<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Induwara Ashinsana</title>
    <description>The latest articles on DEV Community by Induwara Ashinsana (@induwara_ashinsana_9e4d5b).</description>
    <link>https://dev.to/induwara_ashinsana_9e4d5b</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3958655%2F6fa1c062-e3e8-4949-affc-f60cccfc2dfb.jpg</url>
      <title>DEV Community: Induwara Ashinsana</title>
      <link>https://dev.to/induwara_ashinsana_9e4d5b</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/induwara_ashinsana_9e4d5b"/>
    <language>en</language>
    <item>
      <title>Apple sues OpenAI: trade-secret lessons for small teams</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Wed, 15 Jul 2026 09:18:33 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/apple-sues-openai-trade-secret-lessons-for-small-teams-2c4g</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/apple-sues-openai-trade-secret-lessons-for-small-teams-2c4g</guid>
      <description>&lt;p&gt;&lt;strong&gt;Apple sues OpenAI over alleged trade secret theft&lt;/strong&gt;, and my first reaction was not "who's right" but "this is the exact mistake a two-person Colombo startup makes without ever getting sued." According to &lt;a href="https://techcrunch.com/2026/07/10/apple-sues-openai-over-alleged-trade-secret-theft/" rel="noopener noreferrer"&gt;TechCrunch&lt;/a&gt;, Apple alleges the misconduct was directed by OpenAI's senior leadership, including a long-time former employee.&lt;/p&gt;

&lt;p&gt;I'm not a lawyer, and I'm not going to pretend I know how this ends. But the &lt;em&gt;shape&lt;/em&gt; of the dispute, a former insider who allegedly carried valuable knowledge to a competitor, is the single most common way small companies lose their edge. You don't need Apple's legal budget to learn from it.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 What a "trade secret" actually is
&lt;/h2&gt;

&lt;p&gt;A trade secret isn't a patent. That distinction matters more than most builders realise, because the two protect completely different things in completely different ways.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;Trade secret&lt;/th&gt;
&lt;th&gt;Patent&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;What it protects&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Anything secret with commercial value (recipes, code, processes, customer lists)&lt;/td&gt;
&lt;td&gt;A specific novel invention&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;How you get it&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Just keep it secret + take reasonable steps to protect it&lt;/td&gt;
&lt;td&gt;File, pay, wait, publish&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Public disclosure&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;None. Secrecy &lt;em&gt;is&lt;/em&gt; the protection&lt;/td&gt;
&lt;td&gt;Full public disclosure&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Duration&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Forever, until it leaks&lt;/td&gt;
&lt;td&gt;~20 years, then public&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Dies when&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;It becomes public knowledge&lt;/td&gt;
&lt;td&gt;The term expires&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; A trade secret's entire legal existence depends on you actually keeping it secret. The moment you stop taking "reasonable steps" to protect it, the protection evaporates, no lawsuit required to lose it.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That's the uncomfortable part of the Apple story for small teams. The alleged value walked out on two legs. Once knowledge is in someone's head, technical locks don't help. Your protection is contractual and procedural, not cryptographic.&lt;/p&gt;




&lt;h2&gt;
  
  
  🛠️ The departing-employee problem, scaled down
&lt;/h2&gt;

&lt;p&gt;Apple's complaint reportedly centres on a long-time former employee. Strip away the billion-dollar names and this is a Tuesday afternoon at any growing company:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Someone senior leaves.&lt;/li&gt;
&lt;li&gt;They join a competitor, or start one.&lt;/li&gt;
&lt;li&gt;They know your pricing model, your unpublished roadmap, your customer list, the one clever thing your product does that nobody else does.&lt;/li&gt;
&lt;li&gt;Nobody wrote down who was allowed to know what.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;I've seen Sri Lankan freelancers and small agencies get burned by step 4 specifically. There was no NDA, no offboarding checklist, no access review. The knowledge wasn't &lt;em&gt;stolen&lt;/em&gt; in any dramatic sense. It just... left, because nothing ever marked it as protected.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; If you can't point to the "reasonable steps" you took to keep something secret, a court, and reality, may decide you never treated it as a secret at all.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  💡 IP hygiene a two-person team can actually do
&lt;/h2&gt;

&lt;p&gt;You don't need a legal department. You need a handful of boring habits that cost nothing but discipline. Here's the minimum I'd run for any small SL team:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Written NDAs and IP-assignment clauses&lt;/strong&gt; in every employment and contractor agreement. Get a local lawyer to sign off on a template once; reuse it forever.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Least-privilege access.&lt;/strong&gt; Not everyone needs the production database or the full customer export. Grant per-role, review quarterly.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A real offboarding checklist.&lt;/strong&gt; Revoke tokens, rotate shared credentials, disable accounts &lt;em&gt;on the last day&lt;/em&gt;, not the following week.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Label what's confidential.&lt;/strong&gt; A repo README or doc header that says "Confidential, internal only" is cheap evidence that you treated it as a secret.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Log access to sensitive assets.&lt;/strong&gt; Even a simple audit trail shows who touched what.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Here's a dead-simple offboarding script skeleton, the point isn't the code, it's that the checklist exists and runs every time:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# offboard.sh — run on an employee's last day&lt;/span&gt;
&lt;span class="nv"&gt;USER&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$1&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"Revoking access for &lt;/span&gt;&lt;span class="nv"&gt;$USER&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;span class="c"&gt;# 1. Disable SSO / email account&lt;/span&gt;
&lt;span class="c"&gt;# 2. Remove from GitHub org + rotate any deploy keys they held&lt;/span&gt;
&lt;span class="c"&gt;# 3. Rotate shared API keys the whole team used&lt;/span&gt;
&lt;span class="c"&gt;# 4. Revoke database credentials&lt;/span&gt;
&lt;span class="c"&gt;# 5. Archive their laptop image, wipe device&lt;/span&gt;
&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"Offboarding complete. Log this to your audit trail."&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The gap between "we trust each other" and "we have a checklist" is where most small-team IP disputes are born.&lt;/p&gt;




&lt;h2&gt;
  
  
  🌐 Where open source changes the maths
&lt;/h2&gt;

&lt;p&gt;Not everything should be a trade secret. For a lot of Sri Lankan builders chasing a global audience on a learning budget, &lt;em&gt;openness&lt;/em&gt; is a stronger strategy than secrecy. Your moat becomes your execution, community, and support, not a hidden algorithm.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Strategy&lt;/th&gt;
&lt;th&gt;Best when&lt;/th&gt;
&lt;th&gt;The risk&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Trade secret&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;You have a genuine, hard-to-reverse edge&lt;/td&gt;
&lt;td&gt;One leak ends it; enforcement is expensive&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Patent&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;The invention is novel and worth the filing cost&lt;/td&gt;
&lt;td&gt;Slow, costly, publicly disclosed&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Open source&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Adoption and trust matter more than secrecy&lt;/td&gt;
&lt;td&gt;Anyone can fork; you compete on execution&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The Apple v. OpenAI fight is a reminder that secrecy is a liability you have to actively maintain. Open source flips that: there's nothing to steal, and contribution becomes your distribution. Decide &lt;em&gt;deliberately&lt;/em&gt; which parts of your product are secret and which are shared. The mistake is defaulting into secrecy for things that were never really secret and never really protected.&lt;/p&gt;

&lt;p&gt;If part of your workflow involves checking whether text or code looks suspiciously copied, our free &lt;a href="https://induwara.lk/tools/ai-text-similarity-checker" rel="noopener noreferrer"&gt;AI text similarity checker&lt;/a&gt; can give you a quick signal, useful for spotting when a "new" document is really an old one with the logo swapped.&lt;/p&gt;




&lt;h2&gt;
  
  
  💬 What this means for you
&lt;/h2&gt;

&lt;p&gt;You will probably never sue anyone, and nobody will sue you. But the failure mode in this lawsuit, valuable knowledge leaving through a person while nobody tracked it, is one you can hit at any size.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Treat your edge like it's real.&lt;/strong&gt; Write down what's confidential, and take steps to keep it that way.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Contracts first, not after the fallout.&lt;/strong&gt; NDAs and IP-assignment clauses are cheap now and priceless later.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Offboard like it matters.&lt;/strong&gt; The last day is when access should end, every time.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Choose secrecy on purpose.&lt;/strong&gt; If openness serves you better, commit to it and stop pretending you have a secret you never protected.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I'll watch how the case develops, but the lesson doesn't depend on the verdict. Secrets you don't protect aren't secrets. They're just facts waiting to walk out the door.&lt;/p&gt;

</description>
      <category>tradesecrets</category>
      <category>startup</category>
      <category>intellectualproperty</category>
    </item>
    <item>
      <title>Disney+ Free Tier: What 'Free' Really Costs Builders</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Tue, 14 Jul 2026 13:09:26 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/disney-free-tier-what-free-really-costs-builders-17i1</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/disney-free-tier-what-free-really-costs-builders-17i1</guid>
      <description>&lt;p&gt;A &lt;strong&gt;Disney+ free tier&lt;/strong&gt; is reportedly on the table, and the interesting part is not the free movies. It's the admission underneath it. According to a &lt;a href="https://techcrunch.com/2026/07/10/disney-is-considering-a-free-streaming-tier-report-says/" rel="noopener noreferrer"&gt;TechCrunch report&lt;/a&gt;, Disney is considering free, ad-supported content so it can compete with &lt;strong&gt;YouTube&lt;/strong&gt; and &lt;strong&gt;Tubi&lt;/strong&gt;, which keep capturing a bigger slice of viewing time.&lt;/p&gt;

&lt;p&gt;I build free tools for a living, so this one caught my eye. When a company with one of the most valuable content libraries on earth starts eyeing "free," there's a lesson in it for anyone shipping a product on a small budget.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 What Disney is actually reacting to
&lt;/h2&gt;

&lt;p&gt;Disney isn't chasing free because it loves giving things away. It's reacting to where attention already lives. The report frames the move as a response to free services eating into how people spend their viewing hours.&lt;/p&gt;

&lt;p&gt;That's the real signal: &lt;strong&gt;distribution beats a paywall&lt;/strong&gt; when a rival is free at the door.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Model&lt;/th&gt;
&lt;th&gt;Who pays&lt;/th&gt;
&lt;th&gt;Barrier to first use&lt;/th&gt;
&lt;th&gt;Who it describes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Paid subscription&lt;/td&gt;
&lt;td&gt;The viewer, upfront&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;td&gt;Classic Disney+ / Netflix&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Ad-supported free&lt;/td&gt;
&lt;td&gt;Advertisers&lt;/td&gt;
&lt;td&gt;Almost none&lt;/td&gt;
&lt;td&gt;YouTube, Tubi&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Freemium&lt;/td&gt;
&lt;td&gt;Some users later&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;Spotify, most SaaS&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; A free tier is not charity. It's a distribution channel you pay for with attention and ads instead of asking the user to pay at the front door.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The moment your competitor is free and "good enough," your paywall stops being a price and starts being a reason to bounce.&lt;/p&gt;




