Secure Social Networks: A Possibility

This whole issue with Sermo has me hoppin’ mad. This story really came to a head last week, but I didn’t really pay attention to it as I’m not a physician and therefore don’t care about a site of which I can’t participate. However, I finally did read some articles about this and my jaw dropped. Here, an AMA-sanctioned site with $27M ($9M when they started) in venture capital money whose entire business model centers around having a secure, private community for physicians, does nothing except use public databases (as in [nearly] free) to “ensure” a physician is not misrepresenting his/her identity. Sermo’s website makes the claim that their authentication is done in “real-time.” To quote Alex Frost, a VP at Sermo:

One of the components of the system, and one of the powerful concepts in this being a safe community for interaction, is that we built a real-time authentication and credentialing system. If you are an MD, you can gain access to the system by answering a few challenge questions, and we will verify who you are.

This is so incorrect, it’s hard to know where to start. To use words like “authentication” and “credentialing” and not be referring to information tokens that due diligence would expect only that person to have, is misleading at best, outright lying at worst. When the festering abscess that is Sermo’s security model was cut open and exposed by Medgadget’s scalpel, “Sermaphrodites” circled the wagons to protect Sermo! Rather than the Sermo physicians appreciating this potential save to their community by forcing the issue to the forefront (and calling for Sermo’s CEO, Daniel Palestrant MD, to explain how this could be allowed to happen while sitting on so much money), they saw this intervention as a “how-to” for druggies to get DEA#s (news flash: this doesn’t affect the street wino any more than it affects the white-collar drug seeker who already knew this), calling Medgadget’s authors out and turning on their own. However, another blogger independently showed that Sermo could easily be penetrated by anyone, publishing the results. Yet there was no riot on this psychologist’s blog. Sermo physicians threatened to turn Medgadget authors in to their respective state medical boards (for what, publishing public information?!?) and called for advertisers to remove their support, making me wonder if the overly-strong reaction was as much about a fellow physician breaking the “good-ol-boy fraternity mentality” than what was actually disclosed.

This was a known issue (by Sermo’s own admission) and they did nothing about it. However, this post isn’t about the drama above. Unlike many of the flamethrowers and trolls out there, I actually have framework for a solution. I’m not an MBA or looking to quit medical school and form a company, so this has nothing to do with being anti-Sermo in concept. I am passionate about information security and how it relates secure electronic physician-patient communication. I couldn’t care less about Sermo as a company or a site; like I said above, why would I care about a site I can’t even join? I’ve joined these threads online because of a genuine interest in the underlying technology, and what I see in Sermo’s gross security mismanagement is a threat to physicians’ trust of its implementation and use.

Some background on me, I was all but ready to sit for my CISSP exam in information security when my father, who had end-stage liver disease, became continually and critically ill. I already had been accepted into medical school, but rather than work up until the day I’d leave, I decided instead to take those months and help family and my dad (who eventually–thank God–had a transplant and is doing quite well). In systems administration, I was one of the first Red Hat Certified Engineers (in fact, I took my exam on their Raleigh campus because they hadn’t even begun to outsource the exam yet) and have two Sun Solaris SA certifications. I only mention all of this to give readers an idea of my status as a serious computer professional. In my few attempts to discuss these matters on comment boards so far, people see “medical student,” and it screams out like a naive 20-something. I’m nothing of the sort, especially in this field.

What follows is going to be long and technical (I’ll do the best I can on making that as painless as possible), but it’s because some groundwork is necessary to understand key concepts first. You’ve been warned…if you’re still interested, let’s go!

---

PART I: Digital Signatures“Digital signatures” in the security world does not mean a scanned image of a paper signature. While this is, indeed “digital,” it is laughably easy to forge and offers no more guarantee than some jackhole running off with a physical, rubber signature stamp. A truly digitally signed document must meet some basic criteria:

