Julie Ng

Architecting and working with AI is… slower?

6 min read

On this page

In my last article, I shared my GPG and YubiKey setup with a beginner-friendly walkthrough of the core design and advanced step-by-step guide on GitHub – all of which I wrote with AI.
And yet, similar to the METR study findings, I was slower to publish, not faster. Let me explain.
Architecting and coding with AI assistance

Illustration by Storyset

Architecting and coding with AI assistance

My Workflow

Juggle 3 AI Services

AI can produce quality, but a human owns the outcome. To get multiple options and catch blind spots, I have three subscriptions:

SubscriptionPurpose
Google AI PlusEveryday personal use and sparring partner.
Claude MaxOpus (1M) as my daily engineering driver.
GitHub ProCode reviews on Pull Requests.
tip

For web search and debugging, Gemini is often faster and surfaces more current information than Claude.

Work in Phases

For the YubiKey project, my process had three phases:

  • Phase 1 - Brainstorming
    Discuss requirements and trade-offs. I start with one model, then run the same conversation with the other. For complex topics they disagree, which is exactly what I want.
  • Phase 2 - Implementation
    Pick a direction and continue with Claude, cross-checking with Gemini.
  • Phase 3 - Code Review
    Use GitHub Copilot on the pull request for a fresh pair of eyes. An LLM drifts toward its own solution over a long session, so an outside reviewer helps.

Do the thinking yourself first. I designed the setup before any LLM wrote commands: what keys, what hardware, what I was protecting against. The architecture is your job, not the model's. Where the two models agreed, I trusted it more. Where they disagreed, I looked closer.

Where AI Shines

Despite the gotchas below, AI saved me real time, mostly in writing and explaining.

Break down technical complexity

GPG has a confusing key model: one primary key, three subkeys, four jobs. I understood it. Explaining it simply is hard. AI turned my mental model into the plain table from the last article. That clarity was its work, not mine.

AI also saves me time writing markdown tables.

Find exact terminology

I would have called # and > "symbols", which could be confused with what they mean in code. The model picked "markers", which is clearer. When you teach, the right word saves paragraphs.

Pursuing rabbit holes

My backup volume would not eject. Before, I would have force ejected and been fine. This time I wanted to understand why:

lsof | grep /Volumes/BACKUP
# gpg-agent  ...  /Volumes/BACKUP-USB/...

Root cause: gpg-agent had spawned helpers still holding the volume open. Now that I understood why, I could avoid a force eject, which is safer.

What matters is not only experience, it's discipline. Both models insisted I needed a yk-switch workaround for my two keys. I built it, tested it, and never needed it. But I left it in the guide, in case others need it

Where AI Fails

AI is fluent. That is the problem. The commands look correct and read smoothly, even when they are quietly wrong. I caught each one the same way: by reading before running.

Deleting the source of truth

Out of habit, before deleting a temp folder, I checked where it pointed:

echo $GNUPGHOME
# /Volumes/BACKUP-USB/gnupg-xxxx

WRONG. That was my USB backup, not a temp folder. The next line was rm -rf "$GNUPGHOME", which would have erased my only copy of my primary key.

The cause was ordering: the AI had me provisioning the YubiKey with the backup still mounted. It's better to finish offline work, unplug the backup, then touch hardware. I caught it because I have deleted enough things to check a path before rm -rf it.

That double checking improves the quality of my work. But this habit also slows me down. I budgeted two days for the guide. It took a week.

Exposing secrets in plain-text

The AI and many online guides use inline secrets in their commands, which then land in shell history in plain text:

# What the AI gave me
gpg --batch --passphrase "my-long-secret-passphrase" --quick-generate-key ...

As an experienced engineer, I know to never pass a secret as a plain-text argument. Instead, let GPG prompt you for it. It's slower, but safer.

# Let GPG prompt for the passphrase interactively
gpg --quick-generate-key "Your Name <you@example.com>" ed25519 cert never

At some level, AI knows the best practice and when prompted can explain it. But knowing a rule and applying it every time are different skills. AI makes code work. It's your job to make it secure.

Developer hygiene

Unless you ask, the AI will not pick good names. It dumped everything into one tmp.aB3xK9 folder. It was not wrong, and it would have worked. But I write for you and for future Julie, who renews these keys in two years and needs to know what each file is.

Slop Machines

LLMs generate too much text, much of it filler. The first draft written by AI was ~3x longer than the final result.

Curate, edit, reduce. You're my audience and it's my responsibility to decide what's worth your time.

Why I still use AI

I spent about the same hours as my setup six years ago. But the time went into understanding my own tools better and authoring a guide people can learn from. That is the dividend. AI does not save me time. AI lets me choose how I spend my time – on increased quality.

That is what the AI hype misses. AI makes copying effortless, so pure output is not where your value is. Understanding is. The developer who knows why a command is dangerous can use AI safely. The developer who pastes code without edits creates bloat and reduces maintainability from day one. That developer would also delete production with rm -rf.

AI doesn't replace you, it amplifies you. If you're a pedantic developer who iterates, you can produce higher quality. If you are an undisciplined developer, you are a slop machine.

Be slower, but better.