BOV, you’re a good bank, but your app SUCKS!

As Christmas dawns on us, most of us go out to do the usual Christmas shopping. As of this year, I’ve decided to ditch using cash (where possible) and only use bank cards when shopping. Sounds great right? Well, almost.

I am a BOV customer and I got two main accounts with them: a Cashlink account (where my wage is deposited) and another account, which has a VISA account bound to it. Normally, I only put the money that I’ll be spending on this account, as a safety measure. This means that every time that I need to do a purchase, I use the BOV app to do the transfer. This is where it quickly goes south.

So, last time I was at Valletta doing some shopping, I went to transfer some money to my VISA account. I fired up my BOV app, logged in and bam, “Application Error”. Let’s try again – but now, when I logged in, I got disconnected from my Wi-Fi and got connected on 4G. Great, the connection dropped again! Third time’s the charm! I re-logged in, and was greeted by the beautiful “you are already logged in” message. Needless to say, I had to wait again, switch off my Wi-Fi to make sure I don’t connect to somewhere else and then actually manage to to the transfer. Far more painful than it should be!

Anyway, this was not the first time that I’ve had this issue. Actually I’m surprised when it works the first time round! I’ve been talking about this with my friends on how painful it is and one of my friends introduced me to Revolut. Basically, it’s an online bank which provides you with a very good mobile app and a MasterCard. I’ve ended up replacing my BOV VISA with the MasterCard from Revolut, and I regret nothing. There are multiple advantages to using a alternative bank, but for the scope of this blog, it’s a bit irrelevant.

So, what can BOV do to their app to win me back? Because, in reality I’d still rather do all my banking with BOV rather than an alternative bank, but BOV has so much work to do beforehand.

1) I don’t care if I’m logged in from another location

Why is this a feature in the first place? If I want to manage my money from my BOV app and BOV Internet Banking, so be it! Anyway, this issue happens because you’re disconnected from the BOV app before hitting logout. This is the worst issue of them all if I’m honest.

2) The app is slow

It seems that the app is always sluggish. Why does it take 5-10 seconds to log in and get my balance? Coming to think of it, every screen transition takes about 5-10 seconds! Hey, at least they fixed the issue of waiting a minute on “Checking Security” popup. That wasn’t fun!

3) The UI is STUPID

I got a full HD (1080*1920) screen, but it seems that the BOV app can only use 7% of the screen to place the username and key fields. Why are they so tiny? Even worse, it seems that allowing multiple users to log in from the same app is a bit daft in the first place; it should only ask for my password (and remember my user).

4) The UI is dated

I get the feeling that this application was designed when Android was still in version 2 or 3. The UI is very dated – the way that settings appear reminds me of old Android. By the way, why is the settings tab activated by a tiny hamburger icon, when clearly there’s a LOT of space available?

5) Why am I not allowed to make payments to any IBAN I desire?

I can make payments to my friends (if I got their mobile number), some list of hardcoded shops (I assume vetted by then), top up my phone and that’s it! If I need to make a payment to some IBAN, I cannot do it through the app; I’ll need to use their online portal.

6) Where is fingerprint authentication?

I assume the answer is “they can’t be bothered”. Obviously, since they haven’t done any decent update to the app since like forever, this feature is stuck in oblivion. Before I got my Revolut account, I never appreciated the comfort of logging in using your fingerprint, and believe me, it works GREAT.

7) I’d like more fine-grained security control my cards

We live in 2017, but it seems that BOV is living in 1017. Why I am not allowed to turn my VISA on and off on the fly? While you’re at it, I’d like fine-graned control on swipe payments, ATM and online payments please.

8) Where are the contactless cards?

This is a good one as well, but not related to the app per-se. It seems that although BOV has rolled out contactless cards, I haven’t got one, why’s that? I’ll just assume that I need to go through some hoops and whatnot to get my hands on one. Contactless is AWESOME by the way.

9) Why do pre-authorization payments take days to appear?

I’ve always wondered this. Sometimes payments are pre-authorized rather than an instant withdrawal. When these payments occur, I can only notice this because my book balance is different (less) then my available balance. They’re not written in the statement, for some weird reason. My Revolut account does this and it also notes that this transaction is awaiting confirmation or reversal.

10) Some other features that I’d like

  • A filterable statement, or at least sorted by month
  • Split Bill
  • Request money
  • Freeze card / account

I’m pretty sure that there are a million other things I can nitpick on, but that’s all for now. Until the next one

Code never lies, Documentation sometimes does!

