Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: davek@***.lonestar.org (David Kettler)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 00:21:00 +0000
On Wed, Jan 10, 2007 at 03:11:44PM -0800, Ice Heart wrote:
>
> So, does anyone else think that deckers in SR get into OS arguments,
> utility debates, etc? I'm just picturing the deckers arguing:
>
> "HoloLISP is better!"
>
> "Yer full of drek!"
>
> "No you are!"
>
> "Eat hoop pulse-cruncher!"
>

If they were authentic computer geeks, then they had damn well better. Unfortunately, the
SR decking rules seem so divorced from actual computing to me I have a really hard time
picturing that...

I've often toyed with the idea of changing decking so that deckers had to write their own
utilities by spending time and karma, rather than just buying everything. That may sound
strange at first, but it's not unjustified. Computer decking/hacking/cracking/whatever
ultimately depends on exploiting bugs in the computer system. If those bugs become widely
known and exploited, then they will be fixed. Unless your system administrators are
incompetent. So I picture a 'real' decker having his/her own jealously guarded stash of
custom researched and written exploits. You wouldn't be able to just buy anything but the
really simple (low level) programs.

On the other hand, maybe all system adminstrators in the mid 21st century are incompetent
and deckers are all just script kiddies using canned exploits. That would explain a
lot...

Anyway, this would change the nature of the game a lot, so I've never put the time into it
to make sure it would really be balanced, etc.

--
Dave Kettler
davek@***.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org
Message no. 2
From: DaTwinkDaddy@*****.com (Da Twink Daddy)
Subject: Decker arguments (kind of)
Date: Wed, 10 Jan 2007 19:40:38 -0600
On Wednesday 10 January 2007 18:21, David Kettler <davek@***.lonestar.org>
wrote about 'Decker arguments (kind of)':
> On Wed, Jan 10, 2007 at 03:11:44PM -0800, Ice Heart wrote:
> > So, does anyone else think that deckers in SR get into OS arguments,
> > utility debates, etc? I'm just picturing the deckers arguing:
> If they were authentic computer geeks, then they had damn well better.
> Unfortunately, the SR decking rules seem so divorced from actual
> computing to me I have a really hard time picturing that...
>
> I've often toyed with the idea of changing decking so that deckers had
> to write their own utilities by spending time and karma, rather than
> just buying everything.

They already have that option, it's just normally easier for a decker to
throw money at a utility than write it himself -- although proper
application of SI means nearly anything rating 10+ (an in some cases 7+)
is better to write yourself.

> That may sound strange at first, but it's not
> unjustified. Computer decking/hacking/cracking/whatever ultimately
> depends on exploiting bugs in the computer system. If those bugs become
> widely known and exploited, then they will be fixed. Unless your system
> administrators are incompetent.

That's what SOTA is about. It *should* move faster for deckers, especially
if you follow the rules that basically let them (if the choose their
systems well enough) rip off 10K+ nuyen in paydata in less than a day.

(Sure, they do have to fence it, which will take more than a day and the
fencing multipliers certainly hurt their profit, but tricked out deckers
and ravage green hosts all day long.)

SOTA for deckers should probably move forward every month or two. (I
believe there's a table in (SR3) Matrix or (SR2) VR2 that goes something
like: Roll 2d6: 2, Hardware AND Software; 3-7, Software; 8-11, Hardware;
12, slow month in R&D no SOTA.) If your decker is very active, SOTA may
go up for him/her, in particular, faster since his exploits are seen more
often (and thus, are more likely to get patched).

> So I picture a 'real' decker having
> his/her own jealously guarded stash of custom researched and written
> exploits. You wouldn't be able to just buy anything but the really
> simple (low level) programs.

As soon as you hit 4+ the Street Index goes up, because there are some
secrets in the code, or at least exploits that are non-patched by the
vendor, so even a good sysadmin has to be preemptively routing around
them. In many cases, you may be aware of a security issue and only be
able to take the most superficial of actions since (a) the business needs
the server and (b) it's not patched by the vendor; at this point you might
tighten your firewalls a bit, or filter certain known bad input (like the
example exploit), but the problem is still in the production code waiting
for a hacker to bypass your "hacked"-together security.

7+ utilities probably attack non-published (and, by extension non-patched
by vendor) holes, that are known by the underground. Or even published
exploit theory that just "haven't been seen in the wild" or "example code
cause the service to crash, but no remote code execution", yet.

10+ utilities probably have at least one attack vector that the author
discovered him/herself, and demand an inflated price before you can get
your hands on them. As I said SI is so high and availablity so low that
your decker is probably going to have to write his/her own utiliteis at
this level.

[FWIW, I could be misremembering the SI, but I was fairly sure it was
something like: Rating 1-3, SI 1; Rating 4-6, SI 1.5; Rating 7-9, SI 2;
Rating 10+, SI 3.]

> On the other hand, maybe all system adminstrators in the mid 21st
> century are incompetent and deckers are all just script kiddies using
> canned exploits. That would explain a lot...

Canned exploits can get you into a lot of systems. Plus, just because they
are canned doesn't mean they've been reported to the world at large. They
could simply be known to enough people in the hacker underground that they
have been "packaged".

While I don't know of (and certainly not the size of) any "hacker
underground" in existence today, I feel the existence of SR's style of
deckers virtually guarantees a "hacker underground" that any decker worth
his Stealth utility knows about, even if he/she may not be able to make
direct contact with someone on the "inside".

--
Da Twink Daddy
DaTwinkDaddy@*****.com
ICQ: 514984 (Da Twink Daddy) YM/AIM: DaTwinkDaddy
Message no. 3
From: gurth@******.nl (Gurth)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 11:20:13 +0100
According to David Kettler, on 11-1-07 01:21 the word on the street was...

> If they were authentic computer geeks, then they had damn well
> better. Unfortunately, the SR decking rules seem so divorced
> from actual computing to me I have a really hard time picturing
> that...

Usually when I get a new player who knows a thing or two about
computers, they see deckers and are immediately interested -- but I
can't be the only GM who has for years been actively discouraging these
people from playing deckers :)

> On the other hand, maybe all system adminstrators in the mid 21st
> century are incompetent and deckers are all just script kiddies
> using canned exploits. That would explain a lot...

