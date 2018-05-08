Microsoft Adds Support For JavaScript Functions in Excel (bleepingcomputer.com) 70
An anonymous reader shares a report: At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. What this means is that Excel users will be able to use JavaScript code to create a custom Excel formula that will appear in Excel's default formula database. Users will then be able to insert and call these formulas from within Excel spreadsheets, but have a JavaScript interpreter compute the spreadsheet data instead of Excel's native engine. "Office developers have been wanting to write JavaScript custom functions for many reasons," Microsoft says, "such as: (1) Calculate math operations, like whether a number is prime. (2) Bring information from the web, like a bank account balance. (3) Stream live data, like a stock price."
What could possibly go wrong? (Score:4, Funny)
Re:What could possibly go wrong? (Score:5, Insightful)
The worst?
With the tight security model Microsoft (and intel) always holds, combined with the track record of Javascript, they sky is the limit!
While Dante's inferno depicts several circles of Hell with the Devil in the center/bottom circle stuck in the floor being tortured for eternity - that's really not even the limit, there's another less well-known circle of Hell smack in the center: the Devil's colon. That is where this will go. That said, it's better than VBA.
It's barely better than VBA. JavaScript is (in the 21st Century) the equivalent of VBA in the 90's. Quick, crude, and unstructured; it's the "rabble" of languages.
Spectre will make this easy to scrape credentials and whatnot from memory.
Goes like this
1. Ransomware infected document makes its rounds in email.
2. Files encrypted, and credentials uploaded to the Internet.
3. Machines and Domain Controllers 0w3ned! Backups purged to prevent recovery.
4. The compromised organization folds, people lose their job.
5. Parents without income, children go hungry.
I'm listening... (Score:3)
This could be good, if they handle errors well. If they use the same default "fail silently" practice as they do with VBA functions, then it will be just as dangerous as those are.
You expect javascript microwave jockeys* to do good?
* because copy-pasta
Yes (Score:5, Funny)
Which is at least an Open Standard Programming language. Which works on different OS's and hardware architecture. And designed to run relatively safely on your PC.
VB is a hold over the Bad Old days of Microsoft. Where to get the feature you needed the entire ecosystem. Even the long time Office for the Mac, didn't didn't support VBscript (or at least not completely)
The biggest issue I have, is people using Excel and Access as their programming environment, to try to bypass us egotistical developers and ge
Re: (Score:3)
By turning it off.
Being that JavaScript has been running on browsers for close to 20 years. While not 100% secure. It is designed to not to interact with your actual PC, just in the container it is designed to run it (the browser) we have been safe from a lot of the nonsense that Microsoft has exposed us to in the past, with VB Script and Active X controls.
The vulnerabilities in Javascript have been quickly fixed and isn't a flaw in the language but in the interpreter. While the Microsoft languages, where designed in era w
Re: (Score:3, Interesting)
There is a huge group of computer-using professionals that live and breathe Excel.
They are not programmers. But they do have script-kiddie level of competence, which they use for making Excel formulas and macros.
These people are in love with Excel, and when they submit requirements for actual software development, they adamantly insist that the software accept Excel documents as input, and that everything the program does be controlled by Excel.
This creates terrible inefficiency, gobbles up memory, slows t
Fire these idiots and replace them with people who have a brain.
I consider this fixed and close the ticket with your permission.
You have had too much of that white powder - those are not computer professionals - they are either zombies or aliens.
This will be used for mining (Score:5, Insightful)
It's my understanding that VB macros do not require source code to be distributed if it has already been compiled into byte code.
Presumably, one can vet the source code themselves if they are wary of third party code.
Theoretically, at least, javascript has a potential of being safer than VB in this regard.
I didn't suggest that this would make the system as a whole any safer, I said that JS, in this respect, is less likely to be successfully used as an attack vector than VB because the end user can vet javascript source code themselves if they are so inclined, and possibly spot any dangerous code, while VB has the option of being distributed as pre-compiled byte code.
But of course, if they are keeping VB (and I expect that they are), then obviously the system isn't any safer at all, because attacks can sti
JavaScript/Excel Type handling & Secutiry? (Score:2)
Personally, I think this capability could be extremely useful and should be pursued.
But, my first thought was to type handling - both environments largely handle data typing automagically and I would like to see how incompatible types are recognized and handled. I would worry about JavaScript's tendency to ignore failures and carry on as best it can without notifying the user as being a significant concern. For this reason, I would consider Python to be a better choice.
