A node with a choke point in front of it is a system map. Just a very simple one.

System maps should have never gone away.
Even if you don't always need them for simple setups.

Really depends upon how you jack in from the inside.
My Hacker has gone to the extremes of being hired to gain access to a system from the inside.

Sometimes being on the inside means that you do not have to actually Hack. There are advantages that you may not have hacking from the outside.
If you are hacking a complex system, with many interdependant nodes, Hacking from the inside may be your only option. Some systems have much more lax security on the inside than they do for penetration purposes. There are potentially lots of reasons to hack from inside a system over coming in from the outside. Problem is that you likely need to be Socially aware to do so from the inside (much more so than just Hacking from without), or really, really good at hiding once you penetrate the target system's infrastructure.

I Agree with Falconer... System Maps should never have gone away (and they have not for me, at least). You just do not need them for simple systems. *shrug*

Okay, fine, where is that reflected in the rules? As far as I can tell, stealing legal accounts is given little to no word count, as is jacking in from the inside.

If you are on the outside, you Hack... If you are on the inside (or you have a valid link from the outside), you use Computer (as you have valid access accounts) becasue you are not doing anything obviously illegal.

That could actually be a disadvantage. Since most deckers focus on the hacking skill, odds are their Computer skill is weaker.

This is true... But can they really call themselves Hackers/Deckers at that point, then?

Yes.

Look, there's only two ways the skills can be allocated at start. One at six, the other at four; or both at 5. That's the character generation rules. Both at 5 isn't a good choice, because you use Hacking a lot more than Computer. Do it your way, though, and suddenly they're punished for not having skills at levels not allowed at character creation.

That is strictly your opinion and nothing more.
AS for how to allocate skills, you are so wrong I cannot even find the words. There are many ways to allocate skills.
Hell, I rarely allocate even a 5/5 in my starting characters, let alone a 6/4 split. *shrug*

I currently have 2 Hacker characters.

My Cyberlogician (not a True Hacker, per se) rolls 12 Dice for Computer and 13 for Hacking (extra dice for Specialties). Both skills are at a 3 Rating. So, Professional. He has 340 Karma.

My Professional Hacker has 15 Dice for Computer and 16 for Hacking (also extra Dice for Specialties)... He is a Veteran Hacker, and both skills started at a Rating 4. He raised Hacking to 5 in Play. He has 27 Karma.

Note: All the Skill levels are allowed at Character Creation, contrary to your post above.

I don't see a need to have Best of the Best in the World level of Skill when Professional or Veteran levels will suffice (My charactres are Not Fastjack, after all). And my Skills for both characters were allocated in such a way as to cover the concept of the character. You CAN make a good hacker that can cover both Computer use and Hacking, I have done it on more than one occasion. And if you do it "My way" (as you call it), there is no punishment, either, becasue both skills are pretty close to each other. Imagine that.

The only time that you have issues is when you absolutely MUST be the best in the world, with no peers. And that is so very boring to me. *shrug*

My Cyberlogician is really good at his job, but if he had to fill in in another primary position, he can do so. And do so very well. After all, he has 340 Karma.
The Hacker, well, he Hacks. Be he does not really fill much in the way of other primary roles. At best, he is a backup for a few roles.

Point, though, is that they are both capable in their primary field. And if you cannot tell, I have a firm belief that the Hacker better damn well be able to use a computer about as good as he can hack, and even work with the Hardware and Software involved. Otherwise, he really isn't really much of a Hacker.

TJ & Cain: is this the usual back-and-forth between you? The back-and-forth that simply proves that you won't ever agree on anything?

Not to my Knowledge, Grinder. I was under the impression we were having a civil discourse.

If that's the case, my apologies to you and Cain.

No worries.

TJ, I think you missed the point: characters seldom have equal pools in hacking and computer, and their hacking pool tends to be higher. Forcing them to use the Computer skill actually discourages them from trying legitimate access tricks.