&lt;h2&gt;
  
  
  💰 Why "free" is a distribution decision, not a giveaway
&lt;/h2&gt;

&lt;p&gt;If you've ever shipped something and watched signups stall, you already know the friction a price adds. Every step between "I heard about this" and "I'm using it" leaks users. A free tier removes the biggest step.&lt;/p&gt;

&lt;p&gt;Here's the mental model I use when deciding what to give away:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Free removes the risk&lt;/strong&gt; for a first-time user who doesn't trust you yet.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Free creates a funnel&lt;/strong&gt; of people you can later convert, upsell, or learn from.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Free buys data&lt;/strong&gt; on what people actually do, which is worth more than a survey.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Disney can afford to run ad-supported content because ads on a huge audience pay the bills. The economics only work at scale, which is exactly why a free tier is a bet on volume, not a discount. For a smaller builder, the math is different but the logic is the same: give away the thing that gets people in, and charge for the thing they can't do without once they're hooked. The free part is the hook, not the product.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The question is never "should this be free?" It's "what's the cheapest thing I can give away that still creates a habit?"&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  🛠️ What a Sri Lankan builder can copy from this
&lt;/h2&gt;

&lt;p&gt;You don't need Disney's catalog to use Disney's strategy. Most successful small products in Sri Lanka and beyond run some version of the free-first playbook.&lt;/p&gt;

&lt;p&gt;A few concrete moves that work on a learning budget:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Ship a genuinely useful free core.&lt;/strong&gt; Not a crippled demo. Something people would recommend even if you never charged.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Make the first use zero-friction.&lt;/strong&gt; No signup, no card, no popup. The whole point of induwara.lk's &lt;a href="https://induwara.lk/tools" rel="noopener noreferrer"&gt;free tools&lt;/a&gt; is that you land and it works.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Charge for depth, scale, or convenience&lt;/strong&gt;, not for basic access. Think higher limits, team features, exports, priority.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Let usage teach you.&lt;/strong&gt; Watch which free features people hammer. That's your paid roadmap.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you're building an AI feature and worried the free tier will bankrupt you, price it first. Our &lt;a href="https://induwara.lk/tools/ai-tts-cost-calculator" rel="noopener noreferrer"&gt;AI TTS cost calculator&lt;/a&gt; and the other AI cost tools exist precisely so you can model "what does 10,000 free users actually cost me" before you promise anything.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; Copy the structure, not the scale. Free core, easy start, paid depth. That pattern works whether you have a billion-dollar library or a weekend project.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  📊 The catch: free is never actually free
&lt;/h2&gt;

&lt;p&gt;Someone always pays. With ad-supported streaming, the viewer pays with attention, tolerance for ads, and usually some data. As a builder, you pay too, and it's worth being honest about the bill before you commit.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;"Free" cost&lt;/th&gt;
&lt;th&gt;Who absorbs it&lt;/th&gt;
&lt;th&gt;Watch out for&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Ad load&lt;/td&gt;
&lt;td&gt;The user's patience&lt;/td&gt;
&lt;td&gt;Too many ads and the free tier feels worse than nothing&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Server / API bills&lt;/td&gt;
&lt;td&gt;You&lt;/td&gt;
&lt;td&gt;An unpriced free tier can quietly drain your runway&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Support load&lt;/td&gt;
&lt;td&gt;You&lt;/td&gt;
&lt;td&gt;Free users still email you, often more&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Brand perception&lt;/td&gt;
&lt;td&gt;Both&lt;/td&gt;
&lt;td&gt;"Free" can signal low quality if the core feels cheap&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The trap I see most often with small teams: they launch a free tier, it gets popular, and the API bill arrives before the revenue does. Free at scale needs a plan for who pays, or it becomes a very expensive hobby.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;A free tier without a conversion or ad plan behind it isn't a strategy. It's a subsidy you're funding personally.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  What this means for you
&lt;/h2&gt;

&lt;p&gt;Disney weighing a free tier is a reminder that even the biggest libraries can't out-price "free." If a giant has to meet free services where they are, a small builder competing on price alone is fighting the wrong battle.&lt;/p&gt;

&lt;p&gt;So don't ask whether your thing should be free. Ask:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What's the smallest free core that creates a real habit?&lt;/li&gt;
&lt;li&gt;How does that free user eventually pay you, in money, ads, data, or word of mouth?&lt;/li&gt;
&lt;li&gt;Can you afford the free tier at 10x today's usage?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Get those three answers right and "free" stops being scary. It becomes your cheapest, most honest marketing channel. Get them wrong and you're just Disney with a smaller library and a bigger server bill.&lt;/p&gt;

&lt;p&gt;If you're sketching out the numbers for your own free tier, start with the &lt;a href="https://induwara.lk/tools" rel="noopener noreferrer"&gt;free tools on induwara.lk&lt;/a&gt; and model the costs before you ship the promise.&lt;/p&gt;

</description>
      <category>streaming</category>
      <category>freemium</category>
      <category>productstrategy</category>
    </item>
    <item>
      <title>OpenAI Copyright Lawsuit: Why Provenance Now Matters</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Mon, 13 Jul 2026 17:08:50 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/openai-copyright-lawsuit-why-provenance-now-matters-1e1g</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/openai-copyright-lawsuit-why-provenance-now-matters-1e1g</guid>
      <description>&lt;p&gt;The &lt;strong&gt;OpenAI copyright lawsuit&lt;/strong&gt; brought by the &lt;strong&gt;New York Times&lt;/strong&gt; just got sharper, and the new fight is not about training data at all. It's about evidence. According to &lt;a href="https://techcrunch.com/2026/07/09/new-york-times-says-openai-hid-evidence-in-chatgpt-copyright-trial/" rel="noopener noreferrer"&gt;TechCrunch&lt;/a&gt;, news publishers are accusing OpenAI of hiding internal tools and datasets that could show when &lt;strong&gt;ChatGPT&lt;/strong&gt; reproduces copyrighted journalism, and they've filed a new motion for sanctions over it.&lt;/p&gt;

&lt;p&gt;I want to skip the courtroom drama and talk about the part that actually touches people like us: builders, students, and small teams who use these models every day. When the companies behind the models can't cleanly answer "what did the model copy, and how do you know," that uncertainty rolls downhill to everyone building on top.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 The real issue is provenance, not plagiarism
&lt;/h2&gt;

&lt;p&gt;The word "copyright" makes people think about plagiarism. But the sharp end of this case is &lt;strong&gt;provenance&lt;/strong&gt;: being able to prove where a piece of text came from. The publishers aren't just saying ChatGPT sometimes echoes their articles. They're saying OpenAI had the means to detect that and didn't hand it over.&lt;/p&gt;

&lt;p&gt;That distinction matters for anyone shipping AI features:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Plagiarism&lt;/strong&gt; is a content question: is this text too similar to something else?&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Provenance&lt;/strong&gt; is a records question: can you show, later, how the text was produced?&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; If a company the size of OpenAI is struggling to prove what its model did and didn't reproduce, a two-person startup running an AI feature has no chance of reconstructing it after the fact. Log it while it happens.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;If you generate marketing copy, summaries, or code with an AI model, save the prompt, the model name, and the raw output alongside whatever you publish. It costs almost nothing now and is impossible to recreate later.&lt;/p&gt;




&lt;h2&gt;
  
  
  ⚖️ Why "we don't know what it copied" is the whole ballgame
&lt;/h2&gt;

&lt;p&gt;A large language model doesn't store articles like a database. It stores statistical patterns. That's exactly why the discovery fight is hard: nobody can &lt;code&gt;SELECT * FROM articles&lt;/code&gt; and see what came out verbatim. The publishers say OpenAI built internal tooling that gets closer to answering that, and that's what they want on the table.&lt;/p&gt;

&lt;p&gt;Here's the uncomfortable version for builders:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Question&lt;/th&gt;
&lt;th&gt;Who has to answer it&lt;/th&gt;
&lt;th&gt;How hard it is&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;"Did the model train on my article?"&lt;/td&gt;
&lt;td&gt;Model provider&lt;/td&gt;
&lt;td&gt;Hard, needs training-set access&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;"Did this output copy my article?"&lt;/td&gt;
&lt;td&gt;Whoever published the output&lt;/td&gt;
&lt;td&gt;Medium, comparable text is checkable&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;"Can you prove you didn't copy?"&lt;/td&gt;
&lt;td&gt;You&lt;/td&gt;
&lt;td&gt;Impossible without your own logs&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The middle row is the one you can actually control. You can compare your output against a source you're worried about before you ship it. You can't prove a negative about the model's guts, but you can check the text in front of you.&lt;/p&gt;




&lt;h2&gt;
  
  
  🛠️ What a small SL team should actually do
&lt;/h2&gt;

&lt;p&gt;You don't need a legal team to be reasonable here. You need a habit. This is the checklist I'd give a freelancer in Colombo or a student team at a university project:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Keep raw outputs.&lt;/strong&gt; Store the exact model output, not just the polished final version.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Note the model and date.&lt;/strong&gt; "ChatGPT, July 2026" is a real record. Vague memory is not.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Check similarity before publishing.&lt;/strong&gt; Run generated text against sources you're nervous about.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Rewrite in your own voice.&lt;/strong&gt; Paraphrasing plus adding your own reasoning is both better content and a safer position.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cite when you lean on a source.&lt;/strong&gt; A named link is cheap insurance and good practice anyway.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;For step 3, you don't need enterprise software. A quick pass through a &lt;a href="https://induwara.lk/tools/plagiarism-checker" rel="noopener noreferrer"&gt;plagiarism checker&lt;/a&gt; or an &lt;a href="https://induwara.lk/tools/ai-text-similarity-checker" rel="noopener noreferrer"&gt;AI text similarity checker&lt;/a&gt; tells you whether your draft is uncomfortably close to something already out there. That's a five-minute check that saves a very bad week.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;If you can't afford to lose the argument, don't rely on being able to reconstruct it. Keep the receipts up front.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  🌐 What this case might change for the rest of us
&lt;/h2&gt;

&lt;p&gt;I don't know how the sanctions motion will land, and I'm not going to guess. But the direction of travel is visible even from here. Two things feel likely to stick regardless of the verdict:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Provenance tooling becomes normal.&lt;/strong&gt; Expect model providers to ship "content credentials" style signals so downstream users can prove how something was made.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Records requirements creep into contracts.&lt;/strong&gt; If you build AI features for clients, especially publishing or education clients, expect them to ask how you log generations.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For Sri Lankan builders working on free tiers and tight budgets, none of that is a reason to stop using AI. It's a reason to treat it like any other dependency: know what version you used, keep a record, and don't ship output you can't stand behind. The teams that get burned won't be the ones using AI. They'll be the ones who used it and kept no memory of how.&lt;/p&gt;




&lt;h2&gt;
  
  
  💡 What this means for you
&lt;/h2&gt;

