The CHAINS research project on software supply chains @ KTH

Software supply chains inspires art

CHAINS explores the depths of software supply chains of Java and JavaScript projects to map and contribute to the state of the art of software hardening. Through these explorations we develop tools, collect data and execute software. These novel insights about the sublimity of the software supply chain inspire artists and developers who operate in the area of software art.

Software art

Software art is an art practice for which the processes of software creation or execution play an essential role in the artwork. Diving into software, artists develop artworks that engage the audience into the discovery of the invisible processes that fuel our digital society. For example, the web stalker was an art web browser, which displayed the structure of a web page, instead of its media content. This lets the users of the browser engage with the software structure of the web, and reflect upon the complex network of code and data that deliver web pages. pellow revisited the concept in an era where the web had grown to deliver complex composites of content, ads, code and cookies.

Generative art

In the context of CHAINS, we focus on generative art to build software art works inspired by the software supply chain. Generative artists prepare a set of formal instructions, which are interpreted to perform an artwork. The instructions can be written on paper, and then the performers read them to build a sculpture, to paint on a canvas or to perform a musical piece. The instructions can also be formalized as a computer program. The computer interprets the instructions to generate a digital image, synthesize sound live, read poetry or perform choreography fully autonomously. That’s the modern version of generative art.

For software supply chain art, we develop software that turn the build processes, dependency trees, developer networks or execution traces collected by the CHAINS project into generative artworks that blend visuals, sound and interaction. These works are designed and performed as collaboration between scientists and artists, with the re|thread collective.

un|fold

un|fold is a multidimensional light and sound installation, fueled by the runtime software supply chain of scientific software.

In 2020, the Nobel Prize in Chemistry was awarded to E. Charpentier and J. Doudna “for the development of a method for genome editing.” One way of explaining genome editing is to liken it to “search and replace”, since the key to the CRISPR technology is the ability to identify and replace a part of the DNA. A search and replace operation in a text editor is appropriate to illustrate the complexity of CRISPR with a mundane digital operation that is easier to grasp than the intricate chemical processes involved in DNA engineering. It is fascinating to notice that, in contrast to this apparent simplicity, the software processes involved in a search and replace are intricate and complex. Even what we perceive as the simplest digital sections is an invisible and intangible set of processes that run millions of operations per second, on top of world-wide networks.

The un|fold art installation draws attention to the hidden yet impressive and beautiful complexity that lies below the most basic digital actions. Our goal is to create appreciation and interest in the intricate layers of code involved in the actions of search and replace, through a multidimensional light and sound sculpture. The installation reinterprets the execution trace of a seach and replace in the varna RNA visualization tool. The trace includes a sequence of 200K method invocations across 200+ different packages. un|fold plays back the sequence of functions at a constant speed of 25ms per event, mapping them to a LED and sound artwork. The quasi instantaneous search and replace software is turned into a 2h30 multimedia piece, letting the audience appreciate the sublime nature of the invisible digital world that’s around us.

un|fold was first created for the historic Turbine Hall at the KTH Royal Institute of Technology, as part of the Nobel Week Lights 2022.

SBOM art

Software bills of material (SBOM) is an essential concept for documenting and analyzing the software supply chain of a project. In CHAINS we contribute systematically analyse the ecosystem of SBOM tools and we contribute with novel technology to consolidate the integrity of SBOMs, with Maven lockfile. This work produces a longitudinal collection of SBOMs for mature Java projects.

As part of our software supply chain artworks, we have developed a series of Processing sketches that generate visual art from a SBOM in CycloneDX format. Some of these visuals have been used for CHAINS swag.

Coming in 2023

credits :: Third-party dependencies and tools form the core of the software supply chain of any project. Hundreds of developers contribute to the development of these dependencies and tools. We are currently developing a new installation that will pay a tribute to these thousands of persons across the world who build and maintain the fundamental open source blocks of our digital society.

sys|calls :: Hardening the software supply chain at runtime is a major challenge addressed in CHAINS. System calls provide essential insights to check the runtime integrity of software. Meanwhile, the sublime scale of system calls is the primary material for a series of live generative art performances that we call sys|calls.