Web site revamp

I’ve spent the best part of the last two weeks simplifying rxkinetics.com in order to make the information easier to find. The home page is now a simple link tree, ugly but functional.

All vestiges of the message board, listserv and wiki have been removed. I’ve tried every setting to prevent it, but spammers keep finding ways to post inappropriate topics, mainly PPC (pills, porn, casinos). These features of the web site have never been popular, pharmacists with real jobs don’t have time for them. The only recent postings are from spambots. In the last year it has become completely overwhelming with spam posts every day. I have no time to deal with this idiocy. These vandals are ruining the internet.

RxKinetics.com is still ad-free. I stubbornly refuse to allow advertising on my web site. As a frequent web surfer myself, I hate intrusive ads and consider them another form of spam. I have used AdBlock for years, but many web sites have now installed block detectors and refuse entry to their web site if an ad blocker is in use. I find it disheartening to see this takeover of the web by advertising. Google is the worst offender. I mean, really, how much money do they need? If you want to keep this tiny corner of the web ad free, please buy something, anything, please?

Data Mining

Users of rxkinetics.net have been contributing to a large data set for the past three years. The web app has been saving anonymous data from serum level analysis during this time. See this blog post: The BBVM project part II.

It is important to state up front that there is no quality control over this anonymous data. Some of it could have been entered incorrectly. Also there is no way to know how much is real patient data versus someone experimenting with the web app.

The other problem with this type of data collection is that many don’t “run the numbers” when the results are within target range. Therefore, outliers tend to become more prominent in the data set.

With those caveats in mind, let’s examine the data.

All BMI < 19 BMI 19-30 BMI > 30
Total 2937 180 1808 939
Male 1686 89 1074 523
Female 1251 91 734 416

Let’s delve into the statistics from the two largest groups.

BMI 19-30

Descriptive stats

Age BMI CrCl Vd L/kg TBW VD L/kg ABW
Min 15 19.04 8.0 0.38 0.38
Max 100 30.04 120 0.92 1.21
Mean 60.6 24.8 77.3 0.67 0.72
Median 63 24.6 72.0 0.69 0.73
Mode 65 23.2 120 0.70 0.70
S.D. 18.48 2.96 30.97 0.09 0.11

The raw Vd histogram follows a normal distribution (as a large sample should).

But the histogram for Vd L/kg total body weight (TBW) has a noticeable negative (left) skew.

Because Vancomycin does not distribute well into adipose tissue let’s look at Vd L/kg of adjusted body weight (ABW), where ABW = LBW + 40% of the difference between TBW and LBW (i.e., the weight we used to dose Vancomycin “back in the old days”).

The histogram of Vd L/kg ABW is noticeably more normal than TBW (but not ideal).

Regression of CL vs CrCl results in a higher r^2 value when we use Normalized CrCl vs LBW-based CrCl, 0.528 vs 0.524. (CrCl Methods explained)


BMI > 30

Descriptive stats

Age BMI CrCl Vd L/kg TBW VD L/kg ABW
Min 17 30.1 10 0.37 0.45
Max 95 77.7 120 0.91 1.40
Mean 59.2 37.9 73.6 0.67 0.89
Median 60 35.4 71 0.69 0.89
Mode 57 32.4 120 0.70 0.59
S.D. 15.59 8.08 30.41 0.11 0.16

As with the previous group, in obese patients the histogram for Vd L/kg of ABW has a more normal distribution than TBW.




The r^2 improvement is even greater in obese patients when using normalized CrCl for the Kel regression, 0.533 vs 0.412.



Again, since the data is not verified this analysis is debatable. However it does pose a couple of questions:

  • Should we use adjusted body weight when modeling Vancomycin volume of distribution?
  • Should we use normalized creatinine clearance when modeling Vancomycin elimination rate?

RxKinetics.Net issues

My web host sent out a notification last week that they were changing servers and updating from Windows Server 2003 to 2012.

To make this transition easier for you we have moved your entire account under the new environment using an offline migration meaning that your old website will remain active until you will verify that all your contents/databases have been moved under the new environment and finally switch your nameservers to have your domains pointed over under the new servers.

We are also afraid that as this was an automated process using a migration tool, some web/database contents might not be synchronized between our old and new shared windows servers. We urge you to check your contents as soon as possible and update your connection strings/nameservers as soon as possible to have your entire domain pointed over to the new environment as your old account under the old shared windows server will be removed in 15 days.