Lately, I was working on a Windows Service using C#. Having never done such using C#, I’d thought that I’d go through the documentation that Microsoft provides. I went through it in quite a breeze; my service was running in no time.

I then added some initialisation code, which means that service startup is not instant. No problem with that; in fact the documentation has a section dedicated for such. The user’s code can provide some status update on what state the initialisation is. Unfortunately, C# does not provide this functionality; you’ll have to call native API to do so (through the SetServiceStatus call).

As I was going through the C# documentation of the struct that it accepts, I noticed that it does not match up with the documentation for the native API. The C# says that it accept long (64-bit) parameters, whilst the native API says that it accepts DWORD (32-bit) parameters. This got me thinking; is the C# documentation wrong?

I’ve whipped up two applications: one in C++ and one in C#. I checked the size of, in bytes, of the SERVICE_STATUS that SetServiceStatus expects. The answer was 28 bytes, which makes sense given that it consists of 7 DWORDs (32-bit) – 7 * 4  = 28 bytes.

size_t sizeOfServiceStatus = sizeof(SERVICE_STATUS);
cout << "Size: " << sizeOfServiceStatus << endl;

The C# application consists of copying and pasting the example in Microsoft’s documentation. After checking out the ServiceStatus struct’s size, it showed 56! Again, this was not surprising, since it consists of 6 long (64-bit) plus the ServiceState enum (which defaults to int, 32-bit) plus an additional 32-bit of padding – (6 * 8) + 4 + 4 = 56 . Therefore, the resultant struct is 56 bytes instead of 28 bytes!

int size = Marshal.SizeOf(typeof(ServiceStatus));
Console.WriteLine("Size: " + size);

Unfortunately, this will still to appear to work in the code, but obviously the output of this function is undefined since the data that’s being fed in is totally out of alignment. To make matters worse, pinvoke.net reports this as Microsoft do, which threw me off in the beginning as well.

Naturally, fixing this issue is trivial; it’s just a matter of converting all longs to uint (since DWORD is an unsigned integer). Therefore, the example should look like the following:

public enum ServiceState
{
SERVICE_STOPPED = 0x00000001,
SERVICE_START_PENDING = 0x00000002,
SERVICE_STOP_PENDING = 0x00000003,
SERVICE_RUNNING = 0x00000004,
SERVICE_CONTINUE_PENDING = 0x00000005,
SERVICE_PAUSE_PENDING = 0x00000006,
SERVICE_PAUSED = 0x00000007,
}

[StructLayout(LayoutKind.Sequential)]
public struct ServiceStatus
{
public uint dwServiceType;
public ServiceState dwCurrentState;
public uint dwControlsAccepted;
public uint dwWin32ExitCode;
public uint dwServiceSpecificExitCode;
public uint dwCheckPoint;
public uint dwWaitHint;
};

 

On sites using Javascript based cryptocurrency mining

Lately, clicked a link from those “funny” programming related Facebook pages, read the article and did not close the tab. No harm done, right? Well, after 10-15 minutes I heard the CPU fan revving more than usual and I thought that it’s quite odd. I fired up Task Manager, and I found out that my Chrome tab is running on 100% CPU usage. Odd, what was going on?

I immediately remembered an article I read a days back that Pirate Bay have implemented a script to mine coins in the background.  I fired up Developer Tools, and unsurprisingly, I found out that the site was using CoinHive.

What’s my take on this? First and foremost, as a server, it’s Illegal to use your client’s CPU cycles without letting them know upfront what you’re doing. This is essentially turning your clients into botnets. Second of all, if you’re going to do such task, at least give the client some breathing space. These coin miners can seriously hammer the CPU; since they are multi threaded, they can easily cause a 100% CPU load!

Alright then, let’s now discuss a bit from an ethic point of view. Chances are that if you are running a legit / legal site (such as this blog), you don’t want to turn your precious visitors into mining machines. Thus probably the servers which end up using such services will be more shady sites, such as Torrent Sites, Streaming Sites, some (illegal) sharing sites and any other shady service. This means that these people do not care much on how they’ll monetize their service, be it (shady) advertisements or cryptocurrency mining.

Though this had me thinking, from a consumer point of view, should I prefer giving away CPU usage for a couple of minutes in exchange for their services? Or should I prefer being bombarded with really terrible advertisements (which if interacted, can download some really malicious software). I mean, I understand that CPU usage hogging is very annoying, but so is getting bombarded with adverts. If I were in a position where I had to choose to give some CPU usage for a couple of minutes versus those adverts, I’d choose the CPU usage choice any day. But then, of course, you can always use a good Ad-Blocker!

