+Geoff Mccool’s thread about Hacking raises a point about the comparative rarity of a Hacker’s activities generating MC Moves.
The straightforward solution is to require 6x as many die rolls from the Hacker, but that can bog momentum of the game down a bit.
Anyone have other ideas of ways to make the Hacker’s life harder?
I’m kicking around the idea that some systems have such high security that Hacker 7-9 rolls give the MC opportunities for moves – maybe the Hacker gets a menu of options:
7-9 – you succeed, gain one hold, but also choose one from below:
A Sysop is logged in and running checks on the system. Another 7-9 in this System will either advance the Action Clock or initiate matrix combat.
+1 Trace
ICE in this Node is active but has not targeted you (another 7-9 will activate)
I wouldn’t use this for all circumstances – I like the Hacker having a ton of safe moves when they’re doing matrix overwatch – it allows them to quickly help out the other players without more die rolls or risk/reward debate.
But when the “Big Show” is hacking into a particularly hard target, I want a quick + dirty way of Making the Hacker Sweat.
It would be helpful if you could give an example of what your play looks like; it may be a matter of how you’re structuring security, or what level of “zoom in” you’re using on your rolls. These things vary most from game to game, and I think people discussing it on the assumption that we’ve all gotten the same read/play from the book tends to lead to a lot of miscommunication and errors.
The ghost of Ron Edwards may be hovering over my shoulder. My entire memory of The Forge looks something like:
“I had a problem with-“
“Just post your actual play. Then we can talk.”
Sure. Here’s the last matrix system I used. I assumed that other than Login Gates, different nodes allowed free travel between them. So while I narrated his movement though the nodes, it was pure fiction and didn’t require any rolls that might generate Trouble.
It was relatively easy for the Hacker to get into the right Node and then bend the system over backwards with a few Manipulate Systems rolls (the bonus Programming on the Fly reduced the number of times he needed to roll.) He had to make a Compromise Security roll to get past the secondary Login Gates, but other than that he was just making Manipulate Systems over and over (his highest stat.)
The lack of downside on a 7-9 roll, combined with his high Manipulate Systems, meant that he was able to spend about 8 Manipulate Systems hold without feeling any sense of risk.
I did force him to make an Act Under Pressure roll at one point, which maybe is a solution – making the hacker make non-Matrix Move rolls to use hold is a way of introducing those fun 7-9 choices.
Is this what you were asking for?
As far as I can see, the big mechanical difference between Hacking and basically everything else in the game system is that in Hacking (other than your initial Login) you only Experience Consequences on a 6 or less.
https://lh3.googleusercontent.com/Yyb3Dy89jekam5FEQ1DgChDRuYKiXUTYVkHjdJEeZT6bCBic_VfRXgv50cc47kNoIs7JfOjUCJCoKaXtRLMMoCjisQ49koqjCmnq=s0
Awesome; thank you for sharing that. So what I see is that you built a very low security system. That’s not a bad thing – it’s true to the fiction that some systems aren’t Fort Knox, and your hacker should get to play around in that sandbox sometimes. The result, though, is that he ran amok – and that’s the rules functioning appropriately.
So, more specific points:
-On a more secure system, more than one login would be entirely appropriate. Such as “a general login,” which grants access to all sub-sytems and less-secure stuff, and then maybe something like “Research Login,” which is a secondary login for databases held by the research sub-facility. Just like you’d have in a real corporation, honestly. This is a Login roll, not a Compromise Security roll; the latter is for using Security Measure sub-routines on nodes (“You may spend 1 hold to activate a security measure on that sub-system”). This is key because Login is +synth, compromise is +mind, and the hacker is more prone to fails if you spread his rolls across stats.
-Your system had no ICE. This is what made it a playground. ICE doesn’t have to be super-badass: even just introducing a Code Wall and/or a Klaxxon will make the run a lot more stressful for the hacker, since Melt Ice is Edge (third stat!), and 7-9 carries consequences (up to and including “alerting a sys-op, who now will be an active antagonist to the hacker” – although it’s more appropriate to use a 7-9 there to advance the threat clock, and let the threat clock dictate if a sysop is now actively involved. That’s what it’s for.).
-I also wouldn’t have let him roll Manipulate Systems over and over. A roll is triggered by a particular action – manipulating systems, for instance – and you don’t get to roll it again unless the situation has changed in some significant way, such that you’re really attempting something new. So I’d probably let him roll it once/sub-system or once/system (depending on how many subs you built in, and thus how onerous limited hold would be), but not every time he just happens to run out of hold. He is manipulating the system, in the fiction: the hold he got from that roll is the reflection of how successful that was. He might roll again if the situation changes drastically (logs out, “buys a 0day exploit that grants him a new armament against that system”, and comes back to try again, is a reasonable example of a wholly new attempt).
