[penllawen]

Scenario: Danielle the Decker is helping her 'runner team infiltrate an EvilCorp office. She wants to hack the exterior camera so the team can sneak up the door. (Loop it, turn it off, glitch it out for a few seconds, whatever.)

According to 6e: she probably rolls Spoof Command (her Cracking+Logic vs the camera's Data Processing+Firewall.) EvilCorp isn't made up of fools, however. The camera is slaved to a security host that runs the building, so instead of its own pitiful dice pool, it can roll a decent handful derived from the host stats. Danielle doesn't need any access levels anywhere do this, so off she goes.

BUT HOL' UP A MINUTE

Per 6e CRB pg 185: "The virtual space in a host is separate from the Matrix at large, and any icons on that host are not accessible unless expressly part of a public-facing side. Gaining access to a host will allow interaction with the icons and devices on the inside"

Why is the security camera's icon on the grid at all? Why isn't it inside the host, which would result in Danielle having to hack the host first?

One response might be "you don't need a device to be inside a host to be slaved to a host", which I accept, but it doesn't answer my question. Why didn't EvilCorp choose to put the camera's icon in the host? It gives it extra security for free. But that doesn't seem to be RAI, or the change in Spoof Command from 5e to 6e is a bit pointless, right?

[Finstersang]

Per 6e CRB pg 185: "The virtual space in a host is separate from the Matrix at large, and any icons on that host are not accessible unless expressly part of a public-facing side. Gaining access to a host will allow interaction with the icons and devices on the inside"

Why is the security camera's icon on the grid at all? Why isn't it inside the host, which would result in Danielle having to hack the host first?

One response might be "you don't need a device to be inside a host to be slaved to a host", which I accept, but it doesn't answer my question. Why didn't EvilCorp choose to put the camera's icon in the host? It gives it extra security for free. But that doesn't seem to be RAI, or the change in Spoof Command from 5e to 6e is a bit pointless, right?

It think the quote from the CRB is (refreshingly) clear here: If the icon for the Camera is "stashed away" inside the host, the decker has to enter the host. Which is fine, because else, hackers would never have to enter any hosts besides data extraction.

There are few consideration on why this doesn´t make the improvement of Spoof Command invalid:

• Obviously, not everything is secured by a host. There are PANs and standalone devices as well. All of these can now be manipulated with one action only.
• There are ample reasons on why the Camera icon (or other devices) might not be put inside the host: The security rigger is a bit lazy or fears that the host might get overloaded. The cameras are installed by seperate contractors. The onsite security protocols demands quick access to the camera feeds, whithout having to enter the host first. Mechanically, the Camera would be safer inside the host and not just slaved to it from outside. But unlike players, the GM doesn´t have to care about optimization, but about giving the right cues and incentives to keep the narrative afloat. If the GM wants to lure the hacker inside the host, the cameras are inside. If the GM decides that this will be too much of a hazzle, they are outside.  More than often, it will be the latter, since the previous Editions have made players and GMs weary of lengthy Matrix minigames.
• Direct Connections, Skinlink, Data taps: I´m pretty sure that these are at least supposed to give you access to devices regardless of the position inside or outside a host. Amittingly, this is a bit of guesswork, would be cool to get confirmation here.

[Banshee]

Per 6e CRB pg 185: "The virtual space in a host is separate from the Matrix at large, and any icons on that host are not accessible unless expressly part of a public-facing side. Gaining access to a host will allow interaction with the icons and devices on the inside"

Why is the security camera's icon on the grid at all? Why isn't it inside the host, which would result in Danielle having to hack the host first?

One response might be "you don't need a device to be inside a host to be slaved to a host", which I accept, but it doesn't answer my question. Why didn't EvilCorp choose to put the camera's icon in the host? It gives it extra security for free. But that doesn't seem to be RAI, or the change in Spoof Command from 5e to 6e is a bit pointless, right?

It think the quote from the CRB is (refreshingly) clear here: If the icon for the Camera is "stashed away" inside the host, the decker has to enter the host. Which is fine, because else, hackers would never have to enter any hosts besides data extraction.

