On Matrix runs:
Compromise Security: “Spend hold to activate the security measures on a node. This will almost always let you trigger or cancel an alert or activate or deactivate ICE, but nodes may have other options too.”
Melt ICE: “When you attempt to evade, destroy or disable an activated ICE construct, roll Edge.”
So, when is Melt ICE the appropriate move for deactivating ICE, and when is Manipulate Systems the appropriate move for deactivating ICE?
(Edit: I see now on pg 166 “ICE have routines, like other Matrix systems, but they cannot be compromised and must be disabled with melt ICE,” which would seem to conflict both with the “Activate/Deactivate ICE” option listed under all of the various nodes, as well as the Compromise text. Hamish Cameron weigh in on the intended reading?)
As an aside, thinking on the Login move, and the question of motivating hackers to come along on runs in meatspace, aside from air-gapped intranets, probably some corps. have unsecured logins internally. The move is prefaced with a really key phrase: that all the Matrix moves are for secured systems. If you’re thinking you’re going in against Black ICE, it might be worth coming in physically to locate an unsecured portal to avoid the risk of, for example, the MC throwing ICE at you and a minus 1 ongoing. Or, alternatively, part of the mission plan could be getting an infiltrator (or whomever) to an unsecure local port to set up a tight-beam wifi access point so you can get into their insecure system w/o accompanying the team in meatspace. That could be a cool bit of espionage with a clear mechanical incentive. Has anyone had their players pull something like that? Or preferably something more clever?
Obviously, I’m giving thought to the cybermoves today. I’m writing a draft of a corporation inspiration piece, and I think I want to include a sub-section on “notable security elements.” So I’m thinking of particular physical and cyber security configurations that may lend themselves to interesting player exploits.
That is a great point, regarding how to skip login. 🙂 I’m going to have to use that soon.
Also don’t forget, a given system could have multiple login points. So you could skip the initial black ice but maybe internally there’s still some blue/red stuff to try to corral ‘legit’ users.
As far as Melt Ice vs Manipulate Systems, I think of Melt Ice as the move made when the Ice is in your face, trying to wreck your life. Manipulate Systems is more about disabling ICE in an area. So maybe the decker’s avatar flees or hides and then can manipulate systems to make the ICE go back to its stasis chambers / hobbit homes / HVAC ducts.
Charlie Vick You have a really good point about the multiple log-in sites. PbtA generally benefits from winging shit, especially the matrix, but there may be a value to having a couple of pre-genned “tough externally-facing security,” “light externally-facing security,” etc. cards made up that you can deploy on the fly for different nodes, enumerating not just ICE, but maybe just generally what security moves are available in different locales. So maybe something like:
Very Light, External Facing Security Area:
-No moves can be used by the hacker w/o Login first
-No Ice is present
-Manipulate Systems/Compromise Security/etc. is limited to the things directly controlled by this node. Likely, limited materials, directly relevant to processes conducted in this area (e.g., a public-facing website, with no more data accessible than what would be associated with a website, and maybe the email account of the web op that is routinely on that server).
Light, External Facing Security Area:
-No moves can be used w/o Login first
-ICE can only be disabled by MELT
-ICE is 1 Blue
–ICE will only attempt to Identify Intruder (to a log), and Sever Connection
-Control of this node allows Manipulate/Compromise on the multiple Very Light systems aggregated under it, if any, as well as any direct processes it might oversee.
Moderate, External Facing Security Area:
-No moves can be used w/o two logins: one log-in to the “publicly available” portion of this externally-facing node, whose function and security mirror the Light, External Facing node above. If the hacker does not wish to penetrate deeper than this, the subsequent security is irrelevant. A second login is needed to enter the more-secured partition of this node.
-ICE can only be disabled by MELT
-Three ICE are expected in the secure area (in addition to the 1 Blue in the light entry area):
–Blue Wall, as per Light, External above
–Blue Tracker, which only attempts to Trace, and Sever
–Red Hand-slapper; always chooses to Damage a Cyberdeck and Corrupt a Program
Extreme, External Facing (answer to yourself, first, why any data requiring “extreme” protection would ever be outwardly facing. That’s not to say that it can’t be, but it should make sense first. Maybe this is an inward-bound port for data exchange with a key partner?):
-No Move w/o a Login
-ICE can only be disabled by MELT
-2 Red, 1 Black
–1 Red Hand-Slapper, as above
–1 Red Klaxon, as per pg 157
–1 Black Tracker: Always traces, identifies, and triggers an alarm. If the target is already traced/identified/alarmed, it will default to damaging a deck/preventing jack-out.
Light, Internal Facing Security:
-No login required
-ICE can be disabled by MELT or Compromise Security.
-1 Blue Ice present
–Triggers alarms and calls for counter-hackers if inappropriate actions are detected. Emphasizes externalizing response decisions to intelligent actors, since these are more likely employee screw-ups than sabotage, in non-sensitive nodes such as these.
And so on.
