PHP Insights

PHP Insights

PHP Insights is a package by Nuno Maduro for instant PHP quality checks in your console.

As found in the project readme file, PHP Insights main features include:

  • Analysis of code quality and coding style
  • Beautiful overview of code architecture and it’s complexity
  • Designed to work out-of-the-box with Laravel, Symfony, and more
  • Contains built-in checks for making code reliable, loosely coupled, simple, and clean
  • Friendly console interface build on top of PHPCS, PHPLOC, and EasyCodingStandard

If you want to use PHP Insights on a Laravel project, an artisan command is provided to run insights:

php artisan insights [-v] 

When you run the command, you are provided an overview insights score spanning code, complexity, architecture, and miscellaneous (i.e., coding style and security). Below the overview is an interactive prompt to go over each scoring area in more detail:

I took PHP Insights for a test drive and was impressed with the ease of setup and use within a Laravel project, and the code is well structured to support any PHP project you might encounter now or in the future.

The project is under active development; the Readme highlights a few ways you can contribute to this project: writing custom Insights from scratch, adding a new insight from PHP CS Sniff, and creating or improving a preset of your favorite framework (here’s the Laravel preset).

At the time of writing, framework presets exist for Laravel, Symfony, and Yii.

Be sure to check out the How to Contribute section of the Readme for examples and details on how you can support this excellent open-source package.

You can learn more about this package, get full installation instructions, and view the source code on GitHub at nunomaduro/phpinsights.


Filed in: News


Enjoy this? Get Laravel News delivered straight to your inbox every Sunday.

No Spam, ever. We’ll never share your email address and you can opt out at any time.

via Laravel News
PHP Insights

The Laravel Security Checklist (Sponsor)

The Laravel Security Checklist (Sponsor)

At Sqreen, we’re on a mission to help developers build more secure applications. But security is hard. It’s not always obvious what needs doing, and the payoffs of good security are at best obscure. Who is surprised when it falls off our priority lists? We’d like to offer a little help.

We created a Laravel Security Checklist to provide some guidance and to cover the best practices on securing your Laravel applications. Here are 10 tips from the checklist to get you started: 

Code

  Filter and Validate All Data

Laravel’s Eloquent ORM uses PDO parameter binding to limit SQL injections. But Laravel also offers other ways to craft SQL queries. Regardless of where the data comes from, whether that’s a configuration file, server environment, GET and POST, or anywhere else, do not trust it. Filter and validate it!

Read more:

  Invalidate Sessions When Required

After any significant application state change, such as a password change, password update, or security errors, expire and destroy the session.

Read more:

  Store Passwords Using Strong Hashing Functions

Ensure that all passwords and other potentially sensitive data are hashed, using robust hashing functions such as bcrypt. Don’t use weak hashing functions, such as MD5 and SHA1. Laravel comes with a native hash mechanism using Bcrypt and Argon2. Use them!

Read more:

  Use Laravel’s built-in encryption

Laravel comes with a built-in encryption mechanism and we highly recommend you use that one instead of building your own. As of PHP 7.2, older encryption libraries have been deprecated, such as Mcrypt. However, PHP 7.2 supports the far better Libsodium library instead. If you want to use a different encryption library, take a look at Libsodium.

Read more:

Infrastructure

  Check Your SSL / TLS Configurations

Ensure that your server’s SSL/TLS configuration is up to date and correctly configured, and isn’t using weak ciphers, outdated versions of TLS, valid security certificates without weak keys, etc, by scanning it regularly.

Read more:

  Rate Limit Requests to Prevent DDoS Attacks

To stop users attempting to perform brute force login attacks and overwhelm your forms, use tools such as Fail2Ban to throttle requests to acceptable levels.

Read more:

  Log All The Things

Regardless of whether you’re logging failed login attempts, password resets, or debugging information, make sure that you’re logging, and with an easy to use, and mature package, such as Monolog.

Read more:

Protection

  Send All Available Security Headers

There are several security headers that you can use to make your websites and web-based applications more secure, for minimal effort. These include HSTS, X-XSS-Protection, X-Frame-Options, X-Content-Type-Options, and a Content Security Policy. Ensure that they’re being configured correctly and sent in your request responses.

Read more:

  Have a Content Security Policy

Whether you have a one page, static website, a large static website, or a sophisticated web-based application, implement a Content Security Policy (CSP). It helps to mitigate a range of common attack vectors, such as XSS.