I really do not see it that way, though. Why would using the rules be a punishment? It is not like they do not know that legitimate access uses Computer rather than Hacking (Says so in the rules, after all). If they choose to have a huge disparity in those skills, that is their choice that they must live by; they did not HAVE to make that choice.

That would be like saying I am being punished for having a lower Pistol Skill vs. Heavy Weapons Skill. It just simply is not true.

No offense, but you still seem to be missing it. Fact is, most characters will have a disparity between their hacking and computer dice pools, and usually it's in favor of hacking. Saying that hacking from the inside means you get to use a skill you're worse at isn't encouraging. In fact, it slightly discourages characters from hacking from the inside.

If the goal is to get more characters to hack from the inside, the rules need to show an advantage for doing so. Your suggestion isn't an advantage-- it's actually a disadvantage.

Please correct me if I am mistaken, but if using Hacking you are likely to attract the attention of the Spider or IC, whereas using Computer you are a legitimate user and will not attract that attention. So having a high Hacking and moderate Computer makes sense as Computer is pretty safe to use where Hacking can cause alerts.

Just my 2¥
-D

Indeed...
Assuming you have a legitimate account, you are not worrying about the security at all, unless you use your Hacking skill to do something you are not allowed to do with the legitimate account; at which point, you have drawn attention. *shrug*



As for hacking from the inside, it is an advantage (assuming you have a legitiamet account). Unless you have a Legitimate Account (through hook or crook), then you are still Hacking (which I still prefer to do on-site when I can, though long-range hacks are still viable). It is not about trying to get more people to use legitimate accounts when they can (though I prefer that method, personally, because it DOES have a lot of upside, especially if you can get that remote VPN access), it is about having the Decker/Hacker on-site with you.

I have heard that there are some simplified hacking rules by someone named Serbiter called "Serbitars Guide to the Matrix", however the links to the pdf all appear to be dead.

Does anyone know where to obtain a copy of this pdf as I am relatively new to GMing Shadowrun and am having some issues with leaning the hacking rules.

Again, there's no difference between a legitimate user operating from home or on site. So, there's still no reason for the decker to come on site with you.

Unless the legitimate user is not authorized to telecommute.

-D

That's what VPNs are for. By accessing a network via VPN, the target machine can't distinguish a legitimate user on the local network vs. one telecommuting.

The VPN host can. If you are not supposed to VPN in it won't let you.

True, but any other machine won't be able to tell.

Not true... normally VPN have reserved address blocks and there are commonly security policies in place stopping VPN blocks from being able to access critical systems.

VPNs are also utterly reliant on strong encryption.... which shadowrun pointedly doesn't use.


A VPN in shadowrun terms is simply two computers each running an encryption program on both side with an open subscription between them. We all know how quickly that gets compromised in SR terms.

If the administrator isn't sensible enough to have any externally-accessible devices run back to the VPN host to confirm those credentials, he probably deserved to have his system hacked.

And thus my knowledge of the real world is increased.
(Not to worry, I'll forget about this, or something else, in about five minutes)

Draco... this is just part of the whole... the matrix system is a bunch of half understood bits of reality and game... and the mix of them makes it hard to work with on the whole.

Yes, yes it does.

The computer rules are a morass. They have been effectively unusable in every version of the rules. Trying to use someone's image of Neuromancer combined with someone else's memories of TRON combined with editing by an english major who was overly impressed by some hysterical article in the Huffington Post on hacking they read last month isn't the ideal way to produce a coherent set of rules. I'm not sure if SR4 is marginally worse or better than any previous version, but unwired certainly didn't help any.

Everyone who claims the rules work fine, will, if you probe enough and they are honest, admit that they actually use some house rules or ignore various (often large) portions of the rules. Even some of the very carefully written hacking examples in the book don't actually fully follow the SR4 rules.

http://tgdmb.com/viewtopic.php?p=311499#311499

If the Matrix rules are so bad(and I'm convinced that they are), shouldn't we start asking more important questions? Like, for example, what should the hacking system look like?

