Post 139, and I quote:


You say that I likely do not know the benefits of HotSim VR. Which is what I replied to. *shrug*

We have had this conversation before, and since I emphasize the names of those I respond to, all the time, you will just have to live with it. *shrug*

Which is why a Company will not use these Particular OS's for the backbone of their infrastructure if they are smart. *shrug*

Not a red hering. It is a truth. Simple as that.
2nd/3rd Edition sucked for Hacking, remotely or otherwise becasue the Game Mechanic forced a lot of 1-on-1 time between GM and Player while others went and did their own thing (Complaints abound about that particular issue). SR4/SR4A changed that by simplifying the system. If the System is Simpler/Easier, the resulting game play will be Simpler/Easier.

I do think Hacking on-site is easier in 4th Edition (than previous editions)... Easier System makes for Easier Play. *shrug*

And California's Beaches ARE better than New Jersey's.

Becasue he is stealthing through the System. That is what hackers do.



There are already a set of rules to which the world adheres. Unfortunately, many people do not like them "becasue they know computers, and they do not work that way." Me, I don't care how real world computers work, it is irrelevant to the game, and the system they present. When it diverges from reality, I don't really care.



Since anything really interesting will likely be on a system that possess Ratings above 6, this is really not that big of a deal, as far as I am concerned. You can obtain access all you like by the Slow hack Probe in those systems. It makes no never mind to me, because the FIRST time they try to do something, it is likely they will be caught and the system will go to work on them (this is borne out, time and again, by experience over the years I have played 4th Edition). If it is a low grade system, who really cares at that point?

While I see no problem with hackers always succeeding in finding their way into a node given a few hours (hey, if their decryption's this good, why not exploits?), I just have to point out that it's absolutely not like starting characters are street gutter trash, so them being able to actually hack into top nodes is expected and reasonable.

Wow.

It took a week of me asking the same god damn question over and over before I finally got a response to it.

And now I can finally pick it apart.

Yes the system got easier.
Yes the system uses the same time scale.
But no, the hacker still does his hack-y thing while everyone else gets pizza -OR- the hacker is better off performing non-hack actions to achieve greater results.*



That may be, but saying that CA's are better because "now you go to the beach more, after moving from Idaho" doesn't really prove that.

*I can perform 6+ rolls over the course of two combat rounds in order to hack one thing, or I can make 6 rolls shooting a gun. Hmmm.

No, you went off on how I said you did not know the benefits of hot sim. That's not what I said.

And referring to me in the bold is still aggressive and rude, especially since both I and the mods have asked you to stop it. It's like referring to Patrick Goodman as "Pat"; you might shorten everyone's name, but it's still rude.


Does not follow. 4.5's system isn't easier or simpler (the core mechanic arguably is, but the actual rules aren't) and I have more issues with the Pizza Problem in 4.5 than I ever had in SR2-3. So, unless you have evidence beyond personal anecdote, your argument fails.

I actually find the system to be less simple because they scattered the various rules away from a very basic mechanic: you used to just roll against the ACIFS value for the right system minus your program rating, which was dead simple, and you didn't usually have to look up much because the categories were obvious (browse vs index to find a file, for example). The newer system is full of pretty arbitrary extended test threshold values, paired system ratings, etc, which either have to be memorized or looked up every time (1 written value that's universally applicable is better than a value that has to be added to another value, since that's quite possibly not obvious).

Hacking a system in SR3 can be as simple as: Deception vs Access, Browse vs Index, Read/Write vs File. If you're taking hours to do basic info runs, that's more the fault of the GM. There's nothing built into the system that should make this stuff take any longer than SR4, and pretty much all the rules you need would fit on one panel of a GM screen.

Time scale is irrelevant, at least since 3d edition, since decking initiative and meat initiative are on the same scale -- this means there's no difference between the mid-run integration of the two.

Emphasis mine. This is squarely on the head. The actual rules built around the core mechanic are more complicated. They require more lookups and more rolling of more dice, and it's totally the fault of the fixed target number. The only way to substantially affect the difficulty is to increase/decrease the threshold (increasing the dice pool around a threshold of 1, beyond a certain point, has no statistical impact, and decreasing the dice pool makes you jump from at worst a 1/3 chance to 0 chance, bypassing the possible-but-highly-improbable situation entirely). To solve this, a lot of things were made into extended tests (to allow high thresholds), and each extended test gets its own arbitrary threshold. Yes it's simpler to count the successes, but it's more complicated to figure what those successes mean.

