*points at Bull*
what's wrong with that?

A whole lot of security is fairly easy to take down if you know what you are doing and know it is there.

For example, a whole lot of real world electronic locks have motion sensors on the secure side that unlock the door when someone walk up to the door. Put a helium balloon under the door and inflate it, then raise it up. The sensor sees motion, door unlocks, you walk in. Door was opened from the inside by the sensor, so the security system thinks everything is good.

There is all sorts of stuff like that than can be done. A book about that would be pretty cool. I just doubt that CGL can do it.

Nothing at all, though sometimes you might get paid to do a quiet run. These are usually interdepartmental infighting so they don't want actual damages, just one upping each other.

On a side note, does anyone have a copy of 'Bull the Ork Decker in Escape from Bug City' for the PS36?

"Secure" side. Where I worked, the least the security department agreed on was using wireless ID cards.


Also, at our table most runs, unless set up in some kind of wilderness, are perfectly silent: the corps always have the benefit of brute strength.

Sure, for entry. There are building and fire code requirements that make having exits controlled by access control cards difficult to do. One common way to get approval is a motion sensor on the secure side of the door. I've seen places that prohibit reentry, in that you have to badge out in order to badge back in, but even those are rare.

Worked a month or so at a place like that. Badge out to go outside, but if you don't go through the door (forgot something at your desk?) then your badge doesn't work to badge out again. You have to be let out by someone else - the system keeps track of where the employee should be. What an annoying fsking system...

For the fire code requirements, emergency open buttons go near the doors. Obviously, since pressing one means there's a fire, it turns a siren on.
Also don't forget corps use their own laws on their extraterritorial property.


Yeah, our security dept tried it with the datacenter buildings, but had to cancel with how annoying in got for everyone.

And this is why a lot of places are not as secure as they could be. You still have to have the regular work personnel able to move about and do their jobs.

Same in the Matrix, you have a hefty defense and bottleneck on the outer edges, but inside it is moderately less except for the really sensitive stuff as your staff should really just log in once on a terminal to get to their work.

I could see a Corp making a total fortress type, totally to the nines in checkpoints, dropping blast doors and security and just using it for training of security. No actual staff work inside it, rather the corp runs a rumour about some uber secret cutting edge project with live in staff and just sit back and swat all the runners trying to break in. Distracts them from the real jobs they could be doing.

And when the corp makes a place more secure than convenient for the employees, the employees will find a way to short-circuit some of the security measures and thus create even more vulnerabilities. I think things like this could be modelled by some of the alternate systems I've seen for doing runs, where the prep beforehand (legwork/casing the joint/etc) earns the group a certain number of pool points that can be spent during the actual run to influence events, like spend a point to say "oh, the security door is propped open because the guards found it too inconvenient to always swipe in and out" (happened at the afore-mentioned company of mine).

Yep. I can attest to this. Badge piggy backing is one of the big no nos where I work, but it keeps happening. Every once in a while management will crack down on folks who do it. For a while it will stop, but within 6 weeks or less, back to the piggy backing badges. Comparatively speaking, that's a minor restriction on employee movement. Yes, occasionally someone will get fired, but it's rare. (At our local site, once in 5+ years rare. More company wide.) Luckily, we haven't had any incidents, which is probably why the rate of terminations for it is so low.

It might have something to do with the fact that my coworkers and I have four badge locked security doors between the entrance to the building and our office (one of them is the elevator). 5 to get to our datacenter. 6 to access our cage in the DC. Of those, only two are biometrically locked. Both biometric locks can be bypassed in various ways, including badge piggy backing. And we're just one out of 20 or so tenants in the building. Some of which share our DC space and have their own cage. (No, I won't say where I work or who I work for.)

This setup isn't unique in our company or any company I've worked for. So when people tell me, "But the corps would be more secure", I point and laugh. Cause I know first hand, they ain't. Oh sure, there might be slightly tighter security in Shadowrun, due to the dystopian setting, but even in Shadowrun human nature is a weakness ready (and waiting) to be exploited. Add in a disgruntled employee, it's a wonder sensitive information doesn't get out more often. With one badge and some patience/knowledge, I know you can physically get sensitive data on major companies. And as anyone familiar with data security is well aware, once you physically have access, your virtual security doesn't matter much. With physical access, someone can walk away with the hardware and crack it at their leisure. (Which for some Linux distros is about 5 minutes, depending on how fast the server reboots.)