I don’t think this is explicitly written out in the Sprawl; it’s more explicitly stated in various other PbtA games. But it’s never allowed in any pbta game that I can think of. You get one bite at the apple, and then the story advances. Can’t dip your toe twice in the same river, etc.
-Not all systems are accessible over a single hack. Maybe the exterior security and the research databases are air-gapped, and you need to infiltrate the base physically to get to a network where you can make a run against the databases? That makes life harder for the hacker. It also lets you individualize the security levels: maybe the exterior security has Blue ICE walls just trying to keep you out, and the database has Red ICE trying to raise alarms and run traces to send security right to your infiltrating tuchus.
I also agree with you that sometimes non-Matrix moves are more appropriate. Racing a sys-op after you got Root, to log him out before he dumps you? Totally Act Under Pressure.
In short:
-Login, Melt ICE, these are important because they spread rolls across more stats. This is the Hacker’s big disadvantage.
-ICE, subsequent login gates: these reflect the security level of a system. No ICE at all is a complete playground; it IS where the Hacker should run amok. It’s like a corp. without any security forces.
-He doesn’t get unlimited rolls for Hold.
Do those comments reflect an accurate understanding of your description of play? If not, please let me know what I misunderstood.
On a tangent: I really love your spreadsheet and attention to detail. Your players are lucky; kudos.
Re: ICE
I think a key issue for me is that I was using ICE as a security option that would only activate in the case of a miss. I have ICE on a ton of nodes, but was waiting for a missed roll to trigger it. Do you use it as a layer of security on top of a node that has to be melted before that node can be accessed? That’d certainly increase the difficulty of any given system.
Le: Login Gates / Security in Depth
I’m hoping there’s a hack that’d allow for more difficult systems. Ideally I’d avoid creating “deep dungeon” Matrix Systems requiring many rolls to reach the heart – I worry that these will bog down game momentum.
Re: multiple manipulate systems
He was spending his hold, then Manipulating Systems again in that Node. Not quite a Grind to build up Hold, but ultimately with a similar effect.
Since I want to let a hacker live in a system and repeatedly bend it to his will, maybe I’ll require a compromise security before allowing them to manipulate systems again in a given node? Basically say that new login credentials would need to be created / records would have to be deleted.
Which ICE is to-be-activated and which is always-on (or just something to throw out as a complication, as appropriate) is definitely not either-or. I don’t necessarily put it pre-Node as I consider it part of a Node. So you have a general system that you log into, which is one location for potential ICE, and then more ICE can be found (active or inactive) in each subsystem. That is: after each login gate is a potential location for ICE. Again, these guys don’t have to be tough: a couple of Blue ICE code walls are more than enough to make a hacker’s life a lot harder. Mixing up a couple of ICE cubes is also a good way to add gradations of difficulty: 2 Blue or 1 Blue/1 Red; 2 blue with offensive sub-routines vs. 2 red with defensive sub-routines, these add up to a wide spectrum of difficulty.
I agree about the “depth” issue. I wouldn’t ever go more than 1 level deep. General Login, and then Logins for individual special subsystems (and definitely not Logins on a per-Node basis). So all the security stuff should be behind 2 logins at most, and all security-related matters should be grouped behind the same login. I wouldn’t restrict myself to just the 1 general login, though, because it removes some of the value of getting Root access (which allows you to combine/separate sub-systems, and let people in and out of Logins – so if you nab Root while fighting a sys-op, you can go ahead and lock him out of all of the Logins. While he’s trying to get back in, you can restructure the sub-system directory, so he’s lost and needs to take a minute to re-orient himself. And so on. Root makes you godlike, but if you don’t have separate subs w/ logins, there’s nothing to play god with. And if you have a Hacker, boy, does he get major spotlight when going toe-to-toe with a sysop.)
I think there’s a bit of lack of clarity here for me: is the hacker running a mission (which is all this game is built for), or is he living in the system and manipulating it at his leisure?
The system is built for smash-and-grab missions; that’s the relationship between the mechanics and the fiction. If you use a mission-based mechanic to support a living-in-the-system fiction, it’s going to go wonky at the seams. If your hacker so completely owns the system, there’s nothing to roll for: he owns it. Let him do what he wants, and save the rolls for when fall-out is an actual potential.
I definitely would not let him roll Compromise to Manipulate. PbtA and The Sprawl aren’t built around skill checks: you’re not rolling dice to get permission to do things in the fiction. In that case, you’re literally just saying “I want you to roll Manipulate, but with even lower than average odds of success.” Dice in PbtA/sprawl aren’t there to simulate odds of success: you do things, and the dice tell you how and whether complications snowball. … granted, that’s a bit harder sell w/r/t to the matrix moves, because they break the mold a bit in their design. I do honestly expect the matrix moves to look different if this game hits a 2nd edition.
Oh – I wasn’t going to let him sub Compromise for a Manipulate, but rather require him to head back to the Login Gate to Compromise before I’d let him manipulate again.
