Shadowrun
Shadowrun Play => Rules and such => Topic started by: penllawen on <01-31-20/0526:39>
-
Scenario: Danielle the Decker is helping her 'runner team infiltrate an EvilCorp office. She wants to hack the exterior camera so the team can sneak up the door. (Loop it, turn it off, glitch it out for a few seconds, whatever.)
According to 6e: she probably rolls Spoof Command (her Cracking+Logic vs the camera's Data Processing+Firewall.) EvilCorp isn't made up of fools, however. The camera is slaved to a security host that runs the building, so instead of its own pitiful dice pool, it can roll a decent handful derived from the host stats. Danielle doesn't need any access levels anywhere do this, so off she goes.
BUT HOL' UP A MINUTE
Per 6e CRB pg 185: "The virtual space in a host is separate from the Matrix at large, and any icons on that host are not accessible unless expressly part of a public-facing side. Gaining access to a host will allow interaction with the icons and devices on the inside"
Why is the security camera's icon on the grid at all? Why isn't it inside the host, which would result in Danielle having to hack the host first?
One response might be "you don't need a device to be inside a host to be slaved to a host", which I accept, but it doesn't answer my question. Why didn't EvilCorp choose to put the camera's icon in the host? It gives it extra security for free. But that doesn't seem to be RAI, or the change in Spoof Command from 5e to 6e is a bit pointless, right?
-
Per 6e CRB pg 185: "The virtual space in a host is separate from the Matrix at large, and any icons on that host are not accessible unless expressly part of a public-facing side. Gaining access to a host will allow interaction with the icons and devices on the inside"
Why is the security camera's icon on the grid at all? Why isn't it inside the host, which would result in Danielle having to hack the host first?
One response might be "you don't need a device to be inside a host to be slaved to a host", which I accept, but it doesn't answer my question. Why didn't EvilCorp choose to put the camera's icon in the host? It gives it extra security for free. But that doesn't seem to be RAI, or the change in Spoof Command from 5e to 6e is a bit pointless, right?
It think the quote from the CRB is (refreshingly) clear here: If the icon for the Camera is "stashed away" inside the host, the decker has to enter the host. Which is fine, because else, hackers would never have to enter any hosts besides data extraction.
There are few consideration on why this doesnīt make the improvement of Spoof Command invalid:
- Obviously, not everything is secured by a host. There are PANs and standalone devices as well. All of these can now be manipulated with one action only.
- There are ample reasons on why the Camera icon (or other devices) might not be put inside the host: The security rigger is a bit lazy or fears that the host might get overloaded. The cameras are installed by seperate contractors. The onsite security protocols demands quick access to the camera feeds, whithout having to enter the host first. Mechanically, the Camera would be safer inside the host and not just slaved to it from outside. But unlike players, the GM doesnīt have to care about optimization, but about giving the right cues and incentives to keep the narrative afloat. If the GM wants to lure the hacker inside the host, the cameras are inside. If the GM decides that this will be too much of a hazzle, they are outside. More than often, it will be the latter, since the previous Editions have made players and GMs weary of lengthy Matrix minigames.
- Direct Connections, Skinlink, Data taps: Iīm pretty sure that these are at least supposed to give you access to devices regardless of the position inside or outside a host. Amittingly, this is a bit of guesswork, would be cool to get confirmation here.
-
Per 6e CRB pg 185: "The virtual space in a host is separate from the Matrix at large, and any icons on that host are not accessible unless expressly part of a public-facing side. Gaining access to a host will allow interaction with the icons and devices on the inside"
Why is the security camera's icon on the grid at all? Why isn't it inside the host, which would result in Danielle having to hack the host first?
One response might be "you don't need a device to be inside a host to be slaved to a host", which I accept, but it doesn't answer my question. Why didn't EvilCorp choose to put the camera's icon in the host? It gives it extra security for free. But that doesn't seem to be RAI, or the change in Spoof Command from 5e to 6e is a bit pointless, right?
It think the quote from the CRB is (refreshingly) clear here: If the icon for the Camera is "stashed away" inside the host, the decker has to enter the host. Which is fine, because else, hackers would never have to enter any hosts besides data extraction.
There are few consideration on why this doesnīt make the improvement of Spoof Command invalid:
- Obviously, not everything is secured by a host. There are PANs and standalone devices as well. All of these can now be manipulated with one action only.
- There are ample reasons on why the Camera icon (or other devices) might not be put inside the host: The security rigger is a bit lazy or fears that the host might get overloaded. The cameras are installed by seperate contractors. The onsite security protocols demands quick access to the camera feeds, whithout having to enter the host first. Mechanically, the Camera would be safer inside the host and not just slaved to it from outside. But unlike players, the GM doesnīt have to care about optimization, but about giving the right cues and incentives to keep the narrative afloat. If the GM wants to lure the hacker inside the host, the cameras are inside. If the GM decides that this will be too much of a hazzle, they are outside. More than often, it will be the latter, since the previous Editions have made players and GMs weary of lengthy Matrix minigames.
- Direct Connections, Skinlink, Data taps: Iīm pretty sure that these are at least supposed to give you access to devices regardless of the position inside or outside a host. Amittingly, this is a bit of guesswork, would be cool to get confirmation here.
Yep, basically what Fin said above.
Also maybe the camera needs to be outside of the host so it can directly interact with something that requires its feed. It may not be optimal from a security perspective but may be required.
Side note on direct connections (including skinlink)... we will be addressing this somewhat in the FAQ and building upon it in future supplements. It allows you to be able to hack or access any device that you can physically get to regardless of whether it is wirelessly hidden or inside of a host. It does not automatically allow you to bypass any firewall ... host or otherwise. It can also allow you to access a device that is not wireless.
