| From: | lomion lomion@*********.org |
|---|---|
| Subject: | Gearheads: The Nature of the Matrix and Simsense Players |
| Date: | Wed, 01 Dec 1999 00:24:26 -0800 |
Ok, I'm assuming you're looking at the Matrix as one giant network, with
>hosts and other machines essentially just being subnets?
I'd say the Matrix is like the Internet today, an internetowrk connecting a
series of networks together, this way one node dies the others are not
affected.
> > Every computer, router, hub, switch, and passbox maintained by the
> > telecommunications industries collectively, that's what. Everything you
> > "see" or "touch" or "hear" or interact with in the
Matrix is a
> > representation of far more complex processes going on outside the virtual
> > machine. You may not be able to spy actual data packets and see what they
> > say, but it is entirely possible that the underlying network allows the
> > virtual machine to show you a "stream" of data moving in or out of a
given
> > host.
>
>Hmm, ok so you're saying the Matrix is a distributed architecture in that
>almost everything connected to it becomes a part of the processing power? IE
>when I boot my cyberdeck and log onto the Matrix I have a little "matrix
>daemon" running in the background?
This doesn;t make full sense to me, the client is what does the rendering
(otherwise makes no sense). The remote server will do some work but in the
end it's the client machine that does the final bit.
>If not then how does this differ from the current internet? You could say we
>all "touch" the internet in some way with our personal computers.
>
>I don't buy the representation of system loads for reasons explained below.
>
> > But you ask, "why ever would they do this?" Simple: the
> > width/brightness/density of the stream may represent the overall data
> > load passing to or from that host.
>
>That's reasonable (and really no different from system monitoring software
>now).
Agreed, graphic system monitoring tools havr been around for years..i've
was using them in 92 when i first worked for an ISP.
> >This is a diagnostic/public service
> > thing. It allows folks to easily see at a glance when a system is
> > overloaded. It's like listening on the radio for the traffic report on
> > your way home from work. If you know that something's jammed beforehand,
> > you'll pick and alternate route.
>
>Why go through the trouble at all of having the systems broadcast this at
>all? Your own personal system can monitor this and display it just as well.
>And the hosts don't have to waste power doing it for you.
Agreed, it makes no snese for the remote servers to do this, your local
machine would monitor itself and maybe those hosts that allow remote
monitoring, think syslog on a Unix box where you can have it log to a
remote server.
> >There are times that I as a user would
> > have killed for the ability to know beforehand that the network traffic to
> > a given site was so high that I'd have to wait eons for my
> > requests/purchases to process. Further, there are times that I as a
> > system administrator would have killed to have an easy visual
> > representation of the load of my entire network ('cause let's face it,
> > "top" and "load" can only go so far).
>
>Heh, yes - but why bother? Just as easy to call up a simple network diagram
>in your "field of view" showing chokepoints. It would be a LOT more accurate
>then relying on trying to figure out what the Matrix metaphor was trying to
>show.
TCP/IP does not insure QoS, ATM does. I'd think that trend would continue,
make the backbone and big boys provide quality, who cares about the little
guy, costs too much.
> > Can a decker get access to this data? Absolutely. How? Well,
> > that's a little harder. I'll include the example that Tzeentch gave and
> > work from there...
>
>I think we diverged here on what I meant by "broadcasts". Remember earlier I
>noted that there could be "public" broadcasts made by Matrix users and hosts
>that everyone could receive (ie other peoples icons, the hostsite icons and
>"location" etc. You could be sending on the Matrix (ie the network) but
>since it's not "broadcast" you would have a LOT harder time finding it since
>you would not see it with your Matrix metaphor translation program.
>Essentially broadcast data is stuff everyone gets just by being "on" the
>Matrix.
Broadcast within a network is something everyone is meant to see, i don;t
think they would apply this to the whole matrix as it would be
wasteful. This is not the same as icons, etc. Broadcast is more along the
lines of routing tables, and it's ilk.
HEck a way to get at the data would be to compromise a machine hooked to
one of the relay points if you can predict where it will relay (hard to do
since static routes are not the norm, even in 2060 i doubt they are), and
sniff the packets.
>I'm not argueing you will not see a "mediawire" style port in the future.