Some closing thoughts – is it possible that sites that rely purely on adverts have a choice to finally remove (or tone down) the use of adverts, in exchange of using the client’s machine CPU Cycles? From a legal standpoint? No. From a realistic point? Probably not, or at least. I really doubt. Maybe if they strike a balance between tasteful ads and low CPU consumption? Only the future will tell. Or maybe it’s just a fad, like 3D TVs (but that’s an argument for another day).

(Article image credit: https://insight.jbs.cam.ac.uk/2016/could-cryptocurrency-help-the-bottom-billion)

On blindly trusting Software Vendors (and discussing CCleaner’s hacking)

By now, any software enthusiast is aware that CCleaner and CCleaner Cloud (Piriform) has been a victim of hackers. These hackers have injected malicious code in the release versions of such software and ended up on (roughly) 2 million end user machines.

For those who are not familiar with CCleaner, it allows the user to remove unwanted files, browser caches, registry keys cleanup and such. This means that it basically has access to all your system files and data on your drives. It’s a free software (with premium subscription available) and it’s installed on millions of machine all over the world.

Given the fact that this software has permission to modify system files on your machine by default, one can only imagine what a compromised installation is able to do on your machine.

From a consumer point of view, there is no way that we could have known that the software was compromised. I mean, even if they provided hashes to verify that the downloaded software is indeed the version they intended to, this would have NOT prevented anything! Why? It’s because the breach has occurred internally! In the sense that someone went into their private code repository, changed some code in their CRT and went unnoticed. How this has been done; that’s a story for another day (Piriform has not how this happened).

Anyway, the guys from Piriform has publicly acknowledged this, without being a coward or trying to cover anything up. They have also taken any measures necessary to assure that the threat is now over and issued updates to such software. This does not change the fact they’ll be losing trust from their loyal customers.

This of course left me a bit skeptical, sometimes I download applications from third party vendors, without thinking twice (and trusting them by default). This has definitely been a wake-up call to all of us, in the sense that you can never fully trust third party vendors. Can a similar thing happen in the future? Maybe. Is it avoidable some how? Well no, (or at least, maybe!)

Let’s talk about something a bit different now: Windows Apps (Universal Windows Platform Apps)!

One might ask: how is this relevant! Oh, but they are very relevant. You see, the execution of these apps works a bit different than your traditional desktop applications. These applications run in a Sandbox i.e they do not have direct access to your system. You can read more about Sandbox applications here. My point is that these apps are far safer; in case these applications get compromised, their damage is significantly reduced due to the nature of how they execute.

These applications have disadvantages of course; given that they are sandboxed, there are simply actions that they cannot do. For example, I simply cannot imagine CCleaner living as a UWP, given the fact that one of it’s capabilities is making changes to the registry. That definitely requires a “full trust” application in order to do so!

Let’s just hope that Piriform (and similar software vendors) get their act up and avoid such fiascos in the future!

Do we really have a lack of developers in Malta?

Recently, I was talking to a friend of mine who works in the same industry; software development. We were talking about the fact that the more time passes, the more difficult it’s becoming to find some good developers on board to get some work done. The argument was that the company he’s working for had to decline some work due to the fact that they simply do not have enough developers in order to get around and deliver this work within a reasonable time frame.

During the same argument, I’ve also mentioned the fact that we, as developers, are always getting messages on platforms such as LinkedIn in order to attempt to poach us. I understand that these people need to recruit people in order to get their monthly wage; I’m not saying that they should not be doing their job. What I’m saying is that it seems that the amount of demand for developers is higher than the actual amount of developers that are ready to work here in Malta. What’s going on?

At my workplace, I’ve noticed that the typical recruitment that occurs during the summer (recruiting new graduates) did not as well as usual. There were some new faces, but then I discovered that they were actually students / interns, not full timers! It seems that even us, we’re finding it very difficult to get more developers on board with us. We can also talk about the high turnover that’s obviously present, but that’s an argument for another day.

We must then ask another question then: what happened to the new graduates? I have no idea on the amount of graduates per year in Malta, but I’m pretty sure it’s not THAT bad. So, are they being poached by bigger companies (iGaming) with huge salaries? Are they working on their own projects? Or maybe, the new graduates are sub-par to the industry standards and end up un-recruited?

You don’t need more than 1080p on a 13″ screen!