Yeah, right, their automated tool failed miserably for me. First of all, they didn’t transfer my old password, so that took 2 days to straighten out.

When I was finally able to log in I noticed they didn’t transfer any of my databases. Really? That took another day.

I changed the database connection string in my webconfig file and FTP’d the updated file to the server.

Then I asked, “how do I test the web site before go live?” The sysadmin responded:

update your name servers from your domain registrar then you test your website working fine on new servers or not.

To which I replied “So you’re telling me I have to go live in order to test it? I’d prefer not to do that if possible. If not, well, I guess I’ll jump in both feet.”

No response, so I did the DNS change. Well, of course it crashed.

Much later I received a response from the “good” sysadmin:

You can always test your website using your local hosts file. Simply add the following lines under your C:\Windows\System32\Drivers\etc\Hosts file:
XX.XXX.XXX.X rxkinetics.net
Then clear your browser cache, flush your DNS and you should be able to browse your website hosted under our new environment before you will have your nameservers updated.

I’ve since switched back to the old DNS, but that take will take another day to revert back to the old server. And I’m worried that it will not actually revert back.

I should have known better. Something like this always happens to me with ASP.NET. Make one little change and it stops working, and doesn’t give any clue as to why. I haven’t touched this code in three years because I didn’t want to break it.

I’m pretty sure it’s a setting on the admin side, which I have no control over. I believe it’s related to this problem I blogged about 3 years ago Fun with ASP dot NET.

Complex non-steady-state analysis

This is a feature that I have wanted to add to my PK programs for quite sometime. In the real world doses don’t get hung on time and dosages get changed before levels are drawn.

Complex is the keyword. This was incredibly complex to code, both the logic of data entry and analysis. It has taken weeks of intense work to complete. Currently in the testing phase, I hope to bring it to production soon.

When you select “Complex non-steady-state analysis” the program displays two grids, one for entering doses and the other for serum levels.
You may enter up to five doses of various amounts, given at different rates and at different times. You may enter up to two serum levels. Of course there are limitations (which the data entry routines catch). For example, you cannot enter a date/time for a level that conflicts with a dose date/time.

If the first serum level is drawn before the first dose it will be considered a baseline level. This is also something that I have wanted to add for years. It will be most useful when performing a follow-up pk consult on a long-term patient.

Another feature added from my to-do list is the ability to select an infusion rate for your recommended dose.

You will still see Bayesian fails. This new data entry methodology will not prevent them from happening. That is the nature of Bayesian and the highly variable nature of Vancomycin kinetics.

Even people who have used my programs for years fail to comprehend what Bayesian analysis involves. The first thing to realize is that Bayesian analysis begins with your population model. It then attempts to fit your measured levels to incremental variations of your population model. In classic Bayesian, if the data cannot be fitted to the model within reasonable statistical limits, then the data is thrown out. I do not believe that rule should be applied to clinical pharmacokinetics. So I leave it up to you to decide how to proceed by showing the “Bayesian analysis failed” dialog.
Essentially this dialog is telling you that your measured level differs too much from the model predicted level. You can find out what level the population model predicted by visiting the prospective tab. If you measured 6 but the model predicted 24, then never the twain shall meet. Either (1) you have chosen the wrong model for your patient, or (2) the measured level is wrong. That is your decision, not one to be made by a computer program, period.

KinPlot Update

Pulled an all nighter to update both the Windows and the Web versions of KinPlot. This is a simple tool for learning pharmacokinetic concepts by depicting the effects that various pk parameters have on serum levels, leading to a better understanding of drug regimen design.

I had a request for IV push modeling from a Cornell professor. The simplest solution was to utilize a 6 minute infusion to approximate IV push administration (the math is easier with decimals, i.e., 6 min = 0.1 hr).

Since they use Macs I needed to update the Web App as well.

Web version here.

The Windows version adds a few more bells and whistles: the ability to model oral pk and to save/load graphs.

Windows version here.


Hacked again

Hacked again

Received an email from Google today:

  • Hacking suspected: http://rxkinetics.net/
  • Unfortunately, it appears that your site has been hacked.

What does it mean to have pages marked with the hacked site type “URL injection” in Search Console?

This means a hacker has created new pages on your site, often containing spammy words or links.