There are few consideration on why this doesn´t make the improvement of Spoof Command invalid:

• Obviously, not everything is secured by a host. There are PANs and standalone devices as well. All of these can now be manipulated with one action only.
• There are ample reasons on why the Camera icon (or other devices) might not be put inside the host: The security rigger is a bit lazy or fears that the host might get overloaded. The cameras are installed by seperate contractors. The onsite security protocols demands quick access to the camera feeds, whithout having to enter the host first. Mechanically, the Camera would be safer inside the host and not just slaved to it from outside. But unlike players, the GM doesn´t have to care about optimization, but about giving the right cues and incentives to keep the narrative afloat. If the GM wants to lure the hacker inside the host, the cameras are inside. If the GM decides that this will be too much of a hazzle, they are outside.  More than often, it will be the latter, since the previous Editions have made players and GMs weary of lengthy Matrix minigames.
• Direct Connections, Skinlink, Data taps: I´m pretty sure that these are at least supposed to give you access to devices regardless of the position inside or outside a host. Amittingly, this is a bit of guesswork, would be cool to get confirmation here.

Yep, basically what Fin said above.

Also maybe the camera needs to be outside of the host so it can directly interact with something that requires its feed. It may not be optimal from a security perspective but may be required.

Side note on direct connections (including skinlink)... we will be addressing this somewhat in the FAQ and building upon it in future supplements. It allows you to be able to hack or access any device that you can physically get to regardless of whether it is wirelessly hidden or inside of a host. It does not automatically allow you to bypass any firewall ... host or otherwise. It can also allow you to access a device that is not wireless.

[penllawen]

Hmm. I accept this reasoning from a game perspective - and that is the most important perspective. But it feels a little limp from a fluff perspective.

Coming from the point of view of someone who is writing matrix house rules right now, I might say that “slaved to a host” and “inside a host” are two different states. And that:

* slaved devices are protected by the master’s stats
* this protection can be bypassed by a direct connection (5e style)
* devices with icons inside a host gain extra protection, as they can only be accessed via the host from the Matrix (yes, this nixes Spoof Command)
* but if you hack a device whose icon is inside a host, you gain an access level on the host & everything inside it (6e style)
* if a device is inside a host and you gain a direct connection, you still get to bypass the firewall, and now you have an easy path to hacking the host too - so spiders will be cautious about this

It’s a little more fiddly than I’d like but by coupling the “inside the host” state to the “marks travel onto the host” state, I have an in-universe reason for corps to keep some stuff outside. It basically means things can come in two kinds of “hardening.” Inside the host and outside. And the former group are tougher to hack, but more valuable. 

I accept that direct connections will get some handling in future 6e books, but for now, I miss their risk/reward trade off.

[Finstersang]

Devices acting as backdoors to hosts is something I definetely miss right now.
I think this is a nice angle to find a more "mechanical" answer to the original question.

How about this?

If the Device is only slaved to the Host, but not inside the Host:

• It can be found and hacked without entering the host. (Of course, you can also interact without when inside the Host. The icons are available inside as well)
• The device gets the boosted protection from the Host.
• Direct Connections lets you circumvent the boosted protection (like in 5th Edition)

If the slaved Device´s icon is inside the Host:

• It can´t be interacted with wirelessly without enterying the Host, which is obviously a huge security feat
• HOWEVER: If you hack such a device with a direct connection - which is usually easier, since the device loses host protection - you also get the same access level to the host as long as you maintain that direct connection, essentially turning the device in a backdoor (much like in 5th Edition).

That way, it´s an actual choice for security Riggers if they want to put the icons of slaved devices inside the host or not. It´s a tradeoff between protecting the individual devices or the whole system. (Security devices serving as backdoors are also cool from a narrative viewpoint. Somehow, I just pictured a kind of surveillance room inside a host where the decker´s Avatar is suddenly climbing through one of the screens like in a certain horror movie...)

Edit: Just realized that this is pretty much identical to penllawen´s suggestion

[Hobbes]

Wireless Icon "inside" a host, the Wireless Signal still travels outside the Host so clearly interaction with the Device itself is possible.  The entire "Noise" mechanic is based around the fact that there is some kind of EM signal and can be blocked, manipulated, jammed, snooped, whatever.  I get that the Matrix is Magic, but there is still some EM stuffs going on.