Read more:

  Monitor your application security

Monitor your application security for suspicious behaviors and attacks. Knowing when your application is starting to get attacked is key to protect it before it’s too late.

Want to read the full checklist? Download your copy here!


Many thanks to Sqreen for sponsoring Laravel News this week.


Filed in: Sponsor


Enjoy this? Get Laravel News delivered straight to your inbox every Sunday.

No Spam, ever. We’ll never share your email address and you can opt out at any time.

via Laravel News
The Laravel Security Checklist (Sponsor)

Dealmaster: There’s a bunch of deals on Anker charging gear today

Today seems like a decent day to stock up on charging gear.
Enlarge /

Today seems like a decent day to stock up on charging gear.

Anker

Greetings, Arsians! The Dealmaster is back a bit earlier than usual this week to highlight a one-day sale that may be of interest to those in need of new charging gear. Amazon is currently discounting a number of wall chargers, battery packs, and charging cables from popular accessories maker Anker as part of its daily “Gold Box” discounts.

Anker runs these kind of peripheral deals frequently, often through discount codes, but most of what’s on sale here is at or near its lowest price to date. Here’s a quick rundown of the highlights:

  • The PowerPort Speed+ Duo wall charger is down to $19.49 from its usual $26. It comes with a 30W USB-C Power Delivery port, which is powerful enough to charge most new smartphones at max speed (with the appropriate cable) and can charge some ultra-thin laptops like Apple’s 12-inch MacBook. There’s a 12W USB-A port alongside that.
  • The black model of the PowerPort I desktop charger is down to $35 from its usual $50. This charger is more designed to live on a desk, but it also includes a 30W USB-C PD port along with four 12W USB-A ports. The whole things gets up to a maximum of 60W, so you won’t be able to get a full-speed charge from every port if you use them all at once. But at this price, it should still be versatile enough to be useful if you regularly have multiple devices to refill at once.
  • If you need new charging cords, a two-pack of the company’s MFi-certified Lightning cables is $15 instead of their usual $20, a three-pack of microUSB cables is $7.70 instead of their usual $11, and its braided USB-C cable is $9.50 instead of its usual $15. The first two items come with an 18-month warranty, while the USB-C cable comes with a lifetime warranty.

There are a few more deals beyond that, but these additional sales aren’t quite as enticing as the ones above. A pair of wireless chargers—one

a flat pad

, the other

a charging stand

—is similarly priced near all-time lows, but

we found the former to be outclassed

by a

competing pad from RAVPower

that is currently available for the same price and the latter maxes out at a slow 5W of power. Neither come with an AC adapter, either. If you can put up with the generally slower speeds of wireless charging as a whole, we think you can do better by paying up a little bit more.

Likewise, a trio of Anker’s power banks are also on sale: a 10,000mAh pack that’s $10 off at $26, a 15,600mAh pack that’s $12 off at $27.19, and a 20,000mAh pack that’s $18 off at $42. All of these are fine: they’re well-reviewed, reliable, and include 18-month warranties. If you’re just looking for a good chunk of capacity at a low price, they should do the job. But they all only have USB-A and microUSB ports. With more and more devices launching with support for USB-C fast charging, we’d prefer our next power bank to be a little more future-proof and include a USB-C PD port.

Per usual with Gold Box sales, all of the deals here will last until the end of the day or until the item in question sells out. Anker is something of a big name in this market for selling reliable accessories for relatively cheap, so if you want to stock up on chargers, you could do worse than some of the deals above. Either way, the Dealmaster will be back tomorrow with a larger deals roundup.

Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs.

via Ars Technica
Dealmaster: There’s a bunch of deals on Anker charging gear today

PHP in 2019

PHP in 2019

Do you remember the popular "PHP: a fractal of bad design" blog post? The first time I read it, I was working in a crappy place with lots of legacy PHP projects. This article got me wondering whether I should just quit and go do something entirely different than programming.

Luckily for me I was able to switch jobs shortly thereafter and, more importantly, PHP managed to evolve quite a bit since the 5.* days. Today I’m addressing the people who are either not programming in PHP anymore, or are stuck in legacy projects.

Spoiler: some things still suck today, just like almost every programming language has its quirks. Many core functions still have their inconsistent method signatures, there are still confusing configuration settings, there are still many developers out there writing crappy code — because they have to, or because they don’t know better.