>Where you won't have a phone or cable line - just a jack that any
>information system could use. Plug your stereo in and it talks to the house
>network. Get on the net? That talks to the home server and routes you out to
>the net (whether it uses a normal phone or whatever they do to get online in
>SR). Stealing a jackpoint? You just steal that "houses" (or businesses)
>already existing connection. Which could really blow if they have limited
>access or bandwidth...
This is done all the time, a common way to perform DoS attacks is to crack
a poorly secured server.
>You would not see overall system loads unless you set up YOUR system to
>perform some sort of diagnostic function and display that in a way that you
>liked. Just like the current internet makes such matters "invisible" you
>would never notice them in the future either. You can just trust your Matrix
>interface is automatically checking dataflow and picking the least congested
>path when you "move". Its a waste of time and resources to have that
>information broadcast to the Matrix as a whole.
>
> >This doesn't do him
> > a damn bit of good at this point, but he knows it's there and that it's
> > active.
>
>How do you propose one "sees" backbone architecture such as this?
>Routers..ok I can see you displaying those since they are factored into the
>host 'icon'. But a celltower or microwave link tower pretty much just relays
>traffic. The Matrix just..IS..you would not see and would not want to see
>the HALO relays floating over the city, celltowers, microwave links and all
>the other "hard"components of the net. It's all prettyfied and everything
>hidden.
Well actively looking for this kind of like a traceroute would do it, but
it's somethiong that is done actively and can even be stopped. Selective
ICMP blocking is great on firewalls, this is a practive I see would be
common in SR.
> > From the tower, the data packet will get rebroadcast and sent on
> > its way, perhaps to another tower, perhaps to a receiving station that
> > will send it along a land-line and further on its way, perhaps to a
> > ground station that will beam it to a satellite where the signal will get
> > bounced half-way across the world before entering Company A's home office.
>
>Exactly, but that's all invisible and outside the "visibility" scope of the
>LTG anyways. Your own client side software would have to determine how to
>handle that.
>
> > If that's not "broadcast on the Matrix" I don't know what is. Forget
> > about different ports, because once everything's digital there's little
> > point to it, and any decker worth his salt is going to be listening to
> > every active port a router has anyway.
>
>I suppose, in an network model where everyone is just a host on one
>ubernetwork...maybe. But even shared lines can be secured. Just because you
>can "see" all the computers on a cablemodem line as being on the same local
>area network does not mean they can't secure their systems or perform
>actions you can't see, even in promiscuous mode you only see what's on YOUR
>network (IIRC) . You don't suddenly start seeing every piece of data flying
>by "above" your current network. You can see traffic not addressed to you
>though and sniff it...as long as someone on your network was a recipient
>(your card just does not discard it). Someone help me out here though.
yeah promiscuous(sp?) mode lets you see everything on your subnet
bascially, you can pull packets. That's why using clear text in passwords
is not a good thing, why i disable things like telnet immediately whenever
i setup a server. Al lyou needs is a packer sniffer and you set. Sniffers
are easy to come by as well, at least in the Unix world, I'm sure deckers
would have asccess to similar utilites. Encrytiption becomes the key
here. As for cable modems, yes if your not properly secured that can
happen but it's easy to hide yourself from most even on a cable modem
network, i've isolated myself from causal lookers.
> > > Would Joe Decker "see" this traffic going into the Company A
building?
> >
> > That depends entirely on what the LTG is set up to show the casual
> > observer. I'd say that the LTG would show a representation of overall
> > load, but not specific data packets in particular.
>
>I would not go so far as the LTG would broadcast anything other then updates
>on items in it's "space". Why waste the bandwidth? Your own software can
>figure that out (future version of "ping" and "traceroute".
True, unless QoS is required for it it would not do that. If Quality is
part of the package then it would track it more.
> > > In fact unless you had inside knowledge there would be no way for you
> > > to easily see what was going on with this platform.
> >
> > Exactly, and you'll get no disagreement from me on this. You need
> > to know of the existence of the observation platform before you have a
> > hope in hell of intercepting its data. But then again, if you didn't know
> > it existed, we wouldn't be having this discussion.
> > > The data packets are routed to Company A so your service provider would
> > > throw them out once it hit THEIR servers.
> >
> > Now. In 2060?
> > Even if the system worked the same way (which is a long shot,
> > IMHO), no one is arguing that you'll see the packets themselves, merely a
> > virtual representation of them.
>
>I could see YOUR client side system monitoring local system load and
>displaying it. But I don't buy the idea that the host itself is handling
>that information.
