An ever-increasing volume of debug investigations, document writing, and code is written by robots. This has created a new etiquette question when working with a team - when is it OK to forward the output of an AI to another human to read?
On one hand, an AI with robust integration to internal code bases and documentation often produces genuinely1 useful output.
On the other, as an increasing amount of a software engineer's day is spent reading AI text, a fatigue sets in. If I can have a robot say something, so can you. It reads as inconsiderate to post un-digested AI output as though it's your own writing.
I remember the first time I experienced this annoyance. I proposed a design, and a teammate prompted an AI to critique it. The teammate sent an AI document to me, with the disclaimer: "I didn't read this, so it might not be entirely accurate". My thought was, _if reading this wasn't worth your time, why is it worth mine?"
Therefore, I've adopted this principle in my work:
If you are requesting human attention, demonstrate human effort.
If useful, I send AI generated content to teammates. But when doing so, I take care to clearly label what is AI generated, and I add my own commentary alongside it. For human code review requests, I always review my AI-generated code first.
Attention was already a scarce resource before AI, and it is even more so now. Keeping AI generated content clearly labeled and demonstrating human effort helps show consideration for teammates, and keeps a touch of humanity alive in our work.
When Google offered me the job of Director of Android Platform Security in 2017, it was impossible to refuse. Yes, Trump was already president—my family and I had qualms—but he seemed contained, even ineffective. More importantly, Google was a different company 9 years ago. Android was open source first and had just surpassed 2 billion users. I’d been studying its security from the outside since 2009, and it was (and still is!) the most exciting end-user facing operating system to work on. However, while the source code was always public, getting direct contact to the internal Android team had been incredibly difficult; trying to discuss new ideas for security mitigations or architectures supporting upcoming fields like mobile digital ID was a frustrating exercise for academics and industry researchers outside Google.
Getting the chance to lead on the inside, on the most widely used Linux based, (mostly) open source operating system in the world, was an incredible chance. I am still thankful for the initial offer, especially to Dave Kleidermacher and Nick Kralevich for their trust in me, and the welcoming atmosphere from day one. Google was the place to be to getting things done on a global scale, The culture was transparent and open to diverse discourse, and from the start it was made clear that, as Googlers, we were not only welcome but expected to bring our own identity and values into the job. As an academic and tenured professor of computer security, working on Android inside Google was literally the most appealing place in the whole of the Silicon Valley – the one that best matched the spirit of academia and my own ethical principles to work for the public good.
While I was never really involved with the cloud side of things, on the company level, the goal was still to become completely carbon-neutral, and contracts with the Pentagon were canceled after employees spoke up against them (I signed the 2018 open letter). The AI principles published by Sundar Pichai in 2018 stated very clearly that “AI applications we will not pursue: … 2. Weapons or other technologies whose principal purpose or implementation is to cause or directly facilitate injury to people. 3. Technologies that gather or use information for surveillance violating internationally accepted norms. 4. Technologies whose purpose contravenes widely accepted principles of international law and human rights.” Many computer scientists and software engineers wanted to work at Google, and I heard both hearty congrats and fierce jealousy when I mentioned the job offer to colleagues before relocating to Mountain View.
Then there were the people. Larry and Sergey were still answering some tough leadership questions every week, and “Don’t Be Evil” wasn’t just a slogan of often-referenced Googliness—it was a north star for teams making hard calls. My immediate team—Android Security, the defenders of Billions of users—has the motto to “make things so secure that we ourselves can’t break them, whether the device costs $1000 or $100, or the user is a celebrity or a refugee“. It was always about doing right for our users, and protecting their interests first (occasionally even against business interests of other Google apps and services). I met the most amazing experts within my first months of joining, including Android legends like DianneHackborn. Everybody was friendly, happy to give time to newcomers, to share their knowledge about the technology as well as about the internal processes. And everybody was dedicated to do right by the global population—thanks a lot to all of you for that hard work! I am still incredibly proud of many of our achievements, most of which required moving other ecosystem stakeholders over long periods of time. Making full device encryption the Android 10 default even for the cheapest of devices moved the world forward. Enabling end-to-end encrypted Android backup quietly while the discussions focused on Apple defined a de facto state of the art that still holds strong in current law enforcement vs. user privacy discussions. Insider Attack Resistance, ARM MTE, privacy-firstdigital credentials, and many other things were only possible because we pulled together to make our users more secure—including against a potentially malicious sub-part of Google itself.
