MUMPS hackers
Loosely Typed in Ohio

Culture Becoming a Better Programmer

General Lunch is Served

We’ve been up to a lot of interesting things at Innova Partners and Cover My Meds, but nothing more interesting than the hiring of our on-site Executive Chef, Becky Nation. She’s a fantastic addition to our team, we love having her around the office, and even better, her food is delicious!

We chronicle her meals at the Innova Lunch blog. If you worked here, you’d be eating lunch right now.

General n-Tier without tears

Building n-Tier apps can be difficult. Instead of a single monolithic application that can easily hide its imperfections, a client-server model traditionally means making an API, choosing a transport, and sticking to it.

It’s like marriage, but with TCP/IP settings. Throw in a wireless client and it can be difficult to find a solution that fits. XML-RPC? SOAP? REST? Each way of communicating has benefits and drawbacks.

This is what we’re doing for client X, a niche healthcare business.

Continue Reading…

General Elevator Pitches aren’t just for your salespeople

Many people know about the Elevator Pitch, and people at companies that are succeeding have committed their company’s pitch to memory and improve it constantly to improve understanding and relevance.

We copy/paste the elevator pitch from the CoverMyMeds website many times per week. Not because it is easier, but because it is the best 15 word summary of our company that we can write.

But the best part about an honest and simple elevator pitch is that it can be used by others outside your company: your happy users, your partners, and the press.

And today, I received an email from HealthTechTopia that we’ve been awarded their #2 slot in the 25 Notable Startups that are Changing the Medical Information Industry. We’re listed among a number of very good companies, many of which I know, but something that struck me is that we had one of the only usable elevator pitches on our website out of the whole list.

Unfortunately, I’ll need to pick on someone to illustrate my point.

CoverMyMeds helps physicians and pharmacists complete Prior Authorization and other insurance coverage determination forms for any drug and for most drug health plans…

DOMA Technologies: This is a privately owned Virginia Limited Liability Corporation founded in 2000, which provides Software as a Service (SaaS) document management applications and services aimed across multiple vertical markets…

Assuming you even care about healthcare IT, which description is better? Without a good pitch, the nice folks at HealthTechTopia had to work very hard to describe what these other companies do-and it probably isn’t the very best explanation these companies could offer.

What we’ve done is improve our chances of being listed and described positively, with nothing more than a simple paragraph on our homepage (but lots of thought about who we are).

Let me close with a few simple metrics we have to evaluate our pitch. A good pitch is something that:

  • A real person would repeat to their friend/colleague without feeling like a dork or shill
  • A (non-paid) person can actually remember
  • Describes why we matter and who should care
  • Is differentiated from other pitches, but is relevant to problems to which the mainstream can relate
  • Is copy/paste-able in an email or website
  • Everyone in the organization is happy to repeat to open sales calls and meetings

Security PHP Security Presentation

I gave an hour-long presentation at the Columbus OWASP chapter meeting today concerning PHP Security. The slides might not be super-useful on their own, since I’m not standing in front of them to provide context and bad jokes, but people asked for them, so they’re available.

Download the slides (4.8MB PDF)

This is the PDF version that was shown at the OWASP presentation (including the OWASP chapter introduction), with the following changes:

  • HIPPA spelling corrected to HIPAA (yes, I work in this field).
  • OWASP’s PHP ESAPI (Enterprise Security API) link added near the end of the presentation.

Since I’m horrible at remembering names and faces, I can’t actually give credit for these fixes. If that was you: let me know, and I’m sorry.

Important Note: There’s an example of how to implement a Random Form Token to help prevent against CSRF attacks. This is a very naive implementation — in particular, since the token is generated from the current timestamp, someone could (with the proper tools) guess the correct token, which defeats the purpose of having the token at all. This was all covered during the talk.

The presentation (at least my part) was developed in Keynote, and I have the source files available if anyone thinks they’d be useful.

E-mail It
Socialized through Gregarious 42