Python in *my* Excel sheets? It's more likely than you think

[Ken g6]

Microsoft is investigating using Python in Excel! If this is something you're interested in, they would like you to fill out a survey linked from the article.

I don't really use MS Office, but I think anything would be better than VBA.

 

[mxnerd]

Good. MS should support Python across MS Office products, not just Excel.

 

[Gryz]

I don't like code inside data. I think it is the most important causes of security issues ever.

A letter is a letter. A picture is a picture. A movie is a movie. A spreadsheet is just a bunch of numbers. They are data. They are passive. When I download a letter, a jpeg, a movie or a spreadsheet, I want that data to be just data. And I want it to be passive. I don't want it ever to execute any code. I also would like my webpages to be passive. I want my emails to be passive.

I should only download something that can be active, if I explicitly download a program. When I download an executable. A game. A shell-script or python-script. And I want it to be clear that it is a program I am downloading. Fck Microsoft for hiding file extensions. Fck browers for hiding the real URL of the page I am visiting. I use NoScript, and half the websites I encounter will display nothing unless I turn on Javascript. I hate all that. I hate it with a passion.

But if you really really really insist on being a dick, and put an active programming component inside your passive data, then Python is a good choice.

 

[Ken g6]

A spreadsheet is just a bunch of numbers.

IMHO, a spreadsheet is actually a (somewhat poorly designed) functional programming language.

I don't like code inside data. I think it is the most important causes of security issues ever.

This, however, is probably true.

I use NoScript, and half the websites I encounter will display nothing unless I turn on Javascript.

O/T I use NoScript ScriptSafe and Stylish Stylus, and I can get about half of those sites to display if I just turn off "display:none" or something.

 

[Gryz]

IMHO, a spreadsheet is actually a (somewhat poorly designed) functional programming language.

That might be a good description. But remember, one of the basic properties of functional programming languages is: no side-effects.

O/T I use NoScript ScriptSafe and Stylish Stylus, and I can get about half of those sites to display if I just turn off "display:none" or something.

That might be the case. I'm not a web-programmer, I know nothing about JavaScript or anything more complex than simple html. Whenever a webpage doesn't display anything, I'll make the decision: "do I really need this website, or can I skip it ?" In 95% of the cases, I'll just go do something else, and never visit that website again. Same thing with websites that start nagging about adblockers. I'll just go away and never come back. (That'll probably makes everybody the happiest). There's enough to read on the web that I don't need to put up with crap.

 

[mxnerd]

In early days, you have nothing but fixed size text on a monitor, you can't change the font or its size.

Even a blank Excel file now contains thousands of bytes.

The day that a character is just a character is long gone.

An Excel file with codes can accomplish a lot of things,

a lot of business depends on it.

If you don't want code or any formatting, just use csv file.

 

[XavierMace]

I don't like code inside data. I think it is the most important causes of security issues ever.

No, users are the most important causes of security issues.

 

[Gryz]

An Excel file with codes can accomplish a lot of things,
.... If you don't want code or any formatting, just use csv file.

I'm not sure when I used the word "code", we are talking about the same thing.

I'm not talking about encoding of data. I'm not talking about ascii codes or something like that. I was talking having something inside passive data that actually performs actions that are independent of the program that opens and processes the data. I don't mind if there is data inside a spreadsheet that tells the spread-sheet program to do multiplications and other math. But I do object to having something inside a spreadsheet that opens files, read or writes to files, opens network-connections, or starts other programs. That is killing. When you have that, your data isn't passive anymore. You can't trust it.

"Don't click on an email that is from someone you don't know".
What kind of bullshit is that ? And email is a passive thing. Or it should be. There should be zero risk in looking at an email. The whole concept of having programs in emails that automatically execute is bonkers. I don't care if it is "handy". It it the worst idea in the history of computer science.

We have programs, we have data. They are different things. Keep it simple, stupid.

 

[mxnerd]

Yeah, we are talking about the same thing, programming code.

You can create a button in Excel and write VBA code and do a lot of calculation/analysis/charting things.

If you are downloading data from other sites, ex. stock prices, then you can't avoid Excel reaching out of network and get those info and later writes to a database or other files.

I do agree the email thing. Code in email is dangerous

It's end user's responsibility to make sure the Excel file he opens is from legitimate source, however.

All big companies depend on Excel files (with code) for their business operation, there is no way around it, at least not in near future.