Recently, I’ve been on the market to buy a new 13″ Laptop. I ended up buying a HP Spectre x360: i7, 8GB RAM, 1080p touch screen and the usual gizmos. I’ll talk about the huge headache I went through (not counting the hours spent searching reviews) in order to actually determine what I’m going to buy.

I was quite sure on what I wanted – a lightweight 13″ laptop with an i7 and 8GB of RAM and stuff like that. In other words, a really portable machine which won’t slow me down on the go. There were several contenders in this department, the Dell XPS 13, Lenovo Yoga 910, Razer Blade Stealth, the aforementioned HP Spectre x360  and some others which were quickly eliminated from the list. The biggest question was always : 1080p or 4K screen?

People had mixed feelings about this, some said go for 1080p and some said 4K. Here are my thoughts on this subject. Oh, by the way – this argument is only for Windows Based laptops. This does not apply for non-Windows based machines.

Let’s start by the biggest problem that screen size carries. If the pixel count grows and the screen does not, this means that the actual pixel size gets smaller. So, this means that a 300 pixels on a 13″ 1080p might be 4cm long, but 300 pixels on a 13″ 4k might be just 1 cm long. Most (older) applications were designed to work with pixels, so they do not cater for big resolutions on small screens.

Fortunately, Microsoft have realised this problem and provide a feature to scale the size of the display accordingly. So, old applications will scale up to the appropriate size, but this comes at a cost. Most of the time, the bigger the scale, the blurrier the window will actually look; I’ve illustrated this below. One can “clearly” see that the D is quite blurred out.

Scalingblurring

This problem is acknowledged by Microsoft themselves and provide some workarounds for this. Fortunately, as time goes on, more and more applications are being designed with this problem in mind and scale quite nicely. Also, the new UWP applications (such as the new looking applications on Windows 10 – Settings, Calculator and such handle this problem natively; they will not suffer from these problems.

In my case, my 1080P 13″ display came configured out of the box to use 150% scaling. This means that applications that do not handle such scaling will be multiplied by 1.5 times in order to scale appropriately. So the problem with scaling and blurring already exist with a 1080P display, let alone a 4K display! Those apps which scale poorly will simply exhibit worse symptoms since the scaling needs to be bigger at a 4K resolution.

This problem also exists in games; Linus played Half Life on a 16K monitor; scaling was just laughable.

My end verdict? If you’re buying a Windows-Based machine, don’t opt for a 4K on a 13″ display. It will make the scaling problem just worse. Let’s just hope for a better future where all applications scale correctly! I hope I’ll save some time and headache for anyone who is in the market for a 13″ laptop.

I have not mentioned too much technical details on what actually is going on; I do not want to confuse potential non-technical readers. This post will be followed up by a technical blog post explaining what is actually going on and as a programmer, how to program against this problem. If interested though, the problem mostly lies in the domain of DPI and DIP.

On the usage of bool in method parameters

The number of times that I encountered a piece of code like the following is quite alarming:

Transaction transaction =
    TransactionFactory.CreateTransaction(
        true,
        true,
        false,
        true);

What do those true, true, false, true mean? We’ll need to view the method signature each time we need to understand what those four booleans represent!  This means that anyone trying to skim through your code will have a bad time. Sidenote: if you’re writing method calls with such parameters, you seriously need to consider re-thinking such calls.

Let’s try to improve the readability of that code by a bit

Transaction transaction =
    TransactionFactory.CreateTransaction(
        true /* postInSage */,
        true /* isPaidInFull */,
        false /* recurringTransaction */,
        true /* sendEmailReceipt */);

What did we do here? We added some comments next to each boolean so that when reading the code, the reader can quickly identify what each boolean signifies. Neat, we’ve improved the readability by a lot! Microsoft developers seem to like doing it this way; a quick look at .NET Framework Source will show you some good examples, such as here, here and here.

But, what happens in case the order of the booleans change? Apart from breaking functionality, the comments will not update to reflect the new API call. As they say, comments lie, code never does.

Instead of opting to document the parameter names with comments, C# offers the facility of naming your parameters. This means that you can choose to ignore the order of the parameters, but affix the name of the parameter before the actual value. Let’s apply it to our example.

Transaction transaction =
    TransactionFactory.CreateTransaction(
        postInSage: true,
        isPaidInFull: true,
        recurringTransaction: false,
        sendEmailReceipt: true);

That’s looking great! We can even improve a bit by defaulting all boolean arguments to false, thus we’ll only pass those booleans which should be true.