Today I want to look at the bright side: let’s focus on the things that have changed and ways to write clean and maintainable PHP code. I want to ask you to set aside any prejudice for just a few minutes.

Afterwards you’re free to think exactly the same about PHP as you did before. Though chances are you will be surprised by some of the improvements made to PHP in the last few years.

# TL;DR

  • PHP is actively developed with a new release each year
  • Performance since the PHP 5 era has doubled, if not tripled
  • There’s a extremely active eco system of frameworks, packages and platforms
  • PHP has had lots of new features added to it over the past few years, and the language keeps evolving
  • Tooling like static analysers has matured over the past years, and only keeps growing

Let’s start.

# History summarized

For good measure, let’s quickly review PHP’s release cycle today. We’re at PHP 7.3 now, with 7.4 expected at the end of 2019. PHP 8.0 will be the next version after 7.4.

Ever since the late 5.* era, the core team tries to keep a yearly release cycle, and have succeeded in doing so for the past four years.

In general, every new release is actively supported for two years, and gets one more year of "security fixes only". The goal is to motivate PHP developers to stay up-to-date as much as possible: small upgrades every year are way more easy than making the jump between 5.4 to 7.0, for example.

An active overview of PHP’s timeline can be found here.

Lastly, PHP 5.6 was the latest 5.* release, with 7.0 being the next one. If you want to know what happened to PHP 6, you can listen to the PHP Roundtable podcast.

With that out of the way, let’s debunk some common misconceptions about modern PHP.

# PHP’s performance

Back in the 5.* days, PHP’s performance was… average at best. With 7.0 though, big pieces of PHP’s core were rewritten from the ground up, resulting in two or three times performance increases.

Words don’t suffice though. Let’s look at benchmarks. Luckily other people have spent lots of time in benchmarking PHP performance. I find that Kinsta has a good updated list.

Ever since the 7.0 upgrade, performance only increased. So much that PHP web applications have comparable — in some cases better — performance than web frameworks in other languages. Take a look at this extensive benchmark suite.

Sure PHP frameworks won’t outperform C and Rust, but they do quite a lot better than Rails or Django, and are comparable to ExpressJS.

# Frameworks and ecosystem

Speaking of frameworks: PHP isn’t just WordPress anymore. Let me tell you something as a professional PHP developer: WordPress isn’t in any way representative of the contemporary ecosystem.

In general there are two major web application frameworks, and a few smaller ones: Symfony and Laravel. Sure there’s also Zend, Yii, Cake, Code Igniter etc. — but if you want to know what modern PHP development looks like, you’re good with one of these two.

Both frameworks have a large ecosystem of packages and products. Ranging from admin panels and CRMs to standalone packages, CI to profilers, numerous services like web sockets servers, queuing managers, payment integrations; honestly there’s too much to list.

These frameworks are meant for actual development though. If you’re in need of pure content management, platforms like WordPress and CraftCMS are only improving more and more.

One way to measure the current state of PHP’s ecosystem is to look at Packagist, the main package repository for PHP. It has seen exponential growth. With ±25 million downloads a day, it’s fair to say that the PHP ecosystem isn’t the small underdog it used to be.

Take a look at this graph, listing the amount of packages and versions over time. It can also be found on the Packagist website.

Besides application frameworks and CMSs, we’ve also seen the rise of asynchronous frameworks the past years.

These are frameworks and servers, written in PHP or other languages, that allow users to run truly asynchronous PHP. A few examples include Swoole, Amp and ReactPHP.

Since we’ve ventured into the async world, stuff like web sockets and applications with lots of IO have become actually relevant in the PHP world.

There has also been talk on the internals mailing list — the place where core developers discuss the development of the language — to add libuv to the core. For those unaware of libuv: it’s the same library Node.js uses to allow all its asynchronicity.

# The language itself

While async and await are not available yet, lots of improvements to the language itself have been made over the past years. Here’s a non-exhaustive list of new features in PHP:

While we’re on the topic of language features, let’s also talk about the process of how the language is developed today. There’s an active core team of volunteers who move the language forward, though the community is allowed to propose RFCs.

Next, these RFCs are discussed on the "internals" mailing list, which can also be read online. Before a new language feature is added, there must be a vote. Only RFC with at least a 2/3 majority are allowed in the core.