 

[Merad]

We have programs, we have data. They are different things. Keep it simple, stupid.

That argument was lost a looooong time ago. I'm not sure opinions really matter, because MS (and Google, and anyone else making "office" software) is making a lot of money by letting user make documents, spreadsheets, etc. with custom behavior that would otherwise probably require a developer to write a custom application. It's a lot like the argument that web pages should just be documents. It's nice in theory, but in the real world even simple interactive sites (think basic CRUD apps) are begging for dynamic behavior to give a better user experience.

 

[Gryz]

That argument was lost a looooong time ago.

It's never too late to fix it.

Slowly we're seeing more end-to-end encryption. That fight is not over yet. I hope in the end, everything is encrypted, and nobody, not governments, not policy, not secret services, can snoop on me or anyone else. Most politicians are not only old and dumb and useless. They are also clueless about technology. What do they care about emails or smartphones or web-browsing history, if they never use any technology themselves, besides yelling "Annie ! Get me Mr Whiterose on the phone !". But that's changing. The Democrats got hacked. The US was eavesdropping on Angela Merkel's phone. Etc, etc. Half America is crying because "the ruskies hacked us !". Or something like that. One day politicians (and other people with influence) are gonna realize that everything has to be encrypted, just to save their own asses.

Another interesting point is apps on smartphones. I frigging hate them. Of course I don't hate applications on computers. I'm a programmer. I hate they way the general public was made to believe that "installing an app on your phone" is the same thing as visiting a website. It is not. I don't have any numbers, and I don't work with phones or apps. But to me it seems like the populairity of apps is declining. Especially free apps. I don't know why. I hope it is because people slowly start to understand that installing a free app is like giving your house-keys to absolute strangers. Just because the promise something cheap. ("Give me your house-keys, and I'll put a free candy-bar on your bed-pillow". Free candy ! Well, most people are smarter than that. Let's hope awareness about computer technology keeps increasing.

 

[urvile]

yeah whatever....

 

[William Gaatjes]

I don't like code inside data. I think it is the most important causes of security issues ever.

A letter is a letter. A picture is a picture. A movie is a movie. A spreadsheet is just a bunch of numbers. They are data. They are passive. When I download a letter, a jpeg, a movie or a spreadsheet, I want that data to be just data. And I want it to be passive. I don't want it ever to execute any code. I also would like my webpages to be passive. I want my emails to be passive.

I should only download something that can be active, if I explicitly download a program. When I download an executable. A game. A shell-script or python-script. And I want it to be clear that it is a program I am downloading. Fck Microsoft for hiding file extensions. Fck browers for hiding the real URL of the page I am visiting. I use NoScript, and half the websites I encounter will display nothing unless I turn on Javascript. I hate all that. I hate it with a passion.

But if you really really really insist on being a dick, and put an active programming component inside your passive data, then Python is a good choice.

Amen to that. :thumbsup:
If it should contain code, it should be like having a header that points to the instructions for an in excel office present interpreter that is sandbox like but never have direct executable code embedded.
If they want to make it save, Excel should make for every document a folder and the given excel sheet may only write and read in the given folder and when reading outside the folder is required, the user must always give permission.

 

[beginner99]

I don't really use MS Office, but I think anything would be better than VBA.

It's way better than VBA especially if you consider all the available 3rd party libraries.

Still such excel sheets are an IT nightmare. A department has a need, the IT guy of said department starts playing around with Excel and builds an excel tool with formulas and VBA. Then the needs get more complex over time, too many changes needed, many users still using outdated versions and so fort. It get's unmanageable and IT must replace it with a real tool. However this often is quiet difficult to give the same features and flexibility with a custom made tool that you have with excel. Especially in version 1 you will have regressions.

All Excel/Access apps sooner or later need to be converted to something better, so it's best to start right from the start. However excel/access can be useful tools but as tools, not as platform to build applications.

 

[Tweak155]

I have built a career that started in VBA. It's quite useful and powerful, but I won't argue it shouldn't be used beyond more basic scenarios.

That said, even these larger applications that have all sorts of problems (such as in the reply above) are more commonly brought back to who and how the application was developed vs being a strict fault of VBA itself. A good VBA developer is not common as it's not a career language or platform (nor should it be).

I frequently tell people that if I knew Java as well as I know VBA, I'd be at Google or at least double my salary with some other company