Looking at the rules, this assessment may be accurate :) Still, under
VR2.0 and later rules, a decker can do anything without using programs
at all -- you just have to hope you roll _really_ well on most systems.

--
Gurth@******.nl - Stone Age: http://www.xs4all.nl/~gurth/index.html
Van e-mail bakt men cyberbrood.
-> Former NAGEE Editor & ShadowRN GridSec * Triangle Virtuoso <-
-> The Plastic Warriors Site: http://plastic.dumpshock.com <-

GC3.12: GAT/! d- s:- !a>? C++(---) UB+ P(+) L++ E W++(--) N o? K w-- O
M+ PS+ PE@ Y PGP- t- 5++ X(+) R+++$ tv+(++) b++@ DI- D G+ e h! !r y?
Incubated into the First Church of the Sqooshy Ball, 21-05-1998
Message no. 4
From: n.kobschaetzki@**********.com (Niels_KobschÀtzki)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 11:30:33 +0100
On 1/11/07, Gurth <gurth@******.nl> wrote:
> According to David Kettler, on 11-1-07 01:21 the word on the street was...
>
> > If they were authentic computer geeks, then they had damn well
> > better. Unfortunately, the SR decking rules seem so divorced
> > from actual computing to me I have a really hard time picturing
> > that...
>
> Usually when I get a new player who knows a thing or two about
> computers, they see deckers and are immediately interested -- but I
> can't be the only GM who has for years been actively discouraging these
> people from playing deckers :)

With SR4 I wanted to start playing with deckers (alias hackers) - my
problem: the whole group exists of computer scientists (except me --
but i know enough that i understand 95% of the stuff they are talking
about). the authors of the hacking-part seem to know not really much
of computers, operating systems, networks and other stuff.
i have now the choice between discussing every time why the stuff they
wanna do doesn't function in SR, stop playing with hackers or move the
rules to something like cyberpunk where it is essentially a dungeon
crawl -- that's so far away from reality that discussions won't come
up...

> > On the other hand, maybe all system adminstrators in the mid 21st
> > century are incompetent and deckers are all just script kiddies
> > using canned exploits. That would explain a lot...

yp - and they can't google -- because you need a skill and a program
for googling...and everytime there's a laugh when the hacker sucks
with data search-tests ;)

Niels
Message no. 5
From: gurth@******.nl (Gurth)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 11:57:12 +0100
According to Niels Kobschätzki, on 11-1-07 11:30 the word on the street
was...

> With SR4 I wanted to start playing with deckers (alias hackers) - my
> problem: the whole group exists of computer scientists

IMHO, you've made a bad decision there ;) If my group consisted
primarily of computer science people, I'd strongly recommend deckers
(hackers, if you're playing SR4) be restricted to contacts _only_ :)

> the authors of the hacking-part seem to know not really much
> of computers, operating systems, networks and other stuff.

This was a problem with FASA's writing in general: the computers don't
bear much resemblance to reality, neither do the firearms, and even
vehicles -- which you'd think any American would be reasonably familiar
with -- don't make too much sense. (Ever really thought about the names
of car models in SR, for example? About the only realistic one I can
think of is the Saab 776TI, and even that had the uncarlike name
"Dynamit" tacked on. Oh, and the Honda-GM 3220 ZX.)

Anyway ... :)

> i have now the choice between discussing every time why the stuff they
> wanna do doesn't function in SR, stop playing with hackers or move the
> rules to something like cyberpunk where it is essentially a dungeon
> crawl -- that's so far away from reality that discussions won't come
> up...

Your fourth option is to sit down with them and explain once and for all
that SR's computer rules don't make sense in a RL context, but that they
do make sense to characters in the game world. In other words: have your
players read up on what is normal computer practice in 2060, and try to
remember that when they say they want to do things, rather than base it
on their RL knowledge.

That said, I constantly have players say stuff like "I'll Google for
'Emerging Futures'", to which my usual response is something like "Roll
Computer skill" followed by some information based on how well I like
the roll without bothering with actual TNs or success tables :)

--
Gurth@******.nl - Stone Age: http://www.xs4all.nl/~gurth/index.html
Van e-mail bakt men cyberbrood.
-> Former NAGEE Editor & ShadowRN GridSec * Triangle Virtuoso <-
-> The Plastic Warriors Site: http://plastic.dumpshock.com <-

GC3.12: GAT/! d- s:- !a>? C++(---) UB+ P(+) L++ E W++(--) N o? K w-- O
M+ PS+ PE@ Y PGP- t- 5++ X(+) R+++$ tv+(++) b++@ DI- D G+ e h! !r y?
Incubated into the First Church of the Sqooshy Ball, 21-05-1998
Message no. 6
From: u.alberton@*****.com (Bira)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 09:03:08 -0200
On 1/11/07, Niels Kobschätzki <n.kobschaetzki@**********.com> wrote:


> i have now the choice between discussing every time why the stuff they
> wanna do doesn't function in SR, stop playing with hackers or move the
> rules to something like cyberpunk where it is essentially a dungeon
> crawl -- that's so far away from reality that discussions won't come
> up...

Maybe my brain just hasn't been soaked in enough bits yet, but SR4's
computer rules, when you considered they're at a really high
abstraction level, don't seem too different from how things really
work.

Most people's wireless setups are insanely insecure, and it takes some
work and knowledge to make them otherwise. That's exactly like
reality.

A hacker breaks into other people's systems by exploiting security
holes to get himself access to an account (preferably root). That's
more realistic than 99% of movies I've seen.

Yes, there's the bit where bandwidth and storage space are considered
infinite for all intents ant purposes, but that's clearly a
simplification made to keep the game fast and enjoyable. If you think
they're /literally/ infinite (and latency is really zero) in the
setting, you might as well get ready to go on an astral quest to find
the pesky free spirit that took your imagination away :).

