[leshenka]

Wonder how extensively VBA is used in today's Excel. I know that macros are considered dangerous but would love to know if there are exceptions for that rule.

On the other hand I wonder why aren't they run in such a sandbox where the most destructive action they can do is to wipe the sheets.

[thewebguyd]

> extensively VBA is used in today's Excel

Very.

Although I don't believe it's being used for greenfield hacks as much now, the world largely still runs on workbooks & apps built in Excel + VBA years and years ago. There are entire supply chains that likely run on this built by some analyst a decade or more ago. It remains by far the largest source of Shadow IT there is, and there isn't enough dev time or appetite to untangle these monstrosities into actual apps.

They aren't sandboxed because that would remove the usefulness. The reason VBA+Excel got its tentacles into everything is precisely because its not sandboxed. Anything the user can access is fair game, including network shares, SQL, and Win32 calls.

[Ntrails]

The good news is that my VBA calls out to some old compiled(?) fortran for the matrix maths that I'd otherwise be too slow to run!

[qsort]

I'm not at liberty to talk more about the details, but last year I worked on a project to modernize a process that critically relied on a VBA macro to handle billions (yes, with a B).

> they run in such a sandbox

What makes them interesting is that they can talk with the outside world: API calls, databases, the terminal named after a former Democratic primary candidate...

[listenallyall]

> critically relied on a VBA macro to handle billions

Why is this surprising (or a secret)? It probably runs entirely bug-free and has done so for a decade or three - it would be hard to imagine still running if it regularly had issues or sent just a small percentage of those billions of dollars to the wrong place. What does your modernization do better?

[stymaar]

The world lives on Excel macros. The amount of “shadow it” where the business logic allowing big businesses to run is encoded is unfathomable.

[ubermonkey]

Enormously!

There are lots of data manipulation tasks I've run into at client or customer sites where, if I had my druthers, I'd use perl or python -- but there's no way to get those in the environment. But Excel is there, and Excel has VBA and a strong API.

If you internalize how Excel works (which is to say: you use the native concepts and don't just leap to how you might do it in perl), there's great power available there. I've written things in Excel with abstractions and class structures I'd be proud to have implemented in "better" languages.

I've also seen "normal" end users discover this power, and find it a tremendous boon to their day to day working life. (This was also true 35 years ago with Lotus macros.) People who would never think of themselves as programmers still have muscle memory for Alt-F11.

[aizk]

My first exposure to professional programming was writing VBA and SQL (yes, together) at a massive manufacturing facility that had really old equipment. Now with AI it's much easier to replace the code but VBA still has a stranglehold on legacy systems.

[HPsquared]

I think with AI and the continued availability of VBA, people will create a lot of new monstrosities.

[aizk]

Kinda disagree. The code I had worked with was super unoptimized and difficult to run because there was just enormous amounts tribal knowledge that was just gone over the years as the company evolved. Also basically all the original devs had left. LLMs can help with that so much they know random minute details of lets say ADOdb and whatnot.

[2Gkashmiri]

https://www.incometax.gov.in/iec/foportal/downloads/income-t...

You need a genuine licensed excel to run the file and prepare returns. Thankfully you can file same returns online on the portal for free so they get a safe pass that way.

[axus]

Probably more VBA used today from "yesterday's" Excel spreadsheets than new development. There's a reason Microsoft still produces 32-bit Office.