-
Hmm. I accept this reasoning from a game perspective - and that is the most important perspective. But it feels a little limp from a fluff perspective.
Coming from the point of view of someone who is writing matrix house rules right now, I might say that slaved to a host and inside a host are two different states. And that:
* slaved devices are protected by the masters stats
* this protection can be bypassed by a direct connection (5e style)
* devices with icons inside a host gain extra protection, as they can only be accessed via the host from the Matrix (yes, this nixes Spoof Command)
* but if you hack a device whose icon is inside a host, you gain an access level on the host & everything inside it (6e style)
* if a device is inside a host and you gain a direct connection, you still get to bypass the firewall, and now you have an easy path to hacking the host too - so spiders will be cautious about this
Its a little more fiddly than Id like but by coupling the inside the host state to the marks travel onto the host state, I have an in-universe reason for corps to keep some stuff outside. It basically means things can come in two kinds of hardening. Inside the host and outside. And the former group are tougher to hack, but more valuable.
I accept that direct connections will get some handling in future 6e books, but for now, I miss their risk/reward trade off.
-
Devices acting as backdoors to hosts is something I definetely miss right now.
I think this is a nice angle to find a more "mechanical" answer to the original question.
How about this?
If the Device is only slaved to the Host, but not inside the Host:
- It can be found and hacked without entering the host. (Of course, you can also interact without when inside the Host. The icons are available inside as well)
- The device gets the boosted protection from the Host.
- Direct Connections lets you circumvent the boosted protection (like in 5th Edition)
If the slaved Deviceīs icon is inside the Host:
- It canīt be interacted with wirelessly without enterying the Host, which is obviously a huge security feat
- HOWEVER: If you hack such a device with a direct connection - which is usually easier, since the device loses host protection - you also get the same access level to the host as long as you maintain that direct connection, essentially turning the device in a backdoor (much like in 5th Edition).
That way, itīs an actual choice for security Riggers if they want to put the icons of slaved devices inside the host or not. Itīs a tradeoff between protecting the individual devices or the whole system. (Security devices serving as backdoors are also cool from a narrative viewpoint. Somehow, I just pictured a kind of surveillance room inside a host where the deckerīs Avatar is suddenly climbing through one of the screens like in a certain horror movie...)
Edit: Just realized that this is pretty much identical to penllawenīs suggestion :D
-
Wireless Icon "inside" a host, the Wireless Signal still travels outside the Host so clearly interaction with the Device itself is possible. The entire "Noise" mechanic is based around the fact that there is some kind of EM signal and can be blocked, manipulated, jammed, snooped, whatever. I get that the Matrix is Magic, but there is still some EM stuffs going on.
5th edition described the data streams as normally filtered out, but clearly, they exist. If stuff isn't wired, the signal is being broadcast through the open air. That signal can be intercepted and interfered with.
If you're just looking for some fluff to justify interacting with Icons in a Host, there you go. If you want Pseudo-RAW, go back to 5th Edition's description of the Data Streams that are normally filtered out. You're not going after the Icon, you're going after that Data Stream going to and from the Icon.
-
And if you want a made up security reason to Slave a device to a Host, but not put it "In" the Host, Noise is the answer. If a Device is in a Host it can be Hacked from anywhere in the world. If the Icon is outside the Host the Hacker is likely physically near.
-
Wireless Icon "inside" a host, the Wireless Signal still travels outside the Host so clearly interaction with the Device itself is possible. The entire "Noise" mechanic is based around the fact that there is some kind of EM signal and can be blocked, manipulated, jammed, snooped, whatever. I get that the Matrix is Magic, but there is still some EM stuffs going on.
5th edition described the data streams as normally filtered out, but clearly, they exist. If stuff isn't wired, the signal is being broadcast through the open air. That signal can be intercepted and interfered with.
If you're just looking for some fluff to justify interacting with Icons in a Host, there you go. If you want Pseudo-RAW, go back to 5th Edition's description of the Data Streams that are normally filtered out. You're not going after the Icon, you're going after that Data Stream going to and from the Icon.
That's another way of looking at what I was saying, with said device being outside the host it's because it had to communicate with something outside of the host this it's signal is vulnerable.
As for the proposed house rules you guys are looking at the only change from what I wrote is how vulnerable you are making devices to direct connection. I personally would never allow anything that would bypass the firewall, but it does allow you to hack devices that are inside of a host without hacking the host first and to me that is a huge benefit. That means if you're making a physical insertion you can be spoofing devices along the way without risking gaining access to the host network first, but would also allow you a way to bypass having to find the host itself if it was hidden.
-
Yeah, my view is the same as Hobbes. The camera is visible on the matrix because it's a wireless device. It receives and transmits radio signals.
That begs the perennial question that's existed since 4e - why is it a wireless device? And the answer to that boils down to "because that's the setting".
-
Edit: Just realized that this is pretty much identical to penllawenīs suggestion :D
I'm glad you said that, coz I read it three times assuming I missed some crucial detail :) Yes, I think we are in agreement.
And if you want a made up security reason to Slave a device to a Host, but not put it "In" the Host, Noise is the answer. If a Device is in a Host it can be Hacked from anywhere in the world. If the Icon is outside the Host the Hacker is likely physically near.
This, I like according to RAW. Except it messes with some changes to hosts I had in mind (basically, I want to introduce "local hosts" for small/lower security stuff - servers that live in an office or facility, do things like building control and security and data storage, work almost exactly like hosts mechanically but have a specific geographic location and the effects of noise and distance that implies.) Hmmm. Dammit. (Obviously that's on me, though.)
Wireless Icon "inside" a host, the Wireless Signal still travels outside the Host so clearly interaction with the Device itself is possible. The entire "Noise" mechanic is based around the fact that there is some kind of EM signal and can be blocked, manipulated, jammed, snooped, whatever. I get that the Matrix is Magic, but there is still some EM stuffs going on.