There are probably around 100 people allowed to vote, though you’re not required to vote on each RFC. Members of the core team are of course allowed to vote, they have to maintain the code base. Besides them, there’s a group of people who have been individually picked from the PHP community. These people include maintainers of the PHP docs, contributors to the PHP project as a whole, and prominent developers in the PHP community.

While most of core development is done on a voluntary basis, one of the core PHP developers, Nikita Popov, has recently been employed by JetBrains to work on the language full time. Another example is the Linux foundation who recently decided to invest into Zend framework. Employments and acquisitions like these ensure stability for the future development of PHP.

Besides the core itself, we’ve seen an increase in tools around it the past few years. What comes to mind are static analysers like Psalm, created by Vimeo; Phan and PHPStan.

These tools will statically analyse your PHP code and report any type errors, possible bugs etc. In some way, the functionality they provide can be compared to TypeScript, though for now the language isn’t transpiled, so no custom syntax is allowed.

Even though that means we need to rely on docblocks, Rasmus Lerdorf, the original creator of PHP, did mention the idea of adding a static analysis engine to the core. While there would be lots of potential, it is a huge undertaking.

Speaking of transpiling, and inspired by the JavaScript community; there have been efforts to extend PHPs syntax in user land. A project called Pre does exactly that: allow new PHP syntax which is transpiled to normal PHP code.

While the idea has proven itself in the JavaScript world, it could only work in PHP if proper IDE- and static analysis support was provided. It’s a very interesting idea, but has to grow before being able to call it "mainstream".

# In closing

All that being said, feel free to still think of PHP as a crappy language. While the language definitely has its drawbacks and 20 years of legacy to carry with it; I can say in confidence that I enjoy working with it.

In my experience, I’m able to create reliable, maintainable and quality software. The clients I work for are happy with the end result, as am I.

While it’s still possible to do lots of messed up things with PHP, I’d say it’s a great choice for web development if used wise and correct.

Don’t you agree? Let me know why! You can reach me via Twitter or e-mail.

via Laravel News Links
PHP in 2019

Wrenching Hero Installs $120 Lawnmower Engine Into Dodge Ram Pickup

The only gasoline internal combustion engines that most people have in their households are either in cars or lawnmowers. That naturally leads to the thought: What if you took the tiny mower motor and installed it into an automobile? That’s what one young intrepid YouTuber did, and the results are glorious.

My coworker Jason Torchinsky and I have been talking about installing a pull-start lawnmower engine into a car for years now, but it looks like YouTuber Carson Duba has beaten us to the punch. And he appears to have done quite a nice job:

What we’re looking at here is an early 1980s Dodge Ram 50 powered by a 6.5 horsepower, 8.1 ft-lb overhead-valve single-cylinder engine sold at Harbor Freight for $120. The tool store, you will be surprised to know, does not actually list “automobile” as an application for this motor. Here’s the full list from the store’s website:

pressure washers, cement mixers, compressors, mowers, log splitters, vacuums, tillers, water pumps, chipper/shredders, generators, blowers

The Dodge had apparently been sitting in the young wrencher’s friend’s yard for a while, so the friend just gave it away. Carson Duba decided to have some fun with it, stripping out the old motor, leaving not much more than the steering intermediate shaft and brake master cylinder. He then built a platform that ties into the original engine mounts, and that carries the single-cylinder engine.

That engine, which can slide on the platform thanks to slotted holes, has a centrifugal clutch on its output shaft, which sends power to a five-speed manual transmission via a sprocket and a chain. To get a 60-tooth sprocket on the transmission end, the YouTuber welded a shaft to the transmission input shaft (unsurprisingly, it was difficult to weld it perfectly straight), and then made a bracket so that the shaft could ride on a bearing (this bracket ties into a custom mount that holds up the front of the transmission). The big sprocket sits on the end of that shaft, and the tension of its chain is set by sliding the motor along the slotted holes in the platform.

The whole build is far more elegant than I expected for something as silly as a lawnmower in a junky old truck. The choke is hooked up to a nice slider on the dash, the original cable running from the gas pedal actuates the tiny engine’s throttle, and there’s a fairly nicely-packaged pull cord that goes through the fender, with a handle in the wheel housing that starts motor. A simple kill switch on the dash cuts it off.

