[Adder]

I like using Overwatch Score as a determinant of host behavior. I agree that the connection between GOD and the host is murky, but the host definitely does know when it reaches a certain point since "host convergence" is a thing:

GOD doesn’t track personas inside a host, but it still
keeps tabs on the traffic to and from the host. This
means your Overwatch Score doesn’t change when
you enter a host, and it continues to accumulate while
you’re in the host. If you’re in a host when you reach
convergence, you’re not burned and dumped like you
are out on the grid (Overwatch Score and Convergence,
p. 231). Instead, the host gets three marks on
you and starts deploying IC.

So my current plan is to merge something like Namikaze's, Deathstrobe's, and my own ideas into a new specification for both host and Patrol IC behavior. Will work on that and get back to you soon.

edit: Oh shoot, I forgot that OS is hacker-specific. Uhh... I guess the host behavior will vary based on the highest OS score in it :-)

[Adder]

So here is a sample host's behavior:

OS 0-9
OS 10-29 Go to Yellow Alert (if at Green)
OS 30+ Go to Red Alert

Green Alert (normal operation)

•    Patrol IC doesn't scan for silent icons
•    Patrol IC investigates first illegal action per turn
•    Patrol IC monitors for custom condition (e.g. checking a special file for marks) once a turn
•    If alarm raised, launches Level 1 IC

Yellow Alert (cautious operation)

•    System decker alerted
•    Patrol IC scans for silent icons once per turn, but does not launch IC unless an illegal action is committed
•    Patrol IC investigates first illegal action per turn
•    Patrol IC monitors for custom behavior (e.g. checking a special file for marks) every pass
•    If alarm raised, launches Level 1 or 2 IC

Red Alert (high threat response mode)

•    System decker alerted
•    Patrol IC scans for silent icons every pass and immediately launches IC if spotted
•    Patrol IC investigates first illegal action per pass
•    Patrol IC monitors for custom behavior (e.g. checking a special file for marks) every pass
•    If alarm raised, launches Level 1 or 2 or 3 IC
•    (Optional host behavior such as archiving files or rebooting)

Patrol IC

•    Launches IC if a spotted icon ("loud" or "silent" but already spotted) performs an illegal action
•    No initiative needs to be rolled until Yellow Alert

Level 1 IC
-Acid (Firewall)
-Binder (Data Processing)
-Jammer (Attack)
-Marker (Sleaze)
-Crash (crashes a program)
-Track
-Killer (Matrix damage)

Level 2 IC
-Blaster (matrix + stun damage, linklock)
-Scramble (reboots you)
-Tar Baby (linklock + mark)

Level 3 IC
-Sparky(matix + biofeedback damage)
-Black IC (matix + biofeedback damage, linklock)

I intentionally made Yellow Alert the largest block, and made Red Alert relatively narrow. That's because I don't think a typical host will freak out and send the big guns that quickly, and a hacker could exceed 40 OS as well if they had a lot of things they needed to do which would give Red Alert a larger range of operation.

The reason why I phrased the Alert changes the way I did was because I could see exterior factors changing the Matrix Alert level. For example, if security reported a shadowrunner intrusion in the building, the system decker might just set it to Yellow preemptively. Or if someone had tipped the host's owner off ahead of time of a possible attack.

The system is also designed to minimize rolling for quick matrix "drive bys". If you're going in to quickly hack a door and pop it open, you will likely not accrue enough marks to even send you into Yellow Alert. Only a dedicated Matrix run will force the GM to keep track of Patrol IC initiative and do more opposed tests.

You can also configure your host anyway you like, of course. Maybe a high-security Renraku data vault host has Yellow as their normal operating procedure, and spike to Red as soon as they hit 20.

Thoughts?

[Namikaze]

I really like it. 

EDIT - Just noticed that you listed Level 3 IC in your protocols, but didn't label any IC grouping as "Level 3."  I assume you mean the Deterrent IC, but maybe left an old version of the name in there?

[adzling]

If something like this is not in data trails catalyst s doning it wrong.
Well done!

[Adder]

EDIT - Just noticed that you listed Level 3 IC in your protocols, but didn't label any IC grouping as "Level 3."  I assume you mean the Deterrent IC, but maybe left an old version of the name in there?

Whoops, thanks, fixed it. Yea originally I had them categorized by support/deterrent/vengeance based on functionality, but that just made it more awkward to deal with.

edit: I also forgot to include the scanning for illegal actions at Yellow/Red. Added now. Every turn for Yellow, every pass for Red.

