Money quote:
Excel requires some skill to use (to the point where high-level Excel is a competitive sport), and AI is mostly an exercise in deskilling its users and humanity at large.
Money quote:
Excel requires some skill to use (to the point where high-level Excel is a competitive sport), and AI is mostly an exercise in deskilling its users and humanity at large.
Integrated python scripts in excel sounds like a malware developers dream.
I mean… Yeah, but the same can be said for VB?
Especially since VBA can make calls to the Windows API directly and through that avenue do all kinds of funky things to your system.
Surely there’s some sort of sandboxing that could be done? Like start by disallowing sys calls entirely
Definitely, but sandboxes can be escaped, and you can’t protect everything via sandbox. Apparently its all cloud anyway, but if it were local and sandboxed, there are still exploits like rowhammer and spectre that may cause further risks.
Its taken years to get browser sandboxes to where they are, and even they get broken every so often.
And a nightmare for an application developer told to make some app with a spreadsheet for a database scale
Could result in some very cursed codebases.
“We dont use git, we just update the excel spreadsheet”
I’ve worked at places where they did that anyway lol
That’s just called Access
Is that creepy thing still alive?
They foresaw that. That’s because python on Excel doesn’t run locally, but in the cloud and then returns the result to you: https://support.microsoft.com/en-us/office/introduction-to-python-in-excel-55643c2e-ff56-4168-b1ce-9428c8308545
That’s the worst possible solution to that problem. Why can’t they just develop their own script that’s Turing complete but doesn’t have any system calls?
Or just use Lua compiled without the system calls. This is done by many video games. İt’s 2025, there is no need to create new domain specific languages.
Or use embedded Lisp, like all the cool kids.
That’s even worse!
Still sounds like you’d be shipping your data to the cloud, where it can be exfilled from there.
Would potentially be a great phishing tool, just need to trick someone into putting sensitive data into a precooked excel file, and it gets exfilled.
Currently only for business customers which probably use OneDrive or SharePoint anyways, so it’s not that they need that to exfiltrate data. But for a phishing/hacking attempt? There are probably some nice possibilities.
Fair point. Of course that’s already a problem with Excel. It would probably have to be disabled by default just like VBA macros.
Yeah, no doubt.
Having access to visual basic is dangerous enough, let alone Python