>
> yp - and they can't google -- because you need a skill and a program
> for googling...and everytime there's a laugh when the hacker sucks
> with data search-tests ;)

That's another abstraction - all that sooper-sekrit info you can find
with enough successes won't just magically appear when you type "Mr.
Johnson" into Google's search field. It would take real skill and
diligence to find anything like that among the trash that litters the
Matrix.


--
Bira
http://compexplicita.blogspot.com
http://sinfoniaferida.blogspot.com
Message no. 7
From: n.kobschaetzki@**********.com (Niels_KobschÀtzki)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 14:09:33 +0100
On 1/11/07, Bira <u.alberton@*****.com> wrote:
> On 1/11/07, Niels Kobschätzki <n.kobschaetzki@**********.com> wrote:
>
>
> > i have now the choice between discussing every time why the stuff they
> > wanna do doesn't function in SR, stop playing with hackers or move the
> > rules to something like cyberpunk where it is essentially a dungeon
> > crawl -- that's so far away from reality that discussions won't come
> > up...
>
> Maybe my brain just hasn't been soaked in enough bits yet, but SR4's
> computer rules, when you considered they're at a really high
> abstraction level, don't seem too different from how things really
> work.

oh - they are...

> Most people's wireless setups are insanely insecure, and it takes some
> work and knowledge to make them otherwise. That's exactly like
> reality.

like reality?
if i have turned on wpa2 it is damn hard to crack the key because
afaik there wasn't found a hole in the algorithm yet...

differences to reality i can think of while i'm typing this w/out
having anything at hand for references (then i would find more):
1. decryption: why is it that fast? there are two ways to break decryption
1a) brute-force: I saw on the 23c3 (chaos communication congress --
something like defcon for europe) someone who had a brute force on
apples file vault working that could check by software 200 words/sec
with some cheap specialized hardware for which he wrote the code by
himself it was 2000 words/sec and he used several together at home
with which he came to ca. 30000 words/sec
let's see a passcode with 4 byte (ASCII-keyset not - extended ASCII or
so) you would need 16000 seconds - 4,5 hours and it's going up
exponential...
the hardware in SR is far better -- but the keys would be far longer
as well and i guess that they use something more sophisticated for
letter-decoding - let's say unicode. thus you do not have for sign
just 128 possibilities but several thousand.
even in those times brute force would need a hell of a time.
1b) holes in the algorithm: if you find a hole, then decryption goes
rather fast (let's say broken WEP which you can break in several
minutes), if you don't have the hole only 1a applies...
if there's a hole, then there are usually options which are better
(like in wifi wpa or wpa2)

2. user-accounts: if i get root-rights on a machine, ICE wouldn't
notice me anymore and i could do whatever i want -- first thing:
generate me a real root-account that i'd hide or use a zombie-account
(an account where someone didn't log in for a long time - maybe an
employee that left), give it root-rights, set a new password and i'm
set. most administrators don't check their systems often enough to
find such details. btw. all my traces are killed because i can access
the log-files...

espescially part two is always in discussion with my groups -- even
with real good "rights management" and granularity in rights, if i get
root then i'm root...

> A hacker breaks into other people's systems by exploiting security
> holes to get himself access to an account (preferably root). That's
> more realistic than 99% of movies I've seen.

they do and exactly that isn't shown in shadowrun. a good hacker would
have to spend a lot of time to search for security holes in actual
systems. then he scripts them and just tries to uses his exploits.
Either they are fast and unnoticed or they have to do something.

Shadowrun tries to do something between Cyberpunk and reality. I fight
that firewall but then I try to be realistic -- that doesn't work. It
isn't abstract enough.

> Yes, there's the bit where bandwidth and storage space are considered
> infinite for all intents ant purposes, but that's clearly a
> simplification made to keep the game fast and enjoyable. If you think
> they're /literally/ infinite (and latency is really zero) in the
> setting, you might as well get ready to go on an astral quest to find
> the pesky free spirit that took your imagination away :).

that's a point which isn't a problem at all i think.

> > yp - and they can't google -- because you need a skill and a program
> > for googling...and everytime there's a laugh when the hacker sucks
> > with data search-tests ;)
>
> That's another abstraction - all that sooper-sekrit info you can find
> with enough successes won't just magically appear when you type "Mr.
> Johnson" into Google's search field. It would take real skill and
> diligence to find anything like that among the trash that litters the
> Matrix.

we don't search super-secrets via data search+browse -- if i remember
right (and we did it always like that) you need for every data search
the skill and the program.
regarding the rules it doesn't seem that there aren't any general
search engines any more.

i by myself will speak with my hacker this week about the topic and
with the group about some other problems as well (like the total
surveillance which i will loosen because i will introduce some strong
anti-surveillance civil rights movement in "my shadowrun-world").

Niels *who likes the new rules and the new concepts in SR4 but not
their implementation which is rather sad because he thought the new
matrix rocks...*
Message no. 8
From: DaTwinkDaddy@*****.com (Da Twink Daddy)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 07:17:20 -0600
On Thursday 11 January 2007 04:30, "Niels Kobschätzki"
<n.kobschaetzki@**********.com> wrote about 'Re: Decker arguments (kind
of)':
> the authors of the hacking-part seem to know not really much
> of computers, operating systems, networks and other stuff.

I doubt they didn't have at least a cursory understanding. However,
real-world hacking is not as FUN to RP as decking/hacking in SR. And, at
least in SR2/3, decking was normally one of the most unfun parts of SR --
many GMs would gloss over it simply because it was generally to
isolationist. Mages astral questing can also be isolationist, but it's
generally done in off-time. [A entire group of deckers can be fun, since
it takes the isolation out of decking.]

The realities of cyberware aren't modeled, unless you pour on a lot of
optional rules, this is done for fun and atmosphere. Similarly
decking/hacking has little to do with hacking IRL in the interest of fun
and atmosphere. [Unless there are some *amazing* advances in how the
senses are used to maximize usability, we'll still see power users hitting
textual user interfaces in 2060, even though immersive 3D environments
will be available.]