&lt;p&gt;The &lt;strong&gt;New York Times vs OpenAI&lt;/strong&gt; discovery fight is a preview of a question every AI builder will eventually face: &lt;em&gt;prove what your model produced.&lt;/em&gt; You can't answer that retroactively, so build the habit now while it's free.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Save prompts and raw outputs the moment you generate them.&lt;/li&gt;
&lt;li&gt;Run a similarity check before anything public goes out.&lt;/li&gt;
&lt;li&gt;Add your own analysis so the work is genuinely yours, not a reworded copy.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;You don't need OpenAI's legal budget to be careful. You need a folder of receipts and five honest minutes before you hit publish. Start today, on the next thing you generate.&lt;/p&gt;

</description>
      <category>openailawsuit</category>
      <category>aicopyright</category>
      <category>aiforbuilders</category>
    </item>
    <item>
      <title>Google's AI Ad Label Is a Checkbox, Not a Fact-Check</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Sun, 12 Jul 2026 21:08:23 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/googles-ai-ad-label-is-a-checkbox-not-a-fact-check-12ko</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/googles-ai-ad-label-is-a-checkbox-not-a-fact-check-12ko</guid>
      <description>&lt;p&gt;The new &lt;strong&gt;Google AI ad disclosure&lt;/strong&gt; sounds like a big deal: from now on, ads across Search, YouTube, and Discover can carry a note about whether they were built with AI. TechCrunch &lt;a href="https://techcrunch.com/2026/07/09/google-will-now-disclose-which-ads-are-made-with-ai/" rel="noopener noreferrer"&gt;reported the change on 9 July 2026&lt;/a&gt;. I read it and my first reaction was not "finally, transparency." It was: who is filling in this label, and is anyone checking?&lt;/p&gt;

&lt;p&gt;The answer changes everything. This is a self-declared checkbox, not a fact-check. That gap is the actual story.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 What Google actually changed
&lt;/h2&gt;

&lt;p&gt;Google added a &lt;strong&gt;"How this ad was made"&lt;/strong&gt; option inside My Ad Center. You reach it by clicking the three-dot menu or info icon on an ad in Google Search, YouTube, or Google Discover. Tap through and, in theory, you learn whether the ad was created or edited with AI.&lt;/p&gt;

&lt;p&gt;Here is how the disclosure gets set:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Scenario&lt;/th&gt;
&lt;th&gt;Who sets the AI label&lt;/th&gt;
&lt;th&gt;Verified by Google?&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Advertiser uses Google's own generative AI ad tools&lt;/td&gt;
&lt;td&gt;Automatic&lt;/td&gt;
&lt;td&gt;Yes (it's Google's tool)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Ad made elsewhere, then uploaded&lt;/td&gt;
&lt;td&gt;Advertiser sets it manually&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;No&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Local law requires extra labeling&lt;/td&gt;
&lt;td&gt;Triggered by market&lt;/td&gt;
&lt;td&gt;Depends on jurisdiction&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Before this, Google only required disclosure on &lt;strong&gt;election ads&lt;/strong&gt;. Extending it to all ads globally is a real expansion in scope. But scope is not the same as reliability.&lt;/p&gt;




&lt;h2&gt;
  
  
  🧩 Why "advertiser-declared" is the whole story
&lt;/h2&gt;

&lt;p&gt;Read the mechanism again: for ads made outside Google's tools, the advertiser ticks the box themselves, and Google says it will not independently verify AI use in third-party ads.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; A disclosure that the advertiser fills in and nobody audits tells you about the honest advertisers. It tells you nothing about the dishonest ones — the exact people a synthetic-content label is supposed to catch.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Think about the incentives. An advertiser running a clean, disclosed campaign will happily tick the box. An advertiser running a deceptive AI-generated testimonial has every reason to leave it blank, and no verification step forces their hand. So the label is most present precisely where you need it least.&lt;/p&gt;

&lt;p&gt;That does not make it useless. It creates a paper trail and a norm. When declaration is the default, "I forgot" stops being a defence, and repeat offenders become easier to act against. It just means the label is a &lt;strong&gt;trust signal, not proof&lt;/strong&gt;. Treat it the way you treat a "no added sugar" claim on a packet: helpful when true, silent when it matters most.&lt;/p&gt;




&lt;h2&gt;
  
  
  💰 What it means if you run Google Ads from Sri Lanka
&lt;/h2&gt;

&lt;p&gt;If you're a small-team builder or freelancer buying ads on a tight budget, this is a small operational change with a slightly larger reputational one.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;If you use Google's AI ad tools, the label is automatic.&lt;/strong&gt; You don't opt in or out. Assume your creative will be marked as AI-assisted.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;If you generate creatives elsewhere&lt;/strong&gt; — an image model, a script written by a chatbot, an AI voiceover — and upload them, the honest move is to set the label yourself. There's no verification, but there is your reputation.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;"Edited with AI" is broad.&lt;/strong&gt; Background cleanup, upscaling, or a generated voice can all count. Know what you actually did before you declare, so you neither over- nor under-state it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Watch for local rules.&lt;/strong&gt; Google notes that local law can trigger additional labeling in some markets. Sri Lanka has no specific AI-ad statute I'm aware of today, but ad standards and consumer-protection norms still apply, and that can change.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The honest read: for most small Sri Lankan advertisers this is one extra checkbox and zero cost. The upside of ticking it truthfully is that you're on the right side of a norm that's only going to tighten.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔎 How to check for yourself when the label is silent
&lt;/h2&gt;

&lt;p&gt;Since the label is optional for uploaded ads, don't outsource your judgement to it. If you're a consumer, a journalist, or just a curious engineer, you can do your own quick checks:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Run the image through a detector.&lt;/strong&gt; Our free &lt;a href="https://induwara.lk/tools/ai-image-detector" rel="noopener noreferrer"&gt;AI Image Detector&lt;/a&gt; gives you a second opinion on whether a still was likely machine-generated. It's a probability, not a verdict, but it's more than a blank checkbox.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Inspect the metadata.&lt;/strong&gt; Many AI tools leave traces. The &lt;a href="https://induwara.lk/tools/exif-metadata-viewer" rel="noopener noreferrer"&gt;EXIF Metadata Viewer&lt;/a&gt; shows what a file quietly carries about how it was made.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Look for the tells.&lt;/strong&gt; Warped text, extra fingers, physically impossible lighting, and voiceovers with no breaths are still common in synthetic ads.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;None of these is proof on its own. Stacked together, they beat trusting a self-report.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; The platform is telling you it won't police third-party ads. So the verification burden lands on you. Build the habit now, because AI creative in ads is only going to get more convincing.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  💡 What this means for you
&lt;/h2&gt;

&lt;p&gt;I think the honest way to describe this update is &lt;strong&gt;useful but modest&lt;/strong&gt;. Google widened AI disclosure from election ads to everything, and that's a genuine step. But by making it self-declared and unverified for outside creatives, Google shipped the cheap half of the problem and left the hard half — actual verification — for later, or for regulators.&lt;/p&gt;

&lt;p&gt;For a Sri Lankan builder, the practical takeaways are short. If you advertise, tick the box truthfully; it costs nothing and it protects you. If you watch or research ads, treat "How this ad was made" as a starting hint, not an answer, and keep a couple of detection tools in your back pocket. The label tells you what the advertiser chose to admit. Your own checks tell you what's actually there.&lt;/p&gt;

</description>
      <category>aitransparency</category>
      <category>googleads</category>
      <category>digitaladvertising</category>
    </item>
    <item>
      <title>CISA Wrote Its Incident Plan Mid-Breach. Write Yours Now.</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Sun, 12 Jul 2026 01:01:25 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/cisa-wrote-its-incident-plan-mid-breach-write-yours-now-o67</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/cisa-wrote-its-incident-plan-mid-breach-write-yours-now-o67</guid>
      <description>&lt;p&gt;An &lt;strong&gt;incident response plan&lt;/strong&gt; is the thing you least want to be writing at 2 a.m. while an attacker is already inside your systems. Yet that is roughly what happened to America's top cyber-defence body. According to &lt;a href="https://techcrunch.com/2026/07/10/us-cyber-agency-cisa-had-to-build-its-incident-playbook-during-the-incident-agency-reveals/" rel="noopener noreferrer"&gt;TechCrunch&lt;/a&gt;, the &lt;strong&gt;Cybersecurity and Infrastructure Security Agency (CISA)&lt;/strong&gt; admitted it "missed" a chance to get ahead of a security incident by not having a response plan ready before it happened.&lt;/p&gt;

&lt;p&gt;Sit with that for a second. The agency whose entire job is telling everyone else to be prepared got caught improvising its own playbook mid-fire. If it can happen to CISA, it will happen to your three-person startup in Colombo. So let me turn this into something useful instead of a dunk.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 Why the plan has to exist before the fire
&lt;/h2&gt;

&lt;p&gt;The failure here is not technical. It is a planning failure, and planning failures are the cheapest ones to fix. When you write your response steps during an incident, three things go wrong at once:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;You make decisions under stress.&lt;/strong&gt; Adrenaline is bad for judgement. Who do we call, do we take the box offline, do we tell users yet? These are hard questions that get worse when you are panicking.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Nobody knows their role.&lt;/strong&gt; Two people fix the same thing, a third thing gets ignored.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;You lose evidence.&lt;/strong&gt; In the scramble, someone reboots the compromised server and wipes the logs you needed.&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; A runbook written calmly on a normal Tuesday is worth ten decisions made in a panic. The whole value of the plan is that it exists before you need it.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The point of a plan is not that it predicts the exact attack. It never will. The point is that it removes the easy decisions from your plate so your brain is free for the hard ones.&lt;/p&gt;




&lt;h2&gt;
  
  
  🛠️ The one-page runbook a small team can actually write today
&lt;/h2&gt;

&lt;p&gt;You do not need a 40-page corporate document. You need one page that answers "what do we do in the first hour." Here is a starter you can adapt.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Phase&lt;/th&gt;
&lt;th&gt;Question to answer in advance&lt;/th&gt;
&lt;th&gt;Who owns it&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Detect&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;How do we even know something is wrong? (alerts, a user report, a weird login)&lt;/td&gt;
&lt;td&gt;On-call dev&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Contain&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Do we isolate the machine or pull it offline? What breaks if we do?&lt;/td&gt;
&lt;td&gt;Tech lead&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Preserve&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Before we touch anything, do we snapshot logs and disk?&lt;/td&gt;
&lt;td&gt;Tech lead&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Communicate&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Who tells users, and after how long? Who talks to press if it's public?&lt;/td&gt;
&lt;td&gt;Founder&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Recover&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;How do we restore from a known-good backup? Where is it?&lt;/td&gt;
&lt;td&gt;Whoever set up backups&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Review&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;When it's over, who writes the post-mortem?&lt;/td&gt;
&lt;td&gt;Everyone, blameless&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Print it. Pin it in your team chat. The test of a good runbook is simple: could a tired teammate follow it at 2 a.m. without calling you?&lt;/p&gt;




&lt;h2&gt;
  