The camera is visible on the matrix because it's a wireless device. It receives and transmits radio signals.
Some more "hmmmm". Makes perfect sense on one level, but "you can't interact with an icon inside a host unless you're inside the host" is a pretty iron-clad concept in SR4/5/6. Surely poking holes in that is going to have knock-on effects elsewhere..? Of the "Why would any of is go in there past all the guys with guns when I can simply sit out here in this van and hack the database from safety" variety?
That begs the perennial question that's existed since 4e - why is it a wireless device? And the answer to that boils down to "because that's the setting".
Yeah. You can drive yourself mad with this stuff. I wonder how many headaches Banshee has on the regular...
-
Hobbeīs objection is valid, so letīs spin this further. All of this boils down to encryption. Everything that stops you from freely manipulating stuff in the Matrix is basically a layer of encryption: The
Marks Access levels required, Firewalls, File Protection etc.
Slaving a device to a host adds an additional Layer of encryption, reflected by boosted defense Attributes. Putting the Icon of the device inside the host is another Layer of encryption, one that is so strong that you canīt bypass it from outside (at least not in a reasonable timeframe): You need to get inside and basically put yourself behind that layer of encryption as well. The Hostīs firewall is quite literally a wall.
However, as you correctly pointed out, thereīs still a signal from the wireless devices. Theoretially, you should be able to pick them up and process them - although there is limited use for this if you canīt break the encryption. There should be some things that are still possible without going into the host (or dealing with encryption in general):
- (Indiscriminate) Jamming just overloads the Matrix with Noise, so that should work. As far as I can tell right now, thatīs also RAW. But I might be mistaken.
- Percieving the Device should be possible as well. You donīt really find the icon of the device (because thatīs encrypted as well), but you should be able to notice the general presence of the device and you should be able to trace it back the host. It should be harder though, because with all these layers of encryption and all the other signals flying around, itīs just a faint trace. Mechanically, this could be reflected by treating the device as if it is running silently (with the hostīs Sleaze rating) for outsiders or by requiring a lenghty Matrix search (leading to the host).
- Getting the physical Location of the Device. That should be possible too, at least in the near vicinity and with some triangulation. Right now, this one requires the most work IMO: Strictly RAW, you canīt hack the device without going inside the host; and without the proper access levels, you canīt perform a (physical) trace. Thatīs a general problem with physical traces, though: Itīs a bit too deep in the "Hackers only" club. I always figured that Trace Icon in itīs current from doesnīt work by signal triangulation, but by pretty much "convincing" the device to broadcast its position to you. There should be other, more down-to-earth methods of getting the location of a device that donīt really care for encryption, just for finding the origin of a signal. Note that this was a problem in 5th as well: Riggers even had access to EWar Autosofts and designated Signal Interception Drones, but RAW, these were pointless without Decker equipment.
-
Mechanically I wouldn't let a Matrix action bypass a PAN/WAN Firewall. But letting Hacker players directly interact with an Icon to speed up play I'm (obviously) a big fan.
Skipping one or more Matrix Actions that are basically the same Logic plus Hacking vs Firewall plus X roll is a very desirable outcome, IMO.
6th edition Probe takes time and OS builds up fast, so loitering in the Host while the team infiltrates gets sticky if you want to stick to strict RAW. TMs may be able to hang out longer by lowering OS but eventually Fade or Patrol IC will get them.
Probe on the fly isn't always practical. I would argue that letting Icons in a PAN or WAN or Host be spotted and interacted with via Spoof (or other future Outsider Access Actions)isn't just a QoL feature, it's almost a requirement when multiple security devices need to be bypassed.
-
Clarification: My arguments apply to Wireless Device Icons. File Icons in a Host (or PAN or WAN or Whatever), are in a Host. You want to Edit file, you've got to Enter the Host.
Persona Icons YMMV. Spider using a Wireless Cyberdeck? Probably. IC launched by a Host? Not so much.
IMO File Icons inside a PAN/WAN aren't visible unless you have User or Admin access to that network. You may know there are file Icons in there, but they're not sending / reviving signals constantly. Get your Probe on.
-
Last bit then I actually need to get some work done.... ::)
If Outsider Access doesn't let you determine what PAN/WAN an Icon is in, Matrix Defense is a Shell game. No longer is a bag of Stealth tags the way to go, just a bag of cheap Commlinks in the trunk of the car.
Outsiders need some information/visibility on an Icon in order for the game to work.
-
If Outsider Access doesn't let you determine what PAN/WAN an Icon is in, Matrix Defense is a Shell game. No longer is a bag of Stealth tags the way to go, just a bag of cheap Commlinks in the trunk of the car.
Outsiders need some information/visibility on an Icon in order for the game to work.
I agree completely! I don't want it to be any other way! I just want to have some coherent explanation for when my players ask awkward questions...
-
Clarification: My arguments apply to Wireless Device Icons. File Icons in a Host (or PAN or WAN or Whatever), are in a Host. You want to Edit file, you've got to Enter the Host.
Persona Icons YMMV. Spider using a Wireless Cyberdeck? Probably. IC launched by a Host? Not so much.
IMO File Icons inside a PAN/WAN aren't visible unless you have User or Admin access to that network. You may know there are file Icons in there, but they're not sending / reviving signals constantly. Get your Probe on.
Now this makes sense to me. I think this is what I'm going go to with for my mental model.
-
Edit: Just realized that this is pretty much identical to penllawenīs suggestion :D
I'm glad you said that, coz I read it three times assuming I missed some crucial detail :) Yes, I think we are in agreement.