Apparently you missed the other responses to your complaint. *shrug*



And yet, the Hacker is not the gun bunny. If he was a gun bunny, then yes, he could shoot instead, but becasue he is a HACKER, he spends his time hacking instead. You seem to miss the distinction. The hacker is not there to shoot, he is there to Hack. *shrug*

And I continue to disagree with you on that one. The mechanics are easier, and it is nice to see that you agree with me on that at least. You may have more issues with Pizza Time in 4A, but I do not, and neither does any other table I have played at. And since your counterargument is nothing but pure anecdote as well (or personal experience, if you prefer), it is obviously not going to be resolved betwen us. No worries. Enjoy your game. . *shrug*

Perhaps you have issues with this. I do not. *shrug*
We will not solve this issue between us, becasue we will never come to a consensus.
No worries. Have a great game.

Missed this one, sorry.

Again, you are talking personal preference. Most of my issue with previous editions Hacking was the Variable TN. I HATE THAT SYSTEM. Therefore, anything that uses tha tsystem is automatically inferior to one that doesn't. I hated ACIFS as well. And the fact that the GM STILL had to have alone time with the hacker sucked. And I am not the only one that has that opinion. *shrug*

We have different ideas on what makes a workable system. Neither of us will convince the other that their system is the one to use. That is okay.

Are you just compulsively responding to stuff at this point?

Are you seriously attacking him for replying to things in a forum thread he's participating in?

Can we please return from discussing personal preferences in gaming (and each other) to maybe actual problems with hacking in 4e?

I dispute that the core mechaniic is simpler, but I acknowledge that there's room for argument on that point. That said, I ran official Missions games, and I had the Pizza problem every time. My solution has been to chuck the rules, as has been the solution of many people here.

You're free to disagree, but you're not just disagreeing with me.

Ah, I see. You're taking your dislike of variable TN's and projecting it onto the entire system.

Look, you like fixed TN's better. That's fine. But that doesn't mean they're inherently better, or easier, or simpler. That also does not mean that any system built on fixed TN's is superior, either. I had less alone time with the decker in SR2-3 than in SR4.5, and I'm not the only one here with that experience.

For example, I hated the SR2-3 Maneuver Score with a fiery burning passion. Compared to that, SR4.5's Chase Combat seems a lot simpler and easier. However, it doesn't work either. Just because you couldn't get variable TN's doesn't mean a non-variable TN system will be workable, easier, or superior. Chase Combat still doesn't work, even though they jettisoned everything I despised. In the same vein, just because they moved to a fixed TN Matrix system doesn't mean it works any better-- and in the experience of everyone but you, it still has serious problems. That's why I conclude that you must be using house rules and home fixes, and are refusing to acknowledge or admit it to us, lest you have to admit there's flaws in a fixed TN system.

The main issue here, I think, is that the actual operation of the Matrix is open to a lot of interpretation (how accessible is simple data, how are nodes protected, what exactly can/can't be done with an admin account, what information isn't on the 'trix, etc.), which means that a lot of things that mean Pizza Time in some groups, simply don't in others, while both groups are following the rules.
Rules-wise, I think it's been settled pretty clearly by now that there isn't any single feature of the SR4 Matrix that made decking/hacking remotely less or more desirable, so any major change in them either has to be in the general mechanics (i.e. if hacking is simpler [and thus takes less time], hacking while running becomes more viable, because it is something that can be done without excluding the group for too long), or in a change of fluff (for example, if the wireless matrix is pervasive enough that all nodes are wireless, the mutual signal range rules, combined with how 'chaining' MSR to some specific node works, makes it unnecessary to get close). It seems fair to say that there's no consensus on either.

That's why a clear model based on some sort of real-world structure would be really helpful. Not that the rules should attempt to simulate the model, but it's a lot easier to figure out how to adjudicate something if you have something in the real world that you can use to relate to the issue at hand rather than trying to read the minds of the various rules writers as to what they though Mr Mechanical Typewriter meant 35 years ago when he wrote crazy stuff about how computers had to operate in order to make his plot work.

