Yeah, they have to because of how they work. As much as possible they do via SAML, and for that no plaintext is needed. But a lot of their customers want to log in to sites that don't support SAML (it's hard). For those they do form stuffing - naturally that requires plaintext.

Source: worked in the industry at a more security-focused company, had to explain to sales/support a few times why they can support a site but we can't.

It's the same. TextSecure called it "Axolotl", but the "Signal protocol" appears to just be a branding change.

Sometimes you do it because the compiler insists a case (that really can never happen) needs to be handled.

It happens a lot to me in Rust and Go.

Rust has support for "this can not happen" in core: http://doc.rust-lang.org/core/macro.unreachable!.html

GCC also has an extension for that: https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html#index... which Clang supports: http://clang.llvm.org/docs/LanguageExtensions.html#builtin-u...

Note that gcc and clang's __builtin_unreachable() are optimization pragmas, not assertions. If control actually reaches a __builtin_unreachable(), your program doesn't necessarily abort. Terrible things can happen such as switch statements jumping into random addresses or functions running off the end without returning:

https://raw.githubusercontent.com/bjacob/builtin-unreachable...

Sure, these aren't for defensive programming—they're for places where you know a location is unreachable, but your compiler can't prove it for you. The example given in the rust docs, for example, is a match clause with complete guard arms (i.e. if n < 0 and if n >= 0).

ThreadPool would lock the GIL, wouldn't it? I think multiprocessing.Pool uses processes and that's where you can avoid the GIL (each process gets its own) at the cost of making data sharing harder.

Even with the GIL, ThreadPools are still fine performance-wise for tasks that release the GIL such as I/O or a number of functions in numpy and scipy.