-Temperance

And sometimes you do not even have to be the one carrying it out. All you need is one executive who is behind on a project with the deadline looming and watch if they don't take their work home with them.

When I was in the service we actually had an incident when a Major took home sensitive files for a project that was due early in the next week to work on over the weekend and left them in his car when he ran into a shop 'real quick' to come out and find the car have been lifted.

I think he is still counting penguins on remote duty.....

My concern with this one is that those 700 players weren't a sample or a proper play test, but rather a "Focus Group." The method of selecting a Focus Group is counter to running a proper play test. Focus Groups are used for confirmation bias, not for actual proper testing. The method of selecting a Focus Group, boiled down, would be to select them from a specific background (i.e. cat enthusiasts, male college students who play FPS's, or housewives who spend large amounts of time on social media), a specific activity (NASCAR, bull fights, support groups), or a specific
environment (marketed events at a convention, specifically worded advertisements on Craig's List, etc.). This isn't how you TEST something, this is how you find Yes Men to confirm what you want them to confirm.

For a proper test and review process, you need people who aren't personally involved in the creation, who have collectively varied topical expertise, and you need to find them from more than just 1 or 2 events, of which can skew results.

I don't know what method was used, and I'm not going to blame you specifically. But a review of HOW the test groups were chosen may tell you more about the people making the game than about the game's design.

I'm one of the more vocal here about circumventing the wireless bonuses, so I would just like to say, I'm not against gear/ware hacking. I think it's a glorious idea, to a point. I love the idea of watching the decker make the opposing street sam strangle himself, or fall over mid-charge. On the other hand, I think there's better ways of going about it than saying "everything's always on the Matrix, all the time." Some easy ways to fix this would have been:
- On Line Bonuses: require your device to be connected to your PAN, unless otherwise noted (for those bonuses that REALLY WOULD need a dispersed cloud computing). Provide co-processors as an upgrade (maybe in a splatbook) that would give your PAN an "on-device" limit for gear you don't want getting out.
- PAN Hacking: Once a device is "slaved" (not simply "connected") to your PAN, it relies entirely on that PAN's protection. If your PAN gets hacked, everything slaved to it is vulnerable to the hacker's commands/assaults. Risk vs. Reward, and that tough-to-crack FW is all that stands between you and everything that HOLYCRAPTHESTREETSAMJUSTHADITINHIDDENMODEOHDREK!!

This would circumvent most of the complaints about the ALWAYS MATRIX OR ELSE issue, provide security and spy-games, while still providing hackers something to do.

You're assuming a lot here.

I mentioned this in another post, but this book is the essential reference for most things security related: Security Engineering.

It is invaluable in its treatment of the topic.

And while the focus is largely Distributed Systems, there is a good treatment of a number of related topics. A case study on an Art Museum, and the various counter-measures employed with the subsequent means of defeating those counter-measures was particularly interesting.

In some respects, it's a real life CSH. With all the tongue in cheek of a pessimistic British, Cambridge University PhD.

-Wired_SR_AEGIS

Not an assumption, a concern. I'm not saying it was a formal, scientific study, and I'm not saying it wasn't. I'm concerned that the testing MAY have been biased, and so far there's been nothing addressing this, one way or the other. It was brought up earlier, nobody asked that sort of question, and I'm making my concern known.