1. The signer is indisputably involved. To properly sign a document/file/message digitally, intervention is required–namely a passphrase against a cryptographic key. Therefore, there is no “rubber stamping” in this arena, a la a nurse stamping a prescription pad or “verbal orders” that were allegedly never given.
2. The signer is indisputably who they claim to be. This is done by prior verification/escrow of the cryptographic key and the foreknowledge that the identity can not mathematically be forged. When the signature occurs, the exact time and date become part of the signature. Taken as a whole, #1 and #2 provide the principle of “non-repudiation,” or the inability of the signer to “back out” by saying they didn’t mean it or that it didn’t happen at the specified date/time, etc.
3. Document integrity. The contents are guaranteed to be tamper-proof–there is no retroactive changing of anything. The document as a whole undergoes a one-way hash algorithm, a fingerprint of sorts, and the alteration of single digit, character or space renders the hash invalid. To illustrate what I mean, the hash algorithm MD5, when applied to the text of the Preamble of the US Constitution returns “d16d01f300b43c68b720698bedd5b9e3”

This computational output is a string of only 32 hexadecimal digits, so there is no way that I can take this short string and reconstruct the original, “We the People…” This is why it’s called a “one-way” hash. In fact, I can take the entire Constitution–the entire Library of Congress, even–and generate a similar, but different, unique hash. This is why I use a fingerprint analogy: you can’t extrapolate a fingerprint to a make a person, but the “mark” left behind definitely identifies where it came from. Change the document one iota and you change the fingerprint; have a different fingerprint in hand, and you know it was not from the same, unaltered document. This is essential.

PART II: Public Key Cryptography

Ever since there has been a need to keep information secret, there have been methods of doing so. Egyptians utilized a special staff where papyrus was rolled around its circumference, a message was written linearly, and other characters filled the gaps afterwards. If this papyrus was intercepted, it would be useless without the special staff which corresponded to the right helical turn length. Julius Caesar used a frameshifted alphabet, where A corresponded to, say N, B to O, C to P, etc. Unless you knew what the offset was, the message was gibberish. Of course, there’s the story of the “Enigma machine” of WWII, and now with fancy computers, the possibilities are endless–both to create new cryptosystems and to do “brute-force attacks” to break them. But that’s another book, actually.

The point here is all the examples above illustrate “symmetric key” encryption. The same “key” used to encrypt is the same key used to decrypt. The encrypted result can be iron-clad, but obtain the key and your done for. For example, if the other party got a hold of that Egyptian staff, all bets were off. So if securing the encrypting key is all-important, how do you encrypt things on the wild-west of the Internet without sending that all-important key over insecure lines? Enter public-key, or “asymmetric” cryptography.

Asymmetric keys mean that I have two keys–one public, one private–that were generated simultaneously and are mathematically, inextricably interconnected. The secret key says safe with me, but my public key can be broadcast anywhere. If someone wants to send an encrypted message to me, they don’t use some super-secret device, they use my PUBLIC key combined with their SECRET key, and the two make a message that we both can read. My secret key is safe and secured physically (my computer) and digitally (by passphrase). My public key, on the other hand, is downloadable and free for the world to use. If you tried viewing the key from the previous link, it is an example of what’s called “ciphertext,” or encrypted data transmitted by plain letters and numbers. This makes it platform neutral, easy to embed in email, chats, Sermo posts (oops, I’m foreshadowing…bad Rico!)

The two most common public key systems used for Internet communication are PGP (”Pretty Good Privacy”–now a commercial enterprise, but the founder, Phil Zimmerman started it all at MIT) and its freeware, open-source counterpart, GPG (”GNU Privacy Guard”). To see all of this in action before you get too lost in the background and theory, a digitally signed message is shown below. The original, as I wrote it, is the English text from “This” to “keyring;” everything that enveloped it above and below came from the signature process. This process here was simply invoking GPG to sign the text, and upon prompting me for my passphrase to unlock my secret key, GPG produced this output:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is an example of a signed message.  Above, the hash
algorithm should be shown (SHA256) so that the recipient
can verify with that same algorithm that every character
in this message has arrived, unaltered. Moreover, although
you can't tell by the gibberish below, this is also digitally
signed with my private GPG key, and this is verifiable if
you have my public GPG key on your keyring.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFHAAjdozJz1Dh2WKURCKu3AKDC2WQfSMxhhW382wsslrBDNiF+/QCfa026
4gPie5pNTyXN5RFMCDej3dA=
=7DOW
-----END PGP SIGNATURE-----