The young mechanic even made his own door panels using material from a shower, and he demonstrates in the video that the truck works in both reverse and in a forward gear, even if it only drives about 20 MPH.

h/t: Kyle!

via Gizmodo
Wrenching Hero Installs $120 Lawnmower Engine Into Dodge Ram Pickup

Favourite Laravel packages I always install

I thought it might be helpful for me to share a handful of packages which I find myself installing whenever I start a new Laravel application. Let me know if there are any missing!

Laravel Debug bar

barryvdh/laravel-debugbar (Github / Packagist)

Probably the first package I install in every Laravel project is the laravel Debug bar by Barry vd. Heuvel. With over 13 million installes I am not the only person who thinks this is an amazing package. You get a bar at the bottom of the browser window which will show you queries, information about the current Route, the currently loaded views, events and the Laravel version and Environment. And that’s just s small list of the things you can use it for.

composer require barryvdh/laravel-debugbar --dev

Laravel Telescope

laravel/telescope (Official Laravel Docs / GitHub / Packagist)

A very powerful ‘telescope’ into everything that your application is doing. I have only recently started to look at this but it’s been a great help for a recent application we have been working on.


Laravel IDE Helper

barryvdh/laravel-ide-helper (GitHub / Packagist)

A no brainer for anyone who uses PHPStorm. It will basically build some meta files fo the IDE to use which will help with all sorts of magic.

composer require --dev barryvdh/laravel-ide-helper php artisan clear-compiled php artisan ide-helper:meta php artisan ide-helper:generate

Laravel Query Detector

beyondcode/laravel-query-detector (GitHub / Packagist)

The Laravel N+1 query detector helps you to increase your application’s performance by reducing the number of queries it executes. This package monitors your queries in real-time, while you develop your application and notify you when you should add eager loading (N+1 queries). (Taken directly from the Readme)

composer require beyondcode/laravel-query-detector --dev php artisan vendor:publish --provider=BeyondCode\QueryDetector\QueryDetectorServiceProvider 

PHP Coding Standards Fixer

friendsofphp/php-cs-fixer (GitHub / Packagist)

I have been a huge fan of PSR-2 for a long time and if you have ever worked on a project with me you know I can be a sucker about PR’s with code style errors/issues. PHPStorm has a build in Code Style fixer and there are a number of other ways you can set up automatic code style fixing but I prefer this method. I tweak a few things in the config so that I can match my own specific style. I have included a .php_cs config file below so you can use this if you wish. I also use the Makefile as a little helper so that I can run make fix from my project root in a terminal.

I highly recommend you make use of this package locally but if you want to look at automating this and other Laravel specific code styles like making sure you are doing things “The Laravel Way’ then Check out Laravel Shift

composer require --dev friendsofphp/php-cs-fixer make test make fix

Laravel UUID

jamesmills/eloquent-uuid (GitHub / Packagist)

A Laravel Eloquent Model trait for adding and using a uuid with models. The trait listens to the creating event. It generates a new UUID and saves it in the uuid column on the model.

I personally like adding UUID’s to every entity in my application. There are the odd occurrences which I don’t do this. The main reason is that I find they much nicer to work with when it comes to URL’s and API’s. You can hide the auto-increment ID’s from the public eye and I personally just think they look and work better.

composer require jamesmills/eloquent-uuid

Just add the package and make sure your Entity/Model uses theHasUuidTrait. When you save the model then a UUID will automatically be added.

<?php namespace App; use JamesMills\Uuid\HasUuidTrait; class User extends Eloquent { use HasUuidTrait; }

Laravel Timezones

jamesmills/laravel-timezone (GitHub / Packagist)

Laravel Timezones package An easy way to set a timezone for a user in your application and then show date/times to them in their local timezone. I think this is pure magic!

I wrote a blog post specifically about the Laravel Timezones package where I go into a little more detail about why and how to use this package.

I don’t install this in every application but I have found that almost all of my applications have needed to show times and dates to a user in their specific timezone so I usually just install it at project setup so I have it there when needed.

composer require jamesmills/laravel-timezone // This will add a timezone column to your users table. php artisan migrate

It has a number of helpful features like blade directives

@displayDate($post->created_at) // 4th July 2018 3:32:am

Related

via Laravel News Links
Favourite Laravel packages I always install

Two Laravel Developers Building SaaS – SaaS Reality

The beginning…

We are two experienced developers and entrepreneurs who are sharing our journey as we build, launch and run SaaS businesses.