> > > On the other hand, maybe all system adminstrators in the mid 21st
> > > century are incompetent and deckers are all just script kiddies
> > > using canned exploits. That would explain a lot...
>
> yp - and they can't google -- because you need a skill and a program
> for googling...and everytime there's a laugh when the hacker sucks
> with data search-tests ;)

While google (and altavista before it) made searching easier by finding
more accurate results from simple queries (and providing advanced queries
of power-users), it still takes some skill (and time) to find what you are
looking for. I know I'm consulted from time to time by relatives that
can't find what they need and I can; there's even a new search company
called ChaCha that touts guiding searching, where you submit your query to
human (presumably skilled at searching) to find what you want.

As the amount of data online grows, it will take better and better search
engines (and skills) to find what you want need. And personalized search
is something of a buzzword, but it may be in the future that each user
does have an semi-autonomous program to help them search that
automatically tunes itself to the user.

[That said, it seems like *some* Matrix company probably has a horde of
smart frames, feeding data into a backend and a similarly large horde of
search programs available to the public for the low cost of seeing
targeted ads before getting their results. In that case, an user that
knew of the host running the search programs (or could succeed at the
easier search to find that host) could interact with a rating 3 (or
possibly 4) search program for free (well, maybe loose some time looking
at ads) or find a premiere search site that charged the user to use a
search 6+ program and not see ads.)

--
Da Twink Daddy
DaTwinkDaddy@*****.com
ICQ: 514984 (Da Twink Daddy) YM/AIM: DaTwinkDaddy
Message no. 9
From: DaTwinkDaddy@*****.com (Da Twink Daddy)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 07:41:46 -0600
On Thursday 11 January 2007 07:09, "Niels Kobschätzki"
<n.kobschaetzki@**********.com> wrote about 'Re: Decker arguments (kind
of)':
> 1. decryption:

Well, maybe they've shown that P = NP in the future, so it's generally just
a matter of throwing a sophisticated enough algorithm at the decryption
were you can trade sophistication for time to an extent.

Nah, the encryption/decryption dance isn't fast-paced enough to be fun IRL,
so they have unrealistic, but fun rules.

> 2. user-accounts: if i get root-rights on a machine, ICE wouldn't
> notice me anymore and i could do whatever i want -- first thing:
> generate me a real root-account that i'd hide or use a zombie-account
> (an account where someone didn't log in for a long time - maybe an
> employee that left), give it root-rights, set a new password and i'm
> set. most administrators don't check their systems often enough to
> find such details. btw. all my traces are killed because i can access
> the log-files...

Well, that's... questionable. I'd have to search to find the site again,
but there's as SELinux enabled box whose owner will simply give you root
access so you can attempt to crack it. It been up something like 2+ years
with only one successful attempt and IIRC, this only rebooted the box --
the access to the "patdata" wasn't granted.

In theory this just moves the target -- just switch to the user that can
edit SElinux policy, but in well thought-out SELinux setups there is not
one user that can change policy, different roles are responsible for
different sections of policy so instead of cracking 1 account you have to
crack a different one for each service (e.g.).

This does take quite a bit of work on behalf of the sysadmin. Even distros
that enable SELinux out of the box generally still have permissible enough
profiles that cracking one (or at most two) user accounts will give you
virtually free reign over the system.

> espescially part two is always in discussion with my groups -- even
> with real good "rights management" and granularity in rights, if i get
> root then i'm root...

That's just not true anymore, SELinux can lock down user 0 extremely hard
and there's not necessarily any one user that has all the "keys to the
kingdom". In fact, SElinux uses roles instead of users -- so permissions
can be granted based on properties of the connection that aren't related
to the user (source IP, program that opened the (p)tty) and other
properties that are just part of the environment (time) so you can have
premission to preform actions change hands thoughout the day (like, only
trusted user form the jump box in your office in Europe has control during
only eu business hours, and similarly with your US, Japan, Australia, and
India offices).

Other operating systems have optional features similar to SELinux. Heck
even without SELinux, you can do the old-school approach of disabling
root's account and having all the sysadmins have specific commands allowed
to them listed in /etc/sudoers, but no one can edit the sudoers file. :P

--
Da Twink Daddy
DaTwinkDaddy@*****.com
ICQ: 514984 (Da Twink Daddy) YM/AIM: DaTwinkDaddy
Message no. 10
From: n.kobschaetzki@**********.com (Niels_KobschÀtzki)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 15:33:37 +0100
On Jan 11, 2007, at 2:41 PM, Da Twink Daddy wrote:

> On Thursday 11 January 2007 07:09, "Niels Kobschätzki"
> <n.kobschaetzki@**********.com> wrote about 'Re: Decker arguments
> (kind
> of)':
>> 1. decryption:
>
> Well, maybe they've shown that P = NP in the future, so it's
> generally just
> a matter of throwing a sophisticated enough algorithm at the
> decryption
> were you can trade sophistication for time to an extent.
>
> Nah, the encryption/decryption dance isn't fast-paced enough to be
> fun IRL,
> so they have unrealistic, but fun rules.

the problem is that it is hell to fast…

>> 2. user-accounts: if i get root-rights on a machine, ICE wouldn't
>> notice me anymore and i could do whatever i want -- first thing:
>> generate me a real root-account that i'd hide or use a zombie-account
>> (an account where someone didn't log in for a long time - maybe an
>> employee that left), give it root-rights, set a new password and i'm
>> set. most administrators don't check their systems often enough to
>> find such details. btw. all my traces are killed because i can access
>> the log-files...


<snip SElinux>

roles are just a part of ACLs instead of using the normal *nix-rights-
management. In Vista you can even give a user the right to debug a
prog but s/he can't compile it (if i remember right - but it was
something like this…have to search for the 1h long-podcast where it
is described).
And maintaining SElinux is afaik a thing where you have to spend
every minute of your life for it (for having it working correctly).
Anyway even in SElinux - if you're root, you're root. If in a system
with disabled root, you can get root-access. There are even exploits
which give you system-rights in windows (which is more then
administrator-rights - i don't know the exact difference because i
don't care but i know that they described in phrack once an exploit
in 2004 or 2005 which gave you in Win2k system rights when you're a
restricted user but have access to the machine (where everything is
lost anyway) but i bet there are exploits (zero-days as well) which
will give you similar rights)…

Niels
Message no. 11
From: u.alberton@*****.com (Bira)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 13:47:31 -0200
On 1/11/07, Niels Kobschätzki <n.kobschaetzki@**********.com> wrote:
> >
>
> like reality?
> if i have turned on wpa2 it is damn hard to crack the key because
> afaik there wasn't found a hole in the algorithm yet...