In this situation he was doing matrix overwatch of an intrusion, so not “living” really. But definitely lurking in their and making plays to support the intrusion team (I definitely enjoyed making him Act Under Pressure to effectively deploy his systems Hold a few times.)
Having ICE pre-activated in some important sub systems will be a great way to force him to either take the hit or melt some ICE. That’ll be a big feature in upcoming systems for me.
It’s early here and I’m still half asleep, but the way to make things more difficult in PbtA games is to narrate them appropriately, not by adding more rules. Important systems are going to have separate LogIn gates. ICE is going to be active, not reactive. Sysops are going to be constantly monitoring and responding to intrusions.
MCs don’t only make moves when the player rolls a miss. They also make moves when the fiction calls for it. So more secure servers and systems mean more MC moves regardless of whether or not the player is rolling.
That’s a pretty solid point – I could definitely add in some peril by treating the Matrix System less like a minigame for the Hacker and more the way I treat the intrusion into a protected facility, i.e. random encounters with curious employees, security sweeps, trapped files / equipment.
Overall, though, one of the things I’ve really enjoyed about the game/engine is that you put an obstacle in front of the PCs and then they describe Action that triggers a Move – and the roll acts a game-mechanic trigger for Consequences. So I’m wary of breaking away from that model for anything other than Big Moments.
I’ve experienced the same thing. The hacking scenes bring the game to a halt but also seem to bring little in the way of excitement, as even beginning Hacker characters are pretty competent.
I had luck integrating the Hacker into the action, so everyone had fun, but nobody was ever really worried that the Hacker would get burned or traced during the Mission, and that seemed wrong to me. It was fun, but I know that player will eventually get bored if I don’t find a way to Show Him The Barrel of a Gun.
Roman Pearah I find that if hacking brings the game to a halt, the GM has generally not integrated the physical nodes with the game action closely enough. Or stipulated their abilities too concretely ahead of time. If the Matrix run isn’t hacker-alone (e.g., research during legwork), it generally works best if the Hacker is providing support for a physical intrusion – so party members get pinned down by security forces while trying to get past them, and the hacker is trying to grab control of an automated turret to shoot down the guards while himself pinned down by ICE. It turns it into a single action scene rather than an independent combat zone.
Isolated matrix systems are a pretty great way to force the Hacker to either:
1. Go on site to gain access!
2. Race against a clock once the Party has taken physical steps to connect the system.
But in general, if my Hacker is doing anything that isn’t parallel to action of the party (and every mission includes that during the Action phase) I just abstract the ir work into a few rolls and move on. Can’t let Legwork Hacking slow the game down!
An observation – ICE is the equivalent of an armed guard, right? So sometimes you’re going to break into a room and find the guards are already there and waiting – because that’s their job, to protect the room from intruders. Other times, there’s no guards immediately present, but they’ll show up quickly if you trigger an alarm or make too much noise, or are just unlucky.
ICE is the same. An important node will have ICE programs actively running all the time – a less important node might merely have the ability to spawn ICE programs if an intrusion is detected.
Excellent point Simon Geard. That kind of gets back to my “the MC can make a move whenever the fiction dictates” comment.
Chris Stone-Bush – but it’s not just about making moves. ICE doesn’t just appear from the MC making a move in response to the evolving fiction – the ICE is there because the MC planned it that way from the start, because only an idiot would expect the local security nodes to be undefended…
Maybe we’re actually agreeing with each other but not seeing it Simon Geard. But I’m going to disagree with your statement. The ICE doesn’t need to be there “because the MC planned it that way from the start”. The MC doesn’t have to plan anything.
The fact that this is a protected system implies there will be ICE defending it. Id doesn’t matter to me if the MC plans for there to be ICE before play or if they need to make a move and think “Oh yeah. There should be ICE here” and just has it pop up.
I rather think is IS about making moves. One of the Agendas is Fill the character’s lives with action, intrigue and complication. Having ICE pop up, even if the MC hadn’t planned for it, so long as it makes fictional sense in the situation is a way to follow that Agenda.
I think the only thing we’re disagreeing over is the importance of moves.
You’re right, the MC doesn’t have to plan anything… but assume for a moment that that have. There’s a pre-written adventure in the Sprawl book, afterall, and it’s a safe assumption that a lot of MCs will have at least the basics of a mission drafted in advance of the game. And that’s a part of the game that isn’t really covered by the idea of making a move…
But regardless, we’re getting away from the point, which was that the original poster doesn’t need to wait for a bad roll to introduce a threat such as ICE. If it’s appropriate for that threat to exist, then it exists, period. The players don’t need to know if you planned it that way from the start, or if you’re “making their life complicated now” or “showing them the barrel of the gun”.
Because as you said, “when the fiction demands it” is explicitly listed as a trigger for MC moves.
I can certainly agree with that.