PART III: Web of Trust

All the PGP/GPG stuff is well and good except when you consider that the ID in the key is a name and email address–hardly something that can’t be forged. What prevents me from generating a keypair that corresponds to “George W. Bush <president@whitehouse.gov>” and sending/signing emails and messages pretending to be Dubya? Absolutely nothing. This is solved by a model called the “web of trust.” Let’s say there are two people, Bob and Alice (in security, it always is “Bob and Alice,” don’t ask) who know each other in real life. Bob can get Alice to “sign” his public key such that when others see his public key, they see Alice’s signature there, too. Alice agrees to sign only because she can attest that Bob really is who he says he is, and vice versa. When “Carol,” Alice’s friend, sends Bob a signed email, Bob has no idea if she’s really a friend of Alice’s. However, if he sees that Alice–a person whom he knows and trusts–has signed her key that was used for the email to Bob–Bob can reasonably assume that Carol’s idenitity is credible. If there are two people on Carol’s keychain that Bob personally knows (and also has their digital public keys), then Bob really has much better assurance of Carol’s identity.

Now, If the contents of the communication is “Hey, nice to meet you,” then all of this is rather silly. However, if the content of the communication has some request that requires a commitment of time, energy or money, then the bar is raised. Now let’s zoom to the present situation, and the communication is a physician requesting information on a patient. Now there’s a legal component to consider as well. The more people gather to voluntarily sign each other’s keys after verifying identity, the stronger this web becomes and the more it can be trusted.

The explosion of the internet “to the masses” is exactly what made this model fail. When the bulk of the Internet users were those affiliated with universities, colleges, the government and specialty technology companies, you had a select enough group to do this with. 10 years later, when disgruntled radicals, convicted felons, and my grandma all have broadband, the idea of “voluntary trust” among like-minded individuals is laughable.

PART IV: Of Triangles and Tradeoffs

The following graphic is the classic “security triangle” (there are many variations) that shows that you can’t have all three things at once completely:

In order to make a system secure, it’s going to cost money and it’s going to have to have some hassle associated with it. Whether it’s having to remember passwords, carrying a swipe badge in the case of physical security, there’s a component of inconvenience–always. In order to make things secure but easier to use, you’re going to have to sink proportionally more money into it. Using the PGP vs. GPG example above, GPG is free, but using it is not intuitive. There are graphical “wrappers” and plugins for email/chat clients that allow one to mouse click this or that, but most are kludgy, and there is no consistent interface at all. PGP, on the other hand, uses 95% of the same underlying technology, but as a polished corporate product, it provides stable, reliable solutions ranging from personal software to enterprise tools to secure entire infrastructures. This obviously is not going to come cheap, but it’s a hell of a lot easier to use and deploy. Not being able to “have it all” is essential in managing both users’ and managers’ expectations regarding security solutions.

Sermo sacrificed security to make a system that was cheap and easy to use, or more to the point, easy to sign up. With all the VC money that Sermo had, this is inexcusable.

PART V: Wherein I actually get to the point

While the Web of Trust model above could not be sustained with the Internet at large, it works beautifully among a tight-knit community–like physicians on a social network! Doctors are a naturally suspicious, overly cautious, and a fiercely protective group. Especially if “signing one’s name” to something, physicians in these overly-litigious times understandably need a lot of reassurance. I say, “PERFECT!” What better self-policing model than to have that suspicion, that scrutiny to ensure a secure, physician-only social/medical network? The ever-present sentiment of “I went through hell-training, gave up 10 years after college for shit wages…” doesn’t lend itself well to being “spied” on by slimeball, used-car-salesman drug rep types posing as doctors to listen in on discussions and reporting back to their Mother Ship.

It’s self-policing in every way. Here, it doesn’t matter if you have MD, DO, PhD, PharmD, etc. after your name; it matters if you have other peoples’ digital signatures attached to your own. If some ‘newbie’ comes in and claims to be such-and-such and really doesn’t have much in the way of referring signed sigs, they’ll naturally be less trusted, perhaps not included into certain forums until they’re vouched for–just like it is in real life. In cyberspace, people have these disconnected expectations of human behavior, like some forum doesn’t treat them as one of their own after two postings, but here in “meatspace,” doesn’t it work the same way? You go to one or two meetings or the like by yourself, and you might get a lukewarm reception. You go with 2-3 “regulars” that introduce you to people, and you’re going to have a much different, much more rewarding, experience. If this is going to be a social network–a social network that needs to have the requisite security where members are truly vetted–then it’s going to have the same issues, concerns, and dynamics of ANY social network, as far as the people dynamic is concerned.