>
> > > You would not even see the packets so you could not sniff them.
> >
> > Wrong again. You know there's traffic going to and from Company A
> > from this remote platform. Set yourself up on a router between points A
> > and B and listen in.
>
>Exacty, it requires you get "between" the data somehow so you could be a man
>in the middle. There ARE ways to potentially detect people doing this
>however. The average joe decker coming from an illegal jackpoint tap from
>Bobs Bar and Grill would have no hope of interecepting the traffic - even
>though it's being sent through the "matrix".
man in the middle reminds me of a common attack, you intercept the packets
somehow as they travel from point a to be, either through hijacking a host,
or trojaning some software, replacing it with your own version that does
something extra.
> > If you know what you're looking for, you just may
> > find it. Yes, it involves hacking into a router maintained by the
> > telecommunications company, but guess what - you've just made a "Tap
> > Commcall" operation, using the security of the LTG or RTG's security
> > rating, just like described in VR2.0.
>
>I'd make the decker hack the system, not just perform some cheesy test. The
>routers and databases are not public access. I'd make a decker hack the
>total telecom system to even attempt a Tap Commcall in fact. He could leave
>a backdoor or fake account. but it won't be automatic. And it could be
>killed at any time.
One thing on sniffing though, trying to monitor traffic from a router
woould be next to impossible due to sheer amount of data passing, Now
monitoring a system hooked into Company A would be easier and less time
consuming in the long run.
The other program has to know how to talk to other programs (even the future
>will use the standard network model no?). You have to have standards like
>"ports" for programs to easily communicate between themselves. Why would
>this change? They may not call them ports but there has to be some
>communications channel between programs and systems that is documented and
>standardized.
>
> > > and would EASILY be secured via even simple encryption.
> >
> > Now you're talking. So sure, the decker figures out which routers
> > are handling the traffic, and sets himself up to listen. He snags some
> > packets that he's 99% sure come from this observation post. He looks at
> > them. They're garbage. So he runs a high-rating decryption algorithm on
> > them. Suddenly, he sees the video feed from the observation platform.
>
>Well, assuming future encyption totally sucks ;) But it would be a drag for
>the decker if everyone started using PGP version 66.3 and the GM saying
>"Hmm, with current technology it will take your cyberdeck 10 _billion_ years
>to crack that single packet. Did I mentione each packet used a different
>randomized encryption method?" <decker player screams>
>
> > > The only way you would be able to find out about the platforms data
>would be
> > > to either hack the Company A building and get the data as it comes in
>(by
> > > checking out the slave nodes)...
> >
> > ...Which we've decided is too hard...
> >
> > > ... or hack into the routers "upstream" of where you are so you
could
> > > possibly sniff its traffic (assuming you knew its net id code).
> >
> > Bingo! That's exactly what "Tap Commcall" does. And finding its
> > "net id code" is part of the challenge.
>
>Like hacking the telecom operators ... and since they RUN the Matrix...
>
> > No one ever said it was easy.
> > Now, I can already hear the other tech-heads saying, "Yeah, but
> > what about sophisticated load-averaging routines that spread traffic among
> > a bunch of different routers such that no two packets necessarily get
> > there the same way?" My response it this: those kinds of switching
> > routines are based on algorithms, and algorithms can be cracked. So yes,
> > a decker may be simultaneously monitoring three or four or twelve
> > different routers for different packets to try to assemble the video feed
> > from this platform, but it's all taken care of in a single operation.
>
>Ok, that sounds perfectly reasonable. To be REALLY evil have the corps send
>all the data EXCEPT certain really important sequencing packets via some
>other medium like satellite or even radio (packet radio) (hey its only a
>little data so costs are low). THAT would really mess with the deckers heads
>since no matter what the data would be corrupted. The loss in speed could be
>acceptable for the increase in security.
>
> > Why? Because I don't want to roll dice all damn day. And the level of
> > complexity of a networks switching algorithm is directly proportional to
> > its overall Security Rating/Profile, which is exactly what is used to
> > make the decker's life difficult for this kind of operation. Wow. It's
> > almost as if someone already thought this through...
>
>Hmm, ok that's a good justification on both counts.
>
> > > It's harder to justify the actual network that would have to be in place
> > > for this, especially considering the incredibly volatile history of
> > > Shadowrun, but it's just a game.