  
  💡 Free-tier and open-source tools that make this real
&lt;/h2&gt;

&lt;p&gt;A learning budget is not an excuse to skip this. Almost every piece can be free.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Backups you have actually tested.&lt;/strong&gt; An untested backup is a rumour. Restore it once to prove it works.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A secure way to share credentials during an incident.&lt;/strong&gt; Do not paste the root password into a group chat that logs forever. Use a self-destructing link. Our own &lt;a href="https://induwara.lk/tools/one-time-secret" rel="noopener noreferrer"&gt;one-time secret tool&lt;/a&gt; exists for exactly this: the link opens once, then the data is gone.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A password manager&lt;/strong&gt; so a compromised account can be rotated in minutes, not hours.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Log storage off the affected box.&lt;/strong&gt; If logs only live on the server that got popped, the attacker controls your evidence.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A written contact list&lt;/strong&gt; with phone numbers, not just Slack handles. Slack might be the thing that is down.&lt;/li&gt;
&lt;/ol&gt;

&lt;blockquote&gt;
&lt;p&gt;Free templates exist too. CISA and other national bodies publish incident-response guidance for public use. Start from one, then cut it down to fit a team your size.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  📊 What CISA got right by saying it out loud
&lt;/h2&gt;

&lt;p&gt;Here is the part I respect. Admitting "we missed this" in public is itself a security practice. Most organisations bury the lesson. A blameless post-mortem that names the gap is how you stop repeating it.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Reaction to a mistake&lt;/th&gt;
&lt;th&gt;What it produces&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Hide it, blame an individual&lt;/td&gt;
&lt;td&gt;The same gap, again, next quarter&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Name the gap, fix the process&lt;/td&gt;
&lt;td&gt;A plan that exists before the next incident&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;For a Sri Lankan team building software for local banks, telcos, or government, this matters more than usual. Trust is the whole product. The team that can honestly say "here is what we learned and here is what we changed" recovers faster than the one that pretends it never happened.&lt;/p&gt;




&lt;h2&gt;
  
  
  🚀 What this means for you
&lt;/h2&gt;

&lt;p&gt;You are not CISA. You have fewer people, less money, and a smaller attack surface. That is an advantage, because your plan can be one page instead of a binder. Do this before you close this tab:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Open a shared doc and paste the six-phase table above.&lt;/li&gt;
&lt;li&gt;Fill in real names next to each role. If you are a solo founder, your name goes in every row, and that is a risk worth knowing about.&lt;/li&gt;
&lt;li&gt;Write down where your backups live and when you last restored one.&lt;/li&gt;
&lt;li&gt;Save a secure-sharing link and a contact list somewhere that survives your main system going down.&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; The most powerful cyber agency in the world got caught without a plan. The fix is not more budget or fancier tools. It is thirty minutes on a calm day. Spend them now, before the incident writes your playbook for you.&lt;/p&gt;
&lt;/blockquote&gt;

</description>
      <category>incidentresponse</category>
      <category>cybersecurity</category>
      <category>smallteams</category>
    </item>
    <item>
      <title>What Meta Pulling an Instagram AI Feature Teaches Builders</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Sat, 11 Jul 2026 04:56:06 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/what-meta-pulling-an-instagram-ai-feature-teaches-builders-1bid</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/what-meta-pulling-an-instagram-ai-feature-teaches-builders-1bid</guid>
      <description>&lt;p&gt;&lt;strong&gt;Meta removed a controversial AI feature on Instagram&lt;/strong&gt; after its own users pushed back, and the quiet reversal is more instructive than the feature itself. According to a report by &lt;strong&gt;Dylan Byers at Puck News&lt;/strong&gt;, surfaced by &lt;a href="https://techcrunch.com/2026/07/10/meta-removes-controversial-ai-feature-on-instagram-after-backlash/" rel="noopener noreferrer"&gt;TechCrunch&lt;/a&gt;, Meta pulled the feature once the backlash from its user base got loud enough.&lt;/p&gt;

&lt;p&gt;I want to be honest up front: the public reporting here is thin. What I can defend is the pattern, because I have watched it repeat, and because I ship small AI features myself. When a company as large as Meta has to walk something back, there is a lesson in it for anyone shipping AI on a fraction of the budget.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔁 The reversal matters more than the feature
&lt;/h2&gt;

&lt;p&gt;The specific feature is almost beside the point. Meta ships AI into Instagram constantly, and most of it lands without a headline. What made this one different is the sequence:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Meta added an AI feature to a product people already use daily.&lt;/li&gt;
&lt;li&gt;Users noticed, disliked it, and said so loudly.&lt;/li&gt;
&lt;li&gt;Meta removed it rather than defend it.&lt;/li&gt;
&lt;/ol&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; The backlash was not about AI being bad. It was about AI being &lt;em&gt;added to something people did not ask to change.&lt;/em&gt; That distinction is the whole story.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That third step is rare enough to be news. Big platforms usually A/B test, wait out complaints, and keep the feature. A full removal signals the reaction was strong and fast. When you cannot even keep a feature live long enough to measure it, the problem was consent, not quality.&lt;/p&gt;




&lt;h2&gt;
  
  
  🧭 Opt-in versus opt-out is the entire fight
&lt;/h2&gt;

&lt;p&gt;Most AI backlash traces back to one design choice: was the feature &lt;strong&gt;opt-in&lt;/strong&gt; or &lt;strong&gt;opt-out&lt;/strong&gt;? People forgive a feature they chose. They resent one that shows up in their feed uninvited and quietly uses their content.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Approach&lt;/th&gt;
&lt;th&gt;What the user experiences&lt;/th&gt;
&lt;th&gt;Typical outcome&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Opt-in&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;"Try the new AI thing?" — user decides&lt;/td&gt;
&lt;td&gt;Low adoption, high trust&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Opt-out&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Feature is just there; you disable it if you notice&lt;/td&gt;
&lt;td&gt;High adoption, high resentment&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;No toggle at all&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;You cannot turn it off&lt;/td&gt;
&lt;td&gt;Backlash, press, reversal&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Big platforms lean opt-out because it juices adoption numbers for the next earnings call. For a small team, that trade is a trap. You do not have Meta's brand cushion to absorb the anger. One bad rollout to a few thousand users can define you.&lt;/p&gt;




&lt;h2&gt;
  
  
  💡 What a two-person team should copy instead
&lt;/h2&gt;

&lt;p&gt;I run tools that touch user content, so this is not theory for me. Here is the checklist I hold myself to before any AI feature goes near real user data:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Default to off.&lt;/strong&gt; New AI behaviour ships disabled. The user turns it on. Adoption is slower and trust is higher, and trust is the thing you cannot rebuild.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Say what leaves the device.&lt;/strong&gt; If content gets sent to a model, state it plainly in the UI, not buried in a policy page.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Give a real off switch.&lt;/strong&gt; Not a dark-pattern maze. One toggle, obvious, that actually stops the processing.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Keep a fast rollback.&lt;/strong&gt; Meta could remove this feature quickly. Can you? If a feature flag can kill it in one deploy, you can afford to be bold, because you can afford to be wrong.&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; Ship AI features the way you would want one shipped into your own bank app. Uninvited automation on top of something you rely on feels like a violation, no matter how clever the model is.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  🌐 Why this hits harder for Sri Lankan builders
&lt;/h2&gt;

&lt;p&gt;If you are building from Colombo or Galle on a learning budget, the asymmetry with Meta is the point. Meta can eat a news cycle and move on. You cannot. A single privacy misstep in a local tool spreads through the exact community you are trying to serve, and it spreads on WhatsApp faster than any correction.&lt;/p&gt;

&lt;p&gt;There is a practical upside to being small, though. You can:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Process on-device where possible.&lt;/strong&gt; If the AI can run in the browser, user data never leaves their machine, and the whole consent problem shrinks.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Strip sensitive data before it ever reaches a model.&lt;/strong&gt; If your feature only needs the shape of the text, not the names and numbers, remove those first. That is exactly why I built a free &lt;a href="https://induwara.lk/tools/ai-pii-redactor" rel="noopener noreferrer"&gt;AI PII redactor&lt;/a&gt; — clean the input before an AI ever sees it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Ask before you send.&lt;/strong&gt; A one-line confirmation costs you nothing and buys you the benefit of the doubt.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Meta's engineers are not worse than us. They are just optimising for a scoreboard we do not have to play on. Our scoreboard is trust, and trust is cheaper to keep than to win back.&lt;/p&gt;




&lt;h2&gt;
  
  
  What this means for you
&lt;/h2&gt;

&lt;p&gt;Meta pulling a feature after backlash is not a story about Meta failing. It is a working example of the ceiling on shipping AI people did not ask for, even when you own the platform and have infinite resources.&lt;/p&gt;

&lt;p&gt;If you build anything with AI in it, take three things from this:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Consent is a feature, not a legal footnote.&lt;/strong&gt; Make the user choose.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Opt-out rollouts borrow trust you have to pay back with interest.&lt;/strong&gt; Default to off.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Your smallness is an advantage.&lt;/strong&gt; You can process locally, redact early, and ship with a rollback switch that a company Meta's size can only dream of moving that fast.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The companies that win the next few years of AI will not be the ones that shipped the most features. They will be the ones users still trusted after they shipped them.&lt;/p&gt;

</description>
      <category>meta</category>
      <category>aiproduct</category>
      <category>instagram</category>
    </item>
    <item>
      <title>The $3 Trillion AI ROI Question, Read From Colombo</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Fri, 10 Jul 2026 08:33:34 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/the-3-trillion-ai-roi-question-read-from-colombo-5b06</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/the-3-trillion-ai-roi-question-read-from-colombo-5b06</guid>
      <description>&lt;p&gt;The &lt;strong&gt;AI ROI question&lt;/strong&gt; is back, and the number attached to it this time is genuinely hard to picture: &lt;strong&gt;$3 trillion&lt;/strong&gt;. That is roughly how much revenue the AI industry needs to earn to justify what it is spending on data centers, chips, and power. I read TechCrunch's framing of it in &lt;a href="https://techcrunch.com/2026/07/09/can-ai-answer-the-3-trillion-question/" rel="noopener noreferrer"&gt;&lt;em&gt;Can AI answer the $3 trillion question?&lt;/em&gt;&lt;/a&gt;, and my first thought was not about OpenAI or Anthropic. It was about the freelancer in Kandy paying for an API key.&lt;/p&gt;

&lt;p&gt;Because when the biggest companies in the world are worried about paying back their AI bets, the person most exposed to the fallout is not them. It is the small builder who wired their whole product to a model they do not control.&lt;/p&gt;




&lt;h2&gt;
  
  
  📊 Where the $3 trillion number comes from
&lt;/h2&gt;