I don't think anyone here would argue for hackers being simplified to say D&D rogues. -- I have a commlink(tools) and a hacking skill, so I'll loop the camera feed. <skill check> Success! We can now move unobserved past the camera. Proceed to next trap...

But we also don't want the hacker having to make 20 skill checks just to determine that a node is in fact THE node. -- <roll><roll><etc.> Yup, it's the cpu! Now for some *real* work.

Maybe this should be taken to another thread in case we make something good... For now, I'm off to work.

I put together a rules set a while back, trying to emphasize on the more cinematic view.
I'm not sure I succeeded, but feel free to take a peek and see if it spurs some more thoughts.

whtemg:
There are new rules coming and due out in a few months. It's called SR5. They're redoing the whole thing yet again... therefor I tend to find any rules based discussions on the topic kind of pointless right now.


Kzt:
That's what I mean when most of the current crop of authors at catalyst are 'fluff' authors... they're good at writing entertaining fluff and plot. The problem is they're not very good at thinking about in-game consequences of their 'fluff'... and most of them aren't very good at constructing games rules. (crunch authors vs. fluff authors... and the rare times you get someone who is good at both in the same package).

They take offense every time I state this opinion... but based on recent products like 'War' and the hurt feelings which seem to result when I point out the sheer brokenness of consequences of allowing vampires to take equipment along with them in mist form. (closest thing to an in-game teleport you can get).

It's not pointless. We're providing a discussion that the developers can draw on as a "what works/what doesn't work" to influence the final design.

Yes, but the books have probably already gone to the printers at this point.

For a major product release you're probably looking at 2-3 months for the print run.


That is the reason I was so active in rules discussions on these topics up through Feb... after that I think there's no time for effective playtesting. And pretty much everything has been set in stone. Talking about 'rough' ideas like we do... leaves no time for fine details of implementation to be sufficiently gamed for problems. So end of march is probably the outside of 'useful' feedback being provided and that only on the detail work we're not privy to.

Unlikely! You're getting a bit ahead of yourself there, based on the evidence they're still in testing!
At best!

I don't think any version of SR has been effectively playtested. SR4 certainly wasn't. What little they did was ignored per all reports, but that is apparently partially that they didn't really tell people what they were looking for as feedback or get it to the right people to do that for them.

I certainly don't have any expectations that they will effectively test a new version of the rules.

I don't know... the only playtester I know personally effectively cares nothing for mechanics... he's all about fluff and plot.

It makes me wonder if the mechanics ever get adequately playtested at times.... Canray's mess with the unusable & incomplete matrix chapter in SR2050 is my prime reason for stating that.

I've been reviewing the Wireless World chapter in my SR4 book, and ouch. Just ouch. So much "When you want to do this: roll these things" with little to no examples given. Chapter begins with a short story to get us in the mood, but then fails to use it as a means of walking us through the crunch that follows. Thirteen pages later we finally get to see a demonstration of a rule with Netcat. The demonstration shows us how we can access multiple nodes by simply declaring that we are doing another task in a different node and remarks that we could continue to do this several more times with a nice piece of hardware. No die roll. No direct in-game application. Just a little fluff about what is possibly the most understandable thing so far in the chapter. It is, as it turns out, the ONLY example of "See how cool this is?" provided.

How does this happen? I know the people who wrote the book know how to write decent examples of "This is how you can use this in-game" because they did it for the using technical skills to build or repair on pg. 125. Why wasn't more of this done? Especially in the matrix chapter which is a fantasy world IN your fantasy world. It will always be much easier to SHOW people how the game can be played and made fun than it will be to TELL them. I'm actually scared to review my SR3 book now for fear of what the Matrix chapter looks like in there...