> >
> > Keep in mind that things have been pretty stable since the mid
> > 2030's or so, and 30 years of technological advance goes a *long* way
> > (especially considering that the "Internet" as we know it didn't exist
in
> > its current form 30 years ago).
>
>Well that has some logical problems. Some of the negative factors are the
>incredible balkanization of the world powers, lack of centralized control of
>goverment and telecommunications, and a hostile political climate. Plus what
>corp would fund a new network system (probably heavily damaged in the SAIM
>guerrilla war and breakup of the US (to be NA specific here, rest of the
>world has similar problems)? The telco giants are fighting for share or are
>content with being monopolies for their own LTG/RTG so there is little
>incentive to innovate, just evolve (look at the floundering attempts of the
>current telco companies to shoehorn more bandwidth over (in some cases)
>50-60 year old copper wire!
>
>If you can come up with a way to explain this more power to ya! I don't
>think we can say it was enlightened self-interest though :)~ But its a VERY
>VERY minor quibble. And since I hate the default SR background it's a
>non-issue for me.
>
> > > And to maintain even a modicum of technical credibility
> > > you would have to agree that routing algorithms in SR would be VERY
>advanced
> > > to keep network latency down and minimize bandwidth usage.
> >
> > See my above point.
> >
> > > You have to pay for the commlink services and it seems reasonable to say
> > > objects will "broadcast" what they are upon connection to the
Matrix (ie
>an
> > > advanced form of Jini lets say). They will also have to have an
>"address"
> > > for the network so traffic can be routed to them (this wil no doubt be
> > > dynamic much like a badass version of DHCP).
> >
> > I agree completely, and hacking this kind of subscription service
> > is what setting up an illegal jackpoint is all about.
>
>That could be an adenture all by itself. Especially if you kill off illegal
>accounts for every sucessful Trace :)
>
> > > I'm rambling but it all boils down to VERIFICATION. In the base SR books
>as
> > > presented there is no verification of anything. Shadowbeat (the Holy
>Book of
> > > Shadowrun IMHO) covers this a bit but not much. At least in CP you pay
>for
> > > your net service, life in SR is pretty good if no deckers pay for their
> > > service (and I can't see the Corps allowing that).
> >
> > 2600, anyone? There are lots of ways to get services for free,
> > exploiting loopholes, harware problems, or bugs.
>
>Well yes but security holes close VERY fast even now (Microsloth
>notwithstanding), especially in the fast-forward 2060s. You can't use the
>2600 hertz tone to sieze phone trunks anymore (that's the origin of the 2600
>name..). And good luck trying to use last months security exploit on a
>properly administered network. SOTA is a beotch now!
>
>Of course sometimes a patch just opens another vulnerability.. And so it
>goes. Ain't progress grand?
You fmailiar with OpenBSD, they are doing a line by line audit of code to
remove vulnerabilities, but as the saying goes, for evey hole you patch 2
more appear, it's a race really. There has to be a SR equivalent of
Bugtraq (maybe part of shadowland?)
> > Part of the fun is
> > figuring out how to make it all work. Granted, some of those loopholes
> > will get shut down, hardware will get fixed, and software will get
> > patched. But there will be new ones to take their places. It's the
> > nature of the beast. I know at least one person who has an AOL account
> > that is not in their name and (as near as I can tell) gets billed
> > "elsewhere". How many people do you know who get premium cable or
> > satellite channels for free?
>
>Not that many anymore :) Well more power to your account boosting friend on
>AOL (I'm willing to bet he just hijacked someones account or is using a
>stolen credit card). The difference between our good AOL "l33t d00d" and a
>decker is that the decker is active. Things are looking for him and if he is
>found bye-bye account. Ask your "l33t" friend to go run a portscanner on a
>.mil or .gov site and see how long his account lasts.
>
> > > <shrug> Who built this network anyways? The fiberoptic fairies? Maybe
>the
> > > immortal elves did it or something or they used magic. It seems pretty
> > > amazing with the general lack of centralized control or reason to
>upgrade
> > > the network (not to mention the expense!!!) that the Matrix is so
>drekhot to
> > > begin with! transmitting everything from simsense to live trideo feeds??
>To
> > > millions of users all over the world at incredible speeds with no
> > > congestion? Now THAT is magic chummers.
The reason is money, think e-commerce, think online ads. And how could you
contrl something that is truly global and changes so rapidly?
