions because your commlink is struggling to handle the data load.

Just a thought.

Mr Clock, extra subscriptions count as running programs. I know what the penalty nominally is, and that's my whole point: it's trivial.

For a TM, most of the time yes (reference Unwired, page 135; see War!, page 179, the "Connectivity" echo).

For a conventional hacker, no. Unwired, page 55, "A persona can only maintain a number of subscriptions equal to the size of its subscription list (System x 2). If more subscriptions are assigned, each additional subscription over the limit counts as an additional program run on the node and may lead to Response degradation (see Matrix Attributes, p. 212, SR4)." Makes Nuke even more effective as excessive subscriptions aren't dropped and will become an additional drag on Response.

Added: ninja'd while pulling up pages

EDIT: Never Mind... Spellbinder already covered it...

Makes sense. I thought about it working that way, but didn't want to risk posting something that sounded like a house rule. Not as familiar with Unwired as I should be. Net result seems to be: Attack is a waste of time compared to anything else offensive (for instance Nuke), unless you have a paranoid fear of technomancers and want at least one spanner in your box to throw at them. And in that case you might as well use a Hammer.

Well all, thanks for the helpful tips on handling hacking. So, it comes down to a lot of IC, and spiders; with me having to know how to role play the situations as well. I think I can make it more challenging. Right up to the Red Samurai squad gunning his van while hes in VR in it.