Password policy

Both. In order to maintain PCI compliance, many companies have to have this requirement. My company does. Our security people know it's a dumb policy, but we have to have it to stay compliant. 1 month seems extreme though.

It depends. If the request is coming to /api/resource/{id}, then it's a 404. The spec states:

Quote:

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

If it's as the result of parameters (/api/resource/?foo=bar), then I'd give a 200 and an empty result.

It's also on Netflix, if you have that.

Yes, when I was in the PHP world, Netbeans was the IDE of choice for PHP.

I never understood locking sites down for devs. You should trust that you hire people that won't waste a bunch of time on non-work stuff. They're professionals. Treat them as such.

Up until 2011, my previous employer used dot-matrix printers at POS stations (it's a large electronics retailer in the US - not Best Buy) because they were cheap, reliable, and the ink was also cheap. They switched to laser printers to make it easier for employees to print out other things at any computer in the store (inventory lists, web pages, etc.) I still remember trying to align the pre-printed receipt pages just right. Plus, we knew when someone made a sale (commissioned place, so it mattered) when we heard the noise.