Say guns were just invented yesterday, as a miraculous new hunting device. Hunters are regaling the world with its efficiency and utility. And then somebody says "isn't it possible that the gun could be used for MURDER? Did anybody in your test group bring up such concerns? Did you include anybody in your test group that may have included such concerns?" Or, alternatively, in the Video Game industry, much of the testing that's been influencing AAA game design has been... FOCUS GROUPS!! They test games using people selectively chosen from a market of people who, largely, prefer First Person Shooters. Then, anytime a game idea is shifted and adapted to be more like every FPS that came before it (to satisfy the whims of the chosen test group, the Focus Group), people behind the focus group are amazed that it doesn't sell more. Games that try to clone Call of Duty will never be as beloved, because we already HAVE Call of Duty. Testing a video game against groups that love Call of Duty above all else will lead to the input largely telling you, "this game needs to be more like Call of Duty," rather than, "This game could use some more interactivity, and maybe improve the interface and physics engine for X and Y activities."

In the same vein, if the tests marketed SR5 to people as being, "more like GitS," then your test group will largely be biased towards activities they've SEEN in GitS. If you marketed it as "SR5, with updated and balanced mechanics and more activities for deckers," then you'll see people expecting updated balance and such. If you marketed the test as "SR5, come test the new mechanics and tell us what you think," you'd probably have had some people complain "it's not new enough," while others would see it as something to try to break or refine. It's all in the wording.

I don't know how the testing was worded. I don't know how they invited and selected everybody testing. All I know is that some of what has been revealed so far seems, metaphorically speaking, a little under-cooked.

If, to me, a few things seem theoretically sound but technically incoherent, who's to say my concern isn't valid?

Wall of text notwithstanding, I understood what you meant with a concern.
However, the process to become a playtester went "Write an email to Jason Hardy and ask if he needs playtesters". I know this for several reasons, one of them because someone over at shadowrun4.com asked this very question and someone official answered.

Very possibly, some people were invited to playtest, such as authors and their friends, but that doesn't mean that all playtesters or even a majority of playtesters were yes-men.

In short: Your concern is unfounded, and without actual data it is not very helpful, least of all for your personal peace of mind

A couple notes...

Dire Radients comment wasn't about the playtesting pool. It was about the Origins Game Fair, and how many people showed up to play in events the Catalyst Demo Team was running. One fun thing about that is that on Wednesday night, the there was a small fire in the north end of the convention center where all the mini's, CCGs, and board game events are. It got evacuated for several hours. The CDT Agents were running events on the south end. So they ended up running 3 completely unscheduled events that night (at a time when there were no events planned), mostly for groups of non-Roleplayers. One of the GMs said his table was almost entirely guys were strictly Mini's gamers and never did RPGs, so they were new to not only SR, but Tabletop RPGs as well. ANd by all reports, had a great time and picked up the system quickly.

Other note about actual playtesting. It was very informal in how groups were selected, but many of us who ran or organized playtesting groups did so with diversity in mind. I know a couple groups specifically incorporated some players new to SR completely. One of my guys really disliked Shadowrun 4 (long time old school SR1-3 player). And I've been involved in playtesting off and on since... January 2012, I think was our first one?

<shrug>

Bull

The ask to see the data

Assuming there was a questionnaire or a check list, what sort of questions/responses were relevant? That way you get an idea of what they were looking for without actually seeing the information being reviewed and thus would not break NDA directly.

Or was this more on the fly with GM's supposed to run the events and try to keep an ear open for oddities cropping up. That can be a bit gruelling to keep track of if nothing was written down.

The wording of the questions can be telling, not unlike when a lawyer restricts a witness to yes and no answers when the actual answer is more complex than that.

'And are you, Mr Wilson, still sexually abusing your son.... answer yes or no please' Even if the witness never touched a child the wording of the question implies he had in the past so even a No still carries a guilty response

If a person wants to throw out figures ' like X number liked it and had no problems why are you?' or you say well there is no data so your question is not relevant, then the counter to this would be what was the data gathered.

Personally I am on neither side in this, for every 10 playtesters used they will come up with 11 different ways to do something and I am sure in weeks to come someone will stumble across something we have not noticed yet that will cause a stir when we are enlightened to it. It is what we do after that tells the most.

Then or they?

This data is most likely internal. It is not relevant to the public at large because the concern comes from a completely unfounded source (namely: the fear of change inherent in everyone of us).
The rest of your example isn't really helpful either, sorry to say. Why would anyone assume that sane people operate this way in creating a new product? It is a lot of assuming, assuming, assuming.