But let’s be honest. Sermo isn’t trying to create a social network for physicans, much less try to make it secure place any more than it needs to keep operational. Looking at the Sermo graphics and market propaganda, you’d think it was trying to make Facebook for physicians. The real point of Sermo is to make money for its stakeholders, which it’s poised to do, hand over fist. Sermo’s free membership and ad-free content is paid for by revenue from “clients” who will pay to either monitor discussions in nonspecific fashion for a subscription fee or pay a large sum to have a question put out there, (eg. Merck asks, “If Vioxx were to come back on the market, would you prescribe it?” — Sermo just made $50,000 for a yes/no poll). Sermo claims that it only shares aggregate data and that no personally identifying information is shared with third parties, but how much can you trust a company that already has shown such disgustingly lax security practices?

Everything I’ve outlined above is a framework, a skeleton on which one can lay a foundation for a better, more secure way of communicating. Sermo could have and still can implement any of this at any time. I used PGP/GPG as examples only; there are many implementations of the cryptographic and security principles that lie behind these. I say build a new network, one that from the ground-up is a collaborative effort of physicians, not the money-making vision of a single physician. Build a network that is truly socially policed, where members are vetted according to agreed-upon standards, where discussion can take place in appropriate forums with reasonable assurance that the information will not be shared by others in any fashion, aggregate or not. The security technology is there to use however desired. It can be a zero cost solution with a steeper learning/usage curve or a paid-for solution to make life easier for everyone; the community will decide what’s best. Build a social network that is based on a meritocracy where members that give the most get the most decision-making authority, rather than a autocracy that doles out $75 to a poor resident for answering a poll question that Big Pharma paid tens of thousands for. Have complete transparency in business practices, privacy statements, etc.

Just don’t build another Sermo.

Screwed up from the beginning

The 1975 JC Penney’s Catalog. I definitely don’t remember this one, but my childhood was full of dreaming of getting things from phonebook-sized catalogs, like the Sears Wishbook, to smaller-sized but no less desirable merchants, such as Radio Shack. Given that I was 3-4 at the time this came out, my entire formative years would have been immersed in imagery such as this in everyday life. I’m going to need more therapy than I thought…

Something worthy of mention: Brooke Shields is actually one of the models in the girl’s clothing picture! And for those of you who think (correctly) that the fashion industry nowadays sends the wrong message to girls to be unreasonably thin, check out that same picture which advertises “also chubby sizes.” (!!!) That’s one step away from me regressing to a 10-year-old being bought Sears Toughskins “husky” sized jeans. AAAH!!! Not the “X” stitched on the back pocket! Nooooo!!!

There’s also another page of PG-13 items, like “water pipes.” (Hash sold separately)

(via BoingBoing)

Happy Birthday, Grand Rounds!

Grand Rounds’ 4th birthday is hosted at Kevin, MD.

(although it is kinda ironic–Kevin MD is sort of a human feed aggregator, and probably 70-80% of these stories were already linked from a previous entry on his site)

My new avatar

Who said I can’t have fun with my daughter’s things?

Random thoughts on a Sunday

I’m telling you, I’m in blog weirdo-land right now. I was refreshing my newsreader, and I started reading some blogs I usually don’t get to, but I also have found myself commenting on certain sites that I usually don’t comment on. I then realized there were quite a few sites that I read far more often but don’t comment on with the same frequency. All in all, I’ve been writing on others’ sites more than my own. That has to stop if I’m gonna keep a blog. I don’t have that much time!

I’ve been really, really disorganized lately. Everything’s fine, no real complaints except for work, which has been as hellishly complex as the worst subjects of studying. If any of you grok what LDAP is, you can imagine the complexity and hassle of trying to migrate a major state university’s worth of data over the last 5 or so years (>100,000 people and associated computing resource entries over the time period) from 10-year-old software to something current. I’m not going to waste space on the specifics, but trying to “fit” bandaged-up crap that’s beyond aging, full of “custom” fixes, to something standard and current is a nightmare. When I was last there 3 years ago, this was the final thing I was working on, and I’m sad to say no real progress has been made. Hell, I don’t think they’ve even filled my old position yet.