&lt;p&gt;The figure traces back to &lt;strong&gt;David Cahn&lt;/strong&gt;, a partner at &lt;strong&gt;Sequoia Capital&lt;/strong&gt;. His math is simple even if the total is not. He pegs AI infrastructure spending at roughly &lt;strong&gt;$1.5 trillion for 2026&lt;/strong&gt;, and calls that "probably an underestimate" because memory costs and specialty chips keep climbing. To earn a return on that kind of capital expenditure, the industry needs to generate multiples of it in revenue. That is where the trillions come from.&lt;/p&gt;

&lt;p&gt;Now hold that against what the leading labs actually earn today:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Company&lt;/th&gt;
&lt;th&gt;Reported ARR&lt;/th&gt;
&lt;th&gt;As of&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Anthropic&lt;/td&gt;
&lt;td&gt;~$60 billion&lt;/td&gt;
&lt;td&gt;current&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;OpenAI&lt;/td&gt;
&lt;td&gt;~$20 billion&lt;/td&gt;
&lt;td&gt;November 2025&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; Even the two most successful AI companies combined are earning tens of billions against a spending gap measured in trillions. The revenue is real and growing fast. The gap is still enormous.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That is the whole tension. Nobody serious is saying AI produces nothing. The question is whether it produces &lt;em&gt;enough, fast enough,&lt;/em&gt; to pay for the concrete and silicon already going into the ground.&lt;/p&gt;




&lt;h2&gt;
  
  
  ⚠️ Why this is not just a Silicon Valley problem
&lt;/h2&gt;

&lt;p&gt;You might read all this and think it is a rich-country boardroom fight. It is not, and here is the person who made me take it seriously.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Torsten Slok&lt;/strong&gt;, chief economist at &lt;strong&gt;Apollo Global Management&lt;/strong&gt;, put the risk in blunt terms. If the hyperscalers — think Microsoft, Amazon, Google, Meta — miss their 2028 cash-flow projections, the damage does not stay contained:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"A slower payoff wouldn't just be a sector problem, it would risk tipping the economy into recession."&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Read that carefully. He is not warning about one company's stock. He is warning about the broader economy, and a US or global slowdown reaches Sri Lanka fast through remittances, freelance demand, and tourism. If AI spending has quietly become a load-bearing column of global growth, then a wobble in AI ROI is a macro event, not a tech-news headline.&lt;/p&gt;

&lt;p&gt;For a small team here, the practical translation is this: do not assume today's cheap or free AI pricing is permanent. Some of it is being subsidised by companies racing for market share on borrowed time.&lt;/p&gt;




&lt;h2&gt;
  
  
  ⚡ The one number that actually helps small builders
&lt;/h2&gt;

&lt;p&gt;Here is the part of the story I found genuinely useful, and it is easy to miss under the trillion-dollar noise. The article notes that OpenAI's latest model is &lt;strong&gt;54% more token efficient&lt;/strong&gt; on coding tasks.&lt;/p&gt;

&lt;p&gt;That single line matters more to a bootstrapped builder than the entire CapEx debate. Efficiency gains are the mechanism by which any of this reaches us. If a model does the same job for roughly half the tokens, your bill roughly halves for that work, whatever the labs are spending upstream.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Fewer tokens per task&lt;/strong&gt; means lower cost per feature you ship.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Better efficiency&lt;/strong&gt; partly offsets any future price increases the ROI reckoning might force.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The trend, not the headline number,&lt;/strong&gt; is what you should track month to month.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you want to feel this in your own budget rather than take my word for it, run your real usage through our &lt;a href="https://induwara.lk/tools/ai-api-cost-calculator" rel="noopener noreferrer"&gt;AI API cost calculator&lt;/a&gt;. Plug in the number of requests you actually make and see what a 50% efficiency shift does to a monthly invoice. That is the difference between an interesting news story and a line item you control.&lt;/p&gt;




&lt;h2&gt;
  
  
  🛠️ How to build so the reckoning can't sink you
&lt;/h2&gt;

&lt;p&gt;I am not going to pretend to know whether this is a bubble. Cahn is measuring a real gap; the labs are growing real revenue. Both can be true. What I &lt;em&gt;can&lt;/em&gt; do is build so I survive either outcome. A few rules I follow:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Never hard-wire a single provider.&lt;/strong&gt; Keep your prompts and calls behind a thin layer you can re-point. If prices jump or a lab folds, you swap, not rewrite.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Start on free tiers, then measure.&lt;/strong&gt; Prove the product works before you commit real money. Compare what each provider gives away with our &lt;a href="https://induwara.lk/tools/ai-free-tier-comparison" rel="noopener noreferrer"&gt;AI free-tier comparison&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Track cost per user, not cost per call.&lt;/strong&gt; A feature that is cheap per request can still bleed you at scale.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Prefer smaller models where they suffice.&lt;/strong&gt; The efficiency trend is on your side; ride it instead of defaulting to the biggest, most expensive model.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Keep a no-AI fallback for anything critical.&lt;/strong&gt; If a call fails or gets rate-limited, your app should degrade, not die.&lt;/li&gt;
&lt;/ol&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; The trillion-dollar question is theirs to answer. Your job is to make sure the answer, whatever it turns out to be, does not decide whether your product lives.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  💡 What this means for you
&lt;/h2&gt;

&lt;p&gt;If you are a student, a freelancer, or a two-person team in Sri Lanka building on top of these models, the $3 trillion question is not something you can solve, and you should not lose sleep over predicting it. What you can do is refuse to be a hostage to it.&lt;/p&gt;

&lt;p&gt;The labs are spending like the payoff is guaranteed. Slok is reminding everyone it is not. Somewhere between those two positions is where you build: use the tools while they are cheap, keep your architecture portable, watch the efficiency gains flow into your costs, and never bet your business on a price that only exists because a giant is burning cash to win a race. Do that, and it genuinely does not matter to you whether AI answers its trillion-dollar question this year or in 2028.&lt;/p&gt;

</description>
      <category>aieconomics</category>
      <category>aicosts</category>
      <category>startup</category>
    </item>
    <item>
      <title>Google Photos' AI Video Remix, and cheaper ways to do it</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Thu, 09 Jul 2026 12:24:06 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/google-photos-ai-video-remix-and-cheaper-ways-to-do-it-1g37</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/google-photos-ai-video-remix-and-cheaper-ways-to-do-it-1g37</guid>
      <description>&lt;p&gt;&lt;strong&gt;Google Photos Video Remix&lt;/strong&gt; is the kind of feature that tells you where consumer video editing is heading, even if you never open the app. According to &lt;a href="https://techcrunch.com/2026/07/08/google-photos-adds-a-new-ai-video-remix-tool/" rel="noopener noreferrer"&gt;TechCrunch&lt;/a&gt;, the new AI tool can relight a dark clip to brighten it, swap a plain background for something more interesting, and paint artistic styles over your footage.&lt;/p&gt;

&lt;p&gt;I don't think the interesting part is the feature. It's what it means when this stops being a specialist skill and becomes a button inside the app that already holds your photos.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 What Video Remix actually does
&lt;/h2&gt;

&lt;p&gt;Stripping out the marketing, TechCrunch describes three concrete capabilities:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Capability&lt;/th&gt;
&lt;th&gt;What it replaces&lt;/th&gt;
&lt;th&gt;Old way of doing it&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Cinematic relighting&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Fixing a dark or badly lit clip&lt;/td&gt;
&lt;td&gt;Colour grading in Premiere / DaVinci Resolve&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Background swap&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Removing or replacing what's behind the subject&lt;/td&gt;
&lt;td&gt;Green screen + keying, or manual rotoscoping&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Artistic styles&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Applying a stylised look to the whole video&lt;/td&gt;
&lt;td&gt;Style-transfer plugins or heavy After Effects work&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Each of these used to be a paid-software task that took real time to learn. The news isn't that AI can do them. It's that Google is putting all three one tap away for anyone with the app.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; The skill that used to separate an editor from a hobbyist is now a menu item. The moat moves from &lt;em&gt;can you do it&lt;/em&gt; to &lt;em&gt;do you have taste about when to&lt;/em&gt;.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  💡 Why this matters more here than in San Francisco
&lt;/h2&gt;

&lt;p&gt;For a Sri Lankan freelancer or small team, this cuts two ways.&lt;/p&gt;

&lt;p&gt;The upside is obvious. If you run a small social page, a wedding-video side hustle, or a product store on Instagram, you no longer need a licensed copy of anything to fix a badly lit clip or clean up a messy background. That was a real cost barrier, and it's collapsing.&lt;/p&gt;

&lt;p&gt;The downside is worth saying out loud:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Your baseline just went up.&lt;/strong&gt; When everyone's clips are relit and colour-matched by default, "shot on a decent phone" stops being a differentiator.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The output looks the same.&lt;/strong&gt; A one-tap style makes a thousand videos look like each other. Templated polish reads as templated.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;You still don't control it.&lt;/strong&gt; It's a feature inside someone else's app, tied to their account, their rollout, and their idea of what "cinematic" means.&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;I'd treat AI relighting the way I treat auto-tune: fine as a fix, dangerous as a personality.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;There's also a quieter question the TechCrunch write-up doesn't answer, and I'd want to before I lean on it: where does the processing happen, and what happens to a clip you feed it? On a shared connection with a data cap, "upload the video, wait, download the remixed version" is a different deal from something that runs on the phone. If your footage involves a client, a product launch, or anything you haven't published yet, that's not a small detail. Read the fine print before you pipe a paid job through a free consumer feature.&lt;/p&gt;




&lt;h2&gt;
  
  
  🛠️ You can already do most of this for free, in a browser
&lt;/h2&gt;

&lt;p&gt;Here's the practical part. You don't have to wait for a feature to reach your phone, or hand your footage to one app, to get the same building blocks. Most of what Video Remix bundles is available as small, single-purpose tools you can use today without an account.&lt;/p&gt;

&lt;p&gt;If your actual need is one of these jobs, a focused free tool is often faster than hunting through an app menu:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Swap or drop a background&lt;/strong&gt; — the background-swap trick is really just subject cutout plus a new backdrop. Our free &lt;a href="https://induwara.lk/tools/background-remover" rel="noopener noreferrer"&gt;background remover&lt;/a&gt; does the hard part in the browser, and you composite your own backdrop with full control.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Rescue a low-resolution or soft clip frame&lt;/strong&gt; — pull the frame, clean it up with an &lt;a href="https://induwara.lk/tools/image-upscaler" rel="noopener noreferrer"&gt;image upscaler&lt;/a&gt;, then drop it back.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Turn a moment into a shareable loop&lt;/strong&gt; — a lot of "video remix" energy is really just making a good clip loop. A &lt;a href="https://induwara.lk/tools/video-to-gif" rel="noopener noreferrer"&gt;video-to-GIF converter&lt;/a&gt; does that with zero rendering software.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;None of these are one-tap magic. That's the point. You keep the file, you keep the decisions, and nothing depends on which region gets the update first.&lt;/p&gt;




&lt;h2&gt;
  
  
  🌐 The bigger signal: editing is becoming an API, not an app
&lt;/h2&gt;

