Spectroscopy seems simple: split a beam of light into its constituent wavelengths with a prism or diffraction grating, and measure the intensity of each wavelength. The devil is in the details, though, and what looks simple is often much harder to pull of in practice. You’ll find lots of details in [Gary Boyd]’s write-up of his optical scanning spectrometer project, but no devils.

A scanning spectrometer is opposed to the more usual camera-type spectrometer we see on these pages in that it uses a single-pixel sensor that sweeps across the spectrum, rather than spreading the spectrum across an imaging sensor.

Specifically, [Gary] has implemented a Czerny-Turner type spectrometer, which is a two-mirror design. The first concave mirror culminates the light coming into the spectrometer from its entrance slit, focusing it on a reflective diffraction grating. The second concave mirror focuses the various rays of light split by the diffraction grating onto the detector.

In this case [Gary] uses a cheap VEML 7700 ambient light sensor mounted to a small linear stage from amazon to achieve a very respectable 1 nm resolution in the range from 360 nm to 980 nm. That’s better than the human eye, so nothing to sneeze at — but [Gary] includes some ideas in his blog post to extend that even further. The whole device is controlled via an Arduino Uno that streams data to [Gary]’s PC.

[Gary] documents everything very well, from his optical mounts to the Arduino code used to drive the stepper motor and take measurements from the VEML 7700 sensor. The LED and laser “turrets” used in calibration are great designs as well. He also shares the spectra this device is capable of capturing– everything from the blackbody of a tungsten lamp used in calibration, to a cuvette of tea, to the sun itself as you can see here. If you have a couple minutes, [Gary]’s full writeup is absolutely worth a read.

This isn’t the first spectrometer we’ve highlighted– you might say we’ve shown a whole spectrum of them.

There are no shortage of CNC machines in the DIY space these days, but sometimes you just need to do things your own way. That’s what [Chris Borges] decided when he put together this rock-solid, concrete-filled CNC milling machine.

The concrete body of this machine is housed inside a 3D printed shell, which makes for an attractive skin as well as a handy mold. Within the concrete is a steel skeleton, with the ‘rebar’ being made of threaded rods and a length of square tubing to hold the main column. You can see the concrete being poured in around the rebar in the image, or watch it happen in the build video embedded below.

All three axes slide on linear rails, and are attached to lead screws driven by the omnipresent NEMA 17 steppers. The air-cooled spindle, apparently the weak-point of the design, is attached to a pivoting counterweight, but make no mistake: it is on rails. All-in-all, it looks like a very rigid, and very capable design — [Chris] shows it cutting through aluminum quite nicely.

Given that [Chris] has apparently never used a true mill before, this design came out remarkably well. Between the Bill of Materials and 45 page step-by-step assembly instructions, he’s also done a fantastic job documenting the build for anyone who wants to put one together for themselves.

This isn’t the first concrete-filled project we’ve highlighted from [Chris], you may remember seeing his lathe on these pages. It certainly isn’t the first CNC mill we’ve covered, either.

Lots of people swear by large-language model (LLM) AIs for writing code. Lots of people swear at them. Still others may be planning to exploit their peculiarities, according to [Joe Spracklen] and other researchers at USTA. At least, the researchers have found a potential exploit in ‘vibe coding’.

Everyone who has used an LLM knows they have a propensity to “hallucinate”– that is, to go off the rails and create plausible-sounding gibberish. When you’re vibe coding, that gibberish is likely to make it into your program. Normally, that just means errors. If you are working in an environment that uses a package manager, however (like npm in Node.js, or PiPy in Python, CRAN in R-studio) that plausible-sounding nonsense code may end up calling for a fake package.

A clever attacker might be able to determine what sort of false packages the LLM is hallucinating, and inject them as a vector for malicious code. It’s more likely than you think– while CodeLlama was the worst offender, the most accurate model tested (ChatGPT4) still generated these false packages at a rate of over 5%. The researchers were able to come up with a number of mitigation strategies in their full paper, but this is a sobering reminder that an AI cannot take responsibility. Ultimately it is up to us, the programmers, to ensure the integrity and security of our code, and of the libraries we include in it.

We just had a rollicking discussion of vibe coding, which some of you seemed quite taken with. Others agreed that ChatGPT is the worst summer intern ever.  Love it or hate it, it’s likely this won’t be the last time we hear of security concerns brought up by this new method of programming.

Special thanks to [Wolfgang Friedrich] for sending this into our tip line.