And if you want a made up security reason to Slave a device to a Host, but not put it "In" the Host, Noise is the answer. If a Device is in a Host it can be Hacked from anywhere in the world. If the Icon is outside the Host the Hacker is likely physically near.
This, I like according to RAW. Except it messes with some changes to hosts I had in mind (basically, I want to introduce "local hosts" for small/lower security stuff - servers that live in an office or facility, do things like building control and security and data storage, work almost exactly like hosts mechanically but have a specific geographic location and the effects of noise and distance that implies.) Hmmm. Dammit. (Obviously that's on me, though.)
Wireless Icon "inside" a host, the Wireless Signal still travels outside the Host so clearly interaction with the Device itself is possible. The entire "Noise" mechanic is based around the fact that there is some kind of EM signal and can be blocked, manipulated, jammed, snooped, whatever. I get that the Matrix is Magic, but there is still some EM stuffs going on.
The camera is visible on the matrix because it's a wireless device. It receives and transmits radio signals.
Some more "hmmmm". Makes perfect sense on one level, but "you can't interact with an icon inside a host unless you're inside the host" is a pretty iron-clad concept in SR4/5/6. Surely poking holes in that is going to have knock-on effects elsewhere..? Of the "Why would any of is go in there past all the guys with guns when I can simply sit out here in this van and hack the database from safety" variety?
That begs the perennial question that's existed since 4e - why is it a wireless device? And the answer to that boils down to "because that's the setting".
Yeah. You can drive yourself mad with this stuff. I wonder how many headaches Banshee has on the regular...
OMG yes ... I so wanted to throw it all out and start over from scratch but nooooo "we have 30 years of history" and I wasn't allowed to do Crash 3.0
-
The concept of direct connection seem to work different mechanically between 5th and 6th edition.
In 5th edition devices were always out on the grid, but they could also be slaved to a host. If you interact with a device out on the grid that was slaved to a host then it would get to defend with host firewall (but you would not have to worry about spiders and IC since they only defend the inside of the host). This is the only scenario where a device would defend with host ratings.
If you were inside a host you were considered directly connected to all devices out on the grid that was slaved to the host, which mean you get to interact with them even though they are not actually located inside the host (devices in 5th edition were always out on the grid, never actually inside a host - as clarified by Aaron. But since you are considered directly connected to them you could still interact with them no matter where on the grid and where in the world they were located... you get sort of a direct 'window' to the device, to all slaved devices, while you are inside the host). Then again, being inside the host meant you were exposed to IC and spiders assigned to defend the integrity of the host (but since you are considered directly connected you would not have to worry about host firewall ratings or noise due to distance while interacting with devices slaved to the host).
If you connected a physical wire between the cyberdeck and the device (or physically touched the device with a living persona that have a skin link echo) you would also be considered directly connected (ignoring noise due to distance as well as master ratings). This would also let you hack a device that was wireless disabled. The drawback of this is the need for physical proximity. You have to watch out for patrols and drones etc. A slaved device that you could physically get to would also act as a sort of backdoor into a strong host (and once inside the host you would be considered directly connected to all other slaved devices without requiring physical proximity).
In 6th edition devices might be part a network and to interact with a device that is part of a network you first need to gain access to the network (unless you use an outside action which can be taken no matter if you have access on the network or not).
The whole concept of direct connection (in the sense of ignoring firewall and distance) seem to be gone. There does not seem to be any mechanical advantage (ignoring firewall or distance) by having access to the network (but many actions require that you have a level of access before you can take them). There does also not seem to be any mechanical advantage (ignoring firewall or distance) by taking the Enter Host action? It is unclear which actions (if any) that you can only take from inside a host. It is unclear when you are required to actually be inside a host (take the Enter Host action) or if 'just' having user or admin access on the 'network' is enough to be considered to be 'on the inside'. Maybe some icons can only be accessed while you are actually inside the host (like file icons). Not clear if devices in this in this edition can actually be located only inside a host? (but this seem to be what you are currently discussing). However, if this is the case then you would suddenly need access on the network (in order to take the Enter Host action) before you can take outside actions against the device (such as spoof command and data spike). This doesn't seem very likely to be the intent (but I can't say I fully understand RAI here).
There does also not seem to be any mechanical advantage of physical connection (or living persona with skinlink), other than you get to hack a wireless disabled device and that distance to the device is zero. It does not seem to let you ignore the network firewall rating. It don't seem to act as a backdoor into the host. It does not seem to act as a backdoor into the network either. Is the intent that you can enter directly into a layered host by establishing if you establish a direct connection to a device that belong to a inner layer host...?
-
The while inside or outside the host only matters for detection, if inside you can't detect it without gaining access. Other than that it just a matter of connecting to the network. If you have gained any access beyond outsider then you are considered inside.
And yes direct connection only refers to an actual physical connection and you are correct it does not provide any special privileges concerning firewall or security... that could be a 10km fiber optic cable technically
-
The camera is visible on the matrix because it's a wireless device. It receives and transmits radio signals.
Some more "hmmmm". Makes perfect sense on one level, but "you can't interact with an icon inside a host unless you're inside the host" is a pretty iron-clad concept in SR4/5/6. Surely poking holes in that is going to have knock-on effects elsewhere..? Of the "Why would any of is go in there past all the guys with guns when I can simply sit out here in this van and hack the database from safety" variety?
I've always interpreted "icon inside the host" to mean wholly matrix entities. Devices aren't "inside" a host in the same way files and IC are. So yeah just draw a line between hardware slaved to a host and software inside a host, basically.
-
The while inside or outside the host only matters for detection, if inside you can't detect it without gaining access. Other than that it just a matter of connecting to the network. If you have gained any access beyond outsider then you are considered inside.