Well, I can say that it's definitely not any faster, simply because of the vast number of Extended tests the decker has to make. There's certainly a lot of hacking rolls that need to be made, and the cumulative time adds up.

Combat hacking of enemy gear/cyber is a prime example. It takes so many Extended tests (and a lot more rolls) to get anything done, you're better off shooting them six times than trying it.

A critical point missed here.. is young gauss's law or not... once the dice pool hits 6 and under chances of glitch go up quite significantly... not only that given the cumulative nature of rolls and glitches... become increasingly more likely the longer a check goes on.

With 10 dice.. there are just over 60million possible combinations (6^10). In each case 5 results are not a 1 and 1 is setting the ratio at 5to1... so combin(10dice, A) * 5^(10-A).. A = 5, 6, 7, 8, 9, 10. 787500, 131250, 15000, 1125, 50, and only 1 case of rolling 10 1's. (if you sum all the results going from A = 0 to 10... you end up with 6^10 power so you've covered 100% of the probabilities!).
Running the statistics.. works out to just over a ~1.53% of a glitch. (934926 results with 5 or more 1's... out of 60,466,176)
With 9 dice... ~1% (due to a freak of statistics that you're more likely to roll 5 1's on 10 dice than on 9 the odd number round up)
With 8 dice... ~3%
With 7 dice... ~1.8%
With 6 dice... ~6.1%
With 5 dice... ~3.5%
With 4 dice... ~13.5%

But my point above is that a glitch on any of the extended tests results in glitch on the entire test... and even starting at 10 and only working your way down to 8 or 7... results in about a 7.1% chance of 1 or more glitches. (0.985*0.99*0.97*0.982== .929)... which is a reasonably significant chance.

So no I don't buy all this of even with gausses law of N^2 dice... that you get (N^2)/3 successes with no complications.


Extended tests are very dangerous with substantially increased chances of one or more glitches... which is why that tangent on the guard power and the matrix got started way back either in this thread or the other main thread. Hacking in particular uses quite a lot of them.

If you go all way down to zero from 10+ dice, your glitch chance is about 61%.

Untrue.
A glitch on an extended test means something else. Generally it's a -1 success kind of deal.

you may be thinking of a critical glitch which usually forces you to reset your overall successes.

Cite it Draco18s or you're having flawed recall/making up a glitch result which is up to the GM.

Page 62 says nothing of the sort.

Page 64 is even more explicit with some suggestions as possible glitch results... and suggests 1d6 (not a mere 1) success as another possibility. Both results not being mutually exclusive either.

Many extended tests relevent to this section.. hacking/spoofing lifestyle/writing software have some very specific results specified if a glitch results. (software gets bugs.. spoofing a lifestyle example specifically results in a glitch needing to restart all over).


If you're slow probing a firewall and glitch... for example I'm probably going to give the firewall + analyze a crack at your stealth and subtract 1d6 secretly from your successes by raising your threshold. Not fatal... but definitely an impediment.

If I can think of a funny way to do it to entertain everyone... even better.

That is your experience.

Combat hacking actually takes fewer rolls than shooting. Hack on the Fly for admin account (say, to shut down a pair of cybereyes) is Hacking + Exploit vs Firewall+6, opposed by Firewall + Analyze vs Stealth. That's two rolls per IP, compared to three for shooting (firing, reaction, soak).

Exactly. Stealth tells the system "everything fine, these are not the hackers you are looking for", and as long as it keeps up that impression, anything the hacker interacts with should see the same. Otherwise you have a system where basically a puny datastore (which needs to be hacked for every interaction) is better at detecting intruders than the actual security of the node (which gets fooled by Stealth)

Well, the experience of everyone I play with as well... It is not just me.

We use one of the Optional Rules for how Hacking Works.
We used, for a very long time, the Attribute + Skill, capped by Program Rating (This does make Technomancers less of a problem, too, as a side benefit).
In recent months, prior to his campaign going on hold, we started trying a new system to see if the GM liked it better (Attribute + Skill, Programs work like Reach; A system that I REALLY Liked, as did the Technomancer, since his CF's became all powerful again. It was a bit fiddly, though). But it never went far (Campaign went on hold due to life), and we went back to the Optional rule (above) with the replacement GM.
Hacking does not really change that much with the Optional Rule (except that your attribute now matters).