5th edition described the data streams as normally filtered out, but clearly, they exist.  If stuff isn't wired, the signal is being broadcast through the open air.  That signal can be intercepted and interfered with.

If you're just looking for some fluff to justify interacting with Icons in a Host, there you go.  If you want Pseudo-RAW, go back to 5th Edition's description of the Data Streams that are normally filtered out.  You're not going after the Icon, you're going after that Data Stream going to and from the Icon.

[Hobbes]

And if you want a made up security reason to Slave a device to a Host, but not put it "In" the Host, Noise is the answer.  If a Device is in a Host it can be Hacked from anywhere in the world.  If the Icon is outside the Host the Hacker is likely physically near.

[Banshee]

Wireless Icon "inside" a host, the Wireless Signal still travels outside the Host so clearly interaction with the Device itself is possible.  The entire "Noise" mechanic is based around the fact that there is some kind of EM signal and can be blocked, manipulated, jammed, snooped, whatever.  I get that the Matrix is Magic, but there is still some EM stuffs going on.

5th edition described the data streams as normally filtered out, but clearly, they exist.  If stuff isn't wired, the signal is being broadcast through the open air.  That signal can be intercepted and interfered with.

If you're just looking for some fluff to justify interacting with Icons in a Host, there you go.  If you want Pseudo-RAW, go back to 5th Edition's description of the Data Streams that are normally filtered out.  You're not going after the Icon, you're going after that Data Stream going to and from the Icon.

That's another way of looking at what I was saying, with said device being outside the host it's because it had to communicate with something outside of the host this it's signal is vulnerable.

As for the proposed house rules you guys are looking at the only change from what I wrote is how vulnerable you are making devices to direct connection. I personally would never allow anything that would bypass the firewall, but it does allow you to hack devices that are inside of a host without hacking the host first and to me that is a huge benefit. That means if you're making a physical insertion you can be spoofing devices along the way without risking gaining access to the host network first, but would also allow you a way to bypass having to find the host itself if it was hidden.

[MercilessMing]

Yeah, my view is the same as Hobbes.  The camera is visible on the matrix because it's a wireless device.  It receives and transmits radio signals. 

That begs the perennial question that's existed since 4e - why is it a wireless device?  And the answer to that boils down to "because that's the setting".

[penllawen]

Edit: Just realized that this is pretty much identical to penllawen´s suggestion

I'm glad you said that, coz I read it three times assuming I missed some crucial detail Yes, I think we are in agreement.

And if you want a made up security reason to Slave a device to a Host, but not put it "In" the Host, Noise is the answer.  If a Device is in a Host it can be Hacked from anywhere in the world.  If the Icon is outside the Host the Hacker is likely physically near.

This, I like according to RAW. Except it messes with some changes to hosts I had in mind (basically, I want to introduce "local hosts" for small/lower security stuff - servers that live in an office or facility, do things like building control and security and data storage, work almost exactly like hosts mechanically but have a specific geographic location and the effects of noise and distance that implies.) Hmmm. Dammit. (Obviously that's on me, though.)

Wireless Icon "inside" a host, the Wireless Signal still travels outside the Host so clearly interaction with the Device itself is possible.  The entire "Noise" mechanic is based around the fact that there is some kind of EM signal and can be blocked, manipulated, jammed, snooped, whatever.  I get that the Matrix is Magic, but there is still some EM stuffs going on.

The camera is visible on the matrix because it's a wireless device.  It receives and transmits radio signals.

Some more "hmmmm". Makes perfect sense on one level, but "you can't interact with an icon inside a host unless you're inside the host" is a pretty iron-clad concept in SR4/5/6. Surely poking holes in that is going to have knock-on effects elsewhere..? Of the "Why would any of is go in there past all the guys with guns when I can simply sit out here in this van and hack the database from safety" variety?

That begs the perennial question that's existed since 4e - why is it a wireless device?  And the answer to that boils down to "because that's the setting".

Yeah. You can drive yourself mad with this stuff. I wonder how many headaches Banshee has on the regular...

