Dev Blog

The True Cost of a Feature: PIN codes and the FreshBooks iOS App

By Craig Wilson on June 26th, 2013

In the world of product development, learning how to say “no” is one of the most difficult yet important skills one can have. While the list of features that could be added to your product is always endless, being able to determine what your product does not do allows for greater focus and attention to detail. Having the confidence to say “no” also means that you can investigate and select the features that will provide the most value for your users, instead of feeling pressured to address every feature request for your application.

As an example, after the launch of our FreshBooks iOS application last year, some of our customers had concerns about the application’s lack of a PIN code. They feared that this omission raised security issues, and made their business data vulnerable to attack or accidental corruption. As a team we had discussed PIN codes during the design of the application, but ultimately decided against implementing them. In this post I’ll explain the rationale behind our decision, and give an overview of the security measures in iOS that made our decision possible.


In mobile applications, PIN codes are passphrases that the user must enter to…

The Role of the Quality Assurance Professional in iOS Development

By Craig Wilson on May 28th, 2013

Are you an independent iOS developer, looking to improve the quality of your applications? Even if you don’t have the budget to add a dedicated software testing professional, there are measures anyone can take to test more intelligently and efficiently. FreshBooks QA Analyst Craig Wilson recently sat down with iOS Developer and author Ash Furrow on the Springboard podcast to discuss the criteria FreshBooks uses to evaluate iOS testing tools and what conclusions they’ve reached so far, along with the “see how badly you can break it” mindset to have when testing any type of application.

Other highlights include:

  • FreshBooks’ experience with iOS automated testing tools, including Apple’s own “Instruments” developer tool, and Square’s “KIF” framework.
  • The philosophies and mindsets behind automated and manual testing.
  • What types of tests are suitable to be automated.

Have a listen here and let Craig and Ash know what you think!

FreshBooks secret sauce: chatrooms

By wyatt on May 17th, 2013

Now this is a story all about how my life got flip-turned upside down.
I’d like to take a minute — just sit right there,
I’ll tell you how chatrooms are the Prince of Bel-Air.

When I began researching, thinking always,
in chatrooms is where I spent most of my days.
I asked one little question and a sysadmin got scared…
Okay, well, he didn’t really get scared.

He got historical, and told me that we began using chatrooms at FreshBooks after a hackoff he did years ago. Receiving a direct answer like that encapsulates the magic of a simple chatroom: I asked a broad group of people about something and quickly received an answer from whomever had the time, knowledge, and interest to speak up. Chat systems are like water to fish: rarely examined, but integral to our experience — and if you’re not using named chatrooms, you’re missing out on something great.

Questions and Answers

That sysadmin was in #geek, an informal room we have for tech-related discussion which averages 20-25 users in our hundredish-person company. I asked, “hey everybody, who wants to regale me with tales of when and how we started using our chat system?” Around a…

Hindsight is 20/20—so take advantage

By Marguerite on April 30th, 2013

I’ve only been on the FreshBooks dev team for a few months, so the stories I hear about the bad old days when our releases were like picking a way through a minefield are only legend to me. But I gather we’ve come a long way, and I suspect that this was in large part due to our Release Retrospective meetings. It is in these meetings that our blunderings are turned into lessons so that we learn from our mistakes instead of making the same ones ad infinitum.

Curiosity. That is what I felt while I attended my first retro. It struck me as a strange ritual. In a small room, wherever there was room to stand, devs, QA, Product, Support and Ops crowded around a table strewn with Sharpies and Post-it-notes. These sticky-pads, some green, some red, were passed around. People began writing on them using squeaky markers, peeling the notes off and handing them to a person at the front. This person stuck them on the whiteboard—red notes on the left, green notes on the right. When the sound of scribbling and unsticking of stickies had tapered off, the person at the front went through each note on…

Using triggers to un-shatter a schema

By Taavi on April 12th, 2013

We deleted millions of customer database tables and nobody noticed. And that’s a good thing. It just took some thinking (a bit of reading), and 10 months of slow-but-steady work.


FreshBooks is a classic multi-tenant application. Customers sign up with us and live in their own little island of data (received invoices and contractors are treated like telephone calls to the next island). When the first version of FreshBooks shipped (and for many years after), every new account creation resulted in a new set of database tables being created. This worked well in the early days. Every time a web page was served by PHP, it would define the names of all the tables that that account needed to access, so you never had to use a WHERE clause to restrict data access to a single account. Early on in an HTTP request we converted an account name (e.g. yourcompany from into a numeric ID (e.g. 123), and tables were named using that id (e.g. org123_invoice).

But times change. FreshBooks grew, and with it our data. By 2010 we were living with MILLIONS of database tables (yes, literally on the order of 1E+6). Databases are…