&lt;p&gt;Video Remix fits a pattern I keep seeing. Capabilities that were whole software categories are being unbundled into individual AI operations: relight, restyle, cut out, upscale, caption. Google happens to be stitching them back into Photos, but the underlying moves are generic.&lt;/p&gt;

&lt;p&gt;For anyone building tools, that's the opportunity. You don't need to out-build Google Photos. You need to do one of these operations well, without an account, in a language and context your audience actually uses. A tool that removes a background cleanly and lets a Colombo store owner drop in a plain white product backdrop in ten seconds is more useful to that person than a general "remix everything" button they have to fight with.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; When the big players bundle, the room for small tools is in the &lt;em&gt;unbundled&lt;/em&gt; version — sharper, faster, no login, and honest about what it does.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  What this means for you
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;If you make content:&lt;/strong&gt; use AI cleanup as a fix, not a filter you leave on. The polish is now free for everyone, so your edge is judgement, not the effect.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;If you build tools:&lt;/strong&gt; the news is that these operations are now expected, not exotic. Pick one, make it genuinely good, and ship it without a signup wall.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;If you're a student learning editing:&lt;/strong&gt; don't skip the manual version. Understanding &lt;em&gt;why&lt;/em&gt; a clip is too dark is what lets you fix it when the one-tap button gets it wrong.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I'm glad relighting and background swaps are getting easier. I just wouldn't confuse an easier tool with a better result. The tap is free now. The taste still isn't.&lt;/p&gt;

</description>
      <category>aivideoediting</category>
      <category>googlephotos</category>
      <category>freetools</category>
    </item>
    <item>
      <title>Resend on the Vercel Marketplace: what it means for solo builders</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Wed, 08 Jul 2026 16:09:45 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/resend-on-the-vercel-marketplace-what-it-means-for-solo-builders-5a5k</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/resend-on-the-vercel-marketplace-what-it-means-for-solo-builders-5a5k</guid>
      <description>&lt;p&gt;&lt;strong&gt;Resend on the Vercel Marketplace&lt;/strong&gt; is the kind of announcement that reads like a small integration update and actually removes a whole category of decision-making for a solo builder. The headline, from &lt;a href="https://vercel.com/changelog/resend-vercel-marketplace" rel="noopener noreferrer"&gt;Vercel's changelog&lt;/a&gt;, is that Vercel teams can now send email from their apps without standing up any email infrastructure of their own.&lt;/p&gt;

&lt;p&gt;I want to talk about what that removes, not what it adds. When you are one person shipping a side project from Colombo at 2am, the value is rarely a new feature. It is one fewer thing to run, one fewer bill to reconcile, one fewer place your app can silently break.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔌 What the integration actually gives you
&lt;/h2&gt;

&lt;p&gt;According to the changelog, installing Resend from the Marketplace gets you a managed email service you can wire into an app within minutes. The listed capabilities are worth reading as a checklist rather than marketing copy.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Capability&lt;/th&gt;
&lt;th&gt;What it replaces for you&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Send transactional + marketing email via &lt;strong&gt;API or SMTP relay&lt;/strong&gt;
&lt;/td&gt;
&lt;td&gt;Running or renting your own mail server&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Build templates as &lt;strong&gt;React components&lt;/strong&gt; with &lt;strong&gt;React Email&lt;/strong&gt;
&lt;/td&gt;
&lt;td&gt;Hand-writing brittle HTML email tables&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Track opens, clicks, bounces, deliveries via &lt;strong&gt;real-time webhooks&lt;/strong&gt;
&lt;/td&gt;
&lt;td&gt;Guessing whether your mail landed&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;
&lt;strong&gt;Chat SDK adapter&lt;/strong&gt; to send email from an agent&lt;/td&gt;
&lt;td&gt;Custom glue code between your LLM and a mail API&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; The point of this launch is not that Resend can send email. It is that you can add production email to a Vercel app without provisioning, verifying, or babysitting any infrastructure yourself.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That distinction matters because email is one of those problems that looks trivial until you actually try to run it. Deliverability, SPF/DKIM records, bounce handling, and reputation are all real work, and none of it is the work you actually wanted to do.&lt;/p&gt;




&lt;h2&gt;
  
  
  💳 Why Marketplace billing quietly matters in Sri Lanka
&lt;/h2&gt;

&lt;p&gt;Here is the angle the changelog does not spell out. When you install a service through the Vercel Marketplace, it becomes part of your existing Vercel account rather than a separate signup with its own card entry and its own invoice.&lt;/p&gt;

&lt;p&gt;For a developer paying from a Sri Lankan bank, that consolidation is not a small convenience.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Every extra international SaaS subscription is another card authorisation that can get declined by local forex controls.&lt;/li&gt;
&lt;li&gt;Every separate vendor is another USD invoice to track against a rupee budget.&lt;/li&gt;
&lt;li&gt;Fewer billing relationships means fewer places a failed payment can quietly suspend your service.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The changelog does not publish pricing, and I am not going to invent numbers I cannot verify. Check Resend's own pricing before you commit. But if you are budgeting a stack in dollars while earning or spending in rupees, the exchange-rate maths adds up fast. If you want to sanity-check what a monthly USD tool bill actually costs you, our &lt;a href="https://induwara.lk/tools/freelancer-usd-lkr-calculator" rel="noopener noreferrer"&gt;freelancer USD to LKR calculator&lt;/a&gt; does that conversion honestly, including the fees the transfer services take.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Consolidating vendors under one Marketplace bill is a boring-sounding win. Boring wins are exactly what keep a one-person project alive past month three.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  🛠️ Email as React components is the real developer story
&lt;/h2&gt;

&lt;p&gt;The capability I am most interested in is building email templates as &lt;strong&gt;React components&lt;/strong&gt; through &lt;strong&gt;React Email&lt;/strong&gt;. If you already write JSX all day, your mental model transfers directly. No context switch into a separate templating language, no fighting nested tables to make a button render the same in Gmail and Outlook.&lt;/p&gt;

&lt;p&gt;A React Email component looks like the code you already write:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight tsx"&gt;&lt;code&gt;&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;Button&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;Html&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;Text&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;@react-email/components&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="k"&gt;export&lt;/span&gt; &lt;span class="k"&gt;default&lt;/span&gt; &lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;WelcomeEmail&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="nx"&gt;name&lt;/span&gt; &lt;span class="p"&gt;}:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nl"&gt;name&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="kr"&gt;string&lt;/span&gt; &lt;span class="p"&gt;})&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="k"&gt;return &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;
    &lt;span class="p"&gt;&amp;lt;&lt;/span&gt;&lt;span class="nc"&gt;Html&lt;/span&gt;&lt;span class="p"&gt;&amp;gt;&lt;/span&gt;
      &lt;span class="p"&gt;&amp;lt;&lt;/span&gt;&lt;span class="nc"&gt;Text&lt;/span&gt;&lt;span class="p"&gt;&amp;gt;&lt;/span&gt;Hi &lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;, thanks for signing up.&lt;span class="p"&gt;&amp;lt;/&lt;/span&gt;&lt;span class="nc"&gt;Text&lt;/span&gt;&lt;span class="p"&gt;&amp;gt;&lt;/span&gt;
      &lt;span class="p"&gt;&amp;lt;&lt;/span&gt;&lt;span class="nc"&gt;Button&lt;/span&gt; &lt;span class="na"&gt;href&lt;/span&gt;&lt;span class="p"&gt;=&lt;/span&gt;&lt;span class="s"&gt;"https://induwara.lk"&lt;/span&gt;&lt;span class="p"&gt;&amp;gt;&lt;/span&gt;Open your dashboard&lt;span class="p"&gt;&amp;lt;/&lt;/span&gt;&lt;span class="nc"&gt;Button&lt;/span&gt;&lt;span class="p"&gt;&amp;gt;&lt;/span&gt;
    &lt;span class="p"&gt;&amp;lt;/&lt;/span&gt;&lt;span class="nc"&gt;Html&lt;/span&gt;&lt;span class="p"&gt;&amp;gt;&lt;/span&gt;
  &lt;span class="p"&gt;);&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;For a student or self-taught developer, this is a genuinely good way to learn. You reuse skills you are already building instead of memorising a one-off syntax you will forget by next month. The same component model, the same props, the same composition habits.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; if you can build a page in React, you can now build a well-behaved email without learning the dark art of HTML email tables.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  🤖 The Chat SDK adapter is a signal, not just a feature
&lt;/h2&gt;

&lt;p&gt;The changelog lists a &lt;strong&gt;Chat SDK adapter&lt;/strong&gt; that lets an agent send email directly. On its own that is one line in a feature list. As a signal, it tells you where this tooling is heading: email is being treated as an action an AI agent can take, not just a template a human triggers.&lt;/p&gt;

&lt;p&gt;Think about the practical shape of that:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;A user asks your agent to send a summary or a follow-up.&lt;/li&gt;
&lt;li&gt;The agent composes the message.&lt;/li&gt;
&lt;li&gt;The adapter dispatches it through the same tracked, managed pipeline as your transactional mail.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;You still own the guardrails. An agent that can send email on a user's behalf needs rate limits, confirmation steps, and logging, and none of that is optional. But the plumbing between "the model decided to send" and "the mail actually went out" is now something you install rather than something you build.&lt;/p&gt;




&lt;h2&gt;
  
  
  💡 What this means for you
&lt;/h2&gt;

&lt;p&gt;If you are shipping anything on Vercel that needs to send email, whether that is a signup confirmation, a password reset, or a weekly digest, this shortens the path from idea to sent message.&lt;/p&gt;

&lt;p&gt;Here is how I would treat it:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;If you are...&lt;/th&gt;
&lt;th&gt;Do this&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;A student learning full-stack&lt;/td&gt;
&lt;td&gt;Use React Email to build templates with skills you already have&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A solo founder on a rupee budget&lt;/td&gt;
&lt;td&gt;Weigh the billing consolidation, then verify Resend's own pricing&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Building agent features&lt;/td&gt;
&lt;td&gt;Look at the Chat SDK adapter before you write custom mail glue&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Already running your own SMTP&lt;/td&gt;
&lt;td&gt;Ask whether that maintenance is still worth your time&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The broader lesson is not about email at all. It is that the cost of professional-grade infrastructure keeps dropping toward "install and go," and the builders who win are the ones who spend the freed-up time on the actual product rather than the plumbing underneath it.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; For a small team, the best infrastructure is the infrastructure you never have to think about again. Resend on the Vercel Marketplace moves email one step closer to that.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Read the original announcement on &lt;a href="https://vercel.com/changelog/resend-vercel-marketplace" rel="noopener noreferrer"&gt;Vercel's changelog&lt;/a&gt; for the install steps and the full capability list, then decide whether removing your own mail server is worth it. For most solo builders I know, it already was.&lt;/p&gt;