So, I’ve decided to get back on an anti-depressant. I won’t tell you which one because of HIPAA and all, but also because it makes no damn bit of difference anyway. I was commenting on Shrinkrap about the fact it’s all a crapshoot anyway. A doctor can have the right reasons to choose antidepressant A over antidepressant B, including side effect profiles, etc., but it makes squat difference in reality that a person will react in a predictable fashion vs. another. Different people will respond to different degrees given a certain medication, but if you block beta-1 receptors, your heart rate/blood pressure will go down, guaran-damn-teed. You give someone Adderall (assuming they’re not already a jaded meth addict), they will be pharmacologically stimulated. Moreover, in both these cases, you can use an independent, objective measurement like blood pressure to monitor the [side] effects of the drugs and know if changes need to be made.

Contrast that with a patient starting SSRI therapy, they might feel better after 2-3 weeks, might not. They might feel worse. Repeat for SSRI, choice 2: “Meh, I feel something, but it’s not like I feel worlds better.” Repeat again. If you could, in theory, measure the 5-HT/NE reuptake blockade to prove an antidepressant was working, it would have no predictable correlation to how the patient feels, which is my main point. Psychiatrists really have their hands full with complex psychoses, criminal disorders, etc., so I’m not disparaging them at all. It’s just that for people who just need the “fine-tune” knob adjusted to their personal, subjective liking, roll the dice because at that point, it’s craploads more luck than science.

Like many things, it could be my expectations are little high. I am just not feeling as good as I thought I would be at this point being out of school and concentrating on me and family. I have not started in earnest my exercise plan, and although nobody is making me feel “under the gun,” I know myself well enough to know that I need to nip this stuff in the bud before I look back and wonder where the time went. Not gonna happen this time.

Grand Rounds 3:52

GR 3:52 is up at Six Until Me, a patient blog focused on diabetes. The 52 means that next week, we’ll cycle to 4:1! Exciting!

Teething: worse for the baby or the parent?

OK, so I’ve about had it with this teething crap. We already have a high-energy, go-go-go, sleep-fighting, hell-on-training-wheels toddler (16mo) as it is. The two upper canine teeth are coming in simultaneously, and it’s about all I can do to keep it together. After the Tylenol and topical Orajel have run their course and the wailing STILL doesn’t stop, I start having sick fantasies of injecting *caine right onto her superior alveolar nerve for certain relief; if I’m a little too trigger-happy on the plunger and she doesn’t wind up feeling half her nose/cheek, well, it will wear off eventually.

Of course, in terms of development, this is also the period where screaming is a “normal” part of starting to assert themselves–aka, the “temper tantrum.” This is often accompanied by a complete loss of skeletal muscle tone as the child goes completely limp. If she were an adult, I’d be calling the neurologist. With wall-to-wall tile floors, this a great way to hit her head–making me not lose that neurologist’s phone number after all.

All in all, it’s been rough. I work from home now, so I’m around baby noise ALL. THE. TIME. All my noise-cutting tricks for studying are still being employed. I think I’m the only med student in the western hemisphere that actually uses ballistics/gun earmuffs as part of their study arsenal…and I’ve never owned a gun! But there’s my ace-in-the-hole secret weapon, fellow med students. If you can tolerate looking like a total dork (and at my age/status, it’s not like I’m trying to score), putting on what looks like headphones from 1975 combined with inserting foam earplugs first, will give you (theoretically) over -60dB noise reduction. Some people get freaked out with near-silence; they always need some ambient noise (other than the blood rushing in their ears). I am not one of them. There are only a few select genres of music I can listen to (and classical is certainly not one of them) that won’t have me audibly distracted, involuntarily processing the music instead of processing what’s on the page.

When I was a kid, it was determined that my auditory processing was not up to snuff. In the classroom, I often didn’t do what I was instructed partly because I just didn’t assimilate what was told to me. As an adult, this has not changed. Everything has to be written down. Thankfully, it’s limited to verbal auditory processing. As a musician with a super-finely tuned ear, one would be surprised that I have to think about what’s told to me a lot harder than most. I can musically process a song instantly, but I can hear the same song 10 times and probably recite one line of lyrics. If you give me the lyrics written out, such as on liner notes, I’ll remember most of them at first glance, because I processed the information visually. At work, people would tell me any number of things, and I’d famously say, “Send me an email so I’ll remember.”