If Icons inside Hosts can't routinely and easily interact with other Icons in a another Host on a ad hoc as needed type of basis the 6th world doesn't work. Simple example, B2B sales. Buyer at one company needs to contact a sales rep at another company. They're information workers, their Personas are probably in their respective Hosts. They don't see each others Icons, but they have to be able to interact.
Scale that up where manufacturers are sending over B.O.M.s and MRP feeds. Thousands of line items needing to be processed and aggregated with dozens, hundreds or even thousands of other customer's feeds. Then broken back up and sent to appropriate vendors who then schedule production with Factories, and then the logistics companies that actually handle the boxes of stuff represented by the data. Each step involving interactions with third party finance Hosts as well.
If Icons in Hosts aren't interacting with other Icons in other Hosts the 6th world is nothing but a collection of Etsy style cottage industries. Which is the exact opposite of how the Megas are in-game.
There has to be ways for Icons in different Hosts to interact. Whatever those mechanisms are, that is how Hackers do there thing, by exploiting those mechanisms.
All just fluff to justify Hackers being able to Hack on the fly. YMMV and all that.
-
I think the confusion originates how Enter Host cut you off the matrix in 5th edition (except for the Send Message action) while in 6th edition I think the intention seem to be that you are considered 'inside' the second you gained 'access' on the 'network'. That if you have 'access' on two 'networks' then you are considered 'inside' both of them at the same time.
(but with that reading the Enter Host action and when, and how, you may be targeted by IC - gets a bit confusing instead).
-
Banshee,
I am trying hard to understand when I am not allowed to use the Spoof Command and the Data Spike action (Outside Access Actions) against a Device Icon. I hate making assumptions on how it works... Would love if you could correct the bellow statements that you feel is out of line with your intention.
1. Device is wireless disabled
1A - Device is not part of a PAN or WAN.
Not allowed,
Unless you use a physical direct connection.
(will the device in this case not defend itself since it normally don't have Data Processing nor Firewall on its own?)
1B - Device is part of a PAN (connected to PAN with a wire)
(Is this scenario allowed to begin with)
Not allowed
Unless you use a physical direct connection.
(But what about if you have User or Admin access on the PAN?)
1C - Device is part of a WAN (connected to WAN with a wire)
(Is this scenario allowed to begin with)
Not allowed
Unless you use a physical direct connection.
(But what about if you have User or Admin access on the WAN?)
1D - Device is part of a WAN (and in this case also inside host)
(Is this scenario allowed to begin with)
Not allowed
Unless you use a physical direct connection
(But what about if you have User or Admin access on the WAN?)
(And what about if you have User or Admin access on the WAN and take the Enter Host action?)
2 - Device is wireless enabled
2A - Device is not part of a PAN or WAN.
Allowed
(will the device in this case not defend itself since it normally don't have Data Processing nor Firewall on its own?)
2B - Device is part of a PAN
Allowed.
Unless PAN is running silent, in that case you first need to:
Spot the PAN or use a physical direct connection to the device.
2C - Device is part of WAN (but not actually "inside" the host).
Allowed
Unless WAN is running silent, in that case you first need to:
Spot the WAN or use a physical direct connection to the device.
2D - Device is part of WAN and also actually 'inside' the host.
(Is this scenario allowed to begin with)
Not Allowed (because: if inside you can't detect it without gaining access).
Unless you first gain User or Admin access to the WAN or use a physical direct connection.
(Do we also need to first take the Enter Host action...??)
-
Banshee,
I am trying hard to understand when I am not allowed to use the Spoof Command and the Data Spike action (Outside Access Actions) against a Device Icon. I hate making assumptions on how it works... Would love if you could correct the bellow statements that you feel is out of line with your intention.
1. Device is wireless disabled
1A - Device is not part of a PAN or WAN.
Not allowed,
Unless you use a physical direct connection.
(will the device in this case not defend itself since it normally don't have Data Processing nor Firewall on its own?)
1B - Device is part of a PAN (connected to PAN with a wire)
(Is this scenario allowed to begin with)
Not allowed
Unless you use a physical direct connection.
(But what about if you have User or Admin access on the PAN?)
1C - Device is part of a WAN (connected to WAN with a wire)
(Is this scenario allowed to begin with)
Not allowed
Unless you use a physical direct connection.
(But what about if you have User or Admin access on the WAN?)
1D - Device is part of a WAN (and in this case also inside host)
(Is this scenario allowed to begin with)
Not allowed
Unless you use a physical direct connection
(But what about if you have User or Admin access on the WAN?)
(And what about if you have User or Admin access on the WAN and take the Enter Host action?)
2 - Device is wireless enabled
2A - Device is not part of a PAN or WAN.
Allowed
(will the device in this case not defend itself since it normally don't have Data Processing nor Firewall on its own?)
2B - Device is part of a PAN
Allowed.
Unless PAN is running silent, in that case you first need to:
Spot the PAN or use a physical direct connection to the device.
2C - Device is part of WAN (but not actually "inside" the host).
Allowed
Unless WAN is running silent, in that case you first need to:
Spot the WAN or use a physical direct connection to the device.
2D - Device is part of WAN and also actually 'inside' the host.
(Is this scenario allowed to begin with)
Not Allowed (because: if inside you can't detect it without gaining access).
Unless you first gain User or Admin access to the WAN or use a physical direct connection.
(Do we also need to first take the Enter Host action...??)
1A: correct. Devices should always get a defense but it may not be much, but at the bare minimum they should be rolling their device rating if left with no other defense.
1B: correct, having access to the network gives you the same access to the device. Remember access is network based and not device based.
1C: I assume you are talking about a host network when you say WAN ... yes same as a PAN
1D: sake as 1C except yes you would need to Enter the host first.