Everyone can construct a worst-case-scenario (I still have to snicker about Wurst-Käse-Szenario, which is a joke that probably only a minority will get ) in their heads, then build a bunker and stock it with canned food to live for 200 years after the nuclear winter.
Is this helpful? Most people would say that it's not.

A helpful thing is to assume that people acted for healthy reasons and didn't invite playtesters because they wanted to hear "Good work" and be patted on the back by them.
But that would go counter the need for confirmation that one's own expectation of Shadowrun, BannockRun, SendazRun, CritiasRun, GoodmanRun, BullRun or WhoeveRun* is different from the things that a number of other people want and expect in a system. It's natural, of course, to try to rationalize one's own opinion, but seldomly helpful and frequently leads to ulcers

The product is almost out. People are crying over spilled milk. The only course to follow is either buy in (if you like the changes), opt out (if you don't like the changes) or change the new rules so they fit your personal style (if you like some, but not all of the changes). I know what I'll do

*No offense meant to anyone named here.

Bannockburn answered my question up there.

If it was an open "email me" then, even worst cases considered, I'm okay with that. We would have heard more rage by now if somebody with these concerns had been rejected or brought up. I, for one, had too much going on in my life the last year or so, or else I may have had the time and mental stamina to look into it.

Without any further grief on that subject, thank you for addressing this.

Edit:
As for "sane people" using this as SOP... the video game industry, especially along the AAA side of things. ANYBODY who uses a "focus group" is only going to find confirmation bias.

So their opinions are worthless for evaluating an RPG system because they had nothing to compare it to, and had only a couple of hours to acquaint themselves with the concept? Got it.

Not entirely worthless. A big part of playtesting also includes testing accessibility for other audiences. Regardless of other problems I may have with this edition, I can stand by this side of the playtest.

Depends on what you want to test in that particular case.
Polemics notwithstanding it is very valuable information if a newcomer is able to understand a system quickly and has fun with it (although the fun part arguably comes in most parts from the group and GM). I really see no reason for that kind of hostility.

Yes, but did they have fun? Was it playable without shooting oneself in the head (assuming that mentalist witch a few threads down isn't controlling me of course)?

It sounded like they had a good time so that is a plus in any case.

And for the record, neither myself or any fire elementals I may have bound were anywhere in Origin astral space at the time of the blaze.

RPG playtesting is generally not about stress testing core design decisions. If they blow up in your face and are obviously unworkable you may change them, but there are usually good reasons (in the conceptual/vision of the game sense) why you chose them. You're mainly looking for logical issues, rules interactions you didn't expect, and some feedback on how well the product as a whole works. I was playtester or lead playtester on a lot of GURPS products and I can tell you right now that feedback along the lines of "completely change X" is not helpful or compelling to the author(s).

It's important to remember that roleplaying games are generally not technical documents, they are a crystalization of ideas floating around in a few people's headspaces that they struggle to codify. They internally know how it's all supposed to work together and they (ideally) think it's a pretty awesome set of concepts - they just want some help to smooth out the rough edges. Completely rethinking the core vision is extraordinarily difficult and may not even be worth the time since the hardest part - getting the draft done - has been finished.

Also consider that Shadowrun has a lot of books that are effectively "in print" as PDF. If sales of SR4 have been slowing or stopped, a new edition, even if it alienates some players, will drive some new sales and possibly push sales of that back catalog from players that dropped out in SR2, SR3, or early 4 (possibly even from alienated players that see now as the time to fill out their collection of the "best" edition).

There's a danger of doing a new Corporate Security Handbook too well. Most of the problems with really high security areas (e.g. SCIFs) is the level of inconvenience and busywork involved, which means people take shortcuts or just blow off precautions. Agents and security riggers can provide a level of intelligent oversight to eliminate most of the hassle while still maintaining enough of the "security theater" that the users feel safe.