On the one hand, this decision has been incredibly hard to make. I will miss the people, all of you who are still trying to do good for the rest of the planet. I will miss the opportunities to affect positive change. I will miss the brilliant engineers and technically focused decision-making. I will miss the blameless post-mortems and the overall, very mature culture on dealing with failures.
On the other hand, this decision has been easy because it has become unavoidable. I am a pacifist, and have long ago decided that I will not personally work for militaries engaging in offensive warfare (strictly defensive action is somewhat different). Proactively harming people is not something that I can or will be involved with. I am also a European academic. That means the current US government has become hostile to me, and “any lawful purpose” in this sense will absolutely include mass surveillance of EU citizens. This deal implies that Google (AI) products will likely be used directly against me and mine. In this recent environment, I don’t see how I could not resign.
My current contract gives a notice period of 3 months starting with the last day of the month in which the resignation is tendered. That means I’ll still be around (in my limited time commitment) and reachable through internal channels until 2026-08-31, wrapping up or passing on some of my ongoing projects—but I will immediately disconnect from any work on AI systems that might fall under this deal with the DoW (not that I am aware of having been involved so far). Afterward, I should be easy to reach externally through multiple channels. I will continue to work on end-to-end encrypted, resilient communication and storage protocols, privacy-preserving digital identity, embedded systems security, operating systems and supply chain security, and related topics. One intersection point of these topics is obviously still Android (particularly AOSP) security and privacy.
I am quite sad that it had to come to this, and desperately hope Google management re-discovers its moral compass. Until then, I’ll miss y’all.
It can seem a bit silly to recommend a way to tie your shoes, but some knots are just more secure than others. For decades I have favored two specific shoelace knots: Ian’s Fast Knot and Ian’s Secure Shoelace Knot. Ian’s Fast Knot is done so effortlessly as to look like a magic trick, and Ian’s Secure Shoelace Knot has never failed me.
But who is Ian? Ian Fieggen, who also goes by “Professor Shoelace,” is the guy who runs Ian’s Shoelace Site, the internet’s prime destination for learning how to tie your shoes. His website is simple, intentionally focusing on common vernacular over standardized knot terminology, and has been operating as a discrete section of his personal site since 2003. Ian’s Shoelace Site does not need to change; it is perfectly functional the way it is, and people have been discovering his many knots and lacing techniques for decades.
The Granny Knot/Granny Bow is probably why your shoes keep coming undone.
Ian’s Secure Shoelace Knot is a double slip knot, only marginally more complicated than the “bunny rabbit” style kids tend to be taught. Though Ian’s Secure Shoelace Knot can also be tied incorrectly, it is far more secure than the knot many people tie under most circumstances, which tends to fall apart when tied incorrectly.
The steps for Ian's Secure Knot, as depicted on Ian's Shoelace Site. Credit: Ian Fieggen
Ian’s Secure Shoelace Knot is done by doing a standard left over right starting knot, creating two loops (bunny ears), crossing the loops right over left so that one sits over the other, looping both loops over each other and pulling them through the “hole” in center so the loops exit in opposite directions, and neatly tightening the resulting knot. It’s a wonderful compromise between security, convenience, and ease of execution. It does not require a sloppy double knot, which can get easily snarled, and it’s easy to untie with a single pull. There is no perfect knot, but Ian’s Secure Shoelace Knot has yet to fail me after over a decade of use.
This one....this one is the best.
“I try not to over-sell the merits of this knot,” Ian Fieggen told me over email, “as people have become complacent about every product on earth being touted as ‘the best.’ I reckon that those who blindly follow what they are told end up believing everything and knowing nothing. I'm therefore most pleased when people discover for themselves that the Secure Knot lives up to my claims, especially when (as in your case) it follows a lengthy period of usage.”