Typically, hackers modify your site in one of these ways:

  • By gaining access to an insecure directory on your server. For example, you may have inadvertently left a directory with open permissions. Nope, no anonymous FTP is allowed.
  • By exploiting a vulnerability in software running on your site, such as a content management system. For example, you might be running an older, insecure version of WordPress. Nope, don’t have WordPress or any content management system.
  • By hacking third-party plugins that you use on your site, such as visitor counters. Nope, no 3rd party plugins on this site.

None of the above are true, I believe they discerned my password yet again with a brute force attack.

List of alerts from Google:

It looks like they’ve been attacking my web site since March when it was defaced:

Apparently they were searching for pages they could target. They searched for links common on most web sites, e.g. “Cart” and “FAQ” and “Feed back”. None of which exist on this web site.

I removed the spammy content, and changed my password yet again. I plan on changing password every week now. I wonder how long it takes Google to remove my site from their hacked sites list (sigh).

LunarPages support response was helpful, “we are planning to upgrade the Operating System that is used by your shared windows environment within the next months that will ensure that your Operating System is updated and will add a new layer of protection on your website security.” And they scanned my site for malware:

I’m beginning to think all this hassle just isn’t worth it anymore. It’s nearly impossible to get an email through anymore. I’ve resorted to using Gmail as my mail server, but even then many of my emails replies are rejected. My ListServ is a joke, the only requests are from spammers and scammers pushing the 3-P’s (Pills, porn and poker).

The terrorists have won.


Got home from a long night at work and checked my email to find this friendly FYI:

Hi Rick,
This is Steve ####.
Hope life is treating you well
FYI- your site rxkinetics.net coming up with “something unexpected” on home page.

So I went to rxkinetics.net and found this lovely NSFW message (without the scambling).

The graffiti

Wow, hacked! Just like the big boys, I feel so special now .

Really? I think these losers would have something better to do than vandalize my insignificant little corner of the internet.

I sent a support ticket to Lunarpages, then discovered that typing in the full url bypassed the graffiti:

It was a long night and I was dead tired, so I emailed Steve back and went to sleep.

About noon I woke up and checked my email. There was no reply from Lunarpages, so I got out of bed and dug into the web site files.

There were four suspicious .asp files on the site. They stuck out like a sore thumb because I don’t use .asp files on this web site:

  • pageface.asp
  • sin.asp
  • crx.asp
  • default.asp

None of the correct files were changed. I deleted the four rogue files and the site went back to normal.

Then I changed my ftp password and asked Lunarpages if there was anything else I needed to do. Well, it’s been over eight hours since I started the support ticket and I’ve yet to receive a response from Lunarpages. I’m pretty disappointed, because up to this point, they’ve always been quick to reply and provide help.

All of this makes me wonder if this was an inside job from a disgruntled employee at Lunarpages.

Facing mortality

I don’t know why my neighbor’s death has affected me so deeply. Maybe it’s because I just turned 60 and I’ve realized that it’s all downhill from here. Or maybe it’s because his death was so sudden and unexpected. Or maybe it’s because I never got a chance to thank him for the lovely and tasty bouquet of lettuce that he left on our doorstep last Wednesday. Or maybe it’s because he was the best neighbor anyone could ask for. George helped us countless times over the past twenty years and never asked for or accepted anything in return.

Whatever the reason, I’m stunned by it and my heart is heavy.

George was not in the best of health, but he never gave up. He had survived a heart attack back in the seventies when treatment was practically nil. The result of that was a badly damaged heart and CHF. Because he was a long term smoker he also had developed COPD. But he coped and he found good doctors at the VA who fine-tuned his medicine. He looked great, and he stayed busy, always working in his garden, his shop or his greenhouse. And he never missed a good fishing day. He may have been retired, but he was always coming up with some new project. He had a very creative and fertile mind.

I last saw George when Connie and I were walking last Wednesday afternoon. He was driving his little pickup down our street, when he saw us he waved and flashed a big smile. I am so grateful that is the last image we have of him. I had wanted to tell him how great his lettuce bouquet idea was and that I thought it would be a big hit at the City Market.

George was an artist, he painted and created intricate wood crafts. His cactus planters were amazing. He had perfected a system of growing cactus in his greenhouse, he had it down to a science. And he created these fantastic wooden planters that he artfully arranged the cactus in. They were his best seller at the City Market, he could hardly make enough of them.

He painted the logo for our Tharpalooza burning man, and furnished enough wood for an inferno:

He loved going to the Farmer’s market at the KC City Market. He sold flowers, vegetables, and his wood crafts. He was amazed by how much city people would pay for his stuff and he thought they would buy anything. To test his hypothesis, he potted a thistle weed that was growing in his garden and sold it as an exotic flower for $25. That’s one of my favorite stories of his.

