Wonder how extensively VBA is used in today's Excel. I know that macros are considered dangerous but would love to know if there are exceptions for that rule.
On the other hand I wonder why aren't they run in such a sandbox where the most destructive action they can do is to wipe the sheets.
Although I don't believe it's being used for greenfield hacks as much now, the world largely still runs on workbooks & apps built in Excel + VBA years and years ago. There are entire supply chains that likely run on this built by some analyst a decade or more ago. It remains by far the largest source of Shadow IT there is, and there isn't enough dev time or appetite to untangle these monstrosities into actual apps.
They aren't sandboxed because that would remove the usefulness. The reason VBA+Excel got its tentacles into everything is precisely because its not sandboxed. Anything the user can access is fair game, including network shares, SQL, and Win32 calls.
I'm not at liberty to talk more about the details, but last year I worked on a project to modernize a process that critically relied on a VBA macro to handle billions (yes, with a B).
> they run in such a sandbox
What makes them interesting is that they can talk with the outside world: API calls, databases, the terminal named after a former Democratic primary candidate...
My first exposure to professional programming was writing VBA and SQL (yes, together) at a massive manufacturing facility that had really old equipment. Now with AI it's much easier to replace the code but VBA still has a stranglehold on legacy systems.
You need a genuine licensed excel to run the file and prepare returns. Thankfully you can file same returns online on the portal for free so they get a safe pass that way.
Edit: it's actually 50klocs since the pyOpenVBA dependency is from the same author and has been made the week-end before.
https://news.ycombinator.com/newsguidelines.html
Claude ain't “other people” so I don't think this applies.
By the way, the guidelines proscribe AI-generated comments, so I don't see why AI-generated posts should be treated differently.
On the other hand I wonder why aren't they run in such a sandbox where the most destructive action they can do is to wipe the sheets.
Very.
Although I don't believe it's being used for greenfield hacks as much now, the world largely still runs on workbooks & apps built in Excel + VBA years and years ago. There are entire supply chains that likely run on this built by some analyst a decade or more ago. It remains by far the largest source of Shadow IT there is, and there isn't enough dev time or appetite to untangle these monstrosities into actual apps.
They aren't sandboxed because that would remove the usefulness. The reason VBA+Excel got its tentacles into everything is precisely because its not sandboxed. Anything the user can access is fair game, including network shares, SQL, and Win32 calls.
> they run in such a sandbox
What makes them interesting is that they can talk with the outside world: API calls, databases, the terminal named after a former Democratic primary candidate...
You need a genuine licensed excel to run the file and prepare returns. Thankfully you can file same returns online on the portal for free so they get a safe pass that way.