R3 — Rent the commodity parts (Stripe / Auth0 / Algolia / RDS / Lambda); build only what is genuinely differentiated logic

Rule: For SMB client work, default to renting the commodity parts — payments (Stripe launched 2011 — card data never touches merchant server (Stripe.js → token), removing the heaviest PCI burden), auth (Auth0 founded 2013 — managed identity, social login, SSO, SAML / Amazon Cognito and Firebase Auth — 2014-era managed identity peers to Auth0), search (Algolia founded 2012 (Dessaigne & Lemoine; Y Combinator W2014) — search-as-a-service, no infra to manage / Elasticsearch first release 2010 — open-source on Apache Lucene; commodity search), managed DB (Amazon RDS announced October 2009 (MySQL first); GA May 31, 2011 — managed DB absorbs admin/backup/failover), serverless (AWS Lambda previewed November 13, 2014; GA April 9, 2015 — code with no servers to provision). Build only what is genuinely differentiated — the client's actual business logic.

Why: Each commodity service replaces a person-month-or-more bespoke build (see the "pre" entries: [[pre-stripe-merchant-account-plus-gateway-plus-pci]], [[pre-auth0-roll-your-own-password-hashing]], [[pre-elasticsearch-sql-like-or-custom-lucene]]). Building any of these in-house is paying twice — once at build, again at maintenance — for a worse outcome.

How to apply:

• Scope conversations explicitly call out which parts are commodity (rent) vs differentiated (build).
• "We want our own auth" is almost always a red flag — surface [[pre-auth0-roll-your-own-password-hashing]] and the security implications.
• The differentiated logic is usually narrower than the client first imagines; help them see it.