I loved visiting with George and listening to his stories. He was a great storyteller, a talent that I wish I had. George was active duty Air Force back in the fifties crewing a tanker. That was during the infancy of air refueling, when they were trying to perfect the technique. On one flight his plane went down in the North Atlantic, and he was the only survivor. I can’t imagine being alone in a life preserver in the middle of the frigid ocean and living to tell about it.

Needless to say, he was a tough old bird who had cheated death more than once. I worry that they put him into hospice too soon. I mean, the day after he checked into the VA, after driving himself down there? Did they just give up on him? I don’t know the particulars and the family didn’t know any, but I worry that hospice is sometimes code for euthanasia, just my opinion.

Regardless, I am thankful for twenty years of friendship with George, but my world is going to be a much colder place without him.

APK 3.1.20

I’ve spent much of my ‘free’ time during the last month been pouring over error reports received during the past year. Unfortunately most of the reports are vague and completely untraceable as to their cause. Focusing on the most commonly reported errors I’ve tried to deduce their causes, but I’m likely to be completely off base.

TfrmMain, TfrmPrint: EConvertError

‘Not a valid floating point value’. All of these error reports came from version .18. This was fixed in version .19 by changing all calls to StrToFloat to TryStrToFloat. Come on folks, updates are free, please keep your copies up-to-date.

TfrmMain: Range check error
There were several Range errors which I believe originate in the Topaz database engine (no trace available). I re-compiled Topaz with Range checking turned off, hopefully that will tone down the frequency of these error reports.

TfrmPrint: Multiple errors

Multiple errors were reported originating in the TfrmPrint class. Procedures flagged include: SaveConsult, SaveLevels, SavePatient, ValidPatData, GraphPrep, and ReDrawSerumLevelPlot. Hopefully recompiling Topaz will fix most of the Save errors. But, to add another layer of safety, I’ve added try..try..except..finally blocks to each procedure and changed the SerumLevel array from fixed to dynamic.

TfrmMonitor: No default printer selected
This was reported twice. I cannot imagine how or why someone would not have a default printer selected in Windows. Regardless, I’ve added this tiny bit of code to hopefully catch that condition (unfortunately I have no way of testing this):
if (Printer.PrinterIndex > 0)then
// Print the consult

TfrmPKPD: Division by Zero
The function AUC was flagged in one report. I cannot imagine how this procedure gets called without valid parameters, but, once again, I added try..try..except..finally block that will prevent the program from crashing.

TfrmLevels; EConvertError
‘is not a valid integer value.’ Sounding like a broken record, I simply cannot imagine how this procedure gets called without valid parameters, regardless I changed StrToInt to TryStrToInt in hopes of fixing this impossible error.

TfrmMain: Pack date invalid
This error came up twice, with no traceable cause. Because the user is able to change date settings in Windows at will, I assumed an incompatible date format is causing the issue. I added some code to force the short date format into the standard USA: ‘MM/dd/yyyy’. Originally I had declared the OutputBuffer within the var block of the function, but that was causing a memory leak on exit, even after adding a StrDispose in the cleanup (finally) block:
procedure TfrmMain.SavePackDate();
APKini : TIniFile;
strDateFormat : string;
strTemp : string;
OutputBuffer: PChar;
SelectedLCID: LCID;
// Determine local short date format
OutputBuffer := StrAlloc(255);
SelectedLCID := GetUserDefaultLCID;
GetLocaleInfo(SelectedLCID, LOCALE_SSHORTDATE, OutputBuffer, 255);
strTemp := string(OutputBuffer);
// if first letter is d then set to 'dd/MM/yyyy' else 'MM/dd/yyyy'
if Copy(strTemp, 1, 1) = 'd' then
strDateFormat := 'dd/MM/yyyy'
strDateFormat := 'MM/dd/yyyy';
APKini := TIniFile.Create(PathName + 'apk.ini');
APKini.WriteString('dbMaint', 'Pack date', FormatDateTime(strDateFormat, Now));
on E:Exception do begin
MessageDlg('Error saving pack date',
mtError, [mbOK], 690, dckActiveForm);
// Free up the string list memory