Also an edit to put in the fact that lower level IC can be spawned at higher alerts (though obviously stronger IC are likely to be launched first).

[The Wyrm Ouroboros]

Mmm.  Party IC.

[Adder]

More fun questions, and these are actually quite complicated in my mind.

if you get a mark on a slave you also get a mark on the master.
This happens even if the slave was marked through a direct connection,
so be careful about who you give your slaved devices to.

The virtual space inside a host is separate from the
outside grid. When you’re outside of a host, you can’t interact
directly with icons inside it,

None of the devices can be accessed without first gaining
access (via a mark) to the Host itself. The Host then
becomes the Master for all of the devices within it, thus
providing the same protection as a WAN.

To make a direct connection, a hacker must
have a physical (wired) connection to the device, which
necessitates close physical proximity. With this connection,
the hacker can target the device separately from its
Master, and thus gain marks on the device or its Master
while making tests against the much lower Rating of the device.

You need a grid to access the Matrix.

Questions, with my answers as I understand it so far.

1. Can hosts contain devices that are not slaved to them as a WAN?
I don't think so.

2. If you mark a host (or any master), do you mark all of its slaved devices?
I think no?

3. If you add a mark to a device in the host, does that add a mark to the host?
Amazingly, yes, I think so.

4. If you have two marks on the host and zero marks on a device, and you add a mark to a device, do you now have three marks on the host?
A more specific version of #3, but I think yes?

5. If I direct connection to a WAN slaved device, am I "in" the host? i.e. can I see other icons in the host and interact with them?
I think yes?

6. Once I direct connect to a device, can I jump from there to a grid?
This is super confusing. Since exiting a host puts you on the grid you came from and there WAS no starting grid, I'm going to say no.

7. If you are someplace with literally no Matrix access (e.g. a Faraday cage) and you direct connect to a device... does that work? Can you still interact with it via Matrix actions? (since the rules explicitly say you need to have a grid to use the Matrix)
I have no idea.

8. Once in a host, are all non-silent icons immediately visible to me? Let's say it was a host containing all the of data Renraku has, stored in non-archived files. Could I just immediately find any file that I was looking for?
I want to say no, but I think the answer is yes? Perhaps sculpted hosts (with "walls") make the answer to this less weird.

Thoughts?

You may also find this link useful.

edit: removed some questions I already found the answer to

[Herr Brackhaus]

1. I agree; by virtue of how hosts work, once you enter a host you are considered directly connected to it and every icon in it, which implies that everything is connected through a WAN.

2. I believe this is a common misconception. If you obtain a mark on a slaved device you also gain a make on the master. The reverse is not the case, however.

3. Yes, this is correct; see above. The so called direct connection exploit relies on gaining a direct connection to a device slaved to a host in order to hack a mark on the device, thereby gaining a mark on the master.

4.No. See above where Master-Slave relationships are concerned.

5.First of all, there's a big difference between having a direct connection and having a direct neural interface. The former is a hacking term describing a way to circumvent host ratings and noise, the latter describes the interface between brain and electronic devices like smartguns, cyberware, and sense enhancements.

As for being connected to a device equaling being in the host; no. You have to enter the host to take any actions against icons within it, with the sole exception of a device you have a direct connection to.

6.Even when directly connected to a device you remain on a grid (or in a host); unlike in previous editions, you never actually enter other icons with the sole exception of hosts.

[Adder]

Thanks for the answers Herr Brackhaus, and my apologies on the DNI terminology.

I also immediately edited my questions after my first post and replaced a couple of them, not sure if you took that into account in your numbering. I also added a new question just now based on the other thread I read.

edit: and now I added another question :-(

[Namikaze]

1. Can hosts contain devices that are not slaved to them as a WAN?
I don't think so.

Correct.  Devices that are connected to a host are part of the host's WAN.  A device can still send a signal to a host, and vice versa though.  The advantage to putting a device outside the WAN is that physically tampering with the device doesn't automatically grant access to the host.  The disadvantage is that the device has to communicate via sending messages, rather than just pouring data into the host.  Whether this has an appreciable effect on the device, a security decker, or what have you is contested.  I wasn't going to talk about this, but I have submitted some ideas for security riggers.  If my ideas are approved, having a device that isn't slaved to a host will have much more noticeable effect.

2. If you mark a host (or any master), do you mark all of its slaved devices?
I think no?

Correct.  Marking the slave will mark the master, but marking the master does not mark the slave.

