8 comments

[ 2.1 ms ] story [ 5.3 ms ] thread
Unless its homomorphic encrypted calculation masks cell identity there's a massive information leakage risk about the nature of data, if not the values. I mean sure "its an isolated VM" but I cannot but worry the necessary states to introspect a VM imply seeing what it is doing.

If I see a data series in sequence and I am asked to graph it and it has the right bimodal distribution to be childhood mortality risk and then old age related, I know you are working on people with medium confidence. If it segments into 5 classes I know you are in A/B/C/D/E income classes. if in 2 then its men v women.. sure its suppositional but what if I can then cross-correlate to investment decisions from your client IP ranges and suddenly I am in "insider trading" windows if I see you queue up a massive speculative buy in life insurance.

The VM might not "leak" but the eyes on the VM from above flatland can see it just fine. (apologies to Edwin Abbott)

You go from "it's a bimodal distribution" to "it must be mortality rates" awfully quickly.
Yes. I am sure there'd need to be a heap of other correlates but thats also in the mix, its almost impossible to hide "its the same computer" these days. I would imagine this kind of attack only made sense against High Net Worth outcomes so you probably know your target before you start looking at the data inferential relationships.

I doubt I'd ever have info in my cells which attracted an attacker but if you want to know average Australian household spend by month on health, home and entertainment I'd be selling it cheap!

> Running Python securely on a local machine is a really hard problem. We treat all Python code in the workbook as untrusted, so we execute it in a hypervisor-isolated container on Azure that does not have any outbound network access.

I see we've moved on from "we have to lock down computers against the user with no way to circumvent it because otherwise the user might install a virus" to "it's really hard to set this up locally, so we did it on a server, which is special and magical and things are easier there than on user PCs where containers do not work."

I eagerly await "Font rendering is a really hard problem. To assure perfect results, all document text and monitor configuration data is sent to Azure, where we can take advantage of the most up-to-date rendering algorithms, reliable GPUs, and updated font files, to efficiently produce .png files that the user's machine displays."

If Microsoft genuinely cannot figure out how to sandbox a python interpreter on Windows, with access to functionally unlimited funding and resources, it is a scathing indictment of their engineering teams, their OS, or both.
This does presume that PNG display can be entrusted to the local machine ...
> managing a local Python environment is challenging even for the most experienced developers

Too challenging for the experienced developers of Excel, evidently. It is Excel that should be doing it.

wasm python is the answer to all that (except vendor lock in)