Side note on Enter Host ... remember it is just a minor action with no test required that has variable access requirements based on the host. So if it's a host with low access requirements (outsider) like the public library host for example it is just a slight action economy issue.
2A: correct
2B: correct
2C: yes, same as a PAN
2D: correct, and ask as above yes you must enter the host
-
For a thing I'm homebrewing, I ran into a problem like that of the thread title. (5E, though) Basically:
The Office has a Local Host, with a server room and everything dedicated to it, that's supposed to take up roughly the same "Matrix Space" as the physical location of the Office itself. Every salaryman & woman has a personal terminal that's slaved to the host, with corporate policy being their commlinks must be Wireless OFF during work hours for productivity reasons (the office building staff maintains restrooms, so workers go there to play solitaire). The host does employ a Spider, who sounds the call to the HTRs, maintains the soycaf-refill drones, and gets bored. All work-related devices in the Office are officially company property, and thus slaved to the host.
The problem is: if everything slaved to the host is also inside the host, how does the Spider affect the runners' gear? Nobody on either side should be able to spot the other side's icons.
The way I rule it, you automatically spot a device if you have meatspace line of sight to it. "Is it slaved to a host" is a thing you can find out with a Matrix Perception hit, but not necessarily which one.
This way, instead of the runners' AR just showing a solid opaque block, while they're in the Office they can see that drone that's driving by them, and the Spider can see the icons of these people who just showed up, quickly tell that they aren't part of the host, and even engage their drones and other gear if it turns out these people are here for nefarious purposes. I also like to think that, depending on the host, there can be a Noise penalty (maybe just 1 or 2) if you're in a host's physical location without being in the host itself.
As for Host-To-Host communication, you can just make that a legal Matrix action that has to be engaged by people from every host involved. Something possible, for connecting local hosts in each franchise to their head office or business between hosts, but something that PCs will never have to concern themselves with doing unless it's part of an elaborate scam requiring multiple teams.
-
As I understands it (after talking to Aaron) the intent in SR5 is this:
(most of this changed in SR6)
5E
The Office has a Local Host...
In 5th edition hosts are virtual constructs that only exists within the matrix and where the physical distance to a host, any host, is always zero. No matter where in the world you are located and no matter what grid you are currently on.
Devices are on the grid (no matter if they are not slaved or if they are slaved to a master device, being part of a PAN, or a host, being part of a WAN).
In SR5 you need to use a commlink (or cyberdeck or RCC or living persona in case of technomancer) in order to "log in" to the matrix, to get a matrix persona. If you don't have a matrix persona then you cannot take the Enter Host action nor any other matrix actions).
All work-related devices in the Office are officially company property, and thus slaved to the host.
While this is possible, this will also create a lot of potential back doors into the host (since a direct physical connection will let a potential hacker ignore host firewall rating but if he gain a mark on the unprotected device he will also gain a mark on the host... and once he enter the host he will be considered directly connected, distance of zero meters and no host firewall, to all company property slaved to the host - no matter where in the world the hacker is physically located).
Normally you would only slave devices that you can physically protect.
The camera in the public lobby is probably not slaved to the host.
The maglock on the exterior of the building is probably not slaved to the host.
The camera in the corridor behind the door marked "Private, employees only" is probably slaved to the host.
The maglock to the R&D department is probably also slaved to the host.
The problem is: if everything slaved to the host is also inside the host, how does the Spider affect the runners' gear? Nobody on either side should be able to spot the other side's icons.
The job of the decker spider is to protect the integrity of the host (by controlling Host response such as IC and also by having a matrix persona with both sleaze and attack ratings and various hacker software).
The job of the rigger spider is to protect the integrity of the facility (by being directly connected to cameras, drones, sensors, elevators, alarms etc).
Defending the grids is the job for G-Men, the Overwatch Division and its DemiGODs....
This is what Overwatch Score is for.
The way I rule it, you automatically spot a device if you have meatspace line of sight to it. "Is it slaved to a host" is a thing you can find out with a Matrix Perception hit, but not necessarily which one.
To spot a specific device that you are aware of (perhaps because you directly spot it in meatspace) is resolved with a matrix perception test. There are two exceptions to this.
1. If the device is running silent, then it get to oppose the test.
2. If not and within 100 meters then spotting is automatic.
If you attack it out on the grids then it get to defend with host ratings and noise due to distance and wireless inhabiting paint etc. But there will be no spiders or IC. Distance matter.
If you attack it directly from within the host it is slaved to you risk running into spider and IC. But in this case the device does not get to defend with host ratings and you ignore noise modifiers. Distance does not matter at all.
If you attack it with a physical direct connection then you need physical proximity, risk running into physical guards, alarms, drones etc. But you get to ignore spiders, IC and host ratings.
A good tactic is to first try to establish a direct connection to one of the less guarded slaved devices just to get a mark on the host. Then leave the site (maybe sit in the rigger van that is driving around down-town) and do the remaining hacks directly from within the host while considered directly connected to everything.
As for Host-To-Host communication
Send Message (communicating) work perfectly fine from both within and from outside a Host.
And interacting with devices out on the grid that are slaved to the host you are currently in also works (even though they are not in the host with you you are still considered directly connected to them while you are in the host).
-
Ruling 'this specific Host is location-bound and only accessible from nearby' is common for SR5 GMs, so it's not just 'hack from outside without problems', but a wired-connection-only thing wouldn't be a Matrix-bound Host but more an old-fashioned Node from a company that can't afford to upgrade their systems. At that point, you're basically dealing with a fancy PAN that's using inferior tools to act like a modern Host.
-
Both Xenon & Michael Chandra get where I'm coming from, and I am aware of SR5 RAW, as well as one can be aware of it.