</description>
      <category>resend</category>
      <category>vercel</category>
      <category>emailinfrastructure</category>
    </item>
    <item>
      <title>Vercel CLI dry-run: check a deploy before you ship it</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Tue, 07 Jul 2026 19:49:28 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/vercel-cli-dry-run-check-a-deploy-before-you-ship-it-3dhj</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/vercel-cli-dry-run-check-a-deploy-before-you-ship-it-3dhj</guid>
      <description>&lt;p&gt;The &lt;strong&gt;Vercel CLI dry-run deployment&lt;/strong&gt; feature lets you preview exactly what the CLI would upload before it actually creates a deployment. You run &lt;code&gt;vercel deploy --dry&lt;/code&gt; from a linked project, and instead of shipping code, the CLI tells you which files it picked up, which it ignored, and which framework it detected. Nothing leaves your machine.&lt;/p&gt;

&lt;p&gt;I read about it in &lt;a href="https://vercel.com/changelog/dry-run-deployments-with-vercel-cli" rel="noopener noreferrer"&gt;Vercel's changelog post&lt;/a&gt;, and my first thought was not about speed. It was about the number of times I've deployed something on a shaky connection, waited for the upload, and only then found out I'd shipped a 200 MB folder I forgot to ignore. This closes that gap.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 What a dry run actually shows you
&lt;/h2&gt;

&lt;p&gt;The point of a dry run is to answer a simple question: &lt;em&gt;if I deploy right now, what goes up?&lt;/em&gt; The CLI resolves that answer without uploading anything or creating a deployment.&lt;/p&gt;

&lt;p&gt;For automation, you can ask for the full &lt;strong&gt;file manifest as JSON&lt;/strong&gt;. According to the changelog, that JSON includes:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Field in the manifest&lt;/th&gt;
&lt;th&gt;What it tells you&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Detected framework&lt;/td&gt;
&lt;td&gt;The preset Vercel thinks you're using&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Included paths&lt;/td&gt;
&lt;td&gt;Every file that would be uploaded&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Ignored paths&lt;/td&gt;
&lt;td&gt;What &lt;code&gt;.vercelignore&lt;/code&gt; and defaults excluded&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Directory size distribution&lt;/td&gt;
&lt;td&gt;Where your bytes actually live&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Largest files&lt;/td&gt;
&lt;td&gt;The assets most likely to bloat a deploy&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;File modes&lt;/td&gt;
&lt;td&gt;Permission bits, useful for catching odd executables&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Content hashes&lt;/td&gt;
&lt;td&gt;A fingerprint of each file's contents&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; A dry run is a read-only preview of your deployment. You get the framework detection and the complete file list without spending a single byte of upload bandwidth.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;One nice touch: piped or other non-TTY output automatically switches to JSON. So the same command behaves like a human report in your terminal and like structured data inside a script.&lt;/p&gt;




&lt;h2&gt;
  
  
  ⚡ Why this matters on a Sri Lankan connection
&lt;/h2&gt;

&lt;p&gt;If you're deploying from a home fibre line in Colombo or tethering off mobile data in Kandy, upload speed is the constraint, not download. A failed or bloated deploy is not just an annoyance, it's real minutes and real data.&lt;/p&gt;

&lt;p&gt;Here's the workflow that changes for me:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Run &lt;code&gt;vercel deploy --dry&lt;/code&gt; and read the included-files list.&lt;/li&gt;
&lt;li&gt;Spot anything that shouldn't be there, like &lt;code&gt;node_modules&lt;/code&gt;, a stray &lt;code&gt;.env&lt;/code&gt;, or a huge design asset.&lt;/li&gt;
&lt;li&gt;Fix &lt;code&gt;.vercelignore&lt;/code&gt; or your project config.&lt;/li&gt;
&lt;li&gt;Re-run the dry run until the manifest matches what you meant to ship.&lt;/li&gt;
&lt;li&gt;
&lt;em&gt;Then&lt;/em&gt; deploy for real.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;You verify before you commit bandwidth, instead of discovering the mistake after a slow upload. On a metered connection that's the difference between one clean deploy and three wasteful ones.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; The dry run turns "deploy and hope" into "inspect, then deploy." That's a good trade when every megabyte uploaded costs you time or data.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  🛠️ A pre-flight check for AI agents and CI
&lt;/h2&gt;

&lt;p&gt;The changelog is explicit that this is built with automation in mind. An agent or a CI step can use the manifest as a pre-deployment gate and rerun the check until things look right, all without uploading code or creating a deployment.&lt;/p&gt;

&lt;p&gt;Concretely, a script can:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Verify framework detection&lt;/strong&gt; — fail the build if Vercel guessed the wrong preset.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Flag missing or unexpected files&lt;/strong&gt; — catch a build output folder that didn't get generated.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Catch oversized assets&lt;/strong&gt; — block the deploy if a single file blows past your budget.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Check file modes&lt;/strong&gt; — spot a file that's executable when it shouldn't be.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Because the JSON is stable structured data, you can parse it, assert on it, and gate on it. If you're eyeballing that output while debugging a check, a formatter helps. I keep a browser tab on our free &lt;a href="https://induwara.lk/tools/json-formatter" rel="noopener noreferrer"&gt;JSON formatter&lt;/a&gt; for exactly that: paste the manifest, expand the tree, find the file that shouldn't be there.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Warning:&lt;/strong&gt; A dry run tells you &lt;em&gt;what&lt;/em&gt; Vercel would upload, not whether your app &lt;em&gt;works&lt;/em&gt;. It's a packaging check, not a test suite. Keep your linting, type-checks, and builds in the pipeline too.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  💡 The bigger shift: deployments you can inspect
&lt;/h2&gt;

&lt;p&gt;For years the deploy step was a black box. You typed a command, files went somewhere, and you found out what actually shipped by reading logs after the fact. Making the manifest inspectable &lt;em&gt;before&lt;/em&gt; upload moves the deploy from something you trigger to something you can reason about.&lt;/p&gt;

&lt;p&gt;That fits a pattern I like: tools that let you look before you leap. Content hashes mean you can diff two manifests and see precisely what changed between deploys. File-mode reporting means a security-conscious team can assert that nothing ships with the wrong permissions. None of this is glamorous, but it's the kind of detail that saves a bad afternoon.&lt;/p&gt;

&lt;p&gt;To get it, the changelog says to update the &lt;strong&gt;Vercel CLI to v54.17.2 or later&lt;/strong&gt;. If you're on an older version, &lt;code&gt;vercel deploy --dry&lt;/code&gt; simply won't be there.&lt;/p&gt;




&lt;h2&gt;
  
  
  What this means for you
&lt;/h2&gt;

&lt;p&gt;If you deploy to Vercel, add one habit: run the dry run before an important ship, especially your first deploy of a new project when framework detection and ignore rules are least certain.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Solo builders and students:&lt;/strong&gt; save upload time and data by catching bloat before it goes over the wire.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Small teams:&lt;/strong&gt; wire &lt;code&gt;vercel deploy --dry --json&lt;/code&gt; into CI as a cheap pre-flight gate that never creates a deployment.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Anyone on a slow line:&lt;/strong&gt; stop paying the upload cost just to learn what you packaged.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It's a small feature with a clear payoff. Look at the manifest, fix your ignore rules, deploy once. On the connections most of us actually work on, deploying right the first time is worth more than deploying fast.&lt;/p&gt;

</description>
      <category>vercel</category>
      <category>deployment</category>
      <category>developertools</category>
    </item>
    <item>
      <title>What the UK Tobacco Ban Teaches Builders About Norms</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Mon, 06 Jul 2026 23:48:54 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/what-the-uk-tobacco-ban-teaches-builders-about-norms-4dlk</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/what-the-uk-tobacco-ban-teaches-builders-about-norms-4dlk</guid>
      <description>&lt;p&gt;The &lt;strong&gt;UK generational tobacco ban&lt;/strong&gt; is the kind of policy that looks doomed on paper: a law that quietly makes it illegal to ever sell cigarettes to anyone born after a certain year. Enforcement will be patchy. Black markets exist. And yet the writer of a recent &lt;a href="https://www.technologyreview.com/2026/07/03/1140036/uk-tobacco-ban-might-not-work-children-smoking/" rel="noopener noreferrer"&gt;MIT Technology Review piece&lt;/a&gt; says he supports it anyway, and his reason is more interesting than the law itself.&lt;/p&gt;

&lt;p&gt;His evidence is his own two daughters. They learn AI at school, do internet homework every week, and are already &lt;strong&gt;repulsed by the idea of smoking&lt;/strong&gt;. The ban isn't creating that attitude. It's ratifying a shift that already happened in their heads.&lt;/p&gt;




&lt;h2&gt;
  
  
  🚬 The real bet is on norms, not police
&lt;/h2&gt;

&lt;p&gt;The stated worry about the ban is enforcement. A shopkeeper checking whether a 30-year-old was born before or after a cutoff date is not a system that scales cleanly. Critics are right that the mechanism is clumsy.&lt;/p&gt;

&lt;p&gt;But that framing misses the point. A rule you can barely enforce can still work if the behaviour it targets is already becoming socially dead.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; Enforcement stops the people who still want to do the thing. Norms stop them from wanting to in the first place. The second one is far cheaper and far more durable.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The author's kids aren't avoiding cigarettes because a law scares them. They avoid them because smoking now reads, to a seven-year-old, as gross and old-fashioned. That is the actual win. The law is a backstop for the small minority the norm doesn't reach.&lt;/p&gt;




&lt;h2&gt;
  
  
  🧠 Why "it might not work" isn't a reason to skip it
&lt;/h2&gt;

&lt;p&gt;There's a familiar engineering instinct here: if a control has known gaps, ship nothing until you have a perfect one. That instinct is usually wrong, and this policy is a good illustration of why.&lt;/p&gt;

&lt;p&gt;Consider how the two levers compare:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Lever&lt;/th&gt;
&lt;th&gt;Cost to run&lt;/th&gt;
&lt;th&gt;Coverage&lt;/th&gt;
&lt;th&gt;Durability&lt;/th&gt;
&lt;th&gt;Fails when&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Hard enforcement&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;High and ongoing&lt;/td&gt;
&lt;td&gt;Only where you're watching&lt;/td&gt;
&lt;td&gt;Low — stops the day you stop paying&lt;/td&gt;
&lt;td&gt;People route around it&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Norm shift&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Front-loaded, then cheap&lt;/td&gt;
&lt;td&gt;Everyone in the culture&lt;/td&gt;
&lt;td&gt;High — self-reinforcing&lt;/td&gt;
&lt;td&gt;The next generation forgets why&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;A ban with holes in it still moves the norm line. It signals what a society has decided is no longer normal, and that signal does most of the heavy lifting for free. "Might not work perfectly" and "worth doing" are not in conflict.&lt;/p&gt;




&lt;h2&gt;
  
  
  🛠️ How this maps to what you build
&lt;/h2&gt;

&lt;p&gt;If you build software, run a small team, or ship anything people interact with, you are constantly choosing between the enforcement lever and the norm lever. Most people over-invest in the first.&lt;/p&gt;