I should clarify that this is a problem only if I’m not 100% “on task” with listening (which, for most people in busy situations, is almost 100% of the time). But I can’t audibly multitask. If I’m talking to you on the phone, you have my complete, undivided attention–not because I care so much about you (but of course, I actually do), but because I really have no other choice! You’d know if I started trying to investigate something around me if we were on the phone, because suddenly you’d hear, “uh huh…*silence*….what was that again?”

It’s this same “odd” auditory sensitivity that makes living with a loud, active, fussy (but thankfully healthy-as-a-horse) toddler a mental drain. The distracting auditory input that would be annoying to anyone is crippling for me (as far as high-level mental processing goes). The same goes with many different types of “noise pollution” around me. Am I making a problem worse by finding new and better ways to give myself quiet? Should I be going the other direction, slowly desensitizing myself so that I can cope better in the “real world?” I haven’t figured out how to accomplish the latter yet, but something’s gotta give. I can’t have complete quiet and no interruptions doing an H&P like we’ve done as students in the real world. One often doesn’t have the ability to scribble anything until, say, outside the hospital room.

This is one of those unforeseeable things I didn’t know I’d have as rough a time with. The other is social isolation from working at home/not seeing classmates, but that’s for another post.

Gimme a little somethin’ somethin’

A friend sent me this article at CNN about a pictureboard used to help with patients who don’t speak English. Especially in emergency settings, it helps assist healthcare personnel to 1) identify the nationality/language of the person so that an appropriate translator can be found, and 2) obviously, so the patient can easily communicate what’s wrong, what happened, what they need, etc., at least in a basic fashion until #1 can be achieved.

When I saw the blowup of the picture board, however, I felt it was missing some crucial squares that ED personnel would need regularly. Above is an excerpt from the official board and below is my addition, based on what I feel could also assist personnel establish a differential about what actually might be wrong:

---

Pavarotti, Silenced

It’s after midnight, and I was doing a slow shutdown of things at my desk when the news bulletin was found in my inbox: Luciano Pavarotti, unarguably one of the greatest voices of the 20th century, has passed away, having lost his battle to pancreatic cancer. Many famous, even history-making musicians have died in the last few years, but Pavarotti wasn’t just a luminary in the opera world. I don’t know if I can fill up counting on one hand the number of classical musicians alive today that have so successfully had such appeal to “the masses” that they are a household name even for people who don’t own a classical album. Seriously–Yo-Yo Ma is about the only other person at that level that I can compare the broad appeal with–so this is a huge, worldwide loss. The fact that Pavarotti was an opera singer, perhaps the most “uncool” of any classical genre, shows his universal appeal.

Unlike the sold-out stadiums and the “Three Tenors” era where Pavarotti would use a microphone, “real” concerts at the Met, Carnegie Hall, etc. of course had no such devices for projecting his voice. Like all opera singers, he alone is the instrument, and projecting a voice to fill a concert hall is a given. However, even when backed by an orchestra, in full costume on stage during an opera performance, that voice still needs to have the power and resonance to reach the 3rd balcony seats in a hall with a vaulted ceiling. This is what people need to appreciate when considering the fact that besides the power and volume, was also the incredible simultaneous sweetness of his voice.

Personally, I’m not a big opera buff. It’s just not my thing–I’m just hardwired I guess to be a in instrumentalist. But Pavarotti was one of perhaps 2 or 3 singers that would draw me into that world regardless, and obviously, I am simply one of so many thousands.

I uploaded his signature aria, “Nessun Dorma” (”None shall sleep”) from Puccini’s Turandot to my YouTube channel just a few weeks ago. I did so because I recently found this clip among my collection (which is from 1980, well before age started to catch up with him), but also because most of the other versions on YT were from the last 10 years or so with microphones or the like, and I wanted to share a “pure” performance. I’m not going to go into Turandot’s story or translate this aria (that’s an exercise for the reader ), but the last word sung is “Vincerò!” which means, “I shall be victorious!” Even though he lost the battle with cancer, he has unquestionably conquered the musical world. His career will live forever, the lives and hearts he touched carry with them that magic, and now, like those in the opera from which he’s singing, Luciano can finally sleep.

Requiem aeternam dona eo, Domine, et lux perpetua luceat eo.