I guess I sort of decided for myself as I wrote these that Melt is for ICE that you can’t reasonably be in control of, and Compromise Security is where you can reasonably be an authorized user. That said, if you use Compromise Security to get yourself authorized access /first/, then maybe you could use Compromise to deactivate ICE. The trade-off becomes that with Melt ICE you can go straight for killing the ICE, but you’re rolling with Edge, which is likely a weaker stat for a hacker. If you go for Compromise, you’re likely rolling with a stronger stat (Mind), but you’re using up 2 hold to get there.
…and I don’t like any of what I just wrote, because it doesn’t fictionally make sense. “Login” already captures getting authority in the system, and “Deactivate ICE” is already, explicitly, one of the Security Measures that Compromise Security hits (as enumerated on pg 154). I don’t know.
Edit: On re-reading your comment, I think I misinterpreted what you wrote, and you had a really good point. Melt leaves “ice corpses” laying around, whereas “Compromise” just turns them off. It’s stealthier, but if a counter-hacker shows up to turn them back on, you may be in trouble… oh, I like that. Except that Melt doesn’t have to leave corpses, it specifically enumerates destruction and inactivation as separate. Sigh. Honestly, every explanation I put forward falls down.
Well, I haven’t read all of your thoughts because I am le tired, but Login doesn’t imply your decker has any particular authority in the system. They could’ve gotten in with an undeleted default user/pass that has no actual authority in the invaded system. They could have view-only access in a place where they need to try to do all kinds of stuff. They could be masquerading as a legit user who belongs in an entirely different corporate subnet.
Don’t mistake login for root access. Now I do let hackers trade root node hold for just about anything, 1 for 1. But root is often behind an entirely different login, Unix style. Or behind virtual laser beams and sharks in moats.
Charlie Vick
Fair, but root’s not required for any ICE-related activity except that it allows you to activate/deactivate ICE on any sub-system. If you’re in there, you’re playing ICE God. That said, the game text doesn’t relate it as a particular thing you gain access to as a level of authority (though, in real-world terms), so much as a particular system one is in (p. 155).
As for view-only: I think view-only is implied by a 6- on Login (the “restricted access” complication). Success on that roll inherently means “you successfully got where you wanted to go in a secure system.” I would shy away from turning a successful roll into a surprise loser, and restrict “view only” as an expression of 6-s. Actually, I think that the 6- on Login being “Restricted Access” pretty directly implies that getting a successful roll is “Unrestricted Access”, short of Root (which is related as being a separate node.)
Listening! Excellent discussion
I don’t think I’m trying to turn player success into failure, but I also haven’t seen any Matrix runs where Login is the only move. I think that’s what I’m talking about more, what comes after login. So the hacker rolls Console Cowboy, and then is going to Manipulate Systems or Compromise Security. Manipulate Systems and Compromise Security can definitely activate ICE on a 6 or less, as I run the game. That’s because in any multi-user system, you’re going to have plenty of people who can login and use the system for one particular purpose, but there are all kinds of layers to security. It’s entirely possible to ace the login and still send up red flags when you try to open all the blast doors in a lab – and to me, when you try to do that, you inadvertently find out something about your assumed credentials (or you can say that the decker accidentally did something else wrong, or whatever else makes sense in the fiction).
‘Unrestricted access’ to a system is what I think of as root access. You can delete all the other users, you can turn all the 0xffffff’s to 0x000000 and vice versa, you can turn off the system, you can type in `sudo rm -rf /` and brick the box. That is unrestricted. Almost all multi-user systems have restrictions on normal users – like, say, Google+. You can login here, but you can’t delete my profile or edit my posts. Then there are probably some people with some privs to do things to my account, but they can’t, say, see my current encrypted password, delete all G+ users at once, or look at other Google datapoints that some other marketing person can see. Someone in there can delete my account, someone can turn it over to the FBI, someone can literally turn off G+, or ponce up the networking such that no one can get to it, but nobody can do everything. (Or if someone can, he or she is probably too busy doing stuff that impacts all kinds of things. I’m like a gnat to that high-level privileged out user.) Now if you login as someone who can delete my G+ profile, and then try to start a rolling shutdown of the servers that host G+, there’s gonna be a security system that will notice this.
I’d say the ‘-1 ongoing’ is more like, this is an operating system / platform / architecture you know little to nothing about, and it’s awful trying to use it. Like if you get used to using Ubuntu and find yourself on a SunOS box (somehow, because it’s like 2002). The commands are… almost the same. Or the same most of the time. Or if you logged into a Windows server and are typing ‘ifconfig’ and it’s really ‘ipconfig.’ (This isn’t to say your reading of that is wrong or anything.)
I haven’t read all of this yet, but this has come up before: ICE has three states: Deactivated and powered down/Activated and scanning/IN YOUR FACE.
Manipulate systems can toggle between the first two; Melt ICE can change state 3 to 1 or 2.
I’ve copied this link to my Mission Files file to give some specific examples there.