Not to mention that the real world often has internal/private networks that are not connected to the outside world and on-site networks that DO connect to the outside world.

So extending that line of thinking to the SR world isn't a stretch at all. Makes sense to people so the few times I've gotten to run games, I've set up the computer networks like that.

One of the things that broke the Matrix believability (from the beginning) was the idea that EVERY SYSTEM was connected. There is no reason for every network to be connected. Same goes for Wireless Matrix. Companies and people would only use certain features:

1. if they were too lazy to disable them
2. did not know how to disable them
3. were unaware the features were on
4. or if they actually needed them

So if the place you are running against has a private disconnected network, you are going to have to jack in on-site, not from Mom's basement. That's always been a good thing. Deckers & Hackers need to get out more often.

Hopelessly away from books at current. Like 3000 miles. I can take a look on Tuesday.

So Much This...

Strongly disagree. You take it too far.

While you may appear to be an additional normal system task... if only programs X, Y, and Z are authorized to access a certain item such as the access log. You touching it should set off alarm bells... no differently than an invisible mage opening a door... the door did not open on it's own. You have not been spotted... but clear proof that something is not quite right has been triggered. Stuff like this should require dedicated monitoring IC in many cases...

Your puny datastore is the paydata... while you stealthed in. When you pull the golden statue off the pedastal don't be surprised when the virtual boulder starts rolling in your direction. While you hustle on your way out of the system to cover your tracks and logout before the natives with their spears and poison darts show up.

You also miss that one of the best ways to hide is often in plain site... I hack admin... I craft a normal user account. I send in a normal agent to login non-stealthed normal as day as if I were an authorized user to access and grab the data, logout... a normal transaction. Admin proceeds to remove the account and clean up the access logs before logging out again himself (which should still leave an entry in the log after it's been editted... it should never be possible to bust into a system and leave no traces IMO... an increasingly difficult check is one thing... but every access log is different it shouldn't be as simple as saying I wipe the access log).


I'd say right now one of the problems with hacking is stealth is too important... and leads to a lot of the issues with threading and techno's or silly decker programming exercises... you too can have a rating 12 (optomize 6, ergononomic, crashguard)... with a months work of programming.

Again, Stealth is described as "makes the hacker seem innocuous by obfuscating his activities, erasing system tracks, and mimicking authorized traffic". If you do something, Stealth makes sure it looks like it happened legitimately (and the security gets an Analyze roll to detect it is not).

This.

It pretty much comes down to the fact that a hacker needs the following programs every time without fail:

Stealth+++
Exploit++
Decrypt+
Analyze
Edit

And probably one more I'm forgetting. And that's already starting to seriously limit how may "optional" programs the hacker can have. Throw in cybercombat and you need:

Armor++++++++++++++++++++
Attack

Leaving even less room for cool toys like Data Bomb, Nuke, etc.

In the time it takes you to locate the node, hack on the fly, and then issue commands, you've spent a minimum of 3 IPs (More, if you don't beat the Extended test on the first try). In that same time, you could have shot the guy six times. Objectively speaking, it's very much not worth it.

Very nice, you finally admit to using house rules.

In the experience of the hundred or so people I've run Missions for, however, that doesn't mean anything. You still have the Pizza Problem, and you still have the problem with too many extended tests. The matrix rules are still a mess.

Rarely does the hacker need them all running at the same time, though.

Really the idea behind "everything connected" is that most systems need to be connected to perform their day to day functions. You can't disconnect the banking system's account network because to perform the thousands of basic transactions every hour of every day, it has to be hooked into the international grid (so the Stuffer Shack can charge your account, etc).

Beyond that, a corporate R&D lab might need to make hundreds of daily reports and transmit research logs, or even connect via dummy terminals to a central corp system offsite that serves a dozen such labs in multiple time zones and jurisdictions. Laws crafted to prevent certain kinds of work, research, etc, might be circumvented by renting out a cheap office downtown but having all the work and data are actually stored in an offshore oil rig in the Aleutians or in an extraterritorial corporate stronghold. Security breaches can be handled by security hackers scattered around the world to prevent a quick meatspace strike taking down all the matrix security in one shot, and physical security can make a small, difficult to access site at an undisclosed location virtually impenetrable to runner teams. In a total emergency, a system could be brought down easily and effectively with no one shooting at the sysops.