Think of it this way. Stressing basic security settings for biometrics alone would mess up the plans of a lot of runners and outright shut some groups down if you just popped up with "Oh, you know you can't just cut his hand off, right? And since the scanner shows he has an elevated pulse from being coerced and it has triggered a security alert. Oh, and an Agent was watching the vidveed from this door so in fact, that happened as soon as you showed up and this just escalated it. The door stays locked. BTW remember those guards you tranqed earlier? Yeah, they were wearing biomonitors and that also flagged an alarm. Turns out they were just keeping the alert quiet until K-E showed up since you haven't killed anyone. They're outside."

...That's how I run Shadowrun. And my players still come up with crazy creative ways to finish their jobs.

And that's the way it should be. But you can understand how this might cause some GMs to get a reputation as a railroading group-killer

I suppose, but railroading and group-killing is orthogonal to 'designing realistic security scenarios', no?

Just have the cleaning crew leaves the stains on the floor (maybe a chalk outline or two) for the next team to see and ponder.

? That would imply they were always independent. They are not. A group running a pink mohawk game with the best GM on the entire planet will not be very happy if he suddenly drops a realistically (as in, uses Shadowrun technology and game mechanics to his advantage) comprehensive security schema on them.

Does noone remember what happened when the Corporate Security Handbook came out and the complaints it generated along those lines? <checks the publication date . . . 1995 . . . suddenly the weight of years lands on my shoulders>

1 9 9 5

Good god, I suddenly realized how long ago that was.

I remember my GM at the time saying "I'm not gonna use all of this at once."
I followed this very wise counsel when I ran Arcology Shutdown.

Yes, but does your cane get a wireless bonus?

I've generally avoided this by throwing my players a bone. Characters with the proper knowledge skills are more than welcome to ask for hints, and I will happily give them clues or point out things their character might have noticed that they don't have the personal knowledge to extrapolate from context.

I typically introduce shit by stages. Going from normal physical security (mooks, MAD scanners) to hostile hackers and spirits to drones and blast doors and pressure pads and shit. I haven't managed to kill a player yet!

It doesn't right now, but in SR5 I get to rap kids on the head as a Free Action if it's connected.

Ah the finest in SeniorRun Tech indeed, just like these gems:

Cyberhips

Tired Reflexes

Rigged golf carts

Form Fitting Adult Diapers

Next years April fools product writes itself.

I don't know.. it's kind of hard to one up the DoughMaster from Rigger 4.

I mean funny yet still in the back of your mind you are thinking.. yeah.. that COULD work

Though we could do it as a sourcebook for after you retire from the shadows I suppose... Sorta like Gran Torino with warez

FWIW, there are a number of names in the Playtesting section. You'll see mine, and in there are nine or ten others that playtested in my group. A couple of them are my wife and the wife of another playtester in my group. They were brought in specifically because they weren't gamers and their preconceived notions were based on watching their husbands being geeks. They gave great feedback. A couple of them were grizzled vets, most of my group were somewhere in the middle ground. You'll see the name James Vaughan in there; he tore the new rules to shreds and asked lots of questions (and thinks wireless bonuses are an abysmal idea).

Just because we write for the company doesn't mean we're yes-men.

"So, did you like it?"
"I don't remember. Who are you?"
"I don't know! Where's the nurse?"
"We have a nurse?"

This provides an excellent place for characters like Shadow Ron to become canonical.

The biggest problem would be trying to figure out if the Rigger was doing his job and the Decker going full VR, or if they were having seizures...

Move-by-Tired: By controlling your body's natural seizures, this augment enables you to once again, albeit in stuttering, jerky motions. Mechanics - move speed increased to that of a young whippersnapper.

Heh..

Course still better than when everytime the Mage tries to astrally project the nurses call the crash team and break out the defibrillator.

I have the title: SenescenceRun

I like it

and for an early story arc....

In 2072, a retired commando team was sent to a nursing home by family court for crimes they didn't commit (or at least remembered)

These men slowly escaped from a maximum security rest home to the Los Angeles Deep Lacuna.

Today, still wanted by Social Security, they survive as elders of fortune.

If you have a problem, if no one else can help, and if you can find them, maybe you can hire.. the Ache Team