After I moved the code into an inline function there were no more memory leaks:
procedure TfrmMain.SavePackDate();
APKini : TIniFile;
strDateFormat : string;
strTemp : string;
function ShortDateFormat: string;
OutputBuffer: array[0..255] of Char;
SelectedLCID: LCID;
SelectedLCID := GetUserDefaultLCID;
GetLocaleInfo(SelectedLCID, LOCALE_SSHORTDATE, OutputBuffer, 255);
Result := OutputBuffer;
// Determine local short date format
strTemp := ShortDateFormat;
// if first letter is d then set to 'dd/MM/yyyy' else 'MM/dd/yyyy'
if Copy(strTemp, 1, 1) = 'd' then
strDateFormat := 'dd/MM/yyyy'
strDateFormat := 'MM/dd/yyyy';
APKini := TIniFile.Create(PathName + 'apk.ini');
APKini.WriteString('dbMaint', 'Pack date', FormatDateTime(strDateFormat, Now));
on E:Exception do begin
MessageDlg('Error saving pack date',
mtError, [mbOK], 690, dckActiveForm);

Population analysis improvements
I did find some time to make several improvements in this version of APK. The main focus of improvements this go round is the population analysis function. Probably the biggest change is removal of the 500 record limit, it now uses dynamic arrays so the number of records that may be analyzed is virtually unlimited. I added text to display the current model for comparison to the population analysis and a regression line of the current Kel or CL calculation.


APK Population Analysis Report

Finally, I added a median Vd calculation, which is surprisingly complex:

function MedianVd: double;
n,i,middle : integer;
TempDouble : double;
TempArray : array of Double;
// Set Length of TempArray
// Copy first column of RegressTable array
for i := 0 to TotalForArray do begin
TempArray[i] := RegressTable[i,0];
// use truncated selection sort to find median
middle := (TotalForArray+1) div 2;
for i := 0 to middle do begin
for n := 1 to TotalForArray-i do begin
if TempArray[n] > TempArray[n-1] then
TempDouble := TempArray[n];
TempArray[n] := TempArray[n-1];
TempArray[n-1] := TempDouble
// find median
if odd(high(TempArray)) then
// when high(TempArray) is odd, there are an even number of elements in array.
// define median as average of two middle values.
result := (TempArray[middle] + TempArray[middle-1]) / 2
// when high(TempArray) is even, there are an odd number of elements in array.
// median is the middle value.
result := TempArray[middle];
// Free memory used for TempArray

As soon as I finish testing I will release this version into the wild. Enjoy.

And here’s my current favorite song (based on a true story), “Who’s the judge to decide how much this world should punish”:

UD Labels

In 1984, shortly after the pharmacy received a new IBM-PC XT with a green screen monitor and a dot matrix printer, I wrote my first practical pharmacy program: UD Labels.

In those days unit-dose packaging was a time-consuming and messy affair as the labels were printed with a mimeograph machine. It utilized stencils which were typed up on an IBM typewriter with the ribbon removed. The stencils were small and it was nearly impossible to line them up on the typewriter roller.

Before printing the roller had to be inked. Then, depending on how well it was inked, the first run of labels was either too faint or smeared with excess ink. After trial and error, eventually you were able to print labels that were somewhat legible.

The labels were pushed into the printing area with a mechanical arm, and often jammed or misaligned within the loud and complicated Rube Goldberg contraption. If you only needed a few pills for a rarely used drug, the machine was overkill. To save time, we dispensed a few pills into a prescription vial with a typed label. Any remaining pills had to be discarded.

It came to me one day while printing a report from the PC and watching (listening) to that ridiculous packaging machine chug away at labels, that a computer printer would be much easier, and would produce labels that could be easily read.

It took me about 2 days to write a simple little program in IBM BASIC, and it worked like a charm. My regional manager Russ Collins came by for a visit a few weeks later and I showed him what I’d developed. Shortly thereafter I was getting requests from other DOPS in our region for a copy of the program. And thus, my little software publishing enterprise began.

I’ve made countless improvements to the program in the thirty years since. The latest version is secure, has full database capabilities, and has the ability to print bar codes in any format.

A few software companies have since copied my idea, and charge a ridiculous price for their intellectual thievery. Even my current employer was duped into buying one of these ridiculously over-priced and impractical pieces of crapware. I was off one week then came back to find that all traces of my program were erased, they even erased all the old data. I was not advised or consulted. Blatant disrespect that I will certainly never forget.

Which brings us to 2014, thirty years after my brainstorm, UD labels has become the most popular RxKinetics PC software. Karma.