In the case I was planning, yes, all of the devices slaved to the host are in the Office for which the host was built (half of one floor of an office building) and are furthermore immobile. Just another reason to have screwed-to-the-desk workstations in a time where everyone has commlinks. That way, people would have to get inside and plug into something active. Any security cameras in the hallway with the elevators, for example, is part of the office building itself.
Incidentally, Xenon's "Hosts can Send Messages to each other" sounds like the best way of explaining that, and Michael's further words on location-bound hosts gives another layer of security to ones you need an elevator to reach: you can't just park outside it like you'd be able to if it was on the ground floor. Of course, the higher the host rating itself, the better an on-site infiltration looks than having to put up with 20+ defense dice for every opposed action.
Clarificational Edit: I meant, if you're in AR and have line of sight to a device that isnt on Silent Mode, you can spot it just by making Matrix Perception even with 0 hits.
-
Incidentally, Xenon's "Hosts can Send Messages to each other"
SR5 p. 246 Hosts
When youre outside of a host, you cant interact directly with icons inside it, although you can still send messages, make commcalls, and that sort of thing. Once youre inside, you can see and interact with icons inside the host, but not outside (with the same caveat for messages, calls, etc.).
I meant, if you're in AR and have line of sight to a device that isnt on Silent Mode, you can spot it just by making Matrix Perception even with 0 hits.
I understand.
(but RAW wise you would not even need to take a test if you are within 100 meters of the device, spotting is automatic and outside of 100 meters you need a single hit on a matrix perception test, device icons that are not running silent are basically as obvious as a neon sign or a running crowd)
-
Hosts were quite a mess in 5th Edition, thatīs for sure. To this day, itīs still unclear if thereīs even such a thing as an offline host (outside of GM fiat). 5th Edition Hosts also couldnīt have device icons inside of them, but somehow, a hacker inside the host would get an automatic direct connection to all the devices slaved to it - which would have been pointless, because RAW,
Thankfully, 6th Edition - or at least Bansheeīs RAI - are a lot clearer and reasonable in this regard. Right now, I only have two humble suggestions regarding the whole inside/outside matter (and Iīd think Iīm not alone here):
1. The olī "slaved devices can be used as weakpoints to enter the host via a direct connection" really should make a comeback in some way, because it further rewards hackers going on site and looking for physical weakpoints. - Also, if that weakpoint only applies to (or is more pronounced for) the devices that have their icons inside the host, this would serve as an additional mechanical explanation on why a security rigger/decker might deliberately put device icons outside of the host.
2. As Hobbes (et al.) rightfully pointed out, wireless-enabled devices should still have some kind of detectable signal presence even if their icons are stashed away inside a host.- This also means they should be suspectable to jamming as well (and AFAIK, they are by the RAW)
- Maybe it requires a Matrix Search or a close-up Matrix Perception against the Sleaze rating of the Host (It doesnīt really serve a purpose right now anyways, does it?) to detect the signal presence of the device and also find the host where the icon is hidden? AFAIK, that would be not much different from tracking files that are stored inside a host: The hacker tracks the icon right up to the gates of the host.
- Apart from the mere signal presence, itīs kinda explainable that you canīt find the icon to properly interact with the device: The icon is basically the deviceīs virtual interface, and if itīs stuffed away inside a host, itīs basically hidden behind a tough wall of encryption. You have to put your Avater behind that wall to really interact with the device.
- Sure, that wall of encryption metaphor isnīt airtight: If you are able to crack the encryption and enter the host, you should theoretically be able to launch a attack from the outside that pierces all the layers of encryption and manages to affect the icon. Think of it as the virtual equivalent of shooting through a wall with high-powered Sniper Rifle. Well, maybe thatīs a trick that only really skillfull hackers are able to perform, or the basis for a costly Edge Action, or a Complex Form... Just a thought here ;)
-
5th Edition Hosts also couldn't have device icons inside of them, but somehow, a hacker inside the host would get an automatic direct connection to all the devices slaved to it - which would have been pointless, because RAW,
I always have to caveat that I'm no expert in Matrix, I'm one of those people for whom it's the toughest part of the game to wrap my head around, buuut... in 5th, a device being considered directly connected to the host it's slaved to shouldn't be pointless because you still get to negate noise.
Maybe it requires a Matrix Search or a close-up Matrix Perception against the Sleaze rating of the Host (It doesnīt really serve a purpose right now anyways, does it?) to detect the signal presence of the device and also find the host where the icon is hidden? AFAIK, that would be not much different from tracking files that are stored inside a host: The hacker tracks the icon right up to the gates of the host.
Doesn't serve a purpose? Host ratings cover things protected by the host, like your PAN protects your wireless devices. Devices running silent that are connected to the host would use the Host Sleaze + Spider's WILL to resist the perception check. that's RAW. (edit whoops no it's not, since devices I guess don't run silent, personas do... I dunno, makes sense to me though)
-
Ok Banshee, I have one for you :D
A maglock that is protected by a host can be (and probably should be, from the POV of the security manager) not visible on the matrix to personas that are not also inside that same host. Makes perfect sense for combination or keycard style maglocks, since it cuts down on hacking shenanigans.
What happens when the maglock is opened by a RFID signal (like from an employee ID). That's a wireless interaction, so if the lock is inside the host the ID badge can't transmit the RFID to the host, or can it, even though the maglock can't be "seen" by the ID badge? Related question: Does the host have to simply allow outsider access to that one device for it to work?
-
Ok Banshee, I have one for you :D
A maglock that is protected by a host can be (and probably should be, from the POV of the security manager) not visible on the matrix to personas that are not also inside that same host. Makes perfect sense for combination or keycard style maglocks, since it cuts down on hacking shenanigans.
