Your one-stop shop for all Changelog podcasts. Weekly shows about software development, developer culture, open source, building startups, artificial intelligence, shipping code to production, and the people involved. Yes, we focus on the people. Everything else is an implementation detail.

Attack of the Canaries! (Changelog Interviews #557)

September 13, 2023 1:43:36 99.62 MB Downloads: 0

This week we’re joined by Haroon Meer from Thinkst — the makers of Canary and Canary Tokens. Haroon walks us through a network getting compromised, what it takes to deploy a Canary on your network, how they maintain low false-positive numbers, their thoughts and principles on building their business (major wisdom shared!), and how a Canary helps surface network attacks in real time.

Leave us a comment

Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!


  • Statsig – Build faster with confidence. Startups to Fortune 500s rely on Statsig to make data-driven decisions. Ship smarter and faster with the unified platform for feature flags, experimentation, and analytics. Our listeners get free white-glove onboarding, migration support, and 5 million free events per month.
  • Sentry – Watch Lazar Nikolov livestream on YouTube at Use the code CHANGELOG and get the team plan FREE for three (3) months.
  • Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
  • Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at


Show Notes:

Something missing or broken? PRs welcome!


(00:00) - This week on The Changelog
(01:00) - Sponsor: Statsig
(04:28) - Start the show!
(05:32) - Canary tokens
(10:03) - The footprint of a Canary
(14:23) - The Homelab lens
(16:43) - Fingerprinting a Canary
(18:45) - Masquerading as many things
(24:02) - Ratio of Canaries to real hardware?
(28:47) - Sponsor: Sentry
(32:26) - False positives
(34:11) - How are attackers getting in?
(39:10) - How do you masquerade well?
(41:45) - Bootstrapping Thinkst and Canary
(53:31) - Adding too many things
(59:35) - Just be kind
(1:03:21) - Regarding dead Canaries
(1:05:53) - How Canaries get deployed
(1:12:00) - Sponsor: Changelog News
(1:13:44) - Do you care about hardware?
(1:20:06) - Adam's attack!!
(1:25:10) - Where else can/will you go?
(1:29:04) - Thoughts on the VC model
(1:40:51) - Save it for ++
(1:41:40) - Up next!