this post was submitted on 21 Aug 2025
705 points (98.1% liked)

Technology

74586 readers
3875 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

Money quote:

Excel requires some skill to use (to the point where high-level Excel is a competitive sport), and AI is mostly an exercise in deskilling its users and humanity at large.

you are viewing a single comment's thread
view the rest of the comments
[–] CameronDev@programming.dev 67 points 1 week ago (6 children)

Integrated python scripts in excel sounds like a malware developers dream.

[–] Semi_Hemi_Demigod@lemmy.world 36 points 1 week ago (2 children)

And a nightmare for an application developer told to make some app with a spreadsheet for a database scale

[–] CameronDev@programming.dev 48 points 1 week ago (1 children)

Could result in some very cursed codebases.

"We dont use git, we just update the excel spreadsheet"

[–] Gork@sopuli.xyz 32 points 1 week ago

I've worked at places where they did that anyway lol

[–] frongt@lemmy.zip 18 points 1 week ago (1 children)
[–] Zwuzelmaus@feddit.org 11 points 1 week ago (1 children)

Is that creepy thing still alive?

[–] ChickenLadyLovesLife@lemmy.world 6 points 1 week ago (2 children)

It can't be ... but I wouldn't be surprised if it was. I remember making fun of Access on StackOverflow circa 2008 and running afoul of some dude there who was like the last living Access consultant on Earth. I've never encountered defensive rage like that before or since.

Fun Access fact, the Diebold-manufactured voting machines that featured prominently in the 2000 presidential election cycle used an Access database as their underlying data storage mechanism. Access DBs did incorporate an audit table - which was manually-editable.

[–] PokerChips@programming.dev 3 points 1 week ago (1 children)

That explains why they didn't want anyone investigating the machines. Did proper authorities finally get access (no pun intended lol) to investigate? Or was that already known?

No, this came out after the election was settled. There was a woman that maintained a website covering all these details called BlackBoxVoting or something like that (long gone now).

[–] crapton_america@lemmy.world 3 points 1 week ago

I did not want to read this, today … or ever.

[–] turkalino@lemmy.yachts 17 points 1 week ago* (last edited 1 week ago) (1 children)

Surely there’s some sort of sandboxing that could be done? Like start by disallowing sys calls entirely

[–] CameronDev@programming.dev 8 points 1 week ago

Definitely, but sandboxes can be escaped, and you can't protect everything via sandbox. Apparently its all cloud anyway, but if it were local and sandboxed, there are still exploits like rowhammer and spectre that may cause further risks.

Its taken years to get browser sandboxes to where they are, and even they get broken every so often.

[–] rollerbang@lemmy.world 13 points 1 week ago (2 children)

I mean... Yeah, but the same can be said for VB?

[–] dual_sport_dork@lemmy.world 6 points 1 week ago

Especially since VBA can make calls to the Windows API directly and through that avenue do all kinds of funky things to your system.

[–] CameronDev@programming.dev -1 points 1 week ago

Yeah, but lots more tooling and libraries for Python. Its just one more attack surface 🤷

[–] jubilationtcornpone@sh.itjust.works 12 points 1 week ago* (last edited 1 week ago)

Fair point. Of course that's already a problem with Excel. It would probably have to be disabled by default just like VBA macros.

[–] elvith@feddit.org 9 points 1 week ago (3 children)

They foresaw that. That's because python on Excel doesn't run locally, but in the cloud and then returns the result to you: https://support.microsoft.com/en-us/office/introduction-to-python-in-excel-55643c2e-ff56-4168-b1ce-9428c8308545

[–] CameronDev@programming.dev 9 points 1 week ago (1 children)

Still sounds like you'd be shipping your data to the cloud, where it can be exfilled from there.

Would potentially be a great phishing tool, just need to trick someone into putting sensitive data into a precooked excel file, and it gets exfilled.

[–] elvith@feddit.org 4 points 1 week ago

Currently only for business customers which probably use OneDrive or SharePoint anyways, so it's not that they need that to exfiltrate data. But for a phishing/hacking attempt? There are probably some nice possibilities.

[–] magikmw@piefed.social 4 points 1 week ago

That's even worse!

[–] echodot@feddit.uk 3 points 1 week ago (1 children)

That's the worst possible solution to that problem. Why can't they just develop their own script that's Turing complete but doesn't have any system calls?

[–] chillhelm@lemmy.world 4 points 1 week ago (1 children)

Or just use Lua compiled without the system calls. This is done by many video games. İt's 2025, there is no need to create new domain specific languages.

[–] tux0r@feddit.org 2 points 1 week ago

Or use embedded Lisp, like all the cool kids.

[–] Godort@lemmy.ca 3 points 1 week ago

Yeah, no doubt.

Having access to visual basic is dangerous enough, let alone Python