What happens when the maglock is opened by a RFID signal (like from an employee ID). That's a wireless interaction, so if the lock is inside the host the ID badge can't transmit the RFID to the host, or can it, even though the maglock can't be "seen" by the ID badge? Related question: Does the host have to simply allow outsider access to that one device for it to work?
If it's a legitimate authorized and company issued RFID then it would reside "inside" the host ... ie it has true User access already
-
Ok Banshee, I have one for you :D
A maglock that is protected by a host can be (and probably should be, from the POV of the security manager) not visible on the matrix to personas that are not also inside that same host. Makes perfect sense for combination or keycard style maglocks, since it cuts down on hacking shenanigans.
What happens when the maglock is opened by a RFID signal (like from an employee ID). That's a wireless interaction, so if the lock is inside the host the ID badge can't transmit the RFID to the host, or can it, even though the maglock can't be "seen" by the ID badge? Related question: Does the host have to simply allow outsider access to that one device for it to work?
If it's a legitimate authorized and company issued RFID then it would reside "inside" the host ... ie it has true User access already
Well... A) would it though? Distributed host architecture seems to be the new normal in 6we. Joe Wageslave may need User access to the main/central host to perform his duties, but if he has no legit security-type duties he wouldn't have User access to the Security host?
B) No way in hell are you going to give his badge its own "user" access into your security host.. you're literally just handing out keys to the host to anyone able to steal a badge that way, aren't you?
-
Ok Banshee, I have one for you :D
A maglock that is protected by a host can be (and probably should be, from the POV of the security manager) not visible on the matrix to personas that are not also inside that same host. Makes perfect sense for combination or keycard style maglocks, since it cuts down on hacking shenanigans.
What happens when the maglock is opened by a RFID signal (like from an employee ID). That's a wireless interaction, so if the lock is inside the host the ID badge can't transmit the RFID to the host, or can it, even though the maglock can't be "seen" by the ID badge? Related question: Does the host have to simply allow outsider access to that one device for it to work?
If it's a legitimate authorized and company issued RFID then it would reside "inside" the host ... ie it has true User access already
Well... A) would it though? Distributed host architecture seems to be the new normal in 6we. Joe Wageslave may need User access to the main/central host to perform his duties, but if he has no legit security-type duties he wouldn't have User access to the Security host?
B) No way in hell are you going to give his badge its own "user" access into your security host.. you're literally just handing out keys to the host to anyone able to steal a badge that way, aren't you?
I see no reason for it to work any different then current real world technology.
The system scans your card and determines if your authorized for that use... if yes you're good if not you locked out.
Again it comes down to that there is a big difference between true legal access and hacked illegal access. The rules are simply written to represent illegal access because legal access doesn't have to deal with the same issues.
-
Ok, "well the rules cover hacking, not legit operations" is fair.
I'm primarily concerned with the interaction of Spoof Command with Outsider access level and "you cant target things 'in' a host unless you're also in that host". If maglocks can be seen when the GM wants them to be seen, and they can't be seen when the GM doesn't want them to be seen, honestly that works.
-
Ok, "well the rules cover hacking, not legit operations" is fair.
I'm primarily concerned with the interaction of Spoof Command with Outsider access level and "you cant target things 'in' a host unless you're also in that host". If maglocks can be seen when the GM wants them to be seen, and they can't be seen when the GM doesn't want them to be seen, honestly that works.
Ok, well the intent for things like using spoof command on a matlock that inside the host is to prevent arm chair hackers spoofing from outside in the van ... if they have infiltrated and can physically see the device I for one am not going to make them roll perception to spot it but they still have to access it via the host
-
Ok Banshee, I have one for you :D
A maglock that is protected by a host can be (and probably should be, from the POV of the security manager) not visible on the matrix to personas that are not also inside that same host. Makes perfect sense for combination or keycard style maglocks, since it cuts down on hacking shenanigans.
What happens when the maglock is opened by a RFID signal (like from an employee ID). That's a wireless interaction, so if the lock is inside the host the ID badge can't transmit the RFID to the host, or can it, even though the maglock can't be "seen" by the ID badge? Related question: Does the host have to simply allow outsider access to that one device for it to work?
If it's a legitimate authorized and company issued RFID then it would reside "inside" the host ... ie it has true User access already
Between the User Persona, personal commlink PAN, the Device Icon for the RFID and the Host there is something eventually not slaved to the Host and not "in" the Host. The User Persona has User Access to the RFID, but is probably not slaved to the Host. That RFID would be controlled, somehow, by the User's personal Commlink. Which is probably not slaved to the Host in many cases. (Some Commlinks are very likely to be slaved to the Host, but that creates its own series of security vulnerabilities).
Somewhere in that chain there is likely a security vulnerability of an Icon of some kind that isn't Slaved to the Host but would have control over the RFID that opens the lock. Spoof Command on the right Commlink would then be the way. Or a good Face and just skip the Hacking altogether. As a GM I'm good with either.
I'm also good with " If maglocks can be seen when the GM wants them to be seen, and they can't be seen when the GM doesn't want them to be seen, " because sometimes "Hack the damn Host you lazy bastage" : )
-
Addendum: wow, I got the wrong idea of what "automatic spotting" means. "Did that guy really put his concealed holster Wireless ON?" instead of "For my action, I make Matrix Perception with Computers 0 + LOG 1 and roll 0 dice, what's every icon around me look like?" makes the action economy look much smoother, and lets the GM toss out all the necessary info together.
Glad I learned that before I started to GM.
-
The devices are two parts. Logic, ie Icon and Maglock, hardware.
If Maglock is in the Host, then I don't see only its logical partition.
If I stand beside him, then I will see both the lock and the data flowing into it. Then, after decrypt the data (Crack File or Hash Check maybe) I can send Spoof Command.
This is a good part for electronic warfare. Which is not very detailed in the rules.