I wish in the TFA, when they referen
I'm pretty excited because it seems like it will make it quite easy to use regex to filter.
Currently, I have to either use google sheets, or contort something that abuses functions to get some filters done.
This is very very welcome...but... (Score:4, Informative)
Folks, I will have to say that this development is very welcome though what really saddens me is this: -
There's no Open Source Excel alternative that comes even close to what Excel can do.
To make matters worse, there's no [serious] effort to create anything capable.
You want to see twitter feeds from Bloomberg and Reuters in your spreadsheet?
I'm pretty sure that's possible in LibreOffice. I've seen similar screen scraping macros. Of course, it's still probably the wrong tool for the job.
:-(
Running existing Excel macros, Power Pivot, lots of chart types, external data sources, multithreading.
No, not JavaScript! (Score:2)
Good God, of all languages, why JavaScript? JavaScript is a terrible programming language! And its floating point math is bonkers, have you ever tried doing 0.1 * 0.2 in JavaScript, the answer is 0.020000000000000004! Can you imagine how main spreadsheet errors this will cause?
And JavaScript doesn't even have type safety! If Microsoft were smart, they would use a compiled programming language, like C, that you'd have to compile using a command-line compiler with a GPG-Key that you could inspect to avoid
I'll sell you some. I heard Slashdot Mod Points are going for $3 a point.
FTFY
Keeping up with the Joneses (Score:2)
Speed (Score:2)
Stop Press :] (Score:2)
Please shoot me (Score:3)
But could you please do it before the first batch of Excel-based javascript-empowered cryptominer and other malware arrives in our company?
Who the FUCK thought it would be a great idea to marry the one file format every idiot opens when it arrives in his mailbox because that's what he does all day with the one scripting language that can the easiest be obfuscated to escape the current antivirus signatures?
So far I was willing to say that MS simply can't fight malware, but this makes me wonder whether they get a cut of the profits.
When will they learn? (Score:3)
Microsoft has added various scripting languages to their Office products over the years... and each and every one has been abused by bad actors at some point, forcing Microsoft to cripple and/or remove the capability. What on earth could possibly make Microsoft think that adding JavaScript to Office documents will be any different? Particularly since it has already been abused in a myriad of ways within web browsers??
As the old saying goes, "The definition of insanity is doing the same thing over and over again, and expecting different results."
As the old saying goes, "The definition of insanity is doing the same thing over and over again, and expecting different results."
I'll just leave this here https://www.psychologytoday.co... [psychologytoday.com]
That article serves no purpose in this context, unless for some reason you're attempting to deflect from or minimize the detrimental impacts of Microsoft's poor decision making in this situation. Certainly you could be pedantic and argue that Microsoft isn't technically exhibiting insanity so much as they are exhibiting "perseveration" behaviors... but that distinction offers no particular benefit to the discussion, and only serves to confuse people.
Sometimes "cute sayings" are quite adequately descriptive
You know I actually agreed with what you were saying. The only qualm I had was with your use of that false definition. I would have probably said something along the lines of "Microsoft's insistence on doing the same things over and over again, and expecting different results clearly demonstrates their lack of vision" or similar.
VBA not "good" enough? (Score:2)
I am so tired of other java systems failing after an automated java update, now the CFO's spreadsheet fails... spectacular idea.
Java != JavaScript. At all.
Missed the important reason (Score:1)
"Office developers have been wanting to write JavaScript custom functions for many reasons"
Mainly because they're assholes who will throw IT under the bus the second a routine they blithely copy-paste from some random site steals sensitive data.
I can already manipulate any of Excel's data with C++, C#, VB.NET, VBScript, yes, JavaScript, and any other language that can handle scriptable COM objects. I wouldn't necessarily call this a game changer.
It's not a game changer to a programmer. It's potentially a game changer to some desk jockey in a low tech job that can copy and paste formulas from the internet and can follow it well enough to make a few simple changes.
Although... they have VBA for that already.
Vulnerabilities? (Score:2)
Cause they didn't have enough gaping wide vulnerabilities with VBA?
Here's hoping they carried over all the lessons learned.
Thank you! (Score:2)
I'm in an organization that INSISTS on using Microsoft Excel as an administrative end for an entire ecommerce platform. They want to use it for all of their inventory management. The last major iteration, I finally said "FUCK THIS SHIT", and wrote a quick VBA script that simply copied the current sheet to a new document, saved as XLSX (for those unaware, this format is just a small collection of XML files ZIPed up, with a custom file extension), and then the VBA script uploads this new single-sheet document