Join us, Simon and Dean, as we share our ‘accountability’ updates with the world.

Come along with us through the highs and lows as we talk openly about the challenges and triumphs of running an online SaaS business.

In this first episode you get to meet the hosts (us):

Simon, the young energetic Dad, already a successful SaaS founder with his Snapshooter.io product is scratching his own itch and building Automaily.

Dean, a survivor of the pre-internet corporate IT world and an ex CTO/Technical Director of a 7 figure web agency brings his experience and maturity of the enterprise to the SaaS world.

About Episode 1:

In this, our first episode, you’ll discover why we started this podcast and why we are sharing our journey with you.  Why we think this podcast is needed and who inspired us.

About Automaily:

Automaily is a churn busting and dunning automation tool with fully configurable workflows designed to help you recover lost and churned revenue.  

It also takes care of all the tedious and boring follow up emails when chasing down failed payments.

About CloudInsights.app

CloudInsights is tackling a hard problem, how to reduce your AWS bill and save time and money.

Dean’s product scans your AWS infrastructure and analyses your costs and usage data. It identifies unused, under-utilised and forgotten servers and resources.

With this knowledge you can right-size, shut down or refactor the troublesome parts of your Amazon Web Services infrastructure to save money and reduce your support and DevOps overheads.

Links:

People and podcasts mentioned during the episode and who inspired this podcast

via Laravel News Links
Two Laravel Developers Building SaaS – SaaS Reality

Laravel Google Translate

Laravel Google Translate

Laravel Google Translate is a package that provides an artisan console command to translate your localization files with the Google translation API. You can either leverage stichoza/google-translate-php without an API key or configure your Google Translate API key.

The console command php artisan translate:files walks you through some prompts to determine how to proceed with your translations files:

Future goals of this package include handling vendor translations, a web interface, and adding other translation APIs such as Yandex, Bing, etc.

You can learn more about this package, get full installation instructions, and view the source code on GitHub at tanmuhittin/laravel-google-translate.


Filed in: News / packages


Enjoy this? Get Laravel News delivered straight to your inbox every Sunday.

No Spam, ever. We’ll never share your email address and you can opt out at any time.

via Laravel News
Laravel Google Translate

Congress Pushing A Terrible Bill To Massively Expand Patent Trolling

For most of the history of Techdirt, we’ve talked about what an incredible mess the US patent system has been. There are many, many reasons for this, but a big one was that for decades, the appeals court that handles all patent cases, the Court of Appeals for the Federal Circuit (or CAFC), kept expanding what it considered to be patentable subject matter, and the Supreme Court completely ignored the issue. This culminated, ridiculously, in the State Street decision, which massively expanded what was considered patentable software (before that there was software covered by patents, but it was very, very limited). What made this situation truly hellish for innovators, is that (1) the software world was exploding with all different kinds of apps, and (2) almost no software was documented in the very few areas where patent examiners look for prior art: mainly, other patent applications and scientific journals. There was no need to document software in those places, because (1) when most people recognized software shouldn’t be patented, very few even tried, and (2) why would you?

That resulted in a perfect storm in which patent trolls rushed in to fill the void. Tons upon tons of ridiculously broad patents were filed (or older ones were dug up and "repurposed" for use in trolling). Then it just became a shakedown game of numbers. Find companies doing something vaguely like what’s broadly and oddly described in your patent, tell them they’re infringing — and offer to "settle" for less than the cost to win in court.

The tide started to change over the last decade and a half or so, in part because of a few changes to the law, but more importantly, the Supreme Court started to wake up to the fact that the CAFC had gone rogue and had massively rewritten patent law. And then over a period of about a decade, case by case by case, the Supreme Court smacked down CAFC. Two of the biggest such smackdowns came in the Mayo Labs ruling in 2012 which rejected medical diagnostic patents, and the Alice ruling in 2014, which rejected patents on software that performs "generic functions" (which is basically all software).

Both of these cases focused on Section 101 of the Patent Act, which defines what actually is patentable subject matter. It’s short and sweet:

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

In both of the cases mentioned above, the Supreme Court noted simply that 101 doesn’t cover "laws of nature, natural phenomena, and abstract ideas" as decided in an earlier case that CAFC had ignored for two decades, Diamond v. Diehr. In the Mayo case, the court noted that medical diagnostics was trying to patent laws of nature. In the Alice case, "abstract ideas."