Now, the method signature will look like this:

CreateTransaction(
    bool postInSage = false,
    bool isPaidInFull = false,
    bool recurringTransaction = false,
    bool sendEmailReceipt = false) 

The method call with look like this

Transaction transaction =
    TransactionFactory.CreateTransaction(
        postInSage: true,
        isPaidInFull: true,
        sendEmailReceipt: true); 

We can also take a totally different approach and eliminate the use of boolean parameters and introduce Enums, specifically Enum flags. This means that when we call the CreateTransaction method, we’ll simply pass the required flags. In case you forgot, here’s a quick refresher on how it works.  It will look something of the sort:

Transaction transaction =
    TransactionFactory.CreateTransaction(
        TransactionFlags.PostInSage |
        TransactionFlags.IsPaidInFull |
        TransactionFlags.SendEmailReceipt);

Not bad! When you read that piece of code, you can easily identify any properties that should be taken into consideration when creating the transaction. We ended up eliminating the need of booleans, in favour of flags.

Does this means that booleans should never be used when dealing with parameters? Of course not. I just wanted to shed some light on the fact that there are better approaches than just writing and consuming APIs in a more readable fashion.

I’m a blogger, not a System Admin!

I had to make a simple choice when I started this blog: Do I want to be a blogger or a System Administrator. What does this mean? Let me elaborate.

As one might obviously assume, this is a blog powered by WordPress.org, a free tool for bloggers like me to get them online and blogging. But, opting for the free version means something else. It means that you need to download it, set up a server somewhere, install it, set it up, buy a domain, and do whatever else it’s required to get things running.

What does all the above mean? It means that you need to spend a couple of hours doing all that stuff, time which could have been spent writing a blog post, just like this one. Let’s not even mention the fact that such systems constantly need patching up. That sounds like a job for a System Administrator not a blogger. The limited time that I have between all the other things in my life, I’d rather spend it doing stuff that I actually like rather than installing package.

Enter Software as s Service (SaaS) – you pay some money per year and it’s all managed for you. This means that installation, deployment, patching and other System Administrator jobs are done for me. That sounds great, doesn’t it? But obviously, going down this route also has some drawbacks. Let’s quickly go through the pros and cons.

Pros

  1. There is almost no downtime between deciding to start blogging and actually blogging. When I purchased my subscription, everything was ready in seconds. Compared to a couple of hours do all the deployment, installations and configuration, I’m very grateful
  2. The hosts are (hopefully) resilient. Paying someone to host your blog means that you’re guaranteed that your blog will always be online without any (reasonable) downtime.
  3. Plugins / Themes are vetted – this means that any dodgy plugins are not available for me to install, thus putting blogs in risk of getting hacked.
  4. Systems are always up to date, without the interference of the end user. Keeping your system up to date is no joke, it means that you’re protected against vulnerable software. This also means that there is no headache making sure that plugins stop working after an update since this headache is handled by the host.
  5. It simply works. This might seem like an Apple advert but it’s true. No dealing with out of this world errors, just subscribe and get blogging!

Cons

  1. Such systems normally reduce the flexibility by the end user by a LOT. Since you do not have access to the underlying operating system, some custom settings simply cannot be applied.
  2. Themes and plugin installation will be limited by the ones provided by the host. But hey, that’s a good thing in the end of the day, since you’re provided peace of mind since these are vetted by the host. Hence why this is also listed in the ‘pro’ section.
  3. Last but not least, you have to pay! Granted, not a lot, but some people might be discouraged when they have to fork out money. This might be the biggest con for many people.

Anyway, in the end of day I concluded that it’s worth to fork out some money and be a bit restricted rather than have to think about every step myself. Although I’m losing some flexibility, I can spend my time writing, which is what I’d like in the end of the day.

 

I hate var and so should you!

Have you ever been writing a piece of code and ended up writing this?


var myReallyObject = GetMyReallyCoolObject();

If yes, please do a favor to everyone and remove that var. It’s not doing any favors to anyone; it’s just reducing the readability of code. If you’re not using a decent IDE, you can never know what that var actually is. In Visual Studio, you’ll need to hover on the var keyword to discover what it actually is. All it did was inconvenience to anyone who’s going to read your code.