In fact, actually having the system offline, where all the work is done, where all the workers have to physically go, with the only security being 100% onsite would make a system terribly unsecure. Private disconnected networks make sense for some operations, blacked out networks for totally secret/illegal stuff, but those sites would be necessarily be nuclear strike survival bunkers themselves.

Where I run into the problem is wirelessly broadcast networks that don't have a reason to be. The old wired world had several layers of basic government security before you could get to the corp systems (through the RTG/LTG network). In most places, the UCAS especially, these were a joke, but having to break the LTG and then break up to the RTG and across to wherever and then back to another RTG and LTG so you could do the search operations to find the corporate site you were looking for wasn't an extreme roadblock, but it was theoretically enough to keep out the casual hacker or block the automated illegal data miner. In the wireless world you just have to get near your target location and go straight in -- and systems that ostensibly have to have wireless components to function (security communications, drone relays, etc) allow you to just step around any matrix chokepoints or roadblocks.

A system that looks like:
Lab Stations
^
|
v
Security node <----> Central Hub (port to the outside) <-----> Drone node

in the wired world would be a significant hurdle, because from the outside a hacker would have to break through the central node, and into Security and Drone locations from that central node -- the datatrail would be significant, and you'd have to get through at least 2 layers of security to do anything useful. Wireless, you'd have at least 3 entry points to attack the system, which means more expense (more IC, each node needs probes and tracers and attackers) and more frontage to cover by security hackers. Not to mention that cracking the Security or Drone nodes would only make it easier to breach physical security and plug straight into the Lab node. Your system might have a strong front gate, but the back and sides are plate glass (unless you multiply the cost of security).

In the wireless world, a system should really look like this:

Access Terminal <-----------------------------------------------------------> offsite Matrix fortress full of security hackers and IC

So to do work, workers just go into the local Access Terminal and bridge over into the offsite location where all the data is. If the physical site is ever breached, the offsite security shuts down the line from that access point.

EDIT: In the diagram above, Lab Stations is supposed to be branched off Central Hub (not Security) -- post formatting aligned it left.

Exactly it mimics authorized traffic... as in signals intelligence.... you read FAR too much into that one phrase. With that one misreading (in my view) you change stealth from being useful to a god program.

Not as in terms of I'm going to pick up this nice and shiny paydata file with it's own access log and traps set on it.

It's practically as bad as in the old system where you'd sleaze your way past most things because that was your single best recourse than trying to fight the IC.


Besides wireless on absolutely everything needing to go... what else needs to go is unlimited storage. The old memory/BW limitations were one of the things which defined a lot of the requirements for decking. it makes no sense that i can store every movie ever made to man in my cybereye! Unlimited web storage I can buy with appropriate risks of hacking and corp making use of 'your' info and pictures as terms of service... but personal storage should be limited.



Epicidean;
Uhmm... I don't know if you realized this but this is shadowrun... megacorps make their own rules outside of the corp court. If one makes a product and another clones it with a cheap knock off... those are the ropes. Extranationality and offshore data havens... have you read the source books?

Banking systems... yes are going to have ultra-grade security on them since they're centralized... what isn't is the mom and pop point of sale transaction assets... but that's going to be limited to very small transactions of limited quantity and may only allow people to pay and not give any refunds through it. (IE: a stuffer shack gives a refund by giving you a side of fries on the house rather than paying you back in $$$... or by using certified cred rarely to pay cash).

It's literally going to come down to how much will it cost to insure themselves against fraud... vs. how much to pay to prevent the fraud with higher rated security. Cost benefit...

Isolated R&D... yeah it's called sneakernet... yeah I'm going to burn this report to a chip... and take it to this external system to deliver the data or just send the chip directly to the recipient. Johnny Mnemonic at all? Cold storage is called cold storage for a reason... (and not just because they dump magnetic tapes in cool climate controled abandoned mines for storage; the source of the term).


Security system... the security cameras don't really need to be on the internet! Especially if they only report to an internal security point... even then... it's possible to turn on an external connection as needed... if something happens and corporate wants it now (say via satellite uplink).

Yeah, i am sure each megacorp has its own satelite network it can use to safely send secure data across the world (remember, some of the megas have aircraft carriers and nukes)

Read all there is on detecting and intercepting traffic and count the occurrences of "Stealth", then you know how sound that interpretation is...