Since then, both cases have been incredibly useful in killing off a ton of truly awful patents. And the patent trolls and their friends have been really angry about this. And now it appears they’ve finally got a plan to reopen the patent trolling floodgates. And, they’ve got bipartisan members of both the House and the Senate to push a plan for them. In the Senate, Thom Tills and Chris Coons have announced plans to introduce a horrific bill to rewrite Section 101 in a manner that can only be called "Make Patent Trolls And Bogus Litigation Great Again." A House version is being introduced by Reps. Hank Johnson and Steve Stivers.

The biggest part of the bill is to remove the requirement that a patent be for an invention that is "new and useful." Yes, you read that right. The most fundamental part of a patent is that it’s to encourage people to invent something that is new and useful, and these elected officials want to do away with that. Then, they want to massively limit what is not patent eligible, demanding very narrowly defined areas, like "fundamental scientific principles" and "products that exist solely and exclusively in nature," rather than what we now have, which is "laws of nature." On the software side, they want to say that only "pure mathematical formulas" and "mental activities" would be excluded, but abstract ideas implemented in software? PATENT AWAY!

And, of course, the bill is explicit, that with this new list of narrowly defined exclusions, it would literally wipe away those big Supreme Court wins that have helped open up innovation and slowed down patent trolls.

This would be absolutely terrible for innovation.

Alex Moss, from EFF, has gone through and detailed just how massive a change this proposal would create and what a disaster it would be for companies that actually innovate (as opposed to those that just shake innovators down for money.) On the removal of "new and useful" from 101:

Removing the requirement that inventions actually be new and useful upends a fundamental Constitutional principle of patent law. The Constitution grants Congress the power to issue an “exclusive right,” such as a patent, only “[t]o promote the progress of science and useful arts.” The patent system’s entire purpose, in other words, is to encourage technological progress. Allowing patents on things that are neither new nor useful undermines the purpose of the Intellectual Property Clause.

Section 101’s purpose is to weed out patent applications that cannot possibly be inventive. The “existing statutory utility requirements” do not, and cannot, accomplish this. That’s because other parts of U.S. patent laws do not include a specific “utility” requirement. Section 102 and 103 set out requirements for determining whether an invention is obvious in view of pre-existing knowledge in the field—what is known as “prior art”—but courts and the Patent Office apply those requirements extremely narrowly.

It’s especially difficult to invalidate bad software patents under Sections 102 and 103. Because courts and the Patent Office didn’t start granting patents on software alone until the mid-1990s, there is a dearth of patents and patent applications that could be used to invalidate software patents under Sections 102 and 103. And because the code for most software products is not public, it isn’t readily available to others in court challenges.

So, yeah, that would be bad.

At this point, this is just a proposal, rather than an actual bill, but they promise to introduce it later this year. Patent trolls and some larger organizations that live off of patent licensing are likely going to push hard for this bill. It’s basically a full employment act for patent lawyers. What it’s not is a recipe for innovation. It is the reverse. Of course, because some people laughably believe that a patent itself is a sign of innovation, too many people incorrectly believe that "stronger" patent laws mean more innovation. That’s not how it works. Patent trolling scares off actual innovators, makes innovation much more costly, and blocks important innovations from the marketplace.

Already the quotes from the Senators and Representatives demonstrate the kind of innovation-ignorant arguments we’re likely to see in support of this bill. Coons falsely claims that "today US patent law discourages innovation in some of the most critical areas of technology, including artificial intelligence, medical diagnostics, and personalized medicine." This is laughable. There are massive innovations happening in all three of those fields. And part of that is because of decisions like Mayo and Alice opening up those fields and limiting some of the worst patent trolling.

Tills claims that this is to "reform our nation’s complicated patent process." It’s not that complicated. And removing the requirements for "new and useful" and making most software patentable again is going to create a huge mess of a patent thicket that will be a massive drain on innovation. That’s complicated.

Hopefully, reason will prevail and these elected officials will learn just how much harm they’re about to do to the sectors of the economy that are actually innovating — with less fear of bogus patents and widespread patent trolling. Bringing that back would be a total disaster for innovation.

Permalink | Comments | Email This Story

via Techdirt
Congress Pushing A Terrible Bill To Massively Expand Patent Trolling