"Turning on WPA2" is the part that requires some work and knowledge.
It's not exactly rocket science, but I remember reading most "average
users" didn't even bother to turn it on, or change the factory
settings. Maybe this has changed.

> differences to reality i can think of while i'm typing this w/out
> having anything at hand for references (then i would find more):
> 1. decryption: why is it that fast?

1) Gameplay convenience.
2) Dramatic convenience (it's a cyberpunk literature cliche).

You don't need to add rules to have realistic cryptography in
Shadowrun - in fact, you only need to throw stuff out. Getting past
cyphers becomes a matter of finding the key through gameplay rather
than a couple of die rolls, and the game becomes a lot more like a
traditional spy movie.

>
> 2. user-accounts: if i get root-rights on a machine, ICE wouldn't
> notice me anymore and i could do whatever i want

That's exactly how it works in SR4, AFAIK. Once you manage to break
into a system, you only have to fight security if you want to do
something not allowed by your stolen account's access rights, and by
definition root (which they call "superuser", IIRC) can do anything.
It's harder to obtain root access, but once you do there's no need to
roll the dice anymore.

> they do and exactly that isn't shown in shadowrun. a good hacker would
> have to spend a lot of time to search for security holes in actual
> systems. then he scripts them and just tries to uses his exploits.
> Either they are fast and unnoticed or they have to do something.

What did you think the Hacking skill and corresponding programs
represented, if not this?

> > That's another abstraction - all that sooper-sekrit info you can find
> > with enough successes won't just magically appear when you type "Mr.
> > Johnson" into Google's search field. It would take real skill and
> > diligence to find anything like that among the trash that litters the
> > Matrix.
>
> we don't search super-secrets via data search+browse -- if i remember
> right (and we did it always like that) you need for every data search
> the skill and the program.
> regarding the rules it doesn't seem that there aren't any general
> search engines any more.

The only practical example of data search I ever saw was the one in On
the Run, where it was an option in the legwork phase of the run - you
could either talk to your contacts or search the Matrix for the
relevant info. For every important topic there was a corresponding
table listing the number of successes needed for every ( increasingly
sooper-sekrit ) bit of information.

These are not 2-second queries to your search engine of choice, but
time spent in serious investigation. And, even then, each test
represented one minute of searching, as opposed to one hour talking to
contacts if you went the more traditional route. You could find out
the name, address and underwear color of the executive that keeps
sending hitmen to kill you all through the adventure in less than half
an hour, by rolling once and multiplying the hits by the time you
spent searching.

If a PC wants to search for the latest public news on Spritney Bears,
I don't even roll for that. Why should I? /That's/ a 2-second query.

--
Bira
http://compexplicita.blogspot.com
http://sinfoniaferida.blogspot.com
Message no. 12
From: DaTwinkDaddy@*****.com (Da Twink Daddy)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 09:53:18 -0600
On Thursday 11 January 2007 08:33, Niels Kobschätzki
<n.kobschaetzki@**********.com> wrote about 'Re: Decker arguments (kind
of)':
> roles are just a part of ACLs instead of using the normal *nix-rights-
> management.

No, roles are not part of ACL support in linux. I currently have ACL
support on all my filesystems (so I can give specific users/groups more
permissions than is contained in the stanard owner-group-world permission
bits) but I don't have the kernel modifications that allow non-user
non-group security roles.

Roles and ACLs are a fundamental part of the WindowsNT security model,
where they are handled non-orthogonally, but that's not the case in Linux.
Instead "roles" are normally limited to users and groups and ACLs
are "normally" not available. It's possible to turn on ACLs independent
of non-user, non-group roles (and without SELinux patches); I believe
it's even possible, though not recommended, to use the SELinux roles model
with ACLs enabled.

> And maintaining SElinux is afaik a thing where you have to spend
> every minute of your life for it (for having it working correctly).

No, it's not so much of a bear to maintain. It's a bear to get set up in
the first place. Of course, like with many pieces of access-control
software, you can basically tweak the settings until the Sun explodes.

> Anyway even in SElinux - if you're root, you're root.
> with disabled root, you can get root-access.

Um, no, or maybe I need to be more clear. That's the point of SELinux. If
you are a disabled root you *can't* get full access. Yes, if you are root
you can do everything root can do, but that's an information-free
statement. If you are logged on as guest/anonymous you can do everything
guest/anonymous can do too; so what? The thing is with SELinux and
similar technologies it make it to where there is no single account/role
that grants unfettered, remote access -- the "remote root" that OBSD is so
dilligent about preventing.

For specific examples, of how being user 0 on an SELinux enabled system is
useless:
http://www.linuxjournal.com/article/6836
http://wims.unice.fr/wims/en_adm~unice~challenge.html

--
Da Twink Daddy
DaTwinkDaddy@*****.com
ICQ: 514984 (Da Twink Daddy) YM/AIM: DaTwinkDaddy
Message no. 13
From: marc.renouf@******.com (Renouf, Marc A.)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 11:12:43 -0500
> -----Original Message-----
>
> On Wednesday 10 January 2007 18:21, David Kettler
> <davek@***.lonestar.org> wrote about 'Decker arguments (kind of)':
> >
> > I've often toyed with the idea of changing decking so that
> > deckers had
> > to write their own utilities by spending time and karma,
> > rather than
> > just buying everything.
>
> They already have that option, it's just normally easier for
> a decker to throw money at a utility than write it himself --
> although proper application of SI means nearly anything
> rating 10+ (an in some cases 7+) is better to write yourself.

It's easier to throw money at the problem if you just want a
simple solution, but if you want any kind of customized, built-in
functionality (like options for Stealthy, or what have you), you're
almost always better off doing it yourself. And to me, this makes
perfect sense. Any "script kiddie" decker can pick up a basic Rating 6
utility that will do the job. But have you looked at the ACIFS ratings
that get generated? That Rating 6 program is still going to leave you
with target numbers in the 8-12 range a lot of time. The easily
obtainable scripts work great on Blue and (some) Green systems, but as
soon as you start running harder hosts, your can scripts are going to do
drek all to help you.

