The purpose of this CXTech Week 51 2022 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech? The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.
You can sign up here to receive the CXTech News and Analysis by email. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include. I skipped a couple of weeks as things have been a little hectic.
Covered this week:
- Avaya nears chapter 11 bankruptcy filing
- Dec 2022 RTCSec newsletter
- Telegram Drops SIM Requirement
- The Great Telco Debate: What’s next?
- People, Gossip, and Frivolous Stuff
Avaya nears chapter 11 bankruptcy filing
It’s not a surprise, when Avaya announced the layoffs after the revenue gap, covered in CXTech Week 36 2022, I explained the revenue guidance gap is not a one-off issue, it’s a systematic trend, so another bankruptcy is likely given the massive debt burden.
At the end of 2020 and again in 2021 I gave presentations and articles reviewing the programmable communications market through the pandemic. One point I highlighted is how the pandemic has forced many businesses to adopt XaaS / programmable communications as a bandaid to support WFH (Work From Home).
Avaya’s shares have fallen 97% this year, crimping its market cap to around $45 million from more than $2 billion a year ago. That simply means the market is expecting another bankruptcy, as the revenues are still flowing, see below in comparison to RingCentral, which it resells for UCaaS.
What I’ve found perplexing is the insider analysts talking about Avaya’s return to greatness. As far as I’ve known them, since 1999 as part of Lucent, they’ve always been a traditional call center / PBX provider. They did well in the government and banking verticals. But that’s over 20 years ago, in 2022 the world is quite different. See how RingCentral is catching up with Avaya below.
In my opinion they’ve kept some of their good people, the layoffs were not surgical, but at least not bad. It’s time to forget about some distant concept of greatness. Its survival, they must let go of the past, one bankruptcy is unfortunate, two is not ideal, and will test their customers’ resolve. Many customer board meetings will be asking, is it time to migrate from Avaya? Bankruptcy is about debt restructuring so interest payments can be made. As you can see below they have significant cash flow, but costs are also high.
To survive they will need to copy their approach with UCaaS, partner with a modern low cost CCaaS and focus on the services and support wrap. Not ideal, not a return to greatness, but a move that enables costs to be dramatically lowered to better service the restructured debt.
Dec 2022 RTCSec newsletter
The must-read RTC security bulletin covers:
- Jitsi gets verification for E2EE
- OSS-Fuzz now testing PJSIP
- Vulnerabilities fixed in Drachtio, BigBlueButton, Cisco IP Phones and more
It’s been a busy year for Enable Security, some of their publications included:
- Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms
- How to perform a DDoS attack simulation and the related TADSummit talk which is available on Youtube
- The OpenSIPS security audit report is out
- SIPVicious PRO experimental now supports STIR/SHAKEN and 5 new tools
- SIPVicious PRO is now available as a docker image
Drachtio vulnerabilities fixed
Last month the RTCSec newsletter covered two CVEs reported by Agostino Sarubbo on Drachtio, the Node.js framework for SIP server applications. This time he has reported three new vulnerabilities:
- CVE-2022-47517:
url_canonize2: heap-based buffer overflow in (Sofia-SIP) - CVE-2022-47516:
tport_tsend: Assertionselffailed (Sofia-SIP) - CVE-2022-47515:
StackMsg::appendLine: long incoming message crashes server
The first two vulnerabilities were found in the Sofia-SIP fork whilst CVE-2022-47515 was found in the drachtio-server codebase.
Version 0.8.20-rc3 contains patches for these vulnerabilities.
- https://github.com/drachtio/drachtio-server/issues/243 / https://github.com/advisories/GHSA-c8mq-83h4-gm57
- https://github.com/drachtio/drachtio-server/issues/244 / https://github.com/advisories/GHSA-w32h-m3r8-mq4c
- https://github.com/drachtio/drachtio-server/issues/245 / https://github.com/advisories/GHSA-44mv-gf6j-pvgx
This shows the momentum growing behind Drachtio as the community finds and fixes the bugs.
Telegram Drops SIM Requirement
For years, apps like Telegram and Whatsapp have restricted access to users who could sign up using a SIM card and phone number. Now, Telegram is dropping that requirement while adding some extra privacy options for users.
Not every device out there utilizes a SIM card, e.g. most laptops. Telegram announced a drop in that restriction, opening up signups to anyone, even those without a phone number.
Since the process still needs verification, Telegram has teamed up with Fragment to provide blockchain-powered anonymous numbers. However, the Fragment platform is not available in the US.
What will be interesting to see is how scammers react to this change. The reach of the PSTN, and the unsophisticated users of the PSTN, looking at baby-boomers, mean the numbers work. However, on Telegram the numbers and users are quite different.
Let’s see what happens. I’m surprised at how popular the phone number as an identifier remains. If this opens up more scams, then likely we’ll see the phone number / SIM remain top dog. While if it works and makes the experience of say pre-paid users who swap between number often easier, or those that do not want their phone service anywhere near their IP communications there could be a niche.
The Great Telco Debate: What’s next?
I’ll avoid ranting about the DSP acronym yet again. The GTD is a symptom of what’s wrong with the telecom industry. The fifth motion discussed and voted on was: “Investment in 6G and the metaverse is already more important than further 5G investments.” WTF! They’re clearly a vendor not industry mouthpiece.
I’d just like to highlight a few nice quotes:
- Telefónica’s Diego Lopez urged the industry not to fall into the “abracadabra pit” of citing terms and words (metaverse, cloud native, AI, monetisation) as if they will magically transform the industry. Diego is spot on, they’ve been doing it for decades, yet vendor marketing spreads those terms on thick. People in telcos need to stand-up to their vendors and start pointing out this does not help in industry.
- Industry expert Graham Wilde argued against the motion, citing poet Philip Larkin’s ‘This Be The Verse’. He stated that “we don’t need more of the future, we need less of the past” and argued that operators should shut off legacy technologies and really focus on maximising the potential of the more efficient and capable 5G systems. This isn’t the time to “worry about 6G and the metaverse,” especially as “we need money now, we need customers now… every telco is focused on this quarter and the next”. Again spot on, telcos will NEVER be tech-cos, they got rid of R&D in the ’90s. They are operations companies, they use someone’s technology and operate it efficiently for their CUSTOMERS. It’s all about the services to customers! NOT 6G, ORAN, some abstract nonsense termed the metaverse. In 10/20 years time we will not be wandering around with VR helmets or AR glasses or neural implants, our lives will surprisingly similar to 20 or 30 years ago, just the climate will be going to hell in a handbasket.
People, Gossip, and Frivolous Stuff
Andrea Otero is now Semi Senior data engineering at Mercado Libre. She helped run TADHack Colombia as part of Centro de Desarrollo Tecnológico Cluster CreaTIC.
You can sign up here to receive the CXTech News and Analysis by email.