The Ian Knot is the flashy and fast one, but still secure if done well.
There are, of course, other knots. I have seen other people on YouTube and Reddit recommend the Berluti Knot. I have also seen many people who are fans of the Surgeon’s Knot. Ian’s pride and joy, which he claims to have invented and has a page documenting its history, is Ian’s Fast Shoelace Knot, also simply known as Ian’s Knot, which is so rapid that it makes you do a double take. But what makes Ian’s site truly great is not that it documents a few knots, but is a cornucopia of methods for tying and lacing your shoes. Ian’s Shoelace Site is from a different time on the internet, when people simply made websites that they were passionate about.
I cannot stress enough how comprehensive Ian's Shoelace Site can get. Credit: Ian Fieggen
People who know Ian’s Shoelace Site love it. But like all passion projects that seem eternal on the internet, even Ian’s site is vulnerable to the forces destroying the internet.
“Have you ever wondered,” Ian asked, “why websites like mine are disappearing from the Internet?”
He has his theories. The Shoelace Site is kept alive via fairly unobtrusive ads, but he says the rise of ad blockers has made that income precarious. He also claims that people copy the information on his site without attribution, both wholesale and to go viral. A quick search of YouTube and especially TikTok is rife with people doing Ian’s Fast Knot without either knowing or disclosing the source. “Around half the copycat videos on YouTube are tying it incorrectly as a granny knot, which comes loose,” Ian said. “This has given my knot the undeserved reputation of being faster at the expense of reliability!” To the extent that one can “own” a knot, Ian has been robbed.
Ian, more than many writers and publishers on the internet, sees with cold clarity the catastrophic effect of AI on the continued survival of an independent web. “Today, my website is constantly being harvested by AI bots,” he said. “That content is then reused, typically without giving credit, in what amounts to little more than wholesale computerised plagiarism.The search engines, which we previously tolerated showing snippets of our content because they brought people to our websites, are now showing AI generated versions ahead of those snippets. These can be sufficient for visitors to remain on the search website and never end up visiting. Generative AI already allows folks to ask for something – such as a diagram on how to lace shoes with stars – and again, never find my website filled with diagrams on which that AI diagram was based.”
For Ian, the cumulative effect of all of these factors is a deep sadness, a sinking feeling of exhaustion and futility. What is the point of adding value to the internet if it is only going to rob you? Why do research, make diagrams, and develop new knots?
“Why keep feeding the hungry beast that the internet has become?” Ian asked.
Ian says his site is OK for the foreseeable future, kept alive via the occasional donation, ad revenue for people who don’t use blockers, affiliate links, and kind words from strangers. But, like the site you are reading, content that you believe to be immutable and immortal on the internet is constantly in peril. These places only exist when the people investing their time and energy know that they are appreciated, credited, and supported. The whims of companies like Google seek to alter the deal that has kept much of the internet alive, threatening its basic foundations. This is true for blogs, for journalism and for the forum culture that the internet is built on. It even seeks to threaten and consume something as simple and necessary as tying your shoelaces.
As the SAT nears its 100th anniversary, here's a look at how the test has changed since 1926 and how scores on both the SAT and ACT have shifted over time.
Surprise has the extremely special distinction of being both an emotion and a completely quantifiable thing that scientists and mathematicians talk about very frequently. Whenever probability is a thing, surprise is also a thing. It’s true and it’s not even that complicated! Watch:
For some intuition:
You’re certain the sun will rise tomorrow; you believe the probability the sun will rise is 100% or “1”; we have that -log(1) = 0. So if the sun rises tomorrow, your level of surprise will be 0. That sounds correct!
If someone flips a coin, you believe the probability it’ll land heads is 50% aka 0.5. We have that -log(0.5) = 0.3; your level of surprise at it landing on heads is 0.3
If they flip the coin again, and get heads again, your level of surprise is 0.3 + 0.3 = 0.6 surprise. Yes, this actually works, you can just add them, no need to fuss around with subtracting from 1 then multiplying
To turn that first one around, you believe the probability the sun won’t rise tomorrow is 0% or “0”. We have that -log(0) = ∞. If the sun doesn’t rise tomorrow, your level of surprise will be ∞. Personally, this is pretty intuitive to me!