[Finstersang]

Hobbe´s objection is valid, so let´s spin this further. All of this boils down to encryption. Everything that stops you from freely manipulating stuff in the Matrix is basically a layer of encryption: The Marks Access levels required, Firewalls, File Protection etc.

Slaving a device to a host adds an additional Layer of encryption, reflected by boosted defense Attributes. Putting the Icon of the device inside the host is another Layer of encryption, one that is so strong that you can´t bypass it from outside (at least not in a reasonable timeframe): You need to get inside and basically put yourself behind that layer of encryption as well. The Host´s firewall is quite literally a wall.

However, as you correctly pointed out, there´s still a signal from the wireless devices. Theoretially, you should be able to pick them up and process them - although there is limited use for this if you can´t break the encryption. There should be some things that are still possible without going into the host (or dealing with encryption in general):

• (Indiscriminate) Jamming just overloads the Matrix with Noise, so that should work. As far as I can tell right now, that´s also RAW. But I might be mistaken.
• Percieving the Device should be possible as well. You don´t really find the icon of the device (because that´s encrypted as well), but you should be able to notice the general presence of the device and you should be able to trace it back the host. It should be harder though, because with all these layers of encryption and all the other signals flying around, it´s just a faint trace. Mechanically, this could be reflected by treating the device as if it is running silently (with the host´s Sleaze rating) for outsiders or by requiring a lenghty Matrix search (leading to the host).
• Getting the physical Location of the Device. That should be possible too, at least in the near vicinity and with some triangulation. Right now, this one requires the most work IMO: Strictly RAW, you can´t hack the device without going inside the host; and without the proper access levels, you can´t perform a (physical) trace. That´s a general problem with physical traces, though: It´s a bit too deep in the "Hackers only" club. I always figured that Trace Icon in it´s current from doesn´t work by signal triangulation, but by pretty much "convincing" the device to broadcast its position to you. There should be other, more down-to-earth methods of getting the location of a device that don´t really care for encryption, just for finding the origin of a signal. Note that this was a problem in 5th as well: Riggers even had access to EWar Autosofts and designated Signal Interception Drones, but RAW, these were pointless without Decker equipment.
  

[Hobbes]

Mechanically I wouldn't let a Matrix action bypass a PAN/WAN Firewall.  But letting Hacker players directly interact with an Icon to speed up play I'm (obviously) a big fan.

Skipping one or more Matrix Actions that are basically the same Logic plus Hacking vs Firewall plus X roll is a very desirable outcome, IMO.

6th edition Probe takes time and OS builds up fast, so loitering in the Host while the team infiltrates gets sticky if you want to stick to strict RAW.  TMs may be able to hang out longer by lowering OS but eventually Fade or Patrol IC will get them.

Probe on the fly isn't always practical.  I would argue that letting Icons in a PAN or WAN or Host be spotted and interacted with via Spoof (or other future Outsider Access Actions)isn't just a QoL feature, it's almost a requirement when multiple security devices need to be bypassed.   

[Hobbes]

Clarification: My arguments apply to Wireless Device Icons.  File Icons in a Host (or PAN or WAN or Whatever), are in a Host.  You want to Edit file, you've got to Enter the Host.

Persona Icons YMMV.  Spider using a Wireless Cyberdeck?  Probably.  IC launched by a Host?  Not so much.

IMO File Icons inside a PAN/WAN aren't visible unless you have User or Admin access to that network.  You may know there are file Icons in there, but they're not sending / reviving signals constantly.  Get your Probe on.

[Hobbes]

Last bit then I actually need to get some work done....

If Outsider Access doesn't let you determine what PAN/WAN an Icon is in, Matrix Defense is a Shell game.  No longer is a bag of Stealth tags the way to go, just a bag of cheap Commlinks in the trunk of the car.

Outsiders need some information/visibility on an Icon in order for the game to work.

[penllawen]

If Outsider Access doesn't let you determine what PAN/WAN an Icon is in, Matrix Defense is a Shell game.  No longer is a bag of Stealth tags the way to go, just a bag of cheap Commlinks in the trunk of the car.

Outsiders need some information/visibility on an Icon in order for the game to work.

I agree completely! I don't want it to be any other way! I just want to have some coherent explanation for when my players ask awkward questions...