Moreover, a var can be a ticking time-bomb, waiting to explode. How? Great Question! Let me illustrate.


private bool RandomFunc()
{
    var myRandomNumber = GetRandomNumber();
    return IsRandomNumberInRange(myRandomNumber)
}

private bool IsRandomNumberInRange(int num)
{
    return num > 10;
}

private bool IsRandomNumberInRange(double num)
{
    return num > 50;
}

private int GetRandomNumber()
{
    return 42;
}

If along the way, GetRandomNumber’s return type changed, the code will still build properly, but the functionality changes. Eliminating the use of var simply resolves this inconsistency. Obviously that’s a trivial piece of code but the rules still apply.

Of course, there are excellent uses of var. I use it when I’m trying some LINQ out and I could not be bothered to guess the return type of some really long LINQ operation, as illustrated.

Given a list of Students (Name and Mark)


List<Student> students = new List<Student> { new Student { Name = "Albert", Class = "1A" }, new Student { Name = "Herd", Class = "1A" } };

Doing an order by and group by on such operation will result in a complex object. I’d rather see


var grouped = students.OrderBy(student => student.Name).GroupBy(student => student.Class);

than see


IEnumerable<IGrouping<string, Student>> grouped = students.OrderBy(student => student.Name).GroupBy(student => student.Class);

I mean, adding that complex declared type provides no real business value; besides in this case we’re not interested in the specifics of the type.

Here’s my thoughts when you can use var:

  • When the return type is complex and we’re not really interested in the return type. Focus on the business part rather than the technical part.
  • When you initialize the variable in the same line using a new construct.
  • Anonymous Types.

Here’s my thoughts when should NOT use var:

  • When the overall readability of code is being impacted.(For me, this is the deal breaker)
  • When the variable is being initialized using a method call.
  • When having a var introduces the possibility of changes in behavior of the variable.

So please, don’t just used var for all your declared types; use it with common sense.

Can we be a bit more careful on how we use the Internal access modifier?

The other day, I was writing some SharePoint code, and I required a RunWithElevatedPrivileges call. This call is normally accompanied by the creation of a new SPSite and a new SPWeb objects. This is even demonstrated in the RunWithElevatedPrivileges MSDN excerpt, as shown below. What this code does and such, it does not really matter for the sake of this post.


SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
        // implementation details omitted
    }
});

This is all fine and good, but I’ve noticed that the project that I’m working on already contains loads of RunWithElevatedPrivileges and the accompanying creation of new SPSite and SPWeb; thus I thought that it would be great if I had access to an overload of RunWithElevatedPrivileges that provides a callback with SPSite and SPWeb as parameters rather than creating them myself. So I thought that this is probably offered by SharePoint but a quick look at the public SharePoint API shows that this does not exist.

Then I thought, how is this possible? This is a common use case; somewhere in the SharePoint API, this ought to exist. So, grabbing ILSpy, I’ve reflected the code and gave a quick look. Unsurprisingly, I’ve found the exact overload that I was looking for. Though, for some weird reason, it’s set to Internal, rather than public. Hold on a minute, why is this kind of API not public? This is not some kind of abstraction; it’s API that should be readily available for the developer.


// Microsoft.SharePoint.SPSecurity
internal static void RunWithElevatedSiteAndWeb(SPWeb originalWeb, SPSecurity.CodeToRunWithElevatedSite secureCode)
{
    if (originalWeb.CurrentUser != null && originalWeb.CurrentUser.ID == 1073741823 && !originalWeb.Site.HasAppPrincipalContext)
    {
        secureCode(originalWeb.Site, originalWeb);
        return;
    }
    SPSecurity.RunWithElevatedPrivileges(delegate
    {
        using (SPSite sPSite = new SPSite(originalWeb.Site.ID, originalWeb.Site.Zone))
        {
            using (SPWeb sPWeb = sPSite.OpenWeb(originalWeb.ID))
            {
                secureCode(sPSite, sPWeb);
            }
        }
    });
}

This made me think: can we be a bit more careful on how we use the Internal access modifier? I mean, I understand that portions of the code should be private, since such code will be only used in the same class to simplify the underlying code. But, API that are clearly useful by developers having a LOT of internal methods is a big no for me. It is clearly not adding business value to the API, just frustration to the end developer since he needs to re-implement (or copy) the same implementation in his solution.

Obviously, I am not saying that ALL Internal methods are badly designed; if this was the case, it would not exist at all. I’m saying that API developers should think twice before limiting API to internal, which can clearly be used 3rd party developers. Private methods are OK, but internal methods, I think one needs to be a bit more careful on how this is used.

Or..maybe this is just one of the many, many quirks of the SharePoint API.