So if we're going to restructure hacking, I think building a working model is the first step. Ignore crunch for the time being, let's just try to get a simple step-by-step idiot's guide to hacking put together. Then, we can slowly build out options until we believe we have hit the desired complexity. Then we can start working in the crunch to see how it flows in practice and then play with numbers to create the desired difficulty. I guess I'll throw down a first draft of the steps I see as necessary.

1. Find an access point.
-- Whether we do this wired or wireless, we're going to need a way to talk to the computer/device we're about to have our way with.
2. Gain access.
-- If we've stolen an account username/password this probably doesn't even need a skill check, otherwise break out a utility and the dice.
3. Find whatever we broke in for.
-- I'm guessing we'll have a utility that let's us roll against a threshold assigned by how hard the thing we want is to find.
4. Do something to thing we wanted.
-- Whether we are copying, editing, or deleting it, we need a way to do that.
5. Profit?
-- Sounds like time to go home and get paid.

That's really all we NEED from the hacking rules. I'm guessing we'll need to add some way to be discovered and/or stopped if we're going to make it interesting. Let's try an example of how this would work with a gameplay example. I'm not a huge fan of wireless, so I'll be pretending wires are the way to go for this one.

Lucky, our courageous hero, is helping his friends break into a corporate research lab to steal the plans to a prototype drone. They were able to find a back entrance that the cameras don't cover, but the door does have a maglock. It's a model Lucky has dealt with before, so he breaks out his tools and opens it up without setting off the tamper alert. Now he makes an Electronics check to wire his deck into the maglock's communication port(Step 1). After he gets that established, he uses the communication port to talk with the maglock's server and uses his ACCESS utility to get inside the server's defenses(Step 2). Now he uses his SCAN utility to find the program that runs the doors(Step 3). A couple of commands later, Lucky has opened all the doors in the facility his friends need to go through to reach the main research computer and locked the doors around the guards' desks(Step 4). That should keep them from interfering for the rest of the 'run(Step 5?)!

That seems workable as a base, but I'm going to need some sleep before I can stress it with more details. I imagine we've just made it pretty easy to reach the computer Lucky is going after, and with only 4 skill checks. 1 to get into the maglock, 2 to get the deck wired in, 3 to gain access, and 4 to find the program. I don't imagine we'd need a skill check to open/lock the doors, but it's a possibility. The Electronics check should be easily converted to Electronic Warfare to get the right wireless node instead if we shift it to a wireless setup. Feel free to begin the critique!

Not to mention, it's entertaining to simply discuss different ideas.

I'm going to assume Lucky is a pretty good decker, but not world class. So he'll have a logic of 5, electronic skill and cracking group of 4, all commlinks at stats 5, and all programs at 5.

0.a First we get an Anti-tamper test (SR4a p 263). Lets assume this facility is okay, Lucky is pretty new, so lets not stress the poor guy. So a rating 2 anti tamper. So Logic + Hardware, with a threshold of 2. Lucky is rolling 9 dice, he's got pretty good odds of getting 2 hits and not setting off the alarm. This probably takes 1 combat turn.

0.b Now a Maglock test (SR4a p 263) to remove the cover to get access to the guts. Another Logic + Hardware test with threshold of Maglock x2, so we'll probably look at a Maglock of 4. With 9 dice, that'll probably take 2 combat turns (total of 3 combat turns) to get to that threshold.

1.a Plug in means we don't have to make a scan test to find the node. This is probably a simple action... (4 combat turns total)

1.b For the sake of simplicity, lets assume the maglock is slaved to the security node. All requests the maglock is getting is being forwarded to the security node, so we are effectively hacking the security node when we are hacking the maglock. First we need an account to get in. We know we want to mess with the security accounts without them being able to instantly undo what we are going to do, so we need an Admin account. This device is pretty average so has a device rating of 3, so response, system, firewall, and any programs running on it are all rating 3.