Hell is other people’s understanding of statistics
People talk about uncertainty in an intuitive way constantly. They use words like “might”, “maybe”, “could do”, “there’s a distinct possibility”. So weaselly! I often wish people would be more quantitative and use numbers. But when I put a percentage on my own uncertainty, people get frustrated. One must have a little sympathy for them: humans don’t intuitively “feel” percentage points. So to reiterate that argument: surprise is something you do feel!
Besides, when they do try to be quantitative…
Yes, I’m aware all of these have to be talking about “independent” events to use either probability or surprisal apply.
Don’t hate the thinker, hate the tool for thought
Maybe seeing those makes you despair for humanity so much that you want to avert your gaze from the whole thing. No! Bad attitude! You do not get to give up like that. Even when I tell you that one of them is a Professor of Neuroscience at Stanford 😀
Seriously though - doctors and nurses have to read survival percentage values out all the time. At many points, decisions affecting your life and those of your loved ones have been made based on them. How many lives have been lost to making mistakes like this? You want to make people’s lives better, get them thinking more quantitatively. So: growth mindset for humanity, please. I did not post those quotes so you can complain about them with your enlightened friends. I want you to think of those quotes as telling you what you’re working with if you want to improve things (you want to improve things).
So how do we help those people? We can change their tools for thought. No more probability! Talk about surprise instead!
Maybe: when people see numbers, they want to add them (they expect “linearity”). Then being able to add surprises is a superpower. Let’s give people that superpower by changing education and everyday conversation to use it instead of probability.
Introducing: the Surprice-Dice!
Here’s a funny and helpful thing: it turns out that there is a god-given unit of surprise.
You already know what it means to have a surprise of 0 (“I knew that would happen”) and infinity (“I thought that was impossible”). Well, it turns out there is a thing it means for your level of surprise to be exactly 1.
It’s approximately the level of surprise you have when rolling a 30-sided dice and getting 11 or less. To be more exact it’s 1/e, where e is that number people learned about during COVID. 1/e = 0.367… ≈ 11/30.
Why yes, I do know the purveyors of mathsgear.co.uk! Also Elliot Kienzle kindly created a weighted 4 sided dice that he conjectures has an almost exact 1/e probability on it. Let me know in the comments if you want me to post this!
So, public information campaign: mass-produce 30 sided dice, with numbers 1-11 colored green and 12-30 coloured yellow. Mail one to every household, we’ll double everyone’s IQ overnight! “1 surprise” is one roll of this being 1-11. “2 surprise” is that happening twice. 3 surprise is 3 rolls being 1-11.
How surprised would you be if the democrats lost the next election? More than 2 rolls, or fewer? And that’s how a civilized person talks in 2026!
(yes, I know, “die” not “dice”. But I am a linguistic descriptivist, get used to it!)
To be honest, a revolution in thought of this kind seems improbable would surprise me more than 6 11/30 rolls. Alas, status quo has us locked into probability. Same as electrons having negative charge, pi vs tau, and 3D geometry should be done with the cross product. Still, you might as well give it a go, in your own head or with your kids 🙂
Appendix: sciencey arguments
1. Entropy becomes much more intuitive: it’s “average surprise”, or “expected surprise” (that phrase sounds sounds so ridiculous and I love it). Think about it: with more ordered and predictable (less entropic) things, the average result is less surprising - duh! 2. Bayes theorem gets oh-so-much-nicer too, it’s just adding and subtracting! 2. This has been said for super duper serious science, not just wishy-washy human intuition!
Gaussians are nicer too:
Top formula is the probability of x, bottom is the surprisal of x
And here’s the exact graph to show if you want to fail to persuade people of what you’re talking about
By the way surprise also goes by the name “surprisal” and “log-odds”, but it maps very directly to the intuitive sense of the word so I don’t know why you’d say that!
Log in