> >
> > No one ever said that there was no congestion, nor that there
> > weren't local differences or problems. But that's the joy of "UMS
> > Default." It's a standard that everyone supports, sort of like PPP or
> > TCP/IP on a much larger scale. It's infinitely better for the consumer to
> > have a product that allows for variance but conforms to some underlying
> > standard. That's why cellular service here in the US sucks ass compared
> > to other countries. We still don't have a standard, so everybody and
> > their brother is doing something different, and your coverage or services
> > may be limited outside your area. In Japan, for example, they've had
> > web-surfing, text paging, e-mail, and even two-way video available to
> > cellular customers for years now. In Detroit, text messaging is all the
> > rage. No video. No e-mail. But the Japanese government stepped up to
> > the plate and actually set up an industry standard. That hasn't happened
> > here in the US yet, and our capabilities suffer because of it.
>
>This I can agree 150% with.
I agree.
> > The differences between the various RTG's and LTG's is more likely
> > one of convenience, service, access speed, and user "perks" than one
of
> > underlying incompatibility. Maybe the Seattle RTG shows "streams"
> > of light representing data moving around as a user-friendly way of
> > monitoring load. Maybe the Tir RTG doesn't, becuase they think it's a
> > potential breach security.
>
>Problem here. Why would the future net be even less efficient then the
>current internet? Think about it, what's easier, just going to a site and it
>does matter where in the world it is - or having to hop around LTGs and RTGs
>to get where you are going?? How do you sort that little monster out? Since
>in SR it sure seems you have to do that to get to sites outside your LTG...
>Perhaps its a symptom of the balkanized powers?
Yeah, i'd say that some governements tried to limit some thing in their
area so you have all this node hopping, either that or they wanted to make
you roll more dice.
<
> > However, the importance of the metaphor is that it makes things
> > intuitive and user-friendly. It's much easier to have people pull a
> > virtual book off a virtual shelf than to teach them how to retrieve
> > backups from a bank of DLT's, trust me. Just as a mouse is more intuitive
> > than a keyboard or arcane line commands, a simsense environment will be
> > more intuitive than a flatscreen keyboard-and-mouse environment. Speaking
> > is more intuitive than typing, and it's easier to have someone "speak"
> > than write an e-mail message. "User" is a five letter word. It
starts
> > with a silent "L", so anything that makes it easier to use a computer
> > environment is less hassle for the sysadmins. As our technology
> > increases, we'll have more and more capabilities that will make the way we
> > work now more and more obsolete.
>
>True, but it can make simple tasks MUCH more complex. It's the difference
>between UNIX and Windows. Generally you can do the same things but you have
>to perform more "user friendly" steps in Windows then UNIX.
I dont know about this, I sometimes think all these GUI's complicate some
tasks, it's much easier to type in some commands really.
>Well except for the background history (which I think is incredibly dumb) I
>think Shadowrun is the best thought-out cyberpunk game to ever hit the
>market. Too bad about the relative lack of "runner" commentary in the new
>books. That really helped to figure out how things worked in the future.
>Maybe if we had shadowcomments in the VR 2 book we would have less items to
>talk about!
>
>That's always a thought, a Plastic Warriors style Matrix book. We could beat
>whatever cheesy Target: Matrix book they make into the ground :)
Heh, i think the lack of comments comes from most ppl lack of real
knowledge about it, i know some of the minds behind VR 2 had some clue though.
> "And unlike in that cheap "Netrunner in 2020" trideo thriller there
are no
>programs that can make your deck explode, your house start on fire, or wipe
>your mind. That show makes me vomit on my deck whenever I see it... Those
>little 'Rache Bartmosse' dolls should all be burned in the same hellfire
>that Pokemon 2060: Return of Pikachu belongs in. But I digress..."
>*NOTE: I personally don't use Black ICE that affects simsense feeds because
>I think it's lame, YMMV. And yes I think the Cyberpunk 2020 netrunning
>system is absolutely pathetic.
Interesting point, I haven't used Black ICE much since any deckers ive
played with were more worried about getting caught.
Hmm what about bouncing your IP, the 2060 equivalent i don;t recall
anything really like that beyond some stuff that spoofs a trace. There are
alot of way to bounce, be it a badly setup firewall or proxy or ftp
bouncing for example?
I really would like to pull together a Matrix book of some sort, this
thread has really made me want to clarify stuff for myself at least.
--lomion