&lt;p&gt;A few translations that hold up:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Defaults beat rules.&lt;/strong&gt; A secure default (2FA on, telemetry off, safe git branch protection) changes behaviour for everyone silently. A policy document nobody reads changes it for no one.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Friction is a norm, not a wall.&lt;/strong&gt; You rarely need to make bad behaviour impossible. Making it slightly annoying — a confirmation step, a required review — moves the vast majority.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;What the newcomers see as normal wins.&lt;/strong&gt; The junior who joins your repo copies whatever the code already does. If tests and small commits are the visible norm, that becomes their default without a single lecture.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;You can't audit your way to culture.&lt;/strong&gt; You can require a linter. You can't require people to care. The linter's job is to make caring the path of least resistance.&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;The generational ban is basically a &lt;code&gt;default: deny&lt;/code&gt; for a whole birth cohort. You set the rule once, and the culture enforces most of it so you don't have to.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The same logic sits behind why setting good defaults early is worth more than any amount of after-the-fact policing.&lt;/p&gt;




&lt;h2&gt;
  
  
  🌐 The Sri Lanka angle
&lt;/h2&gt;

&lt;p&gt;This is not an abstract UK story. Anyone who has watched a norm flip in Sri Lanka within one generation already knows the pattern.&lt;/p&gt;

&lt;p&gt;Seatbelts in the front seat went from optional to automatic for a lot of people in under two decades, helped by a law that was never enforced everywhere at once. Not wearing a helmet on a motorbike went from common to conspicuous. Digital payments moved from "who would trust that" to routine for a young office worker in Colombo or Galle, faster than any regulator planned.&lt;/p&gt;

&lt;p&gt;In each case the rule and the culture pushed together. The rule alone would have been ignored. The culture alone would have taken a generation longer.&lt;/p&gt;

&lt;p&gt;For a young builder here, the practical read is this:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Pick the norm you want to be normal in five years.&lt;/strong&gt; Clean code, honest pricing, accessible interfaces, whatever it is.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Encode it as a default,&lt;/strong&gt; not a rule you have to remember to enforce.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Let the newcomers absorb it&lt;/strong&gt; as "just how we do things," which is where it becomes permanent.&lt;/li&gt;
&lt;/ol&gt;




&lt;h2&gt;
  
  
  💡 What this means for you
&lt;/h2&gt;

&lt;p&gt;You don't need airtight enforcement to change behaviour. You need to move the line of what counts as normal, and then let time and defaults do the boring work.&lt;/p&gt;

&lt;p&gt;The UK tobacco ban may leak. The author admits as much. He supports it anyway because his daughters have already made the real decision, and the law is just the state catching up to where the culture went.&lt;/p&gt;

&lt;p&gt;If you're shipping a product, growing a team, or trying to get a habit to stick — in code or in life — copy the structure, not the cigarettes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Set the default in your favour.&lt;/li&gt;
&lt;li&gt;Accept that it won't catch everyone.&lt;/li&gt;
&lt;li&gt;Trust that the norm, once it tips, does more than any rulebook you could write.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That's a lesson worth stealing, whether you're regulating tobacco or just trying to get people to write tests. When you want more small, opinionated defaults that quietly do the right thing, the &lt;a href="https://induwara.lk/tools" rel="noopener noreferrer"&gt;free tools on this site&lt;/a&gt; are built on exactly that idea.&lt;/p&gt;

</description>
      <category>policy</category>
      <category>productdesign</category>
      <category>opinion</category>
    </item>
    <item>
      <title>Uber cut 7 launches to 2: a focus lesson for builders</title>
      <dc:creator>Induwara Ashinsana</dc:creator>
      <pubDate>Mon, 06 Jul 2026 03:44:23 +0000</pubDate>
      <link>https://dev.to/induwara_ashinsana_9e4d5b/uber-cut-7-launches-to-2-a-focus-lesson-for-builders-44m7</link>
      <guid>https://dev.to/induwara_ashinsana_9e4d5b/uber-cut-7-launches-to-2-a-focus-lesson-for-builders-44m7</guid>
      <description>&lt;p&gt;&lt;strong&gt;Uber's European expansion&lt;/strong&gt; for 2026 just got a lot smaller. The company announced seven new market launches back in February, and according to &lt;a href="https://techcrunch.com/2026/07/05/ubers-european-expansion-plans-may-have-hit-a-speed-bump/" rel="noopener noreferrer"&gt;TechCrunch's report&lt;/a&gt;, five of them are now on hold. Only &lt;strong&gt;Finland&lt;/strong&gt; and &lt;strong&gt;Denmark&lt;/strong&gt; actually went live.&lt;/p&gt;

&lt;p&gt;I don't read that as a failure. I read it as a company with near-unlimited resources choosing to do two things well instead of seven things badly. If Uber has to make that trade-off, so does every small Sri Lankan team shipping into new markets. Here's what I'd take from it.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 What actually happened
&lt;/h2&gt;

&lt;p&gt;The headline says "speed bump," but the numbers tell a cleaner story.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Detail&lt;/th&gt;
&lt;th&gt;What the source states&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Markets announced (Feb 2026)&lt;/td&gt;
&lt;td&gt;7 new European markets&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Actually launched&lt;/td&gt;
&lt;td&gt;Finland, Denmark&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Reportedly on hold&lt;/td&gt;
&lt;td&gt;5, including Austria, Norway, Greece&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Uber's stated reason&lt;/td&gt;
&lt;td&gt;Focus on "momentum" in existing markets&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Launched-market verdict&lt;/td&gt;
&lt;td&gt;Finland and Denmark called "a huge success"&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Uber didn't say the paused markets were bad bets. It said it wanted to keep the momentum going where things were already working. That's a different message from "we failed." It's "we'd rather compound a win than start five new fights at once."&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Key takeaway:&lt;/strong&gt; Launching in two markets and calling them "a huge success" beats launching in seven and stretching your team across all of them. Depth compounds; breadth divides.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  📊 The math of spreading thin
&lt;/h2&gt;

&lt;p&gt;Here's the part founders underrate. Every new market isn't just "more of the same." It's a fresh stack of local problems: payments, drivers, regulators, language, support hours, a competitor who was there first. Your best people can only be in so many places.&lt;/p&gt;

&lt;p&gt;Picture a five-person team splitting attention across launches:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Markets live&lt;/th&gt;
&lt;th&gt;Focus per market&lt;/th&gt;
&lt;th&gt;Realistic outcome&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;100%&lt;/td&gt;
&lt;td&gt;Deep understanding, fast fixes&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;2&lt;/td&gt;
&lt;td&gt;~50%&lt;/td&gt;
&lt;td&gt;Still manageable, clear priorities&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;~20%&lt;/td&gt;
&lt;td&gt;Shallow everywhere, slow on all&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;7&lt;/td&gt;
&lt;td&gt;~14%&lt;/td&gt;
&lt;td&gt;Nobody owns anything end to end&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The percentages are illustrative, not from the source, but the shape is real. Attention doesn't scale linearly with headcount, and coordination cost rises as you add fronts. Uber has thousands of employees and still chose to narrow. A team of five has no business opening seven fronts.&lt;/p&gt;

&lt;p&gt;The hidden tax is context-switching. Every market you add is another set of numbers to check every morning, another support queue, another regulator's email you can't ignore. That cost is invisible until it isn't, and by then you're firefighting instead of building. Two markets means you can still hold the whole picture in your head. Seven means you're managing dashboards you no longer understand.&lt;/p&gt;




&lt;h2&gt;
  
  
  🛠️ There's usually a second reason
&lt;/h2&gt;

&lt;p&gt;Companies rarely give you the whole "why" in a press line. The TechCrunch piece points at a strategic angle worth noting: several of the paused markets overlap with &lt;strong&gt;Delivery Hero&lt;/strong&gt;, a European delivery company Uber has been circling. Delivery Hero reportedly rejected a &lt;strong&gt;€10 billion&lt;/strong&gt; takeover bid in May 2026.&lt;/p&gt;

&lt;p&gt;If you're trying to acquire a company that already operates in a market, launching your own competing service there first can complicate the deal and invite antitrust scrutiny. Pausing those launches is not weakness; it's keeping your options open.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The lesson for smaller builders: your public reason ("we're focusing") and your strategic reason ("we're keeping a door open") can both be true. Don't over-explain a pause. A clean "not yet" protects more than it costs.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  💡 How I'd apply this to a Sri Lankan product
&lt;/h2&gt;

&lt;p&gt;Say you're a Colombo team with a SaaS tool or a marketplace, and you're eyeing three or four countries at once. The Uber move maps cleanly:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Pick two, not seven.&lt;/strong&gt; Choose markets where you already see pull, and go deep enough to earn a "huge success" story you can point to.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Prove the unit economics first.&lt;/strong&gt; If you're billing in USD or EUR while your costs are in rupees, model the margin honestly before you expand. My &lt;a href="https://induwara.lk/tools/freelancer-usd-lkr-calculator" rel="noopener noreferrer"&gt;freelancer USD-LKR earnings calculator&lt;/a&gt; is built for exactly this kind of currency-vs-cost reality check.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Sequence, don't scatter.&lt;/strong&gt; Treat expansion as a queue. Ship market three only after markets one and two are self-sustaining.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Keep a written "not yet" list.&lt;/strong&gt; The paused markets aren't dead. Uber can return to Austria, Norway, and Greece any time. Your backlog should read the same way.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;There's no shame in a shortlist. A pause you chose is a strategy. A collapse you didn't see coming is not.&lt;/p&gt;




&lt;h2&gt;
  
  
  🌐 Momentum is a real asset
&lt;/h2&gt;

&lt;p&gt;The quiet word in Uber's statement is "momentum." A market that's working generates its own fuel: word of mouth, repeat users, drivers telling other drivers, local press. Starting five cold launches at once means five markets all sitting at zero momentum, all demanding your team's energy at the same time.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Strategy&lt;/th&gt;
&lt;th&gt;Momentum profile&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Two deep launches&lt;/td&gt;
&lt;td&gt;Two engines already turning, feeding growth&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Seven simultaneous&lt;/td&gt;
&lt;td&gt;Seven cold starts, all draining the same tank&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Compounding needs something to compound. You can't compound seven zeros.&lt;/p&gt;




&lt;h2&gt;
  
  
  What this means for you
&lt;/h2&gt;

&lt;p&gt;If you're a student shipping a side project, a freelancer productising your service, or a small team eyeing new countries, the Uber story is a permission slip to narrow your scope. The most resourced ride-hailing company on the planet looked at seven launches and shipped two. That's not a retreat. It's discipline.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Bottom line:&lt;/strong&gt; Fewer markets, done deeply, beat more markets done thinly. Prove it works in one or two places, let momentum build, and expand from a position of strength instead of hope. Focus isn't the thing you do when you're small. It's the thing that keeps you from staying that way.&lt;/p&gt;
&lt;/blockquote&gt;

</description>
      <category>startupstrategy</category>
      <category>gotomarket</category>
      <category>uber</category>
    </item>
  </channel>
</rss>