It makes Stealth important, same as your interpretation does to Exploit. But what I'm wondering, where do account levels factor into your interpretation? When every action requires another Hacking roll, what good is an admin account?

The way you handle this is token transfers. There are physical connections but not logical connections. The secure side starts all the transactions and knows exactly what should go back and forth and it won't accept anything that isn't from that station, properly encrypted and a single small properly formatted packet. In addition, you have another host monitoring the connection and it also knows exactly what should go on that connection and will physically disconnect the link if any other traffic appears.

Switching programs costs actions.
"Oh shit, I just got into cybercombat, must load up Armor and Attack" means you lose a whole precious pass.

It's equivalent to showing up to a gunfight without having ammo in the gun and your armor in a backpack.

I think the best example of how much rolling is needed is given by the story written by the authors of the Matrix rules themselves (the one with Netcat and Slamm-O trying to take control of the drone). They even start leaving out rolls and turns because it was either getting too repetitive or too verbose (or they didn't fully understand the rules either).

It seems pretty obvious that they don't understand the rules. There are multiple places where what the example doesn't actually match what the rules say. I'd suggest that if the people who wrote the rules can't actually write an example (with the writers given as much time as needed to research and discuss each action) without making mistakes the rules are pretty damn awful and will simply not work when you are actually trying to play a game in person.

I admit to trying a House rule. We are back to the Optional Rules in the Book, which are not House Rules.
And no, We do not have the Pizza Problem, and the rolls are done in tandem with the current action going on, so no, there are not Too Many rolls. I disagree that the rules are a mess. *shrug*

Of course... The "You" that you talk about may not be actually directed at me, and if not, I apologize.

Corps don't have carte blanche extranational status, and an Ares office building isn't necessarily an extraterritorial site, as the UCAS isn't going to cede sovereignty every time a corp wants to open up a new Stuffer Shack competitor.

Beyond that, most corps farm out a lot of their shadier work to subsidiaries, which protects the parent corp and provides some secrecy.



I'm not sure what you're on about here. Banking transactions are an obvious example of why a system might need to be on the Matrix all the time.



Burning data to a chip and couriering it over to a recipient is neither fast nor secure.



Security cameras don't need to be on the internet, but they may have cause to broadcast wirelessly. In SR4 this is virtually the same thing.



Sure. And that's what your Stealth and Exploit programs are bypassing -- the system blocks that prevent unwanted data from entering and exiting the system.

I want the hacking/deckingt to work exactly like combat. Base programs would be assumed and special programs would act as weapons. In 1e-3e style, "Sneaking" in would be range combat and "Brute Force" would be melee combat. I'm not sure exactly how they would be different with 4e style combat however, melee is no longer counter blows so maybe you have a just combat for "Brute Force" and an extended test for "Sneaking".

See: Johnny Mnemonic.

Ummm you need to reread your books... yes they do.

There's lots of examples of runners going into a stuffer shack or shopping plex to shake a corpsec team following them specifically because that corpsec can't enter the other corps turf.

There's a reason there are big security companies sub-contracted to these corps like lone star and knight errant.

And relying on a firewall to prevent intrusion on your network is neither cheap nor secure.

Security is always relative. A computer network can be hacked. A courier can be intercepted. And even with a Secret Service security detail and the whole Intelligence Community watching his back, the president of the United States can actually be assassinated (I guess I just triggered a searchbot here). And it seems even easier when discussed on a forum by people who will assemble a team on a 400 BP basis and pick the gear in a list, instead of, say, finding and recruiting real people with the needed skills and the willingness to risk their life or their freedom, and acquiring the gear and the intelligence without getting caught.

There can never "enough" security. You jet get security to a level that will deter most existing threats. It just about risk, motivation and cost. A network connected to the Matrix is under the threat of hackers from anywhere in the world, 24 hours a day, 365.2425 days a year. A courier is under the threat of physical aggression for a few hours each time. If the opposition have the motivation to watch a facility for several weeks or months to identify the courier and the route he takes, and physically attack him to steal the chip, then they're likely to have the motivation to hack through a firewall.

Of course, the whole point of Shadowrun is to defeat security. So obviously, the gamemaster has to design measures that are somehow unsecure. Relatively.