1.c Lucky wants a bit of an edge while hacking so jumps in to hot sim. (SR4a 229) This is a free action. (4 combat turns total)

1.d Lucky declares he's going to get an admin account. He begins to hack the firewall using Hack on the Fly test (p230) rolling Hacking + Exploit + Hot Sim Bonus (11 dice) with a threshold of 9. It should take Lucky about 3 combat passes to do this. (5 combat turns total)

1.e While Lucky probes the firewall, the firewall is attempting to detect Lucky, so it makes a firewall + analyze test (p335) with a threshold of Lucky's stealth program (5). The node is rolling 6 dice, so will take about 3 times for the node to detect Lucky. Hm...that doesn't seem like very good odds. Lucky probably spent some edge to do the Hack on the Fly in one or two passes to guarantee he doesn't set off an alarm.

1.f After the Hack on the Fly, Lucky is automatically logged on with an admin account, and lets just assume he didn't set off any alarms.

1.g He makes a matrix perception test...? (p228) A simple action which is Computer + Analyze + Hot Sim. He gets 3 or 4 hits and sees...? How many people are subscribed to the node, maybe...? If there is IC, maybe... I don't know... Matrix perception tests don't follow the same rules as normal perception tests, so I don't get it... Anyway, Lucky spends his next simple action to have the analyze program to run automatically so he'll be alerted if anyone logs on. (6 turns total)

2. To find the icons to access the doors you need to search the node with a Data Search test (p230). Because we're not browsing the entire matrix for this info, it's probably a Data Search + Analyze (?) test with a threshold of 6 (for being General Knowledge). This should take about 2 combat passes. (6 turns, 2 passes)

3.a Lucky probably doesn't need to a test to open the doors. Because that'd be stupid. But if he did, it'd probably be a command test. I don't know what the hell the threshold or what skill would go with it, but its at least safe to assume its another complex action. (7 turns total)

3.b Even if he locks the doors to the guards, he'll need to make sure they can't open the doors by changing the guards account access. So Lucky does another data search test to find the account settings. We should probably assume that turn over is pretty common so the real admin isn't going to hide the account settings, so it's probably another General Knowledge threshold of 6. So we can pretty safely assume another 2 passes looking. (7 turns, 2 passes)

3.c Now we need to edit the account settings. This is an edit test (p230). It says you can edit a small line of code with this test. Because its just a simple spread sheet with data, the threshold is probably only going to be 1. However, Lucky will have to do this for each guard, and it looks like there are 4 guards in this facility, so taking 4 passes. (8 turns, 2 passes)

3.d Now that the guards have no access, you spend a complex action locking the doors they're behind. (9 turns)

4. Log off and jack out (p229) (10 turns)

5. profit...?

Ugh...screw that! So much pointless rolling. I'd also like to point out, the reason we have wireless is so that we can do all the matrix stuff that just happened and let other people do stuff while the hacker hacks. If Lucky wasn't plugged in to a wire, he could have been on the move (being carried) with his friends, while his friends did stuff. Wireless is better for the game. But with that said, Matrix really needs to be streamlined. There are way too many rolls. And what would happen if he set off an alarm? Then it'd have been even longer! IC would have been deployed, spider's would have been called in, cyber combat would prevent Lucky from working quickly.

*edit* got confused between turns and passes. Fixed.

Wait wait wait, what?

These two sentences do not fit together in my opinion.



Isn't this the main complaint about the Hacking Minigame?

Part of the reason I started small. The groups goal in the first example is to bypass a single door as it turns out. Would we be better off if we just had Lucky make a single roll that allowed them through the door? Failure means you don't get in, a glitch might get you in while raising an alarm, and critical glitch means you don't get in and let the guards know exactly where you are? I feel that if we complicate the process we also need to amp the reward for accomplishing it. The only way I could see players wanting to undertake the level of complexity currently in the system is masochism, significant GM fiat, or nigh godlike powers within the world. The current method gets to the same place mine does. It just takes twice as many checks and 3 or 4 times the time. Another significant problem is that the GM and/or player has to read the entire chapter, build a model, and then reorganize the chapter's data just to make sense of it. And I think we've all had the "joy" of finding a rule that we should have used in a place we'd never have looked.