> > That may sound strange at first, but it's not unjustified.
> Computer
> > decking/hacking/cracking/whatever ultimately depends on exploiting
> > bugs in the computer system. If those bugs become widely known and
> > exploited, then they will be fixed. Unless your system
> administrators
> > are incompetent.
>
> That's what SOTA is about. It *should* move faster for
> deckers, especially if you follow the rules that basically
> let them (if the choose their systems well enough) rip off
> 10K+ nuyen in paydata in less than a day.

For what it's worth, I advance SOTA for deckers *in addition* to
the regular SOTA roll I make every month of game time.

> > On the other hand, maybe all system adminstrators in the mid 21st
> > century are incompetent and deckers are all just script
> kiddies using
> > canned exploits. That would explain a lot...
>
> Canned exploits can get you into a lot of systems. Plus,
> just because they are canned doesn't mean they've been
> reported to the world at large. They could simply be known
> to enough people in the hacker underground that they have
> been "packaged".

I tend to agree. Look at the number of scripts out there today,
and the fact that they still work on a lot of systems. Are those
sysadmins incompetent? Maybe. Or maybe they lack funding to implement
fixes, or perhaps application-specific needs force them to leave certain
ports accessible, or whatever.
The point is, I don't find it unreasonable that people can buy
programs, but once you factor in both Street Index and the higher cost
of options (which increase the design rating and subsequently both the
cost and SI), a decker is paying through the nose for high-end
utilities. At that level, it's quicker and easier to code them
yourself.

Marc
Message no. 14
From: ggerrietts@*****.com (Geoff Gerrietts)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 10:47:15 -0800
It's a fairly well-understood concern that all current cryptographic methods
rely on the difficulty of completely factoring extremely large numbers. If a
solution to the problem of completely factoring large numbers is found, then
contemporary cryptography is readily crackable. Quantum computing, which
today is in its infancy, has techniques available that make this operation
take very little time. Whether the end result is decryption as swift as the
SR rules is questionable; probably never. But today's hard crypto is
tomorrow's Enigma machine.

As a player, I was initially attracted to deckers. I still think the
implementation is pretty good.

I personally actively discourage decker characters because they require
individualized attention that puts all the other players into a "sit and
fidget" mode. I would similarly discourage a character concept that did not
work with a team. For a while, I tried "synchronized matrix", where the
matrix run and the combat would occur simultaneously, but that put some
fairly absurd timing constraints on my storylines. So I'm back to "deckers
are NPC contacts please;" the exception I make is for a "combat decker"
type
who will pursue all his matrix runs outside the regular gaming session, and
will operate on-site with the team when we're all at the table.
Message no. 15
From: davek@***.lonestar.org (David Kettler)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 19:09:22 +0000
On Thu, Jan 11, 2007 at 11:57:12AM +0100, Gurth wrote:
>
> This was a problem with FASA's writing in general: the computers don't
> bear much resemblance to reality, neither do the firearms, and even
> vehicles -- which you'd think any American would be reasonably familiar
> with -- don't make too much sense. (Ever really thought about the names
> of car models in SR, for example? About the only realistic one I can
> think of is the Saab 776TI, and even that had the uncarlike name
> "Dynamit" tacked on. Oh, and the Honda-GM 3220 ZX.)
>

I could make a lengthy list of problems with the SR vehicle rules, but I don't think the
names would even be on it. Seriously, there are far stupider car names in real life than
"Dynamit". And who wouldn't want a Ford Americar ;)

--
Dave Kettler
davek@***.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org
Message no. 16
From: graht1@*****.com (Graht)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 12:09:31 -0700
On 1/11/07, Niels Kobschätzki <n.kobschaetzki@**********.com> wrote:
> On 1/11/07, Gurth <gurth@******.nl> wrote:
>
> > > On the other hand, maybe all system adminstrators in the mid 21st
> > > century are incompetent and deckers are all just script kiddies
> > > using canned exploits. That would explain a lot...
>
> yp - and they can't google -- because you need a skill and a program
> for googling...and everytime there's a laugh when the hacker sucks
> with data search-tests ;)

Why can't they use Google (or whatever the major search engine of
Shadowrun is)? That would count as the program right? That just
leaves the skill, and given that Google rocks on toast even if they
have to default they'll probably find what they want.

--
-Graht
Message no. 17
From: ggerrietts@*****.com (Geoff Gerrietts)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 12:15:24 -0800
On 1/11/07, Graht <graht1@*****.com> wrote:

> Why can't they use Google (or whatever the major search engine of
> Shadowrun is)? That would count as the program right? That just
> leaves the skill, and given that Google rocks on toast even if they
> have to default they'll probably find what they want.


When I ran Matrix rules, "Googling" was computer + relevant background
skills against a TN of how difficult I thought it would be to find the
information they were after in publicly-accessible data. I'm pretty sure
there were even rules that supported this approach to information gathering.
The computer + relevant more or less corresponds to the ability of a person
who has a good understanding of how search engines work using the Advanced
Search page or the search operators (see
http://www.google.com/intl/en/help/basics.html) to arrive at a precise
search that zeroes in on the best-quality information.

As always, number of successes varied quality of results.

Isn't this in the rules somewhere? I thought I remembered being glad to see
it.
Message no. 18
From: maxnoel_fr@*****.fr (Max Noel)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 21:17:00 +0100
On 11 Jan 2007, at 20:09, David Kettler wrote:

> And who wouldn't want a Ford Americar ;)

Just about anyone who doesn't live in the USA and for whom "american
car" is synonymous with "enormous, expensive, gas-guzzling lemon with
an automatic transmission and a top speed of less than 100 kph"? :p


Back on topic, I too find it almost impossible to play a decker. My
RL knowledge of how stuff works, combined with SR's "torn between two
paradigms" approach which someone mentioned, just interferes too much
with the SR rules for me to do any significant decking outside of a
UV host without losing a couple hours arguing with the GM. So I just
let go -- besides, what's the point in playing a character that
pretty much does the same job you do IRL?