3. If you add a mark to a device in the host, does that add a mark to the host?
Amazingly, yes, I think so.

Yup.  See above.

4. If you have two marks on the host and zero marks on a device, and you add a mark to a device, do you now have three marks on the host?
A more specific version of #3, but I think yes?

Questionable.  My answer would be no, but that's because I see marks as being done in levels.  So if you have level 2 marks on a host, and get a level 1 mark on a device, you still only have level 2 on the host.  If you have level 2 on the host, but get level 3 on a slaved device, then you get level 3 on the host as well.  Honestly, there's no basis for this opinion, it's just how I perceive security working in a situation like this.  Hopefully Data Trails will provide some clarity.

5. If I direct connection to a WAN slaved device, am I "in" the host? i.e. can I see other icons in the host and interact with them?
I think yes?

Yes.  The way this works is to have you connected to your cyberdeck, then you connect to the device.  The cyberdeck generates the persona, which then enters the host via the device's access point.

6. Once I direct connect to a device, can I jump from there to a grid?
This is super confusing. Since exiting a host puts you on the grid you came from and there WAS no starting grid, I'm going to say no.

Only if that device is capable of forming a persona (commlink, cyberdeck, rigger command console), or if you're already on a grid.  Otherwise, you'd just get dumped into the meat world again.

7. If you are someplace with literally no Matrix access (e.g. a Faraday cage) and you direct connect to a device... does that work? Can you still interact with it via Matrix actions? (since the rules explicitly say you need to have a grid to use the Matrix)
I have no idea.

I would say yes, but your access is limited to only within the Faraday cage.

Thoughts? These rules accumulated honestly make the system seem pretty broken, since targeting any device in the host marks all the other devices and the host itself. That strikes me as strange.

The intent with this seems to have been to provide a physical method of hacking into a host that has really high stats.  It encourages a hacker to get on-site and plug in directly to the terminal, camera, or whatnot.  Which is how hacking always had to be done from 1st edition to 3rd edition.  4th edition's hacking was broken in that a kid in Germany with a commlink could hack a Renraku Ultraviolet node in Tokyo without breaking a sweat.  I think 5th edition's hacking rules are trying to be somewhere in the middle, and I still hold out hope that Data Trails will give us many more options and much more clarity.

[DeathStrobe]

1. Can hosts contain devices that are not slaved to them as a WAN?
I don't think so.

I don't think so either. Other than personas. The rules would get too weird if you allow that.

2. If you mark a host (or any master), do you mark all of its slaved devices?
I think no?

Nope. Marking the masters do not mark the slaves. Though, it did work that way in SR4. The Slave/Master relationship has greatly changed since then.

3. If you add a mark to a device in the host, does that add a mark to the host?
Amazingly, yes, I think so.

Yes, because of the master/slave relationship.

4. If you have two marks on the host and zero marks on a device, and you add a mark to a device, do you now have three marks on the host?
A more specific version of #3, but I think yes?

Rules are unclear, but I'd say yes. This also means the fork program which allows you to hack to devices at once is really powerful/dangerous for the master when hacking a slave.

5. If I direct connection to a WAN slaved device, am I "in" the host? i.e. can I see other icons in the host and interact with them?
I think yes?

Not yet, you need to do the enter/exit host action.

6. Once I direct connect to a device, can I jump from there to a grid?
This is super confusing. Since exiting a host puts you on the grid you came from and there WAS no starting grid, I'm going to say no.

Yes, you just go to whatever your default grid is, with all your normal OS you built up while in the host.

7. If you are someplace with literally no Matrix access (e.g. a Faraday cage) and you direct connect to a device... does that work? Can you still interact with it via Matrix actions? (since the rules explicitly say you need to have a grid to use the Matrix)
I have no idea.

To specifically says you don't need a grid if you are direct connected. Specific rules trump general.

SR5 p232
When you use a direct connection, you ignore all noise modifiers and modifiers due to being on different grids or the public grid. It’s just you and the device.

8. Once in a host, are all non-silent icons immediately visible to me? Let's say it was a host containing all the of data Renraku has, stored in non-archived files. Could I just immediately find any file that I was looking for?
I want to say no, but I think the answer is yes? Perhaps sculpted hosts (with "walls") make the answer to this less weird.

Yes, but I also don't like that ruling. So I go with needing to make a Matrix Search test, with rules for rushing the job, with each hit over the threshold able to cut the interval time in half.