There has definitely been a push to get the hacker with the team from the current game developers. I'm not sure if this is a goal worth forcing on the players. The easiest way to prevent hacks in the real world is to prevent Step 1 of my game flow. You can't hack a computer you can't talk to. Remote access is significantly easier to disrupt than local, and doesn't even need to be malicious in nature. Maybe one of the nodes you used to establish a connection just shuts down at end of business or something, and voila. Working around that limitation might be fun to the players, so I say we let them. Others might just decide that being jacked into the server is the best way to keep that from happening.

Extended Tests are going to require a bit more thought on my end. I like that fact that it gives a way to accomplish tasks that might otherwise be impossible, but I'm also trying to limit die rolls and "scripted" player actions. I don't think people enjoy spending 3-4 combat turns making the same check. I don't want to totally throw them out in case they're the baby in the bathwater though.

It gets a lot cleaner if you start treating matrix actions like spells. Replace extended tests with sustained tests, et cetera.

How is the hacker taking actions while the shooter shoots a mini-game?

Because they don't take place in the same space at the same time.

And yet they happen in the same pass, so what is the problem?
We have routinely done it this way for years, and it works. *shrug*

It is no different than a Mage smacking an Astral Threat while the Gunbunny shoots the Physical Threat.

This has always annoyed me about SR hacking. It really oversimplifies to the point of absurdity attacking physical security.

There is no particularly good reason for a physical access controller to talk via a network connection to a server. There are many reasons you don't want this. Which is why people build physical access control systems so that the only device that has an actual network port is the floor controller sitting in a locked room. If you access the reader/keypays etc directly what you have is a very simple device that sends a string of data via serial signalling (sometimes encrypted, sometimes not) to the floor controller sitting in a locked room, which then sends that credential to the main access control server, typically located either in the main guard station or in a the data center. The main access control server makes an accept/reject setting and sends that back to the floor controller. If it's an accept then floor controller sends a signal to the lock (which is an entity distinct from the reader/keypad) and the door opens. Or the door doesn't open and instead the floor controller increments a failed attempt counter and starts/checks a timer to see if it should start ignoring that reader/keypad for a while and send an alarm, or not. In our system it also points a camera at the door and brings that up on the main monitor in the guard station if the credential is rejected...

So accessing the reader directly just allows you to really rapidly send credentials to the server. At least until it trips a lockout or the guards detect you. You could attach your own reader to the door reader and then use that the produce a duplicate credential later.

Gunbunny: "I shoot the guy" *rolls dice, defender rolls dice twice*
Mage: "I lob a spell at the spirit in the astra" *rolls dice, defender rolls dice twice*
Hacker: "I break through the firewall" *rolls dice*

Next pass

Gunbunny: "I shoot the guy" *rolls dice, defender rolls dice twice*
Mage: "I lob a spell at the spirit in the astra" *rolls dice, defender rolls dice twice*
Hacker: "I continue to break through the firewall" *rolls dice*

Next pass

Gunbunny: "I shoot the guy" *rolls dice, defender rolls dice twice*
Mage: "I lob a spell at the spirit in the astra" *rolls dice, defender rolls dice twice*
Hacker: "I continue to break through the firewall" *rolls dice*

Next pass

Gunbunny: "Everyone is dead"
Mage: "No more spirits"
Hacker: "I continue to break through the firewall" *rolls dice*

Yeah, totally happens at the same time.

Wow, your Hacker takes 4+ passes to break a firewall. Maybe that is your problem. *shrug*

How about "I spoof the tacnet/drone/smartgun", "I jam the enemies connection", etc. Hackers can do other things also.