Interestingly, I like to play technically-focused, non-decker
characters (riggers being my favorite). They often have a second-
hand, obsolete cyberdeck ("Allegiance Sigma: Because the most
important thing in decking is not to win, but to take part") they use
for mundane stuff and Matrix cruising, which I usually picture as
running a UNIX-based OS.

-- Wild_Cat
(and Doc Nitro takes notes in his headware memory with an embedded
version of emacs ;) )





___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes
vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur
Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
Message no. 19
From: justin@***********.net (Justin Bell)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 15:19:32 -0500
Max Noel wrote:
>
> On 11 Jan 2007, at 20:09, David Kettler wrote:
>
>> And who wouldn't want a Ford Americar ;)
>
> Just about anyone who doesn't live in the USA and for whom "american
> car" is synonymous with "enormous, expensive, gas-guzzling lemon with
> an automatic transmission and a top speed of less than 100 kph"? :p

Eh, a lot of cars are named differently in different countries anyway.
Message no. 20
From: peter.andersson42@*****.com (Peter Andersson)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 21:23:28 +0100
Geoff Gerrietts skrev:
> On 1/11/07, Graht <graht1@*****.com> wrote:
>
>> Why can't they use Google (or whatever the major search engine of
>> Shadowrun is)? That would count as the program right? That just
>> leaves the skill, and given that Google rocks on toast even if they
>> have to default they'll probably find what they want.
>
>
> When I ran Matrix rules, "Googling" was computer + relevant background
> skills against a TN of how difficult I thought it would be to find the
> information they were after in publicly-accessible data. I'm pretty sure
> there were even rules that supported this approach to information
> gathering.
> The computer + relevant more or less corresponds to the ability of a
> person
> who has a good understanding of how search engines work using the
> Advanced
> Search page or the search operators (see
> http://www.google.com/intl/en/help/basics.html) to arrive at a precise
> search that zeroes in on the best-quality information.
>
> As always, number of successes varied quality of results.
>
> Isn't this in the rules somewhere? I thought I remembered being glad
> to see
> it.
>
Sounds almost like matrix search in the matrix book, wich is what this
tread was about from the start. You get a TN 4-8 depending on how much
facts you what and you lovers the TN with knowledge skills and fast deck
ect and roll your computer against it.
Message no. 21
From: davek@***.lonestar.org (David Kettler)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 20:31:43 +0000
On Thu, Jan 11, 2007 at 09:17:00PM +0100, Max Noel wrote:
>
> On 11 Jan 2007, at 20:09, David Kettler wrote:
>
> >And who wouldn't want a Ford Americar ;)
>
> Just about anyone who doesn't live in the USA and for whom "american
> car" is synonymous with "enormous, expensive, gas-guzzling lemon with
> an automatic transmission and a top speed of less than 100 kph"? :p
>

Jeez, I was joking...

--
Dave Kettler
davek@***.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org
Message no. 22
From: swiftone@********.org (Brett Ritter)
Subject: Decker arguments (kind of)
Date: Thu, 11 Jan 2007 16:10:44 -0500
On 1/11/07, Geoff Gerrietts <ggerrietts@*****.com> wrote:
> Isn't this in the rules somewhere? I thought I remembered being glad to see
> it.

For SR 3,yes. Regrettably, SR4 uses Data Search + Browse, meaning
that the average person fails an average request as often as not. One
can tweak with modifiers (+4 for info that tries to be found?) but I'm
still not fond of the change.

--
Brett Ritter / SwiftOne
swiftone@********.org
Message no. 23
From: gurth@******.nl (Gurth)
Subject: Decker arguments (kind of)
Date: Fri, 12 Jan 2007 11:10:48 +0100
According to Niels Kobschätzki, on 11-1-07 14:09 the word on the street
was...

> espescially part two is always in discussion with my groups -- even
> with real good "rights management" and granularity in rights, if i get
> root then i'm root...

I remember that after I wrote the access rights stuff for Matrix (which
I based mostly on Unix practices), when I saw the version after FASA
edited it, they had changed the line that the sysadmin can do anything,
including things that harm the system, to say _except_ things that harm
the system ... I can see why from a gaming POV (to try and prevent every
PC decker from creating a root account and totally screwing with the
host) but IMHO it did show a fundamental lack of understanding what you
need an admin for in the first place :)

--
Gurth@******.nl - Stone Age: http://www.xs4all.nl/~gurth/index.html
Van e-mail bakt men cyberbrood.
-> Former NAGEE Editor & ShadowRN GridSec * Triangle Virtuoso <-
-> The Plastic Warriors Site: http://plastic.dumpshock.com <-

GC3.12: GAT/! d- s:- !a>? C++(---) UB+ P(+) L++ E W++(--) N o? K w-- O
M+ PS+ PE@ Y PGP- t- 5++ X(+) R+++$ tv+(++) b++@ DI- D G+ e h! !r y?
Incubated into the First Church of the Sqooshy Ball, 21-05-1998
Message no. 24
From: u.alberton@*****.com (Bira)
Subject: Decker arguments (kind of)
Date: Fri, 12 Jan 2007 08:15:27 -0200
On 1/11/07, Brett Ritter <swiftone@********.org> wrote:
> On 1/11/07, Geoff Gerrietts <ggerrietts@*****.com> wrote:
> > Isn't this in the rules somewhere? I thought I remembered being glad to see
> > it.
>
> For SR 3,yes. Regrettably, SR4 uses Data Search + Browse, meaning
> that the average person fails an average request as often as not. One
> can tweak with modifiers (+4 for info that tries to be found?) but I'm
> still not fond of the change.

Maybe that sneaky free spirit took people's good sense too, since I
personally can't see why the average person would need to roll
anything at all for the average request. I'd only roll for a hacker
performing the kind of serious investigation involved in a shadowrun.
"What kind of security does the secret research facility have" as
opposed to "what are the headlines of Seattle's major newspapers".


--
Bira
http://compexplicita.blogspot.com
http://sinfoniaferida.blogspot.com
Message no. 25
From: gurth@******.nl (Gurth)
Subject: Decker arguments (kind of)
Date: Fri, 12 Jan 2007 11:21:09 +0100
According to David Kettler, on 11-1-07 20:09 the word on the street was...

> I could make a lengthy list of problems with the SR vehicle rules,
> but I don't think the names would even be on it.

I wasn't talking about the rules so much as about the believability side
of things -- which the rules also factor into, of course.

> Seriously, there are far stupider car names in real life than
> "Dynamit".

My point is that most SR car names are existing words that the author
probably felt sounded cool, but most of which IMHO just sound silly --
whereas RL car names tend to be nonsensical words that don't mean
anything (except in certain languages that the factory didn't consider
when they thought up the name ;) but are picked mainly for how they
sound. Cars aren't called Runabout, Tsarina or Jackrabbit, but Saxo,
Vectra or 911 Turbo.

> And who wouldn't want a Ford Americar ;)

I, for one ... :)

--
Gurth@******.nl - Stone Age: http://www.xs4all.nl/~gurth/index.html
Van e-mail bakt men cyberbrood.
-> Former NAGEE Editor & ShadowRN GridSec * Triangle Virtuoso <-
-> The Plastic Warriors Site: http://plastic.dumpshock.com <-

GC3.12: GAT/! d- s:- !a>? C++(---) UB+ P(+) L++ E W++(--) N o? K w-- O
M+ PS+ PE@ Y PGP- t- 5++ X(+) R+++$ tv+(++) b++@ DI- D G+ e h! !r y?
Incubated into the First Church of the Sqooshy Ball, 21-05-1998
Message no. 26
From: justin@***********.net (Justin Bell)
Subject: Decker arguments (kind of)
Date: Fri, 12 Jan 2007 09:32:56 -0500
Gurth wrote:

> My point is that most SR car names are existing words that the author
> probably felt sounded cool, but most of which IMHO just sound silly --
> whereas RL car names tend to be nonsensical words that don't mean
> anything (except in certain languages that the factory didn't consider
> when they thought up the name ;) but are picked mainly for how they
> sound. Cars aren't called Runabout, Tsarina or Jackrabbit, but Saxo,
> Vectra or 911 Turbo.

Ummm, Volkswagen Rabbit
Suzuki Samurai
Dodge Ram
Honda Civic
Nissan Pathfinder
Nissan Skyline
Chevrolet Malibu
Holden Commodore
Ford Falcon
Honda Odyssey
Honda Accord
Honda Element
Subaru Legacy
Dodge Neon
Pontiac Vibe
Toyota Matrix (How appropriate)
Message no. 27
From: ggerrietts@*****.com (Geoff Gerrietts)
Subject: Decker arguments (kind of)
Date: Fri, 12 Jan 2007 09:43:17 -0800
On 1/12/07, Bira <u.alberton@*****.com> wrote:
>
> Maybe that sneaky free spirit took people's good sense too, since I
> personally can't see why the average person would need to roll
> anything at all for the average request. I'd only roll for a hacker
> performing the kind of serious investigation involved in a shadowrun.
> "What kind of security does the secret research facility have" as
> opposed to "what are the headlines of Seattle's major newspapers".


I think that's where the TN comes in; they recommend a 4 to 6 for most
information searches, but something trivial might be as low as a 2 (which
could then be managed quite readily by defaulting). If it's truly trivial
("what are today's big news headlines") it might even be a freebie; someone
couldn't get into the matrix WITHOUT getting hit by that kind of
information.
Message no. 28
From: gurth@******.nl (Gurth)
Subject: Decker arguments (kind of)
Date: Fri, 12 Jan 2007 19:14:47 +0100
According to Geoff Gerrietts, on 12-1-07 18:43 the word on the street was...

> I think that's where the TN comes in; they recommend a 4 to 6 for most
> information searches, but something trivial might be as low as a 2 (which
> could then be managed quite readily by defaulting).

Going BTB, though, that's not going to be the case :) Given a TN of 2
for mundane, everyday information, someone with no Computer skill will
have to default to Intelligence (+4) and they're probably using terminal
mode (+2) making it 8. Given Intelligence 3, that's going to be less
than one success every two tries -- with a base time of 1D6 x 2 hours
per attempt ...

OTOH, common sense could be used in a similar way as with driving a car:
unless you're trying to do something special, you don't need to roll the
dice. So searching for the track list of Maria Mercurial's first album
isn't going to need a roll, just like driving out of your garage doesn't
need a Car skill test.

--
Gurth@******.nl - Stone Age: http://www.xs4all.nl/~gurth/index.html
Van e-mail bakt men cyberbrood.
-> Former NAGEE Editor & ShadowRN GridSec * Triangle Virtuoso <-
-> The Plastic Warriors Site: http://plastic.dumpshock.com <-

GC3.12: GAT/! d- s:- !a>? C++(---) UB+ P(+) L++ E W++(--) N o? K w-- O
M+ PS+ PE@ Y PGP- t- 5++ X(+) R+++$ tv+(++) b++@ DI- D G+ e h! !r y?
Incubated into the First Church of the Sqooshy Ball, 21-05-1998
Message no. 29
From: ggerrietts@*****.com (Geoff Gerrietts)
Subject: Decker arguments (kind of)
Date: Fri, 12 Jan 2007 11:46:12 -0800
On 1/12/07, Gurth <gurth@******.nl> wrote:
>
> According to Geoff Gerrietts, on 12-1-07 18:43 the word on the street
> was...
>
> > I think that's where the TN comes in; they recommend a 4 to 6 for most
> > information searches, but something trivial might be as low as a 2
> (which
> > could then be managed quite readily by defaulting).
>
> OTOH, common sense could be used in a similar way as with driving a car:
> unless you're trying to do something special, you don't need to roll the
> dice. So searching for the track list of Maria Mercurial's first album
> isn't going to need a roll, just like driving out of your garage doesn't
> need a Car skill test.


I think you're right -- and I'd forgotten about the +2 for terminal mode.

Further Reading

